[SELinux commit]SELinux userland upstream repository branch, queue, updated. 20080909-525-g7378684
eparis at oss.tresys.com
eparis at oss.tresys.com
Thu Nov 3 14:56:43 CDT 2011
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "SELinux userland upstream repository".
The branch, queue has been updated
discards 04278309e97daeaff59c9f4a3f8b660b1f3ddec4 (commit)
discards 81f257ba63f5c21bbf50af861979a8a9dcef9cc6 (commit)
discards 53b7d941b17e37bd0275aa84ee0dc9ba954049d1 (commit)
discards 6425ed3c5d1a68466f7860fb5f8e27ebaa4c0164 (commit)
discards bb65d5d96abc007b78c3fc505286fff36662f459 (commit)
discards 10965fc85d88cf3e34df0ff0aec562b07c4eec01 (commit)
discards e4bb784fa07610900585307521b144c7c327411b (commit)
discards 0ac86a0b0adf9c5191e8fa6891ecbbe7efdb9c94 (commit)
discards d12915cca9cbcdb7f2d85b415259efc16a1427f4 (commit)
discards 52368533654e6a6965b0d506a71979ac29392de5 (commit)
discards 8a7a300c97f3fed092478f909c4edf2d0d7b67a4 (commit)
discards 3d68c8aa200f4d42075a31338c12d2dc660a4f2d (commit)
discards ecaafd38a8a9dc1e7869d025f508fbad476261d6 (commit)
discards 415c1dda1a9d9ac0f9d10ef2515f3b6c23933b43 (commit)
discards 59dd0a92507a8c5406ec475a425bd94c8e02835a (commit)
discards 2d97d30b4e4afeed735ced8790c301d663a8cff4 (commit)
discards cecba3e3e28a2366bd6b6a08f6312e75aafc0382 (commit)
discards f97430f7401adfe086162440c1bf429f347f57e8 (commit)
discards 1ad391592e876c2a2dc56f583ab7e1607548609e (commit)
discards 6893c31aa4115479dbbc72087088dae71c35b7f6 (commit)
discards 52a848c84eb9bd02dc93ba2652ce49aac40a24da (commit)
discards 1782fc320da176b082366a42f63f1bb6342a3933 (commit)
discards b7ea64c6d43c6c4d6d91ad1f73503893591a1dce (commit)
discards 0cec4fef7e17f6c0d95aefe6e2a37657f1628355 (commit)
discards df455c92af7162727506120f88f87b8813a08a40 (commit)
discards 973e5439e1bd90f3f7912c00a157bf731b33528a (commit)
discards a9c226578528a3bceab714feb8cda7a128627b5a (commit)
discards 554f12a73bf06f687b823d8b3c81fe2feabfa912 (commit)
discards 453c7f3dd3ddf1611e4d50c425e2392f4ddbb427 (commit)
discards 0536d037bee219ecec7620d480d072e31622229e (commit)
discards 3dcf3208f670bfae7f282dda4e52b7453994dc68 (commit)
discards 21244933510084acd28728eea7366b9ffbbdd27d (commit)
discards 9e1a79ff240ada817ab75630c33512201d26967e (commit)
discards 64fedd23279a957fe0f5b125a2ea25a7aa63b9d5 (commit)
via 73786840058f1db8664c1f72ce08f7c354113606 (commit)
via f59e50fa45c2816af494b8a28109c7cebf216aca (commit)
via 71eb7c4f09c19f43c0c7cfe779a5d25930050d11 (commit)
via c9cdd636db66a990031d7f91a746109cd8e9c506 (commit)
via dd96c0b7b15c0e50a91a8cc944402fe4bf92d9fe (commit)
via 8530ed90ae72faefe350c98b88862aaec1a22317 (commit)
via b2efa3bd7d267441340b653bd3891b6a24260262 (commit)
via 7a9b66b0fdfaadedd2e29089fcb18edf25232c2a (commit)
via 6c19e29e943168e75720a0f6d6c46dab213eab22 (commit)
via adaf2549419e7df6b3645ecc61a3cfbb6949547c (commit)
via 932ca600fcdce83c672fe203b69d3f532480f0b9 (commit)
via ff018ab8ad1af9ceb89609725f07f95025609315 (commit)
via fc611dd3307b4ee656931d0a51e98e3df457f31c (commit)
via ae61227fd9381266d1a9bbc271ce7d455743b23f (commit)
via daaf86d636964a28dcb534bd035fd3995ee38d90 (commit)
via 435b6cafb6d97a313d36a599e914f0754579d636 (commit)
via cea2a454ca22448c6f885d267318477a54c56ee6 (commit)
via a2a7874ae9c1aa15e5e7ca1669881b5a5adcfada (commit)
via 6393385af0a2b9736b310dc87884ab85b002544c (commit)
via 06da286cfbee55044e9b5ef08159dd7a842673ba (commit)
via 2c851c75e72cd7524fc499f7f5ec8a993a784c01 (commit)
via bfd20b130c07e375b4240457729653bbe8b8439a (commit)
via 14e4b70b933a330fc1e63bf0ac5ebab4f9664062 (commit)
via 077e8635173ae51576ee6c27eb7c6d12243294e9 (commit)
via 9cbd404ceb6c87483a4b8b2718b8d9ed8e4e6b56 (commit)
via 10fb8fdbb16c3cc8a5a4abb3edd98a85756772b8 (commit)
via b9b7bddb28c85a7cc2340c753f37b21bd7a14dbd (commit)
via d4a39ca15b5a41b545630aeaa04e96fe7c0346fe (commit)
via 24b31a9da5a6f7f9d056ab13367ebdcb1fb3c585 (commit)
via e018eec325264aa33dfb25094f3566cc5df5f401 (commit)
via d5475a909a570d72c75bc86dbb4e449c0ba7bb57 (commit)
via 148682066511f76a1b5d0d4ae10268f85140673e (commit)
via 5e50b01fa45220e31b78e822db15a8c5fa4d5661 (commit)
via 88234671ed0d1db27c986f009570c6cbe730d259 (commit)
via e134013ab705e6edaf3311d4dc9db7c81e84e775 (commit)
via 4a145b76d02a0ff179758773e028333e020184f7 (commit)
via 9961ca64990f9547f5f7921d1766f57905098e10 (commit)
via 48681bb49c032d4c399e8331126c5dca020e0b3e (commit)
via 672eb80648152e7be67ff9a1b0afe8fd9467888b (commit)
via a67cd948c4a907a1adcb2aa72686f8aebb096213 (commit)
via 9ef48acb374b93bc34e0840b39d7c3bbc343dcb7 (commit)
via 1c15c8b537b6c632074fac07019e0c3e012687a5 (commit)
via 9cc0749a737dcf0f7909885e5f043b0cde54325c (commit)
via 5c2a0d143de7920b9edf070518d22f4e7dce5481 (commit)
via 1d274aca2dca306d7dd6e37d81e54e278d175a9d (commit)
via 2c4eca16dd4aaf2f7830012908aef66109106d82 (commit)
via 06f53004d93ddb6bd4e2b2f4d697c8cedf382e47 (commit)
via 0a778ba601d68ef91304f90c101b5dc67d433e04 (commit)
via 2f68def6338d072ae13328cf6357a4468408ce1b (commit)
via 2b06f474006db3f32895dab9e393324febb9e16f (commit)
via 74a9a5296688e2617d669b346d3f5ef6e31ae2d9 (commit)
via dd563b35e1f6918e5c96de29ea255b04ad34e891 (commit)
via 3b5e45f004e508cca8958f6e3a46961753af291e (commit)
via 9c46a0a3153124753e3afbd2090fea65a09e1df1 (commit)
via 86e8daafc3755820272c0f36a3dd115f0b01c93d (commit)
via 023c9c1fdee963606d830b70db108bd9031390f4 (commit)
via c81a43c753efbda6f2106dbf0a291005683474f8 (commit)
via b3b19fdce58ff6ddfa6dfb8e5576c922c96e1e45 (commit)
via 468bff095253171300a5faa4bb23f0b2524fde08 (commit)
via fdeeccaa0ec11a5a549c60fc2da1f4dcd8eb5c65 (commit)
via 5054b9019a669b1f85ed0d35e6dff7ee9f449ec6 (commit)
via cfdfe498b772f28eb8255b07ebefed64db27b1d6 (commit)
This update added new revisions after undoing existing revisions. That is
to say, the old revision is not a strict subset of the new revision. This
situation occurs when you --force push a change and generate a repository
containing something like this:
* -- * -- B -- O -- O -- O (04278309e97daeaff59c9f4a3f8b660b1f3ddec4)
\
N -- N -- N (73786840058f1db8664c1f72ce08f7c354113606)
When this happens we assume that you've already had alert emails for all
of the O revisions, and so we here report only the revisions in the N
branch from the common base, B.
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 73786840058f1db8664c1f72ce08f7c354113606
Author: Eric Paris <eparis at redhat.com>
Date: Wed Nov 2 16:22:28 2011 -0400
checkpolicy: test: Makefile: include -W and -Werror
Include the same error type options we build everything else with.
Signed-off-by: Eric Paris <eparis at redhat.com>
commit f59e50fa45c2816af494b8a28109c7cebf216aca
Author: Eric Paris <eparis at redhat.com>
Date: Tue Nov 1 14:26:18 2011 -0400
sepolgen: FIXME unused function
This is dead code that is unused, why is it here?
commit 71eb7c4f09c19f43c0c7cfe779a5d25930050d11
Author: Dan Walsh <dwalsh at redhat.com>
Date: Wed Sep 7 13:58:24 2011 -0400
policycoreutils: FIXME Change restorecon to just change the type of an object, rather then the role, user and range.
Needs review.
Signed-off-by: Dan Walsh <dwalsh at redhat.com>
NOT-Signed-off-by: Eric Paris <eparis at redhat.com>
commit c9cdd636db66a990031d7f91a746109cd8e9c506
Author: Eric Paris <eparis at redhat.com>
Date: Wed Jun 29 01:49:20 2011 -0400
libsemanage: FIXME don't mess with /root in genhomedircon
Fedora treats /root different then all other HOME Directories. We label
it admin_home_t, refpolicy labels it the same as /home/dwalsh. I feel
this is wrong since so many root processes deal with /root differently
then /home/dwalsh.
The code in genhomedircon that deals with /root is to setup labeling of
/root the same as /home/dwalsh
FIXME: this seems like a Fedora-ism
NOT-Signed-off-by: Eric Paris <eparis at redhat.com>
commit dd96c0b7b15c0e50a91a8cc944402fe4bf92d9fe
Author: Eric Paris <eparis at redhat.com>
Date: Wed Aug 3 14:00:48 2011 -0400
libselinux: matchpathcon: FIXME use vsyslog instead of stderr
Convert matchpathcon to use vsyslog for errors instead of stderr.
This isn't a library, why shouldn't we use stderr?
NOT-Signed-off-by: Eric Paris <eparis at redhat.com>
commit 8530ed90ae72faefe350c98b88862aaec1a22317
Author: Eric Paris <eparis at redhat.com>
Date: Tue Jul 5 00:28:42 2011 -0400
libselinux: FIXME do not use stderr/out if selinux is disabled
Kerberos libraries do not expect libraries many levels lower to spew
messages to STDERR or STDOUT, and this causes kerberos to potentially do
whacky things like deny access, because the user has a screwed up file
context file.
FIXME: This was rejected and upstream wanted callbacks.
NOT-Signed-off-by: Eric Paris <eparis at redhat.com>
commit b2efa3bd7d267441340b653bd3891b6a24260262
Author: Dan Walsh <dwalsh at redhat.com>
Date: Mon Oct 24 14:34:34 2011 -0400
policycoreutils: sandbox: FIXME Add back in . functions to sandbox.init script
WTF, can I merge?
NOT-signed-off-by
commit 7a9b66b0fdfaadedd2e29089fcb18edf25232c2a
Author: Dan Walsh <dwalsh at redhat.com>
Date: Tue Oct 4 08:33:41 2011 -0400
policycoreutils: newrole: FIXME do not drop capabilities when newrole is run as root
changelog and review needed.
NOT-Signed-off-by: Eric Paris <eparis at redhat.com>
commit 6c19e29e943168e75720a0f6d6c46dab213eab22
Author: Dan Walsh <dwalsh at redhat.com>
Date: Fri Sep 2 08:55:47 2011 -0400
policycoreutils: setfiles: FIXME Allow setfiles/restorecon to take advantage of new subset handling in libselinux
Needs review.
Signed-off-by: Dan Walsh <dwalsh at redhat.com>
NOT-Signed-off-by: Eric Paris <eparis at redhat.com>
commit adaf2549419e7df6b3645ecc61a3cfbb6949547c
Author: Dan Walsh <dwalsh at redhat.com>
Date: Fri Sep 2 08:54:12 2011 -0400
libselinux: FIXME Allow SELinux labelling to support multiple prefix/subsets labeling, to reduce memory and increase speed apps that support labeling on a subset of directories
Needs review
Signed-off-by: Dan Walsh <dwalsh at redhat.com>
NOT-Signed-off-by: Eric Paris <eparis at redhat.com>
commit 932ca600fcdce83c672fe203b69d3f532480f0b9
Author: Eric Paris <eparis at redhat.com>
Date: Mon Aug 8 14:44:08 2011 -0400
policycoreutils: sandbox: FIXME man page install line in Makefile
The source calls the man page sandbox.conf.5 but we wish to install it
as sandbox.5
This doesn't make sense. Shouldn't the man page for sandbox.conf be at
sandbox.conf?
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit ff018ab8ad1af9ceb89609725f07f95025609315
Author: Eric Paris <eparis at redhat.com>
Date: Wed Aug 3 11:38:03 2011 -0400
policycoreutils: newrole: FIXME do not call drop_capabilities
I don't know why this is a good thing, but apparently we does it!
NOT-Signed-off-by: Eric Paris <eparis at redhat.com>
commit fc611dd3307b4ee656931d0a51e98e3df457f31c
Author: Eric Paris <eparis at redhat.com>
Date: Wed Jul 20 12:19:48 2011 -0400
policycoreutils: run_init: FIXME Build option for call to open_init_pty
This patch introduces a new build flag, USE_OPEN_INIT_PTY, which
decides if run_init uses open_init_pty to launch new programs or just
does so directly.
This patch seems broken since nothing is ever going to set
USE_OPEN_INIT_PTY
NOT-Signed-off-by: Eric Paris <eparis at redhat.com>
commit ae61227fd9381266d1a9bbc271ce7d455743b23f
Author: Eric Paris <eparis at redhat.com>
Date: Wed Aug 3 12:00:30 2011 -0400
policycoreutils: semanage: FIXME whitespace changes in seobject
Just whitespace and indention changes. No real code. I'm not certain
they are all a good idea.
NOT-Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit daaf86d636964a28dcb534bd035fd3995ee38d90
Author: Eric Paris <eparis at redhat.com>
Date: Wed Aug 3 11:57:34 2011 -0400
policycoreutils: semanage: FIXME surround getopt with its own try block
This patch adds another try/except block which only includes the getopt
processing. I don't understand why the single larger block was
inadequate.
NOT-Signed-off-by: Eric Paris <eparis at redhat.com>
commit 435b6cafb6d97a313d36a599e914f0754579d636
Author: Eric Paris <eparis at redhat.com>
Date: Wed Aug 3 11:53:43 2011 -0400
policycoreutils: semanage: FIXME do not use set_action
This patch causes enable/disable to not use setaction and to instead
throw their own error. I do not believe it is needed.
NOT-Signed-off-by: Eric Paris <eparis at redhat.com>
commit cea2a454ca22448c6f885d267318477a54c56ee6
Author: Eric Paris <eparis at redhat.com>
Date: Tue Jul 19 11:27:23 2011 -0400
policycoreutils: semanage: FIXME force utf8 encoding
Python has a very strange way of handling translations that can blow
up command line unless you force the system to utf8.
THIS PATCH LEAVES AN UNCLEAN GIT STATUS AFTER BUILD
Signed-off-by: Eric Paris <eparis at redhat.com>
Acked-by: Dan Walsh <dwalsh at redhat.com>
commit a2a7874ae9c1aa15e5e7ca1669881b5a5adcfada
Author: Eric Paris <eparis at redhat.com>
Date: Fri Jul 15 18:32:28 2011 +0200
policycoreutils: semanage: FIXME make add operations into modify
Scripts which use semanage often don't know if what they intend to do
has already been done. Should they use a -a because it doesn't exist or
should they use -m because it does? This patch just makes -a use -m if
an entry already exists.
I'm not certain this is good practice. Why can't scripts tell the
reason and handle the error themselves rather than not have a choice in
the tools? What if two different rpms wanted to install a new selinux
user and the creator of those rpms didn't know about the other one?
They'd have no way of knowing about the name collision and the fact that
policy was likely not what they intended....
NOT-Signed-off-by: Eric Paris <eparis at redhat.com>
commit 6393385af0a2b9736b310dc87884ab85b002544c
Author: Eric Paris <eparis at redhat.com>
Date: Fri Jul 15 18:28:16 2011 +0200
policycoreutils: semanage: FIXME use local store in nodeRecords __modify
Everything else in this function uses the global store so I don't
understand why this patch uses the local store.
Dan says "Neither do I but I am sure there was a reason."
NOT-Signed-off-by: Eric Paris <eparis at redhat.com>
commit 06da286cfbee55044e9b5ef08159dd7a842673ba
Author: Dan Walsh <dwalsh at redhat.com>
Date: Tue Aug 23 14:53:44 2011 -0400
sepolgen: FIXME Allow returning of bastard matches
Better changelog and review
NOT-Signed-off-by: Eric Paris <eparis at redhat.com>
commit 2c851c75e72cd7524fc499f7f5ec8a993a784c01
Author: Dan Walsh <dwalsh at redhat.com>
Date: Tue Aug 23 14:52:47 2011 -0400
sepolgen: Change analysys of sepolgen to return booleans and te rules that would tell audit2allow if there are booleans that can handle the AVC
Better changelog and review
NOT-Signed-off-by: Eric Paris <eparis at redhat.com>
commit bfd20b130c07e375b4240457729653bbe8b8439a
Author: Eric Paris <eparis at redhat.com>
Date: Tue Nov 1 14:26:52 2011 -0400
sepolgen: audit.py: FIXME better analysis of why things broke
Dan, can you give me a changelog entry?
Signed-off-by: Eric Paris <eparis at redhat.com>
-----------------------------------------------------------------------
Summary of changes:
checkpolicy/ChangeLog | 4 +
checkpolicy/VERSION | 2 +-
checkpolicy/policy_parse.y | 28 +++---
checkpolicy/policy_scan.l | 7 +-
checkpolicy/test/Makefile | 4 +-
libselinux/ChangeLog | 12 +++
libselinux/VERSION | 2 +-
libselinux/include/selinux/label.h | 4 +-
libselinux/include/selinux/selinux.h | 37 ++++++++-
libselinux/man/man3/matchpathcon.3 | 12 +++-
libselinux/man/man3/security_compute_av.3 | 5 +
...{checkPasswdAccess.3 => selinux_check_access.3} | 0
libselinux/src/Makefile | 4 +-
libselinux/src/audit2why.c | 1 +
libselinux/src/avc.c | 3 +
libselinux/src/checkAccess.c | 32 +++++++
libselinux/src/init.c | 45 ++++++----
libselinux/src/label.c | 92 +++++++++++---------
libselinux/src/label_file.c | 66 ++++++--------
libselinux/src/load_policy.c | 2 +-
libselinux/src/matchpathcon.c | 17 +++-
libselinux/src/selinux_internal.h | 2 +
libselinux/src/seusers.c | 28 +++++--
libsemanage/ChangeLog | 6 ++
libsemanage/VERSION | 2 +-
libsemanage/man/Makefile | 3 +
libsemanage/man/man5/semanage.conf.5 | 93 ++++++++++++++++++++
libsemanage/src/Makefile | 2 +-
libsemanage/src/semanage_store.c | 6 +-
libsepol/ChangeLog | 5 +
libsepol/VERSION | 2 +-
libsepol/include/sepol/policydb/ebitmap.h | 6 ++
libsepol/src/Makefile | 2 +-
libsepol/src/ebitmap.c | 76 ++++++++++++++++
libsepol/src/expand.c | 10 ++-
libsepol/src/private.h | 3 +
policycoreutils/ChangeLog | 23 +++++
policycoreutils/VERSION | 2 +-
policycoreutils/audit2allow/Makefile | 2 +-
policycoreutils/audit2why/Makefile | 2 +-
policycoreutils/load_policy/Makefile | 2 +-
policycoreutils/mcstrans/src/mcstrans.c | 91 ++------------------
policycoreutils/newrole/Makefile | 18 ++--
policycoreutils/newrole/newrole.c | 6 +-
policycoreutils/restorecond/Makefile | 2 +-
policycoreutils/restorecond/restorecond.c | 2 +
policycoreutils/restorecond/restorecond_user.conf | 1 +
policycoreutils/restorecond/user.c | 15 +++-
policycoreutils/run_init/Makefile | 8 +-
policycoreutils/sandbox/Makefile | 9 +-
policycoreutils/sandbox/sandbox.init | 1 +
policycoreutils/scripts/Makefile | 2 +-
policycoreutils/scripts/genhomedircon | 1 +
policycoreutils/secon/Makefile | 4 +-
policycoreutils/semanage/Makefile | 2 +-
.../semanage/default_encoding/default_encoding.c | 4 +-
policycoreutils/semanage/semanage.8 | 3 +
policycoreutils/semodule/Makefile | 2 +-
policycoreutils/semodule/semodule.8 | 3 +
policycoreutils/semodule/semodule.c | 1 +
policycoreutils/semodule_deps/Makefile | 4 +-
policycoreutils/semodule_expand/Makefile | 4 +-
policycoreutils/semodule_link/Makefile | 4 +-
policycoreutils/semodule_package/Makefile | 6 +-
policycoreutils/sepolgen-ifgen/Makefile | 4 +-
policycoreutils/sestatus/Makefile | 4 +-
policycoreutils/setfiles/Makefile | 4 +-
policycoreutils/setfiles/restore.c | 74 +++++-----------
policycoreutils/setfiles/restore.h | 2 +-
policycoreutils/setfiles/restorecon.8 | 10 +-
policycoreutils/setfiles/setfiles.8 | 10 +-
policycoreutils/setfiles/setfiles.c | 50 +++++++----
policycoreutils/setsebool/Makefile | 2 +-
sepolgen/ChangeLog | 4 +
sepolgen/VERSION | 2 +-
sepolgen/src/sepolgen/audit.py | 5 +-
sepolgen/src/sepolgen/policygen.py | 8 +-
sepolgen/src/sepolgen/refparser.py | 7 ++
78 files changed, 670 insertions(+), 365 deletions(-)
copy libselinux/man/man3/{checkPasswdAccess.3 => selinux_check_access.3} (100%)
create mode 100644 libsemanage/man/man5/semanage.conf.5
hooks/post-receive
--
SELinux userland upstream repository
More information about the selinux-commits
mailing list