[SELinux commit]SELinux userland upstream repository branch, queue, updated. 20080909-471-g49c6634
eparis at oss.tresys.com
eparis at oss.tresys.com
Thu Aug 25 08:38:13 CDT 2011
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "SELinux userland upstream repository".
The branch, queue has been updated
discards 92f251228ebb53fb750933ad8eb903d332b7c6b5 (commit)
discards 28c9701ad6773fef88da127074b256ddc44c3252 (commit)
discards 2238dbc3f61aeeaa94da6208eaf12adda2ed0bb4 (commit)
discards 1d9d50390562d000e71409b1e1f2cafd6ebedb1c (commit)
discards d95cf967d6235c8346f2cdb2bc0541667f7ad79a (commit)
discards 9eccb6e7d5972e6f4b02e1591c1dccd503de28af (commit)
discards ea09cb7b53b810e412630021b1f2a86035060c65 (commit)
discards 863c976fa676cf5b03074537af978e5a08eed756 (commit)
discards 1f2524906b4f8c0101a383ac0a2995f3e3adc16c (commit)
discards 32a36a7360ecc6ad303b37148b6a4bc450ed3325 (commit)
discards ccfccdee3d23f612f5905cebee2ae3ee7be5eaad (commit)
discards f44c09f8b3de370095869b12e15063005f8fbda8 (commit)
discards f090ff413d2c95c57adda542b8de324db0ba890e (commit)
discards bf38326ee5d23b5e6c9f2fbe1ef876ad58838812 (commit)
discards 11d87c6d482f7cab0feabc159f60c837040439b2 (commit)
discards d2381dbfa74fc89236b30e070aeb01c7a1c47a20 (commit)
discards e2649c5f94a882e1c697a0a010904ecf3a4e693d (commit)
discards 6eeead2eb0821eef4029f2d0ce8cb05b18e15548 (commit)
discards 953409ff648a00b19a015af1c0e284b82b9e58fa (commit)
discards 0ff11e4743f1c7534202f997979b1819526230d8 (commit)
discards a9ea1277e44b5ac38e4fc5584b755813cb5e242b (commit)
discards a0f9761881c5c77a2e7b25dffa00ba59217b3f5c (commit)
discards ac28383ae3d33529039a647d2bc9866b436c6de0 (commit)
discards 5dd84d32a54a640a9db53e13c61d2cd4e337fcc9 (commit)
discards 96f9f25fb749ceadc98355fcec5e9842220cdd97 (commit)
discards 11aeb7eb40dc420743d81a58d5c2f0ea43fc23a0 (commit)
discards d5dfe55988ab3dfdcf518a854a302fd591d5ef23 (commit)
discards 2a92ed3eeed7c6a9b30ff1657944f0413138d82c (commit)
discards 179680c37bc42c89fdf88d471cbf772f09ac7ec9 (commit)
discards 8eeccb9e35103382fbcd29119949e1af810b3cee (commit)
discards 4bbd49160053ee9909aac288926e47f4fab5850d (commit)
discards 7f62d2b058eb13a0edffe435843ad0ef1c7c24fb (commit)
discards 06c9cebbd7d8d3000a7faf709289d82c3c9be206 (commit)
discards 00c248da2b4f12ca6742885477a9febbbacff118 (commit)
discards bfd56e951e4557cd3a685bf361f37f81fae26d3b (commit)
discards cc94efb2c4caa8e59520dda6b4f26cb8d458daa7 (commit)
discards 17e9bf78f3143da1ed2889f39769d833adb3ad29 (commit)
discards 5875bfa0be14c82a68a422f224395ad5f8e897c7 (commit)
discards b12a600fde1b085da4b742217604913e39f6cad7 (commit)
discards cc96b56d8c225ce9c0af578912b3f3d12d413df8 (commit)
discards c6448701531aa6ba2cb455578ff7f6be273ffc2e (commit)
discards 70d8351d24265eea34ec11c4a7fbb83077417d5a (commit)
discards 2c8b52d55a4b9d18d92e1c2536652764b738b60c (commit)
discards 8f9293e236ef3150949a6a417c3959864ac696a2 (commit)
discards 99dd5b5dcc1b37749ea16bf57002ec4b839c8d6f (commit)
discards f83994365893964ac464804a865c947d9c922507 (commit)
discards 44c9503d8d437a77b10dd463a652b2409e51874d (commit)
discards 3056cbf64664a78737f6b6cf1a57fe7f48908ed2 (commit)
discards 1583d10ada7ee0d9abde23dd00ada9075f5cea2d (commit)
discards e5f347f8bf3435f3cd15ee9f63794061a1553d91 (commit)
discards df7d522fcd2b1043b7a9d6033fe59b65c035b728 (commit)
discards c7493dc84be42229dfde8f7b9ad8dbfb73f40957 (commit)
discards 80ec62f4cab23ef6efaef40ca1a0615eb704eee1 (commit)
discards a75cce681d32356aa6e6724080b52200d23f74a1 (commit)
discards d1c54101666ba770425084c9f5bf47d88ed85e4c (commit)
discards 724f1006a9908e2eb4f0850c588786cf5c642f44 (commit)
discards 7b4e92baf64cadd374bcac3f12c01433e82e6c0e (commit)
discards 4e703aad6c9f467938b5e14dd8210ad267c8d4cd (commit)
discards d6dacb622d984a4372226b25735a9b82a0a4a36f (commit)
via 49c66349ed01a05f7fbfe0aefffb418a425ca6dc (commit)
via 81001ad26c5c3d1c44a301b622960309c04f12dc (commit)
via 82ff0fd3c9cf481da2bf763d52908f3502b605f8 (commit)
via 3089332ca498aa5cb3079870ec22c37631908d71 (commit)
via 844abf2eb421a70639f457a2a37d24bda2ecbd5d (commit)
via 7c9faa4cd638dde6d1d733d5f06431eb28451e2f (commit)
via 82d4dbed174a4cdaeafd4377cbe7bc59ca3ce2be (commit)
via ec33f673756ce7e9ba0844ddbaf7ade2e3747d2a (commit)
via 01b7280a9eb3ebf3aafb903966d84c882425456c (commit)
via c1859ee6711d0403df6dcb5cdb21675f9fdbb74f (commit)
via d2d395b1f659a14a4f81c5eda509343eac16982a (commit)
via fed9d387990cfb600062611459c51faea6f2bff6 (commit)
via 4c60425a94b45da8c1ccf83333605796a7d1944a (commit)
via a9e7352c033727aab5edf4ee5b1255299aeeeba6 (commit)
via abb6185bc0ddabe38f2e27796de641c829cf70b9 (commit)
via d25df987bf4fd086520c60f3bf49636a7b085bb9 (commit)
via 15779c9c59e83f83a880d8402f43a70f131f7a0e (commit)
via 57dd697a13b155662a65a9f3d8a45f22460d2463 (commit)
via e417db5bd6ac9841a7920eb5af0a9ca6697181a5 (commit)
via 137065edcf92ca2d73eebe29fe18dc07c7394a7f (commit)
via a52c43db7bde8803c211b92aeb7e091d1356e8be (commit)
via 294a82a5ca92f0b1fc986f974c0870f91508674f (commit)
via d9bb07766c68dc10e6aea977fd420c54dc17d1bc (commit)
via 031c9858647b202c8c751fd22703df1f931c3068 (commit)
via 2f134c8e06f6f64bd472739a085ef20d03ee965e (commit)
via 896f220fafcc486b8708a35cf6edbbbe9eeb9bc0 (commit)
via 84fe4ecfe17480e07fe653f9b83290fac6310569 (commit)
via 888c7916c04c6ccf3797dca6abef5075a37685d1 (commit)
via 1dc806347dd1f1901fe776723b66803b641d82a6 (commit)
via ebaa5a8e9d11a88271dead8bcbbd5ba1001adc9d (commit)
via e1e120b325c901b3ea57ded20fedd547331d2498 (commit)
via 16dba852df46655c2a299a888bd7c1e0b4944d88 (commit)
via f00f98ce7cebcab4c3e5cb2e0c28e5fa2385b20a (commit)
via 6d6c2103be445741ed30c0a146115a130763e2c5 (commit)
via 9b6ef077c5f48768511027970bf305241c0a16b4 (commit)
via 277408abd3baa37a744f7bd808b3b0a783429cdc (commit)
via 620adfcf2f78c62a2dca12edeedcf6f41c96deab (commit)
via c3159c0836adf61a408f6a72897d922b73b4be05 (commit)
via 6905f7cb46a8d286c445ca3d0a8156cb52644e7e (commit)
via dc6b1818781ffd46747bb55ef3b23a96819dd0d3 (commit)
via 7c9777d183c9eaa7b826b14ce6fb1ccf37228da7 (commit)
via 83f2345f290b50cd67730cd8846f0bd65312ab9e (commit)
via 0a46a7ef75c0d5bc543cbca9186b1edd03c71011 (commit)
via 226d44b5f2bb3523736a606e4ed36738c8fa33ec (commit)
via 86505730ecaac7dc2be1cf838d687cd68873e6c3 (commit)
via 70ac5d0eacf208d943fd66db26eb8a591872ff80 (commit)
via 959f3be26410fd5e1c6ce93380e9cdd860bcf5c6 (commit)
via 2a570997ceb66ecd71eea26cbef19e824f00318c (commit)
via e3a983a1562bd1eb3f431245aba09019ff1a4c19 (commit)
via 192d8137db0f27cbaa4f1e6d0b2f8014ce472617 (commit)
via e693eea7fabf0d4be1a533d71ae7f7387bfb7427 (commit)
via 715aefcdec50cb386169cd50ef7fe9822051e659 (commit)
via 389162bd20a38b0a28012ec02956dd4f2ce3957e (commit)
via 11394da2021feefa57355d4d2384244028d71b1a (commit)
via 8927e443e19a81c152a809505a16a211492684d0 (commit)
via 13adc3498c39ca39a7d06f6ca213303bcde4eee4 (commit)
via 3be31907e25dacf0b331b59bd1a3f3bee380a619 (commit)
via 562c3e5518d673ec44332120f741c15ca124741e (commit)
via 5b9dbdad4df6f933e2618c9c146fef9b41ed767b (commit)
via e2e0d6d4fbd16b308d84d4cb38a437ba2e0d42a0 (commit)
via e1f14621bdeef94c2c34f5092f9ae54e92fe2d71 (commit)
via db750ca6eba023fe7b4ca510992da6bc386bfa7c (commit)
via 37e725be18f3726b343f1ea29441fe5750708376 (commit)
via 507380aaf54ac54756a4f05b17dafa5c31baf9d4 (commit)
via b4b7a6d0a254ad45f6408a81f2275f6910611660 (commit)
via f382041e22eff834b18c02151e25015979bb190e (commit)
via 359cea968c46c3af11ce526962f9f4e620674975 (commit)
via f505825c59c3f44612429fd3ad1cd47e108ab6e5 (commit)
via 2bb9cbad00025af10a1a69b71726fd9c5ee3df16 (commit)
via 823d1bb8c25ce95a0e88669bfd069a4be6ba09f8 (commit)
via 54e9ca7369e04dedc56f0f8227df7efc140e4f90 (commit)
via 47fee8030fe83a27d0de6be3eb214f421d03ce21 (commit)
via 896aa3e78b5082604c3100912c7bdd5793e894bb (commit)
via b92c8c9b7d72121cdf9dedcb7bf13ddd6deb10b2 (commit)
via 2e0ddb52ca4a943cbc2f11e326d5a90cdbe17c13 (commit)
via 00ce774f781c93df269109a47967e13dc1da733e (commit)
via dcca498b0d495f96d3846a9027f19429404365da (commit)
This update added new revisions after undoing existing revisions. That is
to say, the old revision is not a strict subset of the new revision. This
situation occurs when you --force push a change and generate a repository
containing something like this:
* -- * -- B -- O -- O -- O (92f251228ebb53fb750933ad8eb903d332b7c6b5)
\
N -- N -- N (49c66349ed01a05f7fbfe0aefffb418a425ca6dc)
When this happens we assume that you've already had alert emails for all
of the O revisions, and so we here report only the revisions in the N
branch from the common base, B.
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 49c66349ed01a05f7fbfe0aefffb418a425ca6dc
Author: Dan Walsh <dwalsh at redhat.com>
Date: Tue Aug 23 14:56:15 2011 -0400
sepolgen: FIXME add attribute handling to sepolgen so it can take into account the attributes within an interface
Better changelog and review
NOT-Signed-off-by: Eric Paris <eparis at redhat.com>
commit 81001ad26c5c3d1c44a301b622960309c04f12dc
Author: Dan Walsh <dwalsh at redhat.com>
Date: Tue Aug 23 14:54:56 2011 -0400
sepolgen: FIXME Allow sepolgen to handle file name transitions
Better changelog and review
NOT-Signed-off-by: Eric Paris <eparis at redhat.com>
commit 82ff0fd3c9cf481da2bf763d52908f3502b605f8
Author: Dan Walsh <dwalsh at redhat.com>
Date: Tue Aug 23 14:53:44 2011 -0400
sepolgen: FIXME Allow returning of bastard matches
Better changelog and review
NOT-Signed-off-by: Eric Paris <eparis at redhat.com>
commit 3089332ca498aa5cb3079870ec22c37631908d71
Author: Dan Walsh <dwalsh at redhat.com>
Date: Tue Aug 23 14:52:47 2011 -0400
sepolgen: Change analysys of sepolgen to return booleans and te rules that would tell audit2allow if there are booleans that can handle the AVC
Better changelog and review
NOT-Signed-off-by: Eric Paris <eparis at redhat.com>
commit 844abf2eb421a70639f457a2a37d24bda2ecbd5d
Author: Dan Walsh <dwalsh at redhat.com>
Date: Tue Aug 23 14:51:41 2011 -0400
sepolgen: FIXME Change analysys of sepolgen to return booleans and te rules that would tell audit2allow if there are booleans that can handle the AVC
Better changelog and review
NOT-Signed-off-by: Eric Paris <eparis at redhat.com>
commit 7c9faa4cd638dde6d1d733d5f06431eb28451e2f
Author: Dan Walsh <dwalsh at redhat.com>
Date: Tue Aug 23 14:51:05 2011 -0400
sepolgen: FIXME Change analysys of sepolgen to return booleans and te rules that would tell audit2allow if there are booleans that can handle the AVC
Better changelog and review
NOT-Signed-off-by: Eric Paris <eparis at redhat.com>
commit 82d4dbed174a4cdaeafd4377cbe7bc59ca3ce2be
Author: Dan Walsh <dwalsh at redhat.com>
Date: Tue Aug 23 14:49:45 2011 -0400
sepolgen: FIXME Change perm-map and add open to try to get better results on matches
Better changelog and review
NOT-Signed-off-by: Eric Paris <eparis at redhat.com>
commit ec33f673756ce7e9ba0844ddbaf7ade2e3747d2a
Author: Dan Walsh <dwalsh at redhat.com>
Date: Tue Aug 23 14:46:37 2011 -0400
policycoreutils: setfiles: Fix process_glob to handle error situations properly
Rather than error when a glob does not match return success as this is
not a problem.
Signed-off-by: Eric Paris <eparis at redhat.com>
commit 01b7280a9eb3ebf3aafb903966d84c882425456c
Author: Dan Walsh <dwalsh at redhat.com>
Date: Tue Aug 9 09:40:17 2011 -0400
policycoreutils: sandbox: Closedir on failures, to prevent leaks seunshare
commit c1859ee6711d0403df6dcb5cdb21675f9fdbb74f
Author: Dan Walsh <dwalsh at redhat.com>
Date: Tue Jul 26 10:42:26 2011 -0400
policycoreutils: sandbox: Allow seunshare to run as root
Signed-off-by: Dan Walsh <dwalsh at redhat.com>
commit d2d395b1f659a14a4f81c5eda509343eac16982a
Author: Eric Paris <eparis at redhat.com>
Date: Mon Aug 8 14:45:02 2011 -0400
policycoreutils: sandbox: remote -k option FIXME
Not sure what it does, so remove it.
Signed-off-by: Eric Paris <eparis at redhat.com
commit fed9d387990cfb600062611459c51faea6f2bff6
Author: Eric Paris <eparis at redhat.com>
Date: Mon Aug 8 14:44:08 2011 -0400
policycoreutils: sandbox: FIXME man page install line in Makefile
The source calls the man page sandbox.conf.5 but we wish to install it
as sandbox.5
This doesn't make sense. Shouldn't the man page for sandbox.conf be at
sandbox.conf?
NOT-Signed-off-by: Eric Paris <eparis at redhat.com>
commit 4c60425a94b45da8c1ccf83333605796a7d1944a
Author: Dan Walsh <dwalsh at redhat.com>
Date: Wed Jul 6 20:52:38 2011 -0400
policycoreutils: sandbox: trap sigterm to make sure sandbox exits with the proper exit code
commit a9e7352c033727aab5edf4ee5b1255299aeeeba6
Author: Dan Walsh <dwalsh at redhat.com>
Date: Wed Jul 6 20:52:05 2011 -0400
policycoreutils: sandbox: cntrl-c should kill entire process control group
Change the signal handler to handle ctrl-C and exit properly
Signed-off-by: Eric Paris <eparis at redhat.com>
commit abb6185bc0ddabe38f2e27796de641c829cf70b9
Author: Dan Walsh <dwalsh at redhat.com>
Date: Wed Jul 6 20:22:26 2011 -0400
policycoreutils: sandbox: FIXME add level based kill option
add kill option to seunshare to kill all processes that are still running
with the execcon MCS label. Default sandbox to call seunshare with the -k
if it created an mcs level
NOT-Signed-off-by: Eric Paris <eparis at redhat.com>
commit d25df987bf4fd086520c60f3bf49636a7b085bb9
Author: Eric Paris <eparis at redhat.com>
Date: Mon Aug 8 15:47:43 2011 -0400
policycoreutils: sandbox: FIXME do not bind mount so much
Why not?
NOT-Signed-off-by: Eric Paris <eparis at redhat.com>
commit 15779c9c59e83f83a880d8402f43a70f131f7a0e
Author: Eric Paris <eparis at redhat.com>
Date: Mon Aug 15 19:58:08 2011 -0400
policycoreutils: sandbox: rewrite /tmp handling FIXME
seunshare now creates a runtime temporary directory owned by root and
with the sticky bit set properly. Files from the user-specified directory
are copied to the runtime directory and the changes synced back (using rsync)
at the end of the seunshare run.
review needed to changelog correctness/completeness
Signed-off-by: Eric Paris <eparis at redhat.com>
commit 57dd697a13b155662a65a9f3d8a45f22460d2463
Author: Dan Walsh <dwalsh at redhat.com>
Date: Tue Jun 7 08:34:04 2011 -0400
policycoreutils: sandbox: pass DPI from the desktop
Fix sandbox to pass DPI from the desktop to the sandbox program.
Signed-off-by: Eric Paris <eparis at redhat.com>
commit e417db5bd6ac9841a7920eb5af0a9ca6697181a5
Author: Eric Paris <eparis at redhat.com>
Date: Fri Aug 5 14:06:34 2011 -0400
policycoreutils: sandbox: seunshare: introduce helper spawn_command
Introduce a helper which will spawn children and wait for them to exit
so we don't have to keep writing that code over and over.
Signed-off-by: Eric Paris <eparis at redhat.com>
commit 137065edcf92ca2d73eebe29fe18dc07c7394a7f
Author: Eric Paris <eparis at redhat.com>
Date: Fri Aug 5 14:36:29 2011 -0400
policycoreutils: sandbox: seunshare: introduce new helpers FIXME
Maybe merge with with the cap split and make a better changelog
commit a52c43db7bde8803c211b92aeb7e091d1356e8be
Author: Dan Walsh <dwalsh at redhat.com>
Date: Mon Jun 13 13:24:38 2011 -0400
policycoreutils: sandbox: add -C option to not drop all capabilities
Some sandbox might want to be able to run a suid app. Add the -C option
to allow capabilities to stay in the bounding set, and thus be allowed
inside the sandbox.
Signed-off-by: Eric Paris <eparis at redhat.com>
commit 294a82a5ca92f0b1fc986f974c0870f91508674f
Author: Eric Paris <eparis at redhat.com>
Date: Fri Aug 5 13:33:35 2011 -0400
policycoreutils: sandbox: split seunshare caps dropping
Split drop_capabilities into drop_privs, which does the same thing, and
drop_caps, which only drops caps but doesn't affect the uid.
Signed-off-by: Eric Paris <eparis at redhat.com>
commit d9bb07766c68dc10e6aea977fd420c54dc17d1bc
Author: Eric Paris <eparis at redhat.com>
Date: Mon Aug 15 20:10:14 2011 -0400
policycoreutils: sandbox: introduce package name and language stuff FIXME
I don't know what this does. Something with languages maybe?
NOT-Signed-off-by: Eric Paris <eparis at redhat.com>
commit 031c9858647b202c8c751fd22703df1f931c3068
Author: Eric Paris <eparis at redhat.com>
Date: Mon Aug 15 19:59:41 2011 -0400
policycoreutils: sandbox: use dbus-launch
Instead of directly calling, use dbus-launch.
Signed-off-by: Eric Paris <eparis at redhat.com>
commit 2f134c8e06f6f64bd472739a085ef20d03ee965e
Author: Eric Paris <eparis at redhat.com>
Date: Mon Aug 15 19:57:12 2011 -0400
policycoreutils: sandbox: numerous simple updates to sandbox
Little things like better error messages, usage text, code duplication
and the like.
Signed-off-by: Eric Paris <eparis at redhat.com>
commit 896f220fafcc486b8708a35cf6edbbbe9eeb9bc0
Author: Eric Paris <eparis at redhat.com>
Date: Mon Aug 15 16:00:04 2011 -0400
policycoreutils: sandbox: do not require selinux context
seunshare can be used on non-selinux systems. It can also be used
without transition to a new context. Thus we should not require that a
context be set.
Signed-off-by: Eric Paris <eparis at redhat.com>
commit 84fe4ecfe17480e07fe653f9b83290fac6310569
Author: Eric Paris <eparis at redhat.com>
Date: Mon Aug 15 13:56:02 2011 -0400
policycoreutils: sandbox: Makefile: new man pages
we have man pages which aren't being instelled with make install. We
also do not include -Werror -Wall -Wextra in the build like we do with
other packages, so include those.
Signed-off-by: Eric Paris <eparis at redhat.com>
commit 888c7916c04c6ccf3797dca6abef5075a37685d1
Author: Eric Paris <eparis at redhat.com>
Date: Wed Aug 10 17:43:14 2011 -0400
policycoreutils: sandbox: rename dir to srcdir
Just a simple variable rename to make it clear what it does.
Signed-off-by: Eric Paris <eparis at redhat.com>
commit 1dc806347dd1f1901fe776723b66803b641d82a6
Author: Eric Paris <eparis at redhat.com>
Date: Wed Aug 10 17:22:41 2011 -0400
policycoreutils: sandbox: allow users specify sandbox window size
This allows users to create sandbox windows of a specified size on the
command line.
Signed-off-by: Eric Paris <eparis at redhat.com>
commit ebaa5a8e9d11a88271dead8bcbbd5ba1001adc9d
Author: Eric Paris <eparis at redhat.com>
Date: Wed Aug 10 16:28:36 2011 -0400
policycoreutils: sandbox: check for paths up front
When launching a sandbox x environment we should check up front to make
sure that the seunshare and sandboxsh files exist and bail politely if
they do not exist.
Signed-off-by: Eric Paris <eparis at redhat.com>
commit e1e120b325c901b3ea57ded20fedd547331d2498
Author: Eric Paris <eparis at redhat.com>
Date: Wed Aug 10 16:13:26 2011 -0400
policycoreutils: sandbox: use defined values for paths rather than open coding
Rather than putting pathnames all throughout the file define them as
variables and reuse these variables where needed.
Signed-off-by: Eric Paris <eparis at redhat.com>
commit 16dba852df46655c2a299a888bd7c1e0b4944d88
Author: Eric Paris <eparis at redhat.com>
Date: Wed Aug 3 15:09:22 2011 -0400
policycoreutils: sandbox: add sandbox cgroup support
Add cgroup support
Signed-off-by: Eric Paris <eparis at redhat.com>
commit f00f98ce7cebcab4c3e5cb2e0c28e5fa2385b20a
Author: Eric Paris <eparis at redhat.com>
Date: Wed Aug 3 16:23:12 2011 -0400
policycoreutils: sandbox: move seunshare globals to the top
Just coding style, globals go at the top of .c files, not randomly
throughout.
Signed-off-by: Eric Paris <eparis at redhat.com>
commit 6d6c2103be445741ed30c0a146115a130763e2c5
Author: Eric Paris <eparis at redhat.com>
Date: Wed Aug 3 14:27:32 2011 -0400
policycoreutils: sandbox: whitespace fix
couple of whitespace at the end of the line.
Signed-off-by: Eric Paris <eparis at redhat.com>
commit 9b6ef077c5f48768511027970bf305241c0a16b4
Author: Dan Walsh <dwalsh at redhat.com>
Date: Thu Aug 4 09:53:34 2011 -0400
policycoreutils: semodule_package: Add semodule_unpackage executable
Much like semodule_package this utility will unpack!
Signed-off-by: Eric Paris <eparis at redhat.com>
commit 277408abd3baa37a744f7bd808b3b0a783429cdc
Author: Dan Walsh <dwalsh at redhat.com>
Date: Tue Aug 9 09:58:53 2011 -0400
policycoreutils: restorecon: Always check return code on asprintf
Do not assume it is always a success and error gracefully when it isn't.
Signed-off-by: Eric Paris <eparis at redhat.com>
commit 620adfcf2f78c62a2dca12edeedcf6f41c96deab
Author: Dan Walsh <dwalsh at redhat.com>
Date: Mon Aug 1 17:09:10 2011 -0400
policycoreutils: restorecond: Restore restorecond code to F15 version
commit c3159c0836adf61a408f6a72897d922b73b4be05
Author: Eric Paris <eparis at redhat.com>
Date: Wed Aug 3 14:10:38 2011 -0400
policycoreutils: restorecon: fix memory leaks FIXME
merge with patch which introduced the memory leaks.
commit 6905f7cb46a8d286c445ca3d0a8156cb52644e7e
Author: Eric Paris <eparis at redhat.com>
Date: Wed Aug 3 12:23:45 2011 -0400
policycoreutils: restorecon: FIXME No idea
I just broke the restorecon changes into a patch, but I don't know if
it's 'good'
NOT-Signed-off-by: Eric Paris <eparis at redhat.com>
commit dc6b1818781ffd46747bb55ef3b23a96819dd0d3
Author: Eric Paris <eparis at redhat.com>
Date: Wed Aug 3 11:40:47 2011 -0400
policycoreutils: restorecon: FIXME Lots of undocumented restorecon changes
I really need a changelog here, and probably should break this even
smaller.
NOT-Signed-off-by: Eric Paris <eparis at redhat.com>
commit 7c9777d183c9eaa7b826b14ce6fb1ccf37228da7
Author: Eric Paris <eparis at redhat.com>
Date: Wed Aug 3 11:38:03 2011 -0400
policycoreutils: newrole: FIXME do not call drop_capabilities
I don't know why this is a good thing, but apparently we does it!
NOT-Signed-off-by: Eric Paris <eparis at redhat.com>
commit 83f2345f290b50cd67730cd8846f0bd65312ab9e
Author: Eric Paris <eparis at redhat.com>
Date: Wed Jul 20 12:19:48 2011 -0400
policycoreutils: run_init: FIXME Build option for call to open_init_pty
This patch introduces a new build flag, USE_OPEN_INIT_PTY, which
decides if run_init uses open_init_pty to launch new programs or just
does so directly.
This patch seems broken since nothing is ever going to set
USE_OPEN_INIT_PTY
NOT-Signed-off-by: Eric Paris <eparis at redhat.com>
commit 0a46a7ef75c0d5bc543cbca9186b1edd03c71011
Author: Eric Paris <eparis at redhat.com>
Date: Wed Aug 3 12:00:30 2011 -0400
policycoreutils: semanage: whitespace changes in seobject FIXME
Just whitespace and indention changes. No real code. I'm not certain
they are all a good idea.
NOT-Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 226d44b5f2bb3523736a606e4ed36738c8fa33ec
Author: Eric Paris <eparis at redhat.com>
Date: Wed Aug 3 11:57:34 2011 -0400
policycoreutils: semanage: surround getopt with its own try block FIXME
This patch adds another try/except block which only includes the getopt
processing. I don't understand why the single larger block was
inadequate.
NOT-Signed-off-by: Eric Paris <eparis at redhat.com>
commit 86505730ecaac7dc2be1cf838d687cd68873e6c3
Author: Eric Paris <eparis at redhat.com>
Date: Wed Aug 3 11:53:43 2011 -0400
policycoreutils: semanage: FIXME do not use set_action
This patch causes enable/disable to not use setaction and to instead
throw their own error. I do not believe it is needed.
NOT-Signed-off-by: Eric Paris <eparis at redhat.com>
commit 70ac5d0eacf208d943fd66db26eb8a591872ff80
Author: Eric Paris <eparis at redhat.com>
Date: Tue Jul 19 11:27:23 2011 -0400
policycoreutils: semanage: FIXME: force utf8 encoding
Somehow this is a good idea. I don't know why.
Signed-off-by: Eric Paris <eparis at redhat.com>
commit 959f3be26410fd5e1c6ce93380e9cdd860bcf5c6
Author: Eric Paris <eparis at redhat.com>
Date: Tue Jul 19 11:27:22 2011 -0400
policycoreutils: semanage: FIXME set modified correctly
Something is happening here, and I'm sure it's good...
NOT-Signed-off-by: Eric Paris <eparis at redhat.com>
commit 2a570997ceb66ecd71eea26cbef19e824f00318c
Author: Eric Paris <eparis at redhat.com>
Date: Mon Jul 18 13:19:30 2011 -0400
policycoreutils: semanage: FIXME missing modify=True
Not sure really what it does, but it does it...
NOT-Signed-off-by: Eric Paris <eparis at redhat.com>
commit e3a983a1562bd1eb3f431245aba09019ff1a4c19
Author: Eric Paris <eparis at redhat.com>
Date: Fri Jul 15 18:43:31 2011 +0200
policycoreutils: semanage: do not print fcontext header if no fcontexts
Don't print a header with no entries.
[todo: everthing else the same way]
Signed-off-by: Eric Paris <eparis at redhat.com>
commit 192d8137db0f27cbaa4f1e6d0b2f8014ce472617
Author: Eric Paris <eparis at redhat.com>
Date: Fri Jul 15 18:32:28 2011 +0200
policycoreutils: semanage: FIXME make add operations into modify
Scripts which use semanage often don't know if what they intend to do
has already been done. Should they use a -a because it doesn't exist or
should they use -m because it does? This patch just makes -a use -m if
an entry already exists.
I'm not certain this is good practice. Why can't scripts tell the
reason and handle the error themselves rather than not have a choice in
the tools? What if two different rpms wanted to install a new selinux
user and the creator of those rpms didn't know about the other one?
They'd have no way of knowing about the name collision and the fact that
policy was likely not what they intended....
NOT-Signed-off-by: Eric Paris <eparis at redhat.com>
commit e693eea7fabf0d4be1a533d71ae7f7387bfb7427
Author: Eric Paris <eparis at redhat.com>
Date: Fri Jul 15 18:28:16 2011 +0200
policycoreutils: semanage: FIXME use local store in nodeRecords __modify
Everything else in this function uses the global store so I don't
understand why this patch uses the local store.
Dan says "Neither do I but I am sure there was a reason."
NOT-Signed-off-by: Eric Paris <eparis at redhat.com>
commit 715aefcdec50cb386169cd50ef7fe9822051e659
Author: Eric Paris <eparis at redhat.com>
Date: Fri Jul 15 15:42:37 2011 +0200
policycoreutils: semanage: something with coolean and localstore FIXME
Again I have no idea.
NOT-Signed-off-by: Eric Paris <eparis at redhat.com>
commit 389162bd20a38b0a28012ec02956dd4f2ce3957e
Author: Dan Walsh <dwalsh at redhat.com>
Date: Tue Aug 9 09:53:49 2011 -0400
policycoreutils: setfiles: FIXME Fix potential crash using dereferenced ftsent
If fts_read() fails for any reason ftsent will be NULL. Previously we
would have reported the error and then continued processing. Now we
report the error and stop using the NULL pointer.
FIXME: Would this be somehow a normal condition for an empty directory?
Don't know the code well enough to tell.
Signed-off-by: Eric Paris <eparis at redhat.com>
commit 11394da2021feefa57355d4d2384244028d71b1a
Author: Eric Paris <eparis at redhat.com>
Date: Sun Jul 10 17:32:14 2011 +0200
policycoreutils: setfiles: get rid of some stupid globals
We have some useless globals in setfiles that don't need to be. Stop
it.
Signed-off-by: Eric Paris <eparis at redhat.com>
commit 8927e443e19a81c152a809505a16a211492684d0
Author: Eric Paris <eparis at redhat.com>
Date: Sun Jul 10 16:54:25 2011 +0200
policycoreutils: setfiles: FIXME switch from stat to stat64
This looks bad. glibc takes care of this. We should do send this
upstream but I would like to know why you did it in Fedora....
NOT-Signed-off-by: Eric Paris <eparis at redhat.com>
commit 13adc3498c39ca39a7d06f6ca213303bcde4eee4
Author: Eric Paris <eparis at redhat.com>
Date: Sun Jul 10 16:46:38 2011 +0200
policycoreutils: setfiles: move exclude_non_seclabel_mounts to a generic location
move exclude_non_seclabel_mounts from setfiles.c to restore.c so it can
be used by other functions later.
Signed-off-by: Eric Paris <eparis at redhat.com>
commit 3be31907e25dacf0b331b59bd1a3f3bee380a619
Author: Eric Paris <eparis at redhat.com>
Date: Sun Jul 10 16:25:18 2011 +0200
policycoreutils: fixfiles: FIXME label /root but not /var/lib/BackupPC
This patch removes /root from the excluded dirs.
This also adds /var/lib/BackupPC to list of directories to ignore
labeling. Mainly because this directory tends to be Huge and causes a
huge spike in the amount of time it takes to relabel. Especially if
there is a relabel caused by a policy update.
I'm not certain if either/both of these changes are appropriate.
NOT-Signed-off-by: Eric Paris <eparis at redhat.com>
commit 562c3e5518d673ec44332120f741c15ca124741e
Author: Eric Paris <eparis at redhat.com>
Date: Wed Jun 29 02:42:08 2011 -0400
policycoreutils: audit2allow: specify alternate policy
Add a --policy option to audit2allow to make it use an alternate use
specified policy instead of the running policy.
Signed-off-by: Eric Paris <eparis at redhat.com>
commit 5b9dbdad4df6f933e2618c9c146fef9b41ed767b
Author: Eric Paris <eparis at redhat.com>
Date: Wed Aug 3 11:11:40 2011 -0400
policycoreutils: audit2allow: sepolgen-ifgen use the attr helper FIXME
This patch adds support to actually use the new sepolgen-ifgen attr
helper. We included the helper which generates attribute information
but this patch makes use of it.
I'm just hoping I didn't miss other necessary changes with this patch.
NOT-Signed-off-by: Eric Paris <eparis at redhat.com>
commit e2e0d6d4fbd16b308d84d4cb38a437ba2e0d42a0
Author: Eric Paris <eparis at redhat.com>
Date: Sun Jul 10 11:53:29 2011 +0200
policycoreutils: sepolgen-ifgen: new attr-helper does something - FIXME
Why do we need this? Should it be a library or something rather than a
freestanding helper program? I don't know...
Signed-off-by: Eric Paris <eparis at redhat.com>
commit e1f14621bdeef94c2c34f5092f9ae54e92fe2d71
Author: Eric Paris <eparis at redhat.com>
Date: Thu Aug 11 23:36:14 2011 -0400
global: Makefile: create global 'all' target
This does 2 things. It does a little cleanup by de-duplicating code.
It also adds a new target 'all' as the default target. Previous the
default target was 'install'. There was no 'all' target. This patch
should allow one to build all of the tree as a non-root user.
Signed-off-by: Eric Paris <eparis at redhat.com>
commit db750ca6eba023fe7b4ca510992da6bc386bfa7c
Author: Harry Ciao <qingtao.cao at windriver.com>
Date: Tue Aug 23 18:08:32 2011 +0800
libsepol: FIXME Skip tunable identifier and cond_node_t in expansion.
The effective branch of a tunable has been appended to its home
decl->avrules list during link, in expansion we should just skip
tunable from expanding its rule into te_cond_avtab and adding to
the out->cond_list queue.
Also if tunables are ever combined with booleans in one expression,
they would be "transformed" as booleans and the cond_node_t would still
be regarded as of "boolean" style, so no tunable identifier would ever
be needed again during expansion.
Signed-off-by: Harry Ciao <qingtao.cao at windriver.com>
NOT-Signed-off-by: Eric Paris <eparis at redhat.com>
commit 37e725be18f3726b343f1ea29441fe5750708376
Author: Harry Ciao <qingtao.cao at windriver.com>
Date: Tue Aug 23 18:08:31 2011 +0800
libsepol: FIXME Copy and check the cond_bool_datum_t.flags during link.
Copy the TUNABLE flag for cond_bool_datum_t during link, and check
if there is a mismatch between boolean/tunable declaration and
usage among modules. In this case an information would be printed.
Signed-off-by: Harry Ciao <qingtao.cao at windriver.com>
NOT-Signed-off-by: Eric Paris <eparis at redhat.com>
commit 507380aaf54ac54756a4f05b17dafa5c31baf9d4
Author: Harry Ciao <qingtao.cao at windriver.com>
Date: Tue Aug 23 18:08:30 2011 +0800
libsepol: FIXME Permanently enable the if or else branch of a tunable during link.
For a cond_node_t in one decl->cond_list queue, append its
avtrue_list or avfalse_list to the avrules list of its home decl
depending on its state value, so that these effective rules would
be permanently added to te_avtab.
If tunables and booleans co-exist in one expression, then the tunables
would be "transformed" as boolean.
Signed-off-by: Harry Ciao <qingtao.cao at windriver.com>
NOT-Signed-off-by: Eric Paris <eparis at redhat.com>
commit b4b7a6d0a254ad45f6408a81f2275f6910611660
Author: Harry Ciao <qingtao.cao at windriver.com>
Date: Tue Aug 23 18:08:29 2011 +0800
libsepol: FIXME Write and read TUNABLE flags in related data structures.
All flags in cond_bool_datum_t and cond_node_t structures are
written/read for policy modules which version is no less than
MOD_POLICYDB_VERSION_TUNABLE_SEP.
Signed-off-by: Harry Ciao <qingtao.cao at windriver.com>
NOT-Signed-off-by: Eric Paris <eparis at redhat.com>
commit f382041e22eff834b18c02151e25015979bb190e
Author: Harry Ciao <qingtao.cao at windriver.com>
Date: Tue Aug 23 18:08:28 2011 +0800
checkpolicy: FIXME Separate tunable from boolean during compile.
Both boolean and tunable keywords are processed by define_bool_tunable(),
argument 0 and 1 would be passed for boolean and tunable respectively.
For tunable, a TUNABLE flag would be set in cond_bool_datum_t.flags.
Note, when creating an if-else conditional, we can not know if the
tunable identifier is indeed a tunable(for example, boolean may be
used in tunable_policy(), optionally along with other tunables), thus
we can not know if the current if-else conditional is of tunable at
the compile time(but at link time when all boolean/tunable copied).
Signed-off-by: Harry Ciao <qingtao.cao at windriver.com>
NOT-Signed-off-by: Eric Paris <eparis at redhat.com>
commit 359cea968c46c3af11ce526962f9f4e620674975
Author: Harry Ciao <qingtao.cao at windriver.com>
Date: Tue Aug 23 18:08:27 2011 +0800
libsepol: FIXME Indicate when boolean is indeed a tunable.
Add flags to cond_bool_datum_t and cond_node_t structures to indicate
that the boolean and related if-else conditionals are about a tunable.
Signed-off-by: Harry Ciao <qingtao.cao at windriver.com>
NOT-Signed-off-by: Eric Paris <eparis at redhat.com>
commit f505825c59c3f44612429fd3ad1cd47e108ab6e5
Author: Harry Ciao <qingtao.cao at windriver.com>
Date: Tue Aug 16 16:08:52 2011 +0800
libsepol: FIXME Skip writing role attributes for policy.X and downgraded pp.
Role attributes are redundant for policy.X, their destiny has been
fulfilled in the expand phase when their types.types ebitmap have
been populated to that of their sub regular roles.
When pp is downgraded, role_datum_t's the flavor flag and roles
ebitmap would be discarded, resulting in role attributes useless
at all. So for such case they should also be skipped.
Deduct the number of role attributes from p_roles.table->nel when
they are skipped.
Last, uncount attributes number before converting endianness.
THIS BREAKS THE ABILITY TO BUILD A WORKING POLICY IF IT IS DOWNGRADED.
APPARENTLY WE SHOULDN'T BE STRIPPING THIS EARLY AND SHOULD ONLY DO IT AT
THE VERY END.
Signed-off-by: Harry Ciao <qingtao.cao at windriver.com>
NOT-Signed-off-by: Eric Paris <eparis at redhat.com>
commit 2bb9cbad00025af10a1a69b71726fd9c5ee3df16
Author: Eric Paris <eparis at redhat.com>
Date: Thu Aug 18 09:58:19 2011 -0400
checkpolicy: fix spacing in output message
The output formatting had two items crammed together without a space.
Add a space.
Signed-off-by: Eric Paris <eparis at redhat.com>
commit 823d1bb8c25ce95a0e88669bfd069a4be6ba09f8
Author: Eric Paris <eparis at redhat.com>
Date: Wed Jun 29 01:49:20 2011 -0400
libsemanage: don't mess with /root in genhomedircon
Fedora treats /root different then all other HOME Directories. We label
it admin_home_t, refpolicy labels it the same as /home/dwalsh. I feel
this is wrong since so many root processes deal with /root differently
then /home/dwalsh.
The code in genhomedircon that deals with /root is to setup labeling of
/root the same as /home/dwalsh
Signed-off-by: Eric Paris <eparis at redhat.com>
commit 54e9ca7369e04dedc56f0f8227df7efc140e4f90
Author: Eric Paris <eparis at redhat.com>
Date: Wed Jun 29 01:38:51 2011 -0400
libsemanage: change module disabled from rename to symlink
Change the way libsemanage handles disabled modules. In the current
method libsemanage renames the FOO.pp file to FOO.pp.disabled and then
the rebuild process ignores *.disabled modules.
Since we want to start shipping
/etc/selinux/targeted/modules/active/modules/*.pp within the payload of
the rpm. If we continued this method, a policy update would re-enable a
module.
The new mechanism will just create a symbolic link between FOO.pp and
FOO.pp.disabled. Then the library will check all modules, and if a
module has a link, it will not be compiled into the policy. This solves
the rpm update problem. and actually gives us an easier update
capability since if FOO.pp.disabled already exists using the old method,
it will continue to work with the new method.
Signed-off-by: Eric Paris <eparis at redhat.com>
commit 47fee8030fe83a27d0de6be3eb214f421d03ce21
Author: Dan Walsh <dwalsh at redhat.com>
Date: Mon Aug 22 09:46:59 2011 -0400
libsemanage: python wrapper makefile changes
Allow Change libsemanage Makefile to be able to build by default and to build
if you change the version of Python
Signed-off-by: Eric Paris <eparis at redhat.com>
commit 896aa3e78b5082604c3100912c7bdd5793e894bb
Author: Eric Paris <eparis at redhat.com>
Date: Wed Aug 3 14:00:48 2011 -0400
libselinux: matchpathcon: use vsyslog instead of stderr FIXME
Convert matchpathcon to use vsyslog for errors instead of stderr.
This isn't a library, why shouldn't we use stderr?
NOT-Signed-off-by: Eric Paris <eparis at redhat.com>
commit b92c8c9b7d72121cdf9dedcb7bf13ddd6deb10b2
Author: Eric Paris <eparis at redhat.com>
Date: Tue Jul 5 00:28:42 2011 -0400
libselinux: do not use stderr/out if selinux is disabled
Kerberos libraries do not expect libraries many levels lower to spew
messages to STDERR or STDOUT, and this causes kerberos to potentially do
whacky things like deny access, because the user has a screwed up file
context file.
Signed-off-by: Eric Paris <eparis at redhat.com>
commit 2e0ddb52ca4a943cbc2f11e326d5a90cdbe17c13
Author: Richard Haines <richard_c_haines at btinternet.com>
Date: Wed Mar 9 16:34:08 2011 +0000
libselinux: selinux_file_context_verify function returns wrong value.
selinux_file_context_verify(3) should now return the correct codes and
matchpathcon(8) has been modified to handle them.
The selinux_file_context_verify(3)and selinux_file_context_cmp(3) man pages
have also been updated (re-written really) to correct return codes.
I found that selabel_open left errno set to ENOENT because a
file_contexts.subs file did not exist on my system, but left selabel_open
alone and set errno = 0 before calling selinux_filecontext_cmp.
[fix uninitialize init variable in matchpathcon.c::main - eparis]
Signed-off-by: Eric Paris <eparis at redhat.com>
commit 00ce774f781c93df269109a47967e13dc1da733e
Author: Eric Paris <eparis at redhat.com>
Date: Wed Aug 17 11:24:25 2011 -0400
libselinux: move realpath helper to matchpathcon library
Instead of only doing path simplification and symlink following for the
matchpathcon helper instead do it in the library potion. This was an
issue when in python some called selinux.matchpatchcon("//lib64", 0) and
got the wrong answer (because the // wasn't being dealt with)
Signed-off-by: Eric Paris <eparis at redhat.com>
commit dcca498b0d495f96d3846a9027f19429404365da
Author: Dan Walsh <dwalsh at redhat.com>
Date: Mon Aug 22 09:58:11 2011 -0400
libselinux: python wrapper makefile changes
Allow Change libselinux Makefile to be able to build by default and to build
if you change the version of Python
Signed-off-by: Eric Paris <eparis at redhat.com>
-----------------------------------------------------------------------
Summary of changes:
Makefile | 25 +-----
checkpolicy/module_compiler.c | 16 ++++-
checkpolicy/module_compiler.h | 1 +
checkpolicy/policy_define.c | 4 +-
checkpolicy/policy_define.h | 2 +-
checkpolicy/policy_parse.y | 8 ++-
checkpolicy/policy_scan.l | 2 +
checkpolicy/test/dispol.c | 2 +-
libselinux/src/Makefile | 5 +-
libselinux/src/matchpathcon.c | 75 ++++++++++++++++-
libselinux/utils/matchpathcon.c | 70 +---------------
libsemanage/src/Makefile | 5 +-
libsepol/include/sepol/policydb/conditional.h | 5 +-
libsepol/include/sepol/policydb/policydb.h | 5 +-
libsepol/src/conditional.c | 22 +++++-
libsepol/src/expand.c | 13 +++
libsepol/src/link.c | 110 ++++++++++++++++++++++++-
libsepol/src/policydb.c | 14 +++
libsepol/src/write.c | 18 ++++
policycoreutils/setfiles/restore.c | 26 +++---
policycoreutils/setfiles/setfiles.c | 3 +-
sepolgen/src/sepolgen/access.py | 13 ++-
sepolgen/src/sepolgen/audit.py | 46 ++++++++++-
sepolgen/src/sepolgen/defaults.py | 3 +
sepolgen/src/sepolgen/interfaces.py | 73 +++++++++++++++--
sepolgen/src/sepolgen/matching.py | 9 +-
sepolgen/src/sepolgen/policygen.py | 38 ++++++++-
sepolgen/src/sepolgen/refparser.py | 5 +-
sepolgen/src/share/perm_map | 51 +++++++-----
29 files changed, 501 insertions(+), 168 deletions(-)
hooks/post-receive
--
SELinux userland upstream repository
More information about the selinux-commits
mailing list