[SELinux commit]SELinux userland upstream repository branch, queue, updated. 20080909-453-g92f2512
Steve Lawrence
slawrence at tresys.com
Wed Aug 17 13:26:39 CDT 2011
On 08/17/2011 01:49 PM, Joshua Brindle wrote:
> What happened here? what are all the discarded commits?
>
> eparis at oss.tresys.com wrote:
>> This is an automated email from the git hooks/post-receive script. It was
>> generated because a ref change was pushed to the repository containing
>> the project "SELinux userland upstream repository".
>>
>> The branch, queue has been updated
^^^ I think this was Eric removing commits from the queue branch and
rebasing it onto master after cherry picking the commmits to master.
>> discards f4b391631bfae54466127842d17aea93d94388c9 (commit)
>> discards 5805ad788df8593585033a9d3a599bfcb5d51d06 (commit)
>> discards 5b8f43afde10b81d3d5a1e8b76308212eeb46836 (commit)
>> discards 04c86f6eb0d47b55b4a71caadf0fb5795de8810a (commit)
>> discards 75ad168ae78f57ee9ced6a2047282051ac62dd15 (commit)
>> discards 6e3501600827aa683ed94a68734b7a654b2df874 (commit)
>> discards cd967f32ae94b36782fa4f513575d4f3c8df14f4 (commit)
>> discards 4bf64590b4b5f0fcc380bab4f9a6bfc3af558240 (commit)
>> discards 4038c098a13e43eadc47276d50373e39dd0e98dd (commit)
>> discards bf624bf9f50182b613d4a75a64a08a4900fa6ddf (commit)
>> discards 397648e1eafe34ba228414af25559427c8f3a06f (commit)
>> discards 44f22b8a2a251e87433058a0feb26dd5366df09f (commit)
>> discards c231cfb597dedc9b7dc4e23c71e052ba31e3711b (commit)
>> discards 52e26803c4ac023a371665801749d065cd6f8e95 (commit)
>> discards e77f9848606540ce60165b9923a2d48fbdca472d (commit)
>> discards 96734fed3e19ad8cd22a87c33a25a41c0136a0df (commit)
>> discards dd65c238e43e949fc14ff06cda47789efaffd08a (commit)
>> discards 85fb01a2ac019cfb0017d0b8201818dfe5a36a6a (commit)
>> discards e3126355e0eceaa872651c95ff6dd64a702d9ec3 (commit)
>> discards 07646ca05fb59273052d9e6cec2e0e2a3d062a12 (commit)
>> discards b73189acd5442f1bc5e00476d419791cb8447c82 (commit)
>> discards d485ed8fe2b5f8a1a37063ede3e7076f5eb605fd (commit)
>> discards c05a5cbdc5d286acea73ab338efe286ac09d7556 (commit)
>> discards 758ae8e7bea6a3b9254dd0eca1b112ea46787001 (commit)
>> discards 38aab01591a2dafde31ae2587987a5c462d31648 (commit)
>> discards 743b3666bb4a94e9d049221ea646c9b1157e216c (commit)
>> discards 97334649cbe1e59d21608cd4e8cf924784566de3 (commit)
>> discards 23e95e3a7fde8626b491e67cc80430f607d93860 (commit)
>> discards fa4c5a15d3b35b59bd98fda2b2932ee66deb00ba (commit)
>> discards 09ba019f8f21abfa5be5db67fe1043d2f13001b0 (commit)
>> discards 11279149ec27a2401832fbea0443801e127ccded (commit)
>> discards 33d3ab583fa415005390a2ad85cfd50e6e6d8229 (commit)
>> discards 8821fe0b561f7ebad57f3863567367cf598ce48a (commit)
>> discards da37182a63b7ba186782b586ef65319f14de4bb1 (commit)
>> discards 4cc77947f42ed0f675ac823e8fd37c58e0c36ab5 (commit)
>> discards 7ba01facbbd812966ba3e9ca1ef02785f6d660c4 (commit)
>> discards c31b4f262424d3836432aa018f9225c9d1a46a28 (commit)
>> discards adb6cfe0dee951c96cf2397662842343b99828a1 (commit)
>> discards 85f83417779fb53d12dc915c3117a9ad55268335 (commit)
>> discards 76a109b41725a52f1b2172ceb4aa17a0814b15f0 (commit)
>> discards fdded85ddd9756fb52962bd522df5e6a4093c415 (commit)
>> discards a76d7036a1cff2de3ab8e777c0153be8da877bd0 (commit)
>> discards 85c96d07fb0928101e808512e999c043bcf9c9fc (commit)
>> discards fe70e8e117ce91d7427b59dd970084686bba3361 (commit)
>> discards bbdcef3091289450477d1230daaa5240350e0fe1 (commit)
>> discards a41323e8e49ff07d3320a5faf8e403fbe9d6d548 (commit)
>> discards f4383d77d6cfe7861007848405144a1bdb1e7ba1 (commit)
>> discards b07fd8f53e09eed08add8c6bc4221ffc75364e02 (commit)
>> discards ec082d34ee64f88e628b06e6ab4b11f32ebb0b19 (commit)
>> discards 9acb29accf198bd539f7d5b68f2171e205c28c7c (commit)
>> discards 093e25fa00338d71ee57f613c777a088694b03d8 (commit)
>> discards fa70c4f2b8c5632b39c8992ed4c197f254a0e3b3 (commit)
>> discards f5ae79a076ab899d8f94767988748d2f61c831e6 (commit)
>> discards fd7068d9b177e924e410fc33773acbe09f45cc51 (commit)
>> discards f461b3ed6fb6efdcf72f15ea7b2951bb5e4f0571 (commit)
>> discards cdbec28c5645866e6be12b132469a7b0432f6428 (commit)
>> discards 859a3ca461fa747462ab2776de7da0e8560274c8 (commit)
>> discards b743cd1044650f99ced25c86243921ea6df4dd5b (commit)
>> discards 5837c1807ad45802d67600a3a8e40de761f791fe (commit)
>> discards 84bed0a2b95be8959e9be39ebd54b053cd33258d (commit)
>> discards 831d3fc8bd264cff56c90002944665664b95a746 (commit)
>> discards e217a7a7fe5a38350ddb18ab4e32e09221e82891 (commit)
>> discards 2f232478f6541962a82f118c66eddc6683658bb7 (commit)
>> discards 17eda5f417b060896274783a0f65624568104dcc (commit)
>> discards 6449ea72126639885df95707c3548069dbe25cdb (commit)
>> discards 41b825747aa4be0da82605d1daf7afb76cad9f4a (commit)
>> discards 2475e361179a7c61617b6bd1dff62604eb8d1e71 (commit)
>> discards 9b8e34baeba34c7f302bee9a952aa071ea74ad2e (commit)
>> discards 1647f7ade166da94d60cbc0b94cecf65ecfebf4c (commit)
>> discards 30d11846b573c4eab7a3c2aae2f6b61cbd82f2a2 (commit)
>> discards 646d6c3f061fa75c514eff66dc3d11294c4447e4 (commit)
>> discards ff6fb5fb3f8be648f3481446c6ca8ac38a78e146 (commit)
>> discards ca4c47b777e4e10584679b74f65c3979bf6b497b (commit)
>> discards 104c770bc6f3004a19b0bf6c506dfab050378936 (commit)
>> discards ad64c11bc1b2946835baece0ef38742fb86cab4a (commit)
>> discards 7e0ba1b691aae4cbc1179093d082bbf66910461c (commit)
>> discards 86f78b3e23f4136a934d9a4c9a429c51fa59992e (commit)
>> discards 650d18da89492d537bdf1973fd5afb31d2e90a40 (commit)
>> discards c1247b58d320511fdf597f54beadc9eef135c62d (commit)
>> discards f57925a345122261959f5959593380951a2d40f3 (commit)
>> discards 9ad83aad37fddeba86259aaed400b03320758f66 (commit)
>> discards 99af41b5e19fee4d35a93f1241d8968a819d3b04 (commit)
>> discards 2dff9075195f5d02a1d10abf50a1026200db5fbb (commit)
>> discards 90f07754707a14682c151863c0d1cadf23676412 (commit)
>> discards ee8d3b02998c01495777cd98c385c784f5b4c92e (commit)
>> discards 353af9a4e9aacf803d20caf136be8801b7baf8c8 (commit)
>> discards 6d853a0ea2ec47faf2f394e74832faefc6081112 (commit)
>> discards fd07b3826096abe74da6db9ebfe8dee5e0ef6f8f (commit)
>> discards fec80ea6ff2b3b626cd990d1fd10044c0c1ba9e2 (commit)
>> discards a743f44ed70e0bec85e9840c7192cfaf1c5de3aa (commit)
>> discards 34e323b00283eb82746d6128c92f5e1e7eee05a2 (commit)
>> discards 2b3f5cb4bd56ab7ada127467a7868dbcc1a9d3d9 (commit)
>> discards 5655a62d229005427d491e118af4fa6ce1980ecc (commit)
>> discards 57b4aa5f071a9c12f26f3ae33f54ab6bbb922fc4 (commit)
>> discards be64d01d7041b7c3515e2f118350de62c3886260 (commit)
>> discards 42d4446d67487f0b07213beaa661d20fc8b6e3f4 (commit)
>> via 92f251228ebb53fb750933ad8eb903d332b7c6b5 (commit)
>> via 28c9701ad6773fef88da127074b256ddc44c3252 (commit)
>> via 2238dbc3f61aeeaa94da6208eaf12adda2ed0bb4 (commit)
>> via 1d9d50390562d000e71409b1e1f2cafd6ebedb1c (commit)
>> via d95cf967d6235c8346f2cdb2bc0541667f7ad79a (commit)
>> via 9eccb6e7d5972e6f4b02e1591c1dccd503de28af (commit)
>> via ea09cb7b53b810e412630021b1f2a86035060c65 (commit)
>> via 863c976fa676cf5b03074537af978e5a08eed756 (commit)
>> via 1f2524906b4f8c0101a383ac0a2995f3e3adc16c (commit)
>> via 32a36a7360ecc6ad303b37148b6a4bc450ed3325 (commit)
>> via ccfccdee3d23f612f5905cebee2ae3ee7be5eaad (commit)
>> via f44c09f8b3de370095869b12e15063005f8fbda8 (commit)
>> via f090ff413d2c95c57adda542b8de324db0ba890e (commit)
>> via bf38326ee5d23b5e6c9f2fbe1ef876ad58838812 (commit)
>> via 11d87c6d482f7cab0feabc159f60c837040439b2 (commit)
>> via d2381dbfa74fc89236b30e070aeb01c7a1c47a20 (commit)
>> via e2649c5f94a882e1c697a0a010904ecf3a4e693d (commit)
>> via 6eeead2eb0821eef4029f2d0ce8cb05b18e15548 (commit)
>> via 953409ff648a00b19a015af1c0e284b82b9e58fa (commit)
>> via 0ff11e4743f1c7534202f997979b1819526230d8 (commit)
>> via a9ea1277e44b5ac38e4fc5584b755813cb5e242b (commit)
>> via a0f9761881c5c77a2e7b25dffa00ba59217b3f5c (commit)
>> via ac28383ae3d33529039a647d2bc9866b436c6de0 (commit)
>> via 5dd84d32a54a640a9db53e13c61d2cd4e337fcc9 (commit)
>> via 96f9f25fb749ceadc98355fcec5e9842220cdd97 (commit)
>> via 11aeb7eb40dc420743d81a58d5c2f0ea43fc23a0 (commit)
>> via d5dfe55988ab3dfdcf518a854a302fd591d5ef23 (commit)
>> via 2a92ed3eeed7c6a9b30ff1657944f0413138d82c (commit)
>> via 179680c37bc42c89fdf88d471cbf772f09ac7ec9 (commit)
>> via 8eeccb9e35103382fbcd29119949e1af810b3cee (commit)
>> via 4bbd49160053ee9909aac288926e47f4fab5850d (commit)
>> via 7f62d2b058eb13a0edffe435843ad0ef1c7c24fb (commit)
>> via 06c9cebbd7d8d3000a7faf709289d82c3c9be206 (commit)
>> via 00c248da2b4f12ca6742885477a9febbbacff118 (commit)
>> via bfd56e951e4557cd3a685bf361f37f81fae26d3b (commit)
>> via cc94efb2c4caa8e59520dda6b4f26cb8d458daa7 (commit)
>> via 17e9bf78f3143da1ed2889f39769d833adb3ad29 (commit)
>> via 5875bfa0be14c82a68a422f224395ad5f8e897c7 (commit)
>> via b12a600fde1b085da4b742217604913e39f6cad7 (commit)
>> via cc96b56d8c225ce9c0af578912b3f3d12d413df8 (commit)
>> via c6448701531aa6ba2cb455578ff7f6be273ffc2e (commit)
>> via 70d8351d24265eea34ec11c4a7fbb83077417d5a (commit)
>> via 2c8b52d55a4b9d18d92e1c2536652764b738b60c (commit)
>> via 8f9293e236ef3150949a6a417c3959864ac696a2 (commit)
>> via 99dd5b5dcc1b37749ea16bf57002ec4b839c8d6f (commit)
>> via f83994365893964ac464804a865c947d9c922507 (commit)
>> via 44c9503d8d437a77b10dd463a652b2409e51874d (commit)
>> via 3056cbf64664a78737f6b6cf1a57fe7f48908ed2 (commit)
>> via 1583d10ada7ee0d9abde23dd00ada9075f5cea2d (commit)
>> via e5f347f8bf3435f3cd15ee9f63794061a1553d91 (commit)
>> via df7d522fcd2b1043b7a9d6033fe59b65c035b728 (commit)
>> via c7493dc84be42229dfde8f7b9ad8dbfb73f40957 (commit)
>> via 80ec62f4cab23ef6efaef40ca1a0615eb704eee1 (commit)
>> via a75cce681d32356aa6e6724080b52200d23f74a1 (commit)
>> via d1c54101666ba770425084c9f5bf47d88ed85e4c (commit)
>> via 724f1006a9908e2eb4f0850c588786cf5c642f44 (commit)
>> via 7b4e92baf64cadd374bcac3f12c01433e82e6c0e (commit)
>> via 4e703aad6c9f467938b5e14dd8210ad267c8d4cd (commit)
>> via d6dacb622d984a4372226b25735a9b82a0a4a36f (commit)
>> via 6b6b475dcfe77dbf3d37b4f6e4fee3539346f359 (commit)
>> via 3ed7221bf7832f207a125e6364ece1826d369c37 (commit)
>> via d761cc98490546da3dd048a5b201d2edb020d33b (commit)
>> via f97e508567a07e4f2680843ec8265295bae605fb (commit)
>> via 1654b964bccd03ab286c9fdc687670fd9e6ba6e4 (commit)
>> via e883871de23f64633a5b0a99e7ac372fe90ca15b (commit)
>> via d01c33c90ed9197e8cf29db15566e3c35a43fa77 (commit)
>> via f78aa2f81b9d974bedf8f7cc0dae7bbebdff15c8 (commit)
>> via e25ea71a5b288058288b70a2f23f757fe89bb0c8 (commit)
>> via f3fbc5d6dee7ccc85c6f8c55a9e7508a82000088 (commit)
>> via 2c3e6f6115c5879962fd726d2ce18567210bf947 (commit)
>> via 877447a9e7c8d4dce5054be9c16c1643f532a105 (commit)
>> via a0d1dc8a019c13cfa0db1192a700bcc9122f8606 (commit)
>> via d2f0f42570d9b2aebf55c96e60e6db6b52a79bfb (commit)
>> via 0c4d0788abf2364d0f05cac675014849ee66e423 (commit)
>> via 123559545f6244cde45f370dba0902869c1af49b (commit)
>> via cfddb3fa9a09ee3808f29594b195ef1603c1815a (commit)
>> via 643b9b703cd75e75dac532713b2516115f6336f9 (commit)
>> via 4c96df7d77a775aae7d3355d6097bee827f97a58 (commit)
>> via 12e29ee1ddfa3a16e101e92503b0bc8d14120dd4 (commit)
>> via 66564a67cf3fd8b282d1222aaec8b02ae97611fb (commit)
>> via 17c577ace7fcaae08401233cc9debde2d574b756 (commit)
>> via 5bd734dd7395a2f6c87546b8e7159b02544405f9 (commit)
>> via 35f4e6a870b517b964f68027d79f6cb17b5678a6 (commit)
>> via 1da72eea266fdee3603204423ab1d9e68ff05f79 (commit)
>> via e2769ff6700665bb054b7a8e3f8db67712b92da1 (commit)
>> via 275560b2a380a5f34041fd4569a38791f25aa195 (commit)
>> via 5e096d9ceb637a785d4537555799602a3de2b3dc (commit)
>> via 4b00b5c6a4876f3470b53252bad7a1e6f91899fc (commit)
>> via 9cd587f5533456e7b26601e27e65744272e2e783 (commit)
>> via 9406ace82b12780da84b2553cb74f88101978ea2 (commit)
>> via 78d58d73b4098ec56b6545abd9f9719563d0d587 (commit)
>> via d784fd71b56cb8f57d5b9fcd784094e004bf7c6a (commit)
>> via 34d9c258dac686f4baa2e7f0d6f25f7e7ca5aac6 (commit)
>> via 8faf23de0b534a19555691e8ba111dcde8f02af3 (commit)
>> via 4ad18969546c16bd78206799de642af6eb2293ea (commit)
>> via 5619635063741e1c8c9cf53a8746dd29be0cda79 (commit)
>> via d72a9ec825ef2a8723510f62292cf2adfd4a2a6c (commit)
>>
>> This update added new revisions after undoing existing revisions. That is
>> to say, the old revision is not a strict subset of the new revision. This
>> situation occurs when you --force push a change and generate a repository
>> containing something like this:
>>
>> * -- * -- B -- O -- O -- O (f4b391631bfae54466127842d17aea93d94388c9)
>> \
>> N -- N -- N (92f251228ebb53fb750933ad8eb903d332b7c6b5)
>>
>> When this happens we assume that you've already had alert emails for all
>> of the O revisions, and so we here report only the revisions in the N
>> branch from the common base, B.
>>
>> Those revisions listed above that are new to this repository have
>> not appeared on any other notification email; so we list those
>> revisions in full, below.
>>
>> - Log -----------------------------------------------------------------
>> commit 92f251228ebb53fb750933ad8eb903d332b7c6b5
>> Author: Harry Ciao<qingtao.cao at windriver.com>
>> Date: Tue Aug 16 16:08:52 2011 +0800
>>
>> Skip writing role attributes for policy.X and downgraded pp.
>>
>> Role attributes are redundant for policy.X, their destiny has been
>> fulfilled in the expand phase when their types.types ebitmap have
>> been populated to that of their sub regular roles.
>>
>> When pp is downgraded, role_datum_t's the flavor flag and roles
>> ebitmap would be discarded, resulting in role attributes useless
>> at all. So for such case they should also be skipped.
>>
>> Deduct the number of role attributes from p_roles.table->nel when
>> they are skipped.
>>
>> Last, uncount attributes number before converting endianness.
>>
>> Signed-off-by: Harry Ciao<qingtao.cao at windriver.com>
>> Signed-off-by: Eric Paris<eparis at redhat.com>
>>
>> commit 28c9701ad6773fef88da127074b256ddc44c3252
>> Author: Eric Paris<eparis at redhat.com>
>> Date: Thu Aug 11 23:36:14 2011 -0400
>>
>> Makefile: create global 'all' target
>>
>> Running make at the root of the tree does not build the whole tree. It
>> instead runs install relabel. Add an all: target which will build the
>> whole repo rather than try to install things all over your system.
>>
>> Signed-off-by: Eric Paris<eparis at redhat.com>
>>
>> commit 2238dbc3f61aeeaa94da6208eaf12adda2ed0bb4
>> Author: Dan Walsh<dwalsh at redhat.com>
>> Date: Tue Aug 9 09:40:17 2011 -0400
>>
>> policycoreutils: sandbox: Closedir on failures, to prevent leaks seunshare
>>
>> commit 1d9d50390562d000e71409b1e1f2cafd6ebedb1c
>> Author: Dan Walsh<dwalsh at redhat.com>
>> Date: Tue Jul 26 10:42:26 2011 -0400
>>
>> policycoreutils: sandbox: Allow seunshare to run as root
>>
>> Signed-off-by: Dan Walsh<dwalsh at redhat.com>
>>
>> commit d95cf967d6235c8346f2cdb2bc0541667f7ad79a
>> Author: Eric Paris<eparis at redhat.com>
>> Date: Mon Aug 8 14:45:02 2011 -0400
>>
>> policycoreutils: sandbox: remote -k option FIXME
>>
>> Not sure what it does, so remove it.
>>
>> Signed-off-by: Eric Paris<eparis at redhat.com
>>
>> commit 9eccb6e7d5972e6f4b02e1591c1dccd503de28af
>> Author: Eric Paris<eparis at redhat.com>
>> Date: Mon Aug 8 14:44:08 2011 -0400
>>
>> policycoreutils: sandbox: FIXME man page install line in Makefile
>>
>> The source calls the man page sandbox.conf.5 but we wish to install it
>> as sandbox.5
>>
>> This doesn't make sense. Shouldn't the man page for sandbox.conf be at
>> sandbox.conf?
>>
>> NOT-Signed-off-by: Eric Paris<eparis at redhat.com>
>>
>> commit ea09cb7b53b810e412630021b1f2a86035060c65
>> Author: Dan Walsh<dwalsh at redhat.com>
>> Date: Wed Jul 6 20:52:38 2011 -0400
>>
>> policycoreutils: sandbox: trap sigterm to make sure sandbox exits with the proper exit code
>>
>> commit 863c976fa676cf5b03074537af978e5a08eed756
>> Author: Dan Walsh<dwalsh at redhat.com>
>> Date: Wed Jul 6 20:52:05 2011 -0400
>>
>> policycoreutils: sandbox: cntrl-c should kill entire process control group
>>
>> Change the signal handler to handle ctrl-C and exit properly
>>
>> Signed-off-by: Eric Paris<eparis at redhat.com>
>>
>> commit 1f2524906b4f8c0101a383ac0a2995f3e3adc16c
>> Author: Dan Walsh<dwalsh at redhat.com>
>> Date: Wed Jul 6 20:22:26 2011 -0400
>>
>> policycoreutils: sandbox: FIXME add level based kill option
>>
>> add kill option to seunshare to kill all processes that are still running
>> with the execcon MCS label. Default sandbox to call seunshare with the -k
>> if it created an mcs level
>>
>> NOT-Signed-off-by: Eric Paris<eparis at redhat.com>
>>
>> commit 32a36a7360ecc6ad303b37148b6a4bc450ed3325
>> Author: Eric Paris<eparis at redhat.com>
>> Date: Mon Aug 8 15:47:43 2011 -0400
>>
>> policycoreutils: sandbox: FIXME do not bind mount so much
>>
>> Why not?
>>
>> NOT-Signed-off-by: Eric Paris<eparis at redhat.com>
>>
>> commit ccfccdee3d23f612f5905cebee2ae3ee7be5eaad
>> Author: Eric Paris<eparis at redhat.com>
>> Date: Mon Aug 15 19:58:08 2011 -0400
>>
>> policycoreutils: sandbox: rewrite /tmp handling FIXME
>>
>> seunshare now creates a runtime temporary directory owned by root and
>> with the sticky bit set properly. Files from the user-specified directory
>> are copied to the runtime directory and the changes synced back (using rsync)
>> at the end of the seunshare run.
>>
>> review needed to changelog correctness/completeness
>>
>> Signed-off-by: Eric Paris<eparis at redhat.com>
>>
>> commit f44c09f8b3de370095869b12e15063005f8fbda8
>> Author: Dan Walsh<dwalsh at redhat.com>
>> Date: Tue Jun 7 08:34:04 2011 -0400
>>
>> policycoreutils: sandbox: pass DPI from the desktop
>>
>> Fix sandbox to pass DPI from the desktop to the sandbox program.
>>
>> Signed-off-by: Eric Paris<eparis at redhat.com>
>>
>> commit f090ff413d2c95c57adda542b8de324db0ba890e
>> Author: Eric Paris<eparis at redhat.com>
>> Date: Fri Aug 5 14:06:34 2011 -0400
>>
>> policycoreutils: sandbox: seunshare: introduce helper spawn_command
>>
>> Introduce a helper which will spawn children and wait for them to exit
>> so we don't have to keep writing that code over and over.
>>
>> Signed-off-by: Eric Paris<eparis at redhat.com>
>>
>> commit bf38326ee5d23b5e6c9f2fbe1ef876ad58838812
>> Author: Eric Paris<eparis at redhat.com>
>> Date: Fri Aug 5 14:36:29 2011 -0400
>>
>> policycoreutils: sandbox: seunshare: introduce new helpers FIXME
>>
>> Maybe merge with with the cap split and make a better changelog
>>
>> commit 11d87c6d482f7cab0feabc159f60c837040439b2
>> Author: Dan Walsh<dwalsh at redhat.com>
>> Date: Mon Jun 13 13:24:38 2011 -0400
>>
>> policycoreutils: sandbox: add -C option to not drop all capabilities
>>
>> Some sandbox might want to be able to run a suid app. Add the -C option
>> to allow capabilities to stay in the bounding set, and thus be allowed
>> inside the sandbox.
>>
>> Signed-off-by: Eric Paris<eparis at redhat.com>
>>
>> commit d2381dbfa74fc89236b30e070aeb01c7a1c47a20
>> Author: Eric Paris<eparis at redhat.com>
>> Date: Fri Aug 5 13:33:35 2011 -0400
>>
>> policycoreutils: sandbox: split seunshare caps dropping
>>
>> Split drop_capabilities into drop_privs, which does the same thing, and
>> drop_caps, which only drops caps but doesn't affect the uid.
>>
>> Signed-off-by: Eric Paris<eparis at redhat.com>
>>
>> commit e2649c5f94a882e1c697a0a010904ecf3a4e693d
>> Author: Eric Paris<eparis at redhat.com>
>> Date: Mon Aug 15 20:10:14 2011 -0400
>>
>> policycoreutils: sandbox: introduce package name and language stuff FIXME
>>
>> I don't know what this does. Something with languages maybe?
>>
>> NOT-Signed-off-by: Eric Paris<eparis at redhat.com>
>>
>> commit 6eeead2eb0821eef4029f2d0ce8cb05b18e15548
>> Author: Eric Paris<eparis at redhat.com>
>> Date: Mon Aug 15 19:59:41 2011 -0400
>>
>> policycoreutils: sandbox: use dbus-launch
>>
>> Instead of directly calling, use dbus-launch.
>>
>> Signed-off-by: Eric Paris<eparis at redhat.com>
>>
>> commit 953409ff648a00b19a015af1c0e284b82b9e58fa
>> Author: Eric Paris<eparis at redhat.com>
>> Date: Mon Aug 15 19:57:12 2011 -0400
>>
>> policycoreutils: sandbox: numerous simple updates to sandbox
>>
>> Little things like better error messages, usage text, code duplication
>> and the like.
>>
>> Signed-off-by: Eric Paris<eparis at redhat.com>
>>
>> commit 0ff11e4743f1c7534202f997979b1819526230d8
>> Author: Eric Paris<eparis at redhat.com>
>> Date: Mon Aug 15 16:00:04 2011 -0400
>>
>> policycoreutils: sandbox: do not require selinux context
>>
>> seunshare can be used on non-selinux systems. It can also be used
>> without transition to a new context. Thus we should not require that a
>> context be set.
>>
>> Signed-off-by: Eric Paris<eparis at redhat.com>
>>
>> commit a9ea1277e44b5ac38e4fc5584b755813cb5e242b
>> Author: Eric Paris<eparis at redhat.com>
>> Date: Mon Aug 15 13:56:02 2011 -0400
>>
>> policycoreutils: sandbox: Makefile: new man pages
>>
>> we have man pages which aren't being instelled with make install. We
>> also do not include -Werror -Wall -Wextra in the build like we do with
>> other packages, so include those.
>>
>> Signed-off-by: Eric Paris<eparis at redhat.com>
>>
>> commit a0f9761881c5c77a2e7b25dffa00ba59217b3f5c
>> Author: Eric Paris<eparis at redhat.com>
>> Date: Wed Aug 10 17:43:14 2011 -0400
>>
>> policycoreutils: sandbox: rename dir to srcdir
>>
>> Just a simple variable rename to make it clear what it does.
>>
>> Signed-off-by: Eric Paris<eparis at redhat.com>
>>
>> commit ac28383ae3d33529039a647d2bc9866b436c6de0
>> Author: Eric Paris<eparis at redhat.com>
>> Date: Wed Aug 10 17:22:41 2011 -0400
>>
>> policycoreutils: sandbox: allow users specify sandbox window size
>>
>> This allows users to create sandbox windows of a specified size on the
>> command line.
>>
>> Signed-off-by: Eric Paris<eparis at redhat.com>
>>
>> commit 5dd84d32a54a640a9db53e13c61d2cd4e337fcc9
>> Author: Eric Paris<eparis at redhat.com>
>> Date: Wed Aug 10 16:28:36 2011 -0400
>>
>> policycoreutils: sandbox: check for paths up front
>>
>> When launching a sandbox x environment we should check up front to make
>> sure that the seunshare and sandboxsh files exist and bail politely if
>> they do not exist.
>>
>> Signed-off-by: Eric Paris<eparis at redhat.com>
>>
>> commit 96f9f25fb749ceadc98355fcec5e9842220cdd97
>> Author: Eric Paris<eparis at redhat.com>
>> Date: Wed Aug 10 16:13:26 2011 -0400
>>
>> policycoreutils: sandbox: use defined values for paths rather than open coding
>>
>> Rather than putting pathnames all throughout the file define them as
>> variables and reuse these variables where needed.
>>
>> Signed-off-by: Eric Paris<eparis at redhat.com>
>>
>> commit 11aeb7eb40dc420743d81a58d5c2f0ea43fc23a0
>> Author: Eric Paris<eparis at redhat.com>
>> Date: Wed Aug 3 15:09:22 2011 -0400
>>
>> policycoreutils: sandbox: add sandbox cgroup support
>>
>> Add cgroup support
>>
>> Signed-off-by: Eric Paris<eparis at redhat.com>
>>
>> commit d5dfe55988ab3dfdcf518a854a302fd591d5ef23
>> Author: Eric Paris<eparis at redhat.com>
>> Date: Wed Aug 3 16:23:12 2011 -0400
>>
>> policycoreutils: sandbox: move seunshare globals to the top
>>
>> Just coding style, globals go at the top of .c files, not randomly
>> throughout.
>>
>> Signed-off-by: Eric Paris<eparis at redhat.com>
>>
>> commit 2a92ed3eeed7c6a9b30ff1657944f0413138d82c
>> Author: Eric Paris<eparis at redhat.com>
>> Date: Wed Aug 3 14:27:32 2011 -0400
>>
>> policycoreutils: sandbox: whitespace fix
>>
>> couple of whitespace at the end of the line.
>>
>> Signed-off-by: Eric Paris<eparis at redhat.com>
>>
>> commit 179680c37bc42c89fdf88d471cbf772f09ac7ec9
>> Author: Dan Walsh<dwalsh at redhat.com>
>> Date: Thu Aug 4 09:53:34 2011 -0400
>>
>> policycoreutils: semodule_package: Add semodule_unpackage executable
>>
>> Much like semodule_package this utility will unpack!
>>
>> Signed-off-by: Eric Paris<eparis at redhat.com>
>>
>> commit 8eeccb9e35103382fbcd29119949e1af810b3cee
>> Author: Dan Walsh<dwalsh at redhat.com>
>> Date: Tue Aug 9 09:58:53 2011 -0400
>>
>> policycoreutils: restorecon: Always check return code on asprintf
>>
>> Do not assume it is always a success and error gracefully when it isn't.
>>
>> Signed-off-by: Eric Paris<eparis at redhat.com>
>>
>> commit 4bbd49160053ee9909aac288926e47f4fab5850d
>> Author: Dan Walsh<dwalsh at redhat.com>
>> Date: Mon Aug 1 17:09:10 2011 -0400
>>
>> policycoreutils: restorecond: Restore restorecond code to F15 version
>>
>> commit 7f62d2b058eb13a0edffe435843ad0ef1c7c24fb
>> Author: Eric Paris<eparis at redhat.com>
>> Date: Wed Aug 3 14:10:38 2011 -0400
>>
>> policycoreutils: restorecon: fix memory leaks FIXME
>>
>> merge with patch which introduced the memory leaks.
>>
>> commit 06c9cebbd7d8d3000a7faf709289d82c3c9be206
>> Author: Eric Paris<eparis at redhat.com>
>> Date: Wed Aug 3 12:23:45 2011 -0400
>>
>> policycoreutils: restorecon: FIXME No idea
>>
>> I just broke the restorecon changes into a patch, but I don't know if
>> it's 'good'
>>
>> NOT-Signed-off-by: Eric Paris<eparis at redhat.com>
>>
>> commit 00c248da2b4f12ca6742885477a9febbbacff118
>> Author: Eric Paris<eparis at redhat.com>
>> Date: Wed Aug 3 11:40:47 2011 -0400
>>
>> policycoreutils: restorecon: FIXME Lots of undocumented restorecon changes
>>
>> I really need a changelog here, and probably should break this even
>> smaller.
>>
>> NOT-Signed-off-by: Eric Paris<eparis at redhat.com>
>>
>> commit bfd56e951e4557cd3a685bf361f37f81fae26d3b
>> Author: Eric Paris<eparis at redhat.com>
>> Date: Wed Aug 3 11:38:03 2011 -0400
>>
>> policycoreutils: newrole: FIXME do not call drop_capabilities
>>
>> I don't know why this is a good thing, but apparently we does it!
>>
>> NOT-Signed-off-by: Eric Paris<eparis at redhat.com>
>>
>> commit cc94efb2c4caa8e59520dda6b4f26cb8d458daa7
>> Author: Eric Paris<eparis at redhat.com>
>> Date: Wed Jul 20 12:19:48 2011 -0400
>>
>> policycoreutils: run_init: FIXME Build option for call to open_init_pty
>>
>> This patch introduces a new build flag, USE_OPEN_INIT_PTY, which
>> decides if run_init uses open_init_pty to launch new programs or just
>> does so directly.
>>
>> This patch seems broken since nothing is ever going to set
>> USE_OPEN_INIT_PTY
>>
>> NOT-Signed-off-by: Eric Paris<eparis at redhat.com>
>>
>> commit 17e9bf78f3143da1ed2889f39769d833adb3ad29
>> Author: Eric Paris<eparis at redhat.com>
>> Date: Wed Aug 3 12:00:30 2011 -0400
>>
>> policycoreutils: semanage: whitespace changes in seobject FIXME
>>
>> Just whitespace and indention changes. No real code. I'm not certain
>> they are all a good idea.
>>
>> NOT-Signed-off-by: Eric Paris<eparis at redhat.com>
>> Acked-by: Dan Walsh<dwalsh at redhat.com>
>>
>> commit 5875bfa0be14c82a68a422f224395ad5f8e897c7
>> Author: Eric Paris<eparis at redhat.com>
>> Date: Wed Aug 3 11:57:34 2011 -0400
>>
>> policycoreutils: semanage: surround getopt with its own try block FIXME
>>
>> This patch adds another try/except block which only includes the getopt
>> processing. I don't understand why the single larger block was
>> inadequate.
>>
>> NOT-Signed-off-by: Eric Paris<eparis at redhat.com>
>>
>> commit b12a600fde1b085da4b742217604913e39f6cad7
>> Author: Eric Paris<eparis at redhat.com>
>> Date: Wed Aug 3 11:53:43 2011 -0400
>>
>> policycoreutils: semanage: FIXME do not use set_action
>>
>> This patch causes enable/disable to not use setaction and to instead
>> throw their own error. I do not believe it is needed.
>>
>> NOT-Signed-off-by: Eric Paris<eparis at redhat.com>
>>
>> commit cc96b56d8c225ce9c0af578912b3f3d12d413df8
>> Author: Eric Paris<eparis at redhat.com>
>> Date: Tue Jul 19 11:27:23 2011 -0400
>>
>> policycoreutils: semanage: FIXME: force utf8 encoding
>>
>> Somehow this is a good idea. I don't know why.
>>
>> Signed-off-by: Eric Paris<eparis at redhat.com>
>>
>> commit c6448701531aa6ba2cb455578ff7f6be273ffc2e
>> Author: Eric Paris<eparis at redhat.com>
>> Date: Tue Jul 19 11:27:22 2011 -0400
>>
>> policycoreutils: semanage: FIXME set modified correctly
>>
>> Something is happening here, and I'm sure it's good...
>>
>> NOT-Signed-off-by: Eric Paris<eparis at redhat.com>
>>
>> commit 70d8351d24265eea34ec11c4a7fbb83077417d5a
>> Author: Eric Paris<eparis at redhat.com>
>> Date: Mon Jul 18 13:19:30 2011 -0400
>>
>> policycoreutils: semanage: FIXME missing modify=True
>>
>> Not sure really what it does, but it does it...
>>
>> NOT-Signed-off-by: Eric Paris<eparis at redhat.com>
>>
>> commit 2c8b52d55a4b9d18d92e1c2536652764b738b60c
>> Author: Eric Paris<eparis at redhat.com>
>> Date: Fri Jul 15 18:43:31 2011 +0200
>>
>> policycoreutils: semanage: do not print fcontext header if no fcontexts
>>
>> Don't print a header with no entries.
>> [todo: everthing else the same way]
>>
>> Signed-off-by: Eric Paris<eparis at redhat.com>
>>
>> commit 8f9293e236ef3150949a6a417c3959864ac696a2
>> Author: Eric Paris<eparis at redhat.com>
>> Date: Fri Jul 15 18:32:28 2011 +0200
>>
>> policycoreutils: semanage: FIXME make add operations into modify
>>
>> Scripts which use semanage often don't know if what they intend to do
>> has already been done. Should they use a -a because it doesn't exist or
>> should they use -m because it does? This patch just makes -a use -m if
>> an entry already exists.
>>
>> I'm not certain this is good practice. Why can't scripts tell the
>> reason and handle the error themselves rather than not have a choice in
>> the tools? What if two different rpms wanted to install a new selinux
>> user and the creator of those rpms didn't know about the other one?
>> They'd have no way of knowing about the name collision and the fact that
>> policy was likely not what they intended....
>>
>> NOT-Signed-off-by: Eric Paris<eparis at redhat.com>
>>
>> commit 99dd5b5dcc1b37749ea16bf57002ec4b839c8d6f
>> Author: Eric Paris<eparis at redhat.com>
>> Date: Fri Jul 15 18:28:16 2011 +0200
>>
>> policycoreutils: semanage: FIXME use local store in nodeRecords __modify
>>
>> Everything else in this function uses the global store so I don't
>> understand why this patch uses the local store.
>>
>> Dan says "Neither do I but I am sure there was a reason."
>>
>> NOT-Signed-off-by: Eric Paris<eparis at redhat.com>
>>
>> commit f83994365893964ac464804a865c947d9c922507
>> Author: Eric Paris<eparis at redhat.com>
>> Date: Fri Jul 15 15:42:37 2011 +0200
>>
>> policycoreutils: semanage: something with coolean and localstore FIXME
>>
>> Again I have no idea.
>>
>> NOT-Signed-off-by: Eric Paris<eparis at redhat.com>
>>
>> commit 44c9503d8d437a77b10dd463a652b2409e51874d
>> Author: Dan Walsh<dwalsh at redhat.com>
>> Date: Tue Aug 9 09:53:49 2011 -0400
>>
>> policycoreutils: setfiles: FIXME Fix potential crash using dereferenced ftsent
>>
>> If fts_read() fails for any reason ftsent will be NULL. Previously we
>> would have reported the error and then continued processing. Now we
>> report the error and stop using the NULL pointer.
>>
>> FIXME: Would this be somehow a normal condition for an empty directory?
>> Don't know the code well enough to tell.
>>
>> Signed-off-by: Eric Paris<eparis at redhat.com>
>>
>> commit 3056cbf64664a78737f6b6cf1a57fe7f48908ed2
>> Author: Eric Paris<eparis at redhat.com>
>> Date: Sun Jul 10 17:32:14 2011 +0200
>>
>> policycoreutils: setfiles: get rid of some stupid globals
>>
>> We have some useless globals in setfiles that don't need to be. Stop
>> it.
>>
>> Signed-off-by: Eric Paris<eparis at redhat.com>
>>
>> commit 1583d10ada7ee0d9abde23dd00ada9075f5cea2d
>> Author: Eric Paris<eparis at redhat.com>
>> Date: Sun Jul 10 16:54:25 2011 +0200
>>
>> policycoreutils: setfiles: FIXME switch from stat to stat64
>>
>> This looks bad. glibc takes care of this. We should do send this
>> upstream but I would like to know why you did it in Fedora....
>>
>> NOT-Signed-off-by: Eric Paris<eparis at redhat.com>
>>
>> commit e5f347f8bf3435f3cd15ee9f63794061a1553d91
>> Author: Eric Paris<eparis at redhat.com>
>> Date: Sun Jul 10 16:46:38 2011 +0200
>>
>> policycoreutils: setfiles: move exclude_non_seclabel_mounts to a generic location
>>
>> move exclude_non_seclabel_mounts from setfiles.c to restore.c so it can
>> be used by other functions later.
>>
>> Signed-off-by: Eric Paris<eparis at redhat.com>
>>
>> commit df7d522fcd2b1043b7a9d6033fe59b65c035b728
>> Author: Eric Paris<eparis at redhat.com>
>> Date: Sun Jul 10 16:25:18 2011 +0200
>>
>> policycoreutils: fixfiles: FIXME label /root but not /var/lib/BackupPC
>>
>> This patch removes /root from the excluded dirs.
>>
>> This also adds /var/lib/BackupPC to list of directories to ignore
>> labeling. Mainly because this directory tends to be Huge and causes a
>> huge spike in the amount of time it takes to relabel. Especially if
>> there is a relabel caused by a policy update.
>>
>> I'm not certain if either/both of these changes are appropriate.
>>
>> NOT-Signed-off-by: Eric Paris<eparis at redhat.com>
>>
>> commit c7493dc84be42229dfde8f7b9ad8dbfb73f40957
>> Author: Eric Paris<eparis at redhat.com>
>> Date: Wed Jun 29 02:42:08 2011 -0400
>>
>> policycoreutils: audit2allow: specify alternate policy
>>
>> Add a --policy option to audit2allow to make it use an alternate use
>> specified policy instead of the running policy.
>>
>> Signed-off-by: Eric Paris<eparis at redhat.com>
>>
>> commit 80ec62f4cab23ef6efaef40ca1a0615eb704eee1
>> Author: Eric Paris<eparis at redhat.com>
>> Date: Wed Aug 3 11:11:40 2011 -0400
>>
>> policycoreutils: audit2allow: sepolgen-ifgen use the attr helper FIXME
>>
>> This patch adds support to actually use the new sepolgen-ifgen attr
>> helper. We included the helper which generates attribute information
>> but this patch makes use of it.
>>
>> I'm just hoping I didn't miss other necessary changes with this patch.
>>
>> NOT-Signed-off-by: Eric Paris<eparis at redhat.com>
>>
>> commit a75cce681d32356aa6e6724080b52200d23f74a1
>> Author: Eric Paris<eparis at redhat.com>
>> Date: Sun Jul 10 11:53:29 2011 +0200
>>
>> policycoreutils: sepolgen-ifgen: new attr-helper does something - FIXME
>>
>> Why do we need this? Should it be a library or something rather than a
>> freestanding helper program? I don't know...
>>
>> Signed-off-by: Eric Paris<eparis at redhat.com>
>>
>> commit d1c54101666ba770425084c9f5bf47d88ed85e4c
>> Author: Eric Paris<eparis at redhat.com>
>> Date: Wed Jun 29 01:49:20 2011 -0400
>>
>> libsemanage: don't mess with /root in genhomedircon
>>
>> Fedora treats /root different then all other HOME Directories. We label
>> it admin_home_t, refpolicy labels it the same as /home/dwalsh. I feel
>> this is wrong since so many root processes deal with /root differently
>> then /home/dwalsh.
>>
>> The code in genhomedircon that deals with /root is to setup labeling of
>> /root the same as /home/dwalsh
>>
>> Signed-off-by: Eric Paris<eparis at redhat.com>
>>
>> commit 724f1006a9908e2eb4f0850c588786cf5c642f44
>> Author: Eric Paris<eparis at redhat.com>
>> Date: Wed Jun 29 01:38:51 2011 -0400
>>
>> libsemanage: change module disabled from rename to symlink
>>
>> Change the way libsemanage handles disabled modules. In the current
>> method libsemanage renames the FOO.pp file to FOO.pp.disabled and then
>> the rebuild process ignores *.disabled modules.
>>
>> Since we want to start shipping
>>
>> /etc/selinux/targeted/modules/active/modules/*.pp within the payload of
>> the rpm. If we continued this method, a policy update would re-enable a
>> module.
>>
>> The new mechanism will just create a symbolic link between FOO.pp and
>> FOO.pp.disabled. Then the library will check all modules, and if a
>> module has a link, it will not be compiled into the policy. This solves
>> the rpm update problem. and actually gives us an easier update
>> capability since if FOO.pp.disabled already exists using the old method,
>> it will continue to work with the new method.
>>
>> Signed-off-by: Eric Paris<eparis at redhat.com>
>>
>> commit 7b4e92baf64cadd374bcac3f12c01433e82e6c0e
>> Author: Eric Paris<eparis at redhat.com>
>> Date: Wed Aug 3 14:00:48 2011 -0400
>>
>> libselinux: matchpathcon: use vsyslog instead of stderr FIXME
>>
>> Convert matchpathcon to use vsyslog for errors instead of stderr.
>>
>> This isn't a library, why shouldn't we use stderr?
>>
>> NOT-Signed-off-by: Eric Paris<eparis at redhat.com>
>>
>> commit 4e703aad6c9f467938b5e14dd8210ad267c8d4cd
>> Author: Eric Paris<eparis at redhat.com>
>> Date: Tue Jul 5 00:28:42 2011 -0400
>>
>> libselinux: do not use stderr/out if selinux is disabled
>>
>> Kerberos libraries do not expect libraries many levels lower to spew
>> messages to STDERR or STDOUT, and this causes kerberos to potentially do
>> whacky things like deny access, because the user has a screwed up file
>> context file.
>>
>> Signed-off-by: Eric Paris<eparis at redhat.com>
>>
>> commit d6dacb622d984a4372226b25735a9b82a0a4a36f
>> Author: Richard Haines<richard_c_haines at btinternet.com>
>> Date: Wed Mar 9 16:34:08 2011 +0000
>>
>> libselinux: selinux_file_context_verify function returns wrong value.
>>
>> selinux_file_context_verify(3) should now return the correct codes and
>> matchpathcon(8) has been modified to handle them.
>>
>> The selinux_file_context_verify(3)and selinux_file_context_cmp(3) man pages
>> have also been updated (re-written really) to correct return codes.
>>
>> I found that selabel_open left errno set to ENOENT because a
>> file_contexts.subs file did not exist on my system, but left selabel_open
>> alone and set errno = 0 before calling selinux_filecontext_cmp.
>>
>> [fix uninitialize init variable in matchpathcon.c::main - eparis]
>> Signed-off-by: Eric Paris<eparis at redhat.com>
>>
>> -----------------------------------------------------------------------
>>
>> Summary of changes:
>> Makefile | 5 ++++
>> checkpolicy/ChangeLog | 4 +++
>> checkpolicy/VERSION | 2 +-
>> libselinux/ChangeLog | 5 ++++
>> libselinux/VERSION | 2 +-
>> libselinux/utils/matchpathcon.c | 2 +-
>> libsemanage/ChangeLog | 7 +++++
>> libsemanage/VERSION | 2 +-
>> libsepol/src/write.c | 42 ++++++++++++++++++++++++++++++++++-
>> policycoreutils/ChangeLog | 29 ++++++++++++++++++++++++
>> policycoreutils/VERSION | 2 +-
>> policycoreutils/sandbox/seunshare.8 | 2 +-
>> policycoreutils/sandbox/seunshare.c | 2 -
>> policycoreutils/scripts/fixfiles | 32 +++++++++++++++++++++-----
>> 14 files changed, 123 insertions(+), 15 deletions(-)
>>
>>
>> hooks/post-receive
>> --
>> SELinux userland upstream repository
>> _______________________________________________
>> selinux-commits mailing list
>> selinux-commits at oss.tresys.com
>> http://oss.tresys.com/mailman/listinfo/selinux-commits
>>
> _______________________________________________
> selinux-commits mailing list
> selinux-commits at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/selinux-commits
More information about the selinux-commits
mailing list