tequilaOS/platform_external_selinux
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
1246 commits 1 branch 0 tags 17 MiB
Commit graph

29 commits

Author SHA1 Message Date
Nicolas Iooss
e4d693ae87 Use $(PYTHON) instead of "python" in every Makefile 
This fixes the build with "make PYTHON=python2" on systems where python
is python3.

For PYLIBVER and PYTHONLIBDIR definitions, I tested Python 2.5, 2.6, 2.7,
3.3 and 3.4.  For each of them, these commands print the expected result:

    python -c 'import sys;print("python%d.%d" % sys.version_info[0:2])'"
    python -c "from distutils.sysconfig import *;print(get_python_lib(1))"

Acked-by: Steve Lawrence <slawrence@tresys.com>
 2014-10-02 09:56:49 -04:00
Dan Walsh
5fe159bfdd selinux_current_policy_path will return none on a disabled SELinux system 2013-11-13 11:07:21 -05:00
Laurent Bigonville
2e93833b1b Minor manpages improvements 2013-11-06 09:36:33 -05:00
Dan Walsh
e27d51b17e Add test suite for audit2allow and sepolgen_ifgen 2013-10-31 11:05:28 -04:00
Dan Walsh
3ddff86b8f Have audit2allow output additional constraint information 2013-10-29 08:49:52 -04:00
Dan Walsh
959a4e3177 Catch IOError errors within audit2allow 2013-10-28 17:04:36 -04:00
Stephen Smalley
56258807ea Revert "Richard Haines patch that allows us discover constraint violation information" 
This reverts commit 56b49ab711.

Conflicts:
	libselinux/src/audit2why.c
 2013-10-25 13:53:03 -04:00
Stephen Smalley
f458b76076 Merge branch 'fedora' into master-merge 
Conflicts:
	libselinux/src/Makefile
	libselinux/src/selinux_config.c
	policycoreutils/audit2allow/audit2allow.1
	policycoreutils/scripts/fixfiles.8
	policycoreutils/semanage/semanage.8
	policycoreutils/sepolicy/Makefile
	policycoreutils/sepolicy/sepolicy/transition.py
	policycoreutils/setsebool/setsebool.8
 2013-10-24 15:24:17 -04:00
Dan Walsh
ae1cedbac8 Handle audit2allow and audit2why with the same executable Remove audit2why directory and combine this into audit2allow directory 2013-10-24 13:58:39 -04:00
Dan Walsh
f7d40d920c We were asked to open output file for append rather then write. 2013-10-24 13:58:39 -04:00
Dan Walsh
69129b4983 Need to set the locale to current locale 
Without this call the audit2allow -b command was failing in certain countries.
 2013-10-24 13:58:39 -04:00
Dan Walsh
7eec00a5be Add selinux_current_policy_path, which returns the a pointer to the loaded policy 
Also change audit2why to look at the loaded policy rather then searching on disk for
the policy file.  It is more likely that you are examining the running policy.
 2013-10-24 13:58:38 -04:00
Dan Walsh
2540b20096 Laurent Bigonville patch to fix various minor manpage issues and correct section numbering. 2013-10-24 13:58:37 -04:00
Dan Walsh
56b49ab711 Richard Haines patch that allows us discover constraint violation information 
Basically we need this information to allow audit2allow/audit2why to better
describe which constraint is being broken.
 2013-10-24 13:58:37 -04:00
Laurent Bigonville
84e085847d policycoreutils: Fix cases where hyphen were used as minus sign in manpages 
And also other minor formating issues
 2013-10-16 15:12:10 -04:00
Eric Paris
628bcc69e2 policycoreutils: sepolgen: return and output constraint violation information 
update sepolgen to return constraint violation information.  Then output
that information in audit2allow.

Signed-off-by: Eric Paris <eparis@redhat.com>
 2012-09-12 15:08:56 -04:00
Eric Paris
9cc0749a73 policycoreutils: audit2allow: use audit2why internally 
Rather than do things ourselves, use audit2why.

Signed-off-by: Eric Paris <eparis@redhat.com>
 2011-11-02 16:22:05 -04:00
Eric Paris
468bff0952 tree: Makefiles: syntax, convert all ${VAR} to $(VAR) 
This is purely personal preference.  Most of the Makefiles use $() for
Makefile variables, but a couple of places use ${}.  Since this obscured
some later Makefile changes I figured I'd just make them all the same up
front.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
 2011-11-02 15:37:08 -04:00
Dan Walsh
b1331909a0 policycoreutils: sepolgen: audit2allow is mistakakenly not allowing valid module names 
module names must begin with a letter, optionally followed by letters,
numbers, "-", "_", "."\n'  some of these were being denied.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
 2011-09-16 11:54:03 -04:00
Eric Paris
f14912ee6e policycoreutils: audit2allow: sepolgen-ifgen use the attr helper 
This patch adds support to actually use the new sepolgen-ifgen attr
helper.  We included the helper which generates attribute information
but this patch makes use of it.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
 2011-09-15 19:20:42 -04:00
Eric Paris
f4ecef50b2 policycoreutils: audit2allow: use alternate policy file 
Add a --policy option to audit2allow to make it use an
alternate use specified policy instead of the running
policy.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
 2011-09-15 17:19:20 -04:00
Eric Paris
0b8af757b6 policycoreutils: Don't add user site directory to sys.path 
SELinux pythons applications should not allow the user to change the
sys.path

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
 2011-08-03 18:02:36 -04:00
Daniel J Walsh
71b51fdbd6 Rearranged audit2allow.1 to match the newer ways we use the tool. 
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
 2011-08-01 13:40:20 -04:00
Daniel J Walsh
03cd8c2d47 This patch allows audit2allow to look at all avc's since the last time the machine booted. 
Acked-by: Karl MacMillan <kmacmillan@tresys.com>
 2010-03-18 16:36:22 -04:00
Daniel J Walsh
f509e1e8b9 Audit2allow generating dontaudit rules. 
On 03/08/2010 11:11 AM, Karl MacMillan wrote:
> Accidentally sent this straight to Josh.
>
> Karl
>
> On Thu, Mar 4, 2010 at 4:46 PM, Karl MacMillan<karlwmacmillan@gmail.com>  wrote:
>
>> I meant this - I don't want to pass around a boolean flag when we have
>> a flag for rule type. This allows cleanly adding support for, say,
>> generating both allow rules and auditallow rules at the same time.
>>
>>
<snip>

Ok this one only adds a flag to the policygenerator to tell it to
generate dontaudit rules.

No passing of args.

Acked-by: Karl MacMillan <karlwmacmillan@gmail.com>
 2010-03-12 08:30:04 -05:00
Joshua Brindle
498861044a Author: Daniel J Walsh 
Email: dwalsh@redhat.com
Subject: audit2allow patch
Date: Tue, 13 Jan 2009 08:52:51 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Remove --tefile from manpage, option does not exist.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAklsnLIACgkQrlYvE4MpobOrGQCgs76GOeXnSKrLCX69GpCAiIZN
f4AAn312U9ill0sLCKWP1bsL661mctEH
=D9bQ
-----END PGP SIGNATURE-----

Signed-off-by: Joshua Brindle <method@manicmethod.com>
 2009-02-16 11:39:00 -05:00
Joshua Brindle
5cbb573fa5 Author: Daniel J Walsh 
Email: dwalsh@redhat.com
Subject: Small fixes for audit2allow
Date: Mon, 01 Dec 2008 15:19:09 -0500

Signed-off-by: Joshua Brindle <method@manicmethod.com>
 2009-01-12 10:19:59 -05:00
Joshua Brindle
cb69455465 Author: Daniel J Walsh 
Email: dwalsh@redhat.com
Subject: policycoreutils audit2allow patch
Date: Fri, 07 Nov 2008 09:36:44 -0500

audit2why can throw a runtime exception and typo in man page.

Signed-off-by: Joshua Brindle <method@manicmethod.com>
 2008-11-07 16:50:34 -05:00
Joshua Brindle
13cd4c8960 initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00