[SELinux commit]SELinux userland upstream repository branch, master, updated. 20080909-503-g14e4b70
eparis at oss.tresys.com
eparis at oss.tresys.com
Thu Nov 3 14:54:51 CDT 2011
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "SELinux userland upstream repository".
The branch, master has been updated
via 14e4b70b933a330fc1e63bf0ac5ebab4f9664062 (commit)
via 077e8635173ae51576ee6c27eb7c6d12243294e9 (commit)
via 9cbd404ceb6c87483a4b8b2718b8d9ed8e4e6b56 (commit)
via 10fb8fdbb16c3cc8a5a4abb3edd98a85756772b8 (commit)
via b9b7bddb28c85a7cc2340c753f37b21bd7a14dbd (commit)
via d4a39ca15b5a41b545630aeaa04e96fe7c0346fe (commit)
via 24b31a9da5a6f7f9d056ab13367ebdcb1fb3c585 (commit)
via e018eec325264aa33dfb25094f3566cc5df5f401 (commit)
via d5475a909a570d72c75bc86dbb4e449c0ba7bb57 (commit)
via 148682066511f76a1b5d0d4ae10268f85140673e (commit)
via 5e50b01fa45220e31b78e822db15a8c5fa4d5661 (commit)
via 88234671ed0d1db27c986f009570c6cbe730d259 (commit)
via e134013ab705e6edaf3311d4dc9db7c81e84e775 (commit)
via 4a145b76d02a0ff179758773e028333e020184f7 (commit)
via 9961ca64990f9547f5f7921d1766f57905098e10 (commit)
via 48681bb49c032d4c399e8331126c5dca020e0b3e (commit)
via 672eb80648152e7be67ff9a1b0afe8fd9467888b (commit)
via a67cd948c4a907a1adcb2aa72686f8aebb096213 (commit)
via 9ef48acb374b93bc34e0840b39d7c3bbc343dcb7 (commit)
via 1c15c8b537b6c632074fac07019e0c3e012687a5 (commit)
via 9cc0749a737dcf0f7909885e5f043b0cde54325c (commit)
via 5c2a0d143de7920b9edf070518d22f4e7dce5481 (commit)
via 1d274aca2dca306d7dd6e37d81e54e278d175a9d (commit)
via 2c4eca16dd4aaf2f7830012908aef66109106d82 (commit)
via 06f53004d93ddb6bd4e2b2f4d697c8cedf382e47 (commit)
via 0a778ba601d68ef91304f90c101b5dc67d433e04 (commit)
via 2f68def6338d072ae13328cf6357a4468408ce1b (commit)
via 2b06f474006db3f32895dab9e393324febb9e16f (commit)
via 74a9a5296688e2617d669b346d3f5ef6e31ae2d9 (commit)
via dd563b35e1f6918e5c96de29ea255b04ad34e891 (commit)
via 3b5e45f004e508cca8958f6e3a46961753af291e (commit)
via 9c46a0a3153124753e3afbd2090fea65a09e1df1 (commit)
via 86e8daafc3755820272c0f36a3dd115f0b01c93d (commit)
via 023c9c1fdee963606d830b70db108bd9031390f4 (commit)
via c81a43c753efbda6f2106dbf0a291005683474f8 (commit)
via b3b19fdce58ff6ddfa6dfb8e5576c922c96e1e45 (commit)
via 468bff095253171300a5faa4bb23f0b2524fde08 (commit)
via fdeeccaa0ec11a5a549c60fc2da1f4dcd8eb5c65 (commit)
from 5054b9019a669b1f85ed0d35e6dff7ee9f449ec6 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 14e4b70b933a330fc1e63bf0ac5ebab4f9664062
Author: Eric Paris <eparis at redhat.com>
Date: Thu Nov 3 15:26:36 2011 -0400
Bump Version and Changelog for commit
commit 077e8635173ae51576ee6c27eb7c6d12243294e9
Author: Dan Walsh <dwalsh at redhat.com>
Date: Thu Oct 13 13:28:35 2011 -0400
sepolgen: Return name field in avc data
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 9cbd404ceb6c87483a4b8b2718b8d9ed8e4e6b56
Author: Dan Walsh <dwalsh at redhat.com>
Date: Fri Sep 30 09:20:16 2011 -0400
sepolgen: Ignore permissive qualifier if found in an interface
During Rawhide releases we change all "unconfined_domains" to
permissive domains in order to find new AVC messages without breaking
rawhide boxes. The way we do this is changing the unconfined_domain
interface and putting permissive $1; in it. sepolgen does not like
this and blows up the build. This patch tells sepolgen to ignore the
permissive in an interface.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 10fb8fdbb16c3cc8a5a4abb3edd98a85756772b8
Author: Dan Walsh <dwalsh at redhat.com>
Date: Fri Oct 28 16:45:04 2011 -0400
policycoreutils: restorecond: Add .local/share as a directory to watch
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit b9b7bddb28c85a7cc2340c753f37b21bd7a14dbd
Author: Dan Walsh <dwalsh at redhat.com>
Date: Thu Oct 27 10:38:27 2011 -0400
policycoreutils: setfiles: fix use before initialized
There are code paths where ret can be returned without being initialized
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit d4a39ca15b5a41b545630aeaa04e96fe7c0346fe
Author: Eric Paris <eparis at redhat.com>
Date: Thu Sep 29 17:07:54 2011 -0400
policycoreutils: label_file: style changes to make Eric happy.
Sometimes sticking to 80 characters sucks a lot. I don't care. Buy a
wider monitor so I can read the code.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 24b31a9da5a6f7f9d056ab13367ebdcb1fb3c585
Author: Dan Walsh <dwalsh at redhat.com>
Date: Tue Oct 4 17:05:52 2011 -0400
policycoreutils: semodule: Document semodule -p in man page
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit e018eec325264aa33dfb25094f3566cc5df5f401
Author: Eric Paris <eparis at redhat.com>
Date: Thu Sep 29 14:46:26 2011 -0400
policycoreutils: setfiles: close /proc/mounts file when finished
When testing for mount points to exclude we read /proc/mounts. Close
this file when we are finished reading it.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit d5475a909a570d72c75bc86dbb4e449c0ba7bb57
Author: Eric Paris <eparis at redhat.com>
Date: Fri Sep 23 17:39:43 2011 -0400
policycoreutils: make use of the new realpath_not_final function
Instead of coding the exact same thing and calling it symlink_realpath
use the function exported by libselinux.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 148682066511f76a1b5d0d4ae10268f85140673e
Author: Dan Walsh <dwalsh at redhat.com>
Date: Tue Sep 20 13:58:42 2011 -0400
policycoreutils: semanage: Add -o description to the semanage man page
Just a bit of documentation.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 5e50b01fa45220e31b78e822db15a8c5fa4d5661
Author: Stephen Smalley <sds at tycho.nsa.gov>
Date: Mon Sep 19 11:23:03 2011 -0400
policycoreutils: fix sandbox Makefile to support DESTDIR
Fix sandbox Makefile so that make DESTDIR=~/out install works again.
Signed-off-by: Stephen Smalley <sds at tycho.nsa.gov>
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 88234671ed0d1db27c986f009570c6cbe730d259
Author: Guido Trentalancia <guido at trentalancia.com>
Date: Mon Sep 19 07:09:41 2011 -0400
policycoreutils: semodule_package: remove semodule_unpackage on clean
semodule_unpackage was not being removed on clean. Simple Makefile fix.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit e134013ab705e6edaf3311d4dc9db7c81e84e775
Author: Eric Paris <eparis at redhat.com>
Date: Mon Aug 15 20:10:14 2011 -0400
policycoreutils: sandbox: introduce package name and language stuff
Add support for translations to the sandbox utility.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 4a145b76d02a0ff179758773e028333e020184f7
Author: Dan Walsh <dwalsh at redhat.com>
Date: Thu Oct 6 16:05:03 2011 -0400
policycoreutils: restorecond: make restorecond -u exit when terminal closes
Make restorecond -u watch the terminal io channel for and exit indicator
and then exit itself if it is not being run from dbus. If being run
from dbus, dbus takes care of the session cleanup.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 9961ca64990f9547f5f7921d1766f57905098e10
Author: Dan Walsh <dwalsh at redhat.com>
Date: Tue Aug 9 09:58:53 2011 -0400
policycoreutils: restorecon: Always check return code on asprintf
Do not assume it is always a success and error gracefully when it isn't.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 48681bb49c032d4c399e8331126c5dca020e0b3e
Author: Eric Paris <eparis at redhat.com>
Date: Wed Aug 3 11:40:47 2011 -0400
policycoreutils: restorecond: make restorecond dbuss-able
Basically this patch makes restorecond a dbus session service that can
be run in the users session to watch the creation of files in the
homedir. Most of the changes are just to get it to run as a dbus
session and then to allow it to read its own config.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 672eb80648152e7be67ff9a1b0afe8fd9467888b
Author: Eric Paris <eparis at redhat.com>
Date: Tue Jul 19 11:27:22 2011 -0400
policycoreutils: semanage: set modified correctly
I think I was trying to allow an admin to set a bunch of booleans
from a file, but I later added -i and -o options, which would seem to
be a better way to handle many changes at once.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit a67cd948c4a907a1adcb2aa72686f8aebb096213
Author: Eric Paris <eparis at redhat.com>
Date: Mon Jul 18 13:19:30 2011 -0400
policycoreutils: semanage: missing modify=True
Basically we want to trigger a modify of booleans record if the user
specifies --on or --off on a boolean.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 9ef48acb374b93bc34e0840b39d7c3bbc343dcb7
Author: Eric Paris <eparis at redhat.com>
Date: Fri Jul 15 15:42:37 2011 +0200
policycoreutils: semanage: update local boolean settings is dealing with localstore
If someone modifies the boolean settings using semanage, we would
expect them to be reflected on the local system. This change would
change the active settings IFF you are changing the currently running
system.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 1c15c8b537b6c632074fac07019e0c3e012687a5
Author: Eric Paris <eparis at redhat.com>
Date: Sun Jul 10 16:25:18 2011 +0200
policycoreutils: fixfiles: label /root but not /var/lib/BackupPC
This patch removes /root from the excluded dirs.
This also adds /var/lib/BackupPC to list of directories to ignore
labeling. Mainly because this directory tends to be Huge and causes a
huge spike in the amount of time it takes to relabel. Especially if
there is a relabel caused by a policy update.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 9cc0749a737dcf0f7909885e5f043b0cde54325c
Author: Eric Paris <eparis at redhat.com>
Date: Thu Sep 8 17:26:12 2011 -0400
policycoreutils: audit2allow: use audit2why internally
Rather than do things ourselves, use audit2why.
Signed-off-by: Eric Paris <eparis at redhat.com>
commit 5c2a0d143de7920b9edf070518d22f4e7dce5481
Author: Dan Walsh <dwalsh at redhat.com>
Date: Wed Sep 7 14:20:30 2011 -0400
policycoreutils: sandbox: Maintain the LANG environment into the sandbox
When running an app within a sandbox, the application currently
switches to no LANG. This patch will cause the sandboxed app to use
the users LANG.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 1d274aca2dca306d7dd6e37d81e54e278d175a9d
Author: Eric Paris <eparis at redhat.com>
Date: Mon Oct 31 10:48:38 2011 -0400
checkpolicy: drop libsepol dynamic link in checkpolicy
Checkpolicy was using the static link to libsepol, but also defining a
dynamic link (that wasn't needed). This confuses gdb. Drop the dynamic
link request.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 2c4eca16dd4aaf2f7830012908aef66109106d82
Author: Dan Walsh <dwalsh at redhat.com>
Date: Mon Sep 19 08:17:48 2011 -0400
libsemanage: create man5dir if not exist
Make new man page directory if it doesn't exist.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 06f53004d93ddb6bd4e2b2f4d697c8cedf382e47
Author: Guido Trentalancia <guido at trentalancia.com>
Date: Mon Sep 19 07:26:44 2011 -0400
libsemanage: semanage.conf man page
Add a new semanage.conf man page.
Signed-off-by: Eric Paris <eparis at redhat.com>
commit 0a778ba601d68ef91304f90c101b5dc67d433e04
Author: Eric Paris <eparis at redhat.com>
Date: Mon Oct 31 10:55:03 2011 -0400
libsepol: expand: do filename_trans type comparison on mapped representation
The filename_trans code had a bug where duplicate detection was being
done between the unmapped type value of a new rule and the type value of
rules already in policy. This meant that duplicates were not being
silently dropped and were instead outputting a message that there was a
problem. It made things hard because the message WAS using the mapped
type to convert to the string representation, so it didn't look like a
dup!
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 2f68def6338d072ae13328cf6357a4468408ce1b
Author: Steve Lawrence <slawrence at tresys.com>
Date: Tue Oct 18 08:34:41 2011 -0400
libsepol: Move ebitmap_* functions from mcstrans to libsepol
This patches moves some ebitmap functions (and, xor, not, etc.) from
mcstrans into libsepol, where they really belong and could be used by
other applications (e.g. CIL)
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 2b06f474006db3f32895dab9e393324febb9e16f
Author: Eric Paris <eparis at redhat.com>
Date: Fri Sep 23 17:38:09 2011 -0400
libselinux: rename and export symlink_realpath
symlink_realpath is used by both libselinux and policycoreutils.
Instead of coding it twice, export the libselinux version under a new
name that makes it sound more generic.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 74a9a5296688e2617d669b346d3f5ef6e31ae2d9
Author: Dan Walsh <dwalsh at redhat.com>
Date: Thu Oct 27 10:00:21 2011 -0400
libselinux: audit2why: close fd on enomem
Potential file descriptor leak on this code path, need to close file
descriptor if out of memory.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit dd563b35e1f6918e5c96de29ea255b04ad34e891
Author: Dan Walsh <dwalsh at redhat.com>
Date: Mon Oct 24 13:47:36 2011 -0400
libselinux: seusers: fix to handle large sets of groups
If a user was in too many groups the check_group function might not pass
a large enough buffer to getgrnam_r to handle things. This could return
ERANGE which we then aborted. Instead we should make the buffer larger and
try again.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 3b5e45f004e508cca8958f6e3a46961753af291e
Author: Dan Walsh <dwalsh at redhat.com>
Date: Thu Oct 20 15:43:12 2011 -0400
libselinux: Don't reinitialize avc_init if it has been called previously
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 9c46a0a3153124753e3afbd2090fea65a09e1df1
Author: Dan Walsh <dwalsh at redhat.com>
Date: Thu Oct 20 15:14:08 2011 -0400
libselinux: simple interface for access checks
Some programs, like passwd, need to do simeple one time access checks.
Rather than set up a full avc cache and use that infrastructure they
were directly using security_compute_av. A problem with this approach
is the lack of audit on denials. This patch creates a new interface
that is simple to use and which will still listen to things like
permissive and output audit messages on denials.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 86e8daafc3755820272c0f36a3dd115f0b01c93d
Author: Dan Walsh <dwalsh at redhat.com>
Date: Thu Oct 20 15:13:17 2011 -0400
libselinux: maintain mode even if umask is tighter
When certain programs were run which created new files they would get
default permissions based on the current users umask. However these
files should get the same permissions as those files which they
replaced. Do that.
Patch from: Stephen Smalley
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 023c9c1fdee963606d830b70db108bd9031390f4
Author: Eric Paris <eparis at redhat.com>
Date: Mon Oct 3 15:44:14 2011 -0400
libselinux: label: cosmetic cleanups
Return early to save an indent. Clean up all memory on ENOMEM
conditions. Use '\0' instead of 0 for nul terminiator. Style changes
to make Eric happy.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit c81a43c753efbda6f2106dbf0a291005683474f8
Author: Eric Paris <eparis at redhat.com>
Date: Wed Sep 28 17:15:16 2011 -0400
libselinux: libsemanage: libsepol: regenerate .pc on VERSION change
The makefile which generated the package config files did not have the
VERSION file as a dependancy. Thus if you updated a tree you have
previously build the .pc file wouldn't be rebuilt and the old version
would be reinstalled.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit b3b19fdce58ff6ddfa6dfb8e5576c922c96e1e45
Author: Eric Paris <eparis at redhat.com>
Date: Thu Sep 22 09:32:44 2011 -0400
libselinux: load_policy: handle selinux=0 and /sys/fs/selinux not exist
Handle situation where selinux=0 passed to the kernel and both /selinux and
/sys/fs/selinux directories do not exist. We used to handle selinux=0
(or kernel compile without selinux) by getting ENODEV when we tried to
mount selinuxfs on /selinux. Now selinux=0 means that /sys/fs/selinux
won't exist and we never create the real directory /selinux at all. So
we get ENOENT instead of ENODEV. The solution is to check to see if the
mount failure was for ENODEV and if not to check if selinuxfs exists in
/proc/filesystems at all. If it doesn't exist, that's equivalent to
ENODEV.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit 468bff095253171300a5faa4bb23f0b2524fde08
Author: Eric Paris <eparis at redhat.com>
Date: Mon Sep 19 16:38:33 2011 -0400
tree: Makefiles: syntax, convert all ${VAR} to $(VAR)
This is purely personal preference. Most of the Makefiles use $() for
Makefile variables, but a couple of places use ${}. Since this obscured
some later Makefile changes I figured I'd just make them all the same up
front.
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit fdeeccaa0ec11a5a549c60fc2da1f4dcd8eb5c65
Author: Eric Paris <eparis at redhat.com>
Date: Wed Nov 2 13:03:59 2011 -0400
Revert "checkpolicy: Redo filename/filesystem syntax to support filename trans rules"
This reverts commit d72a9ec825ef2a8723510f62292cf2adfd4a2a6c. It should
never have been added. It breaks the correct wrapping of filenames in "
-----------------------------------------------------------------------
Summary of changes:
checkpolicy/ChangeLog | 4 +
checkpolicy/VERSION | 2 +-
checkpolicy/policy_parse.y | 28 +-
checkpolicy/policy_scan.l | 7 +-
checkpolicy/test/Makefile | 2 +-
libselinux/ChangeLog | 12 +
libselinux/VERSION | 2 +-
libselinux/include/selinux/selinux.h | 27 ++
libselinux/man/man3/security_compute_av.3 | 5 +
...{checkPasswdAccess.3 => selinux_check_access.3} | 0
libselinux/src/Makefile | 4 +-
libselinux/src/audit2why.c | 1 +
libselinux/src/avc.c | 3 +
libselinux/src/checkAccess.c | 32 ++
libselinux/src/init.c | 45 ++-
libselinux/src/label.c | 92 +++--
libselinux/src/label_file.c | 47 ++-
libselinux/src/load_policy.c | 2 +-
libselinux/src/matchpathcon.c | 4 +-
libselinux/src/selinux_internal.h | 1 +
libselinux/src/seusers.c | 28 +-
libsemanage/ChangeLog | 6 +
libsemanage/VERSION | 2 +-
libsemanage/man/Makefile | 3 +
libsemanage/man/man5/semanage.conf.5 | 93 +++++
libsemanage/src/Makefile | 2 +-
libsemanage/src/semanage_store.c | 6 +-
libsepol/ChangeLog | 5 +
libsepol/VERSION | 2 +-
libsepol/include/sepol/policydb/ebitmap.h | 6 +
libsepol/src/Makefile | 2 +-
libsepol/src/ebitmap.c | 76 ++++
libsepol/src/expand.c | 10 +-
libsepol/src/private.h | 3 +
policycoreutils/ChangeLog | 22 +-
policycoreutils/VERSION | 2 +-
policycoreutils/audit2allow/Makefile | 2 +-
policycoreutils/audit2allow/audit2allow | 19 +-
policycoreutils/audit2why/Makefile | 2 +-
policycoreutils/load_policy/Makefile | 2 +-
policycoreutils/mcstrans/src/mcstrans.c | 91 +----
policycoreutils/newrole/Makefile | 18 +-
policycoreutils/restorecond/Makefile | 26 +-
.../restorecond/org.selinux.Restorecond.service | 3 +
policycoreutils/restorecond/restorecond.8 | 15 +-
policycoreutils/restorecond/restorecond.c | 433 ++++----------------
policycoreutils/restorecond/restorecond.conf | 5 +-
policycoreutils/restorecond/restorecond.desktop | 7 +
policycoreutils/restorecond/restorecond.h | 19 +-
policycoreutils/restorecond/restorecond.init | 7 +-
policycoreutils/restorecond/restorecond_user.conf | 8 +
policycoreutils/restorecond/user.c | 259 ++++++++++++
policycoreutils/restorecond/watch.c | 272 ++++++++++++
policycoreutils/run_init/Makefile | 8 +-
policycoreutils/sandbox/Makefile | 9 +-
policycoreutils/sandbox/seunshare.c | 28 ++
policycoreutils/scripts/Makefile | 2 +-
policycoreutils/scripts/fixfiles | 2 +-
policycoreutils/secon/Makefile | 4 +-
policycoreutils/semanage/Makefile | 2 +-
policycoreutils/semanage/semanage | 4 +
policycoreutils/semanage/semanage.8 | 3 +
policycoreutils/semanage/seobject.py | 30 ++-
policycoreutils/semodule/Makefile | 2 +-
policycoreutils/semodule/semodule.8 | 3 +
policycoreutils/semodule/semodule.c | 1 +
policycoreutils/semodule_deps/Makefile | 4 +-
policycoreutils/semodule_expand/Makefile | 4 +-
policycoreutils/semodule_link/Makefile | 4 +-
policycoreutils/semodule_package/Makefile | 6 +-
policycoreutils/sepolgen-ifgen/Makefile | 4 +-
policycoreutils/sestatus/Makefile | 4 +-
policycoreutils/setfiles/Makefile | 4 +-
policycoreutils/setfiles/restore.c | 45 +--
policycoreutils/setsebool/Makefile | 2 +-
sepolgen/ChangeLog | 4 +
sepolgen/VERSION | 2 +-
sepolgen/src/sepolgen/audit.py | 3 +
sepolgen/src/sepolgen/refparser.py | 7 +
79 files changed, 1277 insertions(+), 690 deletions(-)
copy libselinux/man/man3/{checkPasswdAccess.3 => selinux_check_access.3} (100%)
create mode 100644 libsemanage/man/man5/semanage.conf.5
create mode 100644 policycoreutils/restorecond/org.selinux.Restorecond.service
create mode 100644 policycoreutils/restorecond/restorecond.desktop
create mode 100644 policycoreutils/restorecond/restorecond_user.conf
create mode 100644 policycoreutils/restorecond/user.c
create mode 100644 policycoreutils/restorecond/watch.c
hooks/post-receive
--
SELinux userland upstream repository
More information about the selinux-commits
mailing list