Commit graph

854 commits

Author SHA1 Message Date
Jason Zaman
013ecfd7fa Update VERSIONs to 3.5-rc1 for release.
Signed-off-by: Jason Zaman <jason@perfinion.com>
2022-12-22 13:10:26 -08:00
Petr Lautrbach
25d7941aee fixfiles: Unmount temporary bind mounts on SIGINT
`fixfiles -M relabel` temporary bind mounts file systems before
relabeling, but it left the / directory mounted in /tmp/tmp.XXXX when a
user hit CTRL-C. It means that if the user run `fixfiles -M relabel`
again and answered Y to clean out /tmp directory, it would remove all
data from mounted fs.

This patch changes the location where `fixfiles` mounts fs to /run, uses
private mount namespace via unshare and adds a handler for exit signals
which tries to umount fs mounted by `fixfiles`.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2125355

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Tested-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
2022-11-23 08:28:23 -05:00
Paul Moore
a0a216ff7d docs: provide a top level LICENSE file
Provide a top level LICENSE file explaining how multiple the SELinux
userspace is released under multiple different licenses.  Also ensure
that all the different license files share a consistent file name,
LICENSE, to make it easier for people to identify the license files.

This is to help meet the OpenSSF Best Practices requirements.

Signed-off-by: Paul Moore <paul@paul-moore.com>
2022-10-05 08:20:38 -04:00
Vit Mojzis
5b5056b1b4 Update translations
Source: https://translate.fedoraproject.org/projects/selinux/

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
2022-10-05 08:13:26 -04:00
Ondrej Mosnacek
8cc529af51
semodule: rename --rebuild-if-modules-changed to --refresh
After the last commit this option's name and description no longer
matches the semantic, so give it a new one and update the descriptions.
The old name is still recognized and aliased to the new one for
backwards compatibility.

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2022-06-30 21:09:28 +02:00
Christian Göttsche
6d02b2fa29 semodule: avoid toctou on output module
Do not check for file existence and open afterwards, open with the
exclusive flag (supported in Glibc and musl 0.9.6 and also standardized
in C11).

Found by GitHub CodeQL.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2022-06-02 08:31:07 -04:00
Christian Göttsche
dd98fa3227 libselinux: declare return value of context_str(3) const
context_str(3) returns a string representation of the given context.
This string is owned by the context and free'd on context_free(3).
Declare it const, as already done in the man page, since it must not be
free'd by the caller.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2022-06-02 08:29:01 -04:00
Petr Lautrbach
0a8c177dac
Update VERSIONs to 3.4 for release.
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2022-05-18 16:51:03 +02:00
Petr Lautrbach
9df28c241a
Update VERSIONs to 3.4-rc3 for release.
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2022-05-04 19:20:37 +02:00
Laszlo Ersek
2b6f7e969c setfiles: introduce the -C option for distinguishing file tree walk errors
setfiles(8) exits with status 255 if it encounters any error. Introduce
the "-C" option: if the only errors that setfiles(8) encounters are
labeling errors seen during the file tree walk(s), then let setfiles(8)
exit with status 1.

Cc: "Richard W.M. Jones" <rjones@redhat.com>
Cc: Petr Lautrbach <plautrba@redhat.com>
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1794518
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
2022-05-04 10:31:43 +02:00
Laszlo Ersek
b98626f15f setfiles: remove useless "iamrestorecon" checks in option parsing
Commit 219eea83ce ("policycoreutils: setfiles/restorecon: fix -r/-R
option", 2015-04-16) split the option strings between "setfiles" and
"restorecon". Since that commit, an "iamrestorecon" check has only been
necessary for an option that is (a) accepted by both "setfiles" and
"restorecon", but (b) behaves differently between "setfiles" and
"restorecon". Currently, the only such options are "-r" and "-R". Remove
the "iamrestorecon" checks from the "setfiles"-only "-c" and "-d" options,
and from the "restorecon"-only "-x" option.

Cc: "Richard W.M. Jones" <rjones@redhat.com>
Cc: Petr Lautrbach <plautrba@redhat.com>
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1794518
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-By: Daniel Burgener <dburgener@linux.microsoft.com>
2022-05-04 10:31:42 +02:00
Laszlo Ersek
fd9a851db4 setfiles: remove useless assignment and comment (after RHBZ#1926386)
Commit 9207823c8f ("setfiles: Do not abort on labeling error",
2021-02-01) hoisted the zeroing of "r_opts.abort_on_error" above the
branching on "setfiles vs. restorecon". Clean up two aspects:

- "r_opts" is altogether zeroed a bit higher up, so remove the explicit
  zero-assignment;

- neither "setfiles" nor "restorecon" aborts on errors during the file
  tree walk now, so remove the comment "Do not abort on errors during the
  file tree walk" from the "restorecon" branch as well.

Cc: "Richard W.M. Jones" <rjones@redhat.com>
Cc: Petr Lautrbach <plautrba@redhat.com>
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1794518
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
2022-05-04 10:31:41 +02:00
Laszlo Ersek
aab2498a82 setfiles: fix up inconsistent indentation
Commit 7ad84e7c8d ("Add restorecon -x option to not cross FS
boundaries", 2020-06-18) used spaces vs. TABs inconsistently; run
"unexpand" on the affected lines to make the indentation conform to the
rest of the source code.

Cc: "Richard W.M. Jones" <rjones@redhat.com>
Cc: Petr Lautrbach <plautrba@redhat.com>
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1794518
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
2022-05-04 10:31:40 +02:00
Petr Lautrbach
2a167d1156
Update VERSIONs to 3.4-rc2 for release.
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2022-04-20 21:48:57 +02:00
Christian Göttsche
fd67b2f4b1 Correct misc typos
Found by typos[1].

[1]: https://github.com/crate-ci/typos

Acked-by: James Carter <jwcart2@gmail.com>
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
2022-04-12 13:09:52 -04:00
James Carter
5d8764dbf5 setfiles.8: -q is deprecated and has no effect
Acked-by: James Carter <jwcart2@gmail.com>
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2022-04-12 13:09:34 -04:00
Christian Göttsche
df31981d63 policycoreutils: drop usage of egrep in fixfiles
egrep(1) is deprecated, use `grep -E`.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Petr Lautrbach <plautrba@redhat.com>
2022-04-12 13:09:30 -04:00
Petr Lautrbach
73562de8fc
Update VERSIONs to 3.4-rc1 for release.
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2022-04-06 19:53:39 +02:00
Petr Lautrbach
8aca100c5b Update translations from translate.fedoraproject.org
Source https://translate.fedoraproject.org/projects/selinux/

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2022-04-06 10:53:37 +02:00
Petr Lautrbach
2d668b6214 Split po/ translation files into the relevant sub-directories
When policycoreutils was split into policycoreutils/ python/ gui/ and sandbox/
sub-directories, po/ translation files stayed in policycoreutils/.

This commit splits original policycoreutils translations to
policycoreutils, selinux-python, selinux-gui, and selinux-sandbox.

See original Fedora issue https://github.com/fedora-selinux/selinux/issues/43

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Acked-by: James Carter <jwcart2@gmail.com>
2022-04-06 10:52:41 +02:00
Petr Lautrbach
8871fd603a policycoreutils/fixfiles: Use parallel relabeling
Commit 93902fc834 ("setfiles/restorecon: support parallel relabeling")
implemented support for parallel relabeling in setfiles. This is
available for fixfiles now.

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Acked-by: Ondrej Mosnacek <omosnace@redhat.com>
2022-03-11 10:03:55 -05:00
Christian Göttsche
c71d14e824 newrole: ensure password memory erasure
Compiler can optimize calls to memset(3), due to the as-if rule, away if
the object is not accessed later on.  Use a wrapper using volatile
pointers to ensure the memory is guaranteed to be erased.  Also erase
the encrypted password.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
2022-03-03 12:12:47 -05:00
Christian Göttsche
1af8089824 newrole: check for crypt(3) failure
Depending on the implementation crypt(3) can fail either by returning
NULL, or returning a pointer to an invalid hash and setting errno.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
2022-03-03 12:12:44 -05:00
Christian Göttsche
29e167a448 newrole: silence compiler warnings
newrole.c:636:12: warning: function declaration isn’t a prototype [-Wstrict-prototypes]
      636 | static int transition_to_caller_uid()
          |            ^~~~~~~~~~~~~~~~~~~~~~~~

    newrole.c:103:9: warning: macro is not used [-Wunused-macros]
    #define DEFAULT_CONTEXT_SIZE 255        /* first guess at context size */
            ^

    newrole.c:862:4: warning: 'break' will never be executed [-Wunreachable-code-break]
                            break;
                            ^~~~~

    newrole.c:168:13: warning: no previous extern declaration for non-static variable 'service_name' [-Wmissing-variable-declarations]
    const char *service_name = "newrole";
                ^

    hashtab.c:53:11: warning: implicit conversion changes signedness: 'unsigned int' to 'int' [-Wsign-conversion]
            hvalue = h->hash_value(h, key);
                   ~ ^~~~~~~~~~~~~~~~~~~~~
    hashtab.c:92:11: warning: implicit conversion changes signedness: 'unsigned int' to 'int' [-Wsign-conversion]
            hvalue = h->hash_value(h, key);
                   ~ ^~~~~~~~~~~~~~~~~~~~~
    hashtab.c:124:11: warning: implicit conversion changes signedness: 'unsigned int' to 'int' [-Wsign-conversion]
            hvalue = h->hash_value(h, key);
                   ~ ^~~~~~~~~~~~~~~~~~~~~
    hashtab.c:172:10: warning: implicit conversion changes signedness: 'int' to 'unsigned int' [-Wsign-conversion]
                            ret = apply(cur->key, cur->datum, args);
                                ~ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    hashtab.c:174:12: warning: implicit conversion changes signedness: 'unsigned int' to 'int' [-Wsign-conversion]
                                    return ret;
                                    ~~~~~~ ^~~

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
2022-03-03 12:12:41 -05:00
Christian Göttsche
09c994c287 newrole: add Makefile target to test build options
Add a Makefile target which build newrole with all combinations of
supported build options.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
2022-03-03 12:12:39 -05:00
Ondrej Mosnacek
2d08c5dd89 semodule: add command-line option to detect module changes
Add a new command-line option "--rebuild-if-modules-changed" to control
the newly introduced check_ext_changes libsemanage flag.

For example, running `semodule --rebuild-if-modules-changed` will ensure
that any externally added/removed modules (e.g. by an RPM transaction)
are reflected in the compiled policy, while skipping the most expensive
part of the rebuild if no module change was deteceted since the last
libsemanage transaction.

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
2022-02-18 11:08:41 -05:00
Ondrej Mosnacek
67e6201bc8 semodule,libsemanage: move module hashing into libsemanage
The main goal of this move is to have the SHA-256 implementation under
libsemanage, since upcoming patches will make use of SHA-256 for a
different (but similar) purpose in libsemanage. Having the hashing code
in libsemanage will reduce code duplication and allow for easier hash
algorithm upgrade in the future.

Note that libselinux currently also contains a hash function
implementation (for yet another different purpose). This patch doesn't
make any effort to address that duplicity yet.

This patch also changes the format of the hash string printed by
semodule to include the name of the hash. The intent is to avoid
ambiguity and potential collisions when the algorithm is potentially
changed in the future.

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
2022-02-18 11:08:30 -05:00
Christian Göttsche
9229f8b3b7 policycoreutils: handle argument counter of zero
The number of arguments passed to main(), argc, can be zero if the
pathname passed to execve(2) is NULL, e.g. via:

    execve("/path/to/exe", {NULL}, {NULL});

Also avoid NULL pointer dereferences on the argument value.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
2022-02-07 11:14:26 -05:00
Vit Mojzis
b8004f0586 policycoreutils: Improve error message when selabel_open fails
When selabel_open fails to locate file_context files and
selabel_opt_path is not specified (e.g. when the policy type is
missconfigured in /etc/selinux/config), perror only prints
"No such file or directory".
This can be confusing in case of "restorecon" since it's
not apparent that the issue is in policy store.

Before:
  \# restorecon -v /tmp/foo.txt
  No such file or directory
After:
  \# restorecon -v /tmp/foo.txt
  /etc/selinux/yolo/contexts/files/file_contexts: No such file or directory

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
2022-01-14 08:55:13 -06:00
Cutright Jacob
1cbce56115 Modified Russian and English man pages to fix typo; REQUIREUSERS -> REQUIRESEUSERS
Signed-off-by: Jacob M Cutright <cutrightjm@stl.sh>
Acked-by: Petr Lautrbach <plautrba@redhat.com>
2021-11-29 18:51:19 +01:00
Petr Lautrbach
c28763c4c9 semodule: Don't forget to munmap() data
semanage_module_extract() mmap()'s the module raw data but it leaves on
the caller to munmap() them.

Reported-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Acked-by: James Carter <jwcart2@gmail.com>
2021-11-29 18:50:01 +01:00
Petr Lautrbach
f37b3e94d3 semodule: Fix lang_ext column index
lang_ext is 3. column - index number 2.

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Acked-by: James Carter <jwcart2@gmail.com>
2021-11-23 10:42:15 +01:00
Petr Lautrbach
ed4813be61 semodule: add -m | --checksum option
Since cil doesn't store module name and module version in module itself,
there's no simple way how to compare that installed module is the same
version as the module which is supposed to be installed. Even though the
version was not used by semodule itself, it was apparently used by some
team.

With `semodule -l --checksum` users get SHA256 hashes of modules and
could compare them with their files which is faster than installing
modules again and again.

E.g.

    # time (
    semodule -l --checksum | grep localmodule
    /usr/libexec/selinux/hll/pp localmodule.pp | sha256sum
    )
    localmodule db002f64ddfa3983257b42b54da7b182c9b2e476f47880ae3494f9099e1a42bd
    db002f64ddfa3983257b42b54da7b182c9b2e476f47880ae3494f9099e1a42bd  -

    real    0m0.876s
    user    0m0.849s
    sys     0m0.028s

vs

    # time semodule -i localmodule.pp

    real    0m6.147s
    user    0m5.800s
    sys     0m0.231s

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Acked-by: James Carter <jwcart2@gmail.com>
2021-11-23 10:42:05 +01:00
Ondrej Mosnacek
93902fc834 setfiles/restorecon: support parallel relabeling
Use the newly introduced selinux_restorecon_parallel(3) in
setfiles/restorecon and a -T option to both to allow enabling parallel
relabeling. The default behavior without specifying the -T option is to
use 1 thread; parallel relabeling must be requested explicitly by
passing -T 0 (which will use as many threads as there are available CPU
cores) or -T <N>, which will use <N> threads.

=== Benchmarks ===
As measured on a 32-core cloud VM with Fedora 34. Not a fully
representative environment, but still the scaling is quite good.

WITHOUT PATCHES:
$ time restorecon -rn /usr

real    0m21.689s
user    0m21.070s
sys     0m0.494s

WITH PATCHES:
$ time restorecon -rn /usr

real    0m23.940s
user    0m23.127s
sys     0m0.653s
$ time restorecon -rn -T 2 /usr

real    0m13.145s
user    0m25.306s
sys     0m0.695s
$ time restorecon -rn -T 4 /usr

real    0m7.559s
user    0m28.470s
sys     0m1.099s
$ time restorecon -rn -T 8 /usr

real    0m5.186s
user    0m37.450s
sys     0m2.094s
$ time restorecon -rn -T 16 /usr

real    0m3.831s
user    0m51.220s
sys     0m4.895s
$ time restorecon -rn -T 32 /usr

real    0m2.650s
user    1m5.136s
sys     0m6.614s

Note that the benchmarks were performed in read-only mode (-n), so the
labels were only read and looked up in the database, not written. When
fixing labels on a heavily mislabeled system, the scaling would likely
be event better, since a larger % of work could be done in parallel.

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
2021-11-23 10:03:18 +01:00
Christian Göttsche
081ac391ad policycoreutils: mark local functions static
setfiles.c:50:6: warning: no previous prototype for ‘set_rootpath’ [-Wmissing-prototypes]
       50 | void set_rootpath(const char *arg)
          |      ^~~~~~~~~~~~
    setfiles.c:67:5: warning: no previous prototype for ‘canoncon’ [-Wmissing-prototypes]
       67 | int canoncon(char **contextp)
          |     ^~~~~~~~

    newrole.c:185:5: warning: no previous prototype for ‘authenticate_via_pam’ [-Wmissing-prototypes]
      185 | int authenticate_via_pam(const char *ttyn, pam_handle_t * pam_handle)
          |     ^~~~~~~~~~~~~~~~~~~~

    run_init.c:241:5: warning: no previous prototype for ‘authenticate_user’ [-Wmissing-prototypes]
      241 | int authenticate_user(void)
          |     ^~~~~~~~~~~~~~~~~
    run_init.c:306:5: warning: no previous prototype for ‘get_init_context’ [-Wmissing-prototypes]
      306 | int get_init_context(char **context)
          |     ^~~~~~~~~~~~~~~~

    sestatus.c:38:5: warning: no previous prototype for ‘cmp_cmdline’ [-Wmissing-prototypes]
       38 | int cmp_cmdline(const char *command, int pid)
          |     ^~~~~~~~~~~
    sestatus.c:62:5: warning: no previous prototype for ‘pidof’ [-Wmissing-prototypes]
       62 | int pidof(const char *command)
          |     ^~~~~
    sestatus.c:95:6: warning: no previous prototype for ‘load_checks’ [-Wmissing-prototypes]
       95 | void load_checks(char *pc[], int *npc, char *fc[], int *nfc)
          |      ^~~~~~~~~~~
    sestatus.c:171:6: warning: no previous prototype for ‘printf_tab’ [-Wmissing-prototypes]
      171 | void printf_tab(const char *outp)
          |      ^~~~~~~~~~

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
2021-11-15 16:00:54 -05:00
Christian Göttsche
fb68d036b8 policycoreutils: use string literal as format strings
Use string literal as format string so that compilers can validate the
count and types of the inherent arguments.

    sestatus.c: In function ‘printf_tab’:
    sestatus.c:175:16: error: format not a string literal, argument types not checked [-Werror=format-nonliteral]
      175 |         printf(buf, outp);
          |                ^~~

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
2021-11-15 16:00:54 -05:00
Petr Lautrbach
7f600c40bc
Update VERSIONs to 3.3 for release.
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2021-10-21 16:31:23 +02:00
Petr Lautrbach
5319c49d8a
Update VERSIONs to 3.3-rc3 for release.
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2021-10-06 13:28:15 +02:00
Petr Lautrbach
db3863d551 libselinux/semodule: Improve extracting message
The code doesn't check the default priority, it just looks for the
highest.

Fixes:

    # semodule -E testmodule
    Module 'testmodule' does not exist at the default priority '400'. Extracting at highest existing priority '400'.

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Acked-by: James Carter <jwcart2@gmail.com>
2021-10-06 12:04:03 +02:00
Christian Göttsche
b1a3c2030c Correct some typos
Found by codespell

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Petr Lautrbach <plautrba@redhat.com>
2021-09-30 15:42:11 -04:00
Petr Lautrbach
0b833973bf
Update VERSIONs to 3.3-rc2 for release.
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2021-09-22 17:14:25 +02:00
Petr Lautrbach
38cb18e931 Update VERSIONs and Python bindings version to 3.3-rc1 for release
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2021-09-08 09:49:46 +02:00
Christian Göttsche
32611aea65 policycoreutils: free memory of allocated context in newrole
Found by scan-build.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
2021-07-19 10:42:45 -04:00
Christian Göttsche
f0c354afc0 policycoreutils: free memory of allocated context in run_init
Found by scan-build.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
2021-07-19 10:42:45 -04:00
Christian Göttsche
d8b9bd5c2a policycoreutils: free memory on lstat failure in sestatus
In case lstat(3) fails the memory is not free'd at the end of the for
loop, due to the control flow change by continue.

Found by scan-build.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
2021-07-19 10:42:45 -04:00
Nicolas Iooss
e45bc87094 policycoreutils: silence -Wextra-semi-stmt warning
On Ubuntu 20.04, when building with clang -Werror -Wextra-semi-stmt
(which is not the default build configuration), the compiler reports:

      secon.c:686:3: error: empty expression statement has no effect;
      remove unnecessary ';' to silence this warning
      [-Werror,-Wextra-semi-stmt]
              };
               ^

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2021-07-06 11:08:11 -04:00
Ondrej Mosnacek
26a4c19ecf fixfiles: do not exclude /dev and /run in -C mode
I can't think of a good reason why they should be excluded. On the
contrary, excluding them can cause trouble very easily if some labeling
rules for these directories change. For example, we changed the label
for /dev/nvme* from nvme_device_t to fixed_disk_device_t in Fedora
(updating the allow rules accordingly) and after policy update they
ended up with an invalid context, causing denials.

Thus, remove /dev and /run from the excludes. While there, also add
/root to the basic excludes to match the regex that excludes fc rules
(that should be effectively no functional change).

I did a sanity check on my system by running `restorecon -nv /dev /run`
and it didn't report any label differences.

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Acked-by: Petr Lautrbach <plautrba@redhat.com>
2021-05-12 09:36:16 +02:00
Ondrej Mosnacek
6cfebe787e
policycoreutils/setfiles: do not create useless setfiles.8.man file
Seems to have been there to allow for some sed substitution over the
text. Now that this is gone, the redundant intermediate file can be
removed, too.

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
2021-04-20 09:02:52 +02:00
Petr Lautrbach
cf853c1a0c
Update VERSIONs to 3.2 for release.
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2021-03-04 16:42:59 +01:00
Petr Lautrbach
d4d1f4ba7e
Update VERSIONs to 3.2-rc3 for release.
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2021-02-24 15:49:59 +01:00