[SELinux commit]SELinux userland upstream repository branch, master, updated. 20080909-424-g1f8cf40
eparis at oss.tresys.com
eparis at oss.tresys.com
Fri Aug 26 14:48:38 CDT 2011
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "SELinux userland upstream repository".
The branch, master has been updated
via 1f8cf403be49dd8b918e2ff21969a6a47928d672 (commit)
via 3f1446944eef99734bf4caef093b7fc1de51c747 (commit)
via de311acdc976f8a8ec186d99181782e56b12b454 (commit)
via ddc5063c167ea3c253262c79c177d72c6aab68f9 (commit)
via a0e2e16878c2aae375920f8fef8efe07bcd6ac3d (commit)
via 37644bfa936505cbfa9ab9cc20842ccaea89e036 (commit)
via 83e6416bca8d0d4a2c0ab804e9789610acd40426 (commit)
via f6558d9cecae6653e589039359465f796cca7d9a (commit)
via bf22cff3ea931abfe431856b015390600f969770 (commit)
via 149afc688a53839e57ca541dfa1f84c946bb6399 (commit)
via d6c09608cd6a1c29fa2befd1b9769350f3bdee50 (commit)
via 64b7a309c5d44ea1cefe84888e638dcdd6fa7ec4 (commit)
via 26ff83cf87b58247646894bd252de4ed74b391f8 (commit)
via da7ae7951c692a60b6137ebaf6f33232a9bd63be (commit)
via 3c5abbc34110b8f4393d011a2d6eb8484131ca24 (commit)
via baf4d59407c1663b29498c533b54e75bf648567b (commit)
via d7258412392f005e297d3a02670740e14057790f (commit)
via 74bb5c01d651d1f35f863d53671e55d9686cd079 (commit)
via 1701e786eaaf25b8b2fa3484691b9a06e6130658 (commit)
via 406ae12e31ac60ccbecc67dc1314dd88491ca9cd (commit)
via 89e3dd6c30edc2ffa1e52e8ed162c1085c6d6c9b (commit)
via 8fb9a4571d3db8675ec12ba5ee1e2f2c3cefbeec (commit)
via 242a98cd21adcb126305c9e2f0522564b702af3e (commit)
via 5ffa296798f892c6ba4946bd8181036dfddf29c9 (commit)
via 142209161fc5a383a8f34a7fd73bf6a8ecf349f3 (commit)
via e759841c08eb97bf7c8f7cd3197fe7758cd4cba6 (commit)
via acb4ecaa0111a428b2c443e0db937caa09696923 (commit)
via bc1a8e2a4af543d04e8df70a92a5a7a3aeebf669 (commit)
via 7df397d3d916e7018981b9fcf8062f992b4cec49 (commit)
via 57c6012f8662d8f40d42fe145a5ec55bbd1b0f73 (commit)
from 6b6b475dcfe77dbf3d37b4f6e4fee3539346f359 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 1f8cf403be49dd8b918e2ff21969a6a47928d672
Author: Eric Paris <eparis at redhat.com>
Date: Fri Aug 26 15:11:58 2011 -0400
update changelog and versions for 2011-08-26
commit 3f1446944eef99734bf4caef093b7fc1de51c747
Author: Eric Paris <eparis at redhat.com>
Date: Fri Aug 26 14:46:02 2011 -0400
sepolgen: refparser: include open among valid permissions
The perser doesn't recognize 'open'. Make it so.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit de311acdc976f8a8ec186d99181782e56b12b454
Author: Eric Paris <eparis at redhat.com>
Date: Fri Aug 26 14:44:33 2011 -0400
sepolgen: refparser: add support for filename_trans rules
The parser cannot handle the new format of filename_trans rules. Nor
can it handle the " now used. Add support for both.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit ddc5063c167ea3c253262c79c177d72c6aab68f9
Author: Dan Walsh <dwalsh at redhat.com>
Date: Tue Aug 23 14:46:37 2011 -0400
policycoreutils: setfiles: Fix process_glob to handle error situations properly
Rather than error when a glob does not match return success as this is
not a problem.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Eric Paris <eparis at redhat.com>
commit a0e2e16878c2aae375920f8fef8efe07bcd6ac3d
Author: Dan Walsh <dwalsh at redhat.com>
Date: Tue Jul 26 10:42:26 2011 -0400
policycoreutils: sandbox: Allow seunshare to run as root
Signed-off-by: Dan Walsh <dwalsh at redhat.com>
commit 37644bfa936505cbfa9ab9cc20842ccaea89e036
Author: Dan Walsh <dwalsh at redhat.com>
Date: Wed Jul 6 20:52:38 2011 -0400
policycoreutils: sandbox: trap sigterm to make sure sandbox exits with the proper exit code
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 83e6416bca8d0d4a2c0ab804e9789610acd40426
Author: Dan Walsh <dwalsh at redhat.com>
Date: Tue Jun 7 08:34:04 2011 -0400
policycoreutils: sandbox: pass DPI from the desktop
Fix sandbox to pass DPI from the desktop to the sandbox program.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit f6558d9cecae6653e589039359465f796cca7d9a
Author: Eric Paris <eparis at redhat.com>
Date: Fri Aug 5 14:06:34 2011 -0400
policycoreutils: sandbox: seunshare: introduce helper spawn_command
Introduce a helper which will spawn children and wait for them to exit
so we don't have to keep writing that code over and over.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit bf22cff3ea931abfe431856b015390600f969770
Author: Eric Paris <eparis at redhat.com>
Date: Fri Aug 5 14:36:29 2011 -0400
policycoreutils: sandbox: seunshare: introduce new filesystem helpers
These are just simple new helpers which make it easy to check uid, gid,
if two stat results are the same and things like that.
Signed-off-by: Eric Paris <eparis at redhat.com>
commit 149afc688a53839e57ca541dfa1f84c946bb6399
Author: Dan Walsh <dwalsh at redhat.com>
Date: Mon Jun 13 13:24:38 2011 -0400
policycoreutils: sandbox: add -C option to not drop all capabilities
Some sandbox might want to be able to run a suid app. Add the -C option
to allow capabilities to stay in the bounding set, and thus be allowed
inside the sandbox.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit d6c09608cd6a1c29fa2befd1b9769350f3bdee50
Author: Eric Paris <eparis at redhat.com>
Date: Fri Aug 5 13:33:35 2011 -0400
policycoreutils: sandbox: split seunshare caps dropping
Split drop_capabilities into drop_privs, which does the same thing, and
drop_caps, which only drops caps but doesn't affect the uid.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 64b7a309c5d44ea1cefe84888e638dcdd6fa7ec4
Author: Eric Paris <eparis at redhat.com>
Date: Mon Aug 15 19:59:41 2011 -0400
policycoreutils: sandbox: use dbus-launch
Instead of directly calling, use dbus-launch.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 26ff83cf87b58247646894bd252de4ed74b391f8
Author: Eric Paris <eparis at redhat.com>
Date: Mon Aug 15 19:57:12 2011 -0400
policycoreutils: sandbox: numerous simple updates to sandbox
Little things like better error messages, usage text, code duplication
and the like.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit da7ae7951c692a60b6137ebaf6f33232a9bd63be
Author: Eric Paris <eparis at redhat.com>
Date: Mon Aug 15 16:00:04 2011 -0400
policycoreutils: sandbox: do not require selinux context
seunshare can be used on non-selinux systems. It can also be used
without transition to a new context. Thus we should not require that a
context be set.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 3c5abbc34110b8f4393d011a2d6eb8484131ca24
Author: Eric Paris <eparis at redhat.com>
Date: Mon Aug 15 13:56:02 2011 -0400
policycoreutils: sandbox: Makefile: new man pages
we have man pages which aren't being instelled with make install. We
also do not include -Werror -Wall -Wextra in the build like we do with
other packages, so include those.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit baf4d59407c1663b29498c533b54e75bf648567b
Author: Eric Paris <eparis at redhat.com>
Date: Wed Aug 10 17:43:14 2011 -0400
policycoreutils: sandbox: rename dir to srcdir
Just a simple variable rename to make it clear what it does.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit d7258412392f005e297d3a02670740e14057790f
Author: Eric Paris <eparis at redhat.com>
Date: Wed Aug 10 17:22:41 2011 -0400
policycoreutils: sandbox: allow users specify sandbox window size
This allows users to create sandbox windows of a specified size on the
command line.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 74bb5c01d651d1f35f863d53671e55d9686cd079
Author: Eric Paris <eparis at redhat.com>
Date: Wed Aug 10 16:28:36 2011 -0400
policycoreutils: sandbox: check for paths up front
When launching a sandbox x environment we should check up front to make
sure that the seunshare and sandboxsh files exist and bail politely if
they do not exist.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 1701e786eaaf25b8b2fa3484691b9a06e6130658
Author: Eric Paris <eparis at redhat.com>
Date: Wed Aug 10 16:13:26 2011 -0400
policycoreutils: sandbox: use defined values for paths rather than open coding
Rather than putting pathnames all throughout the file define them as
variables and reuse these variables where needed.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 406ae12e31ac60ccbecc67dc1314dd88491ca9cd
Author: Eric Paris <eparis at redhat.com>
Date: Wed Aug 3 16:23:12 2011 -0400
policycoreutils: sandbox: move seunshare globals to the top
Just coding style, globals go at the top of .c files, not randomly
throughout.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 89e3dd6c30edc2ffa1e52e8ed162c1085c6d6c9b
Author: Eric Paris <eparis at redhat.com>
Date: Wed Aug 3 14:27:32 2011 -0400
policycoreutils: sandbox: whitespace fix
couple of whitespace at the end of the line.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 8fb9a4571d3db8675ec12ba5ee1e2f2c3cefbeec
Author: Dan Walsh <dwalsh at redhat.com>
Date: Thu Aug 4 09:53:34 2011 -0400
policycoreutils: semodule_package: Add semodule_unpackage executable
Much like semodule_package this utility will unpack!
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 242a98cd21adcb126305c9e2f0522564b702af3e
Author: Eric Paris <eparis at redhat.com>
Date: Sun Jul 10 17:32:14 2011 +0200
policycoreutils: setfiles: get rid of some stupid globals
We have some useless globals in setfiles that don't need to be. Stop
it.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 5ffa296798f892c6ba4946bd8181036dfddf29c9
Author: Eric Paris <eparis at redhat.com>
Date: Sun Jul 10 16:46:38 2011 +0200
policycoreutils: setfiles: move exclude_non_seclabel_mounts to a generic location
move exclude_non_seclabel_mounts from setfiles.c to restore.c so it can
be used by other functions later.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 142209161fc5a383a8f34a7fd73bf6a8ecf349f3
Author: Eric Paris <eparis at redhat.com>
Date: Thu Aug 11 23:36:14 2011 -0400
global: Makefile: create global 'all' target
This does 2 things. It does a little cleanup by de-duplicating code.
It also adds a new target 'all' as the default target. Previous the
default target was 'install'. There was no 'all' target. This patch
should allow one to build all of the tree as a non-root user.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit e759841c08eb97bf7c8f7cd3197fe7758cd4cba6
Author: Eric Paris <eparis at redhat.com>
Date: Thu Aug 18 09:58:19 2011 -0400
checkpolicy: fix spacing in output message
The output formatting had two items crammed together without a space.
Add a space.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit acb4ecaa0111a428b2c443e0db937caa09696923
Author: Dan Walsh <dwalsh at redhat.com>
Date: Mon Aug 22 09:46:59 2011 -0400
libsemanage: python wrapper makefile changes
Allow Change libsemanage Makefile to be able to build by default and to build
if you change the version of Python
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit bc1a8e2a4af543d04e8df70a92a5a7a3aeebf669
Author: Richard Haines <richard_c_haines at btinternet.com>
Date: Wed Mar 9 16:34:08 2011 +0000
libselinux: selinux_file_context_verify function returns wrong value.
selinux_file_context_verify(3) should now return the correct codes and
matchpathcon(8) has been modified to handle them.
The selinux_file_context_verify(3)and selinux_file_context_cmp(3) man pages
have also been updated (re-written really) to correct return codes.
I found that selabel_open left errno set to ENOENT because a
file_contexts.subs file did not exist on my system, but left selabel_open
alone and set errno = 0 before calling selinux_filecontext_cmp.
[fix uninitialize init variable in matchpathcon.c::main - eparis]
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 7df397d3d916e7018981b9fcf8062f992b4cec49
Author: Eric Paris <eparis at redhat.com>
Date: Wed Aug 17 11:24:25 2011 -0400
libselinux: move realpath helper to matchpathcon library
Instead of only doing path simplification and symlink following for the
matchpathcon helper instead do it in the library potion. This was an
issue when in python some called selinux.matchpatchcon("//lib64", 0) and
got the wrong answer (because the // wasn't being dealt with)
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 57c6012f8662d8f40d42fe145a5ec55bbd1b0f73
Author: Dan Walsh <dwalsh at redhat.com>
Date: Mon Aug 22 09:58:11 2011 -0400
libselinux: python wrapper makefile changes
Allow Change libselinux Makefile to be able to build by default and to build
if you change the version of Python
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
-----------------------------------------------------------------------
Summary of changes:
Makefile | 20 +--
checkpolicy/ChangeLog | 3 +
checkpolicy/VERSION | 2 +-
checkpolicy/test/dispol.c | 2 +-
libselinux/ChangeLog | 5 +
libselinux/VERSION | 2 +-
libselinux/include/selinux/selinux.h | 2 +-
libselinux/man/man3/selinux_file_context_cmp.3 | 74 +++++++--
libselinux/man/man3/selinux_file_context_verify.3 | 99 +++++++++++-
libselinux/src/Makefile | 5 +-
libselinux/src/matchpathcon.c | 88 +++++++++-
libselinux/utils/matchpathcon.c | 80 +--------
libsemanage/ChangeLog | 3 +
libsemanage/VERSION | 2 +-
libsemanage/src/Makefile | 5 +-
policycoreutils/ChangeLog | 23 +++
policycoreutils/VERSION | 2 +-
policycoreutils/sandbox/Makefile | 8 +-
policycoreutils/sandbox/sandbox | 119 +++++++++----
policycoreutils/sandbox/sandbox.8 | 18 ++-
policycoreutils/sandbox/sandbox.conf | 7 +
policycoreutils/sandbox/sandbox.conf.5 | 40 +++++
policycoreutils/sandbox/sandboxX.sh | 18 ++-
policycoreutils/sandbox/seunshare.8 | 40 +++++
policycoreutils/sandbox/seunshare.c | 185 ++++++++++++++++----
policycoreutils/sandbox/start | 9 +
policycoreutils/semodule_package/Makefile | 4 +-
.../semodule_package/semodule_package.8 | 2 +-
.../semodule_package/semodule_unpackage.8 | 24 +++
.../semodule_package/semodule_unpackage.c | 103 +++++++++++
policycoreutils/setfiles/restore.c | 88 ++++++++--
policycoreutils/setfiles/restore.h | 1 +
policycoreutils/setfiles/setfiles.c | 77 +--------
sepolgen/ChangeLog | 4 +
sepolgen/VERSION | 2 +-
sepolgen/src/sepolgen/refparser.py | 5 +-
36 files changed, 880 insertions(+), 291 deletions(-)
create mode 100644 policycoreutils/sandbox/sandbox.conf
create mode 100644 policycoreutils/sandbox/sandbox.conf.5
create mode 100644 policycoreutils/sandbox/seunshare.8
create mode 100644 policycoreutils/sandbox/start
create mode 100644 policycoreutils/semodule_package/semodule_unpackage.8
create mode 100644 policycoreutils/semodule_package/semodule_unpackage.c
hooks/post-receive
--
SELinux userland upstream repository
More information about the selinux-commits
mailing list