Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 703151 Details for
Bug 913175
sandbox cant use symlink homedirs
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Patch to use real_path for homedir.
real_path.patch (text/plain), 606.87 KB, created by
Daniel Walsh
on 2013-02-26 21:56:40 UTC
(
hide
)
Description:
Patch to use real_path for homedir.
Filename:
MIME Type:
Creator:
Daniel Walsh
Created:
2013-02-26 21:56:40 UTC
Size:
606.87 KB
patch
obsolete
>commit 7d9ffa7e1105cbcbab080ac8e2420b08045c6e4e >Merge: 6f1d215 3f52a12 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Feb 22 17:36:53 2013 +0100 > > Don't load interface file by default when sepolicy is called, mov get_all_methods to the sepolicy package > >commit 6f1d2157d21a058389d45becc259d522987dc9ec >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Feb 22 17:33:04 2013 +0100 > > Don't load interface file by default when sepolicy is called, mov get_all_methods to the sepolicy package > >commit 694ecb05bfff90af85b062680e21556059772669 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Feb 22 14:04:58 2013 +0100 > > Grab current_policy_path if it exists > >commit 30c1a919a6f9972a7ecc67e22e14789e2985a50a >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Feb 22 13:01:36 2013 +0100 > > Lots of fixes to make sepolicy work on a disabled selinux system. > > Move all gen and get functions to __init__.py > > Do not call these functions on systems that have SELinux disabled. > > policy.c was hard coded to match the system, but we are always senting the > policy to a file path. > >commit 29c9159430c8159c43222a1430766cc4d08e935c >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Feb 21 18:24:46 2013 +0100 > > Fix formatting of policy generation, bug accidently commenting out the first allow rule. > >commit 4eaebad729976274c3adc2edecb2583d7fa70e6d >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Feb 21 18:22:54 2013 +0100 > > Put comment in tool to show how to stop asking the stupid password all the time > >commit 4f260de90ada5dbe148cdcfb8700863885e0a196 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Feb 21 18:11:43 2013 +0100 > > Add missing policykit files > >commit 2f24c1097522f87ca81387b7ac872518efcb7d82 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Feb 21 18:06:36 2013 +0100 > > Should not throw an exception on an SELinux disabled machine > >commit 697bd16b3b8c674412865a8785e049a92014d876 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Feb 21 18:02:02 2013 +0100 > > Switch from using console app to using pkexec, so we will work better > with policykit. > >commit 418bed38eea308ae8de2a4da1d3e039a3ad9bd7e >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Feb 21 18:01:30 2013 +0100 > > Add missing import to fix system-config-selinux startup > >commit f72f996dee3774e37d3ad87bc8946887d7509fc1 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Feb 21 17:33:28 2013 +0100 > > More cleanup > >commit 1349f01e23f178c913cb1caabf818b7ade974196 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Feb 21 17:25:21 2013 +0100 > > Cleanup Man page > >commit 002514e52109bee0953a7b356ffb1cd439800bc2 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Feb 20 16:45:58 2013 +0100 > > Add --root/-r flag to sepolicy manpage, > > This allows us to generate man pages on the fly in the selinux-policy build > >commit b2696a233e2d7612431b2e1f94469807a6e6bd07 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Feb 20 13:08:04 2013 +0100 > > Fix definition of security_get_initial_context > >commit f5be6d7a65fd6099c10fa44b795d16aa25493e24 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Feb 18 14:11:39 2013 -0500 > > Newrole needs to keep cap_auditwrite in order to write to the auditlog, even if it is using NAMESPACE_PRIV. > We should not be dropping capabilities when running as root or our children will not have capabilies. > >commit 0ad48b224a6ec9c79ad61b97e3bc17664b565a10 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Feb 15 15:10:16 2013 -0500 > > Add selinux_current_policy_path to allow programs to read the actual installed > policy versus the policy that is stored on disk. Using this interface would > allow people to load policy but not keep the policy on disk. > >commit b3a01514c11f9ca9a951401e57d0026d00330e79 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Feb 15 15:09:14 2013 -0500 > > Add constant for /var/run/setrans, so that other domains can create content > in this directory > >commit 5d7c055299874cdf9d6e81b503f3a352f772b2f8 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Feb 14 10:12:25 2013 -0500 > > Fix description of anon content booleans > >commit 8ff3891eb36ba4bd73d059f53ad07ed251922016 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Feb 14 08:27:06 2013 -0500 > > Cleanup name of sepolicy man page > >commit f20eedaa3c617103af048e15c1db4a4351af0207 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Feb 14 08:16:29 2013 -0500 > > Update translations > >commit 267932924b054634d34d8e6e93be594d8394cc9c >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Feb 14 08:15:29 2013 -0500 > > Switch sepolgen from using a shell script to be a symbolic link to sepolicy. > >commit 4c94c91a6af2fabeab992262d99c91dc1d8140d3 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Feb 14 07:53:13 2013 -0500 > > Switch to using openbox rather then matchboxwindow manager as the default > >commit b0b99826640f18d6e15d588c129f06403fbde3a0 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Feb 8 12:50:32 2013 -0500 > > restorecon -o blows up when run from init scripts since SELinux policy does not > allow setfiles_t to write to random locations. We should just rely on shell > redirection and inherited file descriptors rather then using this built in > feature. I have depracated it from the man page, and we should eventually remov > e it alltogether > >commit b52e589ef1be22ac1f6b01fec8a11bff3bca236b >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Feb 8 12:45:56 2013 -0500 > > Fix make files to install desktop and pam modules in proper location. > >commit 15c76bcbbd249033125ffd79c20c0bdbc580aed4 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Feb 6 11:36:38 2013 -0500 > > Pull from eparis/master > >commit 3f52a123af40bae33bde2a1f2ecfb2320b61f9ad >Author: Eric Paris <eparis@redhat.com> >Date: Tue Feb 5 20:41:22 2013 -0500 > > libsemanage: semanage_store: fix segfault introduced to fix memory leak > > In the patch to fix a minor memory leak, I introduced a garuanteed > segfault. The point to the stack variable will never be NULL, whereas > the value on the stack will be. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit e9410c9b0622c05761002994dfbd0746bbe6aaf7 >Author: Eric Paris <eparis@redhat.com> >Date: Fri Feb 1 16:57:55 2013 -0500 > > VERSION BUMP FOR UPSTREAM PUSH > >commit ce39302fd01a4217c3de7fdb787987fada5bb33d >Author: Eric Paris <eparis@redhat.com> >Date: Tue Feb 5 19:31:35 2013 -0500 > > libselinux: sefcontext_compile: do not leak fd on error > > We open the file which is to be used to write the binary format of file > contexts. If we hit an error actually writing things out, we return, > but never close the fd. Do not leak. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 4e5eaacc5996220726f237d7345a44ab962a2141 >Author: Eric Paris <eparis@redhat.com> >Date: Tue Feb 5 19:30:42 2013 -0500 > > libselinux: matchmediacon: do not leak fd > > Every time matchmediacon is called we open the > selinux_media_context_path(). But we never close the file. Close the > file when we are finished with it. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 1e8f102e8cec4ae84f09cc595013234398270366 >Author: Eric Paris <eparis@redhat.com> >Date: Tue Feb 5 19:15:42 2013 -0500 > > libselinux: src/label_android_property: do not leak fd on error > > We were opening the path, but if the fstat failed or it was not a > regular file we would return without closing the fd. Fix my using the > common error exit path rather than just returning. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 5c0d7113de359a362792801463918c406f4a6210 >Author: Eric Paris <eparis@redhat.com> >Date: Tue Feb 5 16:16:39 2013 -0500 > > policycoreutils: sestatus: rewrite to shut up coverity > > The code did: > > len = strlen(string); > new_string = malloc(len); > strncpy(new_string, string, len - 1) > > Which is perfectly legal, but it pissed off coverity because 99/100 > times if you do new_string = malloc(strlen(string)) you are doing it > wrong (you didn't leave room for the nul). I rewrote that area to just > use strdup and then to blank out the last character with a nul. It's > clear what's going on and nothing looks 'tricky'. It does cost us 1 > byte of heap allocation. I think we can live with that to have safer > looking string handling code. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 295abb370b4a78d36d30a0e35655e2a85608ed3e >Author: Eric Paris <eparis@redhat.com> >Date: Tue Feb 5 14:45:47 2013 -0500 > > libsemanage: semanage_store: do not leak memory in semanage_exec_prog > > If vork() failed we would leak the arguments created in split_args(). > Reorder the function so it will hopefully be easy to read and will not > leak memory. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit d1c606ba46f661b950d6a6b2b29dfc07a536fb0a >Author: Eric Paris <eparis@redhat.com> >Date: Tue Feb 5 14:33:21 2013 -0500 > > libsemanage: genhomedircon: remove useless conditional in get_home_dirs > > We have minuid_set = 0 at the top of the function and then do a test > like: > > if (!minuid_set || something) > > But since minuid_set is always 0, we always call this code. Get rid of > the pointless conditional. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit e1400f04044e8405419ee4534f8ff4f45c5d532a >Author: Eric Paris <eparis@redhat.com> >Date: Tue Feb 5 14:15:56 2013 -0500 > > libsemanage: genhomedircon: double free in get_home_dirs > > Right before the call to semanage_list_sort() we do some cleanup. > Including endpwent(); free(rbuf); semanage_list_destroy(&shells); If > the call to the list sort fails we will go to fail: and will do those > cleanups a second time. Whoops. Do the list sort before the generic > cleanups so the failure code isn't run after the default cleanup. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit d0c7f6ea4f4c5bf9e1e21b67231e5b1a88020501 >Author: Eric Paris <eparis@redhat.com> >Date: Tue Feb 5 14:12:15 2013 -0500 > > libsemanage: fcontext_record: do not leak on error in semanage_fcontext_key_create > > If the strdup failed, we would return without freeing tmp_key. This is > obviously a memory leak. So free that if we are finished with it. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 7d83d86ba10e2fc251a249df4745c6f339e9c523 >Author: Eric Paris <eparis@redhat.com> >Date: Tue Feb 5 14:09:52 2013 -0500 > > libsemanage: genhomedircon: do not leak on failure in write_gen_home_dir_context > > We generate a list of users, but we do not free that list on error. > Just keep popping and freeing them on error. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 06f2a7c3a92f9f945504159d4657b318f7237db3 >Author: Eric Paris <eparis@redhat.com> >Date: Tue Feb 5 14:03:07 2013 -0500 > > libsemanage: semanage_store: do not leak fd > > We use creat to create the lock file needed later. But we never close > that fd, so it just sits around until the program exits. After we > create the file we don't need to hold onto the fd. close it. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 5812ec2fbbb9e9244e31525737ea967c7a795252 >Author: Eric Paris <eparis@redhat.com> >Date: Tue Feb 5 13:54:14 2013 -0500 > > libsemanage: genhomedircon: do not leak shells list > > If get_home_dirs() was called without usepasswd we would generate the > entire shell list, but would never use that list. We would then not > free that list when we returned the homedir_list. Instead, do not > create the list of shells until after we know it will be used. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 78d618422bbf8774edaeaa3df549c2d4d1b06dd1 >Author: Eric Paris <eparis@redhat.com> >Date: Tue Feb 5 13:46:46 2013 -0500 > > libsemanage: semanage_store: do not leak on strdup failure > > Inside split_args we do a = realloc(b) and strdup. If the realloc > succeeds and then the strdup fails, we return NULL to the caller. The > caller will then jump to an error code which will do a free(b). This is > fine if the realloc failed, but is a big problem if realloc worked. If > it worked b is now meaningless and a needs to be freed. > > I change the function interface to return an error and to update "b" > from the caller. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit d16ebaace10b246f411d65caa83c7ebdafd0a300 >Author: Eric Paris <eparis@redhat.com> >Date: Tue Feb 5 13:44:05 2013 -0500 > > libsemanage: semanage_store: rewrite for readability > > We did a bunch of: > > if ((blah = function(a0, a1, a2)) == NULL) { > goto err; > } else { > something = blah; > } > > Which takes 5 lines and is a pain to read. Instead: > > blah = function(a0, a1, a2); > if (blah == NULL) > goto err; > something = blah; > > Which takes 4 lines and is easier to read! > > Winning! > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 3a4fc087eebc9b72bc0fbf7978ab648fa2af6da6 >Author: Eric Paris <eparis@redhat.com> >Date: Mon Feb 4 15:12:03 2013 -0500 > > scripts: release: do not complain if release dir exists > > I just don't like the error message when building tar files. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 221e6d46651a921c843cbe5ac9b81f324a81e593 >Author: Eric Paris <eparis@redhat.com> >Date: Wed Sep 26 11:00:56 2012 -0400 > > policycoreutils: seunshare: do checking on setfsuid > > setfsuid return codes were not being checked. Add checks to make sure > we are switching from and to what we expect. Bail (most places) if we > didn't switch successfully. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 92788715dc793f805b0ae56844216b844a34ea22 >Author: Alice Chu <alice.chu@sta.samsung.com> >Date: Wed Jan 9 20:41:47 2013 -0600 > > libsepol: Fix memory leak issues found by Klocwork > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit ab995a59b2a91750a47920d9fe2cecc5bbb61b03 >Author: Alice Chu <alice.chu@sta.samsung.com> >Date: Tue Jan 8 18:20:34 2013 -0600 > > checkpolicy: Free allocated memory when clean up / exit. > > Number of error paths and failures do not clean up memory. Try to make > it better. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 0a5dc30456509f10fdc062f9caecc5d3d57b4306 >Author: Eric Paris <eparis@redhat.com> >Date: Fri Feb 1 15:23:12 2013 -0500 > > policycoreutils: sandbox: seunshare: do not reassign realloc value > > We were doing x = realloc(x, ) which is a big no no, since it leaks X > on allocation failure. Found with static analysis tool from David > Malcolm. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 709e852aed6b2f17fbbf7a702f1452cab6d176c8 >Author: Eric Paris <eparis@redhat.com> >Date: Wed Nov 14 15:47:01 2012 -0500 > > policycoreutils: po: update translations > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 1730f7ca361a72b87b2da51c96659ef17530b204 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Jan 25 17:30:06 2013 -0500 > > policycoreutils: fixfiles: relabel only after specific date > > Turn verbose on for full relabel > > Add check to see if / has a label, if not then force a full relabel. > > Add ability to record OPTIONS into the the /.autorelabel file. > > fixfiles -F onboot > writes out /.autorelabel with -F > > fixfiles -B onboot > writes on /autorelaebl with -N BOOTDATE recorded. > > The goal is to allow boot up sequence that sees /.autorelabel to hand any > options store in it, to fixfiles restore > > OPTIONS=`cat /.autorelabel` > fixfiles $OPTIONS restore > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 6697e4db8bd6a0b8bd1c9093eec1459dce48d3e0 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Jan 28 14:36:22 2013 -0500 > > policycoreutils: genhomedircon generation to allow spec file to pass in SEMODULE_PATH > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 88f2791330edb445ade7787ab90bce297d12904d >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Jan 28 14:35:49 2013 -0500 > > policycoreutils: restorecond: Add /etc/udpatedb.conf to restorecond.conf > > vmware is doing some nasty stuff with it > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 3e4ab5e506af3ed59cb447458ccca1fd352024a0 >Author: Eric Paris <eparis@redhat.com> >Date: Fri Jan 25 10:21:40 2013 -0500 > > policycoreutils: genhomedircon: regenerate genhomedircon more often > > The semodule_path file, inside scripts, which is used to tell the > Makefile where genhomedircon should point to find semodule, was not > being updated. This patch makes sure we update this file every time > something builds, thus genhomedircon doesn't point to some wild out of > data file location. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 0834ff302264319097eb3f52295f5f671091cba9 >Author: Eric Paris <eparis@redhat.com> >Date: Wed Jan 23 15:07:26 2013 -0500 > > libselinux: do not leak file contexts with mmap'd backend > > We use strdup to store the intended context when we have an mmap'd > file backend. We, however, skipped freeing those contexts. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit efb6347dd3c089f6e4fa6fbe06e23964a16acee1 >Author: Eric Paris <eparis@redhat.com> >Date: Wed Jan 23 14:45:23 2013 -0500 > > libselinux: unmap file contexts on selabel_close() > > We were leaking all of the file context db because we didn't unmap them > on selabel_close() > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 9c83b206e11e59f0b6ccb8020836f2d7c65dd3d7 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Jan 23 06:55:15 2013 -0500 > > libselinux: pkg-config do not specifc ruby version > > pkg-config do not work if you specifiy the version of ruby in Fedora 19 > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit b2de32675abec64caf1cf81dd14f9525fe72fd97 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Jan 21 14:04:56 2013 -0600 > > policycoreutils: gui: If you are not able to read enforcemode set it to False > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 3dd13f7d0859b3f8b97700f5c24651af4807af49 >Author: Miroslav Grepl <mgrepl@redhat.com> >Date: Wed Jan 9 10:15:59 2013 -0500 > > sepolgen: understand role attributes > > Parse and handle role attributes in sepolgen. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 1d403326aecd92dfa0120cfd2e9c3c52a2a3cdf1 >Author: Eric Paris <eparis@redhat.com> >Date: Wed Jan 9 11:37:43 2013 +0100 > > libselinux: optimize set*con functions > > Set*con now caches the security context and only re-sets it if it changes. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 7b3a9a30ebf3188aa086571728da3496ca186451 >Author: Laurent Bigonville <bigon@bigon.be> >Date: Tue Jan 8 12:03:00 2013 -0500 > > sepolgen: Use refpolicy_makefile() instead of hardcoding Makefile path > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit f27af4a6fb34fc9de554a311e107c1342c3b9b9c >Author: Dan Walsh <dwalsh@redhat.com> >Date: Sat Jan 5 07:04:16 2013 -0500 > > policycoreutils: restorecond: remove /etc/mtab from default list > > /etc/mtab points to /proc/mounts in modern systems. Remove the entry to > try to update its label. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 0faee34ebd804a49a79eb3e9b7e67ac9741cfa64 >Author: Paul Moore <pmoore@redhat.com> >Date: Wed Jan 2 15:24:55 2013 -0500 > > policycoreutils: secon: add support for setrans color information in prompt output > > This patch adds support for displaying SELinux context information in > colors defined by mcstrans(8)/secolor.conf(5). The new behavior is > enabled through the use of the "-C/--color" option and requires the > "-P" option also be specified. > > The reason for this addition is that in some situations, notably MLS, > users find it helpful to add SELinux context information to their prompt: > > # example taken from the RHEL6 CC certification bash scripts > SEROLE=`secon -rP 2>/dev/null` > SEMLS=`secon -lP 2>/dev/null` > PS1="[\u/$SEROLE/$SEMLS@\h \W]\\$ " > export PS1 > > With the added functionality provided by this patch we can also display > the associated color information (note the addition of the "C" option): > > SEROLE=`secon -rP 2>/dev/null` > SEMLS=`secon -lPC 2>/dev/null` > PS1="[\u/$SEROLE/$SEMLS@\h \W]\\$ " > export PS1 > > Note that in the example above only the MLS range is colored, but the > patch does provide support for all of the color information provided > by mcstransd/secolor.conf (user,role,type,range). > > Finally, one quick word on the colors themselves; the secolor.conf > configuration file allows 32-bit colors but the ANSI color coding only > allows 8-bit colors so the colors displayed by secon using the "-C" > option will be a bit lossy. > > Signed-off-by: Paul Moore <pmoore@redhat.com> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 693f5241fdd5ae7e89d4312b85443c0fc1b1a57d >Author: Eric Paris <eparis@redhat.com> >Date: Tue Dec 18 11:41:25 2012 -0500 > > checkpolicy: libsepol: implement default type policy syntax > > We currently have a mechanism in which the default user, role, and range > can be picked up from the source or the target object. This implements > the same thing for types. The kernel will override this with type > transition rules and similar. This is just the default if nothing > specific is given. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit e9759ea7af3ce8f126a981ecb4f504ad7a300ab4 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Jun 8 09:18:04 2012 -0400 > > libselinux: Change boooleans.subs to booleans.subs_dist. > > Currently we ship other subs files with the _dist to indicate they come with > the distribution as opposed to being modified by the user. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 017d35aad4680ccf5efd61a3fd97023578486a71 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Dec 6 14:40:23 2012 -0500 > > policycoreutils: gui: system-config-selinux: do not use lokkit > > We should be able to make changed to /etc/selinux/config without using lokkit > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit aa62cd60f7192123b509c2518e7a2083e34a65a2 >Author: Eric Paris <eparis@redhat.com> >Date: Thu Nov 29 09:41:38 2012 -0500 > > libselinux: Fix errors found by coverity > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit afe88d8c69543b2ebd6e25efdaab76f40ea4d3c7 >Author: Eric Paris <eparis@redhat.com> >Date: Tue Dec 11 17:52:41 2012 -0500 > > libsepol: coverity fixes > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 2276a2fa51517ead7f4cf028263dee4b5e2bb46a >Author: Eric Paris <eparis@redhat.com> >Date: Wed Dec 5 15:35:53 2012 -0500 > > libsemanage: fixes from coverity > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit c27a54775d42025e2249c8ee5e3a56ca38859661 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Nov 29 08:53:33 2012 -0500 > > checkpolicy: Fix errors found by coverity > > Couple of memory leaks and a couple of dead code spots. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit c89deab09a5b5ee33f4576a340f0e76647b533f9 >Author: Eric Paris <eparis@redhat.com> >Date: Wed Dec 12 10:22:38 2012 -0500 > > libselinux: selinux_status_open: do not leak statusfd on exec > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 761881c947912b68c15576d9aa22b5e147c25b2b >Author: Eric Paris <eparis@redhat.com> >Date: Wed Dec 12 10:19:52 2012 -0500 > > libselinux: selinux_status_open: handle error from sysconf > > We didn't handle sysconf(_SC_PAGESIZE) returning an error. It should be > very rare, obviously, be we should handle it. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 6064f9672cbd805a9c51b60414f3711a499c45aa >Author: Eric Paris <eparis@redhat.com> >Date: Wed Dec 5 15:35:12 2012 -0500 > > libsemange: redo genhomedircon minuid > > Just a little less code. No real change. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 2f624c94c70a1a3dcc0387350030f166d6bb6d56 >Author: Pádraig Brady <P@draigbrady.com> >Date: Tue Dec 4 02:33:02 2012 +0000 > > libselinux: man: context_new(3): fix the return value description > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit be2d728599c08e5e4a3cf0cebcc4f7876786cd5c >Author: Guillem Jover <guillem@debian.org> >Date: Tue Nov 13 21:17:11 2012 +0100 > > libselinux: Use ENOTSUP instead of EOPNOTSUPP for getfilecon functions > > EOPNOTSUPP means "operation not supoorted on socket", and ENOTSUP means > "not supported", although per POSIX they can be alised to the same > value and on Linux they do, ENOTSUP seems the more correct error code. > In addition these function are documented as returning ENOTSUP, and > given that they are implemented in means of getxattr(2) which does > return ENOTSUP too, this just consolidates their behaviour. > > Signed-off-by: Guillem Jover <guillem@debian.org> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 9acdd37989ce2bd3c239a7c14a9f7a7a9bb971e3 >Author: Guillem Jover <guillem@debian.org> >Date: Sat Nov 10 04:32:07 2012 +0100 > > libselinux: man: Add references and man page links to _raw function variants > > Signed-off-by: Guillem Jover <guillem@debian.org> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 4f289b50ac1aa32e228e06ee0d29e2e472c8a661 >Author: Guillem Jover <guillem@debian.org> >Date: Wed Nov 14 21:41:31 2012 +0100 > > libselinux: man: Fix typo in man page > > Signed-off-by: Guillem Jover <guillem@debian.org> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 6ef13eeda7697bc7b816c98817204f25ffb87a00 >Author: Guillem Jover <guillem@debian.org> >Date: Tue Nov 13 21:15:34 2012 +0100 > > libselinux: man: Fix man pages formatting > > - Add man page sections '(N)' to external references, and '()' on > functions described in the same man page. > - Escape minus signs when those are expected to be used on the command > line or files. > - Mark files and variables in italic; Note headings, function names, > constants, program options and man page references in bold. > - Do not justify and hyphenate SEE ALSO section, and avoid hyphenation > on symbol names by prepending them with \%. > - Remove trailing dot from NAME section description. > - Split sections with a no-op command '.', to visually distinguish them > but to avoid introducing spurious vertical space in the formatted > output. > - Add explicit .sp commands in the SYNOPSIS section between function > prototypes, and fix space placement in function protoypes. > - Split header includes with .br (instead of the explicit or implicit > .sp) so that they are vertically contiguous. > - Add missing {} around SELINUXTYPE and POLICYTYPE variable text in > paths. > - Remove unneeded formatting commands. > - Remove spurious blank lines. > > Signed-off-by: Guillem Jover <guillem@debian.org> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 8cc79bcd981abb616ad9cafebcb4302acf392311 >Author: Guillem Jover <guillem@debian.org> >Date: Fri Nov 16 10:03:00 2012 +0100 > > libselinux: man: Fix program synopsis and function prototypes in man pages > > Fix typos, or wrong function prototypes. > > Signed-off-by: Guillem Jover <guillem@debian.org> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 7504bbd87302c61f39f8f7641df63213f5da6cd8 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Nov 21 14:25:17 2012 -0500 > > libselinux: audit2why: Cleanup audit2why analysys function > > Tee-tiny cleanup to remove needless {} > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit c9b09be4244f3c90cee19d9e3feca324f0e0e636 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Nov 21 12:04:59 2012 -0500 > > libsemanage: Cleanup/fix enable/disable/remove module. > > If you specified a portion of the module name the code would disable the module rather > then giving you an error. For example. > > semodule -d http > > Would disable the httpd module. > As a matter of fact > > semodule -r h > > Would disable the first module file name that began with h. > > This patch gets the real file name out of the modules and compares it to the name specified. > It also consolodates a bunch of duplicated code, and fixes a return code bug. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit da867f68b2f7c94cbc6a455ba7033871e2e536f9 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Nov 19 16:10:27 2012 -0500 > > policycoreutils: semanage: good error message is sepolgen python module missing > > We only need the sepolgen python module if we are setting up permissive > types. As this has been removed from the core code in Fedora/RHEL we > include a better user error message pointing them how to find the > required module. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit c247992d380384b5619c8cc656eed967a0b9f7c3 >Author: Eric Paris <eparis@redhat.com> >Date: Fri Jan 11 16:10:03 2013 -0500 > > policycoreutils: semanage: list logins file entries in semanage login -l > > If there are entries in /etc/selinux/[POLICY]/logins they should be > included in the semange login -l output. So do so! > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 36f1ccbb5743749c404ad8f960867923544b90d9 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Nov 5 15:02:37 2012 -0500 > > policycoreutils: setfiles: print error if no default label found > > If a user requested a label be reset but no default label is specified, > give a useful error message. Do not print the message if this is a > recursive restore, and that is very common. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit dd6c619ccb83362432c37bac388eed28e1a17cf4 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Nov 5 14:59:46 2012 -0500 > > policycoreutils: gui: system-config-selinux: Catch no DISPLAY= error > > Better error/crash if run without DISPLAY set. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 8904ffe4dee8642bb720eb445b7a422b3dbd7e8f >Author: rhatdan <dwalsh@redhat.com> >Date: Thu Oct 25 16:36:20 2012 -0400 > > policycoreutils: semanage: man: roles instead of role > > The man page shows --role as an option, but the real option is --roles. > Fix the man page. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 4369fbf74041152775c2309b51fdc34d9d30c6c0 >Author: rhatdan <dwalsh@redhat.com> >Date: Thu Oct 25 14:19:01 2012 -0400 > > policycoreutils: semanage: Fix handling of boolean_sub names when using the -F flag > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 9786fde98135e6e8089b3ce30a71f1ffd74817c8 >Author: rhatdan <dwalsh@redhat.com> >Date: Thu Oct 25 07:40:27 2012 -0400 > > policycoreutils: qualifier to shred content > > Add a new sandbox option to run /usr/bin/shred on all files in the temp > directories before they are deleted. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 13b599d7b80c1464683f66a1e93e02b984d94c1d >Author: rhatdan <dwalsh@redhat.com> >Date: Wed Oct 17 15:28:49 2012 -0400 > > libselinux: mode_to_security_class: interface to translate a mode_t in to a security class > > coreutils needs to be able to take a statbuf and ask permissions > questions. This gives us the interface to translate that statbuf mode_t > into a security class which can be used. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 067a436cf58b122fae0d5061e8414a33f4b0a991 >Author: rhatdan <dwalsh@redhat.com> >Date: Tue Oct 16 18:42:09 2012 -0400 > > policycoreutils: sandbox: Copy /var/tmp to /tmp as they are the same inside > > Since /tmp and /var/tmp get mounted over each other in sandbox we should > take the data from both. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit a2a50eaaec750af192d4a8b37f5022242e30f06e >Author: rhatdan <dwalsh@redhat.com> >Date: Tue Oct 16 14:57:29 2012 -0400 > > sepolgen: audit.py: Handle times in foreign locals for audit2allow -b > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit d09bcb75f5e7c87ba4b8fd8b55ec28c69a1c94fa >Author: Eric Paris <eparis@redhat.com> >Date: Mon Nov 19 12:42:38 2012 -0500 > > libselinux: audit2why: do not leak on multiple init() calls > > If init() was already called then avc will be set. If avc is set just > return. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 45b324e27b0955e93371508f9ab79ed8d9e5bb7c >Author: rhatdan <dwalsh@redhat.com> >Date: Tue Oct 16 10:06:38 2012 -0400 > > policycoreutils: gui: Start using Popen, instead of os.spawnl > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 019e6fd6d4e383ae82b65a2f5868e377dd8af571 >Author: rhatdan <dwalsh@redhat.com> >Date: Mon Oct 15 15:25:31 2012 -0400 > > libselinux: audit2why: Fix segfault if finish() called twice > > If audit2why.finish is called more than once the global avc variable > will be NULL, and thus dereferencing it will obviously cause problems. > Thus just bail if avc is NULL and we know cleanup is done. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 2677b72191205b329d4743d2cf0d5607091d18d0 >Author: rhatdan <dwalsh@redhat.com> >Date: Fri Oct 12 15:26:44 2012 -0400 > > libselinux: man: make selinux.8 mention service man pages > > We were listing a number of service man pages (like httpd_selinux) in > the see also section of selinux.8. As that number of pages explodes it > does not make sense to try to list them all. Instead tell people to use > man -k selinux to find them. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 9ab6c92276dd54d6852e2eca83240fa1126ecdff >Author: Eric Paris <eparis@redhat.com> >Date: Mon Nov 19 12:28:38 2012 -0500 > > policycoreutils: semanage: seobject verify policy types before allowing you to assign them. > > We should check that a type is a valid before assigning it with > semanage. Aka we should just that a type is a port type before assigning it > to a port, or a valid user type before assigning it to a user. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 11e995791dcb5167c2d53feb96288c51cdb3260c >Author: Eric Paris <eparis@redhat.com> >Date: Mon Nov 19 12:05:06 2012 -0500 > > policycoreutils: po: stop running update-po on all > > update-po is a mechanism for sucking the latest english translations > out of the source code, but it ALWAYS updates all of the po files with things > like the last time the update-po was run even if there are no changes. This > results in having to do git checkins any time you run make at the top level. > > Since so few people interact with the Translators I believe this should > be done on demand when they think it is time to get new translations. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 1683203efd628c95308eb9d16bbb3f06ff7ad272 >Author: Eric Paris <eparis@redhat.com> >Date: Mon Nov 19 11:40:21 2012 -0500 > > policycoreutils: add po file configuration information > > Add po file configuration information. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 71df1ec3081970580622cc3ca45d86c05ca60c15 >Author: rhatdan <dwalsh@redhat.com> >Date: Thu Oct 4 16:03:16 2012 -0400 > > policycoreutils: semanage: use sepolicy for boolean dictionary > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit ef4836b2583f55080f77ae9bbfbeb0f2c17a6281 >Author: rhatdan <dwalsh@redhat.com> >Date: Thu Oct 4 15:35:48 2012 -0400 > > policycoreutils: gui: sepolgen: use sepolicy to generate > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit e2de21c87243d0ffa60dd0edc806e873bfe1c8f5 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri May 18 11:40:11 2012 -0400 > > policycoreutils: gui: switch to use sepolicy > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit e9ddd965d42058be7d6325d1c2953383319c7784 >Author: Eric Paris <eparis@redhat.com> >Date: Wed Nov 14 15:36:36 2012 -0500 > > policycoreutils: sandbox: use sepolicy to look for sandbox_t > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit eef048fc9749b49a20f0d1703539e1e0d2bee3c3 >Author: rhatdan <dwalsh@redhat.com> >Date: Wed Oct 3 16:17:36 2012 -0400 > > policycoreutils: sepolicy: Update Makefiles and po files > > Start building and translating the nice new sepolicy. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 1dce0bf16d6300d4858d611cb29de336bfd85f9a >Author: Eric Paris <eparis@redhat.com> >Date: Fri Jan 11 14:23:09 2013 -0500 > > policycoreutils: sepolicy: new command to unite small utilities > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit ec184d891aae2fdea69a7c8db83bccce90f9e77c >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Feb 5 17:08:27 2013 -0500 > > Should be creating NEWIPC for each sandbox, to make sure we don't have a conflict on semaphores > >commit 1f3f4e0ca8a0162df107d0fc63d26874a737b34e >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Feb 5 16:44:21 2013 -0500 > > Fix number of args for genhomedircon > >commit 2b0745910f6a3850ebf5a64f593770fae4a4369c >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Feb 5 16:40:51 2013 -0500 > > Remove genhomedircon and make it a symlink of semodule, then force -B -n into options. > >commit a608af2e599016332f888b4cac739d9ce284ea49 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Feb 5 10:57:10 2013 -0500 > > Remove audit2why and make it a symlink to audit2allow. > Change audit2allow to check the name and set the -W flag if appropriate. > >commit b6e0a224de0b7224861b23121e1049327b770e46 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Feb 4 16:35:28 2013 -0500 > > Move content out of policycoreutils.spec into upstream > >commit 9d370c30b0470652eb7b9237d870afbaa461ad81 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Feb 4 13:00:04 2013 -0500 > > Merge with eparis/master > >commit c6a780aa26718087509bba79d7c47f237bd9a464 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Feb 4 12:59:35 2013 -0500 > > Fix errors found by Dave Malcolm analysys tools. > >commit 4d820dded0b025c28e87ceee74dc371d6880a0ff >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Feb 1 12:20:15 2013 -0500 > > Set global parameter indicating BOOTTIME variable > >commit 458ef6d1acab7d181c5bc59209d2bb7e5b5cb2d1 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Feb 1 12:17:03 2013 -0500 > > Code currently segfaults if policy() was not successfull and error was ignored. > or if policy() was never called in python bindings. > > This code now checks on both search and info python bindings. > > We now raise an exception. Since we do not want the exception to be raised just for calling import seobject, we wrap the calls causing the exception on initiations. > > If you make any calls after the initiation, you will get exceptions. > >commit cc967de424816dfc713ed58cc7f1aa7c7dab56c3 >Author: Eric Paris <eparis@redhat.com> >Date: Sun Nov 11 18:07:22 2012 -0500 > > global: gitignore: add a couple of more editor backup filetypes > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit aed9430bba610d0d4c7b437655f9234a15e5cffc >Author: Eric Paris <eparis@redhat.com> >Date: Sun Nov 11 18:06:06 2012 -0500 > > policycoreutils: Rebuild polgen.glade with glade-3 > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 4c25c40cfac56de9e10f66187f809923587d9f4f >Author: rhatdan <dwalsh@redhat.com> >Date: Mon Sep 17 14:54:11 2012 -0400 > > policycoreutils: load_policy: make link at the destination directory > > Pay attention to DESTDIR and friends, don't just use /sbin/ > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 28baa721e0f544d0899b68eb5eee070ed2b4b02b >Author: rhatdan <dwalsh@redhat.com> >Date: Fri Sep 14 10:52:08 2012 -0400 > > libsemanage: Add sefcontext_compile to compile regex everytime policy is rebuilt > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 44cba24ba68d5021862c3b9e962b96d63e587dce >Author: rhatdan <dwalsh@redhat.com> >Date: Fri Sep 14 10:51:09 2012 -0400 > > libselinux: sefcontontext_compile: Add error handling to help debug problems in libsemanage. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit a293048a59aa8eae68f76d1bafe08acba9285f97 >Author: Eric Paris <eparis@redhat.com> >Date: Thu Nov 1 15:42:27 2012 -0400 > > libselinux: do not leak mmapfd > > On failure, common if .bin is older than the text version, we will leak > the mmapfd. Don't do that. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 9ebd779353764299e40f63f843eb26209ffbd771 >Author: Eric Paris <eparis@redhat.com> >Date: Thu Aug 30 13:43:54 2012 -0700 > > libselinux: label_file: use precompiled filecontext when possible > > When loading the filecontext database, check to see if there is a newer > binary version. If so, mmap that file, is used to populate the regex db > instead of reading from the text representation and compiling regex's as > needed. If the text file is newer it will use the text version and > ignore the binary version. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit dac8b32c1781dde089e8fc45904fc01a1a21b8ed >Author: Eric Paris <eparis@redhat.com> >Date: Wed Aug 29 15:31:12 2012 -0700 > > libselinux: utils: new file context regex compiler > > This is a new 'compiler' which tranforms the file context database into > a binary format. This binary format may be mmap'd in later removing the > need to compile the regular expression at run time. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit a29f6820c52b60b9028298cde9962dd140bbf9ea >Author: Adam Tkac <atkac@redhat.com> >Date: Fri May 25 17:55:08 2012 +0200 > > libsepol: filename_trans: use some better sorting to compare and merge > > The expand_filename_trans() function consumed vast majority of time by comparsion > of two lists with dumb algorithm with O(n^2) complexity. > > Now it chunks one list by it's filename_trans->stype value to limit length of > elements which needs to be walked when comparing filename_trans_t element with > this chunked list. > > This change speeds-up se* commands by 80%. > > Signed-off-by: Adam Tkac <atkac@redhat.com> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 933840af6c41ea0203485227c4ac2258f15d40f5 >Author: Eric Paris <eparis@redhat.com> >Date: Tue Dec 4 15:23:57 2012 -0500 > > libselinux: audit2why: make sure path is nul terminated > > We use strncpy which could leave a non-nul terminated string if the > source is longer than PATH_MAX. Add that nul. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 960d6ee879f34df84e90394c32a606d6d1be48ae >Author: John Reiser <jreiser@bitwagon.com> >Date: Fri Feb 3 11:56:39 2012 -0500 > > policycoreutils: setfiles: estimate percent progress > > This patch started with work from John Reiser patch to estimate the > percent progress for restorecon/setfiles. > > It has a lot of changes since then, to make it only happen on full > relabel, overwrite itself, shows 10ths of %, and does a lot better and > more useful job of estimation. We get all of the inodes on all mounted > FS. Since the number of inodes is not fixed and only an estimate I added > 5% to the inode number, and forced the number to never go over 100. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 921de54d82df6edab752378048adee6f077b3ecb >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Jan 31 13:56:44 2013 -0500 > > Lots of fixes for problems with generating policy. > > Tested all parameters to make sure they worked, and cleaned up many small bugs. > >commit 3d8d536175badb2715b33c0f98473d5fee4efdac >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Jan 31 12:15:16 2013 -0500 > > Move some of the general get_all functions in sepolicy into the __init__.py file so that they get shared byt subparsers. > >commit 237448e9a39a3648416a072e18b6ff5bf4a4cb58 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Jan 31 12:13:48 2013 -0500 > > Revert "Move some of the general get_all functions in sepolicy into the __init__.py file so that they get shared byt subparsers." > > This reverts commit d59db3845c952c93fe0233351d8ec3d0badcf351. > >commit d59db3845c952c93fe0233351d8ec3d0badcf351 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Jan 31 12:12:22 2013 -0500 > > Move some of the general get_all functions in sepolicy into the __init__.py file so that they get shared byt subparsers. > >commit 2cb1bd0b8f9dd9b605b3fcf7252d969583e97688 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Jan 31 09:35:39 2013 -0500 > > Fix sepolicy generate breakage caused by adding user specified types. > >commit 1c16d2b7f0b47aeb5ff2f5c0ed4e9526200703de >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Jan 29 16:14:12 2013 -0500 > > Add check to see if / has a label, if not then force a full relabel. > > Fix fixfiles onboot bugs in scripting > >commit 53a8b95498ba99550dfdb7c994c769e92288d2e5 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Jan 29 15:37:59 2013 -0500 > > Add ability to either relabel all new files since the last boot, or a spacified date. > > Add ability to record OPTIONS into the the /.autorelabel file. > > fixfiles -F onboot > writes out /.autorelabel with -F > > fixfiles -B onboot > writes on /autorelaebl with -N BOOTDATE recorded. > > The goal is to allow boot up sequence that sees /.autorelabel to hand any > options store in it, to fixfiles restore > > OPTIONS=`cat /.autorelabel` > fixfiles $OPTIONS restore > >commit 76e7636930847ef952fa129c21386b81e19d85b5 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Jan 28 14:36:22 2013 -0500 > > Fix genhomedircon generation to allow spec file to pass in SEMODULE_PATH > >commit 927308c28c9ba20baff33d4ad8ffccb2bf6986b3 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Jan 28 14:35:49 2013 -0500 > > Add /etc/udpatedb.conf to restorecond.conf, vmware is doing some nasty stuff with it > >commit 8169613928ed2d37fadea7f9b01fc7662d987cb4 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Sun Jan 27 19:52:15 2013 -0500 > > update to eparis/master patches > >commit f58f0b31878365d7eac338dbe912fe2d5a36ebe5 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Jan 25 17:55:24 2013 -0500 > > Apply fixes from eparis/master > >commit ecdb712a6fc2d038cf978606e2d8dda50a575863 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Jan 25 17:30:06 2013 -0500 > > Turn verbose on for full relabel, also put -F into /.autorelabel if specified by the user > >commit 52356bee0555a893c3e84a201f9dc9cfeabb489f >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Jan 25 11:12:21 2013 -0500 > > Fixup whitespace > >commit f94e7410f796c618840f300ae3ef87b1cdd5fe00 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Jan 25 09:00:06 2013 -0500 > > Merge with eparis/master > >commit 6857b71a9d220569f9e7100edd9eb7afc7fd9066 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Jan 23 14:23:34 2013 -0500 > > getprevcon was broken by the previous patch. We always want to read the file system for > getprevcon, Also want to set the ERRNO on failures. > >commit ab9c18ddb9d5f5efefdeec4d7fc2ed8d90c6c796 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Jan 23 09:27:59 2013 -0500 > > Fix compile problems with get* changes > >commit 3031c9603a4946f8422d13fe0c885a20ee3da336 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Jan 23 07:13:35 2013 -0500 > > Speed up get*con also. > >commit f697ddf0dbbc0c06de36584aab5bacafc6e41e1b >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Jan 23 07:03:43 2013 -0500 > > Consolodate opening of the procattr into one function call. > >commit 7c43b9bee564a0fef09272410b5a8725708672bd >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Jan 23 06:56:06 2013 -0500 > > We were never changing the value of cpid, which was causing all of the labeling > by systemd to be screwed up > >commit fa77c760b4fa8295c7964bf33241c27594a6f242 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Jan 23 06:55:15 2013 -0500 > > pkg-config only works without specifiying the version of ruby in Fedora 19 > >commit 686f9c1f1cc346ee2089bbc4fdb11feb0ddcf7ad >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Jan 22 17:06:19 2013 -0500 > > Combine code into opeattr > >commit c10bcf37a2905a7834932302c8660942946d5fa4 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Jan 21 14:04:56 2013 -0600 > > If you are not able to read enforcemode set it to False > >commit aa14d7475284897404e64e897d9afb38eee946b7 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Jan 21 13:33:47 2013 -0600 > > Change audit.py to start returning audit analysis from audit2why. > > This will start to show the constraint messages in audit2allow. > >commit 72694ef7d906c880ebe5a369d33416e6515911f6 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Sat Jan 19 18:33:31 2013 -0600 > > Additional changes for bash completsion and generate man page to match the way the app is currently working. > >commit 79d51d92929948840a2fdde4161c2aa7f52b4c47 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Sat Jan 19 18:23:04 2013 -0600 > > Add newtype as a new qualifier to sepolicy generate. This new mechanism will allow > a policy write to generate types after the initial policy has been written and > will autogenerate all of the interfaces. > > I also added a -w options to allow policy writers from the command line to specify > the writable directories of files. > >commit c5a53acd17dc992ae8b1976470164389edd567ef >Author: Dan Walsh <dwalsh@redhat.com> >Date: Sat Jan 19 18:21:58 2013 -0600 > > Modify network.py to include interface defitions for newly created port types. > Standardize of te_types just like all of the other templates. > >commit d9056e5fddd57b2e894d429551cf8cf3f636cc37 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Jan 16 13:16:01 2013 -0500 > > Change permissive domains creation to raise exception if sepolgen is not installed > >commit 256a2dd94990b071e829b754d3100983ef9505ca >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Jan 15 12:44:53 2013 -0500 > > get_te_results no longer needs or uses the opts parameter. > > The compliler was complaining so I just removed the option. > >commit 6db5e6313350584a6fbf1d185743df57ea7e7802 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Jan 15 12:15:08 2013 -0500 > > Update translations > >commit 23725ba93a7bf55b5cf00841d23c0a2c3cc523e2 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Jan 15 12:13:13 2013 -0500 > > sepolicy generate --cgi -n NAME PATHTO/cgiscript > > Was generating some problems in the script and spec file with the nameing of > the pp file and the generation of the man pages, since the Domain Name was different then > the module name. > > This fixes this problem to create the objects with the correct name. > >commit 1325be4e6b2898581d77bd96510442e6cc59609f >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Jan 14 20:18:36 2013 -0500 > > Only report network ports for domain if the allow rules are currently enabled. > > We have changed the python bindings for sepolicy.search to return all rules even > those that are disabled by a boolean. This change will report the correct information > about what the specified domain can use for network connections. > >commit a8d87e7e70a17b6fcfc7123868817135f847c024 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Jan 14 20:17:48 2013 -0500 > > Commit unit_file.py to get rid of excess new line. > >commit 6e217c49189ce063d7e6567c131a29c5c265209f >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Jan 14 20:15:59 2013 -0500 > > sepolicy generate is blowing up because the unit_file.py file did not contain > a fc_dir entry. > > Since this is not appropriate for the unit_file I just add one which does nothing. > >commit e7956ee6fb31f56c1a35c1ed84333f266022bd10 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Jan 14 16:20:43 2013 -0500 > > Patch to reset __thread variables after a fork in set*con functions. > > When a process forks, the thread variables do not get reset, which was causing > sandbox command (seunshare) to fail. > > Using pthread_atfork, we are able to reset the variables and still improve the perfomance of commands like cp. > >commit 93af7d1c5bd67e482925b56513b9e072ea19efda >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Jan 11 18:50:29 2013 -0500 > > Enhance manpage generation to get all booleans that can modify the behaviour of > a confined domain. > >commit 7ca12b89189f77a46949d5b3f811efb81a084f47 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Jan 11 17:51:28 2013 -0500 > > Miroslav wanted this change to stop building manpages on alternate policies if it can not find the approptiate file_context and policy.xml files. I think in the long run we should just give it an alternate root path and then look for those files in the standard location. > >commit 2ba07c4504666934257d0fd1b2eb3504729a1817 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Jan 11 16:50:55 2013 -0500 > > Start searching for all rules includeing disabled, but add indicator to dictionary to show if rule is enabled. > >commit 65eeb249e600d598230190234cf82a380ed27f62 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Jan 11 15:21:26 2013 -0500 > > Add support for returning boolean information from policy. > >commit 118c88953e9a79009ea01d674f0e6b4d238f3b1d >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Jan 10 16:38:10 2013 -0500 > > Miroslav change to have sepolicy generate handle attribute_roles > >commit 3db6505cbd353b8d07f34433006aa1f839f80f09 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Jan 10 16:37:06 2013 -0500 > > Update procattr patch with Eric Changes to handle failure situations. The > failure paths were causing udev to go nuts. > >commit a011f36ba80e357d6608583e3dad0fcb72ae859d >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Jan 9 12:07:39 2013 -0500 > > Fix typo for roleattribute policy > >commit 210153917117a7f0bb2758d51bb1a31b8424d455 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Jan 9 10:15:59 2013 -0500 > > Miroslav patch to make sepolgen understand role attributes > >commit ab99dc08832ecc4cfa5a8392f20157f2c6e4b35d >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Jan 9 10:15:29 2013 -0500 > > Apply eparis fix to stop stack overflow bug in audit2why > >commit 8750b1d3e6821d49405981097d93ebb43f358909 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Jan 9 10:13:54 2013 -0500 > > Ondrej Oprala patch to speed up setcommands > >commit 3cc5bdb1a1b184819211701c765ab1d45b979816 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Jan 9 08:35:48 2013 -0500 > > Update translations. > >commit a2e4170c374f5140ebf4ebc3f0eeb4f956f3df00 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Jan 9 08:35:01 2013 -0500 > > Only raise exception on missing policy file if SELinux is enabled. > >commit e622994e8cc72e42eb225ca9c43293665c93c927 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Sat Jan 5 11:16:07 2013 -0500 > > /etc/mtab is a link to /proc/mounts so no longer needs to maintain labels > >commit 3fd2cfa2376918b0e2ccbc2fea132766cdff5746 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Sat Jan 5 07:04:16 2013 -0500 > > /etc/mtab now points at -> /etc/mtab > >commit 3688df7a444893397b3a2354e85105a659eca99f >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Jan 4 17:11:37 2013 -0500 > > Cleanup sepolicy transitions to use sepolicy.TRANSITION and cleanup output, change to use a class definition > >commit fb767accdea6aa1998ce34199a518c9679eb3d94 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Jan 4 17:10:17 2013 -0500 > > sepolicy transitions was not selecting class, source, and target properly. > >commit 3b92bbb1bdc97db94b3224454b6d057413336a92 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Jan 4 17:09:51 2013 -0500 > > Update Translations > >commit 9304c3a086f54294427d77018b24d145e96d86dd >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Jan 4 12:05:36 2013 -0500 > > Update translations files to contain autogenerated boolean descriptions > >commit 9201a0785e813702d5ba3205aee5f2edeb28f527 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Jan 4 12:00:52 2013 -0500 > > Change sepolicy to generate descriptions for all booleans, even autogenerated booleans > >commit 77722493d2daf8babca6e8d2b6cde7ffa997b3f9 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Jan 4 12:00:35 2013 -0500 > > Make interface discovery quicker > >commit c02ff84c19b548a367936c890569a75831ff44ab >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Jan 4 11:29:04 2013 -0500 > > Fix sepolicy manpage -a crash. More cleanup of format and better printing > >commit ed33c8a3f7ee30564b7b8241c8c82fddac5fc737 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Jan 3 15:18:47 2013 -0500 > > Update translations > >commit d2494e7ebe1ce990bd53731a0ed5c08dc3fada1c >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Jan 3 15:12:18 2013 -0500 > > Fix file context listing, and add equivalence mappings > >commit b9939803b00536ba097bda7dda671d24f5b5bdb1 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Sat Dec 29 16:11:21 2012 -0500 > > Lots of fixups to allow generation of policy via sepolicy generate for confined adminitators and existing domains. > > sepolicy generate --customize -n mypuppet -d puppet_t -a apache -a postgresql > > Would generate a policy module which allow puppet_t to administrate apache and postgresql. > > sepolicy generate --confined_admin -n myadm -u staff_u -a apache -a postgresql > Would generate a policy for myadm_t which is a confined admistrator reachable from staff_u user and able to administrate apache and postgresql domains. > > s > >commit ed063a8063dab41b3bf35efde6019f2222e4f327 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Dec 27 11:46:51 2012 -0500 > > Fix error message to include %s > >commit 122fea4d98a0ff6846bbffb1d898b4f08706d547 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Sun Dec 23 06:56:29 2012 -0500 > > Add sepolicy interface to show all interfaces on the system and to list all user roles and admin roles. > >commit b567adceb7c32021e8ba4d215fa3aec7f8dbb5f9 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Sat Dec 22 07:39:03 2012 -0500 > > import sepolgen.module in proper place > >commit 645ca1d1fdd2c67ab7f121d3f4389e189b7ef412 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Sat Dec 22 07:37:49 2012 -0500 > > Update translations > >commit ef108a2b46c8a913654e2a2330c1cd2adc85229b >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Dec 18 09:22:45 2012 -0500 > > Add eu.po to translations > >commit e34f8a99f1a24f45131db68de87f0c9ff768e1f4 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Dec 18 09:21:50 2012 -0500 > > Fix gtk definition of forward to fix translations > >commit af4797a3da871f0f04a08d3cb1a1d38cbf03e54f >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Dec 17 13:20:49 2012 -0500 > > Add Miroslav fix to stop crashes in sepolicy transition > >commit 3226ba638b451018d962019ed4ea16aa5d73b821 >Author: Eric Paris <eparis@redhat.com> >Date: Tue Dec 11 20:55:06 2012 -0500 > > libsepol: coverity > > I'm down to 2 coverity messages in libsepol. One for 'dead code' where > we have a default block in a switch statement with the comment /* > impossible to get here */ and one silly thing in a stdio.h header file > we can't do anything about. Sure makes the results easier to deal with! > In any case, I would suggest reverting your patch, then applying mine on > top, as just merging my patch on top will likely result in some double > frees and other problems due to some subtle differences between how we > fixed stuff. So: > > save this email as a raw mbox > git revert 69279108aaac9f9c1e0813905cee15f5517e61f4 > git am -s /path/to/this/raw/mbox > > Then your merge back in the future should be smooth. > > Signed-off-by: Dan Walsh <dwalsh@redhat.com> > >commit e5783c7609cee4b79b80dc8d7e216fa453e5b7f7 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Dec 17 11:49:17 2012 -0500 > > Revert "Fix errors found by coverity" > > This reverts commit 69279108aaac9f9c1e0813905cee15f5517e61f4. > >commit d0e3dff14d0592ddd365dca48d9f94378e91c747 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Dec 10 11:50:44 2012 -0500 > > sepolicy generate should allow policy modules names that include - or _ > >commit 1f98b8a835caea6bd8c1c47c850fb1cb965f7fe1 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Dec 10 10:59:37 2012 -0500 > > Apply patch from Miroslav to display proper range description in man pages generated by sepolicy. > >commit 13268e3a7c490dfcad2ec55a1c2f1a66f4a5cd7e >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Dec 10 10:59:07 2012 -0500 > > Should print warning on missing default label when run in recusive mode iff verbos mode is selected > >commit 5b3994a8817c0920a45ef8241e8c6fdcfe09343a >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Dec 10 10:57:24 2012 -0500 > > Remove extra -R description, and fix recursive description > >commit bed2bbad976b7bea716f81400a18cc305605ee70 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Dec 6 14:40:59 2012 -0500 > > Discover selinux policy file if SELinux is disabled > >commit 1ad827e10c8e5a35fa6fb1189ae5517809bd22a8 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Dec 6 14:40:23 2012 -0500 > > Change system-config-selinux to save /etc/selinux/config without using lokkit > >commit 4f15c6ebdce081665b487afdfa730a08599a91a3 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Dec 6 09:13:08 2012 -0500 > > sepolicy should fail back to the installed policy if selinux is not enabled, and should throw a clean exception if it fails to load policy. > >commit 1c726e2c67c3a1c68263e21f6741e6b603420f10 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Dec 5 15:15:22 2012 -0500 > > sepolicy network -d should take multiple domains > >commit 6be2de077ee63ccad67c7d81de417b7fd0fd5736 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Dec 5 15:15:05 2012 -0500 > > Update translations > >commit 64b0ee2cd5735db3163b4e9f41fd61024431909a >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Nov 30 00:42:35 2012 -0500 > > Fix comment on -p path, fix -T to not take argument, and suppress help message since this is a hiddent option > >commit ca99e01e5c1cd4b0fda700f3f9d964c47a4f86fe >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Nov 30 00:22:56 2012 -0500 > > Add --path as a parameter to sepolicy generate > Print warning message if program does not exists when generating policy, and do not attempt to run nm command > >commit 735fb068e34d39dfe4b2e9a27235188708c78a70 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Nov 29 23:59:45 2012 -0500 > > Add verification code to make sure user enters valid domains, classes and ports > >commit a69f3577777da99d25ead7a3a0cd2c634d5a5f1b >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Nov 29 23:57:51 2012 -0500 > > Add support for returning class infor to seinfo python bindings > >commit 0d229017e1bbfc0e62011e9d8d30d0f044117db3 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Nov 29 23:57:16 2012 -0500 > > Update po > >commit 243aa0e2233f4acaa01c70c2168722d5204f6c1f >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Nov 29 15:45:38 2012 -0500 > > Have sepolicy manpage check domains, allow lack of entrypoints, and don't print NSSWITCH_DOMAIN, if it does not exist for the domain > >commit 7af3b533194198017be8164f621dddf11073a0fe >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Nov 29 12:17:38 2012 -0500 > > Fix errors found by coverity > >commit 69279108aaac9f9c1e0813905cee15f5517e61f4 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Nov 29 10:15:50 2012 -0500 > > Fix errors found by coverity > >commit 52d152a7cb59abdf028af64e9ce1a2878033a67a >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Nov 29 09:41:38 2012 -0500 > > Fix errors found by coverity > >commit 68aa0b777a3ddc27cc04487136566f1e6c86bced >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Nov 29 08:53:33 2012 -0500 > > Fix errors found by coverity > >commit 001e8d13bb7c94d5bed1ce07da9180e3afabff31 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Nov 27 16:29:21 2012 -0500 > > Update constraint construction code to handle buffer overflows. > Cleanup code to make it easier to read. > >commit d195c8c99ea2c4546e628e096be266c30b3b0e4b >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Nov 27 10:34:53 2012 -0500 > > Add translations handling code to sepolicy > >commit d193b98bfecb67e6eb5b27514b3252548d68ab6a >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Nov 21 14:25:17 2012 -0500 > > Cleanup audit2why analysys section > >commit 96b76ad0d86c923c5b3bc978257a9878472ed62f >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Nov 21 14:22:43 2012 -0500 > > Add mgrepl patch to add sock_file to etc_rw_t labeling > >commit f9e3c35b6045eb30c3264fdf7bcee13eef6b5343 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Nov 21 12:04:59 2012 -0500 > > Cleanup enable/disable/remove module. The current code was broken. > > If you specified a portion of the module name the code would disable the module rather > then giving you an error. For example. > > semodule -d http > > Would disable the httpd module. > As a matter of fact > > semodule -r h > > Would disable the first module file name that began with h. > > This patch gets the real file name out of the modules and compares it to the name specified. > It also consolodates a bunch of duplicated code, and fixes a return code bug. > >commit d161528e2dd64dc83790dada9776e1390d184e7f >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Nov 19 16:23:06 2012 -0500 > > Commit Richard Haines code to discover constraint violation information > >commit ab9ce722a44aabcf2dd7f626a1eb89941cd7d8a7 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Nov 19 16:10:27 2012 -0500 > > Moving some of the devel tools into policycoreutils-devel, which will make some apps require this package to be installed. > Helps slim OS > >commit fd2e373bda3466f6330a2be6fbc5c03e506f34d3 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Nov 19 16:09:35 2012 -0500 > > Update translations > >commit 5fbdf050bd23c4f402b00ff835720dbe9d619fb4 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Nov 15 07:37:28 2012 -0500 > > get_context_list.c should return failure, if it can not find a match for the login program. > >commit be26c537f52f9047b2dbf1dfb70f443d063075f0 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Nov 13 17:04:22 2012 -0500 > > List contents of /etc/selinux/target/logins if they exists with semanage login -l > >commit 785dc20e001124e8af20e31719a4554c10337fc8 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Nov 13 10:29:16 2012 -0500 > > Fix man pages and help to match > >commit e3212c9591b7a6351b0b3852477dea18cd67d36e >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Nov 13 10:28:47 2012 -0500 > > Fix handling of boolean_category > >commit df400474b58c88f1a107fdb5cec1ca90334a785b >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Nov 13 10:28:06 2012 -0500 > > Make audit2allow -b work correctly by forcing the locale > >commit ca864fcba12e0f81c6c31949ffb4bcb9a1971207 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Nov 13 06:56:14 2012 -0500 > > Fix sepolicy booleans call > >commit 1b29574d441e401b61b836fc246afcd9b8dff5b9 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Nov 12 17:00:29 2012 -0500 > > policycoreutils-python is not required in post install > >commit ad5e867dea12dacbd00bd000bad12a6f45aea020 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Nov 12 15:25:32 2012 -0500 > > Update translations > >commit f1654fcb1fb38f95af060c135554000cb4dec434 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Nov 7 10:46:48 2012 -0500 > > restorecon should not report errors on missing labels when run recursively > >commit 071c7052f4ae91f659244ec3443cc8ecac249998 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Nov 6 06:08:53 2012 -0500 > > Move boolean_desc and boolean_category into sepolicy > >commit 415dc5aac392549f90bf752c13a7884e603498a6 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Nov 5 15:38:49 2012 -0500 > > Update translations > >commit 1933091aaede727df3b74234be451777aa34d070 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Nov 5 15:37:49 2012 -0500 > > Should not generate kill capability just because kill syscall is called, instead add signal_perms > >commit a8a6459bdce57a86c083d7019c6f224240fe981d >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Nov 5 15:02:37 2012 -0500 > > Discover /var/run /var/log and /var/lib directrories if they are not listed in payload > >commit d0911ef22f90497c24470e8a41e4f63ee50cd544 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Nov 5 14:59:46 2012 -0500 > > Catch no display error > >commit 7e21003ec18a92394f38345decb7c36c34c26d12 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Nov 5 13:01:16 2012 -0500 > > Make sure we don't have subdirs in the .fc policy file. > >commit 5b7cf413180434ff0a2e146b24e1a29086d28a9a >Author: Dan Walsh <dwalsh@redhat.com> >Date: Sat Nov 3 07:17:45 2012 -0400 > > Fix manpage to generate proper man pages for alternate policy, basically allow me to build RHEL6 man pages on a Fedora 18 box, as long as I pull the policy, policy.xml and file_contexts and file_contexts.homedir > >commit b26ff3f558fc01635ebf03fb835a3e237aef8097 >Author: Eric Paris <eparis@redhat.com> >Date: Thu Nov 1 15:43:33 2012 -0400 > > libselinux: do not leak mmapfd > > On failure, common if .bin is older than the text version, we will leak > the mmapfd. Don't do that. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Signed-off-by: rhatdan <dwalsh@redhat.com> > >commit 7e5cc79325ac05c69684069b5fd86cf3c45970a5 >Author: rhatdan <dwalsh@redhat.com> >Date: Thu Nov 1 14:35:11 2012 -0400 > > Cleanup man page generation and create aliases > >commit 2f063f81d48acf2bd0ae046fc277e7912b00c9ff >Author: rhatdan <dwalsh@redhat.com> >Date: Thu Nov 1 11:04:17 2012 -0400 > > Only open poicy once for an sepolicy command > >commit a65a89dd4ded217067cb398c34c584d44d24521f >Author: rhatdan <dwalsh@redhat.com> >Date: Tue Oct 30 16:38:29 2012 -0400 > > Read the policy file only once > >commit b2028e294d386e160b9397694047e6210e8d261b >Author: rhatdan <dwalsh@redhat.com> >Date: Sat Oct 27 07:46:14 2012 -0400 > > Always get policy_path from python code > >commit 73da95bb80e20efc410d7089a977b06865ee41ab >Author: rhatdan <dwalsh@redhat.com> >Date: Fri Oct 26 07:49:13 2012 -0400 > > Swith --policy option to -P so it does not conflict with --path (-p) in manpage > >commit 1409aa0a4f086e1305fdd56cc515a808666f9a86 >Author: rhatdan <dwalsh@redhat.com> >Date: Thu Oct 25 17:13:40 2012 -0400 > > Allow search commands to use alternate policy files > >commit 8f783379972eb1dc5e57d21cff9b2261765799bd >Author: rhatdan <dwalsh@redhat.com> >Date: Thu Oct 25 16:36:20 2012 -0400 > > Fix man page to use roles instead of role, which is correct in the command > >commit 8c7a58f99d8c9e80e2d6f15945e544ea806785f5 >Author: rhatdan <dwalsh@redhat.com> >Date: Thu Oct 25 14:19:01 2012 -0400 > > Fix handling of boolean_sub names when using the -F flag > >commit 083eced31dba61210382b6189f0790578624a798 >Author: rhatdan <dwalsh@redhat.com> >Date: Thu Oct 25 13:17:12 2012 -0400 > > Add html support for generating manpages > >commit ea0847aef422ca5585d12903665579754777689c >Author: rhatdan <dwalsh@redhat.com> >Date: Thu Oct 25 08:32:20 2012 -0400 > > Add qualifier to shred content before deleting temporary directories in sandbox > >commit 079cbe8d767c23bc34f02a8d38c293b19ebe4786 >Author: rhatdan <dwalsh@redhat.com> >Date: Thu Oct 25 07:40:27 2012 -0400 > > Add qualifier to shred content before deleting temporary directories in sandbox > >commit 7b36ffe5a7788a904150b28cdd03f3e876b99652 >Author: rhatdan <dwalsh@redhat.com> >Date: Wed Oct 24 16:51:12 2012 -0400 > > Update trans > >commit 4dac80984ef6ec09ea7b9098342dbe1ad0335621 >Author: rhatdan <dwalsh@redhat.com> >Date: Wed Oct 24 16:50:41 2012 -0400 > > Fix typo > >commit 7637990d2b95c4c22094ac67762f1654870c647e >Author: rhatdan <dwalsh@redhat.com> >Date: Mon Oct 22 21:37:04 2012 -0400 > > Move get_all_modules call out of sepolicy into polgengui since it is only used here. > >commit a28aff34e1832c06d5a05b810ff41c2c46991620 >Author: rhatdan <dwalsh@redhat.com> >Date: Mon Oct 22 21:35:36 2012 -0400 > > Add requires (post) to make sure packages that SELinux will enforce will be > installed when policy is installed. > > Also remove all use of commands to use yum/rpm calls instead > >commit f64c70bb0998e5b5e238d97f81b7ee41043fc8e2 >Author: rhatdan <dwalsh@redhat.com> >Date: Fri Oct 19 10:03:04 2012 -0400 > > Fix man pages to generate all domains > >commit 9556bda43099d8ab0783f2d914a61bdbbc3d0cfe >Author: rhatdan <dwalsh@redhat.com> >Date: Fri Oct 19 09:45:36 2012 -0400 > > Implement sesearch --allow_role in python bindings which will remove requirement for setools-console for policycoreutils. > >commit 10864ec6a6a2da7a159bad0d4153285b0648f306 >Author: rhatdan <dwalsh@redhat.com> >Date: Wed Oct 17 15:28:49 2012 -0400 > > Add new interface to translate a mode_t in to a security class, for use with coreutils > >commit b849c8bb9fbc5dba0c6b338c4d3efb29a9422dc2 >Author: rhatdan <dwalsh@redhat.com> >Date: Wed Oct 17 10:19:55 2012 -0400 > > Fix spec file to generate proper rpm > >commit a897ad1498bf82ebdce5f22d3834acd0f5d3c2c2 >Author: rhatdan <dwalsh@redhat.com> >Date: Wed Oct 17 10:17:18 2012 -0400 > > Remove hard coded dwalsh@redhat.com, replace with Author comment using gecos field. > >commit 32bf17e8abac1c5f17523994e1f558c898594649 >Author: rhatdan <dwalsh@redhat.com> >Date: Wed Oct 17 08:47:53 2012 -0400 > > Add Miroslav patch to fix description to match upstream request > >commit 214df3e7f5cc8c1139f75d78c70a83ebb0ba812e >Author: rhatdan <dwalsh@redhat.com> >Date: Wed Oct 17 08:38:32 2012 -0400 > > Add spec file for use with sepolicy generate > >commit b8016623ffb94f23f84267cd8fb265412ea81428 >Author: rhatdan <dwalsh@redhat.com> >Date: Tue Oct 16 18:42:09 2012 -0400 > > Copy /var/tmp to /tmp as well as /tmp, since /tmp and /var/tmp get mounted over each other in sandbox > >commit 5fec9911931ec4c9cc8faed3899b93d04045ca75 >Author: rhatdan <dwalsh@redhat.com> >Date: Tue Oct 16 14:57:29 2012 -0400 > > Handle times in foreign locals for audit2allow -b > >commit 749a386546499b8339b5604fe57bc0a0d4f2ee66 >Author: rhatdan <dwalsh@redhat.com> >Date: Tue Oct 16 12:52:17 2012 -0400 > > Merge translations > >commit ca1e6ef080382fee1fa8a027c20680757dcbfb8e >Author: rhatdan <dwalsh@redhat.com> >Date: Tue Oct 16 11:03:56 2012 -0400 > > Generate spec file and man page using sepolicy generate > >commit 4390629007dfdcdff1e8c84ea4349c2199b60a48 >Author: rhatdan <dwalsh@redhat.com> >Date: Tue Oct 16 10:25:10 2012 -0400 > > Prevent segfaulting when audit2why.init() called multiple times, or audit2why.finish() called multiple times > >commit ab663f3e7f295fa8f209383911a08568238f52b4 >Author: rhatdan <dwalsh@redhat.com> >Date: Tue Oct 16 10:06:38 2012 -0400 > > Start using Popen, instead of os.spawnl > >commit d6885d42cb9f622bcb47c7594001ab956d9d14ec >Author: rhatdan <dwalsh@redhat.com> >Date: Mon Oct 15 15:25:31 2012 -0400 > > Fix potential segfault from calling audit2why.finish more then once > >commit 1ea3230333c7000306b09bc50f2927218794151f >Author: rhatdan <dwalsh@redhat.com> >Date: Mon Oct 15 09:36:17 2012 -0400 > > Update translations > >commit f7b16f64ee959be793de85d6b3a3f3dafa3f33af >Merge: 42866cd fec715a >Author: rhatdan <dwalsh@redhat.com> >Date: Fri Oct 12 15:28:02 2012 -0400 > > Merge branch 'master' of http://oss.tresys.com/git/selinux > >commit 42866cd11955a844a453cc346658be801b0ed98e >Author: rhatdan <dwalsh@redhat.com> >Date: Fri Oct 12 15:26:44 2012 -0400 > > Fix selinux man page to mention service man pages > >commit 047c72ab7b2cb0cf6de4c5fa95e4440ac04be8f5 >Author: rhatdan <dwalsh@redhat.com> >Date: Wed Oct 10 14:26:40 2012 -0400 > > Have seobject verify policy types before allowing you to assign them.pwd > >commit 11e0b01b6ef285036512b35b93465b6c1a52ecd7 >Author: rhatdan <dwalsh@redhat.com> >Date: Mon Oct 8 15:04:57 2012 -0400 > > Add mgrepl patch to only add single files lines to file context file > >commit 9044a4e1ecbb87a4318c8f552003e50ad95c88a3 >Author: rhatdan <dwalsh@redhat.com> >Date: Mon Oct 8 15:04:31 2012 -0400 > > Updated translations > >commit 5c7a1484945144b3ac717024056853e3a75b0770 >Author: rhatdan <dwalsh@redhat.com> >Date: Mon Oct 8 11:18:17 2012 -0400 > > Add new translations files > >commit cd30230b3ff91e04f5347fe4329be7a858ac049a >Author: rhatdan <dwalsh@redhat.com> >Date: Mon Oct 8 11:18:03 2012 -0400 > > Fix typo in man pages > >commit 34835d2f6dd637ac953dff35574cfa3467cfa071 >Author: rhatdan <dwalsh@redhat.com> >Date: Mon Oct 8 11:05:55 2012 -0400 > > Stop running update-po on make all > >commit 979f48c426291cc5fd29fe3d24e17e18f09f1447 >Author: rhatdan <dwalsh@redhat.com> >Date: Mon Oct 8 10:33:01 2012 -0400 > > Add booleans descriptions to translations files > >commit e21892dc5c0b4921b56dd84bde3363460c65a931 >Author: rhatdan <dwalsh@redhat.com> >Date: Mon Oct 8 10:07:06 2012 -0400 > > Add booleans.py so that we can get output of booleans translations > >commit 10affc8dd31b421f251a7932ab13adcf4a66fc91 >Author: rhatdan <dwalsh@redhat.com> >Date: Mon Oct 8 10:06:29 2012 -0400 > > Add translations config file > >commit 3e5bc4eeb236c081259d1cd933cf53ed8758cbc4 >Author: rhatdan <dwalsh@redhat.com> >Date: Mon Oct 8 10:06:03 2012 -0400 > > Update translations > >commit 517693c5e38ea95d95bbbea42251a5a6270a74cd >Author: rhatdan <dwalsh@redhat.com> >Date: Mon Oct 8 10:05:53 2012 -0400 > > Remove selinux.tbl > >commit d6918ee810dea59158ae9821b001a6f8e9495664 >Author: rhatdan <dwalsh@redhat.com> >Date: Mon Oct 8 07:59:03 2012 -0400 > > Add equiv_dict to generate booleans, add missing import > >commit 564e64cf957fda3ab212a368fd8f0d145b8d209b >Author: rhatdan <dwalsh@redhat.com> >Date: Sat Oct 6 08:23:44 2012 -0400 > > Stop using polgen and start using sepolicy python interface > >commit e592164ae7c42050c866a95d1cecc9096eff7719 >Author: rhatdan <dwalsh@redhat.com> >Date: Fri Oct 5 13:53:41 2012 -0400 > > Install man pages > >commit 220ecf793574a0d763c6d9f56e9a667b04f3d369 >Author: rhatdan <dwalsh@redhat.com> >Date: Fri Oct 5 13:52:33 2012 -0400 > > Fix error caused by removing booleans_desc and using sepolicy > >commit e73f0e22b55261e49b022ec6bc250965c76efa5c >Author: rhatdan <dwalsh@redhat.com> >Date: Fri Oct 5 13:51:46 2012 -0400 > > Cleanup errors found by strict compilers > >commit 4f4c20ee562b5e3bba4c14595d81d3149eab5046 >Author: rhatdan <dwalsh@redhat.com> >Date: Fri Oct 5 13:51:03 2012 -0400 > > Fix path changes introduced by moving templates to sepolicy > >commit bf31ada366705eb8214bf4f3cf252cbe0a7850d1 >Author: rhatdan <dwalsh@redhat.com> >Date: Fri Oct 5 13:50:56 2012 -0400 > > Fix path changes introduced by moving templates to sepolicy > >commit 2fead97905ffa401e2ae88f26cc6577262f74970 >Author: rhatdan <dwalsh@redhat.com> >Date: Fri Oct 5 13:50:10 2012 -0400 > > Add bash completion scripts > >commit b0c8eb95a87eb6746ce5c590309d064773ce642f >Author: rhatdan <dwalsh@redhat.com> >Date: Fri Oct 5 13:49:35 2012 -0400 > > Add new man pages for sepolicy commands > >commit c85e3b72dd7f52c463da57b888bf9e3a85fac963 >Author: rhatdan <dwalsh@redhat.com> >Date: Thu Oct 4 16:03:36 2012 -0400 > > Fix boolean definitions > >commit b6afae0400dad3a953452fd894d1e4ea4d7d9335 >Author: rhatdan <dwalsh@redhat.com> >Date: Thu Oct 4 16:03:16 2012 -0400 > > Change to use sepolicy > >commit 09c35bbdbfce1423b7692e9203a4d05216b3752a >Author: rhatdan <dwalsh@redhat.com> >Date: Thu Oct 4 16:02:44 2012 -0400 > > Move booleans_dict to the top level of sepolicy > >commit 9fe41ffa83b772b5eef56c3b485fa4c22267e009 >Author: rhatdan <dwalsh@redhat.com> >Date: Thu Oct 4 15:35:48 2012 -0400 > > Switch to using sepolicy tools > >commit d0847cc7ec90dd7dd9205a311c4900439a1c3632 >Author: rhatdan <dwalsh@redhat.com> >Date: Thu Oct 4 15:27:25 2012 -0400 > > Add new command sepolicy and begin consolidating all apps to use it > >commit 4291c632645572fd147320450189badc97f0046f >Author: rhatdan <dwalsh@redhat.com> >Date: Thu Oct 4 15:26:42 2012 -0400 > > Switch sandbox to use sepolicy and check if sandbox_t is enabled, if not display command to enable > >commit 546d423522861e9991de45bf5f8f1728dab5ef6e >Author: rhatdan <dwalsh@redhat.com> >Date: Wed Oct 3 16:18:48 2012 -0400 > > Rebuild polgen.glade with glade-3, ignore .#* > >commit 9614ad8ac13838f760312dfd16472e680a75bb5a >Author: rhatdan <dwalsh@redhat.com> >Date: Wed Oct 3 16:17:36 2012 -0400 > > New sepolicy command, uniting little scripts > >commit 32250e8255dfb9ee331d8bf78e4750ad38f11bae >Author: rhatdan <dwalsh@redhat.com> >Date: Wed Sep 26 11:00:56 2012 -0400 > > Compiler will not allow me to compile code without checking return code of setfsuid, setfsuid does not return a valid return code, so I am checking just -1 which should never happen. Second part of patch addes better output for error string > >commit fe5943666e75413a6f48fb891c6d4fbc6c5b0ea9 >Author: rhatdan <dwalsh@redhat.com> >Date: Wed Sep 19 16:07:46 2012 -0400 > > Revert patch to libsepol that is breaking file name transitions > >commit 74d40cbd62776e043fbad4b39f4223ee3f369f4c >Author: rhatdan <dwalsh@redhat.com> >Date: Mon Sep 17 14:54:11 2012 -0400 > > load_policy should make link at the destination directory > >commit 18226559150165205b276f1f88d6c45afd6e68e5 >Author: rhatdan <dwalsh@redhat.com> >Date: Mon Sep 17 14:53:48 2012 -0400 > > Mention in the man page that restorecon/setfiles of entire OS will print percentage complete when run with the -p flag > >commit 28b8d7bdc520dc3441e00b76fbe9c25323729ed5 >Author: rhatdan <dwalsh@redhat.com> >Date: Mon Sep 17 14:51:57 2012 -0400 > > Allow the users to override the progress bar, with verbosity. > > IE Run restorecon with -v rather then -p > >commit fec715a6f2fc349b27b299bf797397bcbe00b13d >Author: Eric Paris <eparis@redhat.com> >Date: Fri Sep 14 13:41:22 2012 -0400 > > policycoreutils: po: remove bad selinux.tbl line from Makefile > > selinux.tbl is a Fedora translation file that doesn't make sense in > policycoreutils. Until we figure out how to deal with it, I'm not going > to push it. But I accidentally included it in the update-po make > target. Remove it from the make target. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit ab3aee7c29da72029f7299cf6ea7f39ad141a791 >Author: rhatdan <dwalsh@redhat.com> >Date: Fri Sep 14 10:52:08 2012 -0400 > > Add sefcontext_compile to compile regex everytime policy is rebuilt > >commit 163689bc588e8c93a2cc291d68ddc3bdd8ebd54d >Author: rhatdan <dwalsh@redhat.com> >Date: Fri Sep 14 10:51:09 2012 -0400 > > Add error handling to help debug problems in libsemanage. > >commit 1b3e8d56e1d523c9cd7b0892fd1cc9dba086c17d >Author: rhatdan <dwalsh@redhat.com> >Date: Thu Sep 13 16:46:17 2012 -0400 > > Apply eparis fix for labeling enhancement > >commit a316ce8aaf42187b622f57e630c198b1225d84dc >Merge: 8c98163 8638197 >Author: rhatdan <dwalsh@redhat.com> >Date: Thu Sep 13 16:18:38 2012 -0400 > > Merge with Eparis and upstream > >commit 8c98163592c29ac275bae4554ac68f1ce1fa4231 >Author: rhatdan <dwalsh@redhat.com> >Date: Thu Sep 13 12:14:04 2012 -0400 > > Boolean subs need this fix so that permant changes in libsemanage will work. > Currenly if you try to permanently change an old name, semanage will complain. > >commit 8638197342f77d66b3e21ee93009060886020064 >Author: Eric Paris <eparis@redhat.com> >Date: Thu Sep 13 10:33:58 2012 -0400 > > Version bumps for upstream push > >commit 18649484eee7e4ca7b0be572365aca368a3471b5 >Author: Xin Ouyang <xinpascal@gmail.com> >Date: Thu Jan 12 16:58:34 2012 +0800 > > libsemanage: Fix segfault for building standard policies. > > If you are building "standard" policies(not MCS/MLS), libsemanage > will crash, which caused by strdup() to "level" NULL pointers. > For example, semodule -s refpolicy -b base.pp -i a.pp > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 2ef297d4c80b7e55d9a33e20b44c540ffc6ad351 >Author: Harry Ciao <qingtao.cao@windriver.com> >Date: Sat Feb 25 09:40:08 2012 +0800 > > libsepol: role_fix_callback skips out-of-scope roles during expansion. > > If a role identifier is out of scope it would be skipped over during > expansion, accordingly, be it a role attribute, it should be skipped > over as well when role_fix_callback tries to propagate its capability > to all its sub-roles. > > Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 46ce32a6ee4df0c4b9423073da7e7221866a4054 >Author: Guido Trentalancia <guido@trentalancia.com> >Date: Wed Aug 22 12:42:35 2012 +0200 > > policycoreutils: genhomedircon: dynamically create genhomedircon > > It dynamically creates the policycoreutils "genhomedircon" > script during the build process in order not to hard-code > the full path to the semodule executable, as in general the > latter could reside in non-standard SBINDIR/USRSBINDIR > locations. > > It might not be very stylish or it might appear cumbersome, > but at least the script should not break as easily as the > current static one. > > The patch also edits the Makefile for the scripts so that > LOCALEDIR correctly uses $(PREFIX) rather than an absolute > path. > > Signed-off-by: Guido Trentalancia <guido@trentalancia.com> > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 45658fc6d5c7ed84a7356275f547eca92d4a959f >Author: Guido Trentalancia <guido@trentalancia.com> >Date: Mon Aug 20 12:15:13 2012 +0200 > > libselinux: improve the file_contexts.5 manual page > > Manual page improvements for the file_contexts and related policy > configuration files (section 5): > > - create links to selabel_file.5 not only for file_contexts.5 but > also for the other optional policy configuration files (including > the so-called file contexts "substitution" files); > - clarify the above mentioned manual page(s), in particular relatively > to the action performed by the so-called file contexts "substitution" > policy configuration files (aliasing/equivalence versus substitution); > - improve the explanation of the form that the "substitution" files > shall have. > > Signed-off-by: Guido Trentalancia <guido@trentalancia.com> > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 46b60eee897c8e2f1aa296f33841db11ac8e44c6 >Author: Guido Trentalancia <guido@trentalancia.com> >Date: Fri Jun 15 18:40:13 2012 +0200 > > policycoreutils: restorecond: relabel all mount runtime files in the restorecond example config > > Ship a restorecond.conf file that relabels all mount runtime files under /etc and > not just /etc/mtab. > > Mount also uses /etc/mtab~[0-9]{0,20} lock files (the number corresponds to the > PID) and the /etc/mtab.tmp temporary file. > > The above refers to mount from util-linux-2.21.2 from kernel.org. See mount -vvv > for the location of such files. > > A patch is also available for the reference policy to fix this issue. > > Signed-off-by: Guido Trentalancia <guido@trentalancia.com> > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit b8067636b6855384965a74b8bcb1ed886ac68bfb >Author: Guido Trentalancia <guido@trentalancia.com> >Date: Sun Aug 19 17:59:20 2012 +0200 > > policycoreutils: semanage: skip comments while reading external configuration files > > Fix fcontextRecords() in policycoreutils/semanage/seobject.py so > that semanage does not produce an error in fcontext mode when > the file_contexts.subs_dist file contains comments (prefixed by #). > > Properly skip blank lines. > > Treat both white space and tab as valid separators for the above > mentioned policy configuration file (v2). Minimum number of > changes (v2bis). > > Signed-off-by: Guido Trentalancia <guido@trentalancia.com> > Reported-by: Sven Vermeulen <sven.vermeulen@siphos.be> > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 1c8a7c194d3a3f72be5d02d50df2f7b679aeabe7 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Jul 31 10:12:46 2012 -0400 > > libselinux: Ensure that we only close the selinux netlink socket once. > > Taken from our Android libselinux tree. From Stephen Smalley. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit a8a36f88c2791171d798a33866f5da625a2deea1 >Author: Eric Paris <eparis@redhat.com> >Date: Wed Sep 12 20:57:24 2012 -0400 > > sepolgen: audit2allow: one role/type pair per line > > audit2allow was generating rules which would not compile. We can only > do one per line, not tons of types at one time. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 628bcc69e23d96cec308bae5c70bebdeebeeeecc >Author: Eric Paris <eparis@redhat.com> >Date: Wed Sep 12 14:57:53 2012 -0400 > > policycoreutils: sepolgen: return and output constraint violation information > > update sepolgen to return constraint violation information. Then output > that information in audit2allow. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 4d04f4c443b916cd078f12930f683374da2291e4 >Author: Eric Paris <eparis@redhat.com> >Date: Thu Aug 30 18:17:26 2012 -0700 > > libselinux: label_file: only run array once when sorting > > Instead of running the array two times, sorting the 'hasMeta' the first > time and the !hasMeta the second, run the array once putting hasMeta in > the front and !hasMeta in the back. Then ONLY run the !hasMeta section > a second time reversing its order so its sorted as it should be. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 36ab97dadc3ae8d504d6a4cfa7490d92b49b370d >Author: Eric Paris <eparis@redhat.com> >Date: Thu Aug 30 14:13:55 2012 -0700 > > libselinux: label_file: struct reorg > > Use char instead of int, reorder to put the chars together. Just litle > things. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit de5bc062ca60668c7e5cae741fd0ae646c0d16bb >Author: Eric Paris <eparis@redhat.com> >Date: Thu Aug 30 11:43:36 2012 -0700 > > libselinux: label_file: break up find_stem_from_spec > > Right now find_stem_from_spec does a number of things: > - calculate the length of th stem > - look for that stem > - duplicate the stem > - add the stem to the array > > break those things up a bit because the mmap version isn't going to need > to do some of those things. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 16b578895e5c20ad6594186a14a04d848c735889 >Author: Eric Paris <eparis@redhat.com> >Date: Wed Aug 29 16:34:46 2012 -0700 > > libselinux: label_file: new process_file function > > We currently duplicate code 3 times for the main file, the homedirs, and > the local file. Just put that stuff in its own function so we don't > have to deal with it multiple times. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 79b6a8d78fc184b01133ac11d1d0c683633dcaf3 >Author: Eric Paris <eparis@redhat.com> >Date: Wed Aug 29 15:54:17 2012 -0700 > > libselinux: label_file: only run regex files one time > > We currectly run all of the regex files 2 times. The first time counts > the lines and does the simple validatation. We then allocate an array > of exactly the right size to hold the entries and run them a second time > doing stronger validation, regex compile, etc. > > This is dumb. Just run them one time and use realloc to grow the size > of the array as needed. At the end the array will get sized perfectly > to fit by the sorting function, so even if we accidentally allocated > entra memory we'll get it back. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit ee88185aff38b18b16da0d0ed38796d7142632d1 >Author: Eric Paris <eparis@redhat.com> >Date: Mon Aug 27 14:43:51 2012 -0400 > > libselinux: label_file: add accessors for the pcre extra data > > When we use an mmap backed version of data we need to declare the pcre > extra data since we are only given a point to the data->buffer. Since > sometimes the spec will hold a pointer to the extra data and sometimes > we want to declare it on the stack I introduce and use an accessor for > the extra data instead of using it directly. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 247759031a3e41e5a0f462dc7dfecc0d79d1652e >Author: Eric Paris <eparis@redhat.com> >Date: Wed Aug 29 15:16:43 2012 -0700 > > libselinux: label_file: move regex sorting to the header > > We want to do the same thing in the compiler and as we do in in the code > which reads regexes in from the text file. Move that sorting into the header. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit dd61029c549b01efe41576a3406f6ff513699461 >Author: Eric Paris <eparis@redhat.com> >Date: Mon Aug 27 13:27:53 2012 -0400 > > libselinux: label_file: fix potential read past buffer in spec_hasMetaChars > > An illegal regex may end with a single \ followed by nul. This could > cause us to search past the end of the character array. The loop > formation looks like so: > > c = regex_str; > len = strlen(c); > end = c + len; > > while (c != end) { > switch (*c) { > ... > case '\\': /* skip the next character */ > c++; > break; > ... > } > c++; > } > > If the \ is the last character then we will increment c and break from > the switch. The while loop will then increment c. So now c == end+1. > This means we will keep running into infinity and beyond! Easy fix. > Make the loop check (c < end). Thus even if we jump past end, we still > exit the loop. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 48682e2853f3c66a628adcaf0dbd6030630802f2 >Author: Eric Paris <eparis@redhat.com> >Date: Mon Aug 27 13:21:28 2012 -0400 > > libselinux: label_file: move spec_hasMetaChars to header > > So we can use it in the new compile utility, move the > spec_hasMetaChars() function, which looks for things like .*?+^$ in > regular expressions into the internal header file. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit fcc895661d0cfc619f0895e5c8cb3017cc97364e >Author: Eric Paris <eparis@redhat.com> >Date: Mon Aug 27 11:19:13 2012 -0400 > > libselinux: label_file: drop useless ncomp field from label_file data > > The libselinux label_file backend counted the number of regexes which > had been compiled. We didn't use it and it wasn't useful information. > Stop doing it. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 9937685cbe8ae6a57cd0b653f2e04f1f45efe46e >Author: Eric Paris <eparis@redhat.com> >Date: Wed Aug 22 14:41:46 2012 -0400 > > libselinux: label_file: move stem/spec handling to header > > We want to be able to find the stem and the spec from our new utility. > So move those functions to the header file. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit b9482941ce29e17cd669da457ec3bc176e43fcc6 >Author: Eric Paris <eparis@redhat.com> >Date: Wed Aug 22 16:03:27 2012 -0400 > > libselinux: label_file: move error reporting back into caller > > If we want to use these functions in utilities we shouldn't call such > libselinux internal functions. Move the error reporting up to the > caller. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit f744f239fbfcd1f74bac3196acd616d871ab6108 >Author: Eric Paris <eparis@redhat.com> >Date: Wed Aug 22 14:20:38 2012 -0400 > > libselinux: label_file: do string to mode_t conversion in a helper function > > So the string to mode_t conversion in a helper function so it can be > used later by a regex compilation program. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit c27101a58317a3d535437f6bd82a3af4a7140074 >Author: Eric Paris <eparis@redhat.com> >Date: Wed Aug 22 14:02:01 2012 -0400 > > libselinux: label_file: move definitions to include file > > We want to use some label_file internals in a utility to compile > fcontext files into binary data for fast use. So start pushing > structures and such into a header file. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit dc1db39e28d8319ee72429dfb5fdbb18208d8977 >Author: Eric Paris <eparis@redhat.com> >Date: Wed Aug 22 13:51:30 2012 -0400 > > libselinux: label_file: remove all typedefs > > I hate them. They just indirectly you needlessly. Just use the struct > definitions. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 091eb526dd2036d993517d09e4fc67b2bec3ec5e >Author: Eric Paris <eparis@redhat.com> >Date: Wed Aug 22 11:43:29 2012 -0400 > > libselinux: label_file: use PCRE instead of glibc regex functions > > The PCRE functions are about x10 faster than the glibc functions. So > use the external library. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit ac5f5645b6f285a66ceceb5625e05fbbe3ac1329 >Author: Eric Paris <eparis@redhat.com> >Date: Tue Jun 12 11:01:11 2012 -0400 > > libselinux: stop messages when SELinux disabled > > If SELinux is disabled we should send any messages. We shouldn't do > anything. Just return. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 01723ac2ce03443e8c89a47c53072dfa6debcb00 >Author: Chris PeBenito <cpebenito@tresys.com> >Date: Wed Jun 6 13:27:10 2012 -0400 > > libsepol: Add always_check_network policy capability > > Currently the packet class in SELinux is not checked if there are no > SECMARK rules in the security or mangle netfilter tables. Similarly, the > peer class is not checked if there is no NetLabel or labeled IPSEC. Some > systems prefer that these classes are always checked, for example, to > protect the system should the netfilter rules fail to load or if the > nefilter rules were maliciously flushed. > > Add the always_check_network policy capability which, when enabled, treats > these mechanisms as enabled, even if there are no labeling rules. > > Signed-off-by: Chris PeBenito <cpebenito@tresys.com> > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 1f3bca77e04687afb87a7a4e034298c9c955919b >Author: Chris PeBenito <cpebenito@tresys.com> >Date: Tue Jun 12 10:17:14 2012 -0400 > > libsepol: check for missing initial SID labeling statement. > > If an initial SID is missing a labeling statement, the compiler will > segfault when trying to copy the context during expand. Check for this > situation to handle it gracefully. > > This fixes ocontext_copy_selinux() and ocontext_copy_xen(). > > Signed-off-by: Chris PeBenito <cpebenito@tresys.com> > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit e26b58b08e92f823ff2f7e20ffd3124b7c5f8ccf >Author: Chris PeBenito <cpebenito@tresys.com> >Date: Tue Jun 12 10:17:13 2012 -0400 > > libsepol: Move context_copy() after switch block in ocontext_copy_*(). > > If an initial SID is missing a labeling statement, the compiler will > segfault on the context_copy(). Move the context copy after the > switch block so that the existance of the initial SID label can be checked > before trying to copy the context. > > This fixes both ocontext_copy_selinux() and ocontext_copy_xen(). > > Signed-off-by: Chris PeBenito <cpebenito@tresys.com> > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 30db6f423bea71c892700b7599e8395e516702ad >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Jun 25 09:35:53 2012 -0400 > > policycoreutils: sandbox: Make sure Xephyr never listens on tcp ports > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit b2d86f82196e26e6d62443a6e216c5c807d03018 >Author: Eric Paris <eparis@redhat.com> >Date: Tue Jul 3 15:00:45 2012 -0400 > > libselinux: booleans: initialize pointer to silence coveriety > > The coveriety scanner is too stupid to realize that the strtok_r() > function initializes the saveptr variable. Since we are passing a > variable location without initializing it coveriety gets angry. Just > shut up the scanner, but nothing was wrong to start with. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit bd8ea2eb6caf103398fef80e41e0ef86ba3892b7 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Jun 21 09:42:45 2012 -0400 > > libselinux: seusers: Check for strchr failure > > If we have a malformed seusers entry we may not find the : proceeding > the level and would thus get a NULL. This can blow up. Check for this > error and bail gracefully. Found by coverity > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit fa7a9a604ee9f12dbfa63950adc0122880c092b0 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Jun 21 09:41:50 2012 -0400 > > libselinux: utils: avcstat: clear sa_mask set > > We were leaving random stack garbage in sa.sa_mask. Clear it the way > one should. (spotted by coveriety) > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 873c1766510f82481beb83a07fdf03235d4f4dfe >Author: Eric Paris <eparis@redhat.com> >Date: Tue Jul 3 14:45:38 2012 -0400 > > checkpolicy: check return code on ebitmap_set_bit > > This can fail due to ENOMEM. Check and return code and return error if > necessary. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 87e8d46f2934d2d5591b44b29f308adb93f4b128 >Author: Eric Paris <eparis@redhat.com> >Date: Tue Jul 3 14:43:45 2012 -0400 > > policycoreutils: checkmodule: fd leak reading policy > > We never closed the fd to the policy file. Close this fd as soon as we > are finished with it. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 1db01640eec01d4819e3033aff519c5beb753e1a >Author: Eric Paris <eparis@redhat.com> >Date: Wed Sep 12 14:18:50 2012 -0400 > > libselinux: matchpathcon: add -m option to force file type check > > We may want to force matchpathcon to respond if the path is question is > a dir, sockfile, chr, blk, etc. Add an option so you can force it to > hit the right rule types. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit b0b22829eb0aa992462b9efd7b32e2fdc8604faf >Author: Eric Paris <eparis@redhat.com> >Date: Wed Sep 12 13:17:30 2012 -0400 > > libsemanage: do boolean name substitution > > So people can use -P and it will work. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit ee6901618c9da360515474145504c7b58258441f >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Jun 11 13:25:29 2012 -0400 > > libselinux: expose selinux_boolean_sub > > Make selinux_boolean_sub a public method so getsebool can use it, as well as > potentially used within libsemanage. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 179ee6c18725d61bd04019b4631d3ff43d964c67 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Jun 11 13:25:03 2012 -0400 > > libselinux: Add man page for new selinux_boolean_sub function. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit bac96c8c70e2b37362090cb1ffc96aa54c160bca >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Jun 11 13:19:00 2012 -0400 > > libselinux: getsebool: support boolean name substitution > > Use selinux_boolean_sub to translate the boolean name handed in by the user. > Report back the correct name of the boolean. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 88c35241535803247bd3044187c6c3b3c7f02c79 >Author: Eric Paris <eparis@redhat.com> >Date: Wed Apr 18 11:00:24 2012 -0400 > > libselinux: boolean name equivalency > > Add support for booleans.subs file. Basically this allows us to finally change > badly named booleans to some standard name. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 065e5d31496f396c868e020349f6b6e00c2e2b6b >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Aug 23 14:53:44 2011 -0400 > > sepolgen: Allow returning of bastard matches > > Return low quality matches as well as high quality matches. Sometimes > we just want the crap with the sugar. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 3babdf190b9622b1ee49330d6a1c3fde0966d962 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Jun 20 15:33:45 2012 -0400 > > policycoreutils: semanage: use boolean subs. > > This fixes a problem in xguest which is using the old > name of the boolean an blowing up on install. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 1024ea34c6ff68625037fd8abbda5dc910ac31e5 >Author: Eric Paris <eparis@redhat.com> >Date: Fri Jun 1 11:35:01 2012 -0400 > > libselinux: libsemanage: remove PYTHONLIBDIR and ruby equivalent > > We generate pkg-config --libs and use that to build the libselinux > python so file. We do not use it to build the libsemanage versions. We > also never use the ruby equivalent. So stop calling pkg-config > uselessly. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit b2523dc167b1b61ea3cc42a97c8da6ac60ad7550 >Author: Eric Paris <eparis@redhat.com> >Date: Fri Jun 1 11:30:26 2012 -0400 > > libselinux: libsemanage: do not set soname needlessly > > We explicitly set the soname of the python and ruby files. We don't > need this. We are using the -o name as the soname, so just let the > toolchain do its thing. It just makes the Makefile nicer to read. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 056f23c4bf65a0c62be4e7b8c858ad4f23ce0308 >Author: Eric Paris <eparis@redhat.com> >Date: Thu Jun 21 15:44:45 2012 -0400 > > libselinux: utils: add service to getdefaultcon > > Add a -s option to getdefaultcon which allows one to specify the > service in question. This exposes all of the abilities of getseuser > instead of only the abilities of getseuserbyname. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit e4f0a20ee14b5ee3d80f4617ec0d68f61ab36ea1 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu May 24 05:52:17 2012 -0400 > > polciycoreutils: setsebool: error when setting multiple options > > If one were to use multiple options such as both -P and -N we would have > problems. The issue is that for some reason instead of looking at > optind (the first non-option) we were looking at argc-optind. These > happen to be the same if there are 0 or 1 options, but doesn't work with > more than 1 option. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit cef1d08d1e81cc3e230553966060a7da59eabf6b >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue May 29 09:30:04 2012 -0400 > > policycoreutils: fixfiles: tell restorecon to ignore missing paths > > Restorecon should default to ignore missing files. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit f6595e357fca616d464147e7626368c135cf5142 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu May 24 11:38:34 2012 -0400 > > policycoreutils: setfiles: return errors when bad paths are given > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 39d6b469bae06a08af46eb8968182a90491d4fe1 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu May 24 05:51:41 2012 -0400 > > policycoreutils: gui: Fix missing error function > > And change to not use = with setsebool, purely cosmetic > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit ff78e21ef8d29513f204ff83e90b281c26a0480a >Author: Dan Walsh <dwalsh@redhat.com> >Date: Sun May 20 06:27:12 2012 -0400 > > policycoreutils: gui: polgen: follow symlinks and get the real path to the executable to be confined > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit f627d9a8cea6b6dcbfb796fea6c0400ea325d475 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu May 17 16:18:47 2012 -0400 > > policycoreutils: gui: polgen: sort selinux types of user controls > > Just cosmetic. Make them all line up the same way in case anyone ever > looks at the code. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 7ae7858a6bfc1203d1c7db79e14c562ce560a919 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue May 8 16:31:33 2012 -0400 > > policycoreutils: semodule: Add -N qualifier to no reload kernel policy > > This makes semodule consistent with other commands to no reload the > policy into the kernel after the given change. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 413b4933ee7203286050c2daf6f9714673cd3a5a >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue May 8 15:59:54 2012 -0400 > > policycoreutils: setsebool: -N should not reload policy on changes > > Fix setsebool to use -N to not reload policy into the kernel optional on > permanant changes. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 82415fa1b0560a481cbaa9057a6eb357c92f4318 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu May 3 19:21:18 2012 -0400 > > policycoreutils: sandbox: manpage update to describe standard types > > add some definition to the standard types available for sandboxes so > users have a way to know about them and what they are intended to be > used for. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit e5962bb179b14aa225746cb06792f4f328ffcd1c >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue May 8 08:37:45 2012 -0400 > > policycoreutils: semanage: option to not load new policy into kernel after changes > > Add -N, --noreload option to semanage to prevent reloading policy into > the kernel after a change. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit cf87e75d45c675f87e77d8482b6812c50d67be56 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Apr 30 15:03:16 2012 -0400 > > policycoreutils: return equivalency records in fcontext customized > > fcontext customized was not returning the customized equivalency records. This > patches fixes this. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit c48b7fe3365ca5da62a1bd02a36d6beb9245e866 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue May 1 16:02:50 2012 -0400 > > policycoreutils: gui: remove lockdown wizard > > Future systems will not support html in a pygtk window as webkit is > going away. I decided to add the full set of gui tools and then remove > the one I don't want to support just in case someone wants to resurrect > this at some point. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit c5cf9818697fe790fd4e103c452850ecdd65bb69 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Apr 24 11:18:12 2012 -0400 > > policycoreutils: Add Makefiles to support new gui code > > We added new gui programs, but not Makefiles to build/install them. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 514af85b89fff54f079f239294c727e4d61319ed >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Apr 13 11:04:45 2012 -0400 > > policycoreutils: gui: system-config-selinux gui > > These are the python files that make up the system-config-selinux gui, used to implement > most of the functionality of the semanage command line plus some configuration. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit e34e28b150ad15767c36c709c1ded767dbb8e726 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Apr 13 11:03:43 2012 -0400 > > policycoreutils: gui: for exploring booleans > > This is a booleans lockdown gui, that can be used for exploring and locking > down booleans. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 71f68548a5de08c5bb238598f68f7653b82be11d >Author: Miroslav Grepl <mgrepl@redhat.com> >Date: Thu Apr 26 13:53:14 2012 -0400 > > policycoreutils: gui: polgen: search for systemd subpackage when generating policy > > A number of packages have a systemd subpackage. Look for those when > doing the file list of a package to generate its policy. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit e4bbd7cfa8853d3bf81c9854e4e32313f3df19d6 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Apr 13 11:01:32 2012 -0400 > > policycoreutils: gui: Checking in policy to support polgengui and sepolgen. > > These are the tools that the Fedora team uses to build new policy. sepolgen is a > console app that will take an executable and generate policy based on the RPM > specification and using nm -D to analyze the application. > > We have found it very useful for generating quick policy to get the policy writer > working quickly. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit c802d4a6d53120a7c067c29625a17b09f922f4d3 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Apr 18 14:46:12 2012 -0400 > > libselinux: Add support for lxc_contexts_path > > In order for lxc to look up its process and file labels we add new > libselinux support. This is what we do for everything else, like > libvirt, seposgresql, etc. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit c5721bdeeb3fd3ce7ea856da1642cf21455648fb >Author: Eric Paris <eparis@redhat.com> >Date: Thu Apr 19 15:09:58 2012 -0400 > > policycoreutils: po: silence build process > > Stop printing stuff on stderr when building the po translations. (I'd > leave it alone if I knew how to put it on stdout) > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 9f78846a5f7a567e1c2277c7cd05558cd625a868 >Author: Eric Paris <eparis@redhat.com> >Date: Fri Mar 30 17:11:22 2012 -0400 > > policycoreutils: translations: commit translations from Fedora community > > The Fedora community has been working to translate a number of messages. > Commit those to the tree so all SELinux users can enjoy. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit c026f5e2f196b7ffecf9bbe3827f295c4a028a45 >Author: Eric Paris <eparis@redhat.com> >Date: Wed Apr 18 12:39:53 2012 -0400 > > policycoreutils: add .tx to gitignore > > .tx is the transifex configuration directory which is used to pull the > latest translations from the transifex web site. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 376d4def373b7de11aa162bc82659edf2848bfde >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Mar 29 12:39:50 2012 -0400 > > policycoreutils: semanage: allow enable/disable under -m > > Fix --enable and --disable for modules to only work under -m options. > Without this patch you couldn't do -m and --enable. We want that to > work. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit af1c9091e32acd11b047681b46eee132f7fb6aad >Author: Martin Orr <martin@martinorr.name> >Date: Sun Mar 11 22:59:08 2012 +0000 > > policycoreutils: setfiles: Fix process_glob error handling > > process_one_realpath returns 1 if it changed the context of the file but > process_glob treats all non-zero values as errors. This results in > setfiles exiting with non-zero status even though it was successful. > > Fix process_glob to only treat negative return values of > process_one_realpath as errors. > > cf. http://bugs.debian.org/662990 > > Signed-off-by: Martin Orr <martin@martinorr.name> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 30ef7451bc2d160f4749764dd092ab50b6a74bec >Author: Russell Coker <russell@coker.com.au> >Date: Mon Mar 26 17:45:49 2012 +0200 > > policycoreutils: Make restorecon return 0 when a file has changed context with no error > > restorecon should return 0 when a file has changed context with no > error. With the last version it's returning 1. > > Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662990 > > Signed-off-by: Laurent Bigonville <bigon@debian.org> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 7e14d038c481d7553b4ceefb561875c0c3617531 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Feb 27 12:09:06 2012 -0500 > > policycoreutils: Disable user restorecond by default > > file_name trans should be good enough to handle this now, so why launch > it for every user? > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 687ff489e62aecda2d165be87cdb927799dbe16d >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Jan 30 16:21:32 2012 -0500 > > policycoreutils: setfiles: do not syslog if no changes > > Basically this change stops sysloging if the change did not actually > happen. > > By default we do not modify a label if the type of the SELinug context > was unchanged, but we were sending a syslog message as if something had > changed. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 69d418551ecbbc67855ed1c77d535e02db8598ef >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Jan 30 16:21:24 2012 -0500 > > policycoreutils: scripts: Don't syslog setfiles changes on a fixfiles restore > > Fixfiles restore is called by auditrelabel, and was happening early in > the boot process, before the syslog system was up and running. A bug > in systemd was causing relabels to take forever, while it waited for > the syslog's to complete. This was fixed, but I still see no reason > to write thousands/millions of lines to syslog on a badly mislabled > machine and wanted this featured turned off. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 96cedba3e59aa474f0f040da5108a17bba45ce6c >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Sep 7 13:58:24 2011 -0400 > > policycoreutils: restorecon: only update type by default > > This patch allows us to use restorecon on MCS Separated File Systems or MLS > Environments, Basically allows a user to check his type enforcement. > > Signed-off-by: Dan Walsh <dwalsh@redhat.com> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit e23c73a16736364f77e68c613735b2977cc806c6 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Oct 4 08:33:41 2011 -0400 > > policycoreutils: newrole: do not drop capabilities when newrole is run as root > > If you run newrole as root and it drops capabilities, the next shell > script does not have any capabilities and can not function. > > newrole -L TopSecret > > Would end up with a root shell and no capabilities. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit d46e88abb6e1f7b0228c30c98ba4fb739e63cda3 >Author: Eric Paris <eparis@redhat.com> >Date: Wed Jul 20 12:19:48 2011 -0400 > > policycoreutils: run_init: If open_init_pty is not available then just use exec > > Sometimes using open_init_pty isn't possible. So just call exec() if > that is the case. We no longer ship open_init_pty in Fedora or RHEL6 > since it was causing more problems then it was worth. This fix makes > it optional to use the open_init_pty. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 4a33c78ca572598ff76976a41d8b456293dfaebc >Author: Stephen Smalley <sds@tycho.nsa.gov> >Date: Thu Aug 30 17:17:37 2012 -0400 > > libsepol: fix neverallow checking on attributes > > Ole Kliemann reported that allow rules written using type attributes were > not being detected by neverallow assertions in the policy. I think that > this was broken in policy.24 and later due to changes in the type datum. > Fix the expand logic to correctly distinguish type attributes from types. > > Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit f6b82ec701bd74ea7d3403daca1b9e6d2f7ea0bb >Author: Guido Trentalancia <guido@trentalancia.com> >Date: Wed Aug 22 09:13:43 2012 +0200 > > policycoreutils: setfiles/restorecon minor improvements > > - improves the manual page for both setfiles and restorecon (formatting > including alphabetical re-ordering of options, undocumented options, > references and a few cosmetic changes); > - de-hardcodes a couple of constants in the source files and makes a > dynamic use of them to create the manual pages after the compilation > and prior to the installation: more specifically the constants are the > number of errors for the setfiles' validation process abort condition > and the sensitivity of the progress meter for both programs (uses > external programs grep and awk); > - improves the usage message for both programs and introduces a -h > (aliased with currently existing -?) option where not already > available; > - print out the usage message for restorecon when it is called without > arguments; > - white-space/tab conversion to get proper indentation towards the end > of the main source file. > > [eparis add .gitignore] > > Signed-off-by: Guido Trentalancia <guido@trentalancia.com> > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 876f5faeded2d5a9e452fd2f1527aad02defe896 >Author: Guido Trentalancia <guido@trentalancia.com> >Date: Wed Aug 22 12:48:30 2012 +0200 > > policycoreutils: genhomedircon: manual page improvements > > The following patch aims to improve the manual page (section 8) for the > "genhomedircon" script (policycoreutils). > > - remove probably redundant GNU licence notice; > - try to further clarify the functionality made available by the > "genhomedircon" script as well as all the configurable options that > control its execution and affect its behavior; > - extend the references section (SEE ALSO). > > Signed-off-by: Guido Trentalancia <guido@trentalancia.com> > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 4e30a4195f66f93a5ad86c3023c38b4d38a54208 >Author: rhatdan <dwalsh@redhat.com> >Date: Sun Aug 19 07:47:48 2012 -0400 > > Patch from Guido Trentalancia > > Apparently semanage does not work properly when the external configuration file "file_contexts.subs_dist" (from the policy) contains #-comments. > > The patch attached below aims to fix this: seobject.py must skip comments while reading the external configuration file "file_contexts.subs_dist". > >commit d8468d7f7cc91b6270e57fd9c27fea9a65801370 >Author: rhatdan <dwalsh@redhat.com> >Date: Wed Aug 8 09:22:05 2012 -0400 > > Changes from Miroslav, to allow dbus apps policy to be installed in an Optional Policy > >commit 7d1707ee1107ba06dcf7c768f6183450309096f4 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Jul 31 10:12:46 2012 -0400 > > Ensure that we only close the selinux netlink socket once. > Taken from our Android libselinux tree. From Stephen Smalley. > >commit 76824f7f449adb46d46a7e287e5dc764fb0781b3 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Jul 30 10:59:46 2012 -0400 > > Cleaned up patch from Adam Tkac to fix the checkmodule segfault > >commit 06b42841472c7255893d07d63e1f895dc88c407c >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Jul 27 09:41:15 2012 -0400 > > audit2allow was generating role rules that it could not compile, this fixes one role/type pair per line > >commit 9dde8402e8ae9a06fc82e43e8d53a1fb60ecc852 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Jul 16 08:13:03 2012 -0400 > > Fix format error in Constraint output > >commit 66ce7f6443453d475030e597ae2d196e1adeaf74 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Jul 13 16:10:57 2012 -0400 > > Fix code to properly check errors > >commit bef1afdf41d0173c1e3bc6d481fea9b8e105d19e >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Jul 13 15:37:49 2012 -0400 > > Revert Erics Patch, since it is causing problems with building policy > >commit 2c7497d24101692c082fdf5161ddf62dc64cb66b >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Jul 13 14:55:48 2012 -0400 > > Duplicate memory returned by selinux_binary_policy_path since this memory was allocated via asprintf and needs to be used by asprintf, seems to be causing problems. > >commit 2b79480a7d09bbaef893224bab8df4a98654600d >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Jul 13 14:28:28 2012 -0400 > > Start returning data on constraints to indicate which field is the likely ca > of the constraint violation, user, role, level. > > Since we are returning this using the what was the bools variable, changing > >commit 47f49c5e72f6b830f70899e60718be02e1172b8e >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Jul 13 14:24:47 2012 -0400 > > Start returning data on constraints to indicate which field is the likely cause > of the constraint violation, user, role, level. > > Since we are returning this using the what was the bools variable, changing its name to data. > >commit 690b25c93fc9d060a344fbcc40c6204dadca77fd >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Jul 13 14:23:40 2012 -0400 > > Get estimate of the entire file system size rather then the just /, then show progress as 10ths of % so people see it changing > >commit c59e24a399f5675c8ba3e71c4760dc3bbaefec8d >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Jul 11 10:46:22 2012 -0400 > > Removing unused lineno counter > >commit da9b70a0144e43dd568d4f786f030f91e634fd35 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Jul 11 10:45:53 2012 -0400 > > sandbox apps are being generated for userapp specifications, because of a sorting problem. > >commit 74837ef61e8670fea65f15ec6883287abe1bb4f7 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Jul 11 10:45:15 2012 -0400 > > Hard linking load_policy blows up on usrmove systems > >commit c5560719c8d22be41cce775b431943721999c010 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Jul 4 07:15:37 2012 -0400 > > Merge with eparis/master > >commit d3b6c8a54c9cbf3b86b3a125099e7705c0bc9f78 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Jul 4 07:10:54 2012 -0400 > > Merge with eparis/master > >commit 7c7838b1229fb994c5aee03f535c60cd3766de61 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Jul 4 06:52:48 2012 -0400 > > Merge in eparis fixes > >commit 6b07b63325c53ff4e261667fb9c2b76b88a04e6d >Merge: 355430c f05a71b >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Jun 29 16:34:50 2012 -0400 > > Merge branch 'master' of http://oss.tresys.com/git/selinux > > Conflicts: > libselinux/src/Makefile > libselinux/src/seusers.c > libsemanage/src/Makefile > libsepol/include/sepol/policydb/polcaps.h > libsepol/src/expand.c > libsepol/src/polcaps.c > policycoreutils/semanage/semanage > policycoreutils/semanage/semanage.8 > sepolgen/src/sepolgen/policygen.py > >commit f05a71b92d94771ed976a7c74e5fa378d02b590b >Author: Eric Paris <eparis@redhat.com> >Date: Thu Jun 28 14:02:29 2012 -0400 > > Version bumps for upstream push > >commit da752cabb5b25974ef6b45274a59344d594a2130 >Author: Stephen Smalley <sds@tycho.nsa.gov> >Date: Thu Feb 23 10:14:13 2012 -0500 > > checkpolicy: Android/MacOS X build support > > Android/MacOS X build support for checkpolicy. > Create a Android.mk file for Android build integration. > Introduce DARWIN ifdefs for building on MacOS X. > > Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 0eed03e7561a979dfd29201180a201a911ac51a6 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Apr 3 18:56:20 2012 -0400 > > checkpolicy: sepolgen: We need to support files that have a + in them > > Filenames can have a +, so we should be able to parse and handle those > files. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 0ea11e731507b2b6abfc924405a7f1bedc900b5c >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Mar 6 10:43:22 2012 -0500 > > sepolgen: Make use of setools optional within sepolgen > > We still want to be able to use sepolgen even if setools isn't > installed. Degrade functionality, but still work if it can't be found. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwlash@redhat.com> > >commit d36ba198ba74df0857faa3db8df42083eda78d84 >Author: Eric Paris <eparis@redhat.com> >Date: Tue Jun 12 10:40:30 2012 -0400 > > policycoreutils: semanage: locallist option does not take an argument > > The locallist option was specified as --locallist= but it does not take > an option. We also had --localist (notice the 'l' is missing) which > wasn't doing anything, so drop those. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 14f81c15a554f00d9dd64d28e85517661ec0dfe1 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri May 18 09:52:57 2012 -0400 > > policycoreutils: semanage: dontaudit off should work > > The OBJECT was not being set early enough and thus would miss the checks > for things like deleteall and extract. Move the setting of OBJECT where > it happens for everything else. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 7753c113410be094c68a8fa4573046dc1ee26dd7 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Apr 24 11:19:38 2012 -0400 > > policycoreutils: semanage: manpage update for -e > > semanage fcontext -e man page update to make it easier to understand > what it does. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit b68435fbead85c707aa736f052b1b9999dcf8b70 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Mar 29 12:43:25 2012 -0400 > > policycoreutils: semanage: bash completion for modules should include -a,-m, -d > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 15f65f2e09ca83ece0a58c351b8d6660c4836fab >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Feb 7 10:08:11 2012 -0500 > > policycoreutils: semanage: fix man page range and level defaults > > The range and level user options default to s0. State that in the man > page. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 8ca93d6b9d5b18bf37dccea4aa25ac81b93f0ba9 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Mar 27 14:00:35 2012 -0400 > > policycoreutils: mcstrans: add -f to run in foreground > > Add an -f option to run mcstransd in the foreground. This will allow better > integration into systemd. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 9eac5305c6d8ea2b41088aaff2c2d1394000f47f >Author: Eric Paris <eparis@redhat.com> >Date: Fri Jun 15 13:50:34 2012 -0400 > > policycoreutils: resorecond: user: fix fd leak > > We open and take a flock on the .restorecond file. But we could leak > this file across exec. Open O_CLOEXEC. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 2f9fdc2781b02ace61cb00fe37665e322b1bc5e0 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Jan 24 11:22:43 2012 -0500 > > policycoreutils: restorecond: Add -h option to get usage command > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit e8888a7f16f5b29a78d254b93e63b2c9cb275d21 >Author: Eric Paris <eparis@redhat.com> >Date: Mon Jun 4 16:31:54 2012 -0400 > > polciycoreutils: restorecond: wrong options should exit with non-zero error code > > Instead of all calls to the usage output resulting in a 0 return code we > should show the usage menu when something is wrong but we should return > non-zero. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit c4f415c2444874488e9a9ae2e02a7cbeea583ba2 >Author: Sven Vermeulen <sven.vermeulen@siphos.be> >Date: Tue May 29 11:12:11 2012 -0400 > > libsemanage: use after free in python bindings > > In python 3.2 we hit a problem where the fconext was garbage. We didn't > see this in python 2.7. The reason is because python3.2 would free and > reuse the memory and python 2.7 just happened to leave it alone. > Instead of using memory that python might use for something else, use > strdup() to get a local copy which we can free when we are finished with > it. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 4120df1c6ea85aa56ed602e46a4030d9e4e45ee6 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Jan 5 09:20:11 2012 -0500 > > libsemanage: Use default semanage.conf as a fallback > > If the private semanage.conf file is unreadable for some reason (usually > ENOENT) fallback to the default file. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit fade75f1e2f2bda739214e079e27a50dadd61e64 >Author: Eric Paris <eparis@redhat.com> >Date: Thu Jun 7 16:26:12 2012 -0400 > > libsemanage: semanage_store: fix snprintf length argument by using asprintf > > We calculated a length, allocated a space for the string, then used > snprintf to fill the array giving it a different length. Rather than > doing all that math ourselves, just use asprintf and let libraries get > it right. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit a6c9140cbbe02c3dfb32798f9e5ba333297ba64b >Author: Eric Paris <eparis@redhat.com> >Date: Thu Jun 7 16:25:33 2012 -0400 > > libsemanage: ignore 80 column limit for readability > > 80 columns just suck. Ignore it when we are only a little bit over. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 824df4b60b8f3de26fb900ed5f74ca6379de6d99 >Author: Eric Paris <eparis@redhat.com> >Date: Fri Jun 1 09:13:24 2012 -0400 > > libselinux: additional makefile support for rubywrap > > SELinux ruby bindings didn't build from the top level > the swig generated .c file wasn't gitignored > use pkg-config for ruby info like we do for python > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 30900902b16c70fabe78a22aafb120443acdd53c >Author: Eric Paris <eparis@redhat.com> >Date: Thu May 31 17:16:16 2012 -0400 > > libselinux: label_android_property whitespace cleanups > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit cfc492cf11e1b641e2a0478907d56a17b771a067 >Author: rpcraig <rpcraig@tycho.ncsc.mil> >Date: Thu May 31 17:09:29 2012 -0400 > > libselinux: New Android property labeling backend > > This is already in the android repo. This is here to prevent potential > conflicts of the selabel indices, and possibly with an eye toward an eventual > reunification of the two libselinuxes down the road. > > Reviewed-by: Stephen Smalley <sds@tycho.nsa.gov> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 5e3171f658d1d2f1e0068f485b3fff7c164e05e4 >Author: Eric Paris <eparis@redhat.com> >Date: Thu Jun 21 14:08:02 2012 -0400 > > libselinux: seusers: getseuser: gracefully handle NULL service > > getseuser() would unconditionally check strlen on the service variable > even though it could be NULL. Whoops. If service is NULL we should > only match on *: entries. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 5b344c112a3cea38d015271509a11e13a06f84b4 >Author: Eric Paris <eparis@redhat.com> >Date: Thu Jun 21 11:18:22 2012 -0400 > > libselinux: seusers: remove unused lineno > > The lineno variable was being incremented, but nothing was being done > with it. Remove it. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 12e2a0f9fceffca224a2fbe80d144afe237907df >Author: Eric Paris <eparis@redhat.com> >Date: Wed Jun 20 17:44:17 2012 -0400 > > libselinux: matchpathcon: bad handling of symlinks in / > > The realpath_not_final() function did not properly handle symlinks in > the / directory. The reason is because when it determined the symlink > was in the root directory it would set the resolved portion of the path > to /, it would then add a / to the end of the resolved portion, and then > append the symlink name. The fix is to instead set the resolved portion > to "". Thus when the '/' at the end of the resolved portion is added it > will be correct. > > While I am at it, strip extraneous leading / so that //tmp returns /tmp. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 5d19b707232718377e7378d43a677011e6f97a58 >Author: Eric Paris <eparis@redhat.com> >Date: Thu Apr 19 15:09:57 2012 -0400 > > libselinux: libsemanage: remove build warning when build swig c files > > swig creates C files with warnings. Turn off the warnings so the build > is clean. We can't help the code it produces anyway... > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 9b3055ada5fffd40c2b8fb23485364bba2c4c111 >Author: Eric Paris <eparis@redhat.com> >Date: Thu Apr 19 15:09:56 2012 -0400 > > libselinux: audit2why: silence -Wmissing-prototypes warning > > The init functions are non-static but did not have a prototype > declaration. They are called magically from python, so just declare the > prototype to silence the warning. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 378dfe4d6ab7c007013d8534d2bc902dd6c29833 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Feb 3 10:22:26 2012 -0500 > > libselinux: avc_netlink_recieve handle EINTR > > should continue to poll if it receinves an EINTR rather then exiting with an error. > > This was a major bug within dbus that was causing dbus to crash it was > discussed at the time whether this is a dbus bug or an libselinux bug, > it was decided that we should fix it within libselinux. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 2ca19f3f676a2747a38cf2d7dcf5037ccc8a9eb1 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri May 25 07:11:21 2012 -0400 > > libselinux: asprintf return code must be checked > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit ac6ab3afc04adb98a072a8b213814862b0ab9e31 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri May 25 07:11:51 2012 -0400 > > libselinux: Fortify source now requires all code to be compiled with -O flag > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 84f6ac246f5980f831a5777d53c0a0bd6ad17d3c >Author: Stephen Smalley <sds@tycho.nsa.gov> >Date: Thu Feb 23 10:05:01 2012 -0500 > > libsepol: Android/MacOS X build support > > Android/MacOS X build support for libsepol. > Create a Android.mk file for Android build integration. > Introduce DARWIN ifdefs for building on MacOS X. > > Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit d21ec5a5605f708b70e0b685b76f03a978f2008c >Author: Adam Tkac <atkac@redhat.com> >Date: Fri May 25 17:42:08 2012 +0200 > > libsepol: prepend instead of append to filename_trans list > > Currently expand_filename_trans() function use much CPU time to find > end of the state->out->filename_trans list. This is not needed because > data can be prepended instead of appended to the list. > > This ends with 10% speed-up of various se* commands (semodule, setsebool). > > Signed-off-by: Adam Tkac <atkac@redhat.com> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit c43f5b1d34d9cbdc767254046d9b7e0ab47b866d >Author: Eric Paris <eparis@redhat.com> >Date: Tue May 29 16:58:35 2012 -0400 > > libsepol: cosmetic changes to make the source easier to read > > strict adherense to 80 characters means that we split stuff in stupid > places. Screw 80 characters. Buy a bigger monitor. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 7a1e3e1fef1d90832507ecd13d764258ea4fe14c >Author: Eric Paris <eparis@redhat.com> >Date: Fri Jun 15 14:15:32 2012 -0400 > > libsepol: reserve policycapability for redhat testing of ptrace child > > Red Hat is testing ptrace_child in the wild. reserve this policy > capability so we don't have conflicts. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 355430ccb1db410152a8f6808e4b966e96b58392 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Jun 25 09:35:53 2012 -0400 > > Make sure Xephyr never listens on tcp ports > >commit 670ee26bd2a9b02ee1b4d6ee162a56be366b1b20 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Jun 21 09:44:02 2012 -0400 > > Coverity was complaining about the ptr not being initialized. Not sure it is real but does not break anything > >commit b1248e3a1cb0969161f206691afe351ff1c37d7f >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Jun 21 09:42:45 2012 -0400 > > Check for potential failure strchr, found by coverity > >commit 638375d446a1b45ae9802be793dd386ab8cf178f >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Jun 21 09:41:50 2012 -0400 > > clear memory on sa_mask, found by coverity > >commit 77608040763808418b8772fd3d17a6ef26ef3f00 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Jun 21 08:45:54 2012 -0400 > > Fix potential buffer overrun detected by coverity. > >commit c2abe264ff73cdd3ca6e96603c7e2bcb9df87ef6 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Jun 21 08:40:05 2012 -0400 > > Fix two problems found with coverity scan, leaked file desctiptor and unchecked return code. > >commit 80f5c217dcb683ecb9d0711f2fc7cb7d9f0ae3ce >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Jun 20 15:56:22 2012 -0400 > > Fix --noreload flag on a transaction, previous version was using builtin reload function > >commit 0a629f45b911db84e0fb622aa268bf356293a955 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Jun 20 15:33:45 2012 -0400 > > semanage needs to be able to use boolean subs. This fixes a problem in xguest which is using the ol > name of the boolean an blowing up on install. > >commit 4e3094d17079c4e2f2f986c3f3325e21b82ca505 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Jun 15 13:37:31 2012 -0400 > > UPdate translations > >commit 53a9da4a2f79843b40e1a6611eaae2780a44869b >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Jun 11 13:25:29 2012 -0400 > > Make selinux_boolean_sub a public method so getsebool can use it, as well as potentially used within libsemanage. > > Fix errors within the function to always return a value or NULL on out of memory errors. > >commit a8777866b1c7b9613d011a44741d649de5cfc672 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Jun 11 13:25:03 2012 -0400 > > Add man page for new selinux_boolean_sub function. > >commit cbf7bb10ee8483f0e1838193be03736005d48fcf >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Jun 11 13:24:35 2012 -0400 > > Revert "." > > This reverts commit 2e94949aee70f08b1f27229a7cb93961e2b83277. > >commit 2e94949aee70f08b1f27229a7cb93961e2b83277 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Jun 11 13:23:52 2012 -0400 > > . > >commit 8c19b943b1513d1121a9dfec3d0b9bf627553f17 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Jun 11 13:19:00 2012 -0400 > > Use selinux_boolean_sub to translate the boolean name handed in by the user. > Report back the correct name of the boolean. > >commit 71b3b1238fa4fb4ab3e9d1901e9a4d24c8950925 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Jun 8 09:18:04 2012 -0400 > > Change name of boooleans.subs to booleans.subs_dist. Currently we ship other > subs files with the _dist to indicate they come with the distribution as opposed > to being modified by the user. > >commit 0b9cf7abe63713d62627d01a864ee25f681ab415 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Jun 8 09:15:55 2012 -0400 > > Added -m option to matchpathcon to force the mode, so you can check what a > particular path/class would get labeled. For example if I want to check what > path/chr_file would get labeled I could use this command. It probably should > become more user friendly in the future. Currently you have to specify the > integer that matches the class. > >commit 4ca7d7ebb2b4cec200c1c372dc7bd21ef990f380 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Jun 5 17:04:10 2012 -0400 > > Fix localhost listing to not require an additional param > >commit e0af3ca06d1d240fc4e909a43ee5e7e9ec554236 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Jun 1 15:32:42 2012 -0400 > > Fix typo > >commit 75525f5520e4b60a70d841d696e4142b3ed2a527 >Merge: e4aee5d f508a29 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu May 31 20:57:13 2012 +0000 > > Merge branch 'master' of http://oss.tresys.com/git/selinux > >commit e4aee5d7a681d8d4dba65c4711294673aa5c24ef >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu May 31 13:15:45 2012 -0400 > > Add lnk_file handling to te_rules, add sock_file handling to cache.te and spool.te > >commit d12b252657b9405fc86c93dea840ad06bbd5d104 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu May 31 13:06:06 2012 -0400 > > Cleanup templates, fixing cut an paste errors. Use read_files_pattern rather then allow rule, allow TEMPLATE_rw_t sock_files > >commit f4e86caf7573ce853fb83ca4b3e14247fe7f1fc0 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed May 30 16:08:58 2012 -0400 > > Fix seusers potential crash. Change getdefaultcon to specify service so we can > test /etc/selinux/POLICY/logins/USERNAME file > >commit a8aec57c63266ee89681fa9d1e30b26442bc8b24 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed May 30 16:08:05 2012 -0400 > > Allow matchpathcon to use multiple prefixes and test new prefix code in label_init > >commit c3cab951760463f581020f8520dc34c2ee35e3c8 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue May 29 11:12:11 2012 -0400 > > Sven Vermeulen patch for python3.2 support. > > """ > David Malcolm gave me a good hint at what to look for. > > The key that is created contains a link towards a regular expression (in the > above use case, that expression would be "/swapfile") which is passed on > from the Python code towards the shared library (through > semanage_fcontext_key_create). I think that, in Python 2.7, the memory > allocation for this expression is either not freed at the same time as with > Python 3.2, or it is freed but not reused (in which case the stale > information is still there). > > If I apply the following patch to libsemanage, the use case works for both > Python 2.7 and Python 3.2. > > Wkr, > Sven Vermeulen > """ > >commit c1bcd5b042b75a01958a3ec9a4fc35335575ecda >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue May 29 09:30:04 2012 -0400 > > Fixfiles needs to tell restorecon to ignore missing paths. > >commit 48b0e5cffbf11410df31f14aedfd6f1d11e014b8 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue May 29 09:28:00 2012 -0400 > > Po files updated from transifex > >commit 755b41f33e0b1025d638fc9b2545308b9ba44fc5 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri May 25 07:13:48 2012 -0400 > > realpath_not_final was returning '//NAME' if /NAME was a symbolic link > >commit 957f547d26d5670d18eabea083f49c1bb0ae8feb >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri May 25 07:11:51 2012 -0400 > > Fortify source now requires all code to be compiled with -O flag > >commit 6f48f61dfef041b24a62fd072c838ddee8fb8dcc >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri May 25 07:11:21 2012 -0400 > > asprintf return code must be checked > >commit 645afb2237d3a7a574758304914c9ba05e5f68d1 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu May 24 11:38:34 2012 -0400 > > Fix restorecon to return errors when bad paths are given to it > >commit 4731d950b96c6f3ccf399beb97cdc1127e70b533 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu May 24 05:52:17 2012 -0400 > > Fix boolean handling of = when setting multiple options > >commit 6d45fed70e595d91ce2179047078df217116568d >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu May 24 05:51:41 2012 -0400 > > Fix missing error function and change to not use = with setsebool > >commit c108dae9cb588e27cdad3e489b80043b0445ccb5 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Sun May 20 06:27:12 2012 -0400 > > sepolgen should follow symlinks and get the real path to the executable to be confined > >commit 7d2a135ebf8db4102ec11fe3c1450e3ad3d20ca1 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri May 18 11:40:11 2012 -0400 > > Add rules to all streams to be stored in /tmp and etc_rw_t > >commit d9f6d3ccf97ba2ac9e9dbd53fc5924c190752f55 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri May 18 09:53:14 2012 -0400 > > Update translations > >commit 6c039c049f288183f106d7b59a8d064496db726c >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri May 18 09:52:57 2012 -0400 > > Fix semanage dontaudit off to work correctly > >commit d0be6f1f5646c9623cbbd99673e87ca3bfaa0be6 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu May 17 16:18:47 2012 -0400 > > Fix sort selinux types of user controls > >commit e58cd958889f73fd4a0f0a6393e8876132e72c53 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue May 8 16:31:33 2012 -0400 > > Add -N qualifier to semodule to make it consistant to semanage setsebool > >commit 992eed783e420d608667171988d5b189ca8bb84f >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue May 8 16:25:48 2012 -0400 > > Add -n qualifier to setsebool to make loading policy into the kernel optional on permanant changes > >commit 37d0cf6cc9644dc4668eb6495fa463c466ff5af2 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue May 8 16:06:25 2012 -0400 > > Add support for not loading the kernel with semanage command > >commit a682583fa07ed3a8cf5d74aef6c142e137072d1e >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue May 8 15:59:54 2012 -0400 > > Fix template to place ',' in read_cache_files interface > >commit dd90c72c6d55fa44eaf97c08e2ad26c22db4d76e >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue May 8 08:37:45 2012 -0400 > > Add -N, --noreload option to semanage to prevent reloading policy into i > the kernel. > >commit 031f7c76c96edf1140b1c00c750147e293379a93 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu May 3 19:21:18 2012 -0400 > > add some definition to the standard types available for sandboxes > >commit d7a12c54b97ebadff9836fe1c9c4d1e8661d7383 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue May 1 16:13:01 2012 -0400 > > lockdown wizard > >commit b4223076f558470047eabf86d9f9c2a1ee0829ae >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue May 1 16:02:50 2012 -0400 > > lockdown wizard > >commit 7b50aa4b09b872fe1b49b99fa740d11124582de4 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Apr 30 15:03:16 2012 -0400 > > fcontext customized was not returning the customized equivalency records. This > patches fixes this. > >commit 0c9ca042d13b15e8d317910ed3c2e2275739585f >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Apr 26 13:53:14 2012 -0400 > > Add mgrepl patch to search for systemd subpackage > >commit 9edcd8e4a25261cfa65111d78bf0f09d067aa43e >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Apr 24 11:20:36 2012 -0400 > > Update translations > >commit ae1ecf3ba1c303786e67f0c94287ba1212fd8be4 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Apr 24 11:19:38 2012 -0400 > > Patch from Stef Walter to make semanage fcontext handling of -e qualifier easier to understand > >commit 390d7c401a4a5408b777dc4864c5864096de7a65 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Apr 24 11:18:53 2012 -0400 > > Add additional translations > >commit 054fc3ba9a689bd4538a48d14b4ded8d9a2949aa >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Apr 24 11:18:12 2012 -0400 > > Add gui code to policycoreutils fedora > >commit f508a294467341890fafbca4027ac90c94830b3b >Author: Eric Paris <eparis@redhat.com> >Date: Mon Apr 23 16:57:23 2012 -0400 > > update version of libsepol > >commit 8720c8e576671c7b7c1d65392fcb7fc3cdbc3fbd >Author: Eric Paris <eparis@redhat.com> >Date: Mon Apr 23 16:13:46 2012 -0400 > > libsepol: allocate enough space to hold filename in trans rules > > There is an off by one bug in which the filename length stored with > filename_trans_rules is stored as strlen (aka, no nul) however the > code to allocate space and read the name back in from policy only > allocates len, and not the len + 1 needed to hold the nul. Allocate > enough space for the nul. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit ddf1e95e23701ad4cc80150e0acd4f3d90b8c619 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Apr 23 16:31:41 2012 -0400 > > Fix off by one error that is screwing up labeling on i686 machines > >commit d60fb8c7f17aa6f40ee94d4ec900cafef5abba9d >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Apr 18 15:27:47 2012 -0400 > > Fix doublefree in booleans code > >commit 8b5dbe0b41d91bfede6176f57f6e672d397bd0e1 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Apr 18 14:46:12 2012 -0400 > > Add support for lxc_contexts_path > >commit b0c4adba4c51c99f48a548a0c2db537f9f5e2726 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Apr 18 11:46:29 2012 -0400 > > Fix bug in closing leaked file descriptors > >commit f2bb79108e8da55e717f3ddd8260c75acf9cac02 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Apr 17 13:10:39 2012 -0400 > > Add support for ptrace_child > >commit 5e23d36dbec3e593690309ebc5f81ca90cc3490d >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Apr 13 11:04:45 2012 -0400 > > These are the python files that make up the system-config-selinux gui, used to implement > most of the functionality of the semanage command line plus some configuration. > >commit 89cbc84fda98dda50065ea0b4a970208410854d3 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Apr 13 11:03:43 2012 -0400 > > This is a booleans lockdown gui, that can be used for exploring and locking down booleans. > >commit e95e40910ac60b3b5b6038d796406a047bfb8e40 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Apr 13 11:01:32 2012 -0400 > > Checking in policy to support polgengui and sepolgen. > > These are the tools that the Fedora team uses to build new policy. sepolgen is a > console app that will take an executable and generate policy based on the RPM > specification and using nm -D to analyze the application. > > We have found it very useful for generating quick policy to get the policy writer > working quickly. > >commit 427f54e26a4b95aa3e34b7aa0d1df46f6cbe1ad2 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Apr 13 10:47:20 2012 -0400 > > More update po files from transifex > >commit 658e68d9dd1abf22229b252368a3744c4586296f >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Apr 9 08:56:52 2012 -0400 > > Fix leaked file destriptor > >commit 8d107f35e571d2d6f4f37d21280218adb683470c >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Apr 5 10:12:32 2012 -0400 > > Update translations > >commit cd2380cd9fa0a764a954c611b9866567b191e932 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Apr 3 18:56:20 2012 -0400 > > We need to support files that have a + in them > >commit 6c4ca7381fe07b35ed8cf15ee2251ad3f5647f05 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Apr 2 16:30:57 2012 -0400 > > UPdate po files to translate gui > >commit 84634c865c2e592d796e5e0144bf4a0052c239a0 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Apr 2 11:15:00 2012 -0400 > > Add support for booleans.subs file. Basically this allows us to finally change > badly named booleans to some standard name. > >commit a3ad4b4c6022f55d5941c61658df66f2345ce64b >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Apr 2 11:07:31 2012 -0400 > > Update translations from transifex > >commit f7ab6d51f8c1a68832c82e981bd1defaa0993836 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Apr 2 11:02:33 2012 -0400 > > Fix merge problems > >commit caf93bef80edb0c7b15d9d031339854af96b210e >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Apr 2 11:01:37 2012 -0400 > > Added policycoreutils to transifex, will start getting translations > >commit 5ab8975938f4bd68c2d7e2b69f549aa5e3d5689f >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Mar 30 15:14:35 2012 -0400 > > Should not force link with load_policy on usermove systems > >commit 0ab93cdeef823b2860ae8cb2ba945c4b454e31b1 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Mar 29 15:03:47 2012 -0400 > > UPdate-po > >commit e7ef464bacc0ffd06e971fd2f8606407a3226750 >Merge: f65028b 7a86fe1 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Mar 29 15:00:21 2012 -0400 > > Merge branch 'master' of http://oss.tresys.com/git/selinux > > Conflicts: > libselinux/src/selinux_config.c > policycoreutils/load_policy/Makefile > policycoreutils/newrole/newrole.c > policycoreutils/po/et.po > policycoreutils/po/gl.po > policycoreutils/po/id.po > policycoreutils/restorecond/user.c > policycoreutils/scripts/fixfiles > policycoreutils/semanage/semanage-bash-completion.sh > >commit f65028b8c7b417dbf246a865dfd7c8160641b168 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Mar 29 12:43:25 2012 -0400 > > bash completion for modules should include -a,-m, -d > >commit d2bee4a3cea1bb1aa4ac31b6dd044993706d6a6a >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Mar 29 12:39:50 2012 -0400 > > Fix --enable and --disable for modules to only work under -m options > >commit 7a86fe1a3decc4c05598eb3f9339175251cd5447 >Author: Eric Paris <eparis@redhat.com> >Date: Wed Mar 28 15:44:05 2012 -0400 > > bump version and changelog for upstream push > >commit aa34f19543e7337bc35295e8aa9de21e425707bc >Author: Eric Paris <eparis@redhat.com> >Date: Wed Mar 28 15:08:52 2012 -0400 > > policycoreutils: do not fail to install if unable to make load_policy lnk file > > With the switch in Fedora to unify /bin to /usr/bin the link file > created for load_policy points back at itself. This patch causes make > to continue even if the link fails. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit cb9a5c40af24db49a8bdd764c207d8acffb4e549 >Author: Eric Paris <eparis@redhat.com> >Date: Wed Mar 28 14:54:50 2012 -0400 > > policycoreutils: remove empty po files > > et, gl, and id .po files contained no translations. This can cause > build errors. Delete those puppies. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 54a83e18e24b6ace94c0afb4734c1a932749e095 >Author: Eric Paris <eparis@redhat.com> >Date: Tue Mar 27 10:52:42 2012 -0400 > > policycoreutils: update .po files > > update policycoreutils po files. This should hopefully make the debian > build system a little happier. > > Requested-by: Laurent Bigonville <bigon@debian.org> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit a4f84109b51263599a284b167bf04e088e7da95d >Author: Laurent Bigonville <bigon@debian.org> >Date: Mon Mar 26 20:45:49 2012 +0200 > > libselinux: Hide unnecessarily-exported library destructors > > Description: Hide unnecessarily-exported library destructors > This change was extracted from the old monolithic Debian patch. > > Signed-off-by: Laurent Bigonville <bigon@debian.org> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit f7a75f17612d82385aeb338035f85016cff53b3d >Author: Laurent Bigonville <bigon@debian.org> >Date: Mon Mar 26 20:47:46 2012 +0200 > > libselinux: Do not link against python library, this is considered bad practice in debian > > Do not link python module with libpython, the interpreter is already linked against it. > > Signed-off-by: Laurent Bigonville <bigon@debian.org> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit c124df61aee24e182d33156ec465a101c01fc07a >Author: Manoj Srivastava <srivasta@debian.org> >Date: Mon Mar 26 17:33:17 2012 +0200 > > policycoreutils: Only run setfiles if we found read-write filesystems to run it on > > Only run setfiles if we have a R/W filesystem > > Signed-off-by: Laurent Bigonville <bigon@debian.org> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 2ad5471bd33396c5a5675c740b98d79c006f4916 >Author: Laurent Bigonville <bigon@debian.org> >Date: Mon Mar 26 17:43:41 2012 +0200 > > policycoreutils: fix ftbfs with hardening flags > > We are now building our packages with -Werror=format-security enabled. > The attached patch fix the FTBFS. More patch related to this could > follow. > > Signed-off-by: Laurent Bigonville <bigon@debian.org> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 2b5a0530e7c06150c84fc233fbfab40c57130f84 >Author: Kohei KaiGai <kaigai@kaigai.gr.jp> >Date: Sun Mar 25 22:05:17 2012 +0200 > > libselinux: security_compute_create_name(3) > > I'd like to use this interface to implement special case handling > for the default labeling behavior on temporary database objects. Allow > userspace to use the filename_trans rules added to policy. > > Signed-off-by: KaiGai Kohei <kohei.kaigai@emea.nec.com> > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 72ea5dec7cbbc1c62a0850eff3a7a91df42bc104 >Author: Martin Orr <martin@martinorr.name> >Date: Mon Mar 26 17:31:25 2012 +0200 > > policycoreutils: Fix infinite loop with inotify on 2.6.31 kernels > > With kernel 2.6.31, restorecond uses 99% of my CPU. > > This is because removing and readding the watch on utmp triggers inotify to > return an IN_IGNORED event for the old watch descriptor. If the watch gets > allocated the same wd when it is readded, then restorecond thinks that utmp > has changed, so removes and readds the watch again, potentially looping. > > With kernel <= 2.6.30, this never happened, because the kernel didn't reuse > watch descriptors. So the IN_IGNORED event comes with a wd that is no > longer in use, and gets ignored. But kernel 2.6.31 reuses the same watch > descriptor. The kernel has been fixed to not reuse watch descriptors. > However as some kernels do reuse them, and its possible they may again, > this patch fixes that by ignoring inotify events whose only bit set is > IN_IGNORED. > > Signed-off-by: Martin Orr <martin@martinorr.name> > Signed-off-by: Manoj Srivastava <srivasta@debian.org> > Signed-off-by: Laurent Bigonville <bigon@debian.org> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 38e93bad1ffd99e698d24541793148e1da587389 >Author: Russell Coker <russell@coker.com.au> >Date: Mon Mar 26 15:57:49 2012 +0200 > > libsemanage: fallback-user-level > > Having magic numbers in the code is a bad idea, using a macro is better. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit e55a295b1d53fdf0d37ede591e8df36d7a08fe7a >Author: Laurent Bigonville <bigon@debian.org> >Date: Mon Mar 26 16:07:20 2012 +0200 > > libsemanage: Allow to build for several ruby version > > This allow to build the ruby module for both ruby 1.8 and 1.9.1 (the > way it's done for the python module) > > Signed-off-by: Laurent Bigonville <bigon@debian.org> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit a8a766ac9fe21fe27fbb601c46fddb7629331e40 >Author: Laurent Bigonville <bigon@debian.org> >Date: Mon Mar 26 16:04:52 2012 +0200 > > libsemanage: do not link against libpython, this is considered bad in Debian > > Do not link against libpython, the interpreter is already linked to it. > In Debian this is usually considered bad practice. > > Signed-off-by: Author: Laurent Bigonville <bigon@debian.org> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 98455c552451133e1b62fd120b7ae7d921fa59d7 >Author: Manoj Srivastava <srivasta@debian.org> >Date: Mon Mar 26 13:41:24 2012 -0400 > > sepolgen: fix detection of policy loads > > I am running into an issue with sepolgen. Debian ships more > than one version of the refpolicy, a default one, and a MLS enabled > one. So, the include files live in either > /usr/share/selinux/{default,mls}/include sepolgen (in > src/sepolgen/defaults.py) sets refpolicy_devel() to a single > location -- and thus, only one version of the security policy may be > supported. So, sepolgen-ifgen from policycoreutils can only work > with one policy, which may not be the one installed on the target > machine. Could this be made configurable, somehow? As far as I can > see, sepolgen's python library does not offer any way to set the > value. This change fixes that. Now you may set the path to look for > development headers in /etc/selinux/sepolgen.conf, in the variable > SELINUX_DEVEL_PATH. The builtin default will have it work on Debian > and fedora machines out of the box. > > Signed-off-by: Laurent Bigonville bigon@debian.org > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 40b0cea91969f34442133d3675174be986c447ec >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Mar 16 09:40:27 2012 -0400 > > policycoreutils: newrole: Use correct capng calls in newrole > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit c7d749efe2fa6f1e765b0bc215476d533f1b4d7b >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Mar 16 11:05:17 2012 -0400 > > libselinux: take security_deny_unknown into account > > selinux_check_access() should not error on bad class or perms if the > security_deny_unkown() function return false. If policy tells us to > allow unknown classes and perms we should respect that. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit e5a81c715fa31147d5ef79cf1c116ce68744b02a >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Mar 6 10:45:29 2012 -0500 > > policycoreutils: Add bash-completion scripts for setsebool and semanage > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit ed5dc69dad117006ba9dddf258e064431bb96cfb >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Mar 6 10:44:30 2012 -0500 > > libselinux: assert if avc_init() not called > > To simplify finding why programs don't work, assert that avc_init() was > called any time avc functions are called. This means we won't get > 'random' segfaults and will instead be able to hopefully quickly > determine what we did wrong as application developers. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 1f0b5bd920c8c43afb215b7455a9691198bd3a51 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Feb 22 15:55:39 2012 -0500 > > policycoreutils: seunshare: Only drop caps not the Bounding Set from seunshare > > This means you can still run setuid programs, but don't need special > perms to run seunshare. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 5766295bb2ad45c85a1cc489f220dde07074b737 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Feb 15 13:21:52 2012 -0500 > > libselinux: build with either ruby 1.9 or ruby 1.8 > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit dc21b09c255a88790d1b212ead0cbe91bcca79ff >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Feb 15 12:26:32 2012 -0500 > > libselinux: pkg-config to figure out where ruby include files are located > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit ae04ac505564a26fa796313e3c1a1cbc1e532a11 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Feb 1 16:20:09 2012 -0500 > > policycoreutils: mcstrans: Version should have been bumped on last check in > > The previous time upstream was released, there were changes to > MCSTrans, but the version was never updated, In order for us to > release these fixes to Fedora we needed to bump the version. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 8f3207eda0b7c13c5aa1969c1fd8d11abb1677ee >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Jan 31 17:12:52 2012 -0500 > > sepolgen: do not use md5 when calculating hash signatures > > FIPS does not allow md5 as a valid algorithm. Although we don't really > care about cryptographic strength since the algorithm isn't allowed to > be used at all use something strong, like sha256. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 9b796ead1a18f2c59d5b660c986cbdb2e6b5f83c >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Jan 27 14:41:58 2012 -0500 > > libselinux: utils: Stop separating out matchpathcon as something special > > It's not special and doesn't need its own Makefile lines. Just make it > a normal target. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit a56e91742f57c8b71b5efdc66e596876b5662dd5 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Jan 27 14:01:00 2012 -0500 > > policycoreutils: scripts: Update Makefiles to handle /usrmove > > Move everything into /usr/* and just put links from /*. The whole /usr > thing hasn't really worked in all situations for a long long time. Just > accept that fact and move along. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 46d294f645abf02f3d4dc4514cf53092a3e80e33 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Jan 27 14:00:34 2012 -0500 > > libselinux: Update Makefiles to handle /usrmove > > Move everything into /usr/* and just put links from /*. The whole /usr > thing hasn't really worked in all situations for a long long time. Just > accept that fact and move along. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit bc6a56ce20d46296ad851b4707c9f8c420620743 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Jan 27 13:19:55 2012 -0500 > > policycoreutils: semanage: audit message to show what record(s) and item(s) have chaged > > Also if the user specifies a store that is not the current store, we should not be sending audit messages. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit a0e538c208e5af07fecb8c045e6341397d0df44a >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Jan 25 16:25:07 2012 -0500 > > policycoreutils: semanage: proper auditting of user changes for LSPP > > semanage command was not reporting proper audit messages for the LSPP > certification. Needed to report additional information such as prior > roles before and after update. Many other changes, were reviewed by > Steve Grubb to make sure were were doing proper auditing. > > Should be reporting AUDIT_ROLE_ASSIGN instead of AUDIT_USER_ROLE_CHANGE. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit c9a8ff9bae4be7e3c81f5a9c7fb52c1787de3ad3 >Author: Daniel P. Berrange <berrange@redhat.com> >Date: Mon Jan 23 15:41:12 2012 +0000 > > libselinux: Ensure there is a prototype for 'matchpathcon_lib_destructor' > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit bcdf92aac4ba9ec7b0188a8350799ed237e907bd >Author: Daniel P. Berrange <berrange@redhat.com> >Date: Mon Jan 23 18:13:53 2012 +0000 > > libselinux: Change annotation on include/selinux/avc.h to avoid upsetting SWIG > > The earlier patch to avc.c put the struct member annotation at > the end of the line, which works fine for GCC, but upsets SWIG. > Equivalent code in selinux.h demonstrates how to place the > annotation without upsetting SWIG. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit a1044d4c84aeb2e9f98823afa932d87934c7ac64 >Author: Daniel P. Berrange <berrange@redhat.com> >Date: Mon Jan 23 15:41:21 2012 +0000 > > libselinux: utils: Enable many more gcc warnings for libselinux/utils builds > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 41649ca786b3243d92f8118238a33ec2d44cc5d3 >Author: Daniel P. Berrange <berrange@redhat.com> >Date: Mon Jan 23 15:41:20 2012 +0000 > > libselinux: Enable many more gcc warnings for libselinux/src/ builds > > XXX: -Wno-redundant-decls really shouldn't be set, if some way > can be found to deal with warnings generated by dso.h > > XXX: the maximum stack size should be much lower, but there > are too many functions using PATH_MAX which need to be rewritten > to use the heap instead. > > XXX: probe for whether the user's GCC supports a flag ? > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 5f8ce370216fd0ece9789f974023d24df752241e >Author: Daniel P. Berrange <berrange@redhat.com> >Date: Mon Jan 23 15:41:19 2012 +0000 > > libselinux: Fix const-ness of parameters & make usage() methods static > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 91d9fe8af05a9a9ded5d02bcd8c1c5a1e1ef670e >Author: Daniel P. Berrange <berrange@redhat.com> >Date: Mon Jan 23 15:41:18 2012 +0000 > > libselinux: Add printf format attribute annotation to die() method > > Annotating the die method as taking printf format exposes > a bug in error reporting > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 57928fa1fd2222558543134211340f40ff1b9e02 >Author: Daniel P. Berrange <berrange@redhat.com> >Date: Mon Jan 23 15:41:17 2012 +0000 > > libselinux: Add more printf format annotations > > The public avc.h file must use a printf annotation in the struct > callback members, otherwise application code will get compiler > warnings that the method should have an annotation set. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit da5e7e3b81c8300f597d01907d1b228e51ebe8f9 >Author: Daniel P. Berrange <berrange@redhat.com> >Date: Mon Jan 23 15:41:16 2012 +0000 > > libselinux: Add prototype decl for destructor > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 435fae64a931301ac00930af1eebc28bd9b0c576 >Author: Daniel P. Berrange <berrange@redhat.com> >Date: Mon Jan 23 15:41:15 2012 +0000 > > libselinux: Remove unused flush_class_cache method > > * stringrep.c: Delete flush_class_cache > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit b82b7e02dfcd46db75a94352815830fdb651fa94 >Author: Daniel P. Berrange <berrange@redhat.com> >Date: Mon Jan 23 15:41:14 2012 +0000 > > libselinux: Fix const-correctness > > * include/selinux/selinux.h, src/init.c: set_selinuxmnt should take > a const char *mntpath > * src/get_default_type.c: Avoid bad cast discarding const > * load_policy.c: Fix var decl to avoid discarding const > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 86795159d4112b6842584cfff317659cdb931218 >Author: Daniel P. Berrange <berrange@redhat.com> >Date: Mon Jan 23 15:41:13 2012 +0000 > > libselinux: Fix old style function definitions > > Add 'void' parameter to all functions which take no arguments > > * selinux_config.c: s/()/(void)/ > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit c87df3493d9550429193a8dc7d78a6bfc4c234d3 >Author: Daniel P. Berrange <berrange@redhat.com> >Date: Mon Jan 23 15:41:11 2012 +0000 > > libselinux: Remove jump over variable declaration > > seusers.c: In function âgetseuserâ: > seusers.c:273:3: error: jump skips variable initialization [-Werror=jump-misses-init] > seusers.c:317:2: note: label âerrâ defined here > seusers.c:274:8: note: âfpâ declared here > > * seusers.c: Declare FILE *fp at start of getseuser() method > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit df45dcdf3db2d02930bbd095f6e9bc4f3eafdf3f >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Jan 18 16:41:36 2012 -0500 > > sepolgen: audit.py Dont crash if empty data is passed to sepolgen > > If you pass output from a log file that does not include any avc's > audit2allow will crash. This patch fixes this problem. > > ausearch -m avc -ts recent | audit2allow > > If there was no AVC's recently, we do not want the python to crash. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 137604222aff76aab24253853e7add87366a4e1c >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Jan 24 11:24:37 2012 -0500 > > policycoreutils: restorecond: Stop using deprecated interfaces for g_io > > g_io_channel_read is deprecated. Use g_io_channel_read_chars instead. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit c124f1d959acf292a1bcbd781b088094602e6c34 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Mar 28 13:13:47 2012 -0400 > > Change flag to do_fork to nmake logic easier to read > >commit 571c75a728fd1c7bf227727e0459aeed37d48d4a >Merge: bcc3759 b2813b2 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Mar 28 09:12:09 2012 -0400 > > Merge eparis changes > >commit b2813b20294688ee40b69a9fdfe7d9cef76a3405 >Author: Martin Orr <martin@martinorr.name> >Date: Sun Mar 11 22:59:08 2012 +0000 > > policycoreutils: setfiles: Fix process_glob error handling > > process_one_realpath returns 1 if it changed the context of the file but > process_glob treats all non-zero values as errors. This results in > setfiles exiting with non-zero status even though it was successful. > > Fix process_glob to only treat negative return values of > process_one_realpath as errors. > > cf. http://bugs.debian.org/662990 > > Signed-off-by: Martin Orr <martin@martinorr.name> > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 5a6509b543b8a7fc2dc27d04be328773f63f25cb >Author: Russell Coker <russell@coker.com.au> >Date: Mon Mar 26 17:45:49 2012 +0200 > > policycoreutils: Make restorecon return 0 when a file has changed context with no error FIXME > > restorecon should return 0 when a file has changed context with no > error. With the last version it's returning 1. > > Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662990 > > [This needs review as the original patch from Russel always returned 0 > in the out: case. Even for errors...] > > Signed-off-by: Laurent Bigonville <bigon@debian.org> > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 722d8e72acaf58e92fc474db4336d9a90b298972 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Mar 6 10:43:22 2012 -0500 > > sepolgen: Make use of setools optional within sepolgen FIXME > > We still want to be able to use sepolgen even if setools isn't > installed. Degrade functionality, but still work if it can't be found. > > [Does this really work since alldomains will not be declared? Do we not > need alldomains = [] in the except block?] > > NOT-Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Eric Paris <eparis@redhat.com> > >commit f1a1a79cad5691cb3788f0c5576c5996fbd1aeac >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Feb 27 12:09:06 2012 -0500 > > policycoreutils: Disable user restorecond by default > > file_name trans should be good enough to handle this now, so why launch > it for every user? > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 797b4f43da41b2ea2a0ea52de080cdd4ce8f9bc2 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Feb 16 12:06:14 2012 -0500 > > libselinux: Fix bug in hidden_def FIXME > > [what bug?] > > NOT-Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 32a92900de86f3b74e8f53c8be0f165b15dd040b >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Feb 16 11:48:29 2012 -0500 > > policycoreutils: audit2allow: sepolgen-ifgen: use running policy rather than on disk > > Check against running policy instead of on disk. I mean, it's running > policy we care about. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit e8199304765fb9f6fad65aa54dc6c89337d1f322 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Feb 16 11:46:16 2012 -0500 > > libselinux: Switch to use selinux_current_policy_path() FIXME > > [review, I think sds objected] > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 53c12bf86fc5570e2ee362f25e3eda2bf14b7a5f >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Feb 15 11:28:35 2012 -0500 > > libselinux: avc_has_perm should return 0 if the machine is in permissive mode FIXME > > [needs review] > > NOT-Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 296667f322601e81e16147914f2bdcdd87695744 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Feb 7 10:08:11 2012 -0500 > > policycoreutils: semanage: Cleanup man page to describe exactly how the defaults are specified FIXME > > [Eric needs to understand the difference between -l and -r] > > NOT-Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 27cd884cadfe957315d4fc06b988409c00eca2ee >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Feb 3 12:08:21 2012 -0500 > > policycoreutils: setfiles: only show percent on full relabel FIXME > > Since it was pessimistic it wasn't terribly useful for partial relabels. > So only show it on full relabel. And make it overwrite itself. > > [Split these 2 things into 2 patches] > NOT-Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 2943a3d186c96e59014a26a60c77b0ed2a111604 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Feb 3 11:56:39 2012 -0500 > > From: John Reiser <jreiser@bitwagon.com> > > policycoreutils: setfiles: estimate percent progress > > John Reiser patch to estimate the percent progress for restorecon/setfiles on full restore > > The patch assumes processing from the root, so in general the percentage > is pessimistic when traversing a partial tree. This is the best that > can be done without invoking nftw() [fts_open + N*fts_read] twice. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit c0d0da442157f4d4a1af4061f9f9131fb11a2bfb >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Feb 3 10:26:56 2012 -0500 > > policycoreutils: mcstrans: creating a pid file FIXME > > In order to work properly with systemd daemons should create a pid file. > So it for mcstransd. > > [Do we need a similar 'no-fork' option for systemd?] > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit faf86ddfdfde9505a9cb97f674adf0995707464a >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Feb 3 10:22:26 2012 -0500 > > libselinux: avc_netlink_recieve handle EINTR FIXME > > should continue to poll if it receinves an EINTR rather then exiting with an error. > > [hmmmm, is this an appplication bug? should they set O_NONBLOCK? I dunno] > > NOT-Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 6e99275c65a6151062ae80641ccf700fe38a626d >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Feb 1 15:53:33 2012 -0500 > > policycoreutils: mcstransd: write a pid file FIXME > > [WHY] ? > > NOT-Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 033c0b4d808b4c5bdaccd3cf9c43394300ee9ee6 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Jan 30 16:46:55 2012 -0500 > > policycoreutils: load_policy: Stop making link for load_policy, breaks usrmove functionality FIXME > > After the usermove /sbin points as /usr/sbin > > So > /sbin/load_policy and /usr/sbin/load_policy > > Are already the same. > > If a distribution does not support the usrmove it should make the link > in its packageing file we should not be doing this in the Makefile. > > [Couldn't this break existing setups?] > > NOT-Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 86a2eb11c322eeeca24b10b8b9f48997bc430ae6 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Jan 30 16:21:32 2012 -0500 > > policycoreutils: setfiles: If you are not changing any labels do not send syslog messages FIXME MERGE? > > Basically this change stops sysloging if the change did not actually > happen. > > By default we do not modify a label if only the user component of the > SELinux context had changed, but were were sending a syslog messages > as if something had changed. > > [can we merge?] > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 7566a41bd370a120cbadf91b30a9212088625d59 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Jan 30 16:21:24 2012 -0500 > > policycoreutils: scripts: Don't syslog setfiles changes on a fixfiles restore > > Fixfiles restore is called by auditrelabel, and was happening early in > the boot process, before the syslog system was up and running. A bug > in systemd was causing relabels to take forever, while it waited for > the syslog's to complete. This was fixed, but I still see no reason > to write thousands/millions of lines to syslog on a badly mislabled > machine and wanted this featured turned off. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 5b6ff05735840e68fb87545d3c3c6a60309fd162 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Jan 24 11:24:37 2012 -0500 > > policycoreutils: restorecond: Stop using deprecated interfaces for g_io FIXME > > g_io_channel_read is deprecated. Use g_io_channel_read_chars instead. > > [Whitespace/indentation error] > > NOT-Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 7017d35f15e473a50c2927afba65dc3d1870de41 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Jan 24 11:22:43 2012 -0500 > > policycoreutils: restorecond: wrong options should exit with a non zero exit code. FIXME > > Add -h option to get usage command > > [SPLIT THIS INTO TWO PATCHES] > > NOT-Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 8a56e153e01848c69a247d35813553b5f2336a53 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Sep 7 13:58:24 2011 -0400 > > policycoreutils: FIXME Change restorecon to just change the type of an object, rather then the role, user and range. > > Needs review. > > Signed-off-by: Dan Walsh <dwalsh@redhat.com> > NOT-Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 00995ec3ca15664b233abe9a4cf017a526e087b8 >Author: Eric Paris <eparis@redhat.com> >Date: Wed Aug 3 14:00:48 2011 -0400 > > libselinux: matchpathcon: FIXME use vsyslog instead of stderr > > Convert matchpathcon to use vsyslog for errors instead of stderr. > > This isn't a library, why shouldn't we use stderr? > > NOT-Signed-off-by: Eric Paris <eparis@redhat.com> > >commit fdd6e62f0e47c95911a21778a3abfca6cf495022 >Author: Eric Paris <eparis@redhat.com> >Date: Tue Jul 5 00:28:42 2011 -0400 > > libselinux: FIXME do not use stderr/out if selinux is disabled > > Kerberos libraries do not expect libraries many levels lower to spew > messages to STDERR or STDOUT, and this causes kerberos to potentially do > whacky things like deny access, because the user has a screwed up file > context file. > > FIXME: This was rejected and upstream wanted callbacks. > > NOT-Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 1d8f8a008a90d870d76b9022fdc0656b5f7dc241 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Oct 4 08:33:41 2011 -0400 > > policycoreutils: newrole: FIXME do not drop capabilities when newrole is run as root > > changelog and review needed. > > NOT-Signed-off-by: Eric Paris <eparis@redhat.com> > >commit d629404a4e247eb8027e425e44a711e5fd1086cd >Author: Eric Paris <eparis@redhat.com> >Date: Wed Aug 3 11:38:03 2011 -0400 > > policycoreutils: newrole: FIXME do not call drop_capabilities > > I don't know why this is a good thing, but apparently we does it! > > NOT-Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 62bf2d637737a04fde53551b7bf718facfea6d9c >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Sep 2 08:55:47 2011 -0400 > > policycoreutils: setfiles: FIXME Allow setfiles/restorecon to take advantage of new subset handling in libselinux > > Needs review. > > Signed-off-by: Dan Walsh <dwalsh@redhat.com> > NOT-Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 50c903042960dd00126413d333d2c26c5340a1f4 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Sep 2 08:54:12 2011 -0400 > > libselinux: FIXME Allow SELinux labelling to support multiple prefix/subsets labeling, to reduce memory and increase speed apps that support labeling on a subset of directories > > Needs review > > Signed-off-by: Dan Walsh <dwalsh@redhat.com> > NOT-Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 8652371235afd14d59dc6cddaa8dd9ad91917142 >Author: Eric Paris <eparis@redhat.com> >Date: Wed Jul 20 12:19:48 2011 -0400 > > policycoreutils: run_init: FIXME If open_init_pty is not available then just use exec > > Sometimes using open_init_pty isn't possible. So just call exec() if > that is the case. > > *I need to double check the call ordering and its logic* > > Not-Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 7a0c0b7760a8cb69b3f6b2ca1416856258bdd3e7 >Author: Eric Paris <eparis@redhat.com> >Date: Tue Jul 19 11:27:23 2011 -0400 > > policycoreutils: semanage: FIXME force utf8 encoding > > Python has a very strange way of handling translations that can blow > up command line unless you force the system to utf8. > > THIS PATCH LEAVES AN UNCLEAN GIT STATUS AFTER BUILD > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 553a4a5d463cfd5bf9aa02eeaab0d382942821a9 >Author: Eric Paris <eparis@redhat.com> >Date: Fri Jul 15 18:32:28 2011 +0200 > > policycoreutils: semanage: FIXME make add operations into modify > > Scripts which use semanage often don't know if what they intend to do > has already been done. Should they use a -a because it doesn't exist or > should they use -m because it does? This patch just makes -a use -m if > an entry already exists. > > I'm not certain this is good practice. Why can't scripts tell the > reason and handle the error themselves rather than not have a choice in > the tools? What if two different rpms wanted to install a new selinux > user and the creator of those rpms didn't know about the other one? > They'd have no way of knowing about the name collision and the fact that > policy was likely not what they intended.... > > NOT-Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 6f06e100ebb24278d37bf72fd953393a6f5a237d >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Aug 23 14:53:44 2011 -0400 > > sepolgen: FIXME Allow returning of bastard matches > > Better changelog and review > > NOT-Signed-off-by: Eric Paris <eparis@redhat.com> > >commit ef87b47cd9d39c7db8bc1bd0a47235c2252c6dbb >Author: Eric Paris <eparis@redhat.com> >Date: Tue Mar 27 10:52:42 2012 -0400 > > policycoreutils: update .po files > > update policycoreutils po files. This should hopefully make the debian > build system a little happier. > > Requested-by: Laurent Bigonville <bigon@debian.org> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 03ebd0a78cc07c7290b5790d0756bb61f8341b5f >Author: Laurent Bigonville <bigon@debian.org> >Date: Mon Mar 26 20:45:49 2012 +0200 > > libselinux: Hide unnecessarily-exported library destructors > > Description: Hide unnecessarily-exported library destructors > This change was extracted from the old monolithic Debian patch. > > Signed-off-by: Laurent Bigonville <bigon@debian.org> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 799b13a8f6d9d56a0e68c6a3c6953fae33a98af1 >Author: Laurent Bigonville <bigon@debian.org> >Date: Mon Mar 26 20:47:46 2012 +0200 > > libselinux: Do not link against python library, this is considered bad practice in debian > > Do not link python module with libpython, the interpreter is already linked against it. > > Signed-off-by: Laurent Bigonville <bigon@debian.org> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 04c8174fe405a0baa617c563768e88642ae72d7e >Author: Manoj Srivastava <srivasta@debian.org> >Date: Mon Mar 26 17:33:17 2012 +0200 > > policycoreutils: Only run setfiles if we found read-write filesystems to run it on > > Only run setfiles if we have a R/W filesystem > > Signed-off-by: Laurent Bigonville <bigon@debian.org> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit eee5fe5dc106304283d0a7e23576fe822a4c7c3e >Author: Laurent Bigonville <bigon@debian.org> >Date: Mon Mar 26 17:43:41 2012 +0200 > > policycoreutils: fix ftbfs with hardening flags > > We are now building our packages with -Werror=format-security enabled. > The attached patch fix the FTBFS. More patch related to this could > follow. > > Signed-off-by: Laurent Bigonville <bigon@debian.org> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit be69f74a6cc5100db89de0294e6cacc2397d0a55 >Author: Kohei KaiGai <kaigai@kaigai.gr.jp> >Date: Sun Mar 25 22:05:17 2012 +0200 > > libselinux: security_compute_create_name(3) > > I'd like to use this interface to implement special case handling > for the default labeling behavior on temporary database objects. Allow > userspace to use the filename_trans rules added to policy. > > Signed-off-by: KaiGai Kohei <kohei.kaigai@emea.nec.com> > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 4a31cc0c83a0fcfa530390d13b59441f4f6285dd >Author: Martin Orr <martin@martinorr.name> >Date: Mon Mar 26 17:31:25 2012 +0200 > > policycoreutils: Fix infinite loop with inotify on 2.6.31 kernels > > With kernel 2.6.31, restorecond uses 99% of my CPU. > > This is because removing and readding the watch on utmp triggers inotify to > return an IN_IGNORED event for the old watch descriptor. If the watch gets > allocated the same wd when it is readded, then restorecond thinks that utmp > has changed, so removes and readds the watch again, potentially looping. > > With kernel <= 2.6.30, this never happened, because the kernel didn't reuse > watch descriptors. So the IN_IGNORED event comes with a wd that is no > longer in use, and gets ignored. But kernel 2.6.31 reuses the same watch > descriptor. The kernel has been fixed to not reuse watch descriptors. > However as some kernels do reuse them, and its possible they may again, > this patch fixes that by ignoring inotify events whose only bit set is > IN_IGNORED. > > Signed-off-by: Martin Orr <martin@martinorr.name> > Signed-off-by: Manoj Srivastava <srivasta@debian.org> > Signed-off-by: Laurent Bigonville <bigon@debian.org> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit ada74c53db494cab2bb649292baaf60aabc4c104 >Author: Russell Coker <russell@coker.com.au> >Date: Mon Mar 26 15:57:49 2012 +0200 > > libsemanage: fallback-user-level > > Having magic numbers in the code is a bad idea, using a macro is better. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 4ccc2f0486df343cee11641cf2a9650b08bec59a >Author: Laurent Bigonville <bigon@debian.org> >Date: Mon Mar 26 16:07:20 2012 +0200 > > libsemanage: Allow to build for several ruby version > > This allow to build the ruby module for both ruby 1.8 and 1.9.1 (the > way it's done for the python module) > > Signed-off-by: Laurent Bigonville <bigon@debian.org> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit f85dd2b662679e7b2b94f7a8c45a1fb3939de95c >Author: Laurent Bigonville <bigon@debian.org> >Date: Mon Mar 26 16:04:52 2012 +0200 > > libsemanage: do not link against libpython, this is considered bad in Debian > > Do not link against libpython, the interpreter is already linked to it. > In Debian this is usually considered bad practice. > > Signed-off-by: Author: Laurent Bigonville <bigon@debian.org> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit e4c0736d674735bc1199624d794d966b1700fe1d >Author: Manoj Srivastava <srivasta@debian.org> >Date: Mon Mar 26 13:41:24 2012 -0400 > > sepolgen: fix detection of policy loads > > I am running into an issue with sepolgen. Debian ships more > than one version of the refpolicy, a default one, and a MLS enabled > one. So, the include files live in either > /usr/share/selinux/{default,mls}/include sepolgen (in > src/sepolgen/defaults.py) sets refpolicy_devel() to a single > location -- and thus, only one version of the security policy may be > supported. So, sepolgen-ifgen from policycoreutils can only work > with one policy, which may not be the one installed on the target > machine. Could this be made configurable, somehow? As far as I can > see, sepolgen's python library does not offer any way to set the > value. This change fixes that. Now you may set the path to look for > development headers in /etc/selinux/sepolgen.conf, in the variable > SELINUX_DEVEL_PATH. The builtin default will have it work on Debian > and fedora machines out of the box. > > Signed-off-by: Laurent Bigonville bigon@debian.org > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 616f59295ef209e1820c766a17c6fcb49708c69a >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Mar 16 09:40:27 2012 -0400 > > policycoreutils: newrole: Use correct capng calls in newrole > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 50b0334473d95d433ab48229ff4d78db29d82369 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Mar 16 11:05:17 2012 -0400 > > libselinux: take security_deny_unknown into account > > selinux_check_access() should not error on bad class or perms if the > security_deny_unkown() function return false. If policy tells us to > allow unknown classes and perms we should respect that. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit a2b8ac80a9b76a0335db620793f6a4e1e6ff3512 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Mar 6 10:45:29 2012 -0500 > > policycoreutils: Add bash-completion scripts for setsebool and semanage > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 585567968413d678bed6c9fc7579c4c426389201 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Mar 6 10:44:30 2012 -0500 > > libselinux: assert if avc_init() not called > > To simplify finding why programs don't work, assert that avc_init() was > called any time avc functions are called. This means we won't get > 'random' segfaults and will instead be able to hopefully quickly > determine what we did wrong as application developers. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 07ab70c27373c1ec1756909fd75c74becf42a80e >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Feb 22 15:55:39 2012 -0500 > > policycoreutils: seunshare: Only drop caps not the Bounding Set from seunshare > > This means you can still run setuid programs, but don't need special > perms to run seunshare. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit a780249dcf91248f0b62040a1030b596eecb69b0 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Feb 15 13:21:52 2012 -0500 > > libselinux: build with either ruby 1.9 or ruby 1.8 > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit f53c6f146fdd9f552cba1a864c6fd3e1e30ce189 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Feb 15 12:26:32 2012 -0500 > > libselinux: pkg-config to figure out where ruby include files are located > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit fa96f93db0d43772e5a4ba57fc8c1691cde26ce6 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Feb 1 16:20:09 2012 -0500 > > policycoreutils: mcstrans: Version should have been bumped on last check in > > The previous time upstream was released, there were changes to > MCSTrans, but the version was never updated, In order for us to > release these fixes to Fedora we needed to bump the version. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit a212c023a893725d0eade97b97f04bde9878cd92 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Jan 31 17:12:52 2012 -0500 > > sepolgen: do not use md5 when calculating hash signatures > > FIPS does not allow md5 as a valid algorithm. Although we don't really > care about cryptographic strength since the algorithm isn't allowed to > be used at all use something strong, like sha256. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 71ac216866a306fb7b047869e741fb6b87d3d7a4 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Jan 27 14:41:58 2012 -0500 > > libselinux: utils: Stop separating out matchpathcon as something special > > It's not special and doesn't need its own Makefile lines. Just make it > a normal target. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit d4064c954f52503bdeb365ac00055a9a0cd538a6 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Jan 16 14:35:11 2012 -0500 > > policycoreutils: sandbox: Removing sandbox init script, should no longer be necessary > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 87ff91ea7dfed9ac993c164cc3cc50ac7af23e86 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Jan 27 14:01:00 2012 -0500 > > policycoreutils: scripts: Update Makefiles to handle /usrmove > > Move everything into /usr/* and just put links from /*. The whole /usr > thing hasn't really worked in all situations for a long long time. Just > accept that fact and move along. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 51eb8c86e6749a46fe4f2e85f9f4526deb368d15 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Jan 27 14:00:34 2012 -0500 > > libselinux: Update Makefiles to handle /usrmove > > Move everything into /usr/* and just put links from /*. The whole /usr > thing hasn't really worked in all situations for a long long time. Just > accept that fact and move along. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit bc8dc4381418e0932a59b20aaff91a54ca4872d0 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Jan 27 13:19:55 2012 -0500 > > policycoreutils: semanage: audit message to show what record(s) and item(s) have chaged > > Also if the user specifies a store that is not the current store, we should not be sending audit messages. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit a41872fa066dfbb9dd197c9b876baaefa93460e9 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Jan 25 16:25:07 2012 -0500 > > policycoreutils: semanage: proper auditting of user changes for LSPP > > semanage command was not reporting proper audit messages for the LSPP > certification. Needed to report additional information such as prior > roles before and after update. Many other changes, were reviewed by > Steve Grubb to make sure were were doing proper auditing. > > Should be reporting AUDIT_ROLE_ASSIGN instead of AUDIT_USER_ROLE_CHANGE. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit cd37a20a8e3e8538888f8e5c3f1fbd4984c519f7 >Author: Daniel P. Berrange <berrange@redhat.com> >Date: Mon Jan 23 15:41:12 2012 +0000 > > libselinux: Ensure there is a prototype for 'matchpathcon_lib_destructor' > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit c595e3cd902c07f74860211b94b6fbb369a47675 >Author: Daniel P. Berrange <berrange@redhat.com> >Date: Mon Jan 23 18:13:53 2012 +0000 > > libselinux: Change annotation on include/selinux/avc.h to avoid upsetting SWIG > > The earlier patch to avc.c put the struct member annotation at > the end of the line, which works fine for GCC, but upsets SWIG. > Equivalent code in selinux.h demonstrates how to place the > annotation without upsetting SWIG. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 6d757f15f89bd1e8ac138ddd0daf49930998f946 >Author: Daniel P. Berrange <berrange@redhat.com> >Date: Mon Jan 23 15:41:21 2012 +0000 > > libselinux: utils: Enable many more gcc warnings for libselinux/utils builds > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit aef44963cf9596e7d62b7f4e59f54f182b67489b >Author: Daniel P. Berrange <berrange@redhat.com> >Date: Mon Jan 23 15:41:20 2012 +0000 > > libselinux: Enable many more gcc warnings for libselinux/src/ builds > > XXX: -Wno-redundant-decls really shouldn't be set, if some way > can be found to deal with warnings generated by dso.h > > XXX: the maximum stack size should be much lower, but there > are too many functions using PATH_MAX which need to be rewritten > to use the heap instead. > > XXX: probe for whether the user's GCC supports a flag ? > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 210d186579f0b41ab4959f8cd5586e13f6dd5b8c >Author: Daniel P. Berrange <berrange@redhat.com> >Date: Mon Jan 23 15:41:19 2012 +0000 > > libselinux: Fix const-ness of parameters & make usage() methods static > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit c9a40eac181c56c7fa93521debfe7aed791a235a >Author: Daniel P. Berrange <berrange@redhat.com> >Date: Mon Jan 23 15:41:18 2012 +0000 > > libselinux: Add printf format attribute annotation to die() method > > Annotating the die method as taking printf format exposes > a bug in error reporting > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit bba810944d6f06d51945d79bcd6bce35d8406745 >Author: Daniel P. Berrange <berrange@redhat.com> >Date: Mon Jan 23 15:41:17 2012 +0000 > > libselinux: Add more printf format annotations > > The public avc.h file must use a printf annotation in the struct > callback members, otherwise application code will get compiler > warnings that the method should have an annotation set. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit ddc6c78f49bb5430558286662ee365fd486f8eb1 >Author: Daniel P. Berrange <berrange@redhat.com> >Date: Mon Jan 23 15:41:16 2012 +0000 > > libselinux: Add prototype decl for destructor > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 2ed4cc93509e06fdeb909c173598b7d88330d7e1 >Author: Daniel P. Berrange <berrange@redhat.com> >Date: Mon Jan 23 15:41:15 2012 +0000 > > libselinux: Remove unused flush_class_cache method > > * stringrep.c: Delete flush_class_cache > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 1e4f55679d3614f9fc2955547e9768fee6aad8c5 >Author: Daniel P. Berrange <berrange@redhat.com> >Date: Mon Jan 23 15:41:14 2012 +0000 > > libselinux: Fix const-correctness > > * include/selinux/selinux.h, src/init.c: set_selinuxmnt should take > a const char *mntpath > * src/get_default_type.c: Avoid bad cast discarding const > * load_policy.c: Fix var decl to avoid discarding const > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 167749616013ab97933c0814a04dcef79aa4854d >Author: Daniel P. Berrange <berrange@redhat.com> >Date: Mon Jan 23 15:41:13 2012 +0000 > > libselinux: Fix old style function definitions > > Add 'void' parameter to all functions which take no arguments > > * selinux_config.c: s/()/(void)/ > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit b71ed6d231f4a854705e66b1527650520d4c9c32 >Author: Daniel P. Berrange <berrange@redhat.com> >Date: Mon Jan 23 15:41:11 2012 +0000 > > libselinux: Remove jump over variable declaration > > seusers.c: In function âgetseuserâ: > seusers.c:273:3: error: jump skips variable initialization [-Werror=jump-misses-init] > seusers.c:317:2: note: label âerrâ defined here > seusers.c:274:8: note: âfpâ declared here > > * seusers.c: Declare FILE *fp at start of getseuser() method > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit a689360a6e18d36925919b005343700d4c5c85ef >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Jan 18 16:41:36 2012 -0500 > > sepolgen: audit.py Dont crash if empty data is passed to sepolgen > > If you pass output from a log file that does not include any avc's > audit2allow will crash. This patch fixes this problem. > > ausearch -m avc -ts recent | audit2allow > > If there was no AVC's recently, we do not want the python to crash. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 18e3a8d3966f6974d2ac83904890ad00dd6c6b28 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Jan 16 12:09:43 2012 -0500 > > checkpolicy: libselinux: Fix dead links to www.nsa.gov/selinux > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 66dd98b83a519840a26be7fa5644c982524f3bf7 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Jan 4 10:43:46 2012 -0500 > > libsemanage: Alternate path for semanage.conf > > Currently the semanage.conf file is hard coded to /etc/selinux/semanage.conf > even when an alternate root path is specified. Use the semanage.conf > found inside the altername root instead of the system global version. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 70c582f4e0554bb41f6bab6336a3996f9499bfeb >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Jan 3 13:45:08 2012 -0500 > > policycoreutils: sandbox: do not propogate inside mounts outside > > Fix the handling of namespaces in seunshare/sandbox. > Currently mounting of directories within sandbox is propogating to the > parent namesspace. This fix will basically isolate any mounting that > happens after the unshare from the parent namespace. > > Signed-off-by: Eric Paris <eparis@redhat.com > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 09c783c9a36cd47216df827c5d2c21ec8cd613e2 >Author: Eric Paris <eparis@redhat.com> >Date: Mon Dec 5 13:28:51 2011 -0500 > > libsepol: checkpolicy: implement new default labeling behaviors > > We would like to be able to say that the user, role, or range of a newly > created object should be based on the user, role, or range of either the > source or the target of the creation operation. aka, for a new file > this could be the user of the creating process or the user or the parent > directory. This patch implements the new language and the policydb > support to give this information to the kernel. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit bcc3759332cea5a425f993453df0f11f8fc9c4e8 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Mar 27 14:00:35 2012 -0400 > > Add an -f option to run mcstransd in the foreground. This will allow better > integration into systemd. > >commit 5befbc1febd86b54ea6e8be732677f59f3fe7cad >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Mar 27 10:11:59 2012 -0400 > > Genhomedir should be usin FALLBACK_USER_LEVEL rather then "s0". > Patch from Laurent Bigonville for debian development > >commit 84c8135335f87309e5dd581f8a1a425c47258f02 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Mar 16 11:07:51 2012 -0400 > > Further cleanup to keep eparis happy > >commit 5344dd80863d1daa7dc801c9f8143b7c46c00049 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Mar 16 11:05:17 2012 -0400 > > selinux_check_access should not error on bad class or perms if the security_deny_unkown flag is set > >commit bd78d8613e828cca5555082b5d6b689cbb19aa4c >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Mar 16 09:40:27 2012 -0400 > > Use correct capng calls in newrole > >commit 20fa580afd48ff384d7354f20098cd225cf4dcfd >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Mar 6 10:45:29 2012 -0500 > > Add bash-completion scripts for setsebool and semanage > >commit 2ff99dd146f03f8e6a150d185b9b7e887bc42615 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Mar 6 10:44:30 2012 -0500 > > libselinux should assert that avc_init has been called before using other avc tools, so engineers will have a clue why there app is blowing up > >commit b9068edfb7547f2a0b5ab8f6f02f72c56634fc6a >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Mar 6 10:43:22 2012 -0500 > > Make use of setools optional within sepolgen > >commit 222660735d14e4abc269ffe4d02160429f2a794e >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Feb 27 12:09:06 2012 -0500 > > Disable restorecond by default, since file_name trans should be good enough to handle this now > >commit fbf7e9b92eabff3765a4d69d8d3fd865c89ead29 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Feb 22 15:55:39 2012 -0500 > > Only drop caps not the Bounding Set from seunshare > >commit 9034a1756ab9e170a9057b65fef6107ba3de32c4 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Feb 16 12:06:14 2012 -0500 > > Fix bug in hidden_def > >commit 688bbb53d85ba8c5fcf5c6ad55b0c56c9fa34c84 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Feb 16 11:48:29 2012 -0500 > > Use selinux_current_policy_path instead of binary_policy_path > >commit fcc03ad5ac274f8b3ef3c56e5a0076e6e66e961a >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Feb 16 11:46:16 2012 -0500 > > Switch to use selinux_current_policy_path() > >commit 47322b2fb79b58cec939b8c54dd5fc222db00d80 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Feb 15 13:21:52 2012 -0500 > > Change Makefile to be built with either ruby 1.9 or ruby 1.8 > >commit ee1b169ae63ed0540b177820385689742239f831 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Feb 15 12:26:32 2012 -0500 > > Change Makefile to use pkg-config to figure out where ruby include files are located > >commit fb069a562e37fb9b85727c0caf1434bcdc9660fd >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Feb 15 11:28:35 2012 -0500 > > avc_has_perm should return 0 if the machine is in permissive mode > >commit 64cd4e0e9f85f1954c9dd80485303c217f1cf1d5 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Feb 7 10:08:11 2012 -0500 > > Cleanup man page to describe exactly how the defaults are specified > >commit f30aef1c7ba84f8871a5fd638dfe37100e43c395 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Feb 3 12:08:21 2012 -0500 > > Fix progress Percent to only happen on full relabel, and make it overwrite the display of percent. > >commit d6626dc92f29d61dd75462ce29ceb761f8fb652a >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Feb 3 11:56:39 2012 -0500 > > John Reiser patch to estimate the percent progress for restorecon/setfiles on full restore > > The patch assumes processing from the root, so in general the percentage > is pessimistic when traversing a partial tree. This is the best that > can be done without invoking nftw() [fts_open + N*fts_read] twice. > >commit 17ceb36847dda4a187eda3768331e9abe1b41894 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Feb 3 10:26:56 2012 -0500 > > mcstrans should be creating a pid file to work properly with systemd. > >commit 983db0f8d9168d49eb0c656a0cf05a4799d901d1 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Feb 3 10:22:26 2012 -0500 > > avc_netlink_recieve should continue to poll if it receinves an EINTR rather then exiting with an error. > >commit 98975ae32ccacfa05bfb08c460b3209d3a9cc24f >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Feb 1 16:20:09 2012 -0500 > > Version should have been bumped on last check in > >commit 5b9f99e3e55e5f2c792575ee38255f9e3b635462 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Feb 1 15:53:33 2012 -0500 > > mcstransd needs to write a pid file > >commit c6058089ead9fe8e904db17203832f497d6f5d93 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Jan 31 17:12:52 2012 -0500 > > Fips mode requires we don't use md5 > >commit 079a3be1ea2497207fea5136fcb914ef5c5922b2 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Jan 30 16:46:55 2012 -0500 > > Stop making link for load_policy, breaks usrmove functionality > >commit 05feb5ccbd38043848604a6a6cb4ba3baffe3cbc >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Jan 30 16:21:32 2012 -0500 > > If you are not changing any labels do not send syslog messages > >commit da86b9709836474b02aea65e904cbf5682cee7d9 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Jan 30 16:21:24 2012 -0500 > > Don't syslog setfiles changes on a fixfiles restore > >commit 4d16c183f05d964ffb7d5db6667efb04cba920d1 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Jan 27 14:41:58 2012 -0500 > > Stop separating out matchpathcon as something special > >commit 2244454442129971da402c4ab8e958ec77b87878 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Jan 27 14:01:00 2012 -0500 > > Update Makefiles to handle /usrmove, so we can install binaries in /usr/sbin instead of /sbin > >commit bff6223e95d2ae11bb036039e2c742c184f9b93c >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Jan 27 14:00:34 2012 -0500 > > Update Makefiles to handle /usrmove, so we can install binaries in /usr/sbin instead of /sbin > >commit 2353c1f79b81ed02ebf3dca2ec1213a3a1f9b138 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Jan 27 13:19:55 2012 -0500 > > Fix up semanage audit message to show what record(s) have changed and > list the items that have changed. > > Also if the user specifies a store that is not the current store, we should not be sending audit messages. > >commit dc9b3c27d48a0d2357dde3c44b68be82ca203e0c >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Jan 25 16:25:07 2012 -0500 > > Change semanage to produce proper audit records for Common Criteria > >commit 244284e475e2b5d36e7f3c94aae4b37c76463431 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Jan 24 11:24:37 2012 -0500 > > Stop using depracated interfaces for g_io > >commit 23c2d87e9184b300eff351f693df45f3abeee43a >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Jan 24 11:22:43 2012 -0500 > > restorecond run with the wrong options should exit with a non zero exit code. Add -h option to get usage command > >commit 46d0245bb194095e4596d9442828e12048255e44 >Author: Daniel P. Berrange <berrange@redhat.com> >Date: Mon Jan 23 18:13:53 2012 +0000 > > Change annotation on include/selinux/avc.h to avoid upsetting SWIG > > The earlier patch to avc.c put the struct member annotation at > the end of the line, which works fine for GCC, but upsets SWIG. > Equivalent code in selinux.h demonstrates how to place the > annotation without upsetting SWIG. > > Signed-off-by: Dan Walsh <dwalsh@redhat.com> > >commit e070b61228f43a60f7811a778a8ce1dc6a5c7130 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Jan 23 11:23:35 2012 -0500 > > Dan Berrange patch to Enable many more gcc warnings for libselinux/src/ builds > >commit 1655a70fb27ed7300db75e33cebee5029c886a5a >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Jan 23 11:21:38 2012 -0500 > > Dan Berrange patch to Enable many more gcc warnings for libselinux/utils builds > >commit 79eb3947ff27a822513297216087029500de4368 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Jan 23 11:19:55 2012 -0500 > > Dan Berrange patch to Fix const-ness of parameters & make usage() methods static > >commit ea780f7f2f3e26cf77f09f72995fa40cb9667e1f >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Jan 23 11:19:07 2012 -0500 > > Dan Berrange patch to Add printf format attribute annotation to die() method > >commit 1d5d412e4ada380039e2f608ae86fb22eeb3e9a5 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Jan 23 11:17:53 2012 -0500 > > Dan Berrange patch to Add more printf format annotations > >commit f752274f6cefd93f9e0171e673daeaad726ab43c >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Jan 23 11:17:16 2012 -0500 > > Dan Berrange patch to Add prototype decl for destructor > >commit a109fd5c30c4f4f034c2533df3215e880f78637f >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Jan 23 11:16:38 2012 -0500 > > Dan Berrange patch to Remove unused flush_class_cache method > >commit b5354186ce24faaa6baac12421586bbd854e3108 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Jan 23 11:15:43 2012 -0500 > > Dan Berrange patch to Fix const-correctness > >commit 65b6dd328e1e1ae83977f91dc57d74f5172ba6ad >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Jan 23 11:14:47 2012 -0500 > > Dan Berrange patch to Fix old style function definitions > >commit e75a59686577ad4fb505de49938ae872277bee18 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Jan 23 11:13:41 2012 -0500 > > Dan Berrange patch to Ensure there is a prototype for 'matchpathcon_lib_destructor' > >commit a1a88763dfe0ace635a3f906b006c9897eac1b3d >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Jan 23 11:11:46 2012 -0500 > > Code cleanup from Dan Berrange to create variables at the top of functions > >commit cb817c8e4acb6c9781e0a2e079be79cd60f40c98 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Jan 18 16:41:36 2012 -0500 > > Dont crash if empty data is passed to sepolgen > >commit 66f74f0dac70a755437efc980e9206e060efe71c >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Jan 16 14:35:11 2012 -0500 > > Removing sandbox init script, should no longer be necessary > >commit ff23e06769aa38542bf6092cc08212af3a27be8a >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Jan 16 12:09:43 2012 -0500 > > Fix dead links to www.nsa.gov/selinux > >commit f794b2a0abd323f9fa237d34b67257a779e73e51 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Jan 5 09:20:11 2012 -0500 > > Use the default semanage.conf if the private one does not exist > >commit f1d9f1d61235a3960a6efca15ecae30d148ca24d >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Jan 4 10:59:41 2012 -0500 > > Fix description of selinux_opt in man page > >commit f0735ed5b22c3dd62d7fe18be051180ecc615e82 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Jan 4 10:43:46 2012 -0500 > > Alternate path should also effect the /etc/selinux/semanage.conf file > >commit b7928b08c386664f4ad165625872abbdf65b356b >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Jan 3 13:45:08 2012 -0500 > > - Fix the handling of namespaces in seunshare/sandbox. > - Currently mounting of directories within sandbox is propogating to the > - parent namesspace. This fix will basically isolate any mounting that happens after the unshare from the parent namespace. > > Please enter thendling of namespaces in seunshare/sandbox. > - Currently mounting of directories within sandbox is propogating to the > - parent namesspace. commit message for your changes. Lines starting > >commit 880a40fec0fb74358c9ad63fe777935045b129a1 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Dec 21 19:16:46 2011 +0000 > > If open_init_pty does not exist then just use exec > >commit 2f6494bb2baa88dd1227280f79f1b28ca3e0f96c >Merge: fc18a25 339f807 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Dec 21 17:56:23 2011 +0000 > > Merge branch 'master' of http://oss.tresys.com/git/selinux > > Conflicts: > checkpolicy/policy_define.c > policycoreutils/semanage/semanage > >commit 339f8079d7b9dd1e0b0138e2d096dc7c60b2092e >Author: Eric Paris <eparis@redhat.com> >Date: Wed Dec 21 12:46:04 2011 -0500 > > update VERSION and Changelog for public push > >commit 297d2bee23fe96962c9cb819a36ccf0d80421515 >Author: Eric Paris <eparis@redhat.com> >Date: Wed Dec 21 11:10:01 2011 -0500 > > libselinux: merge freecon with getcon man page > > The getcon man page already includes setcon() and other non-"get" > entries. Why send people somewhere else just for freecon? Put it here. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit cb71d68aa1236bf8b1fecad859f53318f61d23dc >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Dec 20 16:50:09 2011 +0000 > > libselinux: Cleanup Man pages > > Typos, indenting, nothing fancy. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit bd264620363daba500ce70d10f5ff0578420520c >Author: Eric Paris <eparis@redhat.com> >Date: Wed Dec 21 09:55:40 2011 -0500 > > policycoreutils: semanage: drop unused translation getopt > > Remove handling for T: in getopt, this should have been > removed when we removed manage of translation > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 27915ec2aa7368d750a5b14e61e17c4a165185ac >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Dec 19 14:13:35 2011 -0500 > > libselinux: Fix setenforce man page to refer to selinux man page > > Do not talk about disabling selinux in the setenforce man page. Point > people in the right direction instead. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 16a37c9f94c1e2dfb865e17e4200d2824d4971f5 >Author: Richard Haines <richard_c_haines@btinternet.com> >Date: Mon Dec 19 16:51:29 2011 +0000 > > libselinux - correct selabel invalid context logging > > When selabel_lookup found an invalid context with validation enabled, it > always stated it was 'file_contexts' whether media, x, db or file. > The fix is to store the spec file name in the selabel_lookup_rec on > selabel_open and use this as output for logs. Also a minor fix if key is > NULL to stop seg faults. > > Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit c4c07480913a558c7b503bd0953041bb666e67e7 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Dec 5 14:05:39 2011 -0500 > > policycoreutils: Fix Makefile to match other policycoreutils Makefiles > > Include -W > Set LDLIBS consistently (include -L$(LIBDIR)) > Don't explicitly call $(CC) let make do it. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 5e46bb8647877acf8c7ff8253921c90ee50f3cdc >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Dec 12 15:03:21 2011 -0500 > > libsemanage: Fallback_user_level can be NULL if you are not using MLS > > If you build a distribution without MLS turned on, libsemanage will > crash if given a user without a level. This patch allows users > without levels to be passed in. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit b39e8cab3c8d635a0fd0c3f67e6ecd0b0aff71f9 >Author: Eric Paris <eparis@redhat.com> >Date: Mon Dec 5 11:48:20 2011 -0500 > > checkpolicy: add new helper to translate class sets into bitmaps > > We use the exact same logic a bunch of places in policy_define.c to > translate a class set into a bitmap. Make this into a helper function. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 915b5f885f030aa24a2ca648a184fa02cb5bbdcd >Author: Eric Paris <eparis@redhat.com> >Date: Wed Jun 29 01:49:20 2011 -0400 > > libsemanage: add ignoredirs config for genhomedircon > > For a long time /root has been treated differently in Red Hat > Distributions then upstream policy. > > We do not want to label /root the same as a users homedir. Because of > this we have carried a patch in libsemanage/genhomedircon.c to ignore > /root. > > This patch adds a flag to semanage.conf, ignoredirs. That will allow > distributions or users to specify directories that genhomedircon > should ignore when setting up users homedir labeling. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 17fc79a5f6504043efe55a3b0c0c2e67bbd3f41b >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Oct 24 14:34:34 2011 -0400 > > policycoreutils: sandbox: Add back in . functions to sandbox.init script > > In order to handle properly the display on boot the sandbox init > script has to source the functions file. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit efdcd1e981385b15ff083b38c3af4b8e4d50aee0 >Author: Eric Paris <eparis@redhat.com> >Date: Wed Aug 3 12:00:30 2011 -0400 > > policycoreutils: Remove excess whitespace > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 5c3211bccad45be0f546dbf976200142d1e4959d >Author: Eric Paris <eparis@redhat.com> >Date: Tue Nov 1 14:26:52 2011 -0400 > > sepolgen: better analysis of why things broke > > combine analysys of audit2why into audit2allow, so users can see if a > boolean would solve an AVC or if it is a constrain violation. Rather > then blindly adding allow rules to modules. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit fc18a25d5ab3feb64e27c1fa707ea7bafd46decc >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Dec 21 13:29:27 2011 +0000 > > Update to eparis patches > >commit 3d1a0fecf643681020dd5a25ac242ca53d147ddd >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Dec 20 16:50:09 2011 +0000 > > Cleanup Man pages > >commit 206f7868ae6a239d8fdf6491e3c2d8a237d0dcf0 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Dec 19 16:35:29 2011 -0500 > > Remove handling for trans and T: in getopt, this should have been removed when we removed manage of translations > >commit 3add6ea4d25dabd208d2fbdd81421940e57f355d >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Dec 19 16:15:59 2011 -0500 > > Reverse patch in semanage to not use set_action > >commit 18fa94431061677659ea955ed0273be6ee7efdbc >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Dec 19 14:44:55 2011 -0500 > > When selabel_lookup found an invalid context with validation enabled, it > always stated it was 'file_contexts' whether media, x, db or file. > The fix is to store the spec file name in the selabel_lookup_rec on > selabel_open and use this as output for logs. Also a minor fix if key is > NULL to stop seg faults. > > Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> > >commit 729ae92e3e53bdc756bbf700755908ceb9fe4a0e >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Dec 19 14:41:10 2011 -0500 > > Fix man page syntax > >commit 44fddb181c0199683abd94224ce71de2be57a04b >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Dec 19 14:13:35 2011 -0500 > > Fix setenforce man page to refer to selinux man page > >commit 5254932e50e72e4bc869bd410bdc36cd9a2611a9 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Dec 19 13:48:07 2011 -0500 > > Revert "Fix setenforce man page to explain how to disable SELinux" > > This reverts commit a0accab8ed4021b21cc6e8560b99f4197822d337. > >commit c42846085729186406c26089e796c00fdacf217c >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Dec 15 17:05:01 2011 -0500 > > Fix patch to allow semodule to work > >commit 1cdcb9a01313df5fef00c0db17591f2199b2c06c >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Dec 15 16:16:35 2011 -0500 > > Fix patch to allow checkpolicy to work > >commit cfe8e67942138972129883719287cb81a3ffacb7 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Dec 15 15:54:08 2011 -0500 > > Missing parts of DEFAULTS Defs > >commit 35cf90486b7fce977146cc40ece173f20c0f1739 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Dec 15 14:14:12 2011 -0500 > > Merge latest from eparis > >commit 06640ba68b6d1076fed9d14078674584683c241e >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Dec 15 10:24:53 2011 -0500 > > Update Man page for ingoredirs > >commit f07bf6e21cdce9dfefa9dc7e1be2145ee6c43c62 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Dec 15 10:15:24 2011 -0500 > > Add eparis patch > >commit 3fcca01fce60c7a7db7dfb74b9fe3703bede0618 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Dec 14 14:45:51 2011 -0500 > > Update to allow libsemanage to ignoredirs in genhomedircon > >commit e3e80dc6cd5ec100c20d89bf404b93e039d0551a >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Dec 12 15:03:21 2011 -0500 > > Fallback_user_level can be NULL if you are not using MLS > >commit baa0915fe936b4e8219ea650d25abe99a9e1ec30 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Dec 7 09:38:03 2011 -0500 > > Merge back in changes from F16 > >commit a0accab8ed4021b21cc6e8560b99f4197822d337 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Dec 6 10:41:22 2011 -0500 > > Fix setenforce man page to explain how to disable SELinux > >commit 69e409946b925647b143b0e24c79ee6580b34277 >Merge: 061bc38 d65c02f >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Dec 6 08:45:28 2011 -0500 > > Update to latest upstream > >commit d65c02f066fe8590fb5b5ea7479e47fde06eeb36 >Author: Eric Paris <eparis@redhat.com> >Date: Mon Dec 5 16:20:45 2011 -0500 > > bump version and changelog > >commit 85cfd2fe2e7fc351e631cf622a3ddbdf2bbea17e >Author: Eric Paris <eparis@redhat.com> >Date: Mon Dec 5 13:44:51 2011 -0500 > > libselinux: use -W and -Werror in utils > > Add the flags and fix the one build break. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 426d62472362b3320bfe4d60d8af2ed2dffeee37 >Author: Richard Haines <richard_c_haines@btinternet.com> >Date: Fri Dec 2 10:59:35 2011 +0000 > > libselinux: Add man/man5 man pages > > Add service_seusers(5) - those in the ./logins directory, seusers(5), > user_contexts(5) - those in the ./contexts/users directory, > virtual_domain_context(5) and virtual_image_context(5) man pages. > > Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit accf6a433f650b2ced86305349c247c62480c22d >Author: Richard Haines <richard_c_haines@btinternet.com> >Date: Fri Dec 2 10:58:03 2011 +0000 > > libselinux: Add man/man5 man pages > > Add failsafe_context(5), local.users(5), removable_contexts(5) and > securetty_types(5) man pages. > > Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit cc9e7e58652c0bd96e6597439a16993cab8190d9 >Author: Richard Haines <richard_c_haines@btinternet.com> >Date: Fri Dec 2 10:56:33 2011 +0000 > > libselinux: Add man/man5 man pages > > Add booleans(5), customizable_types(5), default_contexts(5) and > default_type(5) man pages. > > Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit af9608245a22ecb84e17735d5e74fd5a7d01f4b9 >Author: Richard Haines <richard_c_haines@btinternet.com> >Date: Thu Dec 1 16:26:17 2011 +0000 > > libselinux: Updated selabel_x(5) man page > > Updated selabel_x(5) with X-Windows context configuration file format and > added x_contexts(5) man page that links to it. > > Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit a566af7974aeed474e7db66867e0740f5855d7d9 >Author: Richard Haines <richard_c_haines@btinternet.com> >Date: Thu Dec 1 16:24:33 2011 +0000 > > libselinux: Updated selabel_media(5) man page > > Updated selabel_media(5) with media context configuration file format and > added media(5) man page that links to it. > > Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 30bd4567cf513904aaf3333a35802517b89b65cf >Author: Richard Haines <richard_c_haines@btinternet.com> >Date: Thu Dec 1 16:19:50 2011 +0000 > > libselinux: Updated selabel_db(5) man page > > Updated selabel_db(5) with RDBMS context configuration file format and added sepgsql_contexts(5) man page that links to it. > > Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 5f2e362d25ad0c38343e40dfc2668c8bfd9d3f56 >Author: Richard Haines <richard_c_haines@btinternet.com> >Date: Thu Dec 1 16:22:05 2011 +0000 > > libselinux: Updated selabel_file(5) man page > > Updated selabel_file(5) with file context configuration file format and > added file_contexts(5) man page that links to it. selabel_file(5) also > describes the .local, .homedirs, .subs and .subs_dist configuration file > formats. > > Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit beb7dedf7b5e0ca91bc84eae920e18ca892c55c3 >Author: Eric Paris <eparis@redhat.com> >Date: Thu Dec 1 09:12:50 2011 -0500 > > policycoreutils: add clean target to man Makefile > > Empty clean target just so you can run make clean > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 6aec573f800674028c3c486bd10a49750bd23a4e >Author: Richard Haines <richard_c_haines@btinternet.com> >Date: Mon Nov 28 14:41:03 2011 +0000 > > policycoreutils: Added SELinux config file man page. > > Added new man page selinux_config(5) detailing the SELinux config file > format to new man/man5 directory plus Makefile. > > Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 3e870d7c9b4c5ff90e42f0ecb5b250452499547c >Author: Richard Haines <richard_c_haines@btinternet.com> >Date: Mon Nov 28 14:43:28 2011 +0000 > > policycoreutils: sestatus: Updated sestatus and man pages. > > sestatus has been modified to present additional information: SELinux root > directory, MLS flag and the deny_unknow flag. The man page has been updated > to reflect these changes and an sestatus.conf(5) man page has also been added. > > Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit aed37210a31f3bbfe40926065c83b0b82b0ecafc >Author: Richard Haines <richard_c_haines@btinternet.com> >Date: Sun Nov 27 16:08:10 2011 +0000 > > libselinux: return EINVAL if invalid role selected > > For get_default_context_with_role(3) and get_default_context_with_rolelevel(3), > return errno = EINVAL if invalid role. > > Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 83161f73eaa046b530aec6e672aaffbe493838a4 >Author: Richard Haines <richard_c_haines@btinternet.com> >Date: Sun Nov 27 16:09:58 2011 +0000 > > libselinux: get_default_type now sets EINVAL if no entry. > > get_default_type(3) now returns with errno set to EINVAL if the entry does not > exist. > > Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit d0a8d81882c9b3eb7ad5601b45254a5c19479085 >Author: Richard Haines <richard_c_haines@btinternet.com> >Date: Sun Nov 27 16:06:57 2011 +0000 > > libselinux: Mapped compute functions now obey deny_unknown flag > > If selinux_set_mapping(3) is used to map classes, and an invalid class is used > to compute a decision (tclass = 0), the result did not obey the status of the > deny_unknown flag. > > Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 98234cf543474b8998c654cfc5b1d1cbc738c38b >Author: Richard Haines <richard_c_haines@btinternet.com> >Date: Sun Nov 27 16:11:37 2011 +0000 > > libselinux: Remove assert in security_get_boolean_names(3) > > Remove assert in security_get_boolean_names(3) if the len invalid and stop seg > fault if names is null. Set EINVAL instead and return error. > > Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit c705f0f4d88e20f0c2d0d8ecd4c48517096bb879 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Nov 30 13:43:52 2011 -0500 > > policycoreutils: semanage: change src,dst to target,substitute for equivalency > > No real code change. Just to make it clear what a src and dst means. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit b96d0fac86bf60020efedb7c67a2202acb0d165c >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Nov 29 15:56:20 2011 -0500 > > policycoreutils: semanage: Make sure semanage fcontext -l -C prints even if local keys are not defined > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 7e81db0eb85755947619b6baa69049a7a726fa62 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Nov 29 09:44:27 2011 -0500 > > libselinux: selinuxswig_python.i: don't make syscall if it won't change anything > > Add a check to restorecon, to not change a context if the context on disk matches > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 79bcfa728687e8d6437d99c77f5a5a4a0615a9bd >Author: Eric Paris <eparis@redhat.com> >Date: Thu Dec 1 15:50:55 2011 -0500 > > policycoreutils: semanage: check file equivalence rules for conflict > > Check for conflict on equivalence when adding a file context. > If a user adds a file context that begins with an equivalence string, we > throw an exception. > > /usr/sbin/semanage: File spec /usr/lib64/dan conflicts with equivalency rule '/usr/lib64 /usr/lib'; Try adding '/usr/lib/dan' instead > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 7dd4e1eee105af50c756e34885e6bb3b93d1ebbb >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Nov 16 15:32:27 2011 -0500 > > policycoreutils: semanage: print local and dristo equiv rules > > Print out the list of local and distribution file context equivalencies > rather than just local rules. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit a0af38a531788d2ffc4fd1c03c38fb66c3a61c17 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Nov 16 11:23:35 2011 -0500 > > sepolgen: Allow ~ as a file identifier > > We already allow this in policy, so allow it in sepolgen as well. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit c00affcc3eec349ab0366a9afb33ba7163d6b6e1 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Nov 10 12:16:07 2011 -0500 > > policycoreutils: sandbox: init script run twice is still successful > > If sandbox init script is run multiple times to start it should still > return 0 rather than an error. Things should still be set up. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 6c2ad1ce52e0bc215f9f5d460c881cf4325fb46e >Author: Eric Paris <eparis@redhat.com> >Date: Thu Dec 1 15:21:18 2011 -0500 > > policycoreutils: sandbox: only complain if sandbox unable to launch > > Instead of force an arbitrary 100 category requirement, only bomb if > there is a problem. Error out if there are 0 categories or if we cannot > find a free category in a reasonable number of attempts. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit d9376680bd2cfc754cedb991d2b634ba52f51be1 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Nov 9 16:30:23 2011 -0500 > > policycoreutils: sandbox: do not try forever to find available category set > > We calculate the number of available legit category sets for a given > user and then try to find one that many times. If we don't find one, > bail out. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 78b077cd090a7b4a715aea0090eff20c748b796a >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Nov 9 16:26:02 2011 -0500 > > policycoreutils: sandbox: make sure the domain launching sandbox has at least 100 categories > > 100 is very high, but at least we know the chances of finding a valid > combination is high. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 7ece124c518db6d536d9c6438b5f963cc7b3c494 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Nov 7 15:52:37 2011 -0500 > > policycoreutils: sandbox: Allow user to specify the DPI value for X in a sandbox > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit a6065e5ab716d5d7d96962d7f6bad3c523291b0c >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Nov 4 14:43:41 2011 -0400 > > policycoreutils: po: Makefile use -p to preserve times to allow multilib simultatious installs of po files > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit cfb2a06e396e8da0b113df3cb3a6f02c4b099db6 >Author: Eric Paris <eparis@redhat.com> >Date: Wed Nov 30 16:29:59 2011 -0500 > > policycoreutils: sandbox: move sandbox.conf.5 to just sandbox.5 > > Since this file lives in /etc/sysconfig/ it does not include a .conf > extention. Thus the man page should not include a .conf in the > filename. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit b6ccfd7c9135109f3876c067c314f03bd67cbc39 >Author: Eric Paris <eparis@redhat.com> >Date: Mon Nov 14 10:16:18 2011 -0500 > > checkpolicy: allow ~ in filename transition rules > > We found that we wanted a filename transition rule for ld.so.cache~ > however ~ was not a valid character in a filename. > > Fix-from: Miroslav Grepl <mgrepl@redhat.com> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit f00d41574779ef2f91ffc089d29f12f183f7d205 >Author: Eric Paris <eparis@redhat.com> >Date: Wed Nov 2 16:22:28 2011 -0400 > > checkpolicy: test: Makefile: include -W and -Werror > > Include the same error type options we build everything else with. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 58179a99884b54537ee5b367abdd4c3918198501 >Author: Eric Paris <eparis@redhat.com> >Date: Thu Nov 3 16:54:25 2011 -0400 > > checkpolicy: dismod: fix unused parameter errors > > Either by dropping the parameter or marking it as unused depending on > what works. We can't redefine hashtab_map callbacks as they must take all > three options, so just mark those unused. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 44d8a2fed985858669d415ebe028d71768dd6652 >Author: Eric Paris <eparis@redhat.com> >Date: Thu Nov 3 16:30:13 2011 -0400 > > checkpolicy: dis* fixed signed vs unsigned errors > > A number of places we used unsigned variables and compared them against > signed variables. This patch makes everything unsigned. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 061bc38fe17d85c62cae3ac4f8612e8532d5a4b0 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Dec 5 14:26:16 2011 -0500 > > Remove excess whitespace > >commit fc7642aab9316a560b022fa99deaf204ab45f3e7 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Dec 5 14:11:06 2011 -0500 > > Removing this patch since it does not make sense that the node query should be different > >commit 9dea7678e11bb4bb084eb54f4ebbf3acd79a1446 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Dec 5 14:05:39 2011 -0500 > > Fix Makefile to match other policycoreutils Makefiles > >commit 1a24845a21dfa23109e97b3a12af7b71c42004b7 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Dec 5 14:03:30 2011 -0500 > > Add back -es for semanage python executable command > >commit 8835cbd07250c6a060ba843c6b418b7b7d725145 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Nov 30 13:43:52 2011 -0500 > > Check for conflicts on substitutions, and change src,dst to target, substitute for equivalency > >commit 76e55589bca707c23433879a27f67ff6a9fac484 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Nov 29 15:56:20 2011 -0500 > > Make sure semanage fcontext -l -C prints even if local keys are not defined > >commit 91011fb5e97c4ded009e38acc362ce25f1210a3a >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Nov 29 15:23:04 2011 -0500 > > Get default dpi if user does not specify it > >commit 97ed9ff60633c03a1828a8bcbbd796336e49bf43 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Nov 29 09:44:27 2011 -0500 > > Add a check to restorecon, to not change a context if the context on disk matches > >commit fd9d01650c94dc4faef555b11ef0030da94f46b7 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Nov 29 09:42:03 2011 -0500 > > Make sure dpi is initialized > >commit d99c1d5237f29e4c57f4becb200dd4310658e49d >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Nov 16 15:32:27 2011 -0500 > > Print out the list of local and Distribution file context equivalencies. > Check for conflict on equivalence when adding a file context. > If a user adds a file context that begins with an equivalence string, we > throw an exception. > > /usr/sbin/semanage: File spec /usr/lib64/dan conflicts with equivalency rule '/usr/lib64 /usr/lib'; Try adding '/usr/lib/dan' instead > >commit afcf8fdaf562aca6858eb1e31f32549deac95e70 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Nov 16 11:23:35 2011 -0500 > > Allow ~ as a file identifier > >commit e0847b7f7f1bea417e665877673d5a5beebf6656 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Nov 14 11:32:58 2011 -0500 > > File names can contain ~ > >commit 083ecd272eb42f944d78060dd2e8c7540f848bb5 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Nov 10 12:16:07 2011 -0500 > > If sandbox init script is run multiple times to start it should still return 0 > >commit d1c9614667b3ff63bf621edb2145ff6e6b31e7ea >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Nov 9 16:34:06 2011 -0500 > > If sandbox can not find an available category in the number of categories times, it will fail > >commit 258adf7da46f764aac59d623e46f7b46f0ad12c3 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Nov 9 16:30:23 2011 -0500 > > If sandbox can not find an available category in the number of categories times, it will fail > >commit f623a5aee4c81d0120fdf7a6dd73fc1292a9c04b >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Nov 9 16:26:02 2011 -0500 > > Sandbox needs to make sure the domain launching it has at least 100 categories > >commit cae333b00fde2011c78b954eb77977e752904d7b >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Nov 7 15:52:37 2011 -0500 > > Allow user to specify the DPI value for X in a sandbox > >commit b3aea9330b479902f96ee7419af097a29941a7ac >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Nov 4 14:43:41 2011 -0400 > > Need to use -p to preserve times to allow multilib simultatious installs of po files > >commit f214714b868fc52f5cfcd94389ef1f92389c4531 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Nov 4 11:19:24 2011 -0400 > > Remove unused get_log_messages function > >commit ce793584caba768297c644a5218e1c7c520c9490 >Merge: d6976cc 14e4b70 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Nov 4 11:08:39 2011 -0400 > > Update to upstream > >commit d6976cc3e0d95cd0e6a544f0983d47a9fb4f501b >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Nov 4 08:54:04 2011 -0400 > > Use setaction for enable and disable > >commit 14e4b70b933a330fc1e63bf0ac5ebab4f9664062 >Author: Eric Paris <eparis@redhat.com> >Date: Thu Nov 3 15:26:36 2011 -0400 > > Bump Version and Changelog for commit > >commit 077e8635173ae51576ee6c27eb7c6d12243294e9 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Oct 13 13:28:35 2011 -0400 > > sepolgen: Return name field in avc data > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 9cbd404ceb6c87483a4b8b2718b8d9ed8e4e6b56 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Sep 30 09:20:16 2011 -0400 > > sepolgen: Ignore permissive qualifier if found in an interface > > During Rawhide releases we change all "unconfined_domains" to > permissive domains in order to find new AVC messages without breaking > rawhide boxes. The way we do this is changing the unconfined_domain > interface and putting permissive $1; in it. sepolgen does not like > this and blows up the build. This patch tells sepolgen to ignore the > permissive in an interface. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 10fb8fdbb16c3cc8a5a4abb3edd98a85756772b8 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Oct 28 16:45:04 2011 -0400 > > policycoreutils: restorecond: Add .local/share as a directory to watch > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit b9b7bddb28c85a7cc2340c753f37b21bd7a14dbd >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Oct 27 10:38:27 2011 -0400 > > policycoreutils: setfiles: fix use before initialized > > There are code paths where ret can be returned without being initialized > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit d4a39ca15b5a41b545630aeaa04e96fe7c0346fe >Author: Eric Paris <eparis@redhat.com> >Date: Thu Sep 29 17:07:54 2011 -0400 > > policycoreutils: label_file: style changes to make Eric happy. > > Sometimes sticking to 80 characters sucks a lot. I don't care. Buy a > wider monitor so I can read the code. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 24b31a9da5a6f7f9d056ab13367ebdcb1fb3c585 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Oct 4 17:05:52 2011 -0400 > > policycoreutils: semodule: Document semodule -p in man page > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit e018eec325264aa33dfb25094f3566cc5df5f401 >Author: Eric Paris <eparis@redhat.com> >Date: Thu Sep 29 14:46:26 2011 -0400 > > policycoreutils: setfiles: close /proc/mounts file when finished > > When testing for mount points to exclude we read /proc/mounts. Close > this file when we are finished reading it. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit d5475a909a570d72c75bc86dbb4e449c0ba7bb57 >Author: Eric Paris <eparis@redhat.com> >Date: Fri Sep 23 17:39:43 2011 -0400 > > policycoreutils: make use of the new realpath_not_final function > > Instead of coding the exact same thing and calling it symlink_realpath > use the function exported by libselinux. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 148682066511f76a1b5d0d4ae10268f85140673e >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Sep 20 13:58:42 2011 -0400 > > policycoreutils: semanage: Add -o description to the semanage man page > > Just a bit of documentation. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 5e50b01fa45220e31b78e822db15a8c5fa4d5661 >Author: Stephen Smalley <sds@tycho.nsa.gov> >Date: Mon Sep 19 11:23:03 2011 -0400 > > policycoreutils: fix sandbox Makefile to support DESTDIR > > Fix sandbox Makefile so that make DESTDIR=~/out install works again. > > Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 88234671ed0d1db27c986f009570c6cbe730d259 >Author: Guido Trentalancia <guido@trentalancia.com> >Date: Mon Sep 19 07:09:41 2011 -0400 > > policycoreutils: semodule_package: remove semodule_unpackage on clean > > semodule_unpackage was not being removed on clean. Simple Makefile fix. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit e134013ab705e6edaf3311d4dc9db7c81e84e775 >Author: Eric Paris <eparis@redhat.com> >Date: Mon Aug 15 20:10:14 2011 -0400 > > policycoreutils: sandbox: introduce package name and language stuff > > Add support for translations to the sandbox utility. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 4a145b76d02a0ff179758773e028333e020184f7 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Oct 6 16:05:03 2011 -0400 > > policycoreutils: restorecond: make restorecond -u exit when terminal closes > > Make restorecond -u watch the terminal io channel for and exit indicator > and then exit itself if it is not being run from dbus. If being run > from dbus, dbus takes care of the session cleanup. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 9961ca64990f9547f5f7921d1766f57905098e10 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Aug 9 09:58:53 2011 -0400 > > policycoreutils: restorecon: Always check return code on asprintf > > Do not assume it is always a success and error gracefully when it isn't. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 48681bb49c032d4c399e8331126c5dca020e0b3e >Author: Eric Paris <eparis@redhat.com> >Date: Wed Aug 3 11:40:47 2011 -0400 > > policycoreutils: restorecond: make restorecond dbuss-able > > Basically this patch makes restorecond a dbus session service that can > be run in the users session to watch the creation of files in the > homedir. Most of the changes are just to get it to run as a dbus > session and then to allow it to read its own config. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 672eb80648152e7be67ff9a1b0afe8fd9467888b >Author: Eric Paris <eparis@redhat.com> >Date: Tue Jul 19 11:27:22 2011 -0400 > > policycoreutils: semanage: set modified correctly > > I think I was trying to allow an admin to set a bunch of booleans > from a file, but I later added -i and -o options, which would seem to > be a better way to handle many changes at once. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit a67cd948c4a907a1adcb2aa72686f8aebb096213 >Author: Eric Paris <eparis@redhat.com> >Date: Mon Jul 18 13:19:30 2011 -0400 > > policycoreutils: semanage: missing modify=True > > Basically we want to trigger a modify of booleans record if the user > specifies --on or --off on a boolean. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 9ef48acb374b93bc34e0840b39d7c3bbc343dcb7 >Author: Eric Paris <eparis@redhat.com> >Date: Fri Jul 15 15:42:37 2011 +0200 > > policycoreutils: semanage: update local boolean settings is dealing with localstore > > If someone modifies the boolean settings using semanage, we would > expect them to be reflected on the local system. This change would > change the active settings IFF you are changing the currently running > system. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 1c15c8b537b6c632074fac07019e0c3e012687a5 >Author: Eric Paris <eparis@redhat.com> >Date: Sun Jul 10 16:25:18 2011 +0200 > > policycoreutils: fixfiles: label /root but not /var/lib/BackupPC > > This patch removes /root from the excluded dirs. > > This also adds /var/lib/BackupPC to list of directories to ignore > labeling. Mainly because this directory tends to be Huge and causes a > huge spike in the amount of time it takes to relabel. Especially if > there is a relabel caused by a policy update. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 9cc0749a737dcf0f7909885e5f043b0cde54325c >Author: Eric Paris <eparis@redhat.com> >Date: Thu Sep 8 17:26:12 2011 -0400 > > policycoreutils: audit2allow: use audit2why internally > > Rather than do things ourselves, use audit2why. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 5c2a0d143de7920b9edf070518d22f4e7dce5481 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Sep 7 14:20:30 2011 -0400 > > policycoreutils: sandbox: Maintain the LANG environment into the sandbox > > When running an app within a sandbox, the application currently > switches to no LANG. This patch will cause the sandboxed app to use > the users LANG. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 1d274aca2dca306d7dd6e37d81e54e278d175a9d >Author: Eric Paris <eparis@redhat.com> >Date: Mon Oct 31 10:48:38 2011 -0400 > > checkpolicy: drop libsepol dynamic link in checkpolicy > > Checkpolicy was using the static link to libsepol, but also defining a > dynamic link (that wasn't needed). This confuses gdb. Drop the dynamic > link request. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 2c4eca16dd4aaf2f7830012908aef66109106d82 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Sep 19 08:17:48 2011 -0400 > > libsemanage: create man5dir if not exist > > Make new man page directory if it doesn't exist. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 06f53004d93ddb6bd4e2b2f4d697c8cedf382e47 >Author: Guido Trentalancia <guido@trentalancia.com> >Date: Mon Sep 19 07:26:44 2011 -0400 > > libsemanage: semanage.conf man page > > Add a new semanage.conf man page. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 0a778ba601d68ef91304f90c101b5dc67d433e04 >Author: Eric Paris <eparis@redhat.com> >Date: Mon Oct 31 10:55:03 2011 -0400 > > libsepol: expand: do filename_trans type comparison on mapped representation > > The filename_trans code had a bug where duplicate detection was being > done between the unmapped type value of a new rule and the type value of > rules already in policy. This meant that duplicates were not being > silently dropped and were instead outputting a message that there was a > problem. It made things hard because the message WAS using the mapped > type to convert to the string representation, so it didn't look like a > dup! > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 2f68def6338d072ae13328cf6357a4468408ce1b >Author: Steve Lawrence <slawrence@tresys.com> >Date: Tue Oct 18 08:34:41 2011 -0400 > > libsepol: Move ebitmap_* functions from mcstrans to libsepol > > This patches moves some ebitmap functions (and, xor, not, etc.) from > mcstrans into libsepol, where they really belong and could be used by > other applications (e.g. CIL) > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 2b06f474006db3f32895dab9e393324febb9e16f >Author: Eric Paris <eparis@redhat.com> >Date: Fri Sep 23 17:38:09 2011 -0400 > > libselinux: rename and export symlink_realpath > > symlink_realpath is used by both libselinux and policycoreutils. > Instead of coding it twice, export the libselinux version under a new > name that makes it sound more generic. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 74a9a5296688e2617d669b346d3f5ef6e31ae2d9 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Oct 27 10:00:21 2011 -0400 > > libselinux: audit2why: close fd on enomem > > Potential file descriptor leak on this code path, need to close file > descriptor if out of memory. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit dd563b35e1f6918e5c96de29ea255b04ad34e891 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Oct 24 13:47:36 2011 -0400 > > libselinux: seusers: fix to handle large sets of groups > > If a user was in too many groups the check_group function might not pass > a large enough buffer to getgrnam_r to handle things. This could return > ERANGE which we then aborted. Instead we should make the buffer larger and > try again. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 3b5e45f004e508cca8958f6e3a46961753af291e >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Oct 20 15:43:12 2011 -0400 > > libselinux: Don't reinitialize avc_init if it has been called previously > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 9c46a0a3153124753e3afbd2090fea65a09e1df1 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Oct 20 15:14:08 2011 -0400 > > libselinux: simple interface for access checks > > Some programs, like passwd, need to do simeple one time access checks. > Rather than set up a full avc cache and use that infrastructure they > were directly using security_compute_av. A problem with this approach > is the lack of audit on denials. This patch creates a new interface > that is simple to use and which will still listen to things like > permissive and output audit messages on denials. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 86e8daafc3755820272c0f36a3dd115f0b01c93d >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Oct 20 15:13:17 2011 -0400 > > libselinux: maintain mode even if umask is tighter > > When certain programs were run which created new files they would get > default permissions based on the current users umask. However these > files should get the same permissions as those files which they > replaced. Do that. > > Patch from: Stephen Smalley > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 023c9c1fdee963606d830b70db108bd9031390f4 >Author: Eric Paris <eparis@redhat.com> >Date: Mon Oct 3 15:44:14 2011 -0400 > > libselinux: label: cosmetic cleanups > > Return early to save an indent. Clean up all memory on ENOMEM > conditions. Use '\0' instead of 0 for nul terminiator. Style changes > to make Eric happy. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit c81a43c753efbda6f2106dbf0a291005683474f8 >Author: Eric Paris <eparis@redhat.com> >Date: Wed Sep 28 17:15:16 2011 -0400 > > libselinux: libsemanage: libsepol: regenerate .pc on VERSION change > > The makefile which generated the package config files did not have the > VERSION file as a dependancy. Thus if you updated a tree you have > previously build the .pc file wouldn't be rebuilt and the old version > would be reinstalled. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit b3b19fdce58ff6ddfa6dfb8e5576c922c96e1e45 >Author: Eric Paris <eparis@redhat.com> >Date: Thu Sep 22 09:32:44 2011 -0400 > > libselinux: load_policy: handle selinux=0 and /sys/fs/selinux not exist > > Handle situation where selinux=0 passed to the kernel and both /selinux and > /sys/fs/selinux directories do not exist. We used to handle selinux=0 > (or kernel compile without selinux) by getting ENODEV when we tried to > mount selinuxfs on /selinux. Now selinux=0 means that /sys/fs/selinux > won't exist and we never create the real directory /selinux at all. So > we get ENOENT instead of ENODEV. The solution is to check to see if the > mount failure was for ENODEV and if not to check if selinuxfs exists in > /proc/filesystems at all. If it doesn't exist, that's equivalent to > ENODEV. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 468bff095253171300a5faa4bb23f0b2524fde08 >Author: Eric Paris <eparis@redhat.com> >Date: Mon Sep 19 16:38:33 2011 -0400 > > tree: Makefiles: syntax, convert all ${VAR} to $(VAR) > > This is purely personal preference. Most of the Makefiles use $() for > Makefile variables, but a couple of places use ${}. Since this obscured > some later Makefile changes I figured I'd just make them all the same up > front. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit fdeeccaa0ec11a5a549c60fc2da1f4dcd8eb5c65 >Author: Eric Paris <eparis@redhat.com> >Date: Wed Nov 2 13:03:59 2011 -0400 > > Revert "checkpolicy: Redo filename/filesystem syntax to support filename trans rules" > > This reverts commit d72a9ec825ef2a8723510f62292cf2adfd4a2a6c. It should > never have been added. It breaks the correct wrapping of filenames in " > >commit a13929a4563ec006d2f9a57542a5cce44cc94f50 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Oct 28 16:45:04 2011 -0400 > > Add .local/share as a directory to watch > >commit 093f84efc8d8a1eb14a02461505ed52f4f17b93c >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Oct 27 10:41:16 2011 -0400 > > Coverity is complaining about this object never being used > >commit 2f49522cd901877cd34f493143065a6552dc8201 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Oct 27 10:38:27 2011 -0400 > > There are code paths where ret can be returned without being initialized > >commit b67b43bba5f6822d4029b82c3d8b32cb50109b93 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Oct 27 10:00:21 2011 -0400 > > Potential file descriptor leak on this code path, need to close file descriptor if out of memory > >commit 1d3c3b40a549ccc4ead687d8450ccfdd9329d870 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Oct 24 14:34:34 2011 -0400 > > Add back in . functions to sandbox.init script > >commit 46c357be84313456906cdaf42ad3688788249e73 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Oct 24 13:47:36 2011 -0400 > > Fix check_group function to handle getgrnam_r returning ERANGE error and realloc bugger. > >commit ed6442de209722bbc07b105df50fa2ae5ecf331b >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Oct 20 16:48:23 2011 -0400 > > Fix compilation error > >commit 2206da598f52f86574c6964e777e4f61e8a4579c >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Oct 20 15:43:12 2011 -0400 > > Don't reinitialize avc_init if it has been called previously > >commit d5ac812f81b98ce930fb207fc97f5c0304a95980 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Oct 20 15:14:08 2011 -0400 > > New interface to allow the checking of access and generation of avc alerts when it fails > >commit bc998beb9575d5f37a7425ca2cdb26c69d42c2a0 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Oct 20 15:13:17 2011 -0400 > > Checkin Stephen Smalley's Fix for making sure we maintain the mode on files even if the umask is tighter then normal > >commit 58871e0391c713cad389dc473e9728c057e79acb >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Oct 20 15:13:10 2011 -0400 > > Checkin Stephen Smalley's Fix for making sure we maintain the mode on files even if the umask is tighter then normal > >commit 9649f016ed9f2e460b8589116b8f6f11c70063be >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Oct 13 13:28:35 2011 -0400 > > Return name field in avc data > >commit c5fc2ad11a5c232d35a13f34530c983b0a492c33 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Oct 6 16:05:40 2011 -0400 > > C Compiler wants additional Brackets > >commit da31a2c97ddf1fe5abcb9b249ad269cd5b5686dc >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Oct 6 16:05:03 2011 -0400 > > Make restorecond -u watch the terminal for exit if it is not being run from dbus, exit if the terminal closes > >commit e17ce311c550debdd70f3d06b3c7ec8fecbcb11a >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Oct 4 17:05:52 2011 -0400 > > Document semodule -p in man page > >commit fe2a3a3dc8005f812b84e9cdc7c321f429931243 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Oct 4 08:33:41 2011 -0400 > > Should not drop capabilities with newrole when running as root > >commit 7cd733c22e142f711f14a63e866632acd879cef3 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Sep 30 09:20:16 2011 -0400 > > Ignore permissive qualifier if found in an interface > >commit f7d0c09033b56ee7f509e0abc05fb418df1fb7f5 >Merge: 086810a 5054b90 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Sep 30 09:10:50 2011 -0400 > > Merge branch 'master' of http://oss.tresys.com/git/selinux > >commit 5054b9019a669b1f85ed0d35e6dff7ee9f449ec6 >Author: Eric Paris <eparis@redhat.com> >Date: Tue Sep 27 13:54:19 2011 -0400 > > bump version and changelog > >commit cfdfe498b772f28eb8255b07ebefed64db27b1d6 >Author: Eric Paris <eparis@redhat.com> >Date: Tue Sep 27 13:52:16 2011 -0400 > > policycoreutils: semanage: fix indentation error in seobject > > Some versions of python are reporting an indentation error when trying > to use this file. Fix the whitespace messup. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 086810ab8a6762bcb4ec2f71ed81bd9d17729db5 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Sep 23 11:44:31 2011 -0400 > > restrorecon and setfiles should not exit with a non zero status if they have modified a files context > >commit fee36f2f49d136c42b9ba6e21ac3ccf6b6a7b4f9 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Sep 22 09:32:44 2011 -0400 > > Handle situation where selinux=0 passed to the kernel and both /selinux and /sys/fs/selinux directories do not exist > >commit 43fc572e3e12bd088131996f8ca8400160a95233 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Sep 20 13:58:42 2011 -0400 > > Add -o description to the semanage man page > >commit 312493a6552c97b85380aa7b68f60272801567ae >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Sep 20 10:01:03 2011 -0400 > > Fix merge to reset to eparis/master > >commit 86ebe809a8aa95daac4ce5cafa928027a50e0629 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Sep 20 09:53:53 2011 -0400 > > merge upstream > >commit 3129f4b79ba8e2397f998843a12bbcc4a1f66d59 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Sep 20 09:52:57 2011 -0400 > > Fix checkpolicy to remove " from the named filetrans rules in policy > >commit 426bd9ad70130cd5f9eeb1bdb8b73853e89c0265 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Sep 19 08:17:48 2011 -0400 > > Make new man page directory > >commit db494037f68548c2dc884ebbfe7d6d2a6de7c9cd >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Sep 19 07:26:44 2011 -0400 > > Add guido Trentalancia semanage.conf man page > >commit af7b68ffc72248ee385cfc314d5e657d534fcfa5 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Sep 19 07:09:41 2011 -0400 > > guido@trentalancia.com fix to remove semodule_unpackage on clean > >commit 3df2f6dfd26bc0e10b955c985acc1204bf402945 >Merge: c7107e4 418dbc7 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Sep 19 06:40:59 2011 -0400 > > Merge branch 'master' of http://oss.tresys.com/git/selinux > > Conflicts: > policycoreutils/Makefile > policycoreutils/sandbox/seunshare.c > >commit 418dbc70e8e7b6b313a0a23455d24256c6807a46 >Author: Eric Paris <eparis@redhat.com> >Date: Fri Sep 16 15:34:36 2011 -0400 > > Bump version and changelog for all components. > >commit 7a653efffc48d0ecb95be5ace45b4dc6e15ba949 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Sep 14 08:54:06 2011 -0400 > > policycoreutils: sandbox: do not load unused generic init functions > > Change sandbox init script to not load functions any longer, we don't use them > > Signed-off-by: Dan Walsh <dwalsh@redhat.com> > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 6a530237403066293813ad03d575df2487db28d0 >Author: Guido Trentalancia <guido@trentalancia.com> >Date: Wed Sep 14 01:33:26 2011 +0200 > > libsemanage: fix semanage_store_access_check calling arguments > > A few calls to semanage_store_access_check() in the libsemanage > tests passed an argument even though it is a void function. > > Signed-off-by: Guido Trentalancia <guido@trentalancia.com> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit eb695e5a5618ede939af2f9c9daed7c53e14b50a >Author: Guido Trentalancia <guido@trentalancia.com> >Date: Wed Sep 14 14:54:34 2011 -0400 > > whole tree: default make target to all not install > > Change the default "make" target for the libraries from "install" to > "all" in the makefiles. > > Signed-off-by: Guido Trentalancia <guido@trentalancia.com> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit e172b87a305e3ef602ae9caf3272fcb1cae0f1a3 >Author: Eric Paris <eparis@redhat.com> >Date: Wed Sep 14 14:38:49 2011 -0400 > > libselinux: put libselinux.so.1 in /lib not /usr/lib > > Commit 874bac80bbfbf0a5 incorrectly changed the default install location > of libselinux.so.1 from /lib to /usr/lib. This patch fixes that problem > by reverting that portion of the change. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 9df5601b60490be8d449414ba262c91d5093174c >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Sep 8 15:23:40 2011 -0400 > > .gitignore: More files to ignore > > add .pyc and the new unpackage to git ignore > > Signed-off-by: Dan Walsh <dwalsh@redhat.com> > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 42a523c0bd7361726dc29921ee86e15aabe460b1 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Sep 1 10:50:27 2011 -0400 > > policycoreutils: semanage: Catch RuntimeErrors, that can be generated when SELinux is disabled > > Exit cleanly instead of python getting angry when SELinux is disabled. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 7bfaa63839955b2f743f84f2d873fc13298f5777 >Author: Eric Paris <eparis@redhat.com> >Date: Thu Sep 15 17:58:52 2011 -0400 > > libselinux: src: matchpathcon: make sure resolved path starts with / > > Resolving paths from relative to absolute didn't always start with a /. > Make sure they start with a /. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 09b635fa20cb47d155ec67eb2909c0dd33c677cb >Author: Eric Paris <eparis@redhat.com> >Date: Thu Sep 15 17:58:05 2011 -0400 > > libselinux: src: matchpathcon: use myprintf not fprintf > > Use the myprintf helper rather than fprintf directly. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit bedd2a8dc4d95360fcc6dd870be04e615b4f2766 >Author: Eric Paris <eparis@redhat.com> >Date: Thu Sep 15 17:56:12 2011 -0400 > > libselinux: utils: matchpathcon: remove duplicate declaration > > We declare rc both for a function and inside a stanze. We only need it in the > stanze so remove the declaration for the whole function. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit b1331909a0cac8325b817b8c60ccae8b2c69b83b >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Aug 30 04:52:18 2011 -0400 > > policycoreutils: sepolgen: audit2allow is mistakakenly not allowing valid module names > > module names must begin with a letter, optionally followed by letters, > numbers, "-", "_", "."\n' some of these were being denied. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Signed-off-by: Dan Walsh <dwalsh@redhat.com> > >commit adbd558c1c1bb312f363d19499646cd7bc21cc7f >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Aug 29 14:18:55 2011 -0400 > > policycoreutils: semanage: Dont print heading if no items selected > > If you tell semanage to list the contents of an object and the list is > empty, we should not print the header. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Signed-off-by: Dan Walsh <dwalsh@redhat.com> > >commit 90469f7f75d1e87584cde6927c47192306fb9e08 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Aug 26 16:51:19 2011 -0400 > > policycoreutils: semanage: show running and disk setting for booleans > > Basically this patch will show the booleans current state in the system and > the state on disk. > > Signed-off-by: Dan Walsh <dwalsh@redhat.com> > >commit b10ff76086a4065b3aa29e6c2f83c54923ebef74 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Sep 2 08:55:09 2011 -0400 > > libsepol: setools expects expand_module_avrules to be an exported interface of libsepol > > This is needed in order to build setools, although I think setools > still will not fully build. It would be good if someone from setools > would diagnose what is breaking. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 9f709e6bab863036950644a7dd470d50663b558b >Author: Harry Ciao <qingtao.cao@windriver.com> >Date: Thu Sep 1 11:29:47 2011 +0800 > > libsepol: Preserve tunables when required by semodule program. > > If the "-P/--preserve_tunables" option is set for the semodule program, > the preserve_tunables flag in sepol_handle_t would be set, then all tunables > would be treated as booleans by having their TUNABLE flag bit cleared, > resulting in all tunables if-else conditionals preserved for raw policy. > > Note, such option would invalidate the logic to double-check if tunables > ever mix with booleans in one expression, so skip the call to assert() > when this option is passed. > > Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit e4bc1b223debcc6747fef4d7a2a0a320c0208a88 >Author: Harry Ciao <qingtao.cao@windriver.com> >Date: Thu Sep 1 11:29:46 2011 +0800 > > libsepol: libsemanage: policycoreutils: Create a new preserve_tunables flag in sepol_handle_t. > > By default only the effective branch of a tunable conditional would be > expanded and written to raw policy, while all needless unused branches > would be discarded. > > Add a new option '-P' or "--preserve_tunables" to the semodule program. > By default it is 0, if set to 1 then the above preserve_tunables flag > in the sepol_handle_t would be set to 1 accordingly. > > Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 5722d765c756ac8dc52c52077f9311b8886fe8da >Author: Harry Ciao <qingtao.cao@windriver.com> >Date: Thu Sep 1 11:29:45 2011 +0800 > > libsepol: Skip tunable identifier and cond_node_t in expansion. > > The effective branch of a tunable has been appended to its home > decl->avrules list during link, in expansion we should just skip tunables > from expanding their rules into te_cond_avtab hashtab and adding to the > out->cond_list queue. > > Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit ad5951fcb142cf9c2e899d3d99ce35b729b66b4c >Author: Harry Ciao <qingtao.cao@windriver.com> >Date: Thu Sep 1 11:29:44 2011 +0800 > > libsepol: Permanently discard disabled branches of tunables in expansion. > > For a cond_node_t in one decl->cond_list queue, append its > avtrue_list or avfalse_list to the avrules list of its home decl > depending on its state value, so that these effective rules would > be permanently added to te_avtab hashtab. > > On the other hand, the rules on the disabled unused list won't be > expanded and written to the raw policy at all. > > Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit d9d583759595e522a0ebfb56f74ee2a274d48d19 >Author: Harry Ciao <qingtao.cao@windriver.com> >Date: Thu Sep 1 11:29:43 2011 +0800 > > libsepol: Copy and check the cond_bool_datum_t.flags during link. > > Copy the TUNABLE flag for cond_bool_datum_t during link, and check > if there is a mismatch between boolean/tunable declaration and > usage among modules. If this is the case, bail out with errors. > > Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit b0be2a06b7b377cfc3134bb7ebadc9cf9d070992 >Author: Harry Ciao <qingtao.cao@windriver.com> >Date: Thu Sep 1 11:29:42 2011 +0800 > > libsepol: Write and read TUNABLE flags in related data structures. > > All flags in cond_bool_datum_t and cond_node_t structures are written > or read for policy modules which version is no less than > MOD_POLICYDB_VERSION_TUNABLE_SEP. > > Note, for cond_node_t the TUNABLE flag bit would be used only at expand, > however, it won't hurt to read/write this field for modules(potentially > for future usage). > > Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 80f26c5ee865993264ef638480c6a05ab574f7c0 >Author: Harry Ciao <qingtao.cao@windriver.com> >Date: Thu Sep 1 11:29:41 2011 +0800 > > checkpolicy: Separate tunable from boolean during compile. > > Both boolean and tunable keywords are processed by define_bool_tunable(), > argument 0 and 1 would be passed for boolean and tunable respectively. > For tunable, a TUNABLE flag would be set in cond_bool_datum_t.flags. > > Note, when creating an if-else conditional we can not know if the > tunable identifier is indeed a tunable(for example, a boolean may be > misused in tunable_policy() or vice versa), thus the TUNABLE flag > for cond_node_t would be calculated and used in expansion when all > booleans/tunables copied during link. > > Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit f87ae538256eff759cb67c448416dc14031849a1 >Author: Harry Ciao <qingtao.cao@windriver.com> >Date: Thu Sep 1 11:29:40 2011 +0800 > > libsepol: Indicate when boolean is indeed a tunable. > > Add flags to cond_bool_datum_t and cond_node_t structures to differentiate > the tunables' identifiers and conditionals from those of booleans. > > Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit ab1195dcfeca07d49247940c529ad60b76c07dc0 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Aug 23 14:51:05 2011 -0400 > > sepolgen: look for booleans that might solve problems > > This patch allows audit2allow to do analysis on the AVC's to see if a > boolean would have solved the problem or if the AVC is caused by a > constraint. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit eecf746aa87d22a84ed6f21a142d1e2303c68dda >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Aug 23 14:49:45 2011 -0400 > > sepolgen: Change perm-map and add open to try to get better results on matches > > This patch adds open to sepolgen checks and resets the priorities to > get better matches on AVCs > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 216f456401151d02b39bd3c7f47581a4b8632ab8 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Jul 6 20:52:05 2011 -0400 > > policycoreutils: sandbox: cntrl-c should kill entire process control group > > Change the signal handler to handle ctrl-C and exit properly > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit e8575bf497806eb5aea0ff0e207e35a5a1534064 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Jul 6 20:22:26 2011 -0400 > > policycoreutils: sandbox: add level based kill option > > add kill option to seunshare to kill all processes that are still running > with the execcon MCS label. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit f37a6a71cb32d9bd26adfebd89df2bedd4bfaafd >Author: Eric Paris <eparis@redhat.com> >Date: Mon Aug 8 15:47:43 2011 -0400 > > policycoreutils: sandbox: do not bind mount so much > > pam_namespace and sandbox both do the bind mounts internally now. No > reason to force this on everyone. Hopefully the sandbox init script > will be disappearing with systemd doing this by default. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 31edb319affb5e5c6298a53ca2de62abedb01630 >Author: Eric Paris <eparis@redhat.com> >Date: Mon Aug 15 19:58:08 2011 -0400 > > policycoreutils: sandbox: rewrite /tmp handling > > seunshare now creates a runtime temporary directory owned by root and > with the sticky bit set properly. Files from the user-specified directory > are copied to the runtime directory and the changes synced back (using rsync) > at the end of the seunshare run. > > This is hoped to address CVE-2011-1011 > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 4347a5c01d79778ffb9c74b02cd174b0469670c8 >Author: Eric Paris <eparis@redhat.com> >Date: Wed Aug 3 15:09:22 2011 -0400 > > policycoreutils: sandbox: add sandbox cgroup support > > Add cgroup support > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 3e532cffac63d2d57cebf0bc5248d35e29e50126 >Author: Eric Paris <eparis@redhat.com> >Date: Fri Aug 26 15:26:25 2011 -0400 > > policycoreutils: sandbox: add -Wall and -Werror to makefile > > Just like everything else we should be erroring out on warnings. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 1d54976d73c7dfdde5ecdf74346727e01445b2e1 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Sep 14 08:59:37 2011 -0400 > > policycoreutils: setfiles: do not wrap * output at 80 characters > > Russell Coker pointed out most displays are no 80 chars so we should just > put out * and let the terminal wrap itself. > > Signed-off-by: Dan Walsh <dwalsh@redhat.com> > Acked-by: Eric Paris <eparis@redhat.com> > >commit f23e078018b5313dd6a320b401173cc834b9450d >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Aug 9 09:53:49 2011 -0400 > > policycoreutils: setfiles: Fix potential crash using dereferenced ftsent > > If fts_read() fails for any reason ftsent will be NULL. Previously we > would have reported the error and then continued processing. Now we > report the error and stop using the NULL pointer. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit a2db3f2df850362a6f6f6ddf779bb20f0bba9cbe >Author: Eric Paris <eparis@redhat.com> >Date: Sun Jul 10 16:54:25 2011 +0200 > > policycoreutils: setfiles: switch from stat to stat64 > > When we converted from nftw to fts we had to remove the automatic large > file support had to be removed. Thus we switch from stat to stat64 on > all archs. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit f14912ee6e8402a8ca357c518d9c4a8f79cade99 >Author: Eric Paris <eparis@redhat.com> >Date: Wed Aug 3 11:11:40 2011 -0400 > > policycoreutils: audit2allow: sepolgen-ifgen use the attr helper > > This patch adds support to actually use the new sepolgen-ifgen attr > helper. We included the helper which generates attribute information > but this patch makes use of it. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 037285e936d252eeb734a956b80158d3bf6685d9 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Aug 23 14:56:15 2011 -0400 > > sepolgen: src: sepolgen: add attribute storing infrastructure > > add attribute handling to sepolgen so it can take into account the attributes > within an interface > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit f4ecef50b25833d56f18a9219bd6c919c8da7186 >Author: Eric Paris <eparis@redhat.com> >Date: Thu Sep 8 17:25:22 2011 -0400 > > policycoreutils: audit2allow: use alternate policy file > > Add a --policy option to audit2allow to make it use an > alternate use specified policy instead of the running > policy. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 5a2173519c4210e4b99b08bc08006dfb872442d2 >Author: Eric Paris <eparis@redhat.com> >Date: Sun Jul 10 11:53:29 2011 +0200 > > policycoreutils: sepolgen-ifgen: new attr-helper does something > > This program is used by sepolgen-ifgen to get the access for all of the > attributes in the policy so that it can resolve the typeattribute statements > in the interfaces. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 0299119625fe0067998fffdff9bdf721379f3131 >Author: Harry Ciao <qingtao.cao@windriver.com> >Date: Tue Aug 16 16:08:52 2011 +0800 > > libsepol: Skip writing role attributes for policy.X and downgraded pp. > > Role attributes are redundant for policy.X, their destiny has been > fulfilled in the expand phase when their types.types ebitmap have > been populated to that of their sub regular roles. > > When pp is downgraded, role_datum_t's the flavor flag and roles > ebitmap would be discarded, resulting in role attributes useless > at all. So for such case they should also be skipped. > > Deduct the number of role attributes from p_roles.table->nel when > they are skipped. > > Last, uncount attributes number before converting endianness. > > Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 60c780ffb6e7a48a2121e871ad20471a8fe0337d >Author: Eric Paris <eparis@redhat.com> >Date: Wed Jun 29 01:38:51 2011 -0400 > > libsemanage: change module disabled from rename to symlink > > Change the way libsemanage handles disabled modules. In the current > method libsemanage renames the FOO.pp file to FOO.pp.disabled and then > the rebuild process ignores *.disabled modules. > > Since we want to start shipping > > /etc/selinux/targeted/modules/active/modules/*.pp within the payload of > the rpm. If we continued this method, a policy update would re-enable a > module. > > The new mechanism will just create a symbolic link between FOO.pp and > FOO.pp.disabled. Then the library will check all modules, and if a > module has a link, it will not be compiled into the policy. This solves > the rpm update problem. and actually gives us an easier update > capability since if FOO.pp.disabled already exists using the old method, > it will continue to work with the new method. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit c7107e41fffc0d1cb807dd2989c2470070690fd1 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Sep 14 22:04:05 2011 -0400 > > Fix man page comment about prefix separator > >commit 95cc171a03f23b22be68dbfffb4a38a8c40ed37b >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Sep 14 21:56:17 2011 -0400 > > Switch to using ':' for separation of paths for label prefix > >commit 120eced2ad155b014227ce4e3487beeeaed0f64e >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Sep 14 21:49:19 2011 -0400 > > Switch to using the : as the separator for prefixes for labeling > >commit 69d4af07fd9c6f3ba16aa7861f4c38e3d5fb4255 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Sep 14 21:45:11 2011 -0400 > > Switch to using ':' for separation of paths for label prefix > >commit 04cbbb7f593252907d527c8e2bb3dba464bf0865 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Sep 14 08:59:37 2011 -0400 > > Russell Coker pointed out most displays are no 80 chars so we should just put out * and let the terminal wrap itself > >commit f565ee92d1139993fbaf442d656d83cb749b0d87 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Sep 14 08:55:07 2011 -0400 > > Add period to end of description to be consistant > >commit a925047faf1a52bb24aa85f29815f2313553b582 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Sep 14 08:54:06 2011 -0400 > > Change sandbox init script to not load functions any longer, we don't use them > >commit bff908bc8689d69b1775232a0773570f69f2e4fa >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Sep 8 15:23:40 2011 -0400 > > More files to ignore > >commit 1eedd613c40a3e8b86af72b846615d84b5ad85e1 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Sep 8 15:11:51 2011 -0400 > > Fix copyright > >commit 0612482cca1335c873d6c348eafa91400f75ea7c >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Sep 7 16:57:49 2011 -0400 > > Fixes suggested by Eric > >commit 52e8bfc7cdc0020a99500af4010702f731ba5245 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Sep 7 14:20:30 2011 -0400 > > Maintain the LANG environment into the sandbox > >commit fbdf8c40601a79f56f79ea2e492cd2a0dddc6cba >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Sep 7 13:58:24 2011 -0400 > > Change restorecon to just change the type of an object, rather then the role, user and range. > >commit eeff982e3c6f17a287ec2e6e3e6531536e38400c >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Sep 6 09:45:26 2011 -0400 > > Only look for ; if options is actually set > >commit 963cc2bdebf68caf6505468f4176bdc56c326253 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Sep 2 08:55:47 2011 -0400 > > Allow setfiles/restorecon to take advantage of new subset handling in libselinux > >commit 67ed727915bf03c221c2cdda82c5cbfdeb411278 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Sep 2 08:55:09 2011 -0400 > > setools expects expand_module_avrules to be an exported interface of libsepol > >commit 563e655728db5f1fdaac72bf794c0b75e28b7727 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Sep 2 08:54:12 2011 -0400 > > Allow SELinux labelling to support multiple prefix/subsets labeling, to reduce memory and increase speed apps that support labeling on a subset of directories > >commit aa2bc50909ab3157f6421931e56eb23da336c05e >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Sep 2 08:36:09 2011 -0400 > > If you do a semanage permissive -l, on an SELinux disabled machine semanage crashes with a python exception > >commit 083f4519b62e5508f11a76fd6aa4803e2e6bba8f >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Sep 1 10:50:27 2011 -0400 > > Catch RuntimeErrors, that can be generated when SELinux is disabled > >commit 44339541e64295cb237993943faedfd80a7abdba >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Aug 30 11:04:35 2011 -0400 > > Fix realpath to add / and use matchpathcon myprintf > >commit 875acd93025f8f846812d5b803aec579d378b35d >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Aug 30 04:52:18 2011 -0400 > > audit2allow is mistakakenly not allowing valid module names > >commit 9fb231e556327c6626f5a773ca403a8f5ca30ddc >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Aug 29 14:18:55 2011 -0400 > > Dont print heading if no items selected > >commit 507d5e12b42c2c379b6d47b77ad2e94515ab3fcc >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Aug 26 16:51:19 2011 -0400 > > Stop showing heading if nothing is returned > >commit 0ae97bacd6f39c42f71e27906bbc315c48135276 >Merge: aacc05c 1f8cf40 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Aug 26 16:51:15 2011 -0400 > > Merge branch 'master' of http://oss.tresys.com/git/selinux > > Conflicts: > policycoreutils/sandbox/Makefile > policycoreutils/sandbox/sandbox > policycoreutils/sandbox/sandbox.8 > policycoreutils/sandbox/seunshare.8 > policycoreutils/sandbox/seunshare.c > policycoreutils/setfiles/restore.c > >commit 1f8cf403be49dd8b918e2ff21969a6a47928d672 >Author: Eric Paris <eparis@redhat.com> >Date: Fri Aug 26 15:11:58 2011 -0400 > > update changelog and versions for 2011-08-26 > >commit 3f1446944eef99734bf4caef093b7fc1de51c747 >Author: Eric Paris <eparis@redhat.com> >Date: Fri Aug 26 14:46:02 2011 -0400 > > sepolgen: refparser: include open among valid permissions > > The perser doesn't recognize 'open'. Make it so. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit de311acdc976f8a8ec186d99181782e56b12b454 >Author: Eric Paris <eparis@redhat.com> >Date: Fri Aug 26 14:44:33 2011 -0400 > > sepolgen: refparser: add support for filename_trans rules > > The parser cannot handle the new format of filename_trans rules. Nor > can it handle the " now used. Add support for both. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit ddc5063c167ea3c253262c79c177d72c6aab68f9 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Aug 23 14:46:37 2011 -0400 > > policycoreutils: setfiles: Fix process_glob to handle error situations properly > > Rather than error when a glob does not match return success as this is > not a problem. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Eric Paris <eparis@redhat.com> > >commit a0e2e16878c2aae375920f8fef8efe07bcd6ac3d >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Jul 26 10:42:26 2011 -0400 > > policycoreutils: sandbox: Allow seunshare to run as root > > Signed-off-by: Dan Walsh <dwalsh@redhat.com> > >commit 37644bfa936505cbfa9ab9cc20842ccaea89e036 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Jul 6 20:52:38 2011 -0400 > > policycoreutils: sandbox: trap sigterm to make sure sandbox exits with the proper exit code > > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 83e6416bca8d0d4a2c0ab804e9789610acd40426 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Jun 7 08:34:04 2011 -0400 > > policycoreutils: sandbox: pass DPI from the desktop > > Fix sandbox to pass DPI from the desktop to the sandbox program. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit f6558d9cecae6653e589039359465f796cca7d9a >Author: Eric Paris <eparis@redhat.com> >Date: Fri Aug 5 14:06:34 2011 -0400 > > policycoreutils: sandbox: seunshare: introduce helper spawn_command > > Introduce a helper which will spawn children and wait for them to exit > so we don't have to keep writing that code over and over. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit bf22cff3ea931abfe431856b015390600f969770 >Author: Eric Paris <eparis@redhat.com> >Date: Fri Aug 5 14:36:29 2011 -0400 > > policycoreutils: sandbox: seunshare: introduce new filesystem helpers > > These are just simple new helpers which make it easy to check uid, gid, > if two stat results are the same and things like that. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 149afc688a53839e57ca541dfa1f84c946bb6399 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Jun 13 13:24:38 2011 -0400 > > policycoreutils: sandbox: add -C option to not drop all capabilities > > Some sandbox might want to be able to run a suid app. Add the -C option > to allow capabilities to stay in the bounding set, and thus be allowed > inside the sandbox. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit d6c09608cd6a1c29fa2befd1b9769350f3bdee50 >Author: Eric Paris <eparis@redhat.com> >Date: Fri Aug 5 13:33:35 2011 -0400 > > policycoreutils: sandbox: split seunshare caps dropping > > Split drop_capabilities into drop_privs, which does the same thing, and > drop_caps, which only drops caps but doesn't affect the uid. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 64b7a309c5d44ea1cefe84888e638dcdd6fa7ec4 >Author: Eric Paris <eparis@redhat.com> >Date: Mon Aug 15 19:59:41 2011 -0400 > > policycoreutils: sandbox: use dbus-launch > > Instead of directly calling, use dbus-launch. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 26ff83cf87b58247646894bd252de4ed74b391f8 >Author: Eric Paris <eparis@redhat.com> >Date: Mon Aug 15 19:57:12 2011 -0400 > > policycoreutils: sandbox: numerous simple updates to sandbox > > Little things like better error messages, usage text, code duplication > and the like. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit da7ae7951c692a60b6137ebaf6f33232a9bd63be >Author: Eric Paris <eparis@redhat.com> >Date: Mon Aug 15 16:00:04 2011 -0400 > > policycoreutils: sandbox: do not require selinux context > > seunshare can be used on non-selinux systems. It can also be used > without transition to a new context. Thus we should not require that a > context be set. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 3c5abbc34110b8f4393d011a2d6eb8484131ca24 >Author: Eric Paris <eparis@redhat.com> >Date: Mon Aug 15 13:56:02 2011 -0400 > > policycoreutils: sandbox: Makefile: new man pages > > we have man pages which aren't being instelled with make install. We > also do not include -Werror -Wall -Wextra in the build like we do with > other packages, so include those. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit baf4d59407c1663b29498c533b54e75bf648567b >Author: Eric Paris <eparis@redhat.com> >Date: Wed Aug 10 17:43:14 2011 -0400 > > policycoreutils: sandbox: rename dir to srcdir > > Just a simple variable rename to make it clear what it does. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit d7258412392f005e297d3a02670740e14057790f >Author: Eric Paris <eparis@redhat.com> >Date: Wed Aug 10 17:22:41 2011 -0400 > > policycoreutils: sandbox: allow users specify sandbox window size > > This allows users to create sandbox windows of a specified size on the > command line. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 74bb5c01d651d1f35f863d53671e55d9686cd079 >Author: Eric Paris <eparis@redhat.com> >Date: Wed Aug 10 16:28:36 2011 -0400 > > policycoreutils: sandbox: check for paths up front > > When launching a sandbox x environment we should check up front to make > sure that the seunshare and sandboxsh files exist and bail politely if > they do not exist. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 1701e786eaaf25b8b2fa3484691b9a06e6130658 >Author: Eric Paris <eparis@redhat.com> >Date: Wed Aug 10 16:13:26 2011 -0400 > > policycoreutils: sandbox: use defined values for paths rather than open coding > > Rather than putting pathnames all throughout the file define them as > variables and reuse these variables where needed. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 406ae12e31ac60ccbecc67dc1314dd88491ca9cd >Author: Eric Paris <eparis@redhat.com> >Date: Wed Aug 3 16:23:12 2011 -0400 > > policycoreutils: sandbox: move seunshare globals to the top > > Just coding style, globals go at the top of .c files, not randomly > throughout. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 89e3dd6c30edc2ffa1e52e8ed162c1085c6d6c9b >Author: Eric Paris <eparis@redhat.com> >Date: Wed Aug 3 14:27:32 2011 -0400 > > policycoreutils: sandbox: whitespace fix > > couple of whitespace at the end of the line. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 8fb9a4571d3db8675ec12ba5ee1e2f2c3cefbeec >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Aug 4 09:53:34 2011 -0400 > > policycoreutils: semodule_package: Add semodule_unpackage executable > > Much like semodule_package this utility will unpack! > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 242a98cd21adcb126305c9e2f0522564b702af3e >Author: Eric Paris <eparis@redhat.com> >Date: Sun Jul 10 17:32:14 2011 +0200 > > policycoreutils: setfiles: get rid of some stupid globals > > We have some useless globals in setfiles that don't need to be. Stop > it. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 5ffa296798f892c6ba4946bd8181036dfddf29c9 >Author: Eric Paris <eparis@redhat.com> >Date: Sun Jul 10 16:46:38 2011 +0200 > > policycoreutils: setfiles: move exclude_non_seclabel_mounts to a generic location > > move exclude_non_seclabel_mounts from setfiles.c to restore.c so it can > be used by other functions later. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 142209161fc5a383a8f34a7fd73bf6a8ecf349f3 >Author: Eric Paris <eparis@redhat.com> >Date: Thu Aug 11 23:36:14 2011 -0400 > > global: Makefile: create global 'all' target > > This does 2 things. It does a little cleanup by de-duplicating code. > It also adds a new target 'all' as the default target. Previous the > default target was 'install'. There was no 'all' target. This patch > should allow one to build all of the tree as a non-root user. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit e759841c08eb97bf7c8f7cd3197fe7758cd4cba6 >Author: Eric Paris <eparis@redhat.com> >Date: Thu Aug 18 09:58:19 2011 -0400 > > checkpolicy: fix spacing in output message > > The output formatting had two items crammed together without a space. > Add a space. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit acb4ecaa0111a428b2c443e0db937caa09696923 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Aug 22 09:46:59 2011 -0400 > > libsemanage: python wrapper makefile changes > > Allow Change libsemanage Makefile to be able to build by default and to build > if you change the version of Python > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit bc1a8e2a4af543d04e8df70a92a5a7a3aeebf669 >Author: Richard Haines <richard_c_haines@btinternet.com> >Date: Wed Mar 9 16:34:08 2011 +0000 > > libselinux: selinux_file_context_verify function returns wrong value. > > selinux_file_context_verify(3) should now return the correct codes and > matchpathcon(8) has been modified to handle them. > > The selinux_file_context_verify(3)and selinux_file_context_cmp(3) man pages > have also been updated (re-written really) to correct return codes. > > I found that selabel_open left errno set to ENOENT because a > file_contexts.subs file did not exist on my system, but left selabel_open > alone and set errno = 0 before calling selinux_filecontext_cmp. > > [fix uninitialize init variable in matchpathcon.c::main - eparis] > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 7df397d3d916e7018981b9fcf8062f992b4cec49 >Author: Eric Paris <eparis@redhat.com> >Date: Wed Aug 17 11:24:25 2011 -0400 > > libselinux: move realpath helper to matchpathcon library > > Instead of only doing path simplification and symlink following for the > matchpathcon helper instead do it in the library potion. This was an > issue when in python some called selinux.matchpatchcon("//lib64", 0) and > got the wrong answer (because the // wasn't being dealt with) > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 57c6012f8662d8f40d42fe145a5ec55bbd1b0f73 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Aug 22 09:58:11 2011 -0400 > > libselinux: python wrapper makefile changes > > Allow Change libselinux Makefile to be able to build by default and to build > if you change the version of Python > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit aacc05ce9566c669a937b9c7c13d4c277700c2f2 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Aug 25 16:35:04 2011 -0400 > > Don't show headers if the list is empty > >commit 66a98bde6498479e4fcd265049c2f84c39a77d64 >Merge: fe2dc6b 6b6b475 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Aug 25 15:46:53 2011 -0400 > > Merge branch 'master' of http://oss.tresys.com/git/selinux > > Conflicts: > libselinux/utils/matchpathcon.c > libsemanage/src/Makefile > policycoreutils/scripts/fixfiles > policycoreutils/semanage/semanage > policycoreutils/setfiles/restore.c > policycoreutils/setfiles/restore.h > >commit fe2dc6b301174a35f76c7271d33bd531d8f6a577 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Aug 25 08:55:21 2011 -0400 > > Fix typo > >commit 7f5dfc004e5a9f3cb6c1af939e082bbeac82b5d5 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Aug 23 14:56:15 2011 -0400 > > add attribute handling to sepolgen so it can take into account the attributes within an interface > >commit f38688b032227606d4584b7bb8547dd95c848b80 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Aug 23 14:54:56 2011 -0400 > > Allow sepolgen to handle file name transitions > >commit c5c08ae1b6a79ce7d8b81539666938b7e4bdf934 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Aug 23 14:53:44 2011 -0400 > > Allow returning of bastard matches > >commit bd412552a86990276f9cc3228af43c79b67a3c49 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Aug 23 14:52:47 2011 -0400 > > Change analysys of sepolgen to return booleans and te rules that would tell audit2allow if there are booleans that can handle the AVC > >commit ae8034e7df75eb4da5643c9a64323caafbace99a >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Aug 23 14:51:41 2011 -0400 > > Change analysys of sepolgen to return booleans and te rules that would tell audit2allow if there are booleans that can handle the AVC > >commit aafbd804fb58bd0da7aae39addb672c1fc684e0b >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Aug 23 14:51:05 2011 -0400 > > Change analysys of sepolgen to return booleans and te rules that would tell audit2allow if there are booleans that can handle the AVC > >commit f4535d706954c67895322a8ef62eafe17ededcb6 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Aug 23 14:49:45 2011 -0400 > > Change perm-map and add open to try to get better results on matches > >commit fa5a01d896691243c75ac3867643e4a000ecc9ef >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Aug 23 14:46:37 2011 -0400 > > Fix process_glob to handle error situations properly > >commit 4e8f9a29b43a98a50708c2f57ff44a96594bd5b6 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Aug 22 09:58:11 2011 -0400 > > Allow Change libselinux Makefile to be able to build by default and to build if you change the version of Python > >commit be23b3ec5ebbcffff83eaf1544e4c5b66150ecf0 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Aug 22 09:46:59 2011 -0400 > > Allow Change libsemanage Makefile to be able to build by default and to build if you change the version of Python > >commit b7a6e793875da2effc115f883777d82728aa440d >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Aug 18 07:33:02 2011 -0400 > > Add space to dispol so filename transition name field will display on the same line rather then the next line > >commit 6b6b475dcfe77dbf3d37b4f6e4fee3539346f359 >Author: Eric Paris <eparis@redhat.com> >Date: Wed Aug 17 11:17:28 2011 -0400 > > update changelog and VERSION for latest changes > >commit 3ed7221bf7832f207a125e6364ece1826d369c37 >Author: Guido Trentalancia <guido@trentalancia.com> >Date: Tue Jul 19 21:51:06 2011 +0200 > > policycoreutils: run_init: clarification of the usage in the manual page > > It's a very minor thing really, but I believe (on the basis of an > off-list question) that the manual page for policycoreutils/run_init can > be improved by the following short patch which aims to further clarify > the intended usage of such tool and mention that it caters for one > (somewhat hidden) compile-time option. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit d761cc98490546da3dd048a5b201d2edb020d33b >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Aug 4 09:51:52 2011 -0400 > > policycoreutils: semanage: fix usage header around booleans > > Fix header to not display all of the options and fix Booleans to only list > supported options > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit f97e508567a07e4f2680843ec8265295bae605fb >Author: Eric Paris <eparis@redhat.com> >Date: Wed Aug 3 11:56:17 2011 -0400 > > policycoreutils: semanage: remove useless empty lines > > This patch just removes some blank lines that we don't need. Makes it > all purdy. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 1654b964bccd03ab286c9fdc687670fd9e6ba6e4 >Author: Eric Paris <eparis@redhat.com> >Date: Tue Jul 19 16:05:23 2011 -0400 > > policycoreutils: semanage: update man page with new examples > > semanage rocks, so make the man page rock! > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit e883871de23f64633a5b0a99e7ac372fe90ca15b >Author: Eric Paris <eparis@redhat.com> >Date: Tue Jul 19 14:21:11 2011 -0400 > > policycoreutils: semanage: update usage text > > Add -D and -l and -n in the usage text where they belong. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit d01c33c90ed9197e8cf29db15566e3c35a43fa77 >Author: Eric Paris <eparis@redhat.com> >Date: Tue Jul 19 14:21:08 2011 -0400 > > policycoreutils: semanage: introduce file context equivalencies > > This adds a new -e options to semanage fcontext which allows one to > specify filesystem equivalancies. An example would be if an admin were > to run out of space and to start putting home directories in /home1. > They can use the equivalencies to specify that /home1 is labeled exactly > like /home. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit f78aa2f81b9d974bedf8f7cc0dae7bbebdff15c8 >Author: Eric Paris <eparis@redhat.com> >Date: Tue Jul 19 12:15:41 2011 -0400 > > policycoreutils: semanage: enable and disable modules > > Add tools to store the state of modules and to enable and disable those > modules. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit e25ea71a5b288058288b70a2f23f757fe89bb0c8 >Author: Eric Paris <eparis@redhat.com> >Date: Tue Jul 19 11:38:57 2011 -0400 > > policycoreutils: semanage: output all local modifications > > Introduce a new -o option which will output all local modifications in a > method which can be 're-inputted' on another host. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit f3fbc5d6dee7ccc85c6f8c55a9e7508a82000088 >Author: Eric Paris <eparis@redhat.com> >Date: Tue Jul 19 11:27:23 2011 -0400 > > policycoreutils: semanage: introduce extraction of local configuration > > Add a new option -E which will extract the local configuration changes > made for the given record type. This will be used by a further output > option to be able to dump local configuration in a form which can be > imported later. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 2c3e6f6115c5879962fd726d2ce18567210bf947 >Author: Eric Paris <eparis@redhat.com> >Date: Tue Jul 19 11:27:22 2011 -0400 > > policycoreutils: semanage: cleanup error on invalid operation > > Before you would get: > $ semanage fcontext toys > /usr/sbin/semanage Invalid command fcontext toys > > Now you get: > $ semanage fcontext toys > /usr/sbin/semanage: Invalid command: semanage fcontext toys > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 877447a9e7c8d4dce5054be9c16c1643f532a105 >Author: Eric Paris <eparis@redhat.com> >Date: Tue Jul 19 11:27:14 2011 -0400 > > policycoreutils: semanage: handle being called with no arguments > > Return quickly instead of tring to parse arguments if there are > no arguments. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit a0d1dc8a019c13cfa0db1192a700bcc9122f8606 >Author: Eric Paris <eparis@redhat.com> >Date: Mon Jul 18 12:54:38 2011 -0400 > > policycoreutils: semanage: return sooner to save CPU time > > Right now we do lots of needless string comparisons even though we know > we are finished doing work immediately after an operation. So return > sooner. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit d2f0f42570d9b2aebf55c96e60e6db6b52a79bfb >Author: Eric Paris <eparis@redhat.com> >Date: Mon Jul 18 12:35:15 2011 -0400 > > policycoreutils: semanage: surround getopt with try/except > > One of the getopt parsers didn't have a try/except pair to show usage > when a user did it wrong. Fix that. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 0c4d0788abf2364d0f05cac675014849ee66e423 >Author: Eric Paris <eparis@redhat.com> >Date: Mon Jul 18 12:12:34 2011 -0400 > > policycoreutils: semanage: use define/raise instead of lots of conditionals > > Right now the validation code has lots of conditionals which check if we > are trying to add and delete or add and modify or something like that. > Instead make a single function which just sets if this operation is > trying to do an action and if it gets called twice will realize this is > invalid and will raise and exception. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 123559545f6244cde45f370dba0902869c1af49b >Author: Eric Paris <eparis@redhat.com> >Date: Mon Jul 18 12:03:01 2011 -0400 > > policycoreutils: semanage: some options are only valid for local changes > > Some options like --locallist and --deleteall only effect local changes > not global things. Split these validation options into their own bit of > code. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit cfddb3fa9a09ee3808f29594b195ef1603c1815a >Author: Eric Paris <eparis@redhat.com> >Date: Fri Jul 15 19:03:17 2011 +0200 > > policycoreutils: semanage: introduce better deleteall support > > The help text, man pages, and stuff didn't include everything about > deleteall rules. Try to update them. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 643b9b703cd75e75dac532713b2516115f6336f9 >Author: Eric Paris <eparis@redhat.com> >Date: Fri Jul 15 18:23:45 2011 +0200 > > policycoreutils: semanage: do not allow spaces in file context > > The entire tool chain does not support file context with a space in the > regex. If one of these gets into the file_context files, all sorts of stuff > goes nuts. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 4c96df7d77a775aae7d3355d6097bee827f97a58 >Author: Eric Paris <eparis@redhat.com> >Date: Fri Jul 15 15:11:10 2011 +0200 > > policycoreutils: semanage: distinguish between builtin and local permissive types > > This just distinguishes between permissive types that were definied in > policy and those that were set by the user using semanage. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 12e29ee1ddfa3a16e101e92503b0bc8d14120dd4 >Author: Eric Paris <eparis@redhat.com> >Date: Fri Jul 15 14:33:17 2011 +0200 > > policycoreutils: semanage: centralized ip node handling > > Right now we have very little in the way of IP address validation. We > also do not properly support IPv6 netmasks. This patch centralizes IP > address validation and fixes the netmask support. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 66564a67cf3fd8b282d1222aaec8b02ae97611fb >Author: Eric Paris <eparis@redhat.com> >Date: Sun Jul 10 17:35:24 2011 +0200 > > policycoreutils: setfiles: make the restore function exclude() non-static > > Stuff wants to use it later. Make it non-static. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 17c577ace7fcaae08401233cc9debde2d574b756 >Author: Eric Paris <eparis@redhat.com> >Date: Sun Jul 10 17:06:00 2011 +0200 > > policycoreutils: setfiles: use glob to handle ~ and . in filenames > > Use the glob library to handle ~ and . in filenames passed from the > command line. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 5bd734dd7395a2f6c87546b8e7159b02544405f9 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Aug 10 14:32:47 2011 -0400 > > policycoreutils: fixfiles: do not hard code types > > We had a number of places where fixfiles would search for or set hard > coded types. If policy used something other than tmp_t var_t file_t or > unlabeled_t we would go wrong. This patch does 2 things. It uses the > kernel provided selinuxfs interfaces to determine the label on unlabeled > and unknown files and it uses the --reference option with chcon to set > new labels. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 35f4e6a870b517b964f68027d79f6cb17b5678a6 >Author: Eric Paris <eparis@redhat.com> >Date: Sun Jul 10 16:21:35 2011 +0200 > > policycoreutils: fixfiles: stop trying to be smart about filesystems > > The type of a filesystem (ext*, btrfs, etc) really doesn't matter when > it comes to the ability to set labels. Stop trying to be smart and just > call restorecon. It will either work or it won't and out heuristic > isn't helping. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 1da72eea266fdee3603204423ab1d9e68ff05f79 >Author: Eric Paris <eparis@redhat.com> >Date: Sun Jul 10 16:09:11 2011 +0200 > > policycoreutils: fixfiles: use new kernel seclabel option > > The kernel now outputs a mount option called 'seclabel' which indicates > if the filesystem supposed security labeling. Use that instead of > having to update some hard coded list of acceptable filesystems (that > may or may not be acceptable depending on if they were compiled with > security xattrs) > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit e2769ff6700665bb054b7a8e3f8db67712b92da1 >Author: Eric Paris <eparis@redhat.com> >Date: Sun Jul 10 14:19:47 2011 +0200 > > policycoreutils: fixfiles: pipe everything to cat before sending to LOGFILE > > We do this so we can eliminate foolish avcs about restorecon trying to > write to a random directory. We allow apps to communicate with fds > globably. So this allows the access no AVC's I am happy > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 275560b2a380a5f34041fd4569a38791f25aa195 >Author: Eric Paris <eparis@redhat.com> >Date: Sun Jul 10 14:14:14 2011 +0200 > > policycoreutils: fixfiles: introduce /etc/selinux/fixfiles_exclude_dirs > > Introduce a new file /etc/selinux/fixfiles_exclude_dirs which contains a > list of directories which should not be relabeled. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 5e096d9ceb637a785d4537555799602a3de2b3dc >Author: Eric Paris <eparis@redhat.com> >Date: Thu Jul 7 15:41:31 2011 +0200 > > policycoreutils: semodule: support for alternative root paths > > Add a -p option to semodule which will allow it to operate on the > specified semanaged root instead of the default. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 4b00b5c6a4876f3470b53252bad7a1e6f91899fc >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Aug 4 09:49:56 2011 -0400 > > libsemanage: print error debug info for buggy fc files > > Currently if you have a bug in a fc file, the store only reports that you have > a problem but not the name of the module, or any hint of what is wrong. This > patch will print out as much as been collected in the file_spec at the time > of the error. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 9cd587f5533456e7b26601e27e65744272e2e783 >Author: Eric Paris <eparis@redhat.com> >Date: Wed Jun 29 01:12:25 2011 -0400 > > libsemanage: introduce semanage_set_root and friends > > Allow applications to specify an alternate root for selinux stores. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 9406ace82b12780da84b2553cb74f88101978ea2 >Author: Eric Paris <eparis@redhat.com> >Date: Wed Jun 29 00:57:40 2011 -0400 > > libsemanage: throw exceptions in python rather than return NULL > > Python doesn't really work on the basis of negative error code. It > throws exceptions. This patch automatically generates little stub > functions which will catch negative error codes and will throw > exceptions in their place. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 78d58d73b4098ec56b6545abd9f9719563d0d587 >Author: Daniel J Walsh <dwalsh@redhat.com> >Date: Fri Jun 24 16:43:11 2011 -0400 > > libsemanage: python3 support. > > Dave Malcolm has been working on adding python3 support to libsemanage > (and libselinux). > > Change to Makefile to: > > Support building the Python bindings multiple times, against various Python > runtimes (e.g. Python 2 vs Python 3) by optionally prefixing the build > targets with "PYPREFIX": > > Should build python2 version by default, without the user doing any changes. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit d784fd71b56cb8f57d5b9fcd784094e004bf7c6a >Author: Russell Coker <russell@coker.com.au> >Date: Wed Jan 5 19:30:25 2011 +1100 > > libsemanage: patch for MCS/MLS in user files > > The attached patch makes the > /etc/selinux/default/contexts/files/file_contexts.homedirs generation process > include the MCS/MLS level. > > This means that if you have a user with a MCS/MLS level that isn't SystemLow > then their home directory will be labeled such that they can have read/write > access to it by default. > > Unless anyone has any better ideas for how to solve this problem I will upload > this to Debian shortly. > > What do the MLS users do in this situation? Just relabel home directories > manually? > > Finally it seems that when you run "semanage user -m" the > file_contexts.homedirs doesn't get updated, it's only when you run > "semanage login -m" that it takes affect. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Russell Coker <russell@coker.com.au> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 34d9c258dac686f4baa2e7f0d6f25f7e7ca5aac6 >Author: Richard Haines <richard_c_haines@btinternet.com> >Date: Wed Mar 30 17:10:05 2011 +0100 > > libselinux: mapping fix for invalid class/perms after selinux_set_mapping call > > Please find another libselinux patch. I've tested quite extensively with the compute_av and string functions with and without mapping and seems okay. > > The patch covers: > When selinux_set_mapping(3) is used to set the class and permissions allowed by an object manager, then an invalid class and/or permissions are selected (e.g. using security_class_to_string), then mapping.c in libselinux forces an assert. This patch removes the asserts and allows the functions to return a class/perm of 0 (unknown) with errno set to EINVAL. A minor patch to set EINVAL in security_av_perm_to_string_compat is also included. All the functions to convert perms & classes to strings and back should now return the correct errno with or without mapping enabled. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 8faf23de0b534a19555691e8ba111dcde8f02af3 >Author: Eric Paris <eparis@redhat.com> >Date: Wed Aug 3 14:02:37 2011 -0400 > > libselinux: audit2why: work around python bug not defining SIZEOF_SOCKET_T > > A at least one broken python headers didn't define SIZEOF_SOCKET_T. > Define it if we happen upon one of those. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 4ad18969546c16bd78206799de642af6eb2293ea >Author: Eric Paris <eparis@redhat.com> >Date: Wed Jun 29 00:11:17 2011 -0400 > > libselinux: resolv symlinks and dot directories before matching paths > > matchpathcon cannot handle ./ or ../ in pathnames and doesn't do well > with symlinks. This patch uses the glibc function realpath() to try to > determine a real path with resolved symlinks and dot directories. For > example before this pach we would see: > > $ matchpathcon /tmp/../eric > /tmp/../eric <<none>> > $ matchpathcon /eric > /eric system_u:object_r:default_t:s0 > > Whereas after the path we get the same results. The one quirk with the > patch is that we need special code to make sure that realpath() does not > follow a symlink if it is the final component. aka if we have a symlink > from /eric to /tmp/eric we do not want to resolv to /tmp/eric. We want > to just resolv to the actual symlink /eric. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 5619635063741e1c8c9cf53a8746dd29be0cda79 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Aug 9 10:28:38 2011 -0400 > > checkpolicy: add missing ; to attribute_role_def > > The commit to add role attributes forgot a ; in policy_parse.y for > attribute_role_def. Add the missing ; > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit d72a9ec825ef2a8723510f62292cf2adfd4a2a6c >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Apr 12 09:54:46 2011 -0400 > > checkpolicy: Redo filename/filesystem syntax to support filename trans rules > > In order to support filenames, which might start with "." or filesystems > that start with a number we need to rework the matching rules a little > bit. Since the new filename rule is so permissive it must be moved to > the bottom of the matching list to not cover other definitions. > > Signed-of-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit a053fd22f85269043e07c5b753129c188b6eda59 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Aug 9 10:28:38 2011 -0400 > > add missing ; > >commit 1c83cccceadf487c0ffa8e29450f4e67bd0617d3 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Aug 9 10:27:19 2011 -0400 > > Update fixfiles to not hard code types > >commit 10a349699195d4479b95d24304e09b8edd561d58 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Aug 9 09:58:53 2011 -0400 > > Always check return code on asprintf > >commit a614e5122282544a59b05d2ec216fe0a2c523ae4 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Aug 9 09:53:49 2011 -0400 > > Fix potential crash using dereferenced ftsent > >commit a87c1b95e086e96ef10da2b55fd3886cb0a852f8 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Aug 9 09:40:17 2011 -0400 > > Closedir on failures, to prevent leaks > >commit 41552b891d24bbf95fadd6991baf9d2fa7dc638a >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Aug 4 14:14:45 2011 -0400 > > Remove filesystem and move FILENAME to the bottom > >commit 913d3c72461715d3190de02facc39ef0c9a25ace >Merge: b3e15ff 4749940 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Aug 4 09:39:13 2011 -0400 > > Merge branches 'master' and 'master' of http://oss.tresys.com/git/selinux > > Conflicts: > libselinux/src/Makefile > libselinux/src/audit2why.c > libselinux/src/selinuxswig_python.i > libsepol/src/expand.c > policycoreutils/newrole/newrole.c > policycoreutils/run_init/open_init_pty.8 > policycoreutils/scripts/fixfiles > policycoreutils/scripts/genhomedircon.8 > policycoreutils/semanage/semanage > policycoreutils/semanage/seobject.py > policycoreutils/semodule_expand/semodule_expand.8 > policycoreutils/semodule_package/semodule_package.8 > >commit 47499404268aa4f064fe078710ccf7a139061753 >Author: Eric Paris <eparis@redhat.com> >Date: Wed Aug 3 18:09:02 2011 -0400 > > update repo for 2011-08-03 with version and changelog updates > >commit 2ac99a505e462d0bbf24c974d5dcdd71cd04dcf3 >Author: Eric Paris <eparis@redhat.com> >Date: Wed Aug 3 11:55:15 2011 -0400 > > policycoreutils: semanage: fix indention > > Part of the if clause used tabs, part spaces. Be consistent. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit dbc9a61819ea9a6b61bb29a2765b319ac974a775 >Author: Harry Ciao <qingtao.cao@windriver.com> >Date: Tue Aug 2 18:03:53 2011 +0800 > > libsepol: Only call role_fix_callback for base.p_roles during expansion. > > expand_role_attributes() would merge the sub role attribute's roles > ebitmap into that of the parent, then clear it off from the parent's > roles ebitmap. This supports the assertion in role_fix_callback() that > any role attribute's roles ebitmap contains just regular roles. > > expand_role_attribute() works on base.p_roles table but not any > block/decl's p_roles table, so the above assertion in role_fix_callback > could fail when it is called for block/decl and some role attribute is > added into another. > > Since the effect of get_local_role() would have been complemented by > the populate_roleattributes() at the end of the link phase, there is > no needs(and wrong) to call role_fix_callback() for block/decl in the > expand phase. > > Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit e1ae7b43f1a7218831083921b00d2a5bb81f05a0 >Author: Eric Paris <eparis@redhat.com> >Date: Wed Jul 20 12:16:28 2011 -0400 > > policycoreutils: semodule_package: fix man page typo > > Just drop an extra bit of cruft from the man page. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit c52ff76180d04c38799e27ca963cb19c6715f939 >Author: Eric Paris <eparis@redhat.com> >Date: Wed Jul 20 12:13:14 2011 -0400 > > policycoreutils: semodule_expand: update man page with -a > > Update the man page to include -a. Passing -a causes semodule_expand to > not check assertions. Include this in the man info. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit f2a74f4f878498323877f971ac014355c85187ad >Author: Eric Paris <eparis@redhat.com> >Date: Tue Jul 19 11:27:22 2011 -0400 > > policycoreutils: semanage: handle os errors > > Rather than traceback, handle os errors and exit cleanly. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit b5c0a182efbf5e8db1ec35ba1883c4465ef7e678 >Author: Eric Paris <eparis@redhat.com> >Date: Tue Jul 19 11:27:22 2011 -0400 > > policycoreutils: semanage: fix traceback with bad options > > $ semanage fcontext add delete > Traceback (most recent call last): > File "/usr/sbin/semanage", line 565, in <module> > process_args(sys.argv[1:]) > File "/usr/sbin/semanage", line 396, in process_args > raise ValueError(_("%s bad option") % o) > UnboundLocalError: local variable 'o' referenced before assignment > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit b1820fcca6ab47969da6bf60c380f23a452a78b0 >Author: Eric Paris <eparis@redhat.com> >Date: Mon Jul 18 13:25:42 2011 -0400 > > policycoreutils: semanage: show usage on -h or --help > > Raise a more sensicle useage rather than value error on help request > from user. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 72a83a110ddc461d345c52003618c2fb040966d2 >Author: Eric Paris <eparis@redhat.com> >Date: Fri Jul 15 18:45:37 2011 +0200 > > policycoreutils: semanage: introduce more deleteall options > > Some semanage objects have a deleteall function, some don't. This adds > them to login seluser node and interface. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 849e7d5be78e1d6264141463562d1da68e5076d8 >Author: Eric Paris <eparis@redhat.com> >Date: Fri Jul 15 15:05:11 2011 +0200 > > policycoreutils: semanage: verify ports < 65536 > > We could currently create a rule with a port number of one million. > This doesn't make sense. Bounds test it. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit c3226ebac9edea44bade7f9c8bef0c6f6bad62f9 >Author: Eric Paris <eparis@redhat.com> >Date: Sun Jul 10 12:21:14 2011 +0200 > > policycoreutils: transaction into semanageRecords > > In order to allow semanage to perform a transaction on several seobjects > at the same time, the transaction lock has to be at the class level > versus being in each object. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 3fd3a927e22a0c817790433d7473a9cddb6f131e >Author: Eric Paris <eparis@redhat.com> >Date: Sun Jul 10 12:15:36 2011 +0200 > > policycoreutils: make get_handle a method of semanageRecords > > Right now it is needlessly global. Make it a method of semanageRecords. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 7e00948bdba84b5ced1cd23720009b2c8cd629af >Author: Eric Paris <eparis@redhat.com> >Date: Sun Jul 10 17:40:05 2011 +0200 > > policycoreutils: remove a needless blank line > > Yeah, that's really it. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 5763e720d88ff2dcc7066cd61ca0c2836566e93f >Author: Eric Paris <eparis@redhat.com> >Date: Sun Jul 10 17:38:43 2011 +0200 > > policycoreutils: make process_one error if not initialized correctly > > Rather than blow up in horible ways, error out if we detect > initialization wasn't done properly. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 2b4d32dc4b03c4feb3be94ce21d9e2e6d02f4b44 >Author: Eric Paris <eparis@redhat.com> >Date: Sun Jul 10 16:42:18 2011 +0200 > > policycoreutils: fixfiles: correct usage for r_opts.rootpath > > The error usable displays r_opts.rootpath, but r_opts is supposed to be > an internal code thing, not something users care about. When printing > the error message just call it 'rootpath' > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 89ca0c2e296940aa5d0b4bc8c3c30d4227a96ff2 >Author: Eric Paris <eparis@redhat.com> >Date: Sun Jul 10 16:32:15 2011 +0200 > > policycoreutils: put -p in help for restorecon and fixfiles > > restorecon and fixfiles both have the -p option to display a * every > 10000 files. Put it in the usage and man pages. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 2d0c192355ae836ffe047cacfc7c25e146f1fccb >Author: Eric Paris <eparis@redhat.com> >Date: Sun Jul 10 16:23:02 2011 +0200 > > policycoreutils: fixfiles: do not try to only label known filesystems > > In the old fixfiles we had to make sure we only attempted to relabel > files that were on file systems that supported extended attributes. > With the new restorecon, we no longer need this. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 593154505a8f8c99e8f19b0aae352cd4d1d7e173 >Author: Eric Paris <eparis@redhat.com> >Date: Sun Jul 10 13:35:32 2011 +0200 > > policycoreutils: fixfiles clean up /var/run and /var/lib/debug > > clean up /var/run and /var/lib/debug just like we do for /tmp and > /var/tmp since they can easily get unlabeled files. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 2bd5fd1642ef190fa593c2cc608970fe29771d54 >Author: Eric Paris <eparis@redhat.com> >Date: Sun Jul 10 13:33:28 2011 +0200 > > policycoreutils: fixfiles delete tmp sockets and pipes rather than relabel then > > We cannot reasonably relabel pipes and sockets in /tmp to tmp_t so just > delete them instead of trying to put and unuable label. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 6084f72aafc8c7f70ef972e950dcc73777594c32 >Author: Eric Paris <eparis@redhat.com> >Date: Sun Jul 10 13:27:11 2011 +0200 > > policycoreutils: fixfile use find -delete instead of pipe to rm > > fixfiles uses a find command then than pipes that to rm -f. Just use > the find delete predicate instead of causing all of those extra calls to > rm. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit da484b88d577135167d36fd1c441e183baedb055 >Author: Eric Paris <eparis@redhat.com> >Date: Thu Jul 7 15:38:19 2011 +0200 > > policycoreutils: chcat man page typo > > Fix the page to point to the the seusers file, not the seuser file. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 6a1c070ea6870cc82eba2c5a755f00d35206b87c >Author: Eric Paris <eparis@redhat.com> >Date: Thu Jul 7 15:31:18 2011 +0200 > > policycoreutils: add man page for genhomedircon > > Nothing special, just a man page to say what it's about. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit a57385c57835a2aa312a731fa28d64e054e0f706 >Author: Eric Paris <eparis@redhat.com> >Date: Thu Jul 7 15:24:29 2011 +0200 > > policycoreutils: setfiles fix typo > > Apparently we cannot spelll. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 4c63498a4ce04e36398d332cc793dd43dd48fb30 >Author: Eric Paris <eparis@redhat.com> >Date: Thu Jul 7 15:03:51 2011 +0200 > > policycoreutils: setsebool should inform users they need to be root > > Add a different error message when setsebool is unable to run because > the user is not root. This just helps people who try to change booleans > based on setroubleshoot output and don't know what went wrong. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 98dcd2497613cd9d79d67ce7df669e36d6cfd1e6 >Author: Eric Paris <eparis@redhat.com> >Date: Thu Jul 7 15:01:00 2011 +0200 > > policycoreutils: setsebool typos > > Apparently we can't spelll. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 10374e5e896cb46f1cc0d00449b4e1f85029b74c >Author: Eric Paris <eparis@redhat.com> >Date: Thu Jul 7 14:58:21 2011 +0200 > > policycoreutils: open_init_tty man page typos > > Apparently we can't spelll. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 0b8af757b67ee795deef9523f1fd72ca28721e22 >Author: Eric Paris <eparis@redhat.com> >Date: Wed Jul 6 10:48:38 2011 -0400 > > policycoreutils: Don't add user site directory to sys.path > > SELinux pythons applications should not allow the user to change the > sys.path > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit e3ffa8c31fca71eba3c625f1e3ec26fdf8095f0f >Author: Eric Paris <eparis@redhat.com> >Date: Wed Jun 29 02:56:56 2011 -0400 > > policycoreutils: newrole retain CAP_SETPCAP > > We retain CAP_SETPCAP so that we can drop the additional capabilities > we held onto to set up namespaces. > > While we are at it, just add some console whine in case things fail. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 802369fbe2c7aadc6a9de3c5c5c4f60b81203d5d >Author: Eric Paris <eparis@redhat.com> >Date: Tue Jul 5 00:27:41 2011 -0400 > > audit2allow: do not print statistics > > I believe this is just to stop flooding the screen with libsepol > statistics every time you run audit2allow or any other libsepol command. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit c7ed95f449882f8a3bba47ed71416f034e345042 >Author: Eric Paris <eparis@redhat.com> >Date: Wed Jun 29 00:32:30 2011 -0400 > > libselinux: make python bindings for restorecon work on relative path > > This patch just makes python bindings for restorecon work on relative > paths. > > $ cd /etc > $ python > > import selinux > > selinux.restorecon("resolv.conf") > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 2ea80c28a560ede4ad318aa7ccbfd5f555264465 >Author: Eric Paris <eparis@redhat.com> >Date: Wed Jun 29 00:29:21 2011 -0400 > > libselinux: fix python audit2why binding error > > There is a missing error check in audit2why.c. Check for error and > return NULL if we can't initialize instead of just pretending it worked. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 63df0f7ef12844b9b86cc293299671da772fcf84 >Author: Eric Paris <eparis@redhat.com> >Date: Tue Jun 28 22:39:40 2011 -0400 > > libselinux: support new python3 functions > > python3 does not have PyString_FromString use PyBytes_FromString > instead. The same for PyString_Check->PyBytes_Check and for > PyString_AsString->PyBytes_AsString > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 4f621a168682f96d0c98f7818493397766b13fd2 >Author: Eric Paris <eparis@redhat.com> >Date: Tue Jun 28 21:37:38 2011 -0400 > > libselinux: do not check fcontext duplicates on use > > Tools like restorecon or systemd, which load the fcontext database to > make labeling decisions do not need to check for duplicate rules. Only > the first rule will be used. Instead we should only check for > duplicates when new rules are added to the database. And fail the > transaction if we find one. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 874bac80bbfbf0a5af51bfa02cad2c233aac7273 >Author: Daniel J Walsh <dwalsh@redhat.com> >Date: Fri Jun 24 16:43:11 2011 -0400 > > Patch for python3 for libselinux > > Allow the specification of python3 in the swig creation > > This patch adds the new option PYPREFIX which causes the swig created > libraries to have a prefix. This allows one to build both the python2 > and python3 libraries in the same source tree. The install will then > later strip this prefix back off when it drops the files into the python > approriate site package directory. > > This patch also needs to update the PYINC definition as newer python > patckages on fedora exist in /usr/include/python3.2mu instead of > /usr/include/python3.2 as the other method of detemrining PYINC would > have found. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 1867652e5424e867cea542a9311ccdc5fa9ec835 >Author: Eric Paris <eparis@redhat.com> >Date: Wed Apr 20 15:18:02 2011 -0400 > > libsepol: use mapped role number instead of module role number > > When expanding a module which includes role transitions we were > comparing the numeric value of the base policy role with the numberic > value of the unmapped role in the module. Comparisions between > role values need to both be in terms of the mapped role in the base > module. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Harry Ciao <qingtao.cao@windriver.com> > >commit b3e15ffbb99138ab2035f9700e64b894fe496656 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Aug 3 12:10:53 2011 -0400 > > Build each time > >commit 727a589de847b34c5e8d48e087fb4012e6e30f06 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Aug 3 09:46:17 2011 -0400 > > Updating to upstream with merge > >commit 7847304bc17a8e12618631adaef92b3fecf8bfc4 >Merge: 971ef18 78b4b56 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Aug 3 09:40:23 2011 -0400 > > Merge branch 'master' of http://oss.tresys.com/git/selinux > > Conflicts: > libselinux/src/init.c > libselinux/src/load_policy.c > policycoreutils/sandbox/seunshare.c > policycoreutils/setfiles/restore.c > >commit 78b4b56857145367256ece69b78c89146e1a423d >Author: Eric Paris <eparis@redhat.com> >Date: Tue Aug 2 14:10:39 2011 -0400 > > Made updates to checkpolicy libselinux and policycoreutils so update > version and changelogs > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 39066bd0ac3839d9c247dd1b769906c7100a10e0 >Author: Eric Paris <eparis@redhat.com> >Date: Tue Aug 2 13:58:07 2011 -0400 > > policycoreutils: seunshare: define _GNU_SOURCE earlier > > If one tries to build policycoreutils it won't work because of: > > seunshare.c: In function âmainâ: > seunshare.c:242:21: error: âCLONE_NEWNSâ undeclared (first use in this > function) > seunshare.c:242:21: note: each undeclared identifier is reported only > once for each function it appears in > make[1]: *** [seunshare.o] Error 1 > > Moving the #define _GNU_SOURCE earlier in the file means it is set when > sched.h is includes via some of dependancy chain. Thus it can build. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 971ef18e7ead129fef7aec525458d7e4ad0ab306 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Aug 2 13:56:52 2011 -0400 > > Add semodule_unpackage from Stephen Smalley > >commit 30ad11feb9c2557db22d6a1eeedaa791a9b9f269 >Author: Eric Paris <eparis@redhat.com> >Date: Sun Jul 10 16:38:41 2011 +0200 > > policycoreutils: make ignore_enoent do something > > We have dumb code in setfiles which will set a static variable called > ignore_enoent. Thing is, nothing uses it. So move the setting to where > it is useful and use it! > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 84ea17b5f3dd06c47470a50e35e334236ceb2210 >Author: Eric Paris <eparis@localhost.localdomain> >Date: Tue Jun 28 19:45:27 2011 -0400 > > libselinux: move .gitignore into utils > > There is a .gitignore at the head of the directory but only contains > entries for the utils directory. Move to the utils directory. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 5ef65fd7846cb407e2327f494f85c52e1d5d2201 >Author: Eric Paris <eparis@localhost.localdomain> >Date: Tue Jun 28 19:40:26 2011 -0400 > > libselinux: new setexecon utility > > This utility will tell what context a new task will have after exec > based on the pathname and the context of the launching task. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 441cf2ea924c13ed5002012aadd128f71d9e9c9d >Author: Richard Haines <richard_c_haines@btinternet.com> >Date: Mon Apr 18 16:41:40 2011 +0100 > > libselinux: selabel_open fix processing of substitution files > > libselinux selabel_open function always processed the substitution files (if > installed) from the active policy contexts/files/file_contexts.subs and > subs_dist irrespective of the backend type or SELABEL_OPT_PATH setting. This > patch now processes the correct subs files when selabel_open is called with > SELABEL_CTX_FILE. The other backends could also process their own substitution > files if needed in their own areas. > > [move the init declaration to label_internal.h - eparis] > Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit e3cab998b48ab293a9962faf9779d70ca339c65d >Author: Daniel J Walsh <dwalsh@redhat.com> >Date: Tue May 3 14:06:12 2011 -0400 > > libselinux mountpoint changing patch. > > The Fedora Distribution is looking to standardize kernel subsystem file > systems to be mounted under /sys/fs. They would like us to move /selinux > to /sys/fs/selinux. This patch changes libselinux in the following > ways: > > 1. load_policy will first check if /sys/fs/selinux exists and mount the > selinuxfs at this location, if it does not exists it will fall back to > mounting the file system at /selinux (if it exists). > > 2. The init functions of selinux will now check if /sys/fs/selinux is > mounted, if it is and has an SELinuxfs mounted on it, the code will then > check if the selinuxfs is mounted rw, if it is, libselinux will set the > mountpoint, if it is readonly, libselinux will return no mountpoint. If > /sys/fs/selinux does not exists, the same check will be done for > /selinux and finally for an entry in /proc/mounts. > > NOTE: We added the check for RO, to allow tools like mock to be able to > tell a chroot that SELinux is disabled while enforcing it outside the > chroot. > > $ getenforce > Enabled > $ mount --bind /selinux /var/chroot/selinux > $ mount -o remount,ro /var/chroot/selinux > $ chroot /var/chroot > $ getenforce > Disabled > > 3. In order to make this work, I needed to stop enabled from checking if > /proc/filesystem for entries if selinux_mnt did not exist. Now enabeled > checks if selinux_mnt has been discovered otherwise it will report > selinux disabled. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 2f921b58324c76fb4d45df60842d7074d8407add >Author: Jason Axelson <jaxelson@referentia.com> >Date: Wed Jul 14 09:21:53 2010 -1000 > > checkmodule: Add note to checkmodule man page about old versions > > Note that you cannot build a module with an older policy version. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 1236eef264f8022de4adc74750760a36dc420ab6 >Author: Chris Adams <cmadams@hiwaay.net> >Date: Thu Aug 12 14:51:28 2010 -0500 > > restorecond: first user logged in is not noticed > > The first user that logs in will not be caught by restorecond. The utmp > checking function only returns that there was a change when the previous > list of users was non-NULL. > > Here's a patch that works for me (this is against the latest Red Hat > Enterprise Linux 5 policycoreutils release, but I checked the current > source tree and the same problem is present): > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit e4f49b120abfa5a46280de59b64384449c8a63f6 >Author: root <root@(none).(none)> >Date: Wed Jun 22 16:06:21 2011 -0400 > > libselinux: simplify SRCS in Makefile > > The makefile does: > SRCS= $(filter-out $A, $(filter-out $B, *)) > When it can just do: > SRCS= $(filter-out $A $B, *) > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit bbad2cb655ba444e088cbbfc5e841214d15054dd >Author: Eric Paris <eparis@redhat.com> >Date: Wed Apr 20 15:58:52 2011 -0400 > > Repo: update .gitignore > > update .gitignore to include files that are normally created when > working and building inside the git repo > > Sigend-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit aec2e0265cabe74730d8950aae21be31f632337f >Author: Eric Paris <eparis@redhat.com> >Date: Wed Apr 20 15:52:53 2011 -0400 > > checkpolicy: dispol: print role transition rules > > There was no way to print all of the role transition rules in dispol. > Add that support. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit b0510d18204592ad66e73eef1e3480dc7be65ac2 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Aug 1 17:09:10 2011 -0400 > > Restore restorecond code to F15 version > >commit f0c816a1971e0cb04a9d1a0495835f3f37f32f96 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Aug 1 16:55:00 2011 -0400 > > Remove wrap.c files from my git repository > >commit 01be88bd962e0bf05d63ed762a4ec7b091f474fc >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Aug 1 16:48:22 2011 -0400 > > Remove pthread_once handling > >commit 398cfdd093556ce19c331f61b4fc9a0149ed1b54 >Merge: 7a3dd8c 510003b >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Aug 1 14:52:57 2011 -0400 > > Merge branch 'master' of http://oss.tresys.com/git/selinux > > Conflicts: > libselinux/src/selinux.py > libselinux/src/selinuxswig_wrap.c > libsemanage/src/semanage.py > libsemanage/src/semanageswig_wrap.c > policycoreutils/audit2allow/audit2allow.1 > policycoreutils/restorecond/restorecond.c > policycoreutils/semanage/semanage.8 > >commit 510003b63f3abd3039b1d154cab24fc13be0c581 >Author: Eric Paris <eparis@redhat.com> >Date: Mon Aug 1 13:49:21 2011 -0400 > > Minor version bump for updates as of 2011-08-01 > > checkpolicy > libselinux > libsemanage > libsepol > policycoreutils > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit 5aecaf1e68ea4ff4596850d5b4b4e02ebb50286c >Author: Eric Paris <eparis@redhat.com> >Date: Fri Jun 24 16:43:12 2011 -0400 > > semanage: update manpage to explain transactions capabilities > > semanage -S targeted -i - << _EOF > login -a -s xguest_u xguest > boolean -m --on allow_polyinstantiation > boolean -m --on xguest_connect_network > boolean -m --on xguest_mount_media > boolean -m --on xguest_use_bluetooth > _EOF > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit d67b1ea1cbe30afb4894634f06ca25916b03cbd7 >Author: Eric Paris <eparis@redhat.com> >Date: Fri Jun 24 16:43:10 2011 -0400 > > libsemanage: drop the -no-unused-parameter build flag > > Annote the couple of places they are needed and drop the flag > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit dad5f79991eb04b5973c670c8566844a014a3a85 >Author: Eric Paris <eparis@redhat.com> >Date: Fri Jun 24 16:43:09 2011 -0400 > > libsemanage: use -Werror > > libsemanage should use -Werror just like libselinux > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 109dc801ec27fc4f850f6927617acd6da5e6a544 >Author: Eric Paris <eparis@redhat.com> >Date: Fri Jun 24 16:43:04 2011 -0400 > > libsemanage: do not store generated files in git > > libsemanage/src/semanage.py and libselinux/src/semanageswig_wrap.c > are both generated rather than being real code. Do not store them > in git. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 6fe09c7080dc31a0215121e6afe3e27fbcb140d0 >Author: Eric Paris <eparis@redhat.com> >Date: Fri Jun 24 09:13:04 2011 -0400 > > libselinux: do not store generated files in git > > libselinux/src/selinux.py and libselinux/src/selinuxswig_wrap.c > are both generated rather than being real code. Do not store them > in git. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit c588b442196efff34e5afe1c1327db765bb210b4 >Author: Martin Orr <martin@martinorr.name> >Date: Thu Sep 24 15:49:15 2009 +0100 > > restorecond: Ignore IN_IGNORED inotify events > > With kernel 2.6.31, restorecond uses 99% of my CPU. > > This is because removing and readding the watch on utmp triggers inotify to > return an IN_IGNORED event for the old watch descriptor. If the watch gets > allocated the same wd when it is readded, then restorecond thinks that utmp > has changed, so removes and readds the watch again, potentially looping. > > With kernel <= 2.6.30, this never happened, because the kernel didn't reuse > watch descriptors. So the IN_IGNORED event comes with a wd that is no > longer in use, and gets ignored. But kernel 2.6.31 reuses the same watch > descriptor. > > This patch fixes that by ignoring inotify events whose only bit set is > IN_IGNORED. > > Note: it is not clear to me why it is necessary to remove and readd the > watch in the first place. > > Note for testing: you need to log in (to cause a change in utmp) after > starting restorecond to trigger the bug. In fact you need to log in twice > before the kernel reuses a watch descriptor. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 71b51fdbd657264c6b1942d90efd0d3ab2646e4d >Author: Daniel J Walsh <dwalsh@redhat.com> >Date: Wed Dec 22 15:08:33 2010 -0500 > > Rearranged audit2allow.1 to match the newer ways we use the tool. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit f1b004bf7d2453bda1a8076270f5c56b7ad90f56 >Author: Eric Paris <eparis@redhat.com> >Date: Wed Apr 20 15:41:05 2011 -0400 > > checkpolicy: fix dispol/dismod display for filename trans rules > > The formatting of dismod/dispol display of filename trans rules didn't > make a lot of sense. Make them more like the original rules. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 7190ed6020e061ccb204fd7b6e7f16bd22fdca82 >Author: Eric Paris <eparis@redhat.com> >Date: Wed Apr 20 15:20:13 2011 -0400 > > libsepol: store all filename transition rules when parsing a policy > > The kernel policy parsing logic was incorrectly believing the list of > filename transition rules was always empty because we never updated the > tail pointer when we added to the list. This patch updates the pointer > to the last entry when a new entry is added. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Dan Walsh <dwalsh@redhat.com> > >commit 7a3dd8c0d979ad6c3f8ada71c7f30f68f8b5d189 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Jul 28 11:59:41 2011 -0400 > > Remove local mosds > >commit 10682b4aa28d260712aa3eb98b55c61c1cb5d170 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Jul 28 11:49:17 2011 -0400 > > Fix for new role_transition class field by Eric Paris. > >commit 81b4954bc7413fabe8540d8128d8b27204c8a2b9 >Merge: 29ad2b3 44121f6 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Jul 28 11:30:25 2011 -0400 > > Merge branch 'master' of http://oss.tresys.com/git/selinux > >commit 44121f662411dbc17bf2e196911c655ee6969d59 >Author: Steve Lawrence <slawrence@tresys.com> >Date: Tue Jul 26 09:39:09 2011 -0400 > > Minor version bump for release > > Bump checkpolicy to 2.1.0 > Bump libselinux to 2.1.0 > Bump libsepol to 2.1.0 > Bump libsemanage to 2.1.0 > Bump policycoreutils to 2.1.0 > Bump sepolgen to 1.1.0 > >commit 29ad2b3298c8350b0c9c80e4bba093271dd12921 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Jul 26 10:42:26 2011 -0400 > > Allow seunshare to run as root > >commit f3610304b5bbac21b8f59b73b408f360ac0da75f >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Jul 25 10:41:15 2011 -0400 > > Stop using -k in sandbox and fix usage message within seunshare > >commit 5050408bf1de9d5ea4e11467621fd687ea899ac3 >Author: Steve Lawrence <slawrence@tresys.com> >Date: Mon Jul 25 10:12:15 2011 -0400 > > Revision version bump > > Bump checkpolicy to 2.0.26 > Bump libsepol to 2.0.46 > > Signed-off-by: Steve Lawrence <slawrence@tresys.com> > >commit c3f5d75c3234ea2b03c7eba9eb18b550efcc1605 >Author: Harry Ciao <qingtao.cao@windriver.com> >Date: Mon Jul 25 09:23:59 2011 +0800 > > Support adding one role attribute into another. > > When the link process is completed, the types type_set_t and roles > ebitmap in a role attribute are settled, then we could go on to scan > all role attributes in the base->p_roles.table checking if any non-zero > bit in its roles ebitmap is indeed another role attribute. > > If this is the case, then we need to escalate the roles ebitmap of > the sub role attribute into that of the parent, and remove the sub role > attribute from parent's roles ebitmap. > > Since sub-attribute's roles ebitmap may further contain other role > attributes, we need to re-scan the updated parent's roles ebitmap. > > Also if a loop dependency is detected, no escalation of sub-attribute's > roles ebitmap is needed. > > Note, although in the link stage all role identifiers defined in any > block/decl of any module would be copied into the base->p_roles.table, > the role-attribute relationships could still be recorded in the decl's > local symtab[SYM_ROLES] table(see get_local_role()), so before all above > escalation of sub role attribute's roles ebitmap into that of parent ever > happens, all decl in the base->global list except the global block would > have to be traversed so as to populate potential role-attribute > relationships from decl up to the base module. > > Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> > Signed-off-by: Steve Lawrence <slawrence@tresys.com> > >commit 3592ebea1a5beb390a520c09747d3699867af9de >Author: Harry Ciao <qingtao.cao@windriver.com> >Date: Mon Jul 25 09:23:58 2011 +0800 > > Add role attribute support when expanding role_set_t. > > When the rolemap and pointer to the base module are available, if > a non-zero bit in role_set_t.roles is a role attribute, expand it > before remap. > > Note, during module compile the rolemap may not be available, the > potential duplicates of a regular role and the role attribute that > the regular role belongs to could be properly handled by > copy_role_allow() and copy_role_trans() during module expansion. > > Take advantage of the role_val_to_struct[] of the base module, since > when role_set_expand() is invoked, the role_val_to_struct[] of the > out module may have not been established yet. > > Also cleanup the error handling of role_set_expand(). > > Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> > Signed-off-by: Steve Lawrence <slawrence@tresys.com> > >commit d4d90eceeba902874252fd7c1b9384fc5b1605d4 >Author: Harry Ciao <qingtao.cao@windriver.com> >Date: Mon Jul 25 09:23:57 2011 +0800 > > Add role attribute support when expanding role_datum_t. > > 1. Copy the flavor flag into its counterpart in the out module; > > 2. Fix all role attributes in the base module: > 2.1 remap the roles ebitmap and merge into its counterpart in the > out module; > 2.2 escalate the types.types ebitmap of its counterpart in the out > module, to the counterparts for all the regular roles that belongs > to the current role attribute. > > The role_fix_callback() must be called after role_copy_callback() > so that state->rolemap[] is available. > > Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> > Signed-off-by: Steve Lawrence <slawrence@tresys.com> > >commit bff13595230dbd41692a98482ff3323078ae7d03 >Author: Harry Ciao <qingtao.cao@windriver.com> >Date: Mon Jul 25 09:23:56 2011 +0800 > > Add role attribute support when linking modules. > > Make the flavor flag and the roles ebitmap in role_datum_t structure > properly handled during module link process: > > 1. the flavor flag is copied into the base module; > > 2. if both the current module and the base module have defined or > required the same role, check if there is a discrepency in flavor; > > 3. remap the roles ebitmap and merge into its counterpart in the > base module; > > Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> > Signed-off-by: Steve Lawrence <slawrence@tresys.com> > >commit 8072dba146b213a3f12a394596537e73f1b9339c >Author: Harry Ciao <qingtao.cao@windriver.com> >Date: Mon Jul 25 09:23:55 2011 +0800 > > Add role attribute support when generating pp files. > > Add support to read/write the flavor flag and roles ebitmap in the > role_datum_t structure from/to policy module, if its version is no less > than MOD_POLICYDB_VERSION_ROLEATTRIB. > > Since the role ebitmap would be expanded and won't be written into > policy.X, neither is the flavor flag, kernel SELinux security server > needs no change, the maximum version number for policy.X needs no bump. > > Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> > Signed-off-by: Steve Lawrence <slawrence@tresys.com> > >commit 16675b7f96b7a61ac64180b1824ec04984b72b3b >Author: Harry Ciao <qingtao.cao@windriver.com> >Date: Mon Jul 25 09:23:54 2011 +0800 > > Add role attribute support when compiling modules. > > 1. Add a uint32_t "flavor" field and an ebitmap "roles" to the > role_datum_t structure; > > 2. Add a new "attribute_role" statement and its handler to declare > a role attribute; > > 3. Modify declare_role() to setup role_datum_t.flavor according > to the isattr argument; > > 4. Add a new "roleattribute" rule and its handler, which will record > the regular role's (policy value - 1) into the role attribute's > role_datum_t.roles ebitmap; > > 5. Modify the syntax for the role-types rule only to define the > role-type associations; > > 6. Add a new role-attr rule to support the declaration of a single > role, and optionally the role attribute that the role belongs to; > > 7. Check if the new_role used in role-transition rule is a regular role; > > 8. Support to require a role attribute; > > 9. Modify symtab_insert() to allow multiple declarations only for > the regular role, while a role attribute can't be declared more than once > and can't share a same name with another regular role. > > Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> > Signed-off-by: Steve Lawrence <slawrence@tresys.com> > >commit b90c1aa0a86861f3e29d09c44f23574004927fea >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Jul 7 14:53:10 2011 -0400 > > Fix compiler bug > >commit 8de945b1563a0ca23902908e20996e304a337c48 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Jul 7 14:35:01 2011 -0400 > > Change seunshare to use kill(-child, SIGTERM) to make sure all processes in t he sandbox are killed > >commit 64c1d47e612a5d45a216100caa394b8331787d12 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Jul 7 14:32:55 2011 -0400 > > Change seunshare to use kill(-child, SIGTERM) to make sure all processes in t he sandbox are killed > >commit 8366294a69a609ba46bf771f3e3cf1ce165839a8 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Jul 6 20:52:38 2011 -0400 > > trap sigterm to make sure sandbox exits with the proper exit code > >commit 512b1542a2fb623198d0e68ab2c9a353ac81aa27 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Jul 6 20:52:05 2011 -0400 > > Change signal handler to handle ctrl-C and exit properly > >commit 0a987cc9efbb9d2cce04f50b60f795bb51fa4daa >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Jul 6 20:22:26 2011 -0400 > > add kill option to seunshare to kill all processes that are still running with the execcon MCS label. Default sandbox to call seunshare with the -k if it created an mcs level > >commit af478eda9ca890aeb8ebcf961fc8715bb23a9093 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Jul 5 17:02:04 2011 -0400 > > Fix compiler error missing ; > >commit 627fa1bfed5bbd8da8b281d99d2315e3ea6cc6b8 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Jul 5 16:46:30 2011 -0400 > > Fix memory leak of str variable > >commit 39043e650abacf2759a5639201f745d7e2e21d00 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Jul 5 16:43:14 2011 -0400 > > Add missing close of the /etc/sysconfig/sandbox file > >commit 4d6ea11a29ea2fb1c98307024e754e4e66823545 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Jun 29 08:53:35 2011 -0400 > > Remove spurious (8) from semodule_package man page > >commit 5c4377e9c7d1fde6a379c722b33fb53317ccf746 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Sun Jun 26 07:33:50 2011 -0400 > > Change --cgroups to use -c short option, add -C option to tell sandbox whether or not to allow sanbox apps to use capabilities > >commit b68a34e0078d0b246e59034824d369607493819b >Author: Dan Walsh <dwalsh@redhat.com> >Date: Sun Jun 26 07:32:38 2011 -0400 > > Document the semodule_expand -a qualifier > >commit 21717e7ca1dada5085078cfe2ccb3b0714bf171f >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Jun 13 13:24:38 2011 -0400 > > Only drop CAPS Not Bounding set with seunshare > >commit dcfd58a8e5b418d8f877535a68c390bd8a3db81d >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Jun 13 11:16:36 2011 -0400 > > Should only checkfor dups at installation time, not at compile time. > >commit ffd89b4c2d4ffcf0c33ce67ed55758304e6f7e9b >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Jun 7 13:53:53 2011 -0400 > > Must use open with mode flags > >commit 62941c9ae157fb923c67fced71ef1495848cd59a >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Jun 7 13:14:04 2011 -0400 > > Change the handling of disabled modules to only use a flag, not to rename > >commit 95c9435030f9c9c8bbd839a0d836fa67d96f5d2c >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Jun 7 08:34:04 2011 -0400 > > Fix sandbox to pass DPI from the desktop > >commit ac657c2dd0ec51c70a986feb13a390be0973e39f >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Jun 6 12:58:50 2011 -0400 > > Add ~/.config/* to restorecond_user.conf to make sure this directory is labeled correctly. > >commit 0706d9075fa95ccf23a50a927c5c072b6dae58ee >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Jun 2 12:13:01 2011 -0400 > > Rename semanage_set_root man page > >commit 91b9a37e61c07047286ca7d3eb06c2e52db6b822 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Jun 2 12:11:53 2011 -0400 > > Fix alternate root handling > >commit 861ee3a279e54233001b093eaab6ed6ac5413185 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Jun 1 17:27:46 2011 -0400 > > Add semanage_set_root > >commit 5a429a9a605f267bf13cd6606045878313e1e0ef >Merge: 68f64eb 0acd0ea >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon May 23 17:23:13 2011 -0400 > > Merge branch 'master' of http://oss.tresys.com/git/selinux > > Conflicts: > checkpolicy/policy_scan.l > >commit 0acd0eae51089f01b814c5473afbcfe8b0f26d47 >Author: Steve Lawrence <slawrence@tresys.com> >Date: Mon May 16 09:25:08 2011 -0400 > > Revision version bump > > Bump checkpolicy to 2.0.26 > > Signed-off-by: Steve Lawrence <slawrence@tresys.com> > >commit 17ac87ce8374ee635062ee0d9c4176231d3a87bc >Author: James Carter <jwcart2@tycho.nsa.gov> >Date: Wed Jan 12 16:29:02 2011 -0500 > > checkpolicy: Allow filesystem names to start with a digit > > The patch below allows filesystem names in fs_use_* and genfscon > statements to start with a digit, but still requires at least one > character to be a letter. A new token type for filesystem names is > created since these names having nothing to do with SELinux. > > This patch is needed because some filesystem names (such as 9p) start > with a digit. > > Signed-off-by: James Carter <jwcart2@tycho.nsa.gov> > Signed-off-by: Steve Lawrence <slawrence@tresys.com> > >commit b42e15ffd5163effe3b2cb910685a5956a00defc >Author: Steve Lawrence <slawrence@tresys.com> >Date: Mon May 16 08:40:00 2011 -0400 > > checkpolicy: wrap file names in filename trans with quotes > > This wraps the filename token in quotes to make parsing easier and more > clear. The quotes are stripped off before being passed to checkpolicy. > The quote wrapping is only used by filename transitions. This changes > the filename transition syntax to the following: > > type_transition source target : object default_type "filename"; > > Signed-off-by: Steve Lawrence <slawrence@tresys.com> > >commit cb271f7d4c1957950f4d1197b4973722705fb5b3 >Author: Steve Lawrence <slawrence@tresys.com> >Date: Mon May 16 08:38:37 2011 -0400 > > Revert "checkpolicy: use a better identifier for filenames" > > This reverts commit d4c230386653db49d8e8116b603efcce4423df70. > > Signed-off-by: Steve Lawrence <slawrence@tresys.com> > >commit 68f64eb4bbb369f00f7df83eafa99af274732e38 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Sat May 14 06:33:00 2011 +0200 > > Add selinuxececon to selinuxutils > >commit 5a90f27479aaec1e50a5030189810d0022c18496 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Sat May 14 06:22:41 2011 +0200 > > Add selinuxproccon.c > >commit 0829466b3b9d6844b23762dcc90bb51a0b77fc76 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Sat May 14 06:19:31 2011 +0200 > > Fix up handling of symlinks > >commit 88ebf0f1684324de35418b058032cabbf4679235 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Sat May 14 05:56:53 2011 +0200 > > Add /sys/fs/selinux as a mountpoint for selinuxfs, allow matchpathcon to handle realpath > >commit a92bac3a9c496599287edf5eae79970b4ade7914 >Merge: 4fbc679 2ecb2bf >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue May 3 09:30:34 2011 -0400 > > Commit so we can pull > >commit 2ecb2bfdde598f77dbfdb94c04ade56f65f5a434 >Author: Steve Lawrence <slawrence@tresys.com> >Date: Fri Apr 29 15:56:00 2011 -0400 > > Revision version bump > > Bump checkpolicy to 2.0.25 > Bump libsepol to 2.0.45 > > Signed-off-by: Steve Lawrence <slawrence@tresys.com> > >commit 30c3a6e4c3abe5e3202344591768aa4666b66f76 >Author: Steve Lawrence <slawrence@tresys.com> >Date: Mon May 2 10:37:50 2011 -0400 > > libsepol: warn if filename_trans rules are dropped > > Signed-off-by: Steve Lawrence <slawrence@tresys.com> > >commit c61b6934dd7b1c871001c049eddf4a4e57b604e8 >Author: Daniel J Walsh <dwalsh@redhat.com> >Date: Fri Apr 29 15:41:16 2011 -0400 > > checkpolicy: allow version of single digit > > currently policy will not build if I define a module as 1 > > policy_module(dan,1) Fails > > policy_module(dan,1.0) works > > The attached patch makes the first one work. > > Signed-off-by: Steve Lawrence <slawrence@tresys.com> > >commit d4c230386653db49d8e8116b603efcce4423df70 >Author: Daniel J Walsh <dwalsh@redhat.com> >Date: Fri Apr 29 15:29:48 2011 -0400 > > checkpolicy: use a better identifier for filenames > > Signed-off-by: Steve Lawrence <slawrence@tresys.com> > >commit 516cb2a264448421bff692f47f61e8cf2a74237e >Author: Eric Paris <eparis@redhat.com> >Date: Mon Mar 28 14:00:19 2011 -0400 > > checkpolicy: add support for using last path component in type transition rules > > This patch adds support for using the last path component as part of the > information in making labeling decisions for new objects. A example > rule looks like so: > > type_transition unconfined_t etc_t:file system_conf_t eric; > > This rule says if unconfined_t creates a file in a directory labeled > etc_t and the last path component is "eric" (no globbing, no matching > magic, just exact strcmp) it should be labeled system_conf_t. > > The kernel and policy representation does not have support for such > rules in conditionals, and thus policy explicitly notes that fact if > such a rule is added to a conditional. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Signed-off-by: Steve Lawrence <slawrence@tresys.com> > >commit 4ce7d734e8b8b243fc232c93d34690f9fdf67711 >Author: Eric Paris <eparis@redhat.com> >Date: Mon Mar 28 13:39:03 2011 -0400 > > checkpolicy: use #define for dismod selections > > We just use random numbers to make menu selections. Use #defines and > names that make some sense instead. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Signed-off-by: Steve Lawrence <slawrence@tresys.com> > >commit 4fbc679cf2280d017b5b85a790c6ee80d28b81c3 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Apr 21 10:11:59 2011 -0400 > > Add other files types > >commit c198c1f351e73592c3935e6fead93fb17e17fada >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Apr 18 13:17:34 2011 -0400 > > Chevk if /var/lib/debug exists before executing find on it > >commit 159c81480fe0f5b8f909690df6e5adcc6758e7b6 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Apr 18 12:45:56 2011 -0400 > > Change fixfiles restore to remove any sockets in /tmp that are labeled file_t. > >commit 7c2b81b88072d23840720606acd8d8bcf45cb5d4 >Merge: f6bcd30 16c6605 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Apr 15 11:07:47 2011 -0400 > > Merge branch 'master' of http://oss.tresys.com/git/selinux > > Conflicts: > libsepol/src/policydb.c > libsepol/src/write.c > >commit f6bcd30de172f44efe0862fc119cf4c7c224a3f6 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Apr 13 15:53:17 2011 -0400 > > CHange restorecon to use relative paths > >commit ca69fad0839f022b2db665ea1828d83df6d09dbb >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Apr 13 15:49:41 2011 -0400 > > Fix role_trans so it will build on older versions > >commit 3ce37997ee32708d314cabfb60927f390689f9ae >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Apr 13 15:48:46 2011 -0400 > > CHange restorecon to use relative paths > >commit 16c6605da16836606178780562551d73581203eb >Author: Steve Lawrence <slawrence@tresys.com> >Date: Wed Apr 13 15:18:51 2011 -0400 > > Revision version bump > > Bump libsepol to 2.0.44 > > Signed-off-by: Steve Lawrence <slawrence@tresys.com> > >commit 58fef61e7350d64049a04c9a4b21c86ce35c35de >Author: Steve Lawrence <slawrence@tresys.com> >Date: Wed Apr 13 14:58:03 2011 -0400 > > libsepol: use the correct number of roletrans rules when not supported > > When writing the roletrans rules, rules are dropped when not supported, > but the number of rules is not decreased. This sets the number of > elements to the actual number of rules that will be written. > > Signed-off-by: Steve Lawrence <slawrence@tresys.com> > >commit 34df32ab85a914c2bb7430e40716be7cbfa0a6bb >Author: Eric Paris <eparis@redhat.com> >Date: Tue Apr 12 17:11:41 2011 -0400 > > libsepol: support policy modules when roletrans rules not supported > > Although the role trans code had support to handle the kernel policy > when the version was less that roletrans such support was not in the > module read/write code. This patch adds proper support for role trans > in modules. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Signed-off-by: Steve Lawrence <slawrence@tresys.com> > >commit 6eeb71538ea29b639ac7549831cd1aa4da32722a >Author: Eric Paris <eparis@redhat.com> >Date: Tue Apr 12 14:45:36 2011 -0400 > > libsepol: add support for filenametrans rule > > This patch adds libsepol support for filename_trans rules. These rules > allow one to make labeling decisions for new objects based partially on > the last path component. They are stored in a list. If we find that > the number of rules grows to an significant size I will likely choose to > store these in a hash, both in libsepol and in the kernel. But as long > as the number of such rules stays small, this should be good. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Signed-off-by: Steve Lawrence <slawrence@tresys.com> > >commit 55d6caba348c016791ad4d900e7f951fc523c76f >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Apr 12 12:21:06 2011 -0400 > > Cleanup patch > >commit 1d70de1e9db6c1c3f1d665dfa90f72ff1a947427 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Apr 12 11:42:12 2011 -0400 > > fix to use version 11 > >commit cc7bdf442948dc90bb3c2cbe60020f126479b5ec >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Apr 12 10:32:43 2011 -0400 > > Add Erics patch for FILENAME_TRANS > >commit d36a1ee6a883e87d491d7b8c7d979ccecb4d2631 >Merge: e19a5ae c7512cf >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Apr 12 09:54:50 2011 -0400 > > Merge branch 'master' of http://oss.tresys.com/git/selinux > >commit e19a5ae88f7d50fcf29617e295d926c6e7b9c901 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Apr 12 09:54:46 2011 -0400 > > Add filename handling for type_transition rules > >commit c7512cf11cc9c4de2be8381a5fefe2b2d5f4bf5f >Author: Steve Lawrence <slawrence@tresys.com> >Date: Mon Apr 11 16:10:04 2011 -0400 > > Revision version bump > > Bump checkpolicy to 2.0.24 > Bump libselinux to 2.0.102 > Bump libsepol to 2.0.43 > Bump policycoreutils to 2.0.86 > > Signed-off-by: Steve Lawrence <slawrence@tresys.com> > >commit a0ea2d893df6d5ae57e941be5cad8e078de1c831 >Author: Steve Lawrence <slawrence@tresys.com> >Date: Mon Apr 11 11:07:16 2011 -0400 > > Fix plural secolor.conf in the man page and black/white mixup > > Signed-off-by: Steve Lawrence <slawrence@tresys.com> > >commit a213ac22c4b41954911760f137589a07eccd0996 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Apr 11 14:25:37 2011 -0400 > > Add Elia Pinto patch to exclude directories from relabel > >commit c4484fd6cf81e59bf1445611e45112dcb16d8bb9 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Apr 11 14:25:35 2011 -0400 > > Add Elia Pinto patch to exclude directories from relabel > >commit c99414fc1f0f04001f8bf76c34846b8b59cc5702 >Author: Richard Haines <richard_c_haines@btinternet.com> >Date: Sun Apr 10 17:25:15 2011 +0100 > > Add libselinux man pages for colour functions > > Add man pages for selinux_raw_context_to_color(5), selinux_colors_path(3) and secolors.conf(5). > > Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> > Signed-off-by: Steve Lawrence <slawrence@tresys.com> > >commit fe17b3d2d924018750386c5ee74f12ca4b054136 >Author: Richard Haines <richard_c_haines@btinternet.com> >Date: Sun Apr 10 17:18:28 2011 +0100 > > mcstransd select correct colour range. > > mcstransd: Now selects the range color for a matching 'range' entry in secolor.conf file, and not the first range to pass the dominance check. > > The second patch has the man pages to support the colour functions that match how mcstransd manages colour selection. > > Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> > Signed-off-by: Steve Lawrence <slawrence@tresys.com> > >commit 20b43b3fd3d392c4f12a963a4e46c264e7ed5163 >Author: Daniel J Walsh <dwalsh@redhat.com> >Date: Wed Apr 6 17:08:27 2011 -0400 > > This patch adds a new subs_dist file. > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > The idea is to allow distributions to ship a subs file as well as let > the user modify subs. > > In F16 we are looking at shipping a > > file_contexts.subs_dist file like this > > cat file_contexts.subs_dist > /run /var/run > /run/lock /var/lock > /var/run/lock /var/lock > /lib64 /lib > /usr/lib64 /usr/lib > > The we will remove all (64)? from policy. > > This will allow us to make sure all /usr/lib/libBLAH is labeled the same > as /usr/lib64/libBLAH > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk2c1ksACgkQrlYvE4MpobNXcQCgqgAiQJxmwa1+NdIq8E3tQRp6 > QT0An0ihA60di9CRsEqEdVbSaHOwtte5 > =LXgd > -----END PGP SIGNATURE----- > > Signed-off-by: Steve Lawrence <slawrence@tresys.com> > >commit 1629d2f89a8c5f758413b87b94740aaaa5f21144 >Author: Daniel J Walsh <dwalsh@redhat.com> >Date: Wed Apr 6 16:58:29 2011 -0400 > > This patch cleans up a couple of crashes caused by libselinux > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > If you fail to load_policy in the init or SELinux is disabled, you need > to free the selinux_mnt variable and clear the memory. > > systemd was calling load_polcy on a DISABLED system then later on it > would call is_selinux_enabled() and get incorrect response, since > selinux_mnt still had valid data. > > The second bug in libselinux, resolves around calling the > selinux_key_delete(destructor_key) if the selinux_key_create call had > never been called. This was causing data to be freed in other > applications that loaded an unloaded the libselinux library but never > setup setrans or matchpathcon. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk2c0/UACgkQrlYvE4MpobMP1QCfXAFD3pfWFLd1lylU/vjsZmpM > mcUAnA2l3/GKGC3hT8XB9E+2pTfpy+uj > =jpyr > -----END PGP SIGNATURE----- > > Signed-off-by: Steve Lawrence <slawrence@tresys.com> > >commit 5c6729b4d26fe6b3e64f9301efe6b0fa7d5c8487 >Author: Daniel J Walsh <dwalsh@redhat.com> >Date: Wed Apr 6 17:13:37 2011 -0400 > > Resend: This patch causes the mount points created in load_policy to have a proper name > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 04/06/2011 05:10 PM, Daniel J Walsh wrote: > > "proc" and "selinuxfs" > > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk2c14AACgkQrlYvE4MpobMC7gCglauBYIKMfBRUcQPaMGKTzYZV > udUAn3X/rgUgJ55401IVwyCHC051bGQA > =47TI > -----END PGP SIGNATURE----- > > Signed-off-by: Steve Lawrence <slawrence@tresys.com> > >commit f89d4aca9c9423fe7e0428900cedca0ab60ec70c >Author: Harry Ciao <qingtao.cao@windriver.com> >Date: Fri Mar 25 13:52:03 2011 +0800 > > Userspace: display the class in role_transition rule > > Add support to display the class field in the role_transition rule > in the checkpolicy/test/dismod program. > > Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> > Signed-off-by: Steve Lawrence <slawrence@tresys.com> > >commit 6db9b74210197f792a52038abbd10e946e99e49d >Author: Harry Ciao <qingtao.cao@windriver.com> >Date: Fri Mar 25 13:52:02 2011 +0800 > > Userspace: handle the class in role_trans_rule > > Add class support to various functions to handle role_trans_rule_t > structures. > > Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> > Signed-off-by: Steve Lawrence <slawrence@tresys.com> > >commit 93417dfa28606d48dc3e37e05d5a3aeaa1488870 >Author: Harry Ciao <qingtao.cao@windriver.com> >Date: Fri Mar 25 13:52:01 2011 +0800 > > Userspace: handle the class field in role_trans struct > > Add the class support to various functions that handle role_trans > structure. > > Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> > Signed-off-by: Steve Lawrence <slawrence@tresys.com> > >commit e95f358e3bbe850e5c99f56f8521abe1f5a6210b >Author: Harry Ciao <qingtao.cao@windriver.com> >Date: Fri Mar 25 13:51:59 2011 +0800 > > Userspace: role_transition parser to handle class field > > Handle the class field in the role_transition rule. If no class is > specified, then it would be set to the "process" class by default. > > Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> > Signed-off-by: Steve Lawrence <slawrence@tresys.com> > >commit 45b2e6ec2340d698db506dff8c3df947b6e29452 >Author: Harry Ciao <qingtao.cao@windriver.com> >Date: Fri Mar 25 13:51:57 2011 +0800 > > Userspace: add class to role_trans & role_trans_rule > > Introduce the class support to role_trans and role_trans_rule > structures, which could be the subject class("process") or the > class that the newly created object belongs to. > > Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> > Signed-off-by: Steve Lawrence <slawrence@tresys.com> > >commit 40669769718c765ae61d30b3e78bdc07971dc681 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Apr 6 11:15:59 2011 -0400 > > Only call destructor if constructor was called > >commit 5426b52a8e4b4ae0279facbada81f2126d889f08 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Apr 5 13:53:11 2011 -0400 > > Add distribution subs > >commit 409febf8c969377d6c8319f9b0c40df9eab552b9 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Apr 5 12:06:13 2011 -0400 > > Deepak Bhole 2011-04-04 23:08:51 EDT > > libselinux 2.0.94-4 introduced a patch that should either be backed out, or be > supplemented with an additional (attached) patch. > > While investigating Bug# 692686, it was determined that a patch introduced in > libselinux-2.0.94-4 was causing OpenJDK to segfault. > > More specifically, errors were being seen in libpthread/libdl that were related > to corrupt thread specific keys. The issue was narrowed to the changes > introduced by libselinux-2.0.94_thread.patch. More specifically, this patch > adds global destructors that are called on dl unload. During destruction, they > delete a thread specific key without checking if it has been initialized. Since > the constructor is not called each time (i.e. key is not initialized with > pthread_key_create each time), and the default is 0, there is a possibility > that key 0 for an active thread gets deleted. This is exactly what is happening > in case of OpenJDK. > > This is an urgent issue and should be fixed before 6.1 final as it affects all > applications using libpthread on RHEL. > > I am attaching a workaround patch that initializes the key to -1. Thus if the > constructor is not called, the destructor tries to delete key -1 which is > deemed invalid by pthread_key_delete, and is ignored. > >commit e4c55621b005c7fed37f8e816724f2a443981d71 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Apr 5 11:36:11 2011 -0400 > > Make fini_selinuxmnt an external function > >commit 811b85085b63ac0470384f50a3eddb2ba37e85fc >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Apr 5 11:21:17 2011 -0400 > > Free selinux_mount memory if selinux is disabled, also causes is_selinux_enabled() to return false > >commit cda2c7edfaeae83cc1d691c6bfb6670c548d7bf2 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Apr 1 10:40:48 2011 -0400 > > Change mount options from none to proc and selinuxfs > >commit 05c706e094eb47c21ba5d482e21baffe65bb60dd >Merge: 1c5397a acd3b7f >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Mar 29 15:28:33 2011 -0400 > > Merge branch 'master' of http://oss.tresys.com/git/selinux > >commit 1c5397aeb95e4a03601a06842dc9e2d450057bfe >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Mar 29 11:02:40 2011 -0400 > > Rsynccmd should not require execcon > >commit a232674a12c89dde66882c031257a4f75f971c1d >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Mar 24 16:38:51 2011 -0400 > > Fix handling of ipv6 > >commit e6116dccae153192b146ebea320ddca732c2066b >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Mar 23 15:09:42 2011 -0400 > > further cleanup of seunshare and add -p option to sepolgen-ifgen > >commit acd3b7f9f1b7f52880ab80e4a4fa42e793017a36 >Author: Stephen Smalley <sds@tycho.nsa.gov> >Date: Wed Mar 23 08:56:16 2011 -0400 > > Bump libselinux to 2.0.101 > >commit c4737c2e3281f6d5ebece9a85d87c5ed366f9af1 >Author: KaiGai Kohei <kaigai@ak.jp.nec.com> >Date: Thu Jan 6 16:14:48 2011 +0900 > > add db_language support on label_db.c > > The attached patch add support db_language object class > to the selabel_lookup(_raw) interfaces. > It is needed to inform object manager initial label of > procedural language object. > > Thanks, > -- > KaiGai Kohei <kaigai@ak.jp.nec.com> > > Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> > >commit 27bb654a89c9e9d547f63c12a421a04d60df00e5 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Mar 16 09:35:11 2011 -0400 > > Go back to original seunshare man page > >commit 9f219eae2d2d75299b74d70b0d7fadd137a7e0bf >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Mar 14 16:20:19 2011 -0400 > > change default for the homedir to be in /tmp > >commit 6743978f2d07e63477d2d05203e839a6f6a6cd53 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Mar 11 16:32:49 2011 -0500 > > Check the installed policy if less then the kernel version > >commit 23be62b9e088deeb4a808fc39d51a136a6e8de14 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Mar 11 16:16:39 2011 -0500 > > Add check for valid getpwuid(uid) > >commit d9e67242456d5504218f3b5dd075a7f6f78bf2e5 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Mar 11 12:13:31 2011 -0500 > > Fedora patch > >commit 44d8ff2b0f560a086b8bab254c20cd21f4c54788 >Author: Eamon Walsh <ewalsh@tycho.nsa.gov> >Date: Wed Mar 9 11:51:06 2011 -0500 > > bump libselinux to 2.0.100 > > Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> > >commit f0b3127ca3c99ae218dba43a6e3f7430081c412b >Author: Eamon Walsh <ewalsh@tycho.nsa.gov> >Date: Wed Mar 9 11:43:33 2011 -0500 > > Use library destructors to destroy per-thread keys. > > This prevents the key destructors, intented to free per-thread > heap storage, from being called after libselinux has been unloaded. > > Fixes https://bugzilla.redhat.com/show_bug.cgi?id=680887 > > Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> > >commit 04d30c320f16a053ebbb020105910ef648ce5f9c >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Mar 9 11:25:30 2011 -0500 > > Add Tomas Hoger latest patch > >commit 150983a5759f628f92b5aafe73831bc80b599f2c >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Mar 8 17:48:38 2011 -0500 > > Add back -t handling to sandbox command > >commit eda3362ead216fa7b49bc9dd67e2bd8d38a50169 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Mar 8 17:32:12 2011 -0500 > > Move setsid to sandboxrc script > >commit 1cf0c1ad414754708fac9c05185efb5a4974318d >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Mar 8 17:27:01 2011 -0500 > > Latest fixes to seunshare > >commit 637cba7dd5848a3f090404d956f2328022521dff >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Mar 8 15:06:21 2011 -0500 > > thoger patch > >commit c8fe0361e8fd4cd3bace90b2912ba4ece672f5a7 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Mar 3 16:54:26 2011 -0500 > > exclude .X11-unix directory from homedir, do not set time attributes on /tmp > >commit c7d9db5c928a39701418ddfbb99407aefd319966 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Mar 3 15:35:07 2011 -0500 > > Template should be global, remove doublefree > >commit d2d2778608979f2c951147682bf91554f9064bdc >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Mar 3 15:06:16 2011 -0500 > > Add another fork as root to delete the tmpdir > >commit 432c72462e2fe0855045e43e96caf4168cb842a1 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Mar 3 14:44:50 2011 -0500 > > Redesign to try to cleanup tmpdir when complete > >commit 8287e1bb05183cb8b7141b2d77d7b3e7fef8d197 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Mar 3 14:14:35 2011 -0500 > > Cleanup code > >commit 1d0616d42c68ac010da50a9964493b48d259ef2c >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Mar 3 14:00:23 2011 -0500 > > Remove setgid and change permission to 1770 > >commit 6e4fc0d72fc3c22cec5bd201ac2736278212c7b2 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Mar 3 12:12:07 2011 -0500 > > Replace cp with rsync so we can delete files that get removed from tmp > >commit 5bb95d924d11e2ecd3d760824309b0be6a75fd72 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Mar 3 12:08:22 2011 -0500 > > Replace cp with rsync > >commit 55162caa5ef5ea1513e8353c6ae84f390c78cf01 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Mar 3 11:27:43 2011 -0500 > > Remove optional -T sandbox qualifier > >commit 7a48082c5c6a3a07bf0f64d4a030548950bba72b >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Mar 3 10:24:45 2011 -0500 > > add tmpdir selection back > >commit 44a7a249481dcab29393ef124d91c278cc0a43b5 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Mar 3 10:16:06 2011 -0500 > > Add back tmpdir selection to seunshare > >commit 0bf0c083b8b8a5942e669e08d8e085f674a2f9fe >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Mar 3 10:04:02 2011 -0500 > > cleanup leaked memory found by sgrubb > >commit 295ab3a65e1893404f57e6994c044424a6b1a28a >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Mar 1 14:50:11 2011 -0500 > > Fedora patch > >commit 64f6678e526f643966b43141e2e09c92d45eb263 >Merge: 013d809 fdab2ec >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Mar 1 14:24:25 2011 -0500 > > Merge branch 'master' of http://oss.tresys.com/git/selinux > >commit 013d809cf891930e8db2f5c34731139e6fca8d2a >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Mar 1 12:20:03 2011 -0500 > > Fix chmod call > >commit 0467f43d8c323a99e7a6643b2aa1779577c6ad51 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Tue Mar 1 12:11:00 2011 -0500 > > Cleanup seunshare code > >commit fdab2ec2791e6b964055cbb5cde0de3391efe0a9 >Author: Steve Lawrence <slawrence@tresys.com> >Date: Tue Mar 1 11:52:56 2011 -0500 > > bump libselinux to 2.0.99 > > Signed-off-by: Steve Lawrence <slawrence@tresys.com> > >commit 6caa4cbe32e68bf3296ce8cbcf218509e58b550c >Author: Daniel J Walsh <dwalsh@redhat.com> >Date: Tue Mar 1 11:50:42 2011 -0500 > > selinux man page fixes > > Signed-off-by: Steve Lawrence <slawrence@tresys.com> > >commit bc2a8f418e3b7bd9c2abd83e441a45ad59631f1f >Author: KaiGai Kohei <kaigai@ak.jp.nec.com> >Date: Tue Mar 1 11:21:19 2011 -0500 > > libselinux: add selinux_status_* interfaces for /selinux/status > > The attached patch adds several interfaces to reference /selinux/status > according to sequential-lock logic. > > selinux_status_open() open the kernel status page and mmap it with > read-only mode, or open netlink socket as a fallback in older kernels. > > Then, we can obtain status information from the mmap'ed page using > selinux_status_updated(), selinux_status_getenfoce(), > selinux_status_policyload() or selinux_status_deny_unknown(). > > It enables to help to implement userspace avc with heavy access control > decision; that we cannot ignore the cost to communicate with kernel for > validation of userspace caches. > > Signed-off-by: Steve Lawrence <slawrence@tresys.com> > >commit de740c4772db45262fddfc82363252eb8b3f4bcb >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Feb 28 16:58:17 2011 -0500 > > Fix memory allocation > >commit 0a1db0e71836f3b855825399ec79e48b578bbb1d >Author: Dan Walsh <dwalsh@redhat.com> >Date: Mon Feb 28 16:41:53 2011 -0500 > > Move away from tmpfs to temp dir in /tmp > >commit 88befff945a318ef9bc28e853acc0fd8161d1870 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Feb 25 16:29:15 2011 -0500 > > Fix up node handling to allow specification of node/mask > >commit 456a1ece9533acff909e6a7a6c09dab3fa793fe7 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Feb 25 16:29:03 2011 -0500 > > continue cleaning up code for CVE > >commit 24b6df4b31dcedfba7317b5667c49c7e9d63f4cf >Author: Dan Walsh <dwalsh@redhat.com> >Date: Thu Feb 24 14:41:01 2011 -0500 > > Cleanup seunshare for CVE > >commit b82261acf7aff0be4b5b4a4e7634278e44811c02 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Feb 23 16:54:28 2011 -0500 > > Setfilecon on /tmp > >commit 12eede85964ae0bfc72b7b76164485b2272d34a0 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Feb 23 16:39:58 2011 -0500 > > Change context of /tmp to match srcdir > >commit ba0655a87ec8de1582a0b939c738eda9e0d9bc73 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Feb 23 16:24:02 2011 -0500 > > More fixes to cleanup seunshare.c > >commit a00da3e96de696c92a414427c69d7f3dfe69c53d >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Feb 23 15:02:44 2011 -0500 > > Latest patches from Rawhide > >commit 31ad97fe34c13d35614cfeb548a3a17df0698740 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Wed Feb 23 14:34:04 2011 -0500 > > Don't use bind mounts for /tmp > >commit 4e5da61f3c896563c2213a50ae7ac4c0967a7232 >Author: Dan Walsh <dwalsh@redhat.com> >Date: Fri Feb 18 11:23:13 2011 -0500 > > Fedora patch > >commit b676c84dbd793808d690cc151e244b5c8bdb779d >Author: Steve Lawrence <slawrence@tresys.com> >Date: Mon Dec 20 14:48:01 2010 -0500 > > bump policycoreutils to 2.0.85 > > Signed-off-by: Steve Lawrence <slawrence@tresys.com> > >commit cba027c249bf692fa07f7ffa290f8291b254242e >Author: Steve Lawrence <slawrence@tresys.com> >Date: Fri Dec 17 15:20:05 2010 -0500 > > Exit newrole if capabilities can't be dropped > > Signed-off-by: Steve Lawrence <slawrence@tresys.com> > >commit 16d1c1cbe5fe7de125084948280c46175ab6a712 >Author: Daniel J Walsh <dwalsh@redhat.com> >Date: Fri Dec 17 15:13:31 2010 -0500 > > Move newrole to use libcap-ng > > Signed-off-by: Steve Lawrence <slawrence@tresys.com> > >commit d17ed0d90d100acb4d270613d12988f909cc1c3f >Author: Chad Sellers <csellers@tresys.com> >Date: Thu Dec 16 14:11:57 2010 -0500 > > bump checkpolicy to 2.0.23 > bump libselinux to 2.0.98 > bump libsepol to 2.0.42 > bump libsemanage to 2.0.46 > > Signed-off-by: Chad Sellers <csellers@tresys.com> > >commit 7bc4ffb5df96c2acaac80f3e7c7c8e27faccd627 >Author: Daniel J Walsh <dwalsh@redhat.com> >Date: Tue Dec 14 15:45:10 2010 -0500 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: I think it is time to turn off default user handling in libselinux > Date: Mon, 13 Dec 2010 13:28:01 -0500 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > This patch will turn this handling off. Meaning you will not end up > with some bizarro context and fail to login if the login program can not > figure how to log you in. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk0GZbEACgkQrlYvE4MpobOF7QCgsD1XYuNC6B5MyIezCZvN9mYL > UX4AoOe9GsP3bhuvMBPea9LXeV/7tCPS > =B9Pk > -----END PGP SIGNATURE----- > > Signed-off-by: Chad Sellers <csellers@tresys.com> > >commit f7dd4ca760de5f2dfa962749dddf8a99587f2257 >Author: Justin P. Mattock <justinmattock@gmail.com> >Date: Wed Dec 8 18:16:42 2010 -0500 > > Author: "Justin P. Mattock" > Email: justinmattock@gmail.com > Subject: libsemanage Fix warning: parameter 'key' set but not used(and others) > Date: Tue, 6 Jul 2010 15:23:30 -0700 > > libsemanage produced no errors with the warnings, Im just noticing > big hunks of sections with warning messages: > > database_llist.c: In function 'dbase_llist_add': > database_llist.c:150:28: warning: parameter 'key' set but not used > database_llist.c: In function 'dbase_llist_count': > database_llist.c:221:50: warning: parameter 'handle' set but not used > database_llist.c: In function 'dbase_llist_del': > database_llist.c:278:41: warning: parameter 'handle' set but not used > (and so on...) > so add the GCC attribute to quiet these warnings since most go to > NULL; > > Signed-off-by: Justin P. Mattock <justinmattock@gmail.com> > Signed-off-by: Chad Sellers <csellers@tresys.com> > >commit 033959726bf32ab59a52201e0696f269c0810609 >Author: Justin P. Mattock <justinmattock@gmail.com> >Date: Wed Dec 8 18:13:46 2010 -0500 > > Author: "Justin P. Mattock" > Email: justinmattock@gmail.com > Subject: libsepol > Date: Tue, 6 Jul 2010 15:23:29 -0700 > > Going through these warning messages Im getting: > (example 1 of many) > booleans.c: In function 'sepol_bool_count': > booleans.c:106:39: error: parameter 'handle' set but not used > cc1: all warnings being treated as errors > > seems most of these go to NULL; Which tells me that these are here for > future use and/or need to be there for some other reason. > The biggest problem I have is Im getting errors out of these as opposed > to just a warning(-Werror) so marking the variable with a GCC > __attribute__ ((unused)) gets things going. > > Signed-off-by: Justin P. Mattock <justinmattock@gmail.com> > Signed-off-by: Chad Sellers <csellers@tresys.com> > >commit f997295da3e6377899ca31c05f92819eab7d3ea7 >Author: Justin P. Mattock <justinmattock@gmail.com> >Date: Wed Dec 8 17:55:59 2010 -0500 > > Author: "Justin P. Mattock" > Email: justinmattock@gmail.com > Subject: checkpolicy Fix error: variable 'newattr' set but not used(and others as well) > Date: Tue, 6 Jul 2010 15:23:28 -0700 > > The below patch fixes some warning messages Im receiving > with GCC:(in this case some are erros due to -Werror) > policy_define.c: In function 'define_type': > policy_define.c:1216:6: error: variable 'newattr' set but not used > cc1: all warnings being treated as errors > > Signed-off-by: Justin P. Mattock <justinmattock@gmail.com> > Signed-off-by: Chad Sellers <csellers@tresys.com> > >commit 705071c6b178dd5df710c69cc21d24b662eebe42 >Author: Eamon Walsh <ewalsh@tycho.nsa.gov> >Date: Thu Dec 2 20:08:22 2010 -0500 > > bump libselinux to 2.0.97 > > Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> > >commit 569ce5498553b87dc7af343b2efb4da8d3ecdb4f >Author: Eamon Walsh <ewalsh@tycho.nsa.gov> >Date: Thu Dec 2 19:30:06 2010 -0500 > > matchpathcon: Close selabel handle in thread destructor. > > This is necessary because the handle is thread-local. > > Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> > >commit a00fd94a46e92a233f4e613660e9962918f28207 >Author: Eamon Walsh <ewalsh@tycho.nsa.gov> >Date: Thu Dec 2 19:21:10 2010 -0500 > > selabel: Store substitution data in the handle instead of globally. > > This is for thread safety. > > Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> > >commit a29ff33baf366825c0fbe721d30b12b5b96a64e1 >Author: Eamon Walsh <ewalsh@tycho.nsa.gov> >Date: Thu Dec 2 14:08:59 2010 -0500 > > Implement destructors for thread-local heap data. > > Description of problem: > Use of __thread variables is great for creating a thread-safe variable, but > only insofar as the contents of that variable can safely be abandoned on > pthread_exit(). The moment you store malloc()d data into a __thread void* > variable, you have leaked memory when the thread exits, since there is no way > to associate a destructor with __thread variables. > > The _only_ safe way to use thread-local caching of malloc()d data is to use > pthread_key_create, and associate a destructor that will call free() on the > resulting data when the thread exits. > > libselinux is guilty of abusing __thread variables to store malloc()d data as a > form of a cache, to minimize computation by reusing earlier results from the > same thread. As a result of this memory leak, repeated starting and stopping > of domains via libvirt can result in the OOM killer triggering, since libvirt > fires up a thread per domain, and each thread uses selinux calls such as > fgetfilecon. > > Version-Release number of selected component (if applicable): > libselinux-2.0.94-2.el6.x86_64 > libvirt-0.8.1-27.el6.x86_64 > > How reproducible: > 100% > > Steps to Reproduce: > 0. These steps are run as root, assuming hardware kvm support and existence of > a VM named fedora (adjust the steps below as appropriate); if desired, I can > reduce this to a simpler test case that does not rely on libvirt, by using a > single .c file that links against libselinux and repeatedly spawns threads. > 1. service libvirtd stop > 2. valgrind --quiet --leak-check=full /usr/sbin/libvirtd& pid=$! > 3. virsh start fedora > 4. kill $pid > > Actual results: > The biggest leak reported is due to libselinux' abuse of __thread: > > ==26696== 829,730 (40 direct, 829,690 indirect) bytes in 1 blocks are > definitely lost in loss record 500 of 500 > ==26696== at 0x4A0515D: malloc (vg_replace_malloc.c:195) > ==26696== by 0x3022E0D48C: selabel_open (label.c:165) > ==26696== by 0x3022E11646: matchpathcon_init_prefix (matchpathcon.c:296) > ==26696== by 0x3022E1190D: matchpathcon (matchpathcon.c:317) > ==26696== by 0x3033ED7FB5: SELinuxRestoreSecurityFileLabel (security_selinux.c:381) > ==26696== by 0x3033ED8539: SELinuxRestoreSecurityAllLabel (security_selinux.c:749) > ==26696== by 0x459153: qemuSecurityStackedRestoreSecurityAllLabel (qemu_security_stacked.c:257) > ==26696== by 0x43F0C5: qemudShutdownVMDaemon (qemu_driver.c:4311) > ==26696== by 0x4555C9: qemudStartVMDaemon (qemu_driver.c:4234) > ==26696== by 0x458416: qemudDomainObjStart (qemu_driver.c:7268) > ==26696== by 0x45896F: qemudDomainStart (qemu_driver.c:7308) > ==26696== by 0x3033E75412: virDomainCreate (libvirt.c:4881) > ==26696== > > Basically, libvirt created a thread that used matchpathcon during 'virsh start > fedora', and matchpathcon stuffed over 800k of malloc'd data into: > > static __thread char **con_array; > > which are then inaccessible when libvirt exits the thread as part of shutting > down on SIGTERM. > > Expected results: > valgrind should not report any memory leaks related to libselinux. > > Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> > Reported-by: Eric Blake <eblake@redhat.com> > Tested-by: Eric Blake <eblake@redhat.com> > >commit 7bb6003219e5a3a26a5427dd81019b517a18804f >Author: Steve Lawrence <slawrence@tresys.com> >Date: Tue Nov 16 11:23:01 2010 -0500 > > bump policycoreutils to 2.0.84 > > Signed-off-by: Steve Lawrence <slawrence@tresys.com> > >commit 7e0f0124743d241354afa888f3bfe23355679bc9 >Author: Steve Lawrence <slawrence@tresys.com> >Date: Wed Oct 27 16:50:00 2010 -0400 > > Cleanup/minor fixes to mcstrans > > The majority of the patch is just handling the case of memory > allocation failures and making sure things get cleaned up correctly in > those cases. > > This also moves duplicate code in parse_ebitmap() and parse_raw() into > parse_category(), and also updates the parse function to ensure the > config files are in the correct format. > > Signed-off-by: Steve Lawrence <slawrence@tresys.com> > >commit c89625db93f63f29a57451e692ae33ab24d49291 >Author: Xavier Toth <txtoth@gmail.com> >Date: Wed Jul 21 15:40:00 2010 -0400 > > Add mcstrans to policycoreutils > > SELinux Project contribution of mcstrans. mcstrans is a userland package > specific to SELinux which allows system administrators to define > sensitivity levels and categories and provides a daemon for their > translation into human readable form. This version is a merge of Joe > Nalls git tree ( http://github.com/joenall/mcstrans) and patches > supplied by Dan Walsh and others at RedHat. > > Ted > > Signed-off-by: Steve Lawrence <slawrence@tresys.com> > >commit fe19c7a6acf984f20875bbc1c3735e9796fc98ca >Author: Chad Sellers <csellers@tresys.com> >Date: Mon Jun 14 16:33:29 2010 -0400 > > bump libselinux to 2.0.96 and checkpolicy to 2.0.22 > > Signed-off-by: Chad Sellers <csellers@tresys.com> > >commit 6a17cfaafcdab82c9909eccff56968913b36a631 >Author: KaiGai Kohei <kaigai@ak.jp.nec.com> >Date: Mon Jun 14 15:21:51 2010 -0400 > > Author: KaiGai Kohei > Email: kaigai@ak.jp.nec.com > Subject: libselinux APIs should take "const" qualifier? > Date: Tue, 23 Mar 2010 11:56:36 +0900 > > (2010/03/19 22:32), Stephen Smalley wrote: > > On Fri, 2010-03-19 at 16:52 +0900, KaiGai Kohei wrote: > >> Right now, security_context_t is an alias of char *, declared in selinux.h. > >> > >> Various kind of libselinux API takes security_context_t arguments, > >> however, it is inconvenience in several situations. > >> > >> For example, the following query is parsed, then delivered to access > >> control subsystem with the security context as "const char *" cstring. > >> > >> ALTER TABLE my_tbl SECURITY LABEL TO 'system_u:object_r:sepgsql_table_t:SystemHigh'; > >> const char *<---- ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > >> > >> In this case, we want to call selinux_trans_to_raw_context() to translate > >> the given security context into raw format. But it takes security_context_t > >> argument for the source context, although this pointer is read-only. > >> In the result, compiler raises warnings because we gave "const char *" pointer > >> into functions which take security_context_t (= char *). > >> > >> Any comments? > >> > >> It seems to me the following functions' prototype should be qualified by > >> "const". > > > > That seems reasonable and should have no impact on library ABI. > > On the other hand, others have pointed out that security_context_t is > > not a properly encapsulated data type at all, and perhaps should be > > deprecated and replaced with direct use of char*/const char* throughout. > > > > There are other library API issues as well that have come up in the > > past, such as lack of adequate namespacing (with approaches put forth), > > but we don't ever seem to get a round tuit. > > At first, I tried to add const qualifiers read-only security_context_t > pointers, but didn't replace them by char */const char * yet, right now. > > BTW, I could find out the following code: > > int security_compute_create(security_context_t scon, > security_context_t tcon, > security_class_t tclass, > security_context_t * newcon) > { > int ret; > security_context_t rscon = scon; > security_context_t rtcon = tcon; > security_context_t rnewcon; > > if (selinux_trans_to_raw_context(scon, &rscon)) > return -1; > if (selinux_trans_to_raw_context(tcon, &rtcon)) { > freecon(rscon); > return -1; > } > : > > In this case, scon and tcon can be qualified by const, and the first > argument of selinux_trans_to_raw_context() can take const pointer. > But it tries to initialize rscon and tscon by const pointer, although > these are used to store raw security contexts. > The selinux_trans_to_raw_context() always set dynamically allocated > text string on the second argument, so we don't need to initialize it > anyway. I also removed these initializations in this patch. > > Does the older mcstrans code could return without allocation of raw > format when the given scon is already raw format? I don't know why > these are initialized in this manner. > > Thanks. > -- > KaiGai Kohei <kaigai@ak.jp.nec.com> > > Signed-off-by: Chad Sellers <csellers@tresys.com> > >commit 8867e1694fd6ca972581d56c725859fdf87b0e10 >Author: Steve Lawrence <slawrence@tresys.com> >Date: Mon Jun 14 14:45:46 2010 -0400 > > Author: Steve Lawrence > Email: slawrence@tresys.com > Subject: Minor fixup of checkmodule man page. > Date: Fri, 11 Jun 2010 15:25:58 -0400 > > On Mon, 2010-05-03 at 13:45 -0400, Daniel J Walsh wrote: > > Quality Engineering is going through all commands on the system looking > > for mismatches between man page/usage and actual code. > > > > It found that checkmodule had a -d option that is unused and undocumented -h > > Reviewed-by: Steve Lawrence <slawrence@tresys.com> > > I'd just add the long --help option to the man page for completeness: > > Signed-off-by: Chad Sellers <csellers@tresys.com> > >commit 36fe4c35ee6b86d11db92f047120b3e38ff64fa9 >Author: Daniel J Walsh <dwalsh@redhat.com> >Date: Mon Jun 14 14:44:44 2010 -0400 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: Minor fixup of checkmodule man page. > Date: Mon, 03 May 2010 13:45:30 -0400 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Quality Engineering is going through all commands on the system looking > for mismatches between man page/usage and actual code. > > It found that checkmodule had a -d option that is unused and undocumented -h > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.14 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkvfC7oACgkQrlYvE4MpobNPrACg0uP02CWYPs9YcdU87jts9YqT > hMAAn2QA1UWZpGLvvU4yxStmhUU1Kg1+ > =topF > -----END PGP SIGNATURE----- > > Signed-off-by: Chad Sellers <csellers@tresys.com> > >commit 02fd1f3308f3b783c110d930a1f491ff08ae3d71 >Author: Chad Sellers <csellers@tresys.com> >Date: Thu Jun 10 16:58:04 2010 -0400 > > bump policycoreutils to 2.0.83 > >commit 0750eb51143bb3f440d562fed80ef930bf3bfe85 >Author: Chad Sellers <csellers@tresys.com> >Date: Thu Jun 10 16:57:28 2010 -0400 > > bump libselinux to 2.0.95 > >commit 582fd00c7b493010f93696f0bfcc55412ab40c07 >Author: Steve Lawrence <slawrence@tresys.com> >Date: Thu Jun 10 16:37:59 2010 -0400 > > Author: Steve Lawrence > Email: slawrence@tresys.com > Subject: Updated sandbox patch. > Date: Mon, 07 Jun 2010 17:53:41 -0400 > > On Thu, 2010-05-27 at 08:57 -0400, Daniel J Walsh wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > On 05/26/2010 04:06 PM, Steve Lawrence wrote: > > > On Wed, 2010-05-19 at 15:59 -0400, Daniel J Walsh wrote: > > > Fixed patch that handles Spaces in homedir. > > > > > The following patch makes a few updates the the sandbox patch, though I > > > have a question: > > > > > Is the sandbox.init script needed anymore? It looks like seunshare was > > > changed to now bind mount and make private the necessary directories. > > > The only thing that seems missing is making root rshared. Also, if the > > > init script is obsolete, do the mounts also need the MS_REC flag for > > > recursive bind/private like they are mounted in the init script? e.g. > > > > The init script is needed for the xguest package/more specifically > > pam_namespace, but also needed for > > mount --make-rshared / > > > > Whether the init script belongs in policycoreutils is questionable though. > > > > > > > mount(dst, dst, NULL, (MS_BIND | MS_REC), NULL) > > > mount(dst, dst, NULL, (MS_PRIVATE | MS_REC), NULL) > > > > We probably should add these. Although it is not likely. > > > > > Changes the following patch makes: > > > > > sandbox.py > > > - Removes unused 'import commands' > > > - Fixes the chcon function, and replaces the deprecated os.path.walk > > > with os.walk. I think this way is a bit easier to read too. > > > > I think chcon should be added to libselinux python bindings and then > > leave the recursive flag. (restorecon is currently in python bindings._ > > > > > - Removes the 'yum install seunshare' message. This tool is not specific > > > to RPM based distros. > > > > People are using seunshare without X now that I have added the -M flag. > > So I will move it from the -gui package to the base package with > > sandbox and then this should not be necessary. > > > - Remove try/except around -I include to be consistent with the -i > > > option. If we can't include a file, then this should bail, no matter > > > if it's being included via -i or -I. > > > > Ok, I was thinking you could list a whole bunch of files in the -I case > > and if one does not exist, allow it to continue. But I don't really care. > > > - Fix homedir/tmpdir typo in chcon call > > > > > sandbox.init (maybe obsoleted?) > > > - Fix restart so it stops and starts > > > - unmount the bind mounts when stopped > > I doubt this will work. Two many locks in /tmp /home > > > - Abort with failure if any mounts fail > > > > > seunshare.c > > > - Define the mount flag MS_PRIVATE if it isn't already. The flag is only > > > defined in the latest glibc but has been in the kernel since 2005. > > > - Simplify an if-statment. Also, I'm not sure the purpose of the > > > strncmmp in that conditional, so maybe I've oversimplified. > > This is wrong. The problem comes about when you mount within the same > > directory. > > > > seunshare -t /home/dwalsh/sanbox/tmp -h /home/dwalsh/sandbox/home ... > > > > seunshare -t /tmp/sandbox/tmp -h /tmp/sandbox/home > > > > If you do not have the check one of the above will fail. > > > > In the first example if Homedir is mounted first, > > /home/dwalsh/sanbox/tmp will no longer exist when seunshare attempts to > > mount it on /tmp. > > > > Similarly, if /tmp is mounted first in the second example. > > /tmp/sandbox/home will no longer exist. > > > > You have to check to make sure one of the directories is not included in > > the other. > > > > It seems > > > like maybe an error should be thrown if tmpdir_s == pw_dir or > > > homedir_s == "/tmp", but maybe I'm missing something. > > > > See above. > > > > I was blowing up because I use > > > > ~/sandbox/tmp and ~/sandbox/home for my mountpoints. > > <snip> > > Below is an updated patch that makes a few changes the the latest > Sandbox Patch [1]. This requires the chcon patch [2]. > > Changes this patch makes: > > sandbox.py > - Remove unused 'import commands' > - Uses new chcon method in libselinux [2] > - Removes the 'yum install seunshare' message > - Converts an IOError to a string for printing a warning if a file > listed in -I does not exist > > sandbox.init > - Print the standard Starting/Stoping messages with the appropriate > OK/FAIL > - Abort with failure if any mounts fail > > seunshare.c > - Add the MS_REC flag during mounts to perform recursive mounts > - Define the mount flags MS_PRIVATE and MS_REC if they aren't already. > The flags are only defined in the latest glibc but have been in the > kernel since 2005. > - Calls realpath(3) on tmpdir_s and homedir_s. If relative paths are > used, it wouldn't correctly detect that tmpdir is inside homedir and > change the mount order. This fixes that. > > [1] http://marc.info/?l=selinux&m=127429948731841&w=2 > [2] http://marc.info/?l=selinux&m=127594712200878&w=2 > > Signed-off-by: Chad Sellers <csellers@tresys.com> > >commit d6848ea77d9e0fed546a8286f8c62fe32be58ace >Author: Daniel J Walsh <dwalsh@redhat.com> >Date: Thu Jun 10 16:35:55 2010 -0400 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: Updated sandbox patch. > Date: Wed, 19 May 2010 15:59:28 -0400 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Fixed patch that handles Spaces in homedir. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.14 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkv0QyAACgkQrlYvE4MpobNBXQCgmUu92HsN5PiksOTZoGxSp0W+ > 1noAoKoCujFPLHduJ9BP3hrveeXvGKXO > =iqC+ > -----END PGP SIGNATURE----- > > Signed-off-by: Chad Sellers <csellers@tresys.com> > >commit 537721089af4466962e1520a571e4478d040edb3 >Author: Steve Lawrence <slawrence@tresys.com> >Date: Thu Jun 10 13:56:57 2010 -0400 > > Author: Steve Lawrence > Email: slawrence@tresys.com > Subject: Add chcon method to libselinux python bindings > Date: Mon, 7 Jun 2010 17:40:05 -0400 > > Adds a chcon method to the libselinux python bindings to change the > context of a file/directory tree. > > Signed-off-by: Chad Sellers <csellers@tresys.com> > >commit 8f007923dd4ff89652479587d96e22bc63dbf822 >Author: Chad Sellers <csellers@tresys.com> >Date: Wed Jun 2 14:39:36 2010 -0400 > > [PATCH] Remove duplicate slashes in paths in selabel_lookup > > This patch simply removes duplicate slashes (meaning "//") from > pathnames passed into selabel_lookup. It does not do a full > realpath() calculation (e.g. following symlinks, etc.), as the > client should really do that before calling into libselinux. > > Signed-off-by: Chad Sellers <csellers@tresys.com> > >commit edf1df5429e0b819ee8fdd9f73ec95190fcae379 >Author: Joshua Brindle <method@manicmethod.com> >Date: Wed Mar 24 15:40:05 2010 -0400 > > bump sepolgen to 2.0.82 > >commit 734f7621b8b4e6d8af0746ed9cce927a80667470 >Author: Joshua Brindle <method@manicmethod.com> >Date: Wed Mar 24 14:28:39 2010 -0400 > > bump libselinux to 2.0.94 > >commit 7dcf27a7916db8172db015439ded5b914da25bc1 >Author: Daniel J Walsh <dwalsh@redhat.com> >Date: Wed Mar 24 09:17:03 2010 -0400 > > Patch to context_new to set errno to EINVAL on bad values > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit d57ea2c2c086b711c6272dfbbfd3244a29287d8d >Author: Joshua Brindle <method@manicmethod.com> >Date: Wed Mar 24 13:55:23 2010 -0400 > > reactivate attribute mapping unit test > > This test must have been disabled a very long time ago, before attributes were present in the kernel policy. Since the attributes are now present this unit test should be turned back on, unless I'm missing something pretty major (it looks reasonable and is successful when run). > > Signed-off-by: Joshua Brindle <jbrindle@tresys.com> > >commit 4bbaeeb7bb266e61b9304623cd8d93fd390c5961 >Author: Joshua Brindle <method@manicmethod.com> >Date: Wed Mar 24 13:47:39 2010 -0400 > > bump sepolgen to 1.0.23 > >commit 6e35202e203951cb0a864e75fb196bb24fc5f979 >Author: Daniel J Walsh <dwalsh@redhat.com> >Date: Wed Mar 24 13:08:23 2010 -0400 > > sepolgen unit tests fail > > Patch to fix unit test. > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit bc256454b72a898ec4c63985f29087d1f9b39296 >Author: Karl MacMillan <kmacmillan@tresys.com> >Date: Tue Mar 23 09:11:24 2010 -0400 > > Bump sepolgen to 1.0.22 > >commit 52f9d9f2ad3225e44f9fd55722b49231f060e2f3 >Author: Karl MacMillan <karlwmacmillan@gmail.com> >Date: Fri Mar 12 14:57:02 2010 -0500 > > Sepolgen: improve parser error recovery > > Sepolgen has long not recovered from parsing errors, leading to > a blacklist of none bad modules in the source. I finally tracked > down the problem (lexer state) and this patch fixes the problem > by causing the lexer to be rebuilt on error. > > Acked-by: Joshua Brindle <jbrindle@tresys.com> > >commit 386ab8df8e2f0ab4938edaa4a82779ef2c794a9c >Author: Eamon Walsh <ewalsh@tycho.nsa.gov> >Date: Thu Mar 18 18:27:07 2010 -0400 > > Typo fix in ChangeLog. > > Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> > >commit e796cee3f5c0dba5b66dcaa521bc5c533abccb56 >Author: Joshua Brindle <method@manicmethod.com> >Date: Thu Mar 18 16:52:16 2010 -0400 > > bump sepolgen to 1.0.21 > >commit e53b2cebf21b5e793642cbc6b12334407756734d >Merge: 5af0827 0b2e0bd >Author: Joshua Brindle <method@manicmethod.com> >Date: Thu Mar 18 16:38:45 2010 -0400 > > Merge branch 'master' of oss.tresys.com:/home/git/selinux > >commit 5af082709774bd19e7b6836eccc6bfb162a87185 >Author: Daniel J Walsh <dwalsh@redhat.com> >Date: Thu Mar 18 16:38:17 2010 -0400 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: Small patch to fix is_selinux_enabled man page. > Date: Tue, 16 Mar 2010 12:35:22 -0400 > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit 03cd8c2d47eb5ad3d7242ac1a0c71adc1e16ad89 >Author: Daniel J Walsh <dwalsh@redhat.com> >Date: Fri Mar 12 12:58:02 2010 -0500 > > This patch allows audit2allow to look at all avc's since the last time the machine booted. > > Acked-by: Karl MacMillan <kmacmillan@tresys.com> > >commit 6688e9676776addd3e8e13045eafd03b1e6767e3 >Author: Daniel J Walsh <dwalsh@redhat.com> >Date: Fri Mar 12 12:50:15 2010 -0500 > > This simple patch fixes the output of sepolgen to match what Chris expects for upstream policy. > > Acked-by: Karl MacMillan <kmacmillan@tresys.com> > >commit 0b2e0bd5d0b05e5f498ba9ea51af8fa7bb8ac788 >Author: Eamon Walsh <ewalsh@tycho.nsa.gov> >Date: Mon Mar 15 19:00:59 2010 -0400 > > Bump libselinux to 2.0.93 > >commit dbbd0ab9038349e6f085f575fc0fdfd4791710b3 >Author: Eamon Walsh <ewalsh@tycho.nsa.gov> >Date: Mon Mar 15 18:40:40 2010 -0400 > > Show strerror for security_getenforce(). > > Patch by Colin Waters. > > Acked-by: Stephen Smalley <sds@tycho.nsa.gov> > >commit 70aeeb918aa721ad90ed8e1b433a55c8ecf2cb83 >Author: Eamon Walsh <ewalsh@tycho.nsa.gov> >Date: Mon Mar 15 18:38:35 2010 -0400 > > This patch allows selabel_*() interfaces to provide an expected security context > for the given database object identified by its name and object class. > It is necessary to implement a feature something like the restorecon on databases. > > The specfile shall be described as follows: > ------------------------ > # > # The specfile for database objects > # (for SE-PostgreSQL) > # > # <object class> <object name> <security context> > # > db_database * system_u:object_r:sepgsql_db_t:s0 > > db_schema *.pg_catalog system_u:obejct_r:sepgsql_sys_schema_t:s0 > db_schema *.* system_u:object_r:sepgsql_schema_t:s0 > > db_table *.pg_catalog.* system_u:object_r:sepgsql_sysobj_t:s0 > db_table *.*.* system_u:object_r:sepgsql_table_t:s0 > ------------------------ > > - All the characters after the '#' are ignored. > - Wildcards ('*' and '?') are available. > - It returns the first match security context. > > Note that hierarchy of the namespace of database objects depends on RDBMS. > So, author of the specfile needs to write correct patterns which are suitable > for the target RDBMS. The patched selabel_*() interfaces don't have any > heuristics for the namespace hierarchy to be suitable for widespread RDBMSs. > In the case of SE-PgSQL, when we lookup an expected security context for the > 'my_table' table in the 'public' schema and 'postgres' database, the caller > shall provide 'postgres.public.my_table' as a key. > > In the default, it tries to read a specfile which maps database objects and security > context from the /etc/selinux/$POLICYTYPE/contexts/sepgsql_contexts. > Note that when another RDBMS uses this interface, it needs to give an explicit > SELABEL_OPT_PATH option on the selabel_open(). > > Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com> > Acked-by: Eamon Walsh <ewalsh@tycho.nsa.gov> > >commit 78bc1a58bc14c3f3af1ba88cb496c09bbd3f5365 >Merge: b5b2c2c 61d005b >Author: Joshua Brindle <method@manicmethod.com> >Date: Fri Mar 12 08:33:37 2010 -0500 > > Merge branch 'master' of oss.tresys.com:/home/git/selinux > >commit b5b2c2c2fefcd305362fbaa748c4eaf4d467a721 >Author: Joshua Brindle <method@manicmethod.com> >Date: Fri Mar 12 08:32:38 2010 -0500 > > bump policycoreutils to 2.0.81 and sepolgen to 1.0.20 > >commit f509e1e8b96cd1b1c815d8007ace1d19021db0e2 >Author: Daniel J Walsh <dwalsh@redhat.com> >Date: Mon Mar 8 14:33:03 2010 -0500 > > Audit2allow generating dontaudit rules. > > On 03/08/2010 11:11 AM, Karl MacMillan wrote: > > Accidentally sent this straight to Josh. > > > > Karl > > > > On Thu, Mar 4, 2010 at 4:46 PM, Karl MacMillan<karlwmacmillan@gmail.com> wrote: > > > >> I meant this - I don't want to pass around a boolean flag when we have > >> a flag for rule type. This allows cleanly adding support for, say, > >> generating both allow rules and auditallow rules at the same time. > >> > >> > <snip> > > Ok this one only adds a flag to the policygenerator to tell it to > generate dontaudit rules. > > No passing of args. > > Acked-by: Karl MacMillan <karlwmacmillan@gmail.com> > >commit 61d005b739f34b9471244428769a156d57358c9c >Author: Eamon Walsh <ewalsh@tycho.nsa.gov> >Date: Fri Feb 26 15:18:38 2010 -0500 > > libselinux: fix avc_netlink_loop() error caused by nonblocking mode. > > avc_open() creates the netlink socket in nonblocking mode. If the > application later takes control of the netlink socket with > avc_netlink_acquire_fd() and then calls avc_netlink_loop(), it > will fail with EWOULDBLOCK. > > To remedy this, remove the O_NONBLOCK flag from the netlink socket > at the start of avc_netlink_loop(). Also, with this fix, there is > no need for avc_open() to ever create a blocking socket, so change > that and update the man page. > > -v2: use poll() in avc_netlink_check_nb(). This makes both > avc_netlink_loop() and avc_netlink_check_nb() independent of the > O_NONBLOCK flag. > > -v3: move poll() to avc_receive() internal function; patch by > KaiGai Kohei <kaigai@kaigai.gr.jp> > > Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> > >commit a73f32c3e35093e5eaf9820954e56fdc1b327e8b >Author: Joshua Brindle <method@manicmethod.com> >Date: Sun Mar 7 10:04:24 2010 -0500 > > bump policycoreutils to 2.0.80 > >commit e6bfff4372a2bf5fe8dbd1de49ffb6cf366b39e0 >Author: Joshua Brindle <method@manicmethod.com> >Date: Sat Mar 6 18:10:51 2010 -0500 > > bump libsemanage to 2.0.45 and libselinux to 2.0.92 > >commit 7420787817c4949276d7947202b49d78eba37c13 >Author: Daniel J Walsh <dwalsh@redhat.com> >Date: Wed Feb 24 14:35:07 2010 -0500 > > updated libselinux pkgconfig does not work correctly on lib64 machines. > > On 02/24/2010 02:24 PM, Daniel J Walsh wrote: > > > Ignore the first patch it was missing pc.in files. > > Acked-by: Eamon Walsh <ewalsh@tycho.nsa.gov> > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit d03b94113615c1751b8a074bbd4064d915c70ff9 >Author: Joshua Brindle <method@manicmethod.com> >Date: Sat Mar 6 17:42:12 2010 -0500 > > regenerate swig wrappers > >commit c1323f22c7ad93b975eb8b6a251b893bc88f240f >Author: Joshua Brindle <method@manicmethod.com> >Date: Sat Mar 6 17:39:47 2010 -0500 > > fixes to commit 847d27b8385ce77ac71df8aa58a2d298b33d1ea4 > > - implicit declaration of semanage_module_enabled() > - added nicer error messages when disabling or enabling modules already disabled or enabled > - fix comment > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit 654dcb897e49908a958dae55cf29793412c4b390 >Author: Daniel J Walsh <dwalsh@redhat.com> >Date: Wed Feb 24 14:50:41 2010 -0500 > > Last attempt at upstreaming semodule_disable patch. > > This patch allows you to disable/Enable policy modules. > > It never seems to get upstreamed. :^( > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit 660f70f4c4c169214da8ac670fbecfb37ce3d2d5 >Author: Daniel J Walsh <dwalsh@redhat.com> >Date: Sun Feb 28 17:54:18 2010 -0500 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: Fix memory leak on disabled selinux machines. > Date: Wed, 24 Feb 2010 14:15:31 -0500 > > I think this patch originally came from Eric Paris and was updated by > others but has not been adopted yet. Not sure why. > > Always free buf on exit. > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit c8d100bb03e0fe0501037b914fe3638afd593ee4 >Author: Daniel J Walsh <dwalsh@redhat.com> >Date: Thu Feb 25 16:08:28 2010 -0500 > > Patch to run genhomedircon without looking at /etc/passwd > > I want to change the default of libsemanage to not look for home > directories in getpwent. This patch allows you to set the flag > usepasswd=false in the semanage.conf file. and genhomedircon will only > setup the labeling of /home, /export/home and any confined users homedirs. > > If this patch is not acceptable because libsemanage is being rewritten, > I would like the functionality to be added to the new libsemanage. > >commit 955f8d8e288bbba32732a661d1db6b2c471ae91e >Author: Stephen Smalley <sds@tycho.nsa.gov> >Date: Mon Feb 22 15:35:02 2010 -0500 > > libselinux 2.0.91 > >commit 070505f16f59b1ddbc6af670a04a3610253f50fc >Author: Stephen Smalley <sds@tycho.nsa.gov> >Date: Tue Feb 16 09:29:31 2010 -0500 > > label_file.c:434: error: implicit declaration of function 'fstat' > > On Mon, 2010-02-15 at 14:19 -0800, Justin Mattock wrote: > > this is new: > > > > > > make[2]: Leaving directory `/home/kernel/selinux/libselinux/include' > > make -C src install > > make[2]: Entering directory `/home/kernel/selinux/libselinux/src' > > cc -Werror -Wall -W -Wundef -Wshadow -Wmissing-noreturn > > -Wmissing-format-attribute -I../include -I/usr/include -D_GNU_SOURCE > > -D_FILE_OFFSET_BITS=64 -c -o label_file.o label_file.c > > cc1: warnings being treated as errors > > label_file.c: In function 'init': > > label_file.c:434: error: implicit declaration of function 'fstat' > > label_file.c:436: error: implicit declaration of function 'S_ISREG' > > make[2]: *** [label_file.o] Error 1 > > make[2]: Leaving directory `/home/kernel/selinux/libselinux/src' > > make[1]: *** [install] Error 2 > > make[1]: Leaving directory `/home/kernel/selinux/libselinux' > > make: *** [install] Error 1 > > > > three areas where this could of been created > > update glibc > > updated kernel > > update userspace(altohugh there was not vary many commits in the pull). > > Newer glibc headers expose a failure to #include the required headers > for stat(2). Also exposes a conflict in redefining close() in that > file. Patch below should fix. > >commit 0fc6c7762c2174a5fb3b978891b0adf8930aa184 >Author: Stephen Smalley <sds@tycho.nsa.gov> >Date: Fri Feb 5 09:24:41 2010 -0500 > > libselinux: Only audit permissions specified by the policy > > Only audit the permissions specified by the policy, excluding any > permissions specified via dontaudit or not specified via auditallow. > This only shows up when a single avc_has_perm() call is made with > multiple permissions where some of those permissions are dontaudit'd or > auditallow'd while others are not. The corresponding kernel patch has > already been applied, see: > http://git.kernel.org/?p=linux/kernel/git/jmorris/security-testing-2.6.git;a=commit;h=b6cac5a30b325e14cda425670bb3568d3cad0aa8 > > Signed-off-by: Stephen D. Smalley <sds@tycho.nsa.gov> > >commit 9a1814832b7e3b046d8edd5d7691a7a3aae427f6 >Author: Stephen Smalley <sds@tycho.nsa.gov> >Date: Tue Feb 2 15:34:16 2010 -0500 > > libsemanage 2.0.44 > >commit 0b2f9ef8f3f91cd6e202dc8bdfe8e1156ae6c01a >Author: Stephen Smalley <sds@tycho.nsa.gov> >Date: Mon Jan 25 13:55:33 2010 -0500 > > bzip support in libsemanage and out of memory (userspace ticket 7) > > On Sun, 2010-01-24 at 21:29 +0100, Guido Trentalancia wrote: > > Hi ! > > > > Has anybody had any time to look at this ticket: > > http://userspace.selinuxproject.org/trac/ticket/7 ? > > > > I have experienced the same issue and verified that the problem is actually triggered by the bzip support (as pointed out by Stephen Smalley back in August). In fact, if I use bzip-blocksize=0 in semanage.conf then the problem disappears... > > > > Otherwise with a default semanage.conf and bzip enabled, I get: > > > > libsepol.module_package_read_offsets: offset greater than file size (at 4, offset 200478 -> 8192 (No such file or directory). > > libsemanage.semanage_load_module: Error while reading from module file /etc/selinux/refpolicy/modules/tmp/base.pp. (No such file or directory). > > semodule: Failed! > > > > I am using libsepol-2.0.41 and libsemanage-2.0.42. > > Looking into this more closely, I believe this is another manifestation > of: > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543915#17 > > which was ultimately traced down to two issues: > 1) A missing offset check in libsepol (fixed in libsepol 2.0.38), and > 2) A bug / lack of binary mode support in the fmemopen implementation in > glibc that was later fixed, see: > http://sourceware.org/bugzilla/show_bug.cgi?id=6544 > > Maybe you have the older glibc still? > > Looking at the libsemanage code though, I think we could in fact avoid > any dependency on fmemopen by using the native libsepol support for > operating on a memory region via sepol_policy_file_set_mem(), ala: > > Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> > >commit aafcaeb751399914356b93658be3dbbcd94bf6b0 >Author: Chad Sellers <csellers@tresys.com> >Date: Tue Jan 26 16:56:04 2010 -0500 > > bump policycoreutils to 2.0.79 > >commit 3084b9a1f961a61de137366594b0836654ab0691 >Author: Chad Sellers <csellers@tresys.com> >Date: Wed Dec 30 16:59:48 2009 -0500 > > Fix double free in newrole when it fails to exec. > > Signed-off-by: Chad Sellers <csellers@tresys.com> > >commit 32cf5d539b4b4852d9de966578eae3ad5560cd63 >Author: Joshua Brindle <method@manicmethod.com> >Date: Fri Nov 27 15:03:02 2009 -0500 > > bump checkpolicy to 2.0.21, libselinux to 2.0.90 and sepolgen to 1.0.19 > >commit a69fb97edd244b94b2289ee3d0874f989b6ffe9c >Author: Manoj Srivastava <srivasta@debian.org> >Date: Tue Oct 20 10:34:40 2009 -0500 > > exception.sh contains bashisms > > Hi folks, > > The script, src/exception.sh, contains so called bashisms > (constructs not supported by POSIX, but present as bash > extensions). This means when trying to build on systems where /bin/sh > is not bash, the build fails with an error. This patch uses bash to > run exception.sh. This bug affects a significant subset of Debian and > Debian derivative machines. > > manoj > > Signed-off-by: Manoj Srivastava <srivasta@debian.org> > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit 48412c39302de7dfd1ba20d8bab042e6fa082c33 >Author: Joshua Brindle <method@manicmethod.com> >Date: Fri Nov 27 14:44:41 2009 -0500 > > Author: Guido Trentalancia > Email: guido@trentalancia.com > Subject: Contributed manual pages for libselinux > Date: Sat, 21 Nov 2009 20:51:17 +0100 > > Hello Eamon ! > > On Fri, 2009-11-20 at 21:42 -0500, Eamon Walsh wrote: > > > Hi, thanks for doing this. Some quick review below. > > You are welcome, I suppose it was a boring task for many... > > Thanks very much for reviewing the changes. And please accept my > apologies for not placing "[PATCH]" in the subject of the original post. > I had just subscribed to the list. > > I left you cc address intact here... > > > There is too much in matchpathcon(3) now. It's going to need to be > > split up into different pages, perhaps the init/fini/teardown stuff in > > one page, the lookup calls in another, and the non-matchpathcon prefixed > > calls in a third page. > > > > Also, .so manpage links are needed for all the calls here. > > Yes, matchpathcon is a mess. Following your guidelines, I have now > splitted the huge and messy page in several different man pages. It's > easier to consult and easier to maintain. > > The first part (page) is strictly related to _init, its variant > _init_index, _fini, matchpathcon and its variant matchpathcon_index. > Nice and concise. References are provided in the "SEE ALSO" section to > the rest. > > The second page describes the auxiliary lookup calls > (matchpathcon_checkmatches) and the inode associations functions > (matchpathcon_filespec_{add,destroy,eval}). The reference section points > to the main matchpathcon page. > > A third page has been created for the functions that are used to set the > flags (set_matchpathcon_flags) or to configure the behaviour of the main > matchpathcon functions (set_matchpathcon_invalidcon and > set_matchpathcon_printf). > > A fourth and fifth page is devoted to functions that should never had > ended up in matchpathcon (selinux_file_context_cmp and > selinux_file_context_verify in one page and selinux_lsetfilecon_default > in another one): we do not really need to save electrons needed for new > pages... > > > > > > > > * print_access_vector > > > > > > > Looks good. > > No modifications. > > > > * security_disable > > > > > > > See the selinux.h comments for this. It needs to be documented that > > this function can only be called at startup time. > > Ok. I have stressed that now and also mentioned that after the policy > has been loaded at startup, then only "setenforce" can be used to alter > (not disable) the mode of the SELinux kernel code (for example by > placing it into "permissive" mode). > > > > * security_set_boolean_list > > > > > > > a RETURN VALUE section is needed in this page, documenting at least this > > call if not the others in that page. > > I have now added a "RETURN VALUE" section. > > Also, to avoid confusion, I have rephrased the word "returns" in > "provides" when not strictly referring the to the return value of the > function (take for example security_get_boolean_names(), strictly > speaking the function returns an integer representing 0=success or > -1=failure, although from a conceptual point of view it also returns a > list trough modification of one of its parameters passed by reference). > > Usually when an application developer looks at the "RETURN VALUE" > section it is because he/she has already planned/coded the call to the > function (and thus also the handling to parameters passed by reference) > and only needs to check for the function exit status so that it can be > handled properly at the call point. > > > > * selinux_check_passwd_access > > > > > > > This is a replacement for the inconsistently named "checkPasswdAccess" > > function. So, the existing description of checkPasswdAccess should be > > moved to this function, and checkPasswdAccess should be changed to "this > > is a deprecated alias for selinux_check_passwd_access". > > Yes, I have now mentioned that checkPasswdAccess is deprecated. We are > referring to file security_compute_av.3 as the description of these two > functions lives there... > > By the way, it has been pointed out that this function should not > hard-code a string. I also agree with him, there is a generic constant > for such "passwd" object class, it is defined in flask.h could be used > instead of the string, thus avoiding hard-coding and also allowing to > save a few cycles and be theoretically future-proof (if ever the name > would change, say to "password", "auth-token" or anything else). > > libselinux/src/checkAccess.c.orig 2009-11-21 20:07:21.000000000 > libselinux/src/checkAccess.c 2009-11-21 20:08:36.000000000 > @@ -13,17 +13,12 @@ int selinux_check_passwd_access(access_v > if (is_selinux_enabled() == 0) > return 0; > if (getprevcon_raw(&user_context) == 0) { > - security_class_t passwd_class; > struct av_decision avd; > int retval; > > - passwd_class = string_to_security_class("passwd"); > - if (passwd_class == 0) > - return 0; > - > retval = security_compute_av_raw(user_context, > user_context, > - passwd_class, > + SECCLASS_PASSWD, > requested, > &avd); > > Note that the above code, should really live in the application and not > in the selinux library. It used to be like that, then for some reason it > has been introduced. Redhat's passwd and cronie are calling the library > function and thus at the moment they rely on it. But for example, > util-linux-ng has the code in it and does not call this function, as I > believe it should be. A very minor issue anyway... > > > > * selinux_init_load_policy > > > > > > > A paragraph break is needed in the DESCRIPTION section before this function. > > Done. I have also added a note to the already mentioned fact that after > initial policy load, SELinux cannot be anymore disabled using calls to > security_disable(3). > > > > * selinux_lsetfilecon_default > > > > > > > See notes above about the matchpathcon manpage. > > Yes, separate man page now. > > > > * selinux_mkload_policy > > > > > > > Looks good. > > No modifications. > > > > * set_selinuxmnt > > > > > > > This manpage includes two static functions that are not part of the > > libselinux API (at least, not anymore) and should be removed. > > > > Also, I'm not comfortable with the description given. Instead, use the > > comments in selinux.h, which are more accurate and verbose. > > > > Please let me know if things are any better now. > > I did also provide on the same day a patch for beautifying and improving > the command-line option parsing of a few utilities (a ticket had been > created by somebody). That patch provides those improvement according to > GNU-style parsing of "help" and "version" options (including long-option > variants). I think it also fixes a couple of typos here and there. Feel > free to include that patch too if you like it, so that the ticket can be > closed ! I will attach it again in another separate message: it has been > slightly modified in order to apply cleanly to the latest git snapshot. > > More important, I was also thinking about fingerprinting (and > subsequently checking) the libraries with some cryptographic hash > function such as the NIST-recommended SHA2. It is beginning to be done > for security-related projects like OpenSSL, so I believe it is even more > essential for SELinux. Ever thought about anything like that ? > > Best regards, > > Guido > > Signed-off-By: Joshua Brindle <method@manicmethod.com> > >commit bf57d2349edec2cfe3d43eb71567a6b851bfc6cd >Author: Guido Trentalancia <guido@trentalancia.com> >Date: Mon Nov 2 18:14:28 2009 +0100 > > Patch for Ticket #1 [1672486] (checkpolicy/checkmodule) > > This patch is proposed to solve Ticket #1 [1672486] (command line > binaries should support --version and --help). > > It adds handling of -h, -V and the long formats --help and --version to > all binaries (checkpolicy/checkmodule). > > It also adds handling of long options for some of the available options. > > Manual pages have also been updated accordingly (and a few undocumented > options have been documented). > > Guido Trentalancia > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit a3ccf607a2137a2bdfd21b21502803d02a1ea530 >Author: Stephen Smalley <sds@tycho.nsa.gov> >Date: Tue Sep 8 10:10:07 2009 -0400 > > policycoreutils: audit2allow -l doesn't work with dmesg pipe > > On Mon, 2009-08-24 at 23:37 +1000, Russell Coker wrote: > > On Mon, 24 Aug 2009, Daniel J Walsh <dwalsh@redhat.com> wrote: > > > >>> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503252 > > > >> > > > >> audit2allow -l is looking for the load_policy message which does not go > > > >> to the dmesg, /var/log/messages. Therefore the tool has no idea when > > > >> policy was last loaded. > > > > > > > > That would be a kernel bug then. > > > > > > Well I believe the messages that are intercepted by the audit.log do not go > > > into dmesg, by design. Although Steve, James or Eric could probably say for > > > sure. > > > > When auditd is not running on a Debian system with CentOS kernel > > 2.6.18-92.1.13.el5xen or Debian/Lenny kernel 2.6.26-2-xen-686 then nothing > > goes to the kernel message log which is interpreted by audit2allow as a > > candidate for the "-l" functionality. > > > > It's OK if all the AVC messages go to the audit log and "dmesg|audit2allow -l" > > gives no output. But if all AVC messages other than the load_policy message > > go to the kernel message log then it's a bug. > > Originally audit2allow used the avc: allowed message generated by > auditallow statement for load_policy to identify policy reloads. Later > it was switched to use the MAC_POLICY_LOAD events generated by the audit > framework. Those events should still get logged via printk if auditd is > not running, but it appears that the code (audit_printk_skb) will then > log the type= field as an integer rather than a string, and > audit2allow/sepolgen only looks for the string MAC_POLICY_LOAD. > > So I suspect that this would be resolved by modifying sepolgen/audit.py > to also match on type=1403 for load messages. Try this: > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit 7b9904bef33264b16dd25e4c5d5018c8656d65f4 >Author: Joshua Brindle <method@manicmethod.com> >Date: Fri Nov 27 13:02:43 2009 -0500 > > bump libsemanage to 2.0.43 and policycoreutils to 2.0.78 > >commit a6700ba05f78b443ea2fca0971a5b555c1066470 >Author: Manoj Srivastava <srivasta@debian.org> >Date: Tue Nov 17 14:28:43 2009 -0600 > > libsemanage: Fix the format of the NAME lines > > Each manual page should start with a "NAME" section, which lists the > name and a brief description of the page separated by "\-". These > sections are parsed by "mandb" and stored in a database for the use of > "apropos" and "whatis", so they must be in a certain format. These > manual pages apparently use the wrong format and cannot be parsed by > "mandb". This commit fixes that. > > Signed-off-by: Manoj Srivastava <srivasta@debian.org> > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit 70849975f81d2494fb996efe09c50a5bc63f7b33 >Author: Daniel J Walsh <dwalsh@redhat.com> >Date: Tue Nov 3 10:37:13 2009 -0500 > > This patch removes OUTPUT from fixfiles which was never used and was broken > > Patches come from > > Moray.Henderson@ict.om.org > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit 55648ccca9bafbc243084b672f0ddf4fa294f993 >Author: Joshua Brindle <method@manicmethod.com> >Date: Tue Oct 13 10:07:33 2009 -0400 > > /lib/libsemanage.so.1 links to /usr/lib/libustr-1.0.so.1 > > Manoj Srivastava wrote: > > Hi, > > > > As demonstrated by > > > > $ ldd /lib/libsemanage.so.1 > > linux-gate.so.1 => (0xb8092000) > > libsepol.so.1 => /lib/libsepol.so.1 (0xb8015000) > > libselinux.so.1 => /lib/libselinux.so.1 (0xb7ffa000) > > libbz2.so.1.0 => /lib/libbz2.so.1.0 (0xb7fe9000) > > libustr-1.0.so.1 => /usr/lib/libustr-1.0.so.1 (0xb7fbf000) > > libc.so.6 => /lib/i686/cmov/libc.so.6 (0xb7e60000) > > libdl.so.2 => /lib/i686/cmov/libdl.so.2 (0xb7e5c000) > > /lib/ld-linux.so.2 (0xb8093000) > > > > libsemanage1 links to libustr which is located under the, > > possible separate or external, /usr partition, which would render > > libsemanage unusable in such setups. (This dependency has been around > > since 2.0.9). > > > > Should we move libsemanage1 to /usr/lib? The only reason for it > > to be in /lib would be for early boot, where /usr might not be > > available, but at this point, it is likely not usable without /usr > > anyway. > > > > manoj > > Yes, I'm not sure why you'd need libsemanage during early boot, we > probably should apply this: > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit 0e84ca614a4a53e3b52bb7ea45422583cf334a31 >Author: Daniel J Walsh <dwalsh@redhat.com> >Date: Tue Nov 3 10:31:02 2009 -0500 > > Small fixes for chcat in policycoreutils > > chcat can generate oserror exception so need to catch and add chcat to the Makefile. > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit 3d2f8e21d2508e0a481e54cf0cf898a051d344c7 >Author: Chad Sellers <csellers@tresys.com> >Date: Thu Nov 19 17:16:03 2009 -0500 > > Bump policycoreutils to 2.0.77 > > Signed-off-by: Chad Sellers <csellers@tresys.com> > >commit ae50dd55e064525c40cfe257581d52dbc4808a22 >Author: Chad Sellers <csellers@tresys.com> >Date: Thu Nov 19 15:01:13 2009 -0500 > > Fix bug in semanage fcontext > > Apparently I failed to split out the whitespace changes from a > previous patchset, and a bit of the equivalence patch of the > day snuck in. This causes a stack trace when you execute > semanage fcontext -l. This patch reverts the accidentally > included code. > > Signed-off-by: Chad Sellers <csellers@tresys.com> > >commit 32ae03e8a7a5200ecfb9063b0a8d383763853596 >Author: Chad Sellers <csellers@tresys.com> >Date: Thu Nov 19 14:32:42 2009 -0500 > > semanage node -a bug > > This patch fixes a bug that causes semanage node -a to not work > (failing with a python traceback). You can test the bug with any > semanage node -a command, such as: > > semanage node -a -t node_t -p ipv4 -M 255.255.255.0 192.168.1.0 > > Signed-off-by: Chad Sellers <csellers@tresys.com> > >commit 88a57ca14b1fc645648e63e6117a125d3af5ea55 >Author: Chad Sellers <csellers@tresys.com> >Date: Wed Nov 18 16:44:55 2009 -0500 > > Bump policycoreutils to 2.0.76 > Bump libsepol to 2.0.41 > Bump libsemanage to 2.0.42 > >commit eb014c79f11f01b25cbb44d81d5ed7fd9b90b836 >Author: Daniel J Walsh <dwalsh@redhat.com> >Date: Wed Nov 18 15:33:00 2009 -0500 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: Add modules support to semanage > Date: Thu, 12 Nov 2009 11:23:15 -0500 > > On 11/11/2009 01:52 PM, Chad Sellers wrote: > > On 9/30/09 2:33 PM, "Daniel J Walsh" <dwalsh@redhat.com> wrote: > > > >> Includes enable and disable. > >> > > I presume I should hold off on this patch until you have a chance to > > resubmit the libsemanage support that it relies on. Let me know if that's > > not the case. > > > > Thanks, > > Chad > > > Lets do this patch. > > Moves load_policy from /usr/sbin to /sbin > > Removed cruft. > > Signed-off-by: Chad Sellers <csellers@tresys.com> > >commit 8627ab66a7136f1a84fe2a4d83f04e196b09ea7b >Author: Manoj Srivastava <srivasta@debian.org> >Date: Wed Nov 18 14:46:03 2009 -0500 > > Author: Manoj Srivastava > Email: srivasta@debian.org > Subject: cannnot -> cannot and suport -> support > Date: Tue, 17 Nov 2009 10:27:57 -0600 > > This was reported after a lintian check found this on any package > linked with libsepol. Closes: #556390 > > Signed-off-by: Manoj Srivastava <srivasta@debian.org> > Signed-off-by: Chad Sellers <csellers@tresys.com> > >commit b946922238f3bbab6d5655ee663c44029ab17468 >Author: Daniel J Walsh <dwalsh@redhat.com> >Date: Tue Nov 10 17:35:20 2009 -0500 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: Remove setrans management from semanage > Date: Wed, 30 Sep 2009 14:07:49 -0400 > > This will not work correctly using the current mcstrans code base. I believe an admin has to edit this code directly and probably should have never been added to semanage. > > Signed-off-by: Chad Sellers <csellers@tresys.com> > >commit 08de9ab134f2bafec6c83a1b2d3cbbfc2f53cc2d >Author: Chad Sellers <csellers@tresys.com> >Date: Mon Nov 2 17:07:54 2009 -0500 > > Bump policycoreutils to 2.0.75 > >commit 2a1933d830aae615001e05fd5ca11a6fe0159f9d >Author: Thomas Liu <tliu@redhat.com@redhat.com> >Date: Thu Sep 10 14:54:35 2009 -0400 > > Author: Thomas Liu > Email: tliu@redhat.com > Subject: policycoreutils: share setfiles restore function with restorecond > Date: Wed, 19 Aug 2009 15:51:44 -0400 > > This is the first of two patches. > > This patch splits all of the restore functionality in setfiles > into another two files, restore.c and restore.h. > > The reason for this is shown in the next patch, which patches > restorecond to share this code. > > To use it, instantiate a restore_opts struct with the proper options > and then pass a pointer to it into restore_init, and call restore_destroy > later. > > Signed-off-by: Thomas Liu <tliu@redhat.com> > Signed-off-by: Dan Walsh <dwalsh@redhat.com> > > I've rebased this so that it will apply to current trunk. > > Signed-off-by: Chad Sellers <csellers@tresys.com> > >commit 7cdfd6e659dde3c7988e78ab2322a35e67ca8726 >Author: Eamon Walsh <ewalsh@tycho.nsa.gov> >Date: Thu Oct 29 15:33:37 2009 -0400 > > Bump libsepol to 2.0.40, libselinux to 2.0.89, libsemanage to 2.0.41. > >commit 12777502c638698a9e1dd6748a2309cb87946a65 >Author: Eamon Walsh <ewalsh@tycho.nsa.gov> >Date: Tue Oct 20 22:24:10 2009 -0400 > > Add pkgconfig files for libsepol, libselinux, and libsemanage. > > Having a pkgconfig files allows the pkg-config tool to be used to > query the presence of the library (or a particular version of it), > and to obtain the C flags and linker arguments to build with it. > > Based on Debian patches by Manoj Srivastava <srivasta@debian.org>. > > Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> > >commit 6f4660679f0051e3608c11050b7a52882e667b52 >Author: Chad Sellers <csellers@tresys.com> >Date: Thu Oct 22 14:00:10 2009 -0400 > > Bump libselinux to 2.0.88 and libsemanage to 2.0.40 > >commit bd74c23c7beaf340d3e21f84a253e3c994fe3623 >Author: Chad Sellers <csellers@tresys.com> >Date: Wed Oct 21 11:37:51 2009 -0400 > > libsemanage: Add function to turn off file contexts validation > > This patch adds a function to turn off file contexts validation. > We need this for cross-installs in rpm, where we install policy > into a chroot that has binaries of a different architecture which > cannot be executed on the build system. So, we would like to use > this function to disable executing setfiles. This of course means > the file contexts could be invalid, but we're willing to take > that risk. > > Signed-off-by: Chad Sellers <csellers@tresys.com> > >commit 7d19f9df510daef5dc929df5854c2dda2a64f475 >Author: Chad Sellers <csellers@tresys.com> >Date: Tue Oct 20 11:21:59 2009 -0400 > > libselinux: Export reset_selinux_config() > > In integrating SELinux policy into rpm, we have a need to be > able to reset the configuration data (e.g. policy type) loaded > into libselinux. These values are currently loaded lazily by a > number of different functions (e.g. matchpatchcon_init()). > Since we are changing rpm to install policy, including initial > base policy, we need to be able to reload these configuration > items after the policy has been installed. > > reset_selinux_config() already exists and is used by > selinux_init_load_policy() for a similar reason, but it is not > exported. This was probably intentionaly since it is not thread > safe at all. That said, rpm needs to do the same thing. This > patch makes the function public, and places a warning in the > header comment that it is not thread safe. > > Signed-off-by: Chad Sellers <csellers@tresys.com> > >commit 0857e3e4782789a326426e1284dce95ba6d6b851 >Author: Eamon Walsh <ewalsh@tycho.nsa.gov> >Date: Tue Oct 20 21:18:30 2009 -0400 > > Add subdirectory .gitignore files. > > These take care of executables and generated source files. > > Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> > >commit c6fdb52eb7487ae0f40e0d174082143a407e1de9 >Author: Eamon Walsh <ewalsh@tycho.nsa.gov> >Date: Tue Oct 20 17:15:13 2009 -0400 > > Add top-level .gitignore file. > > Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> > >commit f3c3bbd16ae72a627bda0a51ce4f1fbda36d49fe >Author: Joshua Brindle <method@manicmethod.com> >Date: Wed Oct 14 15:54:16 2009 -0400 > > bump checkpolicy to 2.0.20, libsepol to 2.0.39, sepolgen to 1.0.18 > >commit f830d96a482af21c4b9328f5efd1cafcec5890e2 >Author: Joshua Brindle <method@manicmethod.com> >Date: Wed Oct 14 15:49:25 2009 -0400 > > Author: Joshua Brindle > Email: method@manicmethod.com > Subject: libsepol: Add support for multiple target OSes > Date: Tue, 13 Oct 2009 15:56:39 -0400 > > Paul Nuzzi wrote: > > On Wed, 2009-09-16 at 09:58 -0400, Joshua Brindle wrote: > >> I'd rather have separate ocontext structs for each system. That way it > >> is very easy to understand which ones apply to which system and you > >> don't get a crazy out of context ocontext struct. > >> > > > > I looked into having separate ocontext structs but that would involve > > changing a lot of files making the patch much larger and more intrusive. > > > >>> } u; > >>> union { > >>> uint32_t sclass; /* security class for genfs */ > >>> @@ -313,6 +323,17 @@ typedef struct genfs { > >>> #define OCON_NODE6 6 /* IPv6 nodes */ > >>> #define OCON_NUM 7 > >>> > >>> +/* object context array indices for Xen */ > >>> +#define OCON_ISID 0 /* initial SIDs */ > >>> +#define OCON_PIRQ 1 /* physical irqs */ > >>> +#define OCON_IOPORT 2 /* io ports */ > >>> +#define OCON_IOMEM 3 /* io memory */ > >>> +#define OCON_DEVICE 4 /* pci devices */ > >>> +#define OCON_DUMMY1 5 /* reserved */ > >>> +#define OCON_DUMMY2 6 /* reserved */ > >>> +#define OCON_NUM 7 > >>> + > >>> + > >>> > >> Should these be namespaced? What if<random other system> has io port > >> objects? You'd have to align them with each other and you have a mess of > >> keeping the numbers the same (you already do this with OCON_ISID) > > > > Variables have been namespaced and there is no more overlap with > > OCON_ISID. > > > >> Also we are relying on having the same number of OCON's which isn't good > >> I don't think. As much as I hate the policydb_compat_info (read: alot) > >> why aren't we using that to say how many ocons a xen policy really has? > > > > OCON_NUM is now dynamically read through policydb_compat_info. > > > > > >> This is messy, why not an ocontext_selinux_free() and > >> ocontext_xen_free() (note: I realize the xen_free() one won't do > >> anything except freep the ocontext_t) > >> > > > > done. > > > >>> len = buf[1]; > >>> - if (len != strlen(target_str)&& > >>> - (!alt_target_str || len != strlen(alt_target_str))) { > >>> - ERR(fp->handle, "policydb string length %zu does not match " > >>> - "expected length %zu", len, strlen(target_str)); > >>> + if (len> 32) { > >>> > >> magic number 32? > > > > #defined. > > > > Thanks for your input. Below is the updated patch for libsepol. > > > > Acked-by: Joshua Brindle <method@manicmethod.com> > > for the entire patchset with the following diff on top: > > diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c > index 76d8ed3..e76bb1a 100644 > --- a/checkpolicy/checkpolicy.c > +++ b/checkpolicy/checkpolicy.c > @@ -100,8 +100,8 @@ unsigned int policyvers = POLICYDB_VERSION_MAX; > void usage(char *progname) > { > printf > - ("usage: %s [-b] [-d] [-U handle_unknown (allow,deny,reject) [-M]" > - "[-c policyvers (%d-%d)] [-o output_file] [-t platform]" > + ("usage: %s [-b] [-d] [-U handle_unknown (allow,deny,reject)] [-M]" > + "[-c policyvers (%d-%d)] [-o output_file] [-t target_platform (selinux,xen)]" > "[input_file]\n", > progname, POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); > exit(1); > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit 6341f6a4926b46f36ba9a05736460da53bd95557 >Author: pjnuzzi <pjnuzzi@tycho.ncsc.mil> >Date: Tue Sep 15 12:40:52 2009 -0400 > > sepolgen: Add support for multiple target OSes > > Add support to sepolgen for new Xen ocontext identifiers. > > Signed-off-by: Paul Nuzzi <pjnuzzi@tycho.ncsc.mil> > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit 79d10a8f9889ce0458ff0592ccaf83b273608eb2 >Author: Paul Nuzzi <pjnuzzi@tycho.ncsc.mil> >Date: Tue Sep 29 10:06:26 2009 -0400 > > checkpolicy: Add support for multiple target OSes > > Updated patch of checkpolicy based on input. > > On Tue, 2009-09-15 at 12:37 -0400, pjnuzzi wrote: > > Add support for multiple target OSes by adding the -t target option to > > checkpolicy. Implemented the new Xen ocontext identifiers pirqcon, > > pcidevicecon, iomemcon and ioportcon. > > > > Signed-off-by: Paul Nuzzi <pjnuzzi@tycho.ncsc.mil> > > > > --- > > checkpolicy/checkpolicy.c | 20 ++- > checkpolicy/policy_define.c | 272 > ++++++++++++++++++++++++++++++++++++++++++++ > checkpolicy/policy_define.h | 4 > checkpolicy/policy_parse.y | 29 ++++ > checkpolicy/policy_scan.l | 10 + > 5 files changed, 330 insertions(+), 5 deletions(-) > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit 505c75aad7f16e0db9ccfeb04eaa70f242e6b060 >Author: Paul Nuzzi <pjnuzzi@tycho.ncsc.mil> >Date: Tue Sep 29 10:03:23 2009 -0400 > > libsepol: Add support for multiple target OSes > > On Wed, 2009-09-16 at 09:58 -0400, Joshua Brindle wrote: > > I'd rather have separate ocontext structs for each system. That way it > > is very easy to understand which ones apply to which system and you > > don't get a crazy out of context ocontext struct. > > > > I looked into having separate ocontext structs but that would involve > changing a lot of files making the patch much larger and more intrusive. > > > > } u; > > > union { > > > uint32_t sclass; /* security class for genfs */ > > > @@ -313,6 +323,17 @@ typedef struct genfs { > > > #define OCON_NODE6 6 /* IPv6 nodes */ > > > #define OCON_NUM 7 > > > > > > +/* object context array indices for Xen */ > > > +#define OCON_ISID 0 /* initial SIDs */ > > > +#define OCON_PIRQ 1 /* physical irqs */ > > > +#define OCON_IOPORT 2 /* io ports */ > > > +#define OCON_IOMEM 3 /* io memory */ > > > +#define OCON_DEVICE 4 /* pci devices */ > > > +#define OCON_DUMMY1 5 /* reserved */ > > > +#define OCON_DUMMY2 6 /* reserved */ > > > +#define OCON_NUM 7 > > > + > > > + > > > > > Should these be namespaced? What if <random other system> has io port > > objects? You'd have to align them with each other and you have a mess of > > keeping the numbers the same (you already do this with OCON_ISID) > > Variables have been namespaced and there is no more overlap with > OCON_ISID. > > > Also we are relying on having the same number of OCON's which isn't good > > I don't think. As much as I hate the policydb_compat_info (read: alot) > > why aren't we using that to say how many ocons a xen policy really has? > > OCON_NUM is now dynamically read through policydb_compat_info. > > > This is messy, why not an ocontext_selinux_free() and > > ocontext_xen_free() (note: I realize the xen_free() one won't do > > anything except freep the ocontext_t) > > > > done. > > > > > > > len = buf[1]; > > > - if (len != strlen(target_str)&& > > > - (!alt_target_str || len != strlen(alt_target_str))) { > > > - ERR(fp->handle, "policydb string length %zu does not match " > > > - "expected length %zu", len, strlen(target_str)); > > > + if (len> 32) { > > > > > > > magic number 32? > > #defined. > > Thanks for your input. Below is the updated patch for libsepol. > > ---- > > libsepol/include/sepol/policydb/policydb.h | 28 ++ > libsepol/src/expand.c | 85 +++++++- > libsepol/src/policydb.c | 295 > +++++++++++++++++++++++------ > libsepol/src/policydb_internal.h | 1 > libsepol/src/private.h | 4 > libsepol/src/write.c | 93 ++++++++- > 6 files changed, 443 insertions(+), 63 deletions(-) > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit 0e421afd55407cf5e6e3793558e4449aef6fcf52 >Author: Joshua Brindle <method@manicmethod.com> >Date: Thu Sep 24 15:18:12 2009 -0400 > > bump libselinux to 2.0.87 and libsemanage to 2.0.39 > >commit 00f0d550d556ec4cda88cc89aa5a63e6aa043fad >Author: Daniel J Walsh <dwalsh@redhat.com> >Date: Thu Sep 24 15:01:53 2009 -0400 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: refpolicy: nsalibselinux_utils_matchpathcon.c changes > Date: Tue, 07 Jul 2009 12:30:52 -0400 > > --text follows this line-- > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit 94c51ba3b12e476c0b7108c9d83b939ed56b8359 >Author: Joshua Brindle <method@manicmethod.com> >Date: Thu Sep 24 14:20:38 2009 -0400 > > make swigify > >commit 8569b09417ac29b1792da6241f0745b76367f813 >Author: Joshua Brindle <method@manicmethod.com> >Date: Thu Sep 24 13:46:12 2009 -0400 > > This updates commit 66d07600075d53735197520e4a5bbe6796a89d25 > > This seems to work better on my system (aux-info on temp.c didn't do anything) > > Also it fixes the noted Makefile issues > >commit 95d8143b35913fc34bb6c92f7c36f2e155c53049 >Author: Joshua Brindle <method@manicmethod.com> >Date: Thu Sep 24 13:46:12 2009 -0400 > > This updates commit 66d07600075d53735197520e4a5bbe6796a89d25 > > This seems to work better on my system (aux-info on temp.c didn't do anything) > >commit 66d07600075d53735197520e4a5bbe6796a89d25 >Author: Daniel J Walsh <dwalsh@redhat.com> >Date: Wed Sep 16 16:58:12 2009 -0400 > > This patch fixes the exception handling in libselinux-python bindings > > On 09/16/2009 03:35 PM, Joshua Brindle wrote: > > > > > > Joshua Brindle wrote: > >> > >> > >> Daniel J Walsh wrote: > >>> What do you think of this one. Removed excess swig cruft, > >>> > >>> You need to run > >>> > >>> make swigify to generate those changes. > >>> > >> > >> Ok, looking at this now. I don't completely get how it works. I'm trying > >> to reproduce what you are doing by hand but nothing comes out of gcc: > >> > >> [root@localhost src]# echo '#include "../include/selinux/selinux.h"' > > >> temp.c > >> [root@localhost src]# gcc -c temp.c -aux-info temp.aux > >> [root@localhost src]# ls temp.* > >> temp.c temp.o > >> > >> > >> What is the purpose of the aux-info thing, and why doesn't it work on my > >> F11 machine? > >> > >> also, I'm not sure if the best place for selinuxswig_exception.i is > >> swigify or pywrap. In the swigify case it shouldn't be in the clean > >> target because if you check out the repo and do make clean; make pywrap > >> you'll get an error. (I can make these fixes, I'm just trying to figure > >> out how it all works first). > >> > > > > Oh, one more thing, should this be python specific? (E.g, should it be > > named selinuxswig_python_exception.i ?) > Changed name to selinux_python_exception.i > > WOrks for me on F11 and F12 > > dwalsh@localhost$ echo '#include "../include/selinux/selinux.h"' > temp.c > dwalsh@localhost$ gcc -c temp.c -aux-info temp.aux > dwalsh@localhost$ ls temp.* > temp.aux temp.c temp.o > > cat temp.aux > /* compiled from: . */ > /* /usr/include/sys/select.h:109:NC */ extern int select (int, fd_set *, fd_set *, fd_set *, struct timeval *); > /* /usr/include/sys/select.h:121:NC */ extern int pselect (int, fd_set *, fd_set *, fd_set *, const struct timespec *, const __sigset_t *); > /* /usr/include/sys/sysmacros.h:31:NC */ extern unsigned int gnu_dev_major (long long unsigned int); > /* /usr/include/sys/sysmacros.h:34:NC */ extern unsigned int gnu_dev_minor (long long unsigned int); > /* /usr/include/sys/sysmacros.h:37:NC */ extern long long unsigned int gnu_dev_makedev (unsigned int, unsigned int); > /* ../include/selinux/selinux.h:12:NC */ extern int is_selinux_enabled (void); > /* ../include/selinux/selinux.h:14:NC */ extern int is_selinux_mls_enabled (void); > /* ../include/selinux/selinux.h:19:NC */ extern void freecon (security_context_t); > /* ../include/selinux/selinux.h:22:NC */ extern void freeconary (security_context_t *); > ... > > commit 38d98bd958f42ea18c9376e624d733795665ee22 > Author: Dan Walsh <dwalsh@redhat.com> > Date: Wed Sep 16 16:51:14 2009 -0400 > > Add exception code > >commit 6e7e247f6c58365103895ae398914f791a7a8156 >Author: Joshua Brindle <method@manicmethod.com> >Date: Wed Sep 16 16:59:13 2009 -0400 > > bump libsemanage to 2.0.38 and policycoreutils to 2.0.74 > >commit faff0a77c679e8290bac6595c9764dc8929f32d6 >Author: Daniel J Walsh <dwalsh@redhat.com> >Date: Wed Sep 16 16:56:54 2009 -0400 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: libsemanage patch > Date: Wed, 16 Sep 2009 13:27:25 -0400 > > Updated patch. Need check in two places. > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit 71178d566987835c124f610d13ccc8992990a6d5 >Author: Caleb Case <ccase@tresys.com> >Date: Tue Sep 15 15:20:18 2009 -0400 > > setfiles fails to relabel if selinux not enabled > > Setfiles now checks the capabilities on the mounted file systems for > 'seclabel' (see setfiles/setfiles.c:723:exclude_non_seclabel_mounts) on > newer kernels (>=2.6.30 see setfiles.c:734). However the 'seclabel' > feature is not available if selinux is not enabled. The result is that > setfiles silently fails to relabel any filesystems. > > The patch below removes the check for seclabel if selinux is disabled. > > As an alternative maybe seclabel should be available even if selinux is > disabled? It seems that whether a fs supports security labels is > independent of selinux being enabled. > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit 96f592422a34fbc895148cb6c1d887395b8aa2f4 >Author: Manoj Srivastava <srivasta@golden-gryphon.com> >Date: Wed Sep 16 11:16:19 2009 -0400 > > Author: Manoj Srivastava > Email: srivasta@golden-gryphon.com > Subject: policycoreutils: The error message on forkpty() failure is not clear or useful. > Date: Sun, 23 Aug 2009 09:40:58 -0500 > > Hi, > > This has been reported against the Debian BTS. > > The current error message when forkpty() fails is not clear or > useful. (Arguably, the erro message in the child branch cold also be > improved) The following patch makes indicate what went wrong. Probably > something better than this could be devised, but this is still a lot > better than the current code. > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit c282c4024de7321a2987e55c51f6b65c75344c83 >Author: Daniel J Walsh <dwalsh@redhat.com> >Date: Fri Sep 11 14:40:48 2009 -0400 > > I think I sent this patch before, it is the upgrade patch. > > Basically it makes semodule -u file.pp, install file.pp if it does not exist. This matches the rpm syntax, and allows us too update/install many packages with a transaction without know whether the package is updated or installed. > > Currently we can only do a -i which could hammer a newwer version. > > commit 3a5ed0fdf42200d0efd6cb1064eab91d2eb5ca52 > Author: Dan Walsh <dwalsh@redhat.com> > Date: Mon Aug 24 11:36:41 2009 -0400 > > i Upgrade patch > >commit eaaafe2151b8321b4c2316b3a1bdeda9db79db25 >Author: Joshua Brindle <method@manicmethod.com> >Date: Fri Sep 4 13:26:37 2009 -0400 > > bump policycoreutils to 2.0.73 and libsemanage to 2.0.37 > >commit 5aa2efb8f9fd191a13f8539ff82ed464cbe960b6 >Author: Daniel J Walsh <dwalsh@redhat.com> >Date: Thu Aug 27 18:10:14 2009 -0400 > > Author: Daniel J Walsh Email: dwalsh@redhat.com Subject: Patch to semanage Date: Thu, 27 Aug 2009 17:39:27 -0400 > > Redone to match man page and remove reload_policy. > > Chad Sellers: This patch adds the dontaudit directive to semanage to enable/disable dontaudit rules in policy. > > Signed-off-by: Chad Sellers <csellers@tresys.com> > >commit f3d9262568ce65b5cbc83a2c71c75c230a7aec0e >Author: Chad Sellers <csellers@tresys.com> >Date: Thu Aug 20 13:48:26 2009 -0400 > > Fix semanage_direct_commit() to notice disable_dontaudit > > Add code to semanage_direct_commit() to notice that the disable_dontaudit > flag has been changed and rebuild the policy if so. > > Currently, libsemanage doesn't notice that the disable_dontaudit flag is > set so it does not rebuild the policy. semodule got around this by calling > semanage_set_rebuild() explicitly, but libsemanage should really notice > that this has changed and rebuild appropriately. > >commit 1f60e9b7a3efb70a3128a467188702d6915bd9f6 >Author: Daniel J Walsh <dwalsh@redhat.com> >Date: Wed Aug 19 16:57:11 2009 -0400 > > Author: Daniel J Walsh Email: dwalsh@redhat.com Subject: Patch to semanage Date: Fri, 17 Jul 2009 06:10:37 -0400 > > Patch to semanage > > Chad Sellers: I pulled this patch out of the larger patch. This patch fixes 2 small bugs in seobject.py. The first left the setrans file with the wrong permissions. The second returned a malformed dictionary from portRecords get_all method. > > Signed-off-by: Chad Sellers <csellers@tresys.com> > >commit 8ad29a27255b6eb5a4f8e1083ce9832034f3e205 >Author: Daniel J Walsh <dwalsh@redhat.com> >Date: Sun Jun 28 12:32:40 2009 -0400 > > Author: Daniel J Walsh Email: dwalsh@redhat.com Subject: Patch to semanage Date: Fri, 17 Jul 2009 06:10:37 -0400 > > Some white space fixing in seobject.py > > Chad Sellers: I pulled the whitespace patch out of the larger patch as a separate commit to make the patch more manageable. > > Signed-off-by: Chad Sellers <csellers@tresys.com> > >commit b07d7f45a66d37aff5f236d35b805fb97b18cbb6 >Author: Stephen Smalley <sds@tycho.nsa.gov> >Date: Thu Sep 3 11:00:42 2009 -0400 > > policycoreutils 2.0.72 > >commit cc45b9a2371aaa345a505cbb21259ade3548abca >Author: Stephen Smalley <sds@tycho.nsa.gov> >Date: Wed Sep 2 08:52:03 2009 -0400 > > restorecon and symbolic links > > Based on a patch by Martin Orr. > > Restore the code to compute the realpath of all but the last component > of a symlink, and relabel both the symlink and (if it exists) the target > of the symlink when a symlink is specified to restorecon. > > Thus, restorecon -R /etc/init.d will restore both the /etc/init.d symlink > context and the directory tree starting from /etc/rc.d/init.d. > > This fixes the restorecon /dev/stdin performed by the Debian udev init > script that was broken by policycoreutils 2.0.70. > > [sds: switched use of _realpath suffix for process_one, and dropped warning > on non-existent target] > > Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> > >commit 206e2dfe7a35e25c971baa79eee22c5eb4981b09 >Author: Eamon Walsh <ewalsh@tycho.nsa.gov> >Date: Wed Sep 2 20:27:10 2009 -0400 > > libselinux 2.0.86 > >commit 09cd8160d97770533d3290aeafc466b5c6fe8939 >Author: Eamon Walsh <ewalsh@tycho.nsa.gov> >Date: Wed Sep 2 20:23:08 2009 -0400 > > Documentation updates for the removal of recounted SID's. > > Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> > >commit 58866dd5668e845fd1cc0f62ae8dd4b93d9caf2b >Author: Eamon Walsh <ewalsh@tycho.nsa.gov> >Date: Wed Sep 2 17:41:22 2009 -0400 > > The userspace AVC currently has refcounted SID's. This patch strips out > the refcounting under the following justifications: > > 1. Managing the refcounts by calling sidput() and sidget() as > appropriate is a difficult and bug-prone task for users of the library. > > 2. The userspace AVC doesn't currently make use of the refcounts to > reclaim unused SID's unless avc_cleanup() is explicitly called. > > 3. The kernel itself no longer uses refcounting for it's own SID's. > > The implication of this change is that SID's (basically malloc'ed copies > of security contexts) will persist in the AVC's SID table until the next > call to avc_destroy(). This presents the potential for increased memory > usage, but in practice I don't believe this will be an issue. ABI > compatibility is preserved: the avc_cleanup(), sidput(), and sidget() > calls are changed to no-ops. > > Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> > Acked-by: Stephen Smalley <sds@tycho.nsa.gov> > >commit acc3a041458c94820114b71876406950aeed621d >Author: Stephen Smalley <sds@tycho.nsa.gov> >Date: Tue Sep 1 10:03:46 2009 -0400 > > libsepol 2.0.38 > >commit a0440a66c3418842f309fc4f78f2aad87ba6c96f >Author: Stephen Smalley <sds@tycho.nsa.gov> >Date: Mon Aug 31 16:37:40 2009 -0400 > > Unchecked input leades to integer underflow > > On Mon, 2009-08-31 at 08:55 -0500, Manoj Srivastava wrote: > > On Mon, Aug 31 2009, Stephen Smalley wrote: > > > > > On Sun, 2009-08-30 at 10:19 -0500, Manoj Srivastava wrote: > > >> Hi, > > >> > > >> This bug was discovered, and the analysis done, buy Max > > >> Kellermann. I have never been able to replicate the problem, so I can't > > >> help debug this error. > > >> > > >> Strace: > > >> --8<---------------cut here---------------start------------->8--- > > >> brk(0x3233000) = 0x3233000 > > >> mmap(NULL, 18446744073703178240, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) > > >> mmap(NULL, 18446744073703313408, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) > > >> mmap(NULL, 134217728, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x7fdfda316000 > > >> --8<---------------cut here---------------end--------------->8--- > > >> > > >> > 0xffffffffff9ec000 == 18446744073703178240 (the size of the first > > >> > large allocation). It's also equal to -6373376. This just looks like > > >> > an integer underflow, doesn't it? > > >> > > >> --8<---------------cut here---------------start------------->8--- > > >> Breakpoint 4, 0x00007f9bc4c05400 in mmap64 () from /lib/libc.so.6 > > >> (gdb) p $rsi > > >> $25 = -6373376 > > >> (gdb) bt > > >> #0 0x00007f9bc4c05400 in mmap64 () from /lib/libc.so.6 > > >> #1 0x00007f9bc4baf6bb in _int_malloc () from /lib/libc.so.6 > > >> #2 0x00007f9bc4bb0a78 in malloc () from /lib/libc.so.6 > > >> #3 0x00007f9bc5301a8e in sepol_module_package_read (mod=0xb1d170, spf=0xb202e0, verbose=0) at module.c:533 > > >> #4 0x00007f9bc4ea7838 in ?? () from /lib/libsemanage.so.1 > > >> > > >> (gdb) frame 3 > > >> #3 0x00007f9bc5301a8e in sepol_module_package_read (mod=0xb1d170, spf=0xb202e0, verbose=0) at module.c:533 > > >> 533 module.c: No such file or directory. > > >> in module.c > > >> (gdb) p len > > >> $26 = 18446744073703176358 > > >> (gdb) p i > > >> $27 = 3 > > >> (gdb) p nsec > > >> $30 = 4 > > >> (gdb) p offsets[i+1] > > >> $28 = 8192 > > >> (gdb) p offsets[i] > > >> $29 = 6383450 > > >> --8<---------------cut here---------------end--------------->8--- > > >> > > >> > line 456: > > >> > len = offsets[i + 1] - offsets[i]; > > >> > > >> > Voila, integer underflow. The function module_package_read_offsets() > > >> > reads the offsets from the input file, but does not verify them. > > >> > off[nsec] = policy_file_length(file); > > >> > Here, the check is missing. > > >> > > >> We should probably have: > > >> --8<---------------cut here---------------start------------->8--- > > >> off[nsec] = policy_file_length(file); > > >> if (off[nsec] < off[nsec-1]) { > > >> ERR(file->handle, "file size smaller than previous offset (at %u, " > > >> "offset %zu -> %zu", nsec, off[nsec - 1], > > >> off[nsec]); > > >> return -1; > > >> } > > >> --8<---------------cut here---------------end--------------->8--- > > > > > > Perhaps I am missing something, but module_package_read_offsets() > > > already checks that the offsets are increasing and aborts if not. > > > > Well, almost. It does check for most of the offsets: > > --8<---------------cut here---------------start------------->8--- > > > > 406 for (i = 0; i < nsec; i++) { > > 407 off[i] = le32_to_cpu(buf[i]); > > 408 if (i && off[i] < off[i - 1]) { > > 409 ERR(file->handle, "offsets are not increasing (at %u, " > > 410 "offset %zu -> %zu", i, off[i - 1], > > 411 off[i]); > > 412 return -1; > > 413 } > > 414 } > > --8<---------------cut here---------------end--------------->8--- > > So far, so good. > > --8<---------------cut here---------------start------------->8--- > > 415 > > 416 free(buf); > > 417 off[nsec] = policy_file_length(file); > > 418 *offsets = off; > > 419 return 0; > > --8<---------------cut here---------------end--------------->8--- > > > > The problem is line 417, where there is no check; and in the > > case reported, the file length was less than the previous offset, and > > this resulted in a negative number passed to the memory allocator, > > which resulted in a huge allocation request. > > > > Above, I just propose adding a check after line 417. > > Check the last offset against the file size, and ensure that we free the > buffer and offset array in the error cases. > > Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> > >commit e376f725fce1d42b748d60b7db9a77263d69c19c >Author: Stephen Smalley <sds@tycho.nsa.gov> >Date: Mon Aug 24 15:28:42 2009 -0400 > > libsemanage 2.0.36 > >commit c3c7ef9c65ae3d5b35b9e66caa92b152b550b4ff >Author: Stephen Smalley <sds@tycho.nsa.gov> >Date: Mon Aug 24 14:00:27 2009 -0400 > > libsemanage issue with bzip-blocksize=0 and compressed modules in store > > On Mon, 2009-08-24 at 10:57 -0400, Chris PeBenito wrote: > > On Mon, 2009-08-24 at 10:04 -0400, Stephen Smalley wrote: > > > On Mon, 2009-08-24 at 09:54 -0400, Chris PeBenito wrote: > > > > I took the current release of libsemanage and added the patch to add a > > > > bzip blocksize option[1]. The modules in my store were already > > > > compressed with the stock release. I put bzip-blocksize=0 in my > > > > semanage.conf and I do semodule -B and get: > > > > > > > > libsepol.module_package_read_offsets: wrong magic number for module > > > > package: expected 0xf97cff8f, got 0x39685a42 (No such file or > > > > directory). > > > > libsemanage.semanage_load_module: Error while reading from module > > > > file /etc/selinux/strict/modules/tmp/modules/apm.pp. (No such file or > > > > directory). > > > > semodule: Failed! > > > > > > > > If I do semodule -l, it will also get the magic number error. If I > > > > remove the blocksize option, it works again. I was able to reinsert all > > > > of the modules to get it working again with the blocksize 0 option. > > > > > > > > [1] http://userspace.selinuxproject.org/trac/changeset/ee9827000137fed2d3300124115fc1572acafe2f > > > > > > Yes, that's what I would expect. The expectation is that either one > > > would set that option before installing the policy for the first time, > > > or that one completely re-installs the policy after setting that option. > > > > Can we have a little better handling of this case? I don't mind > > reinstalling the policy, but the error messages aren't helpful. In > > addition, with semodule -l being broken, I have to look into the module > > store to see what modules are installed or guess. > > Seems like it is just as easy to just support pre-existing compressed > modules, see below. > > Explicitly probe for the bzip2 magic string prefix and fall through to > BZ2_bzReadOpen() if the module is bzipped even if bzip-blocksize=0. > Thus bzip-blocksize=0 will prevent any further compression of > subsequently installed/updated modules, but will continue to function > with existing compressed modules. > > Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> > >commit 33c961d35e2915075248768c3d585b97e2c71ab9 >Author: Stephen Smalley <sds@tycho.nsa.gov> >Date: Tue Aug 11 10:24:16 2009 -0400 > > policycoreutils 2.0.71 > >commit b0c1077c341035befd7f6c8782aa749bb815c238 >Author: Stephen Smalley <sds@tycho.nsa.gov> >Date: Tue Aug 11 09:33:29 2009 -0400 > > Patch setfiles to only warn if add_remove fails to lstat on user initiated excludes. > > On Tue, 2009-08-11 at 08:12 -0400, Daniel J Walsh wrote: > > On 08/10/2009 04:12 PM, Stephen Smalley wrote: > > > On Mon, 2009-08-10 at 16:03 -0400, Stephen Smalley wrote: > > >> On Mon, 2009-08-10 at 11:13 -0400, Daniel J Walsh wrote: > > >>> Currently in F12 if you have file systems that root can not read > > >>> > > >>> # restorecon -R -v /var/lib/libvirt/ > > >>> Can't stat directory "/home/dwalsh/.gvfs", Permission denied. > > >>> Can't stat directory "/home/dwalsh/redhat", Permission denied. > > >>> > > >>> After patch > > >>> > > >>> # ./restorecon -R -v /var/lib/libvirt/ > > >> > > >> But if you were to run > > >> ./restorecon -R /home/dwalsh > > >> that would try to descend into .gvfs and redhat, right? > > >> > > >> I think you want instead to ignore the lstat error if the error was > > >> permission denied and add the entry to the exclude list so that > > >> restorecon will not try to descend into it. It is ok to exclude a > > >> directory to which you lack permission. Try this: > > > > > > Also, why limit -e to only directories? Why not let the user exclude > > > individual files if they choose to do so? In which case we could drop > > > the mode test altogether, and possibly drop the lstat() call altogether? > > > Or if you truly want to warn the user about non-existent paths, then > > > take the lstat() and warning to the 'e' option processing in main() > > > instead of doing it inside of add_exclude(). > > > > > I agree lets remove the directory check and warn on non existing files. > > Does this handle it correctly for you? > > Remove the directory check for the -e option and only apply the > existence test to user-specified entries. Also ignore permission denied > errors as it is ok to exclude a directory or file to which the caller > lacks permission. > > Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> > >commit 0fb9c99a4d005be1e50614ead5dd9e2df489a753 >Author: Stephen Smalley <sds@tycho.nsa.gov> >Date: Wed Aug 5 14:13:27 2009 -0400 > > libsemanage 2.0.35 > >commit 8edc3f9730aab6bd8f52dafb9686baddaac83954 >Author: Stephen Smalley <sds@tycho.nsa.gov> >Date: Wed Aug 5 11:19:29 2009 -0400 > > libsemanage: do not hard link files > > Remove the support for hard linking files in semanage_copy_file, as it > is unsafe and can leave the active store corrupted if something goes > wrong during the transaction. It also can leave the installed policy > files with incorrect file modes or security contexts. > > To do this safely, we would need to change all functions that write to > the sandbox files to first unlink the destination file. This was done > in the original patch for the write_file helper but not for other cases. > It would need to be done for all functions that open.*O_CREAT or > fopen.*w on a file in the sandbox. > > We also don't want this applied to the installed policy files, as they > need to be created with appropriate file modes and security contexts > that may differ from the sandbox files. At present, the hard link > support will only affect the installed policy files when they are first > created; afterward the link() call will always fail with EEXIST since > they are not unlinked prior to installation (nor would that be safe as > it could leave the system without a policy - rename would make more > sense in that situation). If we were to re-introduce hard link support, > we ought to use different helpers or flags for installing the policy > files than for copying the active store to the temporary sandbox to > avoid affecting both. > > Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> > >commit 76412ffad682f0280e7bf4447d319f2c42573415 >Author: Stephen Smalley <sds@tycho.nsa.gov> >Date: Wed Aug 5 08:40:36 2009 -0400 > > libsemanage 2.0.34 > >commit ee9827000137fed2d3300124115fc1572acafe2f >Author: Stephen Smalley <sds@tycho.nsa.gov> >Date: Tue Aug 4 10:38:51 2009 -0400 > > libsemanage: Enable configuration of bzip behavior > > Allow the administrator to customize the bzip block size and "small" > flag via semanage.conf. After applying you can add entries like these > to your /etc/selinux/semanage.conf to trade off memory vs disk space > (block size) and to trade off memory vs runtime (small): > > bzip-blocksize=4 > bzip-small=true > > You can also disable bzip compression altogether for your module store > via: > bzip-blocksize=0 > > The semanage.conf entries are now validated against legal value ranges > at handle creation time. > > Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> > >commit 4445704ed114fa0cdb30716f1f713e70746dd852 >Author: Stephen Smalley <sds@tycho.nsa.gov> >Date: Tue Aug 4 15:59:52 2009 -0400 > > policycoreutils 2.0.70 > >commit 37c5c30998b73d9c6efe53fd0534256463991c5e >Author: Stephen Smalley <sds@tycho.nsa.gov> >Date: Mon Aug 3 09:34:52 2009 -0400 > > setfiles: only call realpath() on user-supplied pathnames > > Change setfiles/restorecon to only call realpath() on the user-supplied > pathnames prior to invoking fts_open(). This ensures that commands such > as restorecon -R /etc/init.d and (cd /etc && restorecon shadow gshadow) > will work as expected while avoiding the overhead of calling realpath() > on each file during a file tree walk. > > Since we are now only acting on user-supplied pathnames, drop the > special case handling of symlinks (when a user invokes restorecon > -R /etc/init.d he truly wants it to descend /etc/rc.d/init.d). We can > also defer allocation of the pathname buffer to libc by passing NULL > (freeing on the out path) and we can drop the redundant exclude() check > as it will now get handled on the normal path. > > Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> > >commit 1e5fdf6140bfdb6011819e62b20dafb61bc622f0 >Author: Joshua Brindle <method@manicmethod.com> >Date: Thu Jul 30 22:14:16 2009 -0400 > > bump policycoreutils to 2.0.69 > >commit 73a1f3a8f3a5ce34a76104b0066986086fe78939 >Author: Daniel J Walsh <dwalsh@redhat.com> >Date: Thu Jul 30 21:52:30 2009 -0400 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: Fixfiles has a bug when looking at btrfs file systems. > Date: Thu, 09 Jul 2009 16:06:58 -0400 > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit 6be2be0a076a792d44987050f5d196ae4a28cd67 >Author: Stephen Smalley <sds@tycho.nsa.gov> >Date: Mon Jul 27 09:21:35 2009 -0400 > > policycoreutils: get setfiles to skip mounts without seclabel > > On Fri, 2009-07-24 at 16:12 -0400, Stephen Smalley wrote: > > On Fri, 2009-07-17 at 10:48 -0400, Thomas Liu wrote: > > > Get setfiles to check paths for seclabel and skip them > > > if it is not supported. > > > > > > Parse /proc/mounts and add paths that do not have seclabel > > > to the exclude list. If another path shows up that does > > > have seclabel, remove it from the exclude list, since setfiles > > > will try and when it fails it will skip it. > > > > > > Also made one of the error messages in add_exclude more > > > descriptive. > > > > > > Signed-off-by: Thomas Liu <tliu@redhat.com> > > > Signed-off-by: Dan Walsh <dwalsh@redhat.com> > > > --- > > > > Thanks, merged in policycoreutils 2.0.68. > > Applied this patch on top to free the buffer allocated by getline() and > to free any removed entries from the excludeArray. valgrind > --leak-check=full then shows no leakage. > > Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> > >commit 709a754bfce02b1cb39a4150f21f3bb450d4319e >Author: Stephen Smalley <sds@tycho.nsa.gov> >Date: Fri Jul 24 16:10:18 2009 -0400 > > policycoreutils 2.0.68 > >commit a6a29764a6b10981c96ecf9effbc08b4e99326a3 >Author: Thomas Liu <tliu@redhat.com> >Date: Fri Jul 17 10:48:31 2009 -0400 > > policycoreutils: get setfiles to skip mounts without seclabel > > Get setfiles to check paths for seclabel and skip them > if it is not supported. > > Parse /proc/mounts and add paths that do not have seclabel > to the exclude list. If another path shows up that does > have seclabel, remove it from the exclude list, since setfiles > will try and when it fails it will skip it. > > Also made one of the error messages in add_exclude more > descriptive. > > Signed-off-by: Thomas Liu <tliu@redhat.com> > Signed-off-by: Dan Walsh <dwalsh@redhat.com> > Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> > >commit 919c98984735076f9981f18c3960893f5c637cbe >Author: Stephen Smalley <sds@tycho.nsa.gov> >Date: Tue Jul 14 11:00:37 2009 -0400 > > libselinux 2.0.85 > >commit 8c372f665db44cf753bb299e2ee7dcf6143b9e9e >Author: Stephen Smalley <sds@tycho.nsa.gov> >Date: Wed Jul 1 13:45:40 2009 -0400 > > libselinux: lazy init > > Revive Steve Grubb's patch for libselinux lazy init and extend it to > address not only the reading of /etc/selinux/config but also probing > for /selinux/class and reading of /selinux/mls. This should reduce the > need for dontaudit rules for programs that link with libselinux and it > should reduce unnecessary overhead. > > I did not convert init_selinuxmnt over to lazy init since the functions > that use selinux_mnt are not localized, and it only requires stat'ing > of /selinux in the common case. > > I couldn't see a valid reason why we needed fini_obj_class_compat(), as > the existence of /selinux/class will only change across a reboot with > different kernel versions. fini_context_translations() already had a > comment saying that it was unnecessary as well. > > Before: > $ strace ls 2> err > $ grep selinux err > open("/lib/libselinux.so.1", O_RDONLY) = 3 > open("/etc/selinux/config", O_RDONLY|O_LARGEFILE) = 3 > statfs64("/selinux", 84, {f_type=0xf97cff8c, f_bsize=4096, f_blocks=0, f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={0, 0}, f_namelen=255, f_frsize=4096}) = 0 > stat64("/selinux/class", {st_mode=S_IFDIR|0555, st_size=0, ...}) = 0 > open("/selinux/mls", O_RDONLY|O_LARGEFILE) = 3 > > After: > $ strace ls 2> err > $ grep selinux err > open("/lib/libselinux.so.1", O_RDONLY) = 3 > statfs64("/selinux", 84, {f_type=0xf97cff8c, f_bsize=4096, f_blocks=0, f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={0, 0}, f_namelen=255, f_frsize=4096}) = 0 > > Original-patch-by: Steve Grubb <linux_4ever@yahoo.com> > Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> > >commit 1ac1ff6382505fa1e245fdc9c91b2448a7843101 >Author: Stephen Smalley <sds@tycho.nsa.gov> >Date: Tue Jul 14 10:42:48 2009 -0400 > > Revert Tomas Mraz's fix for freeing thread local storage in libselinux. > > This reverts commit a842c9dae863c5a8a28bd6b6abf192c8b5ba1838. > >commit 3ba84a9f7f68164539604a6e40ca45e33a69bb11 >Merge: 834253d fbaf056 >Author: Joshua Brindle <method@manicmethod.com> >Date: Tue Jul 7 16:22:10 2009 -0400 > > Merge branch 'master' of jbrindle@oss.tresys.com:/home/git/selinux > >commit 834253d13a00bfec2b2e54e62f635bd131478205 >Author: Daniel J Walsh <dwalsh@redhat.com> >Date: Tue Jul 7 16:22:00 2009 -0400 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: libsemanage direct_api can return errors < 0. > Date: Mon, 08 Jun 2009 15:07:59 -0400 > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit fbaf056b69309c4906a1b979c55efde73010b5ba >Author: Stephen Smalley <sds@tycho.nsa.gov> >Date: Tue Jul 7 14:28:35 2009 -0400 > > policycoreutils 2.0.67 > >commit 4d92b1f8d808947c63bb33487a5827e42ecf5190 >Author: Stephen Smalley <sds@tycho.nsa.gov> >Date: Tue Jul 7 14:26:15 2009 -0400 > > libsemanage 2.0.33 > >commit 667edaa875b40373b4ede3a759b61d7145cc37f5 >Author: Stephen Smalley <sds@tycho.nsa.gov> >Date: Tue Jul 7 14:25:12 2009 -0400 > > libsepol 2.0.37 > >commit 2c91f6377de4f96a3a9ca5c80c3b433b6d717d6a >Author: Christopher Pardy <cpardy@redhat.com> >Date: Mon Jul 6 14:01:01 2009 -0400 > > semodule: maintain old functionality > > Patch for semodule command > semodule -B > Will now turn on dontaudit rules > semodule -DB > Will turn off dontaudit rules. > With other patch all other semanage commands will maintain state. > > Created by Dan Walsh > > Signed-off-by: Christopher Pardy <cpardy@redhat.com> > Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> > >commit 200efad4cb63fb35eb8a063d4bb0b0a3672ff66c >Author: Christopher Pardy <cpardy@redhat.com> >Date: Tue Jul 7 13:32:48 2009 -0400 > > libsemanage: maintain disable dontaudit state between handle commits > > Currently any changes made to the policy which require committing a handle cause dontaudit rules to be re-enabled. This is confusing, and frustrating for users who want to edit policy with dontaudit rules turned off. This patch allows semanage to remember the last state of the dontaudit rules and apply them as default whenever a handle is connected. Additionally other functions may check for the file semanage creates to determine if dontaudit rules are turned on. This knowledge can be useful for tools like SETroubleshoot which may want to change their behavior depending on the state of the dontaudit rules. In the event that a the file cannot be created a call to commit will fail. > > Signed-off-by: Christopher Pardy <cpardy@redhat.com> > > [sds: Removed duplicate from other patch and cleaned up style.] > [sds: Changed uses of semanage_fname to semanage_path.] > Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> > >commit 86a2f899cb031036892f85c679ab6802bce15c43 >Author: Christopher Pardy <cpardy@redhat.com> >Date: Mon Jul 6 10:42:15 2009 -0400 > > libsepol: method to check disable dontaudit flag. > > This patch adds the ability to check on the value of the disable_dontaudit flag in the sepol handle. In the past the only way to know the value of this was to directly read the values from the handle. The get function provides a setter-getter symmetry similar to other functions found in libsepol. > > Signed-off-by: Christopher Pardy <cpardy@redhat.com> > Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> > >commit 1591e426259ed456a4c1f93d46854762df81fbfd >Author: Joshua Brindle <method@manicmethod.com> >Date: Tue Jul 7 12:23:51 2009 -0400 > > bump libselinux to 2.0.84 > >commit 532bd9a8926b4123c9444660041f4e9961543577 >Author: Daniel J Walsh <dwalsh@redhat.com> >Date: Tue Jul 7 12:15:44 2009 -0400 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: This patch add seusers support to SELinux > Date: Mon, 18 May 2009 14:20:30 -0400 > > The idea here is to break the seusers file up into lots of little > seusers file that can be user specific, also adds the service field to > be used by tools like pam_selinux to choose which is the correct context > to log a user in as. > > Patch was added to facilitate IPA handing out SELinux content for > selection of roles at login. > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit f85eec055107f0caf1e8eec9b7a6c366f68f4328 >Merge: b985905 41be6cf >Author: Joshua Brindle <method@manicmethod.com> >Date: Tue Jul 7 10:02:12 2009 -0400 > > Merge branch 'master' of jbrindle@oss.tresys.com:/home/git/selinux > >commit 41be6cf7fad1981f51cda91b4a9a25e54da27d8d >Author: Stephen Smalley <sds@tycho.nsa.gov> >Date: Tue Jul 7 08:25:53 2009 -0400 > > libselinux 2.0.83 > >commit b320c69d2e8f22f057018007dea6021e013efd0d >Author: Stephen Smalley <sds@tycho.nsa.gov> >Date: Tue Jul 7 08:25:23 2009 -0400 > > policycoreutils 2.0.66 > >commit cce17290670ed7e1803ca6da660225ac01931d0c >Author: Thomas Liu <tliu@redhat.com> >Date: Mon Jul 6 09:49:39 2009 -0400 > > setfiles converted to fts > > This is version 5 of the setfiles to fts patch. > > The code has been cleaned up to adhere to the CodingStyle guidelines. > > I have confirmed that the stat struct that fts returns for a symlink when using > the FTS_PHYSICAL flag is in fact the stat struct for the symlink, not the file > it points to (st_size is 8 bytes). > > Instead of using fts_path for getfilecon/setfilecon it now uses fts_accpath, > which should be more efficient since fts walks the file hierarchy for us. > > FreeBSD setfsmac uses fts in a similar way to how this patch does and one > thing that I took from it was to pass the FTSENT pointer around instead of > the names, because although fts_accpath is more efficient for get/setfilecon, > it is less helpful in verbose output (fts_path will give the entire path). > > Here is the output from running restorecon on / > > (nftw version) > restorecon -Rv / 2>/dev/null > restorecon reset /dev/pts/ptmx context system_u:object_r:devpts_t:s0->system_u:object_r:ptmx_t:s0 > > (new version) > ./restorecon -Rv / 2>/dev/null > ./restorecon reset /dev/pts/ptmx context system_u:object_r:devpts_t:s0->system_u:object_r:ptmx_t:s0 > > Here are some benchmarks each was run twice from a fresh > boot in single user mode (shown are the second runs). > > (nftw version) > restorecon -Rv /usr > real 1m56.392s > user 1m49.559s > sys 0m6.012s > > (new version) > ./restorecon -Rv /usr > real 1m55.102s > user 1m50.427s > sys 0m4.656s > > So not much of a change, though some work has been pushed from kernel space > to user space. > > It turns out setting the FTS_XDEV flag tells fts not to descend into > directories with different device numbers, but fts will still give back the > actual directory. I think nftw would completely avoid the directories as well > as their contents. > > This patch fixed this issue by saving the device number of the directory > that was passed to setfiles and then skipping all action on any directories > with a different device number when the FTS_XDEV flag is set. > > Also removed some code that removed beginning and trailing slashes > from paths, since fts seems to handle it. > > Signed-off-by: Thomas Liu <tliu@redhat.com> > > [sds: Moved local variable declarations to beginning of process_one.] > Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> > >commit b985905d2f58836993acf03edc0395acd1f3f7f1 >Author: Stephen Smalley <sds@tycho.nsa.gov> >Date: Wed May 20 11:10:14 2009 -0400 > > Policy loading problem > > On Wed, 2009-05-20 at 22:57 +0800, Dennis Wronka wrote: > > Okay, here we go: > > > > I unmounted /selinux and then got this: > > load_policy: Can't load policy: Invalid argument > > > > I attached my kernel-config and the two traces (trace1 for the "Device or > > resource busy"-error, trace2 for the "Invalid argument"-error). > > Possible patch for libselinux to a) gracefully handle the situation > where selinuxfs is already mounted, b) report errors when switching to > permissive, and c) proceed with the policy load even if we cannot switch > to permissive mode as requested, as proceeding without a policy when the > kernel only supports enforcing mode is not desirable. > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit a401a8762294d90e17fcaf83f4447ac6f246ba70 >Author: Daniel J Walsh <dwalsh@redhat.com> >Date: Tue Jun 30 11:56:16 2009 -0400 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: libsemanage spelling mistake in error code. > Date: Mon, 08 Jun 2009 15:14:02 -0400 > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit f057914941e29c460f5cd700d55b4d193c7927ef >Author: Eric Paris <eparis@redhat.com> >Date: Wed Jun 24 15:54:05 2009 -0400 > > check /proc/filesystems before /proc/mounts for selinuxfs > > Al was complaining that he has selinux disabled and has 100,000+ mounts > in /proc/mounts. Every time he runs ls the thing takes 5 seconds > because the libselinux constructor runs the entirety of his /proc/mounts > looking for selinuxfs, which doesn't exist. Speed things up by first > checking for selinuxfs in /proc/filesystems, only if the fs is even > registered should we bother to run all of /proc/mounts. > > Signed-off-by: Eric Paris <eparis@redhat.com> > >commit bf7a7c998f6d17e4a160f211ed1c1ce9f58f862a >Author: Joshua Brindle <method@manicmethod.com> >Date: Wed Jun 24 10:55:46 2009 -0400 > > bump policycoreutils to 2.0.65 > >commit 347aacc37c9c56359d490f1820e9eaaecf4ab2ee >Author: Joshua Brindle <method@manicmethod.com> >Date: Wed Jun 24 10:54:56 2009 -0400 > > remove gui from po/Makefile and po/POTFILES and regenerate po files > >commit 33844aa60d306fabf77c6e84f91dbcdbc494ae75 >Author: Joshua Brindle <method@manicmethod.com> >Date: Mon Jun 22 11:32:27 2009 -0400 > > bump libselinux to 2.0.82 and policycoreutils to 2.0.64 > >commit 5467587bcc83ad5db022fcadf251c7ab317b37b3 >Author: Daniel J Walsh <dwalsh@redhat.com> >Date: Mon Jun 22 11:26:00 2009 -0400 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: chcat fixes > Date: Thu, 21 May 2009 08:13:26 -0400 > > On 05/20/2009 04:05 PM, Chad Sellers wrote: > > On 5/20/09 3:00 PM, "Daniel J Walsh"<dwalsh@redhat.com> wrote: > > > >> Expansion of categores is still broken. Here is a patch to fix. > >> > > This message appears to be missing a patch. > > > > Thanks, > > Chad > > > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit 275d7f658e9d84236a038dfb1f34703325a4beca >Author: Daniel J Walsh <dwalsh@redhat.com> >Date: Fri Jun 19 13:16:24 2009 -0400 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: setfiles will only put out a "*" if > 1000 files are fixed. > Date: Wed, 20 May 2009 13:08:14 -0400 > > setfiles was always putting out a \n, even when not many files were > being fixed. yum transactions were being desturbed by this. > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit 323a16ff372b3c76291ee47eda1a4491797878f6 >Author: Daniel J Walsh <dwalsh@redhat.com> >Date: Fri Jun 19 11:12:57 2009 -0400 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: Add btrfs to fixfiles. > Date: Wed, 20 May 2009 15:02:33 -0400 > > Hopefully the last time we will ever need to update. Once patch gets > out with kernel support to tell me which file systems support xattr, we > can remove this hack. > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit a842c9dae863c5a8a28bd6b6abf192c8b5ba1838 >Author: Tomas Mraz <tmraz@redhat.com> >Date: Wed Jun 10 08:05:07 2009 -0400 > > Author: Tomas Mraz > Email: tmraz@redhat.com > Subject: Problems with freeing thread local storage in libselinux > Date: Wed, 06 May 2009 12:38:35 +0200 > > On Wed, 2009-05-06 at 01:32 -0500, Manoj Srivastava wrote: > > Hi folks, > > > > There have been numerous reports in Debian and derivatives of > > programs linked with libselinux intermittently getting segfaults. > > There is, for instance, the Debian report 505920[0], and Ubuntu > > reports[1], [3] and [5], and Gnome [2]. I have not been able to > > reproduce the error myself, though I have run the test cases a number > > of times. > > > > The common thread in unclutter, libavg, gst-inspect et al. is a > > segmentation fault in libselinux1, in the 'fini' destructor functions, > > referencing the thread local variables. > > > > The Ubuntu bug log reference my old patch for libselinux from > > 1.X days, where I replaced the thread local storage with regular > > variables and mutexes, and people report success with that. I suspect > > that something is corrupting the thread local storage. From the ubuntu > > report: > > --8<---------------cut here---------------start------------->8--- > > Valgrind reports: > > =29183== Invalid read of size 8 > > ==29183== at 0xE29B9DD: fini_context_translations (setrans_client.c:211) > > ==29183== by 0xE28F1F1: (within /lib/libselinux.so.1) > > ==29183== by 0xE29D040: (within /lib/libselinux.so.1) > > ==29183== by 0x570010F: exit (exit.c:75) > > 505920==29183== by 0x56E91CA: (below main) (libc-start.c:252) > > ==29183== Address 0x80 is not stack'd, malloc'd or (recently) free'd > > ==29183== > > ==29183== Process terminating with default action of signal 11 (SIGSEGV): dumping core > > ==29183== Access not within mapped region at address 0x80 > > ==29183== at 0xE29B9DD: fini_context_translations (setrans_client.c:211) > > ==29183== by 0xE28F1F1: (within /lib/libselinux.so.1) > > ==29183== by 0xE29D040: (within /lib/libselinux.so.1)==29183== by 0x570010F: exit (exit.c:75) > > ==29183== by 0x56E91CA: (below main) (libc-start.c:252) > > > > > > (gdb) bt > > #0 0x00007f3ae812a9dd in fini_context_translations () at setrans_client.c:211 > > #1 0x00007f3ae811e1f2 in __do_global_dtors_aux () from /lib/libselinux.so.1 > > #2 0x00007ffff9097700 in ?? () > > #3 0x00007f3ae812c041 in _fini () from /lib/libselinux.so.1 > > #4 0x00007ffff9097700 in ?? () > > #5 0x00007f3af0e88796 in _dl_fini () from /lib64/ld-linux-x86-64.so.2 > > Backtrace stopped: previous frame inner to this frame (corrupt stack?) > > --8<---------------cut here---------------end--------------->8--- > > > > There have been two sets of patches proposed for this; first one > > merely initializes the variables in the init function, and this works > > for a number of people, but at least one person has reported a second > > segfault even with the patch installed[6] > > > > The second patch below converts a thread local cache to a > > process wide cache, with mutex guards, which makes the cache slower, > > and non-thread local caches means that cache misses are more likely. > > > > I'll try and follow up with people who can reproduce the > > problems to see if either one of the patches solve their problems > > without triggering other segmentation faults, but I'd appreciate > > comments if anyone has insight into the issue. > > The problem is with freeing storage referenced by TLS variables in > destructors. The destructor is called only in one of the threads and the > variables might not be even properly initialized in that thread. One > possibility is to not free the storage at all but that will leak memory > if the libselinux is loaded/unloaded multiple times in a process. > > The only proper way is to use TSD (pthread_key_create, > pthread_setspecific etc.) to store the pointers to the cached contexts. > > The attached patch implements this. I did not test it thoroughly though. > > -- > Tomas Mraz > No matter how far down the wrong road you've gone, turn back. > Turkish proverb > > Signed-off-by: Chad Sellers <csellers@tresys.com> > >commit 20271d94ed2b26b94b052ba6ed90b63566cecbb7 >Author: Daniel J Walsh <dwalsh@redhat.com> >Date: Thu Jun 4 17:15:31 2009 -0400 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: SELinux context patch > Date: Mon, 18 May 2009 14:16:12 -0400 > > This patch adds context files for virtual_domain and virtual_image, > these are both being used to locat the default context to be executed by > svirt. > > I also included the subs patch which I submitted before. This patch > allows us to substitute prefixes to matchpathcon. > > So we can say /export/home == /home > > and > > /web == /var/www > > Author: Chad Sellers > Email: csellers@tresys.com > > Flipped free()'s in original patch when strdup'd fail to proper order. > > Signed-off-by: Chad Sellers <csellers@tresys.com> > >commit 0b659be9a500a68b133c2d33102b9f4fcd14f60f >Author: Stephen Smalley <sds@moss-clownfish.epoch.ncsc.mil> >Date: Thu May 28 10:55:27 2009 -0400 > > bump libsemanage to 2.0.32 > >commit d7dfd88158ca20311bd5edec64daed94c53511bc >Author: David P. Quigley <dpquigl@moss-guppy.epoch.ncsc.mil> >Date: Thu May 7 10:55:15 2009 -0400 > > libsemanage: Add Ruby Bindings > > This patch adds a SWIG specification file for ruby bindings for libsemanage. > The spec file is almost identical to the python SWIG file with the exception > that all list generating typemaps have been removed and the python related > functions have been replaced with the corresponding ruby ones. Finally the > Makefile is modified to be able to build the new bindings. Something to note is > that on 64-bit systems ruby.h might be found somewhere under /usr/lib64 instead > of /usr/lib so LIBDIR=/usr/lib64 will be needed to build the ruby bindings from > source. > > Below is an example using the ruby bindings and produces the similar output > to semodule -l > > #!/usr/bin/ruby > require "semanage" > > handle = Semanage.semanage_handle_create > > Semanage.semanage_select_store(handle, "targeted", Semanage::SEMANAGE_CON_DIRECT) > Semanage.semanage_connect(handle) > module_info = Semanage.semanage_module_list(handle) > > modules = Array.new() > module_info[2].times do |n| > temp_module = Semanage.semanage_module_list_nth(module_info[1], n) > mod_string = Semanage.semanage_module_get_name(temp_module).to_s + " " \ > + Semanage.semanage_module_get_version(temp_module).to_s > modules.push(mod_string) > end > > puts "List of Installed Modules" > modules.each do |str| > puts str > end > > Signed-off-by: David P. Quigley <dpquigl@tycho.nsa.gov> > >commit 4fabd7d0d1f812da5bacada3fb08bcdb7302ecb0 >Author: Joshua Brindle <method@manicmethod.com> >Date: Tue May 5 20:20:36 2009 -0400 > > bump sepolgen to 1.0.17 > >commit 99afa3cb774218f00ac40e494bd3d7ad4a818e60 >Author: Joshua Brindle <method@manicmethod.com> >Date: Tue May 5 20:19:43 2009 -0400 > > bump libselinux to 2.0.81 > >commit 7fc77104fadf835357ec5f3829e42ac96fec5865 >Author: Joshua Brindle <method@manicmethod.com> >Date: Tue May 5 20:16:31 2009 -0400 > > bump policycoreutils to 2.0.63 > >commit 20eff2b9a53eeae4269ffc082bb95103596cd0b8 >Author: Daniel J Walsh <dwalsh@redhat.com> >Date: Thu May 14 15:43:18 2009 -0400 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: Patch to getdefaultcon to print just the correct match and add verbose option > Date: Wed, 04 Mar 2009 15:41:37 -0500 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I really want to rename this to selinuxdefaultcon, which is what we ship > in Fedora. > > Also exit with proper error on failure. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org > > iEYEARECAAYFAkmu54AACgkQrlYvE4MpobNoZACdHgQDP2Hp/KDBpGCD7G08HjOX > p68An25Uu83SlOqjKyy9EG8ZgdIcuTCB > =L6UU > -----END PGP SIGNATURE----- > > Signed-off-by: Chad Sellers <csellers@tresys.com> > >commit 72d535fdb822135fcfa23c82977c62c7f1500e34 >Author: Chad Sellers <csellers@tresys.com> >Date: Thu May 7 16:05:05 2009 -0400 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: We have moved matchpathcon to /sbin from /usr/sbin > Date: Wed, 01 Apr 2009 10:21:53 -0400 > > Some init scripts wanted to use matchpathcon before /usr is mounted. > > Author: Chad Sellers > Email: csellers@tresys.com > > Added matchpathcon to clean target > > Signed-off-by: Chad Sellers <csellers@tresys.com> > >commit a4af847dc6f52688a25bb0323ff3b84b13dded67 >Author: Hiroshi Shinji <hiroshi.shinji@gmail.com> >Date: Sat Apr 11 14:41:51 2009 -0400 > > Author: Hiroshi Shinji > Email: hiroshi.shinji@gmail.com > Subject: Memory leak in libselinux/src/label_file.c > Date: Fri, 3 Apr 2009 13:58:01 +0900 > > Hi, > > I found memory leak in libselinux/src/label_file.c. > Please fix it. > > Regards, > > -- > Hiroshi Shinji > > Signed-off-by: Chad Sellers <csellers@tresys.com> > >commit 5f1746a17e8f0882d379ce9cff24075bef9ca746 >Merge: b6a1a95 7610baa >Author: Chad Sellers <csellers@tresys.com> >Date: Sat Apr 11 11:45:17 2009 -0400 > > Merge branch 'master' of http://oss.tresys.com/git/selinux > >commit 7610baa968ad499667c60c222cba326b737c532a >Author: Stephen Smalley <sds@tycho.nsa.gov> >Date: Wed May 6 08:19:17 2009 -0400 > > Trivial: Wrap the #define MNT_DETACH with #ifndef MNT_DETACH...#endif so that it does not break with the latest glibc headers, as in F11/rawhide. > >commit b6a1a954f52fe685bf82200b731d022d7c2d6924 >Author: Daniel J Walsh <dwalsh@redhat.com> >Date: Fri Apr 10 19:17:47 2009 -0400 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: patch to policycoreutils > Date: Wed, 01 Apr 2009 10:10:43 -0400 > > Multiple patches to policycoreutils. > > First added /root/.ssh and /root/.ssh/* to allow people to place keys > in /root directory and have them labeled by restorcond > > <snipdue to previously ack'd patch> > > Clean up permissive domains creation in semanage so it does not leave > crap in /var/lib/selinux > > --- > Also have fixfiles operate recursively when in RPM mode, per: > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: Re: patch to policycoreutils > Date: Wed, 22 Apr 2009 21:50:48 -0400 > > If a package owned a directory like /var/lib/libvirt/images, when it is > relabeling we would want it to relabel not only the directory but the > contents of the directory > > Signed-off-by: Chad Sellers <csellers@tresys.com> > >commit 7e3311a9a773c0a755ae9c8b00ed5e2583ebf1ed >Author: Marshall Miller <mmiller@tresys.com> >Date: Tue Mar 31 15:42:00 2009 -0400 > > sepolgen typo fix > > Commit b3b3f8186ed6d56c48c4e0f997d6e6b3fd90be37 attempted to fix a bug, > but didn't. The following patch should do it. > > Marshall Miller > > Signed-off-by: Chad Sellers <csellers@tresys.com> > >commit 35490f2fa56ad10a42e0df031fd435fe3fc932f6 >Author: Daniel J Walsh <dwalsh@redhat.com> >Date: Fri Apr 10 17:14:47 2009 -0400 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: Help with python seobject.loginRecords > Date: Thu, 12 Mar 2009 09:29:17 -0400 > > On 03/11/2009 05:00 PM, Stephen Smalley wrote: > > On Wed, 2009-03-11 at 16:49 -0400, Daniel J Walsh wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA1 > >> > >> Joe Nall wrote: > >>> On Mar 11, 2009, at 2:35 PM, Daniel J Walsh wrote: > >>> > >>>> On 03/11/2009 12:15 PM, Joe Nall wrote: > >>>>> I need to add login mappings in python firstboot modules during system > >>>>> configuration. In my first module a simple: > >>>>> > >>>>> seobject.loginRecords().add(username, "siterep_u", > >>>>> "SystemLow-SystemHigh") > >>>>> > >>>>> works. In subsequent modules, I get an exception: > >>>>> > >>>>> libsemanage.enter_rw: this operation requires a transaction > >>>>> libsemanage.enter_rw: could not enter read-write section > >>>>> Traceback (most recent call last): > >>>>> File "./t", line 6, in<module> > >>>>> seobject.loginRecords().add("test3", "sysadm_u", "SystemLow-SystemHigh") > >>>>> File "/usr/lib64/python2.5/site-packages/seobject.py", line 442, in add > >>>>> raise error > >>>>> ValueError: Could not add login mapping for test3 > >>>>> > >>>>> What is the right way to do this? > >>>>> > >>>>> joe > >>>>> > >>>>> > >>>>> -- > >>>>> This message was distributed to subscribers of the selinux mailing list. > >>>>> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov > >>>>> with > >>>>> the words "unsubscribe selinux" without quotes as the message. > >>>> Probably an MLS issue. firtstboot is running in a context that is not > >>>> allowed to lock/manage selinux. > >>> I'm installing in permissive and switching to enforcing after firstboot. > >>> You are correct that firstboot_t doesn't have the policy for all the > >>> stuff I'm trying to do yet. > >>> > >>>> You probably should exec semanage rather then calling seobject so you > >>>> could do a transition and not have to give a huge app like first boot > >>>> the ability to manage security policy. > >>> That is what is installing right now. I would still like an > >>> explanation/code snippet of correct usage for future use > >>> > >>> joe > >>> > >>> > >> This works on F10 Targeted policy > >> > >> # python -c "import seobject; seobject.loginRecords().add("pwalsh", > >> "staff_u", "s0") > >> # python -c 'import seobject; seobject.loginRecords().delete("pwalsh")' > >> > >> Could it be a translation problem? > > > > Try running multiple calls within the same python interpreter. > > I think seobject.py isn't using libsemanage correctly. For example, in > > add(), you do: > > self.begin() > > self.__add(name, sename, serange) > > self.commit() > > but begin() only ever invokes semanage_begin_transaction() the very > > first time: > > def begin(self): > > if self.transaction: > > return > > rc = semanage_begin_transaction(self.sh) > > > > So after the first commit(), you'll start failing. > > > I think this patch fixes the transaction patch in semanage. > > Signed-off-by: Chad Sellers <csellers@tresys.com> > >commit 93a680280ffd538444d996482e4885cdd8cfbe95 >Author: Daniel J Walsh <dwalsh@redhat.com> >Date: Fri Apr 10 11:33:23 2009 -0400 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: Patch matchpathcon to eliminate file "/" > Date: Wed, 04 Mar 2009 15:39:31 -0500 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > So > > matchpathcon /etc/ > Will work the same as > matchpathcon /etc > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org > > iEYEARECAAYFAkmu5wMACgkQrlYvE4MpobNK4gCgiVeXXEZcCMsJKXM7jqh6r1u3 > OScAoLcmXBIR63gpvA8RS3g07pcPC6IF > =e+Re > -----END PGP SIGNATURE----- > > Signed-off-by: Chad Sellers <csellers@tresys.com> > >commit a07493d1a16f23479657c6ea7fc86ffc3f9d7c85 >Author: Eamon Walsh <ewalsh@tycho.nsa.gov> >Date: Tue Apr 7 22:53:50 2009 -0400 > > bump libselinux to 2.0.80. > >commit 433a99d4032706af724ff779d8d9d539f20793f8 >Author: KaiGai Kohei <kaigai@ak.jp.nec.com> >Date: Tue Apr 7 22:48:01 2009 -0400 > > It is useful for userspace object manager, if libselinux has an > interface something like: int security_deny_unknown(void); > > This interface can suggest applications preferable behavior when > string_to_security_class() or string_to_av_perm() returns invalid > value which means the security policy does not define required > ones. > > Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com> > >commit 55ed6e7fa6b7d55c628fa04508521920e60a43f7 >Author: KaiGai Kohei <kaigai@ak.jp.nec.com> >Date: Tue Apr 7 22:10:30 2009 -0400 > > This patch enables applications to handle permissive domain correctly. > > Since the v2.6.26 kernel, SELinux has supported an idea of permissive > domain which allows certain processes to work as if permissive mode, > even if the global setting is enforcing mode. > However, we don't have an application program interface to inform > what domains are permissive one, and what domains are not. > It means applications focuses on SELinux (XACE/SELinux, SE-PostgreSQL > and so on) cannot handle permissive domain correctly. > > This patch add the sixth field (flags) on the reply of the /selinux/access > interface which is used to make an access control decision from userspace. > If the first bit of the flags field is positive, it means the required > access control decision is on permissive domain, so application should > allow any required actions, as the kernel doing. > > This patch also has a side benefit. The av_decision.flags is set at > context_struct_compute_av(). It enables to check required permissions > without read_lock(&policy_rwlock). > > Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com> > >commit 318748d65917fa5a96c17ce3b564074e43482d75 >Author: KaiGai Kohei <kaigai@ak.jp.nec.com> >Date: Tue Apr 7 21:47:52 2009 -0400 > > The attached patch enables userspace object managers to handle notification > messages via netlink socket from SELinux. > > * Two new callbacks were added to selinux_set_callback(3) > - SELINUX_CB_SETENFORCE > is invoked when it got SELNL_MSG_SETENFORCE message in the > avc_netlink_process(). > - SELINUX_CB_POLICYLOAD > is invoked when it got SELNL_MSG_POLICYLOAD message in the > avc_netlink_process(). > > * Three functions were exposed to applications. > - int avc_netlink_open(int blocking); > - void avc_netlink_loop(void); > - void avc_netlink_close(void); > > Due to a few reasons, SE-PostgreSQL implements its own userspace > avc, so it needs to copy and paste some of avc_internal.c. > This update enables to share common part from such kind of application. > > Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com> > >commit 4d98bd7e527858aa533f67ccf8a13db5512f4b1c >Merge: 94dd685 ff317eb >Author: Joshua Brindle <method@manicmethod.com> >Date: Sat Mar 21 11:38:25 2009 -0400 > > Merge branch 'master' of jbrindle@oss.tresys.com:/home/git/selinux > >commit 94dd6859c1ef8aee00ad8e586f525aea79883e38 >Author: Joshua Brindle <method@manicmethod.com> >Date: Sat Mar 21 11:13:59 2009 -0400 > > bump libsepol to 2.0.36 > >commit 3df79fc5ebf08a35aaa095b2ee3fd24b3ece6ae5 >Author: Joshua Brindle <method@manicmethod.com> >Date: Sat Mar 21 11:11:52 2009 -0400 > > Author: Joshua Brindle > Email: method@manicmethod.com > Subject: libsepol: fix boolean state smashing > Date: Wed, 18 Mar 2009 10:47:34 -0400 > > If a boolean is encountered in a require block before the place where it is > declared it currently gets created with the state set to false no matter what > the declared state was. This only affects booleans in modules where the boolean > was also required in another module. Patch below: > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit ff317eb616975e69f5534554affb9c3a6626ac43 >Author: Joshua Brindle <method@manicmethod.com> >Date: Thu Mar 12 01:23:32 2009 -0400 > > release script > >commit 3028bc3c5811b90af9cd051c6fbdfdcd2c77f44f >Author: Eamon Walsh <ewalsh@tycho.nsa.gov> >Date: Wed Mar 11 19:06:12 2009 -0400 > > bump libselinux to 2.0.79. > >commit 7239480c7019281893b1a12b1edc8cc28f8695b7 >Author: Eamon Walsh <ewalsh@tycho.nsa.gov> >Date: Wed Mar 11 19:01:42 2009 -0400 > > In one benchmark the X server was found to be extremely slow creating > windows with selinux running. Part of the reason for this was because > libselinux called into the kernel /selinux/create interface for every > object. This patch caches the results of /selinux/create in the > userspace avc to significantly increase the speed of these types of > operations. > > Revised to correct locking, interface issues. > > Signed-off-by: Eric Paris <eparis@redhat.com> > Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> > >commit 7ab6b29011dc62b0f344087e1ca4d8cdd2a9e508 >Author: Eamon Walsh <ewalsh@tycho.nsa.gov> >Date: Tue Mar 10 20:31:38 2009 -0400 > > Netlink socket handoff functions from Adam Jackson. > >commit 5032faa9848e2312b53d09c32c45238f4507d36a >Author: Eamon Walsh <ewalsh@tycho.nsa.gov> >Date: Fri Feb 27 18:08:55 2009 -0500 > > bump libselinux to 2.0.78 > >commit b27ff3397dcef05a4a22343dccf18f3a29b7de90 >Author: Eamon Walsh <ewalsh@tycho.nsa.gov> >Date: Fri Feb 27 18:05:24 2009 -0500 > > Fix an incorrect conversion specifier in the discover_class code. > > Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> > >commit 46d0b2c9398eab7714497336f7111e19d30eb2d9 >Author: Joshua Brindle <method@manicmethod.com> >Date: Tue Feb 17 12:23:41 2009 -0500 > > bump libsepol to 2.0.35 > >commit 4e23951fe6e31c5cc46af316daa5d90f06b0cab8 >Author: Joshua Brindle <method@manicmethod.com> >Date: Tue Feb 17 12:22:40 2009 -0500 > > bump checkpolicy to 2.0.19 > >commit 6ed00ee094664f591030a09e502ae6e64fc39952 >Author: Joshua Brindle <method@manicmethod.com> >Date: Tue Feb 17 12:19:32 2009 -0500 > > bump sepolgen to 1.0.16 > >commit c7e13bfea3e3af034655c14027b943a57a7dac79 >Author: Joshua Brindle <method@manicmethod.com> >Date: Tue Feb 17 12:18:05 2009 -0500 > > bump policycoreutils to 2.0.62 > >commit f77e475fd839d26face3deaa7fa27c7265618a02 >Author: Joshua Brindle <method@manicmethod.com> >Date: Tue Feb 17 11:43:11 2009 -0500 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: Add btrfs to fixfiles > Date: Tue, 17 Feb 2009 11:42:11 -0500 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hopefully will convert to seclabel when it is available. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org > > iEYEARECAAYFAkma6OMACgkQrlYvE4MpobNegwCfSBpm7O9wIKK+O89gC+Lwx+PV > rmsAn12IADGzhFu4thYK5qakacviWwfZ > =PtIL > -----END PGP SIGNATURE----- > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit be583ce3325bf0e0e4027b0e6a85de4d7dd2e01b >Author: Joshua Brindle <method@manicmethod.com> >Date: Tue Feb 17 11:42:15 2009 -0500 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: Several fixes to restorecond > Date: Tue, 17 Feb 2009 11:40:54 -0500 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Init script should be 755 > > libflashplayer.so has moved in the homedir and is now correct so no > longer needs to have labeling checked. > > restorecond supports glob matching and should not complain on multiple > hard links if they match a glob. > > So if a file has > 1 link and is an exact match complain, otherwise do not. > > Also fix a couple of error messages. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org > > iEYEARECAAYFAkma6JYACgkQrlYvE4MpobOoIACfUgUfpCuhvVTWyHgsq7/8hY0z > 9WcAmgPK2KktAlY84HhtRmdu/Hy+9eE/ > =zcCj > -----END PGP SIGNATURE----- > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit f7917ea9cf6af752de98a1e742152d813028c669 >Author: Caleb Case <ccase@tresys.com> >Date: Tue Feb 10 15:38:41 2009 -0500 > > aliases for the boundry format > > The boundry format mapped the primary field to a boolean in the > properties bitmap. This is appropriate for the kernel policy, but in > modular policy the primary field may be an integer that indicates the > primary type that is being aliased. In this case, the primary value cannot > be assumed to be boolean. > > This patch creates a new module format that writes out the primary value > as was done before the boundry format. > > Signed-off-by: Caleb Case <ccase@tresys.com> > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit fb50c7b4ef11a3001051ae2b37b3dd7f869edbc9 >Author: Joshua Brindle <method@manicmethod.com> >Date: Mon Feb 16 11:50:33 2009 -0500 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: sepolgen patch > Date: Tue, 13 Jan 2009 08:59:51 -0500 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > md5 semodule packages is being retired. Supposed to use hashlib now. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org > > iEYEARECAAYFAklsnlcACgkQrlYvE4MpobMEHQCgiRH3w/m4vTnPSdKfYCJtPHKF > ncEAn2WdQb9l5uiUsmIvp+92mTBAcmCR > =RVRr > -----END PGP SIGNATURE----- > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit f5a700d1074a5e295127bbb6eb936f2ad4805fa7 >Author: Joshua Brindle <method@manicmethod.com> >Date: Mon Feb 16 11:48:37 2009 -0500 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: policycoreutils_restorecond.patch > Date: Tue, 13 Jan 2009 08:53:50 -0500 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Add more error checking. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org > > iEYEARECAAYFAklsnO4ACgkQrlYvE4MpobOqdgCgvkzLK6bi1m9oTv217A7CYIvZ > BRcAn005E3lop2wmkaH5DcfVwVv3kCYD > =Xjf4 > -----END PGP SIGNATURE----- > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit 244fd583d87724d13de021cb1e684312b80aeb7c >Author: Joshua Brindle <method@manicmethod.com> >Date: Mon Feb 16 11:43:12 2009 -0500 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: policycoreutils_semanage.patch > Date: Tue, 13 Jan 2009 08:55:56 -0500 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Add missing locallist option > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org > > iEYEARECAAYFAklsnWwACgkQrlYvE4MpobPZJwCguhEXCkkeS+4QPeBIDMD/sMTv > yMoAoLz7d20UABT1La/JcUaMrXr/XLF7 > =L7QI > -----END PGP SIGNATURE----- > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit d8b1ea603b40c21b9ac3724d9d405fac8e45b112 >Author: Joshua Brindle <method@manicmethod.com> >Date: Mon Feb 16 11:41:02 2009 -0500 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: Make removing of a module a warning rather then an error. > Date: Tue, 13 Jan 2009 08:57:17 -0500 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > This way if I say a command line > > semodule -r mypol -i newmypol > > and mypol was not there the semodule command does not error out. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org > > iEYEARECAAYFAklsnb0ACgkQrlYvE4MpobNwFACfTqc17wREKC2aAhLOIkfbqgeg > GxgAn2/ZBz5ljtyK1aiVkqoCBj98y9Ey > =I4uX > -----END PGP SIGNATURE----- > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit 498861044a802b6c940047dcd23bbe98ee4dd4aa >Author: Joshua Brindle <method@manicmethod.com> >Date: Mon Feb 16 11:39:00 2009 -0500 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: audit2allow patch > Date: Tue, 13 Jan 2009 08:52:51 -0500 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Remove --tefile from manpage, option does not exist. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org > > iEYEARECAAYFAklsnLIACgkQrlYvE4MpobOrGQCgs76GOeXnSKrLCX69GpCAiIZN > f4AAn312U9ill0sLCKWP1bsL661mctEH > =D9bQ > -----END PGP SIGNATURE----- > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit c8a18807d5988ec2ff4fe3422397cca41771ba5a >Merge: a5dfb3a 7817c92 >Author: Joshua Brindle <method@manicmethod.com> >Date: Mon Jan 12 10:53:11 2009 -0500 > > Merge branch 'master' of jbrindle@oss.tresys.com:/home/git/selinux > > Conflicts: > libselinux/ChangeLog > >commit a5dfb3abe007a76ea5119e6cf57802f8b8a0fd43 >Author: Joshua Brindle <method@manicmethod.com> >Date: Mon Jan 12 10:49:36 2009 -0500 > > bump sepolgen to 1.0.15 > >commit 10760735e9aaef2c7e88076f5f25c64d79b45edf >Author: Joshua Brindle <method@manicmethod.com> >Date: Mon Jan 12 10:45:26 2009 -0500 > > bump libsemanage to 2.0.31 > >commit a9e6fbdeaeb64af621127d08870e16d23363d69b >Author: Joshua Brindle <method@manicmethod.com> >Date: Mon Jan 12 10:44:08 2009 -0500 > > bump libselinux to 2.0.76 > >commit 36df93ed82c17ca5d5d7525b01b83a331ff20f24 >Author: Joshua Brindle <method@manicmethod.com> >Date: Mon Jan 12 10:42:48 2009 -0500 > > bump policycoreutils to 2.0.61 > >commit 3726a7783ef6bac3a75d8503a18ffe47152d2c03 >Author: Joshua Brindle <method@manicmethod.com> >Date: Mon Jan 12 10:39:15 2009 -0500 > > regerate swig wrappers for commit 09836bf0c1bd3cd9e1807e1b29b0faea2545baf4 > >commit 09836bf0c1bd3cd9e1807e1b29b0faea2545baf4 >Author: Joshua Brindle <method@manicmethod.com> >Date: Mon Jan 12 10:34:01 2009 -0500 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: Add restorecon and install methods for libselinux python bindings. > Date: Tue, 06 Jan 2009 10:31:04 -0500 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Daniel J Walsh wrote: > > Joshua Brindle wrote: > >> Daniel J Walsh wrote: > >> Luke Macken wrote restorecon and install functions used in Fedora > >> Infrastructure which can be used to install files with the proper > >> context and to fix the labels of files/directories without having to > >> exec restorecon. > > > >> diff --exclude-from=exclude -N -u -r > >> nsalibselinux/src/selinuxswig_python.i > >> libselinux-2.0.75/src/selinuxswig_python.i > >> --- nsalibselinux/src/selinuxswig_python.i 2008-08-28 > >> 09:34:24.000000000 -0400 > >> +++ libselinux-2.0.75/src/selinuxswig_python.i 2008-11-14 > >> 17:09:50.000000000 -0500 > >> @@ -6,6 +6,32 @@ > >> #include "selinux/selinux.h" > >> %} > > > >> +%pythoncode %{ > >> + > >> +import shutil, os > >> + > >> +def restorecon(path, recursive=False): > >> + """ Restore SELinux context on a given path """ > >> + mode = os.stat(path)[stat.ST_MODE] > > > >> stat doesn't exist here, perhaps he meant mode? > > > >> + status, context = matchpathcon(path, mode) > >> + if status == 0: > >> + lsetfilecon(path, context) > >> + if recursive: > >> + os.path.walk(path, lambda arg, dirname, fnames: > >> + map(restorecon, [os.path.join(dirname, fname) > >> + s for fname in fnames]), > >> None) > > > >> typo, the s causes a syntax error > > > >> + > >> +def copytree(src, dest): > >> + """ An SELinux-friendly shutil.copytree method """ > >> + shutil.copytree(src, dest) > >> + restorecon(dest, recursive=True) > >> + > >> +def install(src, dest): > >> + """ An SELinux-friendly shutil.move method """ > >> + shutil.move(src, dest) > >> + restorecon(dest, recursive=True) > >> +%} > >> + > >> /* security_get_boolean_names() typemap */ > >> %typemap(argout) (char ***names, int *len) { > >> PyObject* list = PyList_New(*$2); > > > >> This patch doesn't appear correct, I'll fix the things above, have you > >> been testing this at all? > > > > Must have sent you a bad patch. > > > > > > This is what the current patch looks like. > > > And this is still broken. > > One more fix. > > + mode = os.stat(path)[stat.ST_MODE] > should be > + mode = os.lstat(path)[stat.ST_MODE] > > Modified to remove copytree and install functions > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit 8b092bade5f4c8114841118030e2aacf25c7ce6f >Author: Joshua Brindle <method@manicmethod.com> >Date: Mon Jan 5 13:34:18 2009 -0500 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: chcat patch. > Date: Fri, 07 Nov 2008 09:39:32 -0500 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Prevent chcat from expanding number of categories above max size of > command line. Arbitrarily picked 25. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org > > iEYEARECAAYFAkkUUyQACgkQrlYvE4MpobMDDwCg0DMLERlnHZyVmORa9de9f5tf > fQsAoJZpO646H5CFuXZuW6htHpPfHz/z > =4OcI > -----END PGP SIGNATURE----- > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit 5cbb573fa5f9fc7dd0f866d64b9968c240a96874 >Author: Joshua Brindle <method@manicmethod.com> >Date: Mon Jan 5 13:33:03 2009 -0500 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: Small fixes for audit2allow > Date: Mon, 01 Dec 2008 15:19:09 -0500 > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit b3b3f8186ed6d56c48c4e0f997d6e6b3fd90be37 >Author: Joshua Brindle <method@manicmethod.com> >Date: Mon Jan 5 13:30:55 2009 -0500 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: Problem in sepolgen > Date: Mon, 01 Dec 2008 11:51:19 -0500 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > self.roles does not exist, need to return length of dictionary. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org > > iEYEARECAAYFAkk0FgYACgkQrlYvE4MpobP5HwCeNgjPTSPoqBQTXa14ZA9Jc0ww > yycAoNWJhg78BXm4L5Vg9cNAdNa7ggfD > =Uz8t > -----END PGP SIGNATURE----- > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit 8c51c70d59e8c8c5726d4b18e1f8fbec3c28c251 >Author: Joshua Brindle <method@manicmethod.com> >Date: Mon Jan 5 07:02:25 2009 -0500 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: semodule patch to use new semanage interfaces > Date: Fri, 07 Nov 2008 09:41:24 -0500 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Allows semodule to read bzip compressed policy packages directly. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org > > iEYEARECAAYFAkkUU5QACgkQrlYvE4MpobMHGQCdGwEl3h1ZwV92u1mfgrr3z7XT > NGYAoIwz76N7QFdEr8I0t3ncGhbo6heq > =raBi > -----END PGP SIGNATURE----- > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit 844e23c77bb5c26ea536a925c98eadf6a5f2e5c3 >Author: Joshua Brindle <method@manicmethod.com> >Date: Mon Jan 5 06:55:42 2009 -0500 > > regenerate swig bindings for compression support from commit 142bafa24900b5d9480818c9e81670bbeba2b44d > >commit 71cb6604ad1ea4f04fefb63018c6a8bd936bb195 >Author: Joshua Brindle <method@manicmethod.com> >Date: Mon Jan 5 06:53:21 2009 -0500 > > regenerate swig bindings for color translation in commit cfa3cb6fa5d0cc00fde75ee74ec2da577f62e141 > >commit df77db47e5fffde8905dd7de006ab18ecd4b59f8 >Author: Joshua Brindle <method@manicmethod.com> >Date: Mon Jan 5 05:37:06 2009 -0500 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: Now that F11 has started, I am putting in the compression support. > Date: Mon, 12 Jan 2009 10:37:23 -0500 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Joshua Brindle wrote: > > Daniel J Walsh wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA1 > >> > >> libsemanage patch to add compression. > >> > >> Uses bzip compression, all pp files in active/previous stored in > >> compressed state. Added new interfaces to be user by policycoreutils to > >> specify file rather then memory map. > >> > >> Also uses link instead of copy whenever possible to save disk space. > >> Seeing about a 10 fold savings on policy footprint. > > > > resend > > > > Comments inline > > > >> diff --exclude-from=exclude -N -u -r > > nsalibsemanage/include/semanage/modules.h > > libsemanage-2.0.28/include/semanage/modules.h > >> --- nsalibsemanage/include/semanage/modules.h 2008-08-28 > > 09:34:24.000000000 -0400 > >> +++ libsemanage-2.0.28/include/semanage/modules.h 2008-10-13 > > 12:35:22.000000000 -0400 > >> @@ -30,10 +30,16 @@ > >> > >> int semanage_module_install(semanage_handle_t *, > >> char *module_data, size_t data_len); > >> +int semanage_module_install_file(semanage_handle_t *, > >> + const char *module_name); > >> int semanage_module_upgrade(semanage_handle_t *, > >> char *module_data, size_t data_len); > >> +int semanage_module_upgrade_file(semanage_handle_t *, > >> + const char *module_name); > >> int semanage_module_install_base(semanage_handle_t *, > >> char *module_data, size_t data_len); > >> +int semanage_module_install_base_file(semanage_handle_t *, > >> + const char *module_name); > >> int semanage_module_remove(semanage_handle_t *, char *module_name); > >> > >> /* semanage_module_info is for getting information on installed > >> diff --exclude-from=exclude -N -u -r nsalibsemanage/src/Makefile > > libsemanage-2.0.28/src/Makefile > >> --- nsalibsemanage/src/Makefile 2008-08-28 09:34:24.000000000 -0400 > >> +++ libsemanage-2.0.28/src/Makefile 2008-10-13 12:35:22.000000000 -0400 > >> @@ -54,7 +54,7 @@ > >> ranlib $@ > >> > >> $(LIBSO): $(LOBJS) > >> - $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -lselinux -lustr > > -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs > >> + $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -lselinux -lbz2 > > -lustr -L$(LIBDIR) > > -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs > >> ln -sf $@ $(TARGET) > >> > >> conf-scan.c: conf-scan.l conf-parse.h > >> diff --exclude-from=exclude -N -u -r nsalibsemanage/src/direct_api.c > > libsemanage-2.0.28/src/direct_api.c > >> --- nsalibsemanage/src/direct_api.c 2008-09-15 12:20:44.000000000 -0400 > >> +++ libsemanage-2.0.28/src/direct_api.c 2008-10-13 16:36:51.000000000 > > -0400 > >> @@ -50,6 +50,7 @@ > >> #include "semanage_store.h" > >> #include "database_policydb.h" > >> #include "policy.h" > >> +#include <sys/mman.h> > >> > >> static void semanage_direct_destroy(semanage_handle_t * sh); > >> static int semanage_direct_disconnect(semanage_handle_t * sh); > >> @@ -57,10 +58,13 @@ > >> static int semanage_direct_commit(semanage_handle_t * sh); > >> static int semanage_direct_install(semanage_handle_t * sh, char *data, > >> size_t data_len); > >> +static int semanage_direct_install_file(semanage_handle_t * sh, const > > char *module_name); > >> static int semanage_direct_upgrade(semanage_handle_t * sh, char *data, > >> size_t data_len); > >> +static int semanage_direct_upgrade_file(semanage_handle_t * sh, const > > char *module_name); > >> static int semanage_direct_install_base(semanage_handle_t * sh, char > > *base_data, > >> size_t data_len); > >> +static int semanage_direct_install_base_file(semanage_handle_t * sh, > > const char *module_name); > >> static int semanage_direct_remove(semanage_handle_t * sh, char > > *module_name); > >> static int semanage_direct_list(semanage_handle_t * sh, > >> semanage_module_info_t ** modinfo, > >> @@ -73,8 +77,11 @@ > >> .begin_trans = semanage_direct_begintrans, > >> .commit = semanage_direct_commit, > >> .install = semanage_direct_install, > >> + .install_file = semanage_direct_install_file, > >> .upgrade = semanage_direct_upgrade, > >> + .upgrade_file = semanage_direct_upgrade_file, > >> .install_base = semanage_direct_install_base, > >> + .install_base_file = semanage_direct_install_base_file, > >> .remove = semanage_direct_remove, > >> .list = semanage_direct_list > >> }; > >> @@ -378,12 +385,157 @@ > >> return 0; > >> } > >> > >> +#include <stdlib.h> > >> +#include <bzlib.h> > >> +#include <string.h> > >> +#include <sys/sendfile.h> > >> + > >> +/* bzip() a file to '*data', returning the total number of > > uncompressed bytes > >> + * in the file. Returns 0 if file could not be decompressed. */ > > > > Why 0? Can we make this -1? > > > Fixed > >> +static size_t bzip(const char *filename, char *data, size_t num_bytes) { > >> + BZFILE* b; > >> + size_t size = 1<<16; > >> + int bzerror; > >> + size_t total = 0; > >> + size_t len = 0; > >> + FILE *f; > >> + > >> + if ((f = fopen(filename, "wb")) == NULL) { > >> + return 0; > >> + } > >> + > >> + b = BZ2_bzWriteOpen( &bzerror, f, 9, 0, 0); > >> + if (bzerror != BZ_OK) { > >> + BZ2_bzWriteClose ( &bzerror, b, 1, 0, 0 ); > >> + return 0; > >> + } > >> + > >> + while ( num_bytes > total ) { > >> + if (num_bytes - total > size) { > >> + len = size; > >> + } else { > >> + len = num_bytes - total; > >> + } > >> + BZ2_bzWrite ( &bzerror, b, &data[total], len ); > >> + if (bzerror == BZ_IO_ERROR) { > >> + BZ2_bzWriteClose ( &bzerror, b, 1, 0, 0 ); > >> + return 0; > >> + } > >> + total += len; > >> + } > >> + > >> + BZ2_bzWriteClose ( &bzerror, b, 0, 0, 0 ); > >> + fclose(f); > >> + if (bzerror == BZ_IO_ERROR) { > >> + return 0; > >> + } > >> + return total; > >> +} > >> + > >> +/* bunzip() a file to '*data', returning the total number of > > uncompressed bytes > >> + * in the file. Returns 0 if file could not be decompressed. */ > > > > Same as above. > > > Fixed > >> +size_t bunzip(FILE *f, char **data) { > >> + BZFILE* b; > >> + size_t nBuf; > >> + char buf[1<<18]; > >> + size_t size = sizeof(buf); > >> + int bzerror; > >> + size_t total=0; > >> + > >> + b = BZ2_bzReadOpen ( &bzerror, f, 0, 0, NULL, 0 ); > >> + if ( bzerror != BZ_OK ) { > >> + BZ2_bzReadClose ( &bzerror, b ); > >> + return 0; > >> + } > >> + > >> + char *uncompress = realloc(NULL, size); > >> + > >> + while ( bzerror == BZ_OK) { > >> + nBuf = BZ2_bzRead ( &bzerror, b, buf, sizeof(buf)); > >> + if (( bzerror == BZ_OK ) || ( bzerror == BZ_STREAM_END )) { > >> + if (total + nBuf > size) { > >> + size *= 2; > >> + uncompress = realloc(uncompress, size); > >> + } > >> + memcpy(&uncompress[total], buf, nBuf); > >> + total += nBuf; > >> + } > >> + } > >> + if ( bzerror != BZ_STREAM_END ) { > >> + BZ2_bzReadClose ( &bzerror, b ); > >> + free(uncompress); > >> + return 0; > >> + } > >> + BZ2_bzReadClose ( &bzerror, b ); > >> + > >> + *data = uncompress; > >> + return total; > >> +} > >> + > >> +/* mmap() a file to '*data', > >> + * If the file is bzip compressed map_file will uncompress > >> + * the file into '*data'. > >> + * Returns the total number of bytes in memory . > >> + * Returns 0 if file could not be opened or mapped. */ > > > > Same as above > > > Fixed > >> +static size_t map_file(int fd, char **data, int *compressed) > >> +{ > >> + int size; > >> + char *uncompress; > >> + if ((size = bunzip(fdopen(fd, "r"), &uncompress)) > 0) { > >> + *data = mmap(0, size, PROT_READ|PROT_WRITE, > > MAP_PRIVATE|MAP_ANONYMOUS, 0, 0); > >> + if (*data == MAP_FAILED) { > >> + free(uncompress); > >> + return 0; > >> + } else { > >> + memcpy(*data, uncompress, size); > >> + } > >> + free(uncompress); > >> + *compressed = 1; > >> + } else { > >> + struct stat sb; > >> + if (fstat(fd, &sb) == -1 || > >> + (*data = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0)) == > >> + MAP_FAILED) { > >> + size = 0; > >> + } else { > >> + size = sb.st_size; > >> + } > >> + *compressed = 0; > >> + } > >> + > >> + return size; > >> +} > >> + > >> +static int dupfile( const char *dest, int src_fd) { > >> + int dest_fd = -1; > >> + int retval = 0; > >> + int cnt; > >> + char buf[1<<18]; > >> + > >> + if (lseek(src_fd, 0, SEEK_SET) == -1 ) return -1; > >> + > >> + if ((dest_fd = open(dest, O_WRONLY | O_CREAT | O_TRUNC, > >> + S_IRUSR | S_IWUSR)) == -1) { > >> + return -1; > >> + } > >> + > >> + while (( retval == 0 ) && > >> + ( cnt = read(src_fd, buf, sizeof(buf)))> 0 ) { > >> + if (write(dest_fd, buf, cnt) < cnt) retval = -1; > >> + } > >> + close(dest_fd); > >> + return retval; > >> +} > >> + > >> /* Writes a block of data to a file. Returns 0 on success, -1 on > >> * error. */ > >> static int write_file(semanage_handle_t * sh, > >> const char *filename, char *data, size_t num_bytes) > >> { > >> int out; > >> + > >> + /* Unlink no matter what, incase this file is a hard link, ignore > > error */ > >> + unlink(filename); > >> if ((out = > >> open(filename, O_WRONLY | O_CREAT | O_TRUNC, > >> S_IRUSR | S_IWUSR)) == -1) { > >> @@ -499,7 +651,7 @@ > >> sepol_policydb_t *out = NULL; > >> > >> /* Declare some variables */ > >> - int modified, fcontexts_modified, ports_modified, > >> + int modified = 0, fcontexts_modified, ports_modified, > >> seusers_modified, users_extra_modified; > >> dbase_config_t *users = semanage_user_dbase_local(sh); > >> dbase_config_t *users_base = semanage_user_base_dbase_local(sh); > >> @@ -815,7 +967,9 @@ > >> &filename)) != 0) { > >> goto cleanup; > >> } > >> - if (write_file(sh, filename, data, data_len) == -1) { > >> + > >> + if (bzip(filename, data, data_len) == 0) { > >> + ERR(sh, "Error while writing to %s.", filename); > >> retval = -3; > >> } > >> retval = 0; > > retval = -3 gets smashed immediately afterward > > > >> @@ -826,19 +980,60 @@ > >> return retval; > >> } > >> > >> -/* Similar to semanage_direct_install(), except that it checks that > >> - * there already exists a module with the same name and that the > >> - * module is an older version then the one in 'data'. Returns 0 on > >> - * success, -1 if out of memory, -2 if the data does not represent a > >> - * valid module file, -3 if error while writing file or reading > >> - * modules directory, -4 if there does not exist an older module or if > >> - * the previous module is same or newer than 'data'. > >> - */ > >> -static int semanage_direct_upgrade(semanage_handle_t * sh, > >> - char *data, size_t data_len) > >> +/* Attempts to link a module to the sandbox's module directory, > > unlinking any > >> + * previous module stored within. Returns 0 on success, -1 if out of > > memory, -2 if the > >> + * data does not represent a valid module file, -3 if error while > >> + * writing file. */ > >> + > >> +static int semanage_direct_install_file(semanage_handle_t * sh, > >> + const char *install_filename) > >> { > >> + > >> + int retval = -1; > >> + char *data = NULL; > >> + size_t data_len = 0; > >> + int compressed = 0; > >> + int in_fd = -1; > >> + > >> + if ((in_fd = open(install_filename, O_RDONLY)) == -1) { > >> + return 0; > > > > returning 0 on failure here > > > Fixed > >> + } > >> + > >> + if ((data_len = map_file(in_fd, &data, &compressed)) == 0) { > >> + goto cleanup; > >> + } > >> + > >> + if (compressed) { > >> + char *module_name = NULL, *version = NULL, *filename = NULL; > >> + if ((retval = parse_module_headers(sh, data, data_len, > >> + &module_name, &version, > >> + &filename)) != 0) { > >> + goto cleanup; > > > > Probably need to free module_name, version, filename here > > > Why these are cleaned up in cleanup and if it gets an error it should > not have allocated memory? > >> + } > >> + > >> + if (data_len > 0) munmap(data, data_len); > >> + data_len = 0; > >> + retval = dupfile(filename, in_fd); > >> + free(version); > >> + free(filename); > >> + free(module_name); > >> + > >> + } else { > >> + retval = semanage_direct_install(sh, data, data_len); > >> + } > >> + > >> + cleanup: > >> + close(in_fd); > >> + if (data_len > 0) munmap(data, data_len); > >> + > >> + return retval; > >> +} > >> + > >> + > >> +static int get_direct_upgrade_filename(semanage_handle_t * sh, > >> + char *data, size_t data_len, char **outfilename) { > >> int i, retval, num_modules = 0; > >> - char *module_name = NULL, *version = NULL, *filename = NULL; > >> + char *filename = NULL, *module_name = NULL, *version = NULL; > > > > ? > Removed > > > >> semanage_module_info_t *modinfo = NULL; > >> if ((retval = parse_module_headers(sh, data, data_len, > >> &module_name, &version, > >> @@ -868,14 +1063,10 @@ > >> if (retval == -4) { > >> ERR(sh, "There does not already exist a module named %s.", > >> module_name); > >> - goto cleanup; > >> - } > >> - if (write_file(sh, filename, data, data_len) == -1) { > >> - retval = -3; > >> } > >> + > >> cleanup: > >> free(version); > >> - free(filename); > >> free(module_name); > >> for (i = 0; modinfo != NULL && i < num_modules; i++) { > >> semanage_module_info_t *m = > >> @@ -883,6 +1074,80 @@ > >> semanage_module_info_datum_destroy(m); > >> } > >> free(modinfo); > >> + if (retval == 0) { > >> + *outfilename = filename; > >> + } else { > >> + free(filename); > >> + } > >> + return retval; > >> +} > >> + > >> +/* Similar to semanage_direct_install(), except that it checks that > >> + * there already exists a module with the same name and that the > >> + * module is an older version then the one in 'data'. Returns 0 on > >> + * success, -1 if out of memory, -2 if the data does not represent a > >> + * valid module file, -3 if error while writing file or reading > >> + * modules directory, -4 if there does not exist an older module or if > >> + * the previous module is same or newer than 'data'. > >> + */ > >> +static int semanage_direct_upgrade(semanage_handle_t * sh, > >> + char *data, size_t data_len) > >> +{ > >> + char *filename = NULL; > >> + int retval = get_direct_upgrade_filename(sh, > >> + data, data_len, > >> + &filename); > >> + if (retval == 0) { > >> + if (bzip(filename, data, data_len) == 0) { > >> + ERR(sh, "Error while writing to %s.", filename); > >> + retval = -3; > >> + } > >> + free(filename); > >> + } > >> + return retval; > >> +} > >> + > >> +/* Attempts to link a module to the sandbox's module directory, > > unlinking any > >> + * previous module stored within. > >> + * Returns 0 on success, -1 if out of memory, -2 if the > >> + * data does not represent a valid module file, -3 if error while > >> + * writing file. */ > >> + > >> +static int semanage_direct_upgrade_file(semanage_handle_t * sh, > >> + const char *module_filename) > >> +{ > >> + int retval = -1; > >> + char *data = NULL; > >> + size_t data_len = 0; > >> + int compressed = 0; > >> + int in_fd = -1; > >> + > >> + if ((in_fd = open(module_filename, O_RDONLY)) == -1) { > >> + return 0; > > > > returning 0 on failure > > > Fixed > >> + } > >> + > >> + if ((data_len = map_file(in_fd, &data, &compressed)) == 0) { > >> + goto cleanup; > >> + } > >> + > >> + if (compressed) { > >> + char *filename = NULL; > >> + retval = get_direct_upgrade_filename(sh, > >> + data, data_len, > >> + &filename); > >> + > >> + if (retval != 0) goto cleanup; > >> + > >> + retval = dupfile(filename, in_fd); > >> + free(filename); > >> + } else { > >> + retval = semanage_direct_upgrade(sh, data, data_len); > >> + } > >> + > >> + cleanup: > >> + close(in_fd); > >> + if (data_len > 0) munmap(data, data_len); > >> + > >> return retval; > >> } > >> > >> @@ -903,7 +1168,8 @@ > >> if ((filename = semanage_path(SEMANAGE_TMP, SEMANAGE_BASE)) == NULL) { > >> goto cleanup; > >> } > >> - if (write_file(sh, filename, base_data, data_len) == -1) { > >> + if (bzip(filename, base_data, data_len) == 0) { > >> + ERR(sh, "Error while writing to %s.", filename); > >> retval = -3; > >> } > >> retval = 0; > > > > retval gets smashed > > > Fixed, this was an existing bug, BTW > >> @@ -911,6 +1177,49 @@ > >> return retval; > >> } > >> > >> +/* Writes a base module into a sandbox, overwriting any previous base > >> + * module. > >> + * Returns 0 on success, -1 if out of memory, -2 if the data does not > > represent > >> + * a valid base module file, -3 if error while writing file. > >> + */ > >> +static int semanage_direct_install_base_file(semanage_handle_t * sh, > >> + const char *install_filename) > >> +{ > >> + int retval = -1; > >> + char *data = NULL; > >> + size_t data_len = 0; > >> + int compressed = 0; > >> + int in_fd; > >> + > >> + if ((in_fd = open(install_filename, O_RDONLY)) == -1) { > >> + return 0; > > > > returning 0 on failure > > > Fixed > >> + } > >> + > >> + if ((data_len = map_file(in_fd, &data, &compressed)) == 0) { > >> + goto cleanup; > >> + } > >> + > >> + if (compressed) { > >> + const char *filename = NULL; > >> + if ((retval = parse_base_headers(sh, data, data_len)) != 0) { > >> + goto cleanup; > >> + } > >> + if ((filename = semanage_path(SEMANAGE_TMP, SEMANAGE_BASE)) == NULL) { > >> + goto cleanup; > >> + } > >> + > >> + retval = dupfile(filename, in_fd); > >> + } else { > >> + retval = semanage_direct_install_base(sh, data, data_len); > >> + } > >> + > >> + cleanup: > >> + close(in_fd); > >> + if (data_len > 0) munmap(data, data_len); > >> + > >> + return retval; > >> +} > >> + > >> /* Removes a module from the sandbox. Returns 0 on success, -1 if out > >> * of memory, -2 if module not found or could not be removed. */ > >> static int semanage_direct_remove(semanage_handle_t * sh, char > > *module_name) > >> @@ -1005,15 +1314,26 @@ > >> * report it */ > >> continue; > >> } > >> + size_t size; > >> + char *data = NULL; > >> + > >> + if ((size = bunzip(fp, &data)) != 0) { > >> + fclose(fp); > >> + fp = fmemopen(data, size, "rb"); > > > > unhandled error from fclose and fmemopen > > > Fixed fmemopen failure, we don't check fclose failure anywhere in the code. > >> + } > >> + rewind(fp); > >> + > >> __fsetlocking(fp, FSETLOCKING_BYCALLER); > >> sepol_policy_file_set_fp(pf, fp); > >> if (sepol_module_package_info(pf, &type, &name, &version)) { > >> fclose(fp); > >> + free(data); > >> free(name); > >> free(version); > >> continue; > >> } > >> fclose(fp); > >> + free(data); > >> if (type == SEPOL_POLICY_MOD) { > >> (*modinfo)[*num_modules].name = name; > >> (*modinfo)[*num_modules].version = version; > >> diff --exclude-from=exclude -N -u -r nsalibsemanage/src/direct_api.h > > libsemanage-2.0.28/src/direct_api.h > >> --- nsalibsemanage/src/direct_api.h 2008-08-28 09:34:24.000000000 -0400 > >> +++ libsemanage-2.0.28/src/direct_api.h 2008-10-13 12:35:22.000000000 > > -0400 > >> @@ -37,4 +37,7 @@ > >> > >> int semanage_direct_access_check(struct semanage_handle *sh); > >> > >> +#include <stdio.h> > >> +size_t bunzip(FILE *f, char **data); > >> + > >> #endif > >> diff --exclude-from=exclude -N -u -r > > nsalibsemanage/src/libsemanage.map libsemanage-2.0.28/src/libsemanage.map > >> --- nsalibsemanage/src/libsemanage.map 2008-08-28 09:34:24.000000000 > > -0400 > >> +++ libsemanage-2.0.28/src/libsemanage.map 2008-10-13 > > 12:35:22.000000000 -0400 > >> @@ -3,8 +3,10 @@ > >> semanage_is_managed; semanage_connect; semanage_disconnect; > >> semanage_msg_*; > >> semanage_begin_transaction; semanage_commit; > >> - semanage_module_install; semanage_module_upgrade; > >> - semanage_module_install_base; semanage_module_remove; > >> + semanage_module_install; semanage_module_install_file; > >> + semanage_module_upgrade; semanage_module_upgrade_file; > >> + semanage_module_install_base; semanage_module_install_base_file; > >> + semanage_module_remove; > >> semanage_module_list; semanage_module_info_datum_destroy; > >> semanage_module_list_nth; semanage_module_get_name; > >> semanage_module_get_version; semanage_select_store; > >> diff --exclude-from=exclude -N -u -r nsalibsemanage/src/modules.c > > libsemanage-2.0.28/src/modules.c > >> --- nsalibsemanage/src/modules.c 2008-08-28 09:34:24.000000000 -0400 > >> +++ libsemanage-2.0.28/src/modules.c 2008-10-13 12:35:22.000000000 -0400 > >> @@ -52,6 +52,25 @@ > >> return sh->funcs->install(sh, module_data, data_len); > >> } > >> > >> +int semanage_module_install_file(semanage_handle_t * sh, > >> + const char *module_name) { > >> + > >> + if (sh->funcs->install_file == NULL) { > >> + ERR(sh, > >> + "No install function defined for this connection type."); > >> + return -1; > >> + } else if (!sh->is_connected) { > >> + ERR(sh, "Not connected."); > >> + return -1; > >> + } else if (!sh->is_in_transaction) { > >> + if (semanage_begin_transaction(sh) < 0) { > >> + return -1; > >> + } > >> + } > >> + sh->modules_modified = 1; > >> + return sh->funcs->install_file(sh, module_name); > >> +} > >> + > >> int semanage_module_upgrade(semanage_handle_t * sh, > >> char *module_data, size_t data_len) > >> { > >> @@ -71,6 +90,25 @@ > >> return sh->funcs->upgrade(sh, module_data, data_len); > >> } > >> > >> +int semanage_module_upgrade_file(semanage_handle_t * sh, > >> + const char *module_name) { > >> + > >> + if (sh->funcs->upgrade_file == NULL) { > >> + ERR(sh, > >> + "No upgrade function defined for this connection type."); > >> + return -1; > >> + } else if (!sh->is_connected) { > >> + ERR(sh, "Not connected."); > >> + return -1; > >> + } else if (!sh->is_in_transaction) { > >> + if (semanage_begin_transaction(sh) < 0) { > >> + return -1; > >> + } > >> + } > >> + sh->modules_modified = 1; > >> + return sh->funcs->upgrade_file(sh, module_name); > >> +} > >> + > >> int semanage_module_install_base(semanage_handle_t * sh, > >> char *module_data, size_t data_len) > >> { > >> @@ -90,6 +128,25 @@ > >> return sh->funcs->install_base(sh, module_data, data_len); > >> } > >> > >> +int semanage_module_install_base_file(semanage_handle_t * sh, > >> + const char *module_name) { > >> + > >> + if (sh->funcs->install_base_file == NULL) { > >> + ERR(sh, > >> + "No install base function defined for this connection type."); > >> + return -1; > >> + } else if (!sh->is_connected) { > >> + ERR(sh, "Not connected."); > >> + return -1; > >> + } else if (!sh->is_in_transaction) { > >> + if (semanage_begin_transaction(sh) < 0) { > >> + return -1; > >> + } > >> + } > >> + sh->modules_modified = 1; > >> + return sh->funcs->install_base_file(sh, module_name); > >> +} > >> + > >> int semanage_module_remove(semanage_handle_t * sh, char *module_name) > >> { > >> if (sh->funcs->remove == NULL) { > >> diff --exclude-from=exclude -N -u -r nsalibsemanage/src/policy.h > > libsemanage-2.0.28/src/policy.h > >> --- nsalibsemanage/src/policy.h 2008-08-28 09:34:24.000000000 -0400 > >> +++ libsemanage-2.0.28/src/policy.h 2008-10-13 12:35:22.000000000 -0400 > >> @@ -49,8 +49,14 @@ > >> /* Install a policy module */ > >> int (*install) (struct semanage_handle *, char *, size_t); > >> > >> + /* Install a policy module */ > >> + int (*install_file) (struct semanage_handle *, const char *); > >> + > >> /* Upgrade a policy module */ > >> int (*upgrade) (struct semanage_handle *, char *, size_t); > >> + > >> + /* Upgrade a policy module */ > >> + int (*upgrade_file) (struct semanage_handle *, const char *); > >> > >> /* Remove a policy module */ > >> int (*remove) (struct semanage_handle *, char *); > >> @@ -61,6 +67,9 @@ > >> > >> /* Install base policy */ > >> int (*install_base) (struct semanage_handle *, char *, size_t); > >> + > >> + /* Install a base module */ > >> + int (*install_base_file) (struct semanage_handle *, const char *); > >> }; > >> > >> /* Should be backend independent */ > >> diff --exclude-from=exclude -N -u -r > > nsalibsemanage/src/semanage_store.c libsemanage-2.0.28/src/semanage_store.c > >> --- nsalibsemanage/src/semanage_store.c 2008-09-15 12:20:44.000000000 > > -0400 > >> +++ libsemanage-2.0.28/src/semanage_store.c 2008-10-13 > > 12:57:29.000000000 -0400 > >> @@ -440,6 +440,8 @@ > >> char tmp[PATH_MAX]; > >> char buf[4192]; > >> > >> + if (link(src,dst) == 0) return 0; > >> + > >> n = snprintf(tmp, PATH_MAX, "%s.tmp", dst); > >> if (n < 0 || n >= PATH_MAX) > >> return -1; > >> @@ -1522,16 +1524,26 @@ > >> ERR(sh, "Could not open module file %s for reading.", filename); > >> goto cleanup; > >> } > >> + size_t size; > >> + char *data = NULL; > >> + > >> + if ((size = bunzip(fp, &data)) != 0) { > >> + fclose(fp); > >> + fp = fmemopen(data, size, "rb"); > >> + } > > > > unhandled error from fclose and fmemopen > > > Fixed as above > > > >> + rewind(fp); > >> __fsetlocking(fp, FSETLOCKING_BYCALLER); > >> sepol_policy_file_set_fp(pf, fp); > >> sepol_policy_file_set_handle(pf, sh->sepolh); > >> if (sepol_module_package_read(*package, pf, 0) == -1) { > >> ERR(sh, "Error while reading from module file %s.", filename); > >> fclose(fp); > >> + free(data); > >> goto cleanup; > >> } > >> sepol_policy_file_free(pf); > >> fclose(fp); > >> + free(data); > >> return retval; > >> > >> cleanup: > > > > > >commit 7817c92986edf432268f794a80cd52efb9f8b858 >Author: Eamon Walsh <ewalsh@tycho.nsa.gov> >Date: Mon Jan 5 18:31:55 2009 -0500 > > Bump libselinux to 2.0.76 > >commit f9b1f1a2a17298b60a94780ab5899a8d91cbf100 >Author: Eamon Walsh <ewalsh@tycho.nsa.gov> >Date: Wed Dec 31 18:55:20 2008 -0500 > > Add config path function for secolor.conf file. > > Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> > >commit cfa3cb6fa5d0cc00fde75ee74ec2da577f62e141 >Author: Eamon Walsh <ewalsh@tycho.nsa.gov> >Date: Tue Nov 25 18:16:42 2008 -0500 > > Add client routines for translating raw security contexts into colors. > > Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> > >commit aa92cfbe74633895696dbb1bd4bcf3b20a7f807b >Author: Eamon Walsh <ewalsh@tycho.nsa.gov> >Date: Tue Nov 18 18:59:20 2008 -0500 > > Bump libselinux to 2.0.75 > >commit 66b2af371aca28734346d23c3b5344cf094bcfbb >Author: Eamon Walsh <ewalsh@tycho.nsa.gov> >Date: Fri Nov 14 16:16:44 2008 -0500 > > Allow shell-style wildcard patterns in the X labeling backend. > > Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> > >commit f64fea9a0b9f2f317b4a42db8c6e7d4309dfb79d >Author: Stephen Smalley <sds@tycho.nsa.gov> >Date: Wed Nov 12 16:26:21 2008 -0500 > > Bump policycoreutils to 2.0.60 > >commit b4fca3c40fe0f27afbb1afff1a427db1d93e9e0b >Author: Stephen Smalley <sds@tycho.nsa.gov> >Date: Wed Nov 12 09:43:26 2008 -0500 > > semanage: Use semanage_mls_enabled > > Change semanage/seobject to use semanage_mls_enabled() rather than > is_selinux_mls_enabled(). I dropped the mls enabled tests altogether > from the semanage front-end script since setting up a handle is done by > seobject.py; if those checks are actually important, we could move them > inside of the seobject methods, but I'm not clear on the real benefit of > those checks. In seobject.py, I moved the setting of the is_mls_enabled > variable inside of get_handle(store) after the connect. I also dropped > the is_mls_enabled test from setransRecords since no handle/connection > exists there (since translations are not managed via libsemanage), and > again I'm not clear that the check there was overly important/useful. > > Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> > >commit 46dc67016b13e43e0d3a0d53fbea85f9b8437ce6 >Author: Stephen Smalley <sds@tycho.nsa.gov> >Date: Wed Nov 12 09:27:21 2008 -0500 > > Bump libsemanage to 2.0.30. > >commit 0a515c461000f9b1f74b79714ccf0d1d4b775c8a >Author: Stephen Smalley <sds@tycho.nsa.gov> >Date: Mon Nov 10 15:32:56 2008 -0500 > > libsemanage: Add semanage_mls_enabled interface > > Add a semanage_mls_enabled() interface to libsemanage so that > semanage/seobject can be rewritten to use it to test whether MLS is > enabled for a given policy store rather than checking the runtime MLS > enabled status, which can be misleading when using semanage on a > SELinux-disabled host or when using semanage on a store other than the > active one. Sample usage: > from semanage import * > handle = semanage_handle_create() > rc = semanage_connect(handle) > rc = semanage_mls_enabled(handle) > > Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> > >commit 223bb406d85e29482ed075c4b4d8b2dd6cc743f8 >Author: Joshua Brindle <method@manicmethod.com> >Date: Sun Nov 9 11:20:40 2008 -0500 > > Bump libsemanage to 2.0.29 and policycoreutils to 2.0.59 > >commit 9e2c58f924c074c3f2b644e4a4ec197e1b629431 >Author: Christopher J. PeBenito <cpebenito@tresys.com> >Date: Tue Nov 11 09:49:00 2008 -0500 > > homedir_template generation skips USER lines > > The current libsemanage code does not correctly add lines which include > USER in them into the homedir_template, for example: > > /tmp/gconfd-USER -d system_u:object_r:ROLE_tmp_t > > This line was included in the past since it has ROLE. However, with the > switch to UBAC separations, the line has changed to: > > /tmp/gconfd-USER -d system_u:object_r:user_tmp_t > > and is no longer included. The follwing patch fixes. > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit c35dcc43bcbab93ae39964d2dac12090a79d6178 >Author: Joshua Brindle <method@manicmethod.com> >Date: Sun Nov 9 11:16:51 2008 -0500 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: Latest policycoreutils package has a minor problem > Date: Mon, 10 Nov 2008 09:04:39 -0500 > > Checking _local twice. > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit 2c41d9d1a71a9e6bce46107156ee1cd6117a81c9 >Author: Joshua Brindle <method@manicmethod.com> >Date: Fri Nov 7 19:25:17 2008 -0500 > > bump policycoreutils to 2.0.58 > >commit 1f4d94f4c408d30346afa7f6858c42d5ca0230e1 >Author: Joshua Brindle <method@manicmethod.com> >Date: Fri Nov 7 19:20:39 2008 -0500 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: seobject_fcontext patch allows you to modify a preexisting file context. > Date: Fri, 07 Nov 2008 09:46:36 -0500 > > Currently semanage is not allowed to change a file context mapping if it > matches exactly, this patch allows you to modify the file context. > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > > NOTE: original patch modified to remove unused list in fcontext get_all() > >commit dd808a1342d87c18ff88d8b0bbd7236d45094301 >Author: Joshua Brindle <method@manicmethod.com> >Date: Fri Nov 7 16:55:34 2008 -0500 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: policycoreutils patch > Date: Thu, 23 Oct 2008 13:15:11 -0400 > > Change semange fcontext -a to check for local customizations rather then > global, so you can modify a file context. > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit cb6945546570e9c5e039098e31ee473b14c0af7c >Author: Joshua Brindle <method@manicmethod.com> >Date: Fri Nov 7 16:50:34 2008 -0500 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: policycoreutils audit2allow patch > Date: Fri, 07 Nov 2008 09:36:44 -0500 > > audit2why can throw a runtime exception and typo in man page. > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit bcd43e0bf1cab9123f2d96db488fb474c2ba47ec >Author: Joshua Brindle <method@manicmethod.com> >Date: Fri Nov 7 16:49:04 2008 -0500 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: newrole error message corrections. > Date: Fri, 07 Nov 2008 09:37:52 -0500 > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit cc502813e0e64c1f7d380503d153cd49e8fcb130 >Author: Eamon Walsh <ewalsh@tycho.nsa.gov> >Date: Mon Nov 3 13:45:19 2008 -0500 > > Bump libselinux to 2.0.74 > >commit eee0f022e44ade05143eeee3748dd78fbd17966b >Author: Eamon Walsh <ewalsh@tycho.nsa.gov> >Date: Fri Oct 31 10:20:33 2008 -0400 > > Put a proper message type into each message logged by the userspace AVC. > Currently, the message types are defined but not used. > > This will allow better separation of messages when logging to facilities > such as libaudit. > > Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> > >commit 3d431ae08f5349b906879f7a6abd0e2bbd182e92 >Author: Joshua Brindle <method@manicmethod.com> >Date: Tue Oct 14 08:12:59 2008 -0400 > > bump libselinux and checkpolicy versions > >commit d5286d7169d13779dae3c745e55969a173634c33 >Author: Stephen Smalley <sds@tycho.nsa.gov> >Date: Tue Oct 14 10:57:24 2008 -0400 > > Genfscon 'dash' issue > > On Tue, 2008-10-14 at 02:00 +0000, korkishko Tymur wrote: > > I have checked policy_parse.y. It has following rule for genfscon: > > > > genfs_context_def : GENFSCON identifier path '-' identifier security_context_def > > {if (define_genfs_context(1)) return -1;} > > | GENFSCON identifier path '-' '-' {insert_id("-", 0);} security_context_def > > {if (define_genfs_context(1)) return -1;} > > | GENFSCON identifier path security_context_def > > {if (define_genfs_context(0)) return -1;} > > > > The rule for path definition (in policy_scan.l) has already included '-' (dash): > > > > "/"({alnum}|[_.-/])* { return(PATH); } > > > > In my understanding (maybe wrong), path is parsed first (and path might include '-') and only then separate '-' is parsed. > > But it still produces an error if path definition is correct and includes '-'. > > > > Any ideas/patches how to fix grammar rules are welcomed. > > This looks like a bug in policy_scan.l - we are not escaping (via > backslash) special characters in the pattern and thus the "-" (dash) is > being interpreted rather than taken literally. The same would seemingly > apply for "." (dot), and would seem relevant not only to PATH but also > for IDENTIFIER. The patch below seems to fix this issue for me: > >commit 345fb4a99b7aa6442b2f9ead4cc391d031d4b6ba >Author: Joshua Brindle <method@manicmethod.com> >Date: Tue Oct 14 07:34:49 2008 -0400 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: Yet another man page patch > Date: Tue, 30 Sep 2008 08:52:58 -0400 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > int selinux_file_context_cmp(const security_context_t a, > + const security_context_t b);" > + > +.BI "int selinux_file_context_verify(const char *path, mode_t mode);" > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org > > iEYEARECAAYFAkjiISoACgkQrlYvE4MpobPV9gCg0KZ+rsxGsIalBS1qvbObK7bA > 0H8Anj8FnGzOnSjnOfbk+5R4Bf2OyxW+ > =nJ7k > -----END PGP SIGNATURE----- > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit 86562db50a328b82626f7db7a8bf8ff7f55ca045 >Author: Joshua Brindle <method@manicmethod.com> >Date: Tue Oct 14 07:33:19 2008 -0400 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: matchpathcon -V does not always work as expected. > Date: Tue, 30 Sep 2008 08:54:18 -0400 > > matchpathcon -V should be passing the mode when checking whether the > file context on a file is correct. > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit a73248ba8184e152c752310ac1cb649c7a292ebb >Author: Joshua Brindle <method@manicmethod.com> >Date: Thu Oct 9 08:34:09 2008 -0400 > > remove reject file > >commit b04f2af251a5400342fabcc05ce3b280e85a8e0d >Author: Joshua Brindle <method@manicmethod.com> >Date: Thu Oct 9 08:31:43 2008 -0400 > > bump checkpolicy to 2.0.17 and libsepol to 2.0.34 > >commit f470207454f5f6ce539aa543e5168a07d667254b >Author: Joshua Brindle <method@manicmethod.com> >Date: Wed Oct 8 06:58:40 2008 -0400 > > Author: KaiGai Kohei > Email: kaigai@ak.jp.nec.com > Subject: Thread/Child-Domain Assignment (rev.6) > Date: Tue, 07 Oct 2008 15:39:45 +0900 > > >> Hmm.... > >> It seems to me what you pointed out is a bug of my patch. It prevents to deliver > >> actual number of type/attribute symbols to policy file, but it is unclear why does > >> it makes libsepol ignore the policyvers. > >> (I guess it may be a separated matter.) > >> > >>> Rather than trying to calculate the length without attributes I just removed > >>> the attribute check. This causes attributes to be written for all versions, > >>> but this should not cause any problems at all. > >> The reason why I injected such an ad-hoc code is that we cannot decide the policy > >> version written when type_attr_remove() is invoked. > >> Is it impossible to move it to policydb_write()? > >> It is invoked after the policyvers is fixed by caller. > > > > It isn't impossible. You are going to have to make it walk to type > > symbol table to calculate the length without attributes, then write > > that length instead of the total symtab length. > > The attached patch enables to fixup the number of type/attribute entries > to be written. The type_attr_uncount() decrements the number of attribute > entries skipped at type_write(). > > At first, I had a plan to invoke type_attr_remove() with > hashtab_map_remove_on_error(), but it means the given policydb structure > is modified at policydb_write() and implicit changes to external interface. > > Differences from the previous version are here: > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit 45728407d60a5297deac7aa65fd92adf2412d5f7 >Author: Joshua Brindle <method@manicmethod.com> >Date: Wed Oct 8 06:56:51 2008 -0400 > > Author: KaiGai Kohei > Email: kaigai@ak.jp.nec.com > Subject: Thread/Child-Domain Assignment (rev.2) > Date: Tue, 05 Aug 2008 14:55:52 +0900 > > [2/3] thread-context-checkpolicy.2.patch > It enables to support TYPEBOUNDS statement and to expand > existing hierarchies implicitly. > > Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com> > -- > module_compiler.c | 86 +++++++++++++++++++++++++++++++++++++++++++++++++ > policy_define.c | 93 +++++++++++++++++++++++++++++++++++++++++++++++++++++- > policy_define.h | 1 > policy_parse.y | 5 ++ > policy_scan.l | 2 + > 5 files changed, 186 insertions(+), 1 deletion(-) > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit e61b36a5c78852c5d30d9512e0c69546d23ea25c >Author: Joshua Brindle <method@manicmethod.com> >Date: Tue Oct 7 09:51:54 2008 -0400 > > Author: Joshua Brindle > Email: method@manicmethod.com > Subject: BUGREPORT: A type alias of invisible primary one > Date: Mon, 22 Sep 2008 16:43:04 -0400 > > KaiGai Kohei wrote: > > Joshua Brindle wrote: > >> KaiGai Kohei wrote: > >>> I found a strange type_datum_t object which has 0 for its s.value > >>> during development of new type hierarchy checks. > >>> > >>> The strange one is "xguest_javaplugin_default_xproperty_t" which > >>> is an alias type of "xguest_javaplugin_xproperty_t". > >>> > >>> I doubted my patch at first, but it can be reproduced on the normal > >>> libsepol. It seems to me an original matter which is not exposed yet, > >>> and I am innocence. :-) > >>> > >>> During tracing the matter, I noticed the primary type is invisible > >>> at expand_module(), but the aliased one is visible. It can make the > >>> strange type_datum_t object. > >>> > >>> * at the expand_module() > >>> 1. The expand_state_t which includes typemap is initialized. > >>> > >>> 2. The type_copy_callback is invoked for any types via hashtab_map. > >>> It only copies primary and visible types into newer hashtab, > >>> and set up typemap to translate between old and new s.value. > >>> Thus, the given primary type is invisible, its slot of typemap > >>> is kept to zero. > >>> (*) is_id_enabled() for "xguest_javaplugin_xproperty_t" returned false. > >>> > >>> 3. The alias_copy_callback is invoked for any types via hashtab_map. > >>> It only copies alias and visible types into newer hashtab. > >>> Here is no check whether the primary side is visible, or not. > >>> A copied type_datum_t object for the given alias has new s.value > >>> which is picked up from state->typemap. > >>> > >>> 4. However, the target slot of state->typemap was zero, because > >>> its primary one is invisible. The aliased type has a strange > >>> s.value. > >>> > >>> 5. Type hierarchy checks got a segmentation fault, due to > >>> "p->type_val_to_name[datum->s.value - 1]". > >>> ^^^^^^^^^^^^^^^^^^ == -1 > >>> Yes, we can identify cause of the matter. > >> Do you have a policy that can be used to reproduce this? > > > > Yes, the following policy can reproduce the matter. > > - - - - [ cut here ] - - - - > > policy_module(baz, 1.0) > > > > optional_policy(` > > gen_require(` > > type invisible_primary_t; > > ') > > typealias invisible_primary_t alias visible_alias_t; > > ') > > - - - - - - - - - - - - - - - > > > > The attached patch can inject some of printf()'s. > > You can see that invisible_primary_t is skipped at type_copy_callback() > > and an incorrect s.value is assigned at alias_copy_callback(). > > > > Thanks, > > > > This should fix it. I tested with and without your patchset on a few policies. Let me know if it doesn't work for you: > >commit 57671a59f240d92df79b28beddd0b5d8664c9326 >Author: Joshua Brindle <method@manicmethod.com> >Date: Mon Sep 29 21:11:42 2008 -0400 > > bump libsepol to 2.0.33 > >commit eeb520a0453ccc3d51770c4281125086e91c4ff7 >Author: Joshua Brindle <method@manicmethod.com> >Date: Mon Sep 29 21:09:17 2008 -0400 > > Revert "Subject: remove expand_rule function" > > This reverts commit 45e94541ecbe3594482975018e4ceb0fadacd92a. > >commit 922103e7f27a404be0b06baeb441396ce7e3e5c0 >Author: Joshua Brindle <method@manicmethod.com> >Date: Mon Sep 29 18:20:51 2008 -0400 > > bump libselinux to 2.0.73 > >commit 06c2dd5d04a1505d2c3e397b5b8a624fdd02805b >Author: Joshua Brindle <method@manicmethod.com> >Date: Mon Sep 29 15:55:18 2008 -0400 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: Some missing man pages from libselinux > Date: Wed, 24 Sep 2008 08:57:44 -0400 > > We are still missing the following man pages. > Perhaps some of these functions should be removed? > selinux_users_path seems to return a bogus directory? > Also do not have _raw functions defined in man pages. > > matchpathcon_checkmatches > matchpathcon_filespec_add > matchpathcon_filespec_destroy > matchpathcon_filespec_eval > matchpathcon_index > matchpathcon_init_prefix > print_access_vector > security_canonicalize_context > security_disable > security_set_boolean_list > selinux_check_passwd_access > selinux_customizable_types_path > selinux_file_context_cmp > selinux_file_context_verify > selinux_get_callback > selinux_init_load_policy > selinux_lsetfilecon_default > selinux_mkload_policy > selinux_raw_to_trans_context > selinux_trans_to_raw_context > selinux_translations_path > selinux_users_path > set_selinuxmnt > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit 85ea2db4bd450be86fc12723a553ba84bf746311 >Author: Joshua Brindle <method@manicmethod.com> >Date: Mon Sep 29 15:12:38 2008 -0400 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: Man page fixes for libselinux. > Date: Mon, 22 Sep 2008 13:52:13 -0400 > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit 5973c54402317126e63902ed2b288f567bd7ee59 >Author: Joshua Brindle <method@manicmethod.com> >Date: Mon Sep 29 12:12:04 2008 -0400 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: Latest flask definitions for libselinux. > Date: Mon, 22 Sep 2008 13:50:26 -0400 > > Adds open, X Definitions and nlmsg_tty_audit for netlink_audit_socket > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit c28138ef1849b086e9378dd66c8d86d1af9c47b7 >Author: Joshua Brindle <method@manicmethod.com> >Date: Thu Sep 18 09:56:06 2008 -0400 > > bump policycoreutils to 2.0.57 > >commit 1dce6736bdf056ddccbb699c9c84908805b9fdf6 >Author: Joshua Brindle <method@manicmethod.com> >Date: Thu Sep 18 09:52:36 2008 -0400 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: Latest translations of SELinux policoreutils patch > Date: Fri, 12 Sep 2008 11:57:31 -0400 > > http://people.fedoraproject.org/~dwalsh/SELinux/policycoreutils-po.patch > >commit f187d4a56e43fe54a2f8f203d118cbc35cd0c2eb >Author: Joshua Brindle <method@manicmethod.com> >Date: Mon Sep 15 11:25:27 2008 -0400 > > bump to libsemanage 2.0.28 > >commit e319cd8538dca80c4a6f9ad2669b14e02f255853 >Author: Joshua Brindle <method@manicmethod.com> >Date: Mon Sep 15 09:25:33 2008 -0400 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: libsemage patch to not compile modules for seusers and fcontext > Date: Wed, 10 Sep 2008 10:30:08 -0400 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Ivan Gyurdiev wrote: > > > >>> I'm a little unclear on what this is doing - can you clarify? > >>> > >> This is clearing the existing seusers.final file, otherwise delete was > >> not working. > >> > > I think the previous code was doing more - it was merging the local file > > with the shipped base package file, like this: > > > > data = extract_file_from_policy_package( ) > > write_file ( "seusers.final", data ) > > if ( data != null ) { > > seusers.clear_cache() // thereby forcing reload from > > seusers.final when cache() is called again (in merge_components) > > } else { > > seusers.clear() > > } > > > > It's also doing this three times (once for fcontexts, once for seusers, > > once for seusers_extra). > > The problem is that you're skipping the link_sandbox call, which builds > > the base package, containing this information. > > > > Ivan > > > > > Ok I found some problems with the previous patch and did some code > reuse. I added a function that only read base.pp in order to handle the > base user_extra and seusers problem. > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit f0e01678fbf03cf720acb5a950704b15517d8b5c >Merge: f210ced a4c9f58 >Author: Joshua Brindle <method@manicmethod.com> >Date: Sun Sep 7 22:50:10 2008 -0400 > > Merge branch 'master' of ssh://jbrindle@oss.tresys.com/home/git/selinux/ > >commit a4c9f58e0383802351216189ebd7430fd419d1d1 >Author: Joshua Brindle <method@manicmethod.com> >Date: Sun Sep 7 22:00:20 2008 -0400 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: Changes to semanage to allow it to handle transactions. > Date: Fri, 12 Sep 2008 11:52:31 -0400 > > Joshua Brindle wrote: > > Daniel J Walsh wrote: > > semanage -S targeted -i - << __eof > > user -a -P user -R "unconfined_r system_r" -r s0-s0:c0.c1023 unconfined_u > > user -a -P user -R guest_r guest_u > > user -a -P user -R xguest_r xguest_u > > __eof > > semanage -S targeted -i - << __eof > > login -m -s unconfined_u -r s0-s0:c0.c1023 __default__ > > login -m -s unconfined_u -r s0-s0:c0.c1023 root > > __eof > > > > So you can add multiple records in a single pass. > >> > > > This patch seems to cause some issues: > > > [root@misterfreeze selinux-pristine]# semanage --help > > Traceback (most recent call last): > > File "/usr/sbin/semanage", line 433, in <module> > > usage(_("Requires 2 or more arguments")) > > File "/usr/sbin/semanage", line 98, in usage > > """) % message) > > TypeError: float argument required > > Patch off your latest policycoreutils. > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit 5214ee3d97d62e1a082f4f9bc5ef7f2f0895e96a >Author: Joshua Brindle <method@manicmethod.com> >Date: Sun Sep 7 18:57:50 2008 -0400 > > bump policycoreutils to 2.0.56 and sepolgen to 1.0.14 > >commit f33c23052693a16dd0ed983d4d99fa98379b8e94 >Author: Joshua Brindle <method@manicmethod.com> >Date: Sun Sep 7 18:53:26 2008 -0400 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: Changes to semanage to allow it to handle transactions. > Date: Mon, 08 Sep 2008 15:05:36 -0400 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > semanage -S targeted -i - << __eof > user -a -P user -R "unconfined_r system_r" -r s0-s0:c0.c1023 unconfined_u > user -a -P user -R guest_r guest_u > user -a -P user -R xguest_r xguest_u > __eof > semanage -S targeted -i - << __eof > login -m -s unconfined_u -r s0-s0:c0.c1023 __default__ > login -m -s unconfined_u -r s0-s0:c0.c1023 root > __eof > > So you can add multiple records in a single pass. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org > > iEYEARECAAYFAkjFd4AACgkQrlYvE4MpobMaoQCgxeqYTX2mpRIiIr0461/fvblU > 3fQAoIbM8x9rWL0f8iPz0UeoM2mf60XW > =hxC3 > -----END PGP SIGNATURE----- > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit 64d7ef5d44b672ca92742f5cb0a37d4baac16343 >Author: Joshua Brindle <method@manicmethod.com> >Date: Sun Sep 7 18:51:09 2008 -0400 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: Add glob support for restorecond > Date: Mon, 08 Sep 2008 15:03:51 -0400 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I have added supported for GLOB expressions in restorecond. In order to > get nsplugin to work well, you need all of the contents of the homedir > labeled correctly. Unfortunately gnome creates directories at a fairly > random pace. FCFS. So it is very difficult to get transitions to > happen properly. As a tradeoff, we can use restorecond to watch the > homedir and relabel the directory when it is created. I know this is a > potential race condition. where some of the files created in the > directory will still have the wrong context, but I don't know of a > better solution. > > Telling everyone they need to restorcon -R -v ~ is not a great solution. > If you are worried about information flow you should never rely on > restorecond. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org > > iEYEARECAAYFAkjFdxcACgkQrlYvE4MpobPtjACg3uyqaHD78FRxdaG5mfitnoB/ > lh0AnjvfDC2vmCWisxzWq2qFsZMMu3XK > =JiG7 > -----END PGP SIGNATURE----- > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit ceb5792c21ec62f98afa4871929d3169ee81656f >Author: Joshua Brindle <method@manicmethod.com> >Date: Sun Sep 7 18:48:24 2008 -0400 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: Only call gen_requires once. > Date: Thu, 11 Sep 2008 09:35:54 -0400 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Currently audit2allow/sepolgen will create two identical gen_requires > block if you have allow rules and a role statement. > > This patch fixes this problem. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org > > iEYEARECAAYFAkjJHroACgkQrlYvE4MpobPgMQCghgAMBtaQO0BeZX+ug6IwsWB8 > bNEAoMkRo4cZa0iJhGoGMmCvy5ncGpj8 > =gMFg > -----END PGP SIGNATURE----- > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit 2928ff218925959722a30ac7e98d8c2e1218c4e0 >Author: Joshua Brindle <method@manicmethod.com> >Date: Sun Sep 7 18:47:23 2008 -0400 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: fixfiles fixes > Date: Mon, 08 Sep 2008 15:03:35 -0400 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Removes all files from /tmp, previous one would leave /tmp/.a and /tmp/.b > > Fixed context on unlabeled_t and file_t files in /tmp and /var/tmp. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org > > iEYEARECAAYFAkjFdwYACgkQrlYvE4MpobMZJACfRsCuVFja3fvYZYtptyW2h3lH > yAQAn0xmDAYELt+res60OIcL3UDrUFRv > =09W1 > -----END PGP SIGNATURE----- > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit f210ced209102d187ae788413603ef1ed9d44680 >Author: Joshua Brindle <method@manicmethod.com> >Date: Sun Sep 7 18:42:35 2008 -0400 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: Only call gen_requires once. > Date: Thu, 11 Sep 2008 09:35:54 -0400 > > Currently audit2allow/sepolgen will create two identical gen_requires > block if you have allow rules and a role statement. > > This patch fixes this problem. > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit 95e4b5c3cc37f2c62bf99428275908d7da6e4a0e >Author: Joshua Brindle <method@manicmethod.com> >Date: Sun Sep 7 18:40:28 2008 -0400 > > Author: Daniel J Walsh > Email: dwalsh@redhat.com > Subject: fixfiles fixes > Date: Mon, 08 Sep 2008 15:03:35 -0400 > > [root@misterfreeze selinux]# cat patch > --- nsapolicycoreutils/scripts/fixfiles 2008-08-28 09:34:24.000000000 -0400 > +++ policycoreutils-2.0.55/scripts/fixfiles 2008-09-08 14:08:57.000000000 -0400 > @@ -139,14 +139,14 @@ > LogReadOnly > ${SETFILES} -q ${OUTFILES} ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 >> $LOGFILE > rm -rf /tmp/gconfd-* /tmp/pulse-* /tmp/orbit-* > -find /tmp -context "*:file_t*" -exec chcon -t tmp_t {} \; > -find /var/tmp -context "*:file_t*" -exec chcon -t tmp_t {} \; > +find /tmp \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) -exec chcon -t tmp_t {} \; > +find /var/tmp \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) -exec chcon -t tmp_t {} \; > exit $? > } > > fullrelabel() { > logit "Cleaning out /tmp" > - rm -rf /tmp/.??* /tmp/* > + find /tmp/ -mindepth 1 -print0 | xargs -0 /bin/rm -f > LogReadOnly > restore > } > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit 107d46ff3e25a55621130378653df8c2ff698c0a >Author: Stephen Smalley <sds@tycho.nsa.gov> >Date: Tue Aug 26 09:40:22 2008 -0400 > > Update policycoreutils VERSION and ChangeLog. > >commit 55fe3dbba5232ca2a22935256e9d946caec63adc >Author: Stephen Smalley <sds@tycho.nsa.gov> >Date: Tue Aug 26 09:36:09 2008 -0400 > > Fix locallist (-lC) functionality for semanage node. > >commit 4611c09d6b22ff2aebb55388d777bcf8921dd50b >Author: Stephen Smalley <sds@tycho.nsa.gov> >Date: Tue Aug 26 09:08:25 2008 -0400 > > Fix EMBEDDED=y build. > >commit 49706ad9f8080f27272c9728a6c7d107c573acc3 >Author: Christian Kuester <c.kuester@tarent.de> >Date: Thu Aug 14 09:32:16 2008 +0200 > > Revised Patch for local nodecon support in semanage (was: Adding local nodecon's through semanage) > > Stephen Smalley schrieb: > > Hi List, > > > On Tue, 2008-07-08 at 08:30 -0400, Stephen Smalley wrote: > >> On Tue, 2008-07-08 at 12:13 +0200, Christian Kuester wrote: > >>>> Other tidbits on the semanage patch that I noticed: > >>>> - semanage node -l was broken, requires additional argument that has > >>>> been added to the list methods subsequently. Also would be nice to > >>>> support locallist/-C option. > >>>> - semanage node -p option should take a string rather than an integer > >>>> and map it to the proper symbolic constant for ipv4/ipv6. > >> Please be sure to test each of the nodeRecords methods. > > Are you still pursuing getting this cleaned up and merged? > > Sorry, it took some time. The revised patch for nodecon support in > the semanage tool is attached. > > It now takes strings as arguments for the ip protocol. list/locallist > work as expected and output is more readable. I also made changes for > the semanage.8 man page. > > Kind Regards, > Christian > > -- > tarent Gesellschaft für Softwareentwicklung und IT-Beratung mbH > > Heilsbachstr. 24, 53123 Bonn | Poststr. 4-5, 10178 Berlin > fon: +49(228) / 52675-0 | fon: +49(30) / 27594853 > fax: +49(228) / 52675-25 | fax: +49(30) / 78709617 > > Geschäftsführer > Boris Esser, Elmar Geese > HRB AG Bonn 5168 > Ust-ID: DE122264941 > > Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> > >commit 45e94541ecbe3594482975018e4ceb0fadacd92a >Author: Joshua Brindle <method@manicmethod.com> >Date: Tue Aug 12 13:59:32 2008 -0400 > > Subject: remove expand_rule function > > Send again with the right date and time ;) > > This removes the (apparently) unused expand_rule function > > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit 0915aeaaac4c5f56158c56cb0aeec51639bc7f28 >Author: Vesa-Matti J Kari <vmkari@cc.helsinki.fi> >Date: Sun Aug 10 04:28:47 2008 +0300 > > selinux: conditional expression type validation was off-by-one > > This is the same off-by-one bug that was already fixed in the kernel. > (According to my understanding neither of these bugs has security > implications) > > Signed-off-by: Vesa-Matti Kari <vmkari@cc.helsinki.fi> > Signed-off-by: Joshua Brindle <method@manicmethod.com> > >commit 13cd4c8960688af11ad23b4c946149015c80d549 >Author: Joshua Brindle <method@manicmethod.com> >Date: Tue Aug 19 15:30:36 2008 -0400 > > initial import from svn trunk revision 2950
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=703151">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 913175
:
703151
|
781193