[SELinux commit]SELinux userland upstream repository branch, master, updated. 20080909-394-g6b6b475
eparis at oss.tresys.com
eparis at oss.tresys.com
Wed Aug 17 10:55:14 CDT 2011
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "SELinux userland upstream repository".
The branch, master has been updated
via 6b6b475dcfe77dbf3d37b4f6e4fee3539346f359 (commit)
via 3ed7221bf7832f207a125e6364ece1826d369c37 (commit)
via d761cc98490546da3dd048a5b201d2edb020d33b (commit)
via f97e508567a07e4f2680843ec8265295bae605fb (commit)
via 1654b964bccd03ab286c9fdc687670fd9e6ba6e4 (commit)
via e883871de23f64633a5b0a99e7ac372fe90ca15b (commit)
via d01c33c90ed9197e8cf29db15566e3c35a43fa77 (commit)
via f78aa2f81b9d974bedf8f7cc0dae7bbebdff15c8 (commit)
via e25ea71a5b288058288b70a2f23f757fe89bb0c8 (commit)
via f3fbc5d6dee7ccc85c6f8c55a9e7508a82000088 (commit)
via 2c3e6f6115c5879962fd726d2ce18567210bf947 (commit)
via 877447a9e7c8d4dce5054be9c16c1643f532a105 (commit)
via a0d1dc8a019c13cfa0db1192a700bcc9122f8606 (commit)
via d2f0f42570d9b2aebf55c96e60e6db6b52a79bfb (commit)
via 0c4d0788abf2364d0f05cac675014849ee66e423 (commit)
via 123559545f6244cde45f370dba0902869c1af49b (commit)
via cfddb3fa9a09ee3808f29594b195ef1603c1815a (commit)
via 643b9b703cd75e75dac532713b2516115f6336f9 (commit)
via 4c96df7d77a775aae7d3355d6097bee827f97a58 (commit)
via 12e29ee1ddfa3a16e101e92503b0bc8d14120dd4 (commit)
via 66564a67cf3fd8b282d1222aaec8b02ae97611fb (commit)
via 17c577ace7fcaae08401233cc9debde2d574b756 (commit)
via 5bd734dd7395a2f6c87546b8e7159b02544405f9 (commit)
via 35f4e6a870b517b964f68027d79f6cb17b5678a6 (commit)
via 1da72eea266fdee3603204423ab1d9e68ff05f79 (commit)
via e2769ff6700665bb054b7a8e3f8db67712b92da1 (commit)
via 275560b2a380a5f34041fd4569a38791f25aa195 (commit)
via 5e096d9ceb637a785d4537555799602a3de2b3dc (commit)
via 4b00b5c6a4876f3470b53252bad7a1e6f91899fc (commit)
via 9cd587f5533456e7b26601e27e65744272e2e783 (commit)
via 9406ace82b12780da84b2553cb74f88101978ea2 (commit)
via 78d58d73b4098ec56b6545abd9f9719563d0d587 (commit)
via d784fd71b56cb8f57d5b9fcd784094e004bf7c6a (commit)
via 34d9c258dac686f4baa2e7f0d6f25f7e7ca5aac6 (commit)
via 8faf23de0b534a19555691e8ba111dcde8f02af3 (commit)
via 4ad18969546c16bd78206799de642af6eb2293ea (commit)
via 5619635063741e1c8c9cf53a8746dd29be0cda79 (commit)
via d72a9ec825ef2a8723510f62292cf2adfd4a2a6c (commit)
from 47499404268aa4f064fe078710ccf7a139061753 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 6b6b475dcfe77dbf3d37b4f6e4fee3539346f359
Author: Eric Paris <eparis at redhat.com>
Date: Wed Aug 17 11:17:28 2011 -0400
update changelog and VERSION for latest changes
commit 3ed7221bf7832f207a125e6364ece1826d369c37
Author: Guido Trentalancia <guido at trentalancia.com>
Date: Tue Jul 19 21:51:06 2011 +0200
policycoreutils: run_init: clarification of the usage in the manual page
It's a very minor thing really, but I believe (on the basis of an
off-list question) that the manual page for policycoreutils/run_init can
be improved by the following short patch which aims to further clarify
the intended usage of such tool and mention that it caters for one
(somewhat hidden) compile-time option.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit d761cc98490546da3dd048a5b201d2edb020d33b
Author: Dan Walsh <dwalsh at redhat.com>
Date: Thu Aug 4 09:51:52 2011 -0400
policycoreutils: semanage: fix usage header around booleans
Fix header to not display all of the options and fix Booleans to only list
supported options
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit f97e508567a07e4f2680843ec8265295bae605fb
Author: Eric Paris <eparis at redhat.com>
Date: Wed Aug 3 11:56:17 2011 -0400
policycoreutils: semanage: remove useless empty lines
This patch just removes some blank lines that we don't need. Makes it
all purdy.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 1654b964bccd03ab286c9fdc687670fd9e6ba6e4
Author: Eric Paris <eparis at redhat.com>
Date: Tue Jul 19 16:05:23 2011 -0400
policycoreutils: semanage: update man page with new examples
semanage rocks, so make the man page rock!
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit e883871de23f64633a5b0a99e7ac372fe90ca15b
Author: Eric Paris <eparis at redhat.com>
Date: Tue Jul 19 14:21:11 2011 -0400
policycoreutils: semanage: update usage text
Add -D and -l and -n in the usage text where they belong.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit d01c33c90ed9197e8cf29db15566e3c35a43fa77
Author: Eric Paris <eparis at redhat.com>
Date: Tue Jul 19 14:21:08 2011 -0400
policycoreutils: semanage: introduce file context equivalencies
This adds a new -e options to semanage fcontext which allows one to
specify filesystem equivalancies. An example would be if an admin were
to run out of space and to start putting home directories in /home1.
They can use the equivalencies to specify that /home1 is labeled exactly
like /home.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit f78aa2f81b9d974bedf8f7cc0dae7bbebdff15c8
Author: Eric Paris <eparis at redhat.com>
Date: Tue Jul 19 12:15:41 2011 -0400
policycoreutils: semanage: enable and disable modules
Add tools to store the state of modules and to enable and disable those
modules.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit e25ea71a5b288058288b70a2f23f757fe89bb0c8
Author: Eric Paris <eparis at redhat.com>
Date: Tue Jul 19 11:38:57 2011 -0400
policycoreutils: semanage: output all local modifications
Introduce a new -o option which will output all local modifications in a
method which can be 're-inputted' on another host.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit f3fbc5d6dee7ccc85c6f8c55a9e7508a82000088
Author: Eric Paris <eparis at redhat.com>
Date: Tue Jul 19 11:27:23 2011 -0400
policycoreutils: semanage: introduce extraction of local configuration
Add a new option -E which will extract the local configuration changes
made for the given record type. This will be used by a further output
option to be able to dump local configuration in a form which can be
imported later.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 2c3e6f6115c5879962fd726d2ce18567210bf947
Author: Eric Paris <eparis at redhat.com>
Date: Tue Jul 19 11:27:22 2011 -0400
policycoreutils: semanage: cleanup error on invalid operation
Before you would get:
$ semanage fcontext toys
/usr/sbin/semanage Invalid command fcontext toys
Now you get:
$ semanage fcontext toys
/usr/sbin/semanage: Invalid command: semanage fcontext toys
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 877447a9e7c8d4dce5054be9c16c1643f532a105
Author: Eric Paris <eparis at redhat.com>
Date: Tue Jul 19 11:27:14 2011 -0400
policycoreutils: semanage: handle being called with no arguments
Return quickly instead of tring to parse arguments if there are
no arguments.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit a0d1dc8a019c13cfa0db1192a700bcc9122f8606
Author: Eric Paris <eparis at redhat.com>
Date: Mon Jul 18 12:54:38 2011 -0400
policycoreutils: semanage: return sooner to save CPU time
Right now we do lots of needless string comparisons even though we know
we are finished doing work immediately after an operation. So return
sooner.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit d2f0f42570d9b2aebf55c96e60e6db6b52a79bfb
Author: Eric Paris <eparis at redhat.com>
Date: Mon Jul 18 12:35:15 2011 -0400
policycoreutils: semanage: surround getopt with try/except
One of the getopt parsers didn't have a try/except pair to show usage
when a user did it wrong. Fix that.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 0c4d0788abf2364d0f05cac675014849ee66e423
Author: Eric Paris <eparis at redhat.com>
Date: Mon Jul 18 12:12:34 2011 -0400
policycoreutils: semanage: use define/raise instead of lots of conditionals
Right now the validation code has lots of conditionals which check if we
are trying to add and delete or add and modify or something like that.
Instead make a single function which just sets if this operation is
trying to do an action and if it gets called twice will realize this is
invalid and will raise and exception.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 123559545f6244cde45f370dba0902869c1af49b
Author: Eric Paris <eparis at redhat.com>
Date: Mon Jul 18 12:03:01 2011 -0400
policycoreutils: semanage: some options are only valid for local changes
Some options like --locallist and --deleteall only effect local changes
not global things. Split these validation options into their own bit of
code.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit cfddb3fa9a09ee3808f29594b195ef1603c1815a
Author: Eric Paris <eparis at redhat.com>
Date: Fri Jul 15 19:03:17 2011 +0200
policycoreutils: semanage: introduce better deleteall support
The help text, man pages, and stuff didn't include everything about
deleteall rules. Try to update them.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 643b9b703cd75e75dac532713b2516115f6336f9
Author: Eric Paris <eparis at redhat.com>
Date: Fri Jul 15 18:23:45 2011 +0200
policycoreutils: semanage: do not allow spaces in file context
The entire tool chain does not support file context with a space in the
regex. If one of these gets into the file_context files, all sorts of stuff
goes nuts.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 4c96df7d77a775aae7d3355d6097bee827f97a58
Author: Eric Paris <eparis at redhat.com>
Date: Fri Jul 15 15:11:10 2011 +0200
policycoreutils: semanage: distinguish between builtin and local permissive types
This just distinguishes between permissive types that were definied in
policy and those that were set by the user using semanage.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 12e29ee1ddfa3a16e101e92503b0bc8d14120dd4
Author: Eric Paris <eparis at redhat.com>
Date: Fri Jul 15 14:33:17 2011 +0200
policycoreutils: semanage: centralized ip node handling
Right now we have very little in the way of IP address validation. We
also do not properly support IPv6 netmasks. This patch centralizes IP
address validation and fixes the netmask support.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 66564a67cf3fd8b282d1222aaec8b02ae97611fb
Author: Eric Paris <eparis at redhat.com>
Date: Sun Jul 10 17:35:24 2011 +0200
policycoreutils: setfiles: make the restore function exclude() non-static
Stuff wants to use it later. Make it non-static.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 17c577ace7fcaae08401233cc9debde2d574b756
Author: Eric Paris <eparis at redhat.com>
Date: Sun Jul 10 17:06:00 2011 +0200
policycoreutils: setfiles: use glob to handle ~ and . in filenames
Use the glob library to handle ~ and . in filenames passed from the
command line.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 5bd734dd7395a2f6c87546b8e7159b02544405f9
Author: Dan Walsh <dwalsh at redhat.com>
Date: Wed Aug 10 14:32:47 2011 -0400
policycoreutils: fixfiles: do not hard code types
We had a number of places where fixfiles would search for or set hard
coded types. If policy used something other than tmp_t var_t file_t or
unlabeled_t we would go wrong. This patch does 2 things. It uses the
kernel provided selinuxfs interfaces to determine the label on unlabeled
and unknown files and it uses the --reference option with chcon to set
new labels.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 35f4e6a870b517b964f68027d79f6cb17b5678a6
Author: Eric Paris <eparis at redhat.com>
Date: Sun Jul 10 16:21:35 2011 +0200
policycoreutils: fixfiles: stop trying to be smart about filesystems
The type of a filesystem (ext*, btrfs, etc) really doesn't matter when
it comes to the ability to set labels. Stop trying to be smart and just
call restorecon. It will either work or it won't and out heuristic
isn't helping.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 1da72eea266fdee3603204423ab1d9e68ff05f79
Author: Eric Paris <eparis at redhat.com>
Date: Sun Jul 10 16:09:11 2011 +0200
policycoreutils: fixfiles: use new kernel seclabel option
The kernel now outputs a mount option called 'seclabel' which indicates
if the filesystem supposed security labeling. Use that instead of
having to update some hard coded list of acceptable filesystems (that
may or may not be acceptable depending on if they were compiled with
security xattrs)
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit e2769ff6700665bb054b7a8e3f8db67712b92da1
Author: Eric Paris <eparis at redhat.com>
Date: Sun Jul 10 14:19:47 2011 +0200
policycoreutils: fixfiles: pipe everything to cat before sending to LOGFILE
We do this so we can eliminate foolish avcs about restorecon trying to
write to a random directory. We allow apps to communicate with fds
globably. So this allows the access no AVC's I am happy
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 275560b2a380a5f34041fd4569a38791f25aa195
Author: Eric Paris <eparis at redhat.com>
Date: Sun Jul 10 14:14:14 2011 +0200
policycoreutils: fixfiles: introduce /etc/selinux/fixfiles_exclude_dirs
Introduce a new file /etc/selinux/fixfiles_exclude_dirs which contains a
list of directories which should not be relabeled.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 5e096d9ceb637a785d4537555799602a3de2b3dc
Author: Eric Paris <eparis at redhat.com>
Date: Thu Jul 7 15:41:31 2011 +0200
policycoreutils: semodule: support for alternative root paths
Add a -p option to semodule which will allow it to operate on the
specified semanaged root instead of the default.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 4b00b5c6a4876f3470b53252bad7a1e6f91899fc
Author: Dan Walsh <dwalsh at redhat.com>
Date: Thu Aug 4 09:49:56 2011 -0400
libsemanage: print error debug info for buggy fc files
Currently if you have a bug in a fc file, the store only reports that you have
a problem but not the name of the module, or any hint of what is wrong. This
patch will print out as much as been collected in the file_spec at the time
of the error.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 9cd587f5533456e7b26601e27e65744272e2e783
Author: Eric Paris <eparis at redhat.com>
Date: Wed Jun 29 01:12:25 2011 -0400
libsemanage: introduce semanage_set_root and friends
Allow applications to specify an alternate root for selinux stores.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 9406ace82b12780da84b2553cb74f88101978ea2
Author: Eric Paris <eparis at redhat.com>
Date: Wed Jun 29 00:57:40 2011 -0400
libsemanage: throw exceptions in python rather than return NULL
Python doesn't really work on the basis of negative error code. It
throws exceptions. This patch automatically generates little stub
functions which will catch negative error codes and will throw
exceptions in their place.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 78d58d73b4098ec56b6545abd9f9719563d0d587
Author: Daniel J Walsh <dwalsh at redhat.com>
Date: Fri Jun 24 16:43:11 2011 -0400
libsemanage: python3 support.
Dave Malcolm has been working on adding python3 support to libsemanage
(and libselinux).
Change to Makefile to:
Support building the Python bindings multiple times, against various Python
runtimes (e.g. Python 2 vs Python 3) by optionally prefixing the build
targets with "PYPREFIX":
Should build python2 version by default, without the user doing any changes.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit d784fd71b56cb8f57d5b9fcd784094e004bf7c6a
Author: Russell Coker <russell at coker.com.au>
Date: Wed Jan 5 19:30:25 2011 +1100
libsemanage: patch for MCS/MLS in user files
The attached patch makes the
/etc/selinux/default/contexts/files/file_contexts.homedirs generation process
include the MCS/MLS level.
This means that if you have a user with a MCS/MLS level that isn't SystemLow
then their home directory will be labeled such that they can have read/write
access to it by default.
Unless anyone has any better ideas for how to solve this problem I will upload
this to Debian shortly.
What do the MLS users do in this situation? Just relabel home directories
manually?
Finally it seems that when you run "semanage user -m" the
file_contexts.homedirs doesn't get updated, it's only when you run
"semanage login -m" that it takes affect.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Russell Coker <russell at coker.com.au>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 34d9c258dac686f4baa2e7f0d6f25f7e7ca5aac6
Author: Richard Haines <richard_c_haines at btinternet.com>
Date: Wed Mar 30 17:10:05 2011 +0100
libselinux: mapping fix for invalid class/perms after selinux_set_mapping call
Please find another libselinux patch. I've tested quite extensively with the compute_av and string functions with and without mapping and seems okay.
The patch covers:
When selinux_set_mapping(3) is used to set the class and permissions allowed by an object manager, then an invalid class and/or permissions are selected (e.g. using security_class_to_string), then mapping.c in libselinux forces an assert. This patch removes the asserts and allows the functions to return a class/perm of 0 (unknown) with errno set to EINVAL. A minor patch to set EINVAL in security_av_perm_to_string_compat is also included. All the functions to convert perms & classes to strings and back should now return the correct errno with or without mapping enabled.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 8faf23de0b534a19555691e8ba111dcde8f02af3
Author: Eric Paris <eparis at redhat.com>
Date: Wed Aug 3 14:02:37 2011 -0400
libselinux: audit2why: work around python bug not defining SIZEOF_SOCKET_T
A at least one broken python headers didn't define SIZEOF_SOCKET_T.
Define it if we happen upon one of those.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 4ad18969546c16bd78206799de642af6eb2293ea
Author: Eric Paris <eparis at redhat.com>
Date: Wed Jun 29 00:11:17 2011 -0400
libselinux: resolv symlinks and dot directories before matching paths
matchpathcon cannot handle ./ or ../ in pathnames and doesn't do well
with symlinks. This patch uses the glibc function realpath() to try to
determine a real path with resolved symlinks and dot directories. For
example before this pach we would see:
$ matchpathcon /tmp/../eric
/tmp/../eric <<none>>
$ matchpathcon /eric
/eric system_u:object_r:default_t:s0
Whereas after the path we get the same results. The one quirk with the
patch is that we need special code to make sure that realpath() does not
follow a symlink if it is the final component. aka if we have a symlink
from /eric to /tmp/eric we do not want to resolv to /tmp/eric. We want
to just resolv to the actual symlink /eric.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 5619635063741e1c8c9cf53a8746dd29be0cda79
Author: Dan Walsh <dwalsh at redhat.com>
Date: Tue Aug 9 10:28:38 2011 -0400
checkpolicy: add missing ; to attribute_role_def
The commit to add role attributes forgot a ; in policy_parse.y for
attribute_role_def. Add the missing ;
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit d72a9ec825ef2a8723510f62292cf2adfd4a2a6c
Author: Dan Walsh <dwalsh at redhat.com>
Date: Tue Apr 12 09:54:46 2011 -0400
checkpolicy: Redo filename/filesystem syntax to support filename trans rules
In order to support filenames, which might start with "." or filesystems
that start with a number we need to rework the matching rules a little
bit. Since the new filename rule is so permissive it must be moved to
the bottom of the matching list to not cover other definitions.
Signed-of-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
-----------------------------------------------------------------------
Summary of changes:
checkpolicy/ChangeLog | 4 +
checkpolicy/VERSION | 2 +-
checkpolicy/policy_parse.y | 29 ++--
checkpolicy/policy_scan.l | 7 +-
libselinux/ChangeLog | 5 +
libselinux/VERSION | 2 +-
libselinux/src/audit2why.c | 5 +
libselinux/src/mapping.c | 41 +++--
libselinux/src/stringrep.c | 4 +-
libselinux/utils/matchpathcon.c | 105 ++++++++++--
libsemanage/ChangeLog | 7 +
libsemanage/VERSION | 2 +-
libsemanage/include/semanage/handle.h | 3 +
libsemanage/man/man3/semanage_set_root.3 | 22 +++
libsemanage/src/.gitignore | 1 +
libsemanage/src/Makefile | 48 ++++--
libsemanage/src/conf-parse.y | 5 +-
libsemanage/src/direct_api.c | 8 +-
libsemanage/src/exception.sh | 14 ++
libsemanage/src/genhomedircon.c | 48 ++++-
libsemanage/src/handle.c | 133 +++++++++++++++
libsemanage/src/handle_internal.h | 17 ++-
libsemanage/src/libsemanage.map | 1 +
libsemanage/src/semanage_store.c | 32 ++--
libsemanage/src/semanageswig_python.i | 1 +
policycoreutils/ChangeLog | 29 +++
policycoreutils/VERSION | 2 +-
policycoreutils/run_init/run_init.8 | 4 +
policycoreutils/scripts/fixfiles | 140 +++++++++++++--
policycoreutils/scripts/fixfiles.8 | 2 +
policycoreutils/semanage/semanage | 230 ++++++++++++++++++--------
policycoreutils/semanage/semanage.8 | 153 ++++++++++++++---
policycoreutils/semanage/seobject.py | 272 +++++++++++++++++++++++++-----
policycoreutils/semodule/semodule.c | 6 +-
policycoreutils/setfiles/restore.c | 26 +++-
policycoreutils/setfiles/restore.h | 2 +
policycoreutils/setfiles/setfiles.c | 5 +-
37 files changed, 1158 insertions(+), 259 deletions(-)
create mode 100644 libsemanage/man/man3/semanage_set_root.3
create mode 100644 libsemanage/src/exception.sh
hooks/post-receive
--
SELinux userland upstream repository
More information about the selinux-commits
mailing list