tequilaOS/platform_external_selinux
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
882 commits 1 branch 0 tags 17 MiB
Commit graph

882 commits

This branch
This branch
All branches
Author SHA1 Message Date
Dan Walsh
4f63201788 semanage user customized should use -L not -l 
Fixes semanage extract/import problem.
 2013-10-25 09:26:18 -04:00
Stephen Smalley
50eedb1e1f Ignore genhomedircon link. 2013-10-24 15:11:01 -04:00
Stephen Smalley
cfada081f4 libsemanage gained a dependency on libaudit. 
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
 2013-10-24 15:10:57 -04:00
Dan Walsh
fc965a99c6 Remove test_booleans_l from test, it is bogus 2013-10-24 15:10:55 -04:00
Sven Vermeulen
52d52fe2d6 Make RANLIB variable overridable 
If the RANLIB variable is defined by the user, use that value instead of
the /usr/bin/ranlib binary.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
 2013-10-24 13:58:41 -04:00
Sven Vermeulen
e1ecb2cdb4 Update pkgconfig definition 
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
 2013-10-24 13:58:41 -04:00
Sven Vermeulen
6068fcb361 Mount sys before trying to mount selinuxfs 
If /sys is not present, the attempt to mount selinuxfs will of course
fail. So we try to mount /sys first (and only if that fails fall back to
the /selinux mount point) and then try to mount selinuxfs.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
 2013-10-24 13:58:41 -04:00
Dan Walsh
3b44fe10e5 Patch from Sven Vermeulen to use RANLIB. 
This will allow users to specify alternal ranlib commands.
 2013-10-24 13:58:41 -04:00
Dan Walsh
6020fb0b1e Use power of 2 for STAR_COUNT 2013-10-24 13:58:41 -04:00
Dan Walsh
48663d5ca3 Need to document -o filename in usage statement 2013-10-24 13:58:41 -04:00
Dan Walsh
ca030ec85b setfiles should always return -1 on failures. 
Scripts that are looking for -1 failures were getting confused by 1 and > 1 erros.
We should be consistant on the error status.
 2013-10-24 13:58:41 -04:00
Dan Walsh
62c0cd6194 setsebool does not do a good job of reporting missing booleans. 
This patch will clearly tell the user that he tried to set a boolean that does not exist.
 2013-10-24 13:58:41 -04:00
Dan Walsh
1fd22fc498 Make setsebool be less verbose. 2013-10-24 13:58:41 -04:00
Dan Walsh
e6a1298e54 These are massive changes involved in building new GUI. 
Too difficult to break out into seperate patches at this point.
Since almost no other groups are using sepolicy yet, I will push together.
 2013-10-24 13:58:41 -04:00
Dan Walsh
43c9e8c7e2 Fix error when policy does not match the system. 2013-10-24 13:58:40 -04:00
Dan Walsh
d0b1e420e7 seinfo needs to work if mls is disabled. 
This patch stops seinfo from failing when MLS disabled.
 2013-10-24 13:58:40 -04:00
Dan Walsh
cc3df76279 Return the type aliases. 
We wanted this information in sepolicy.
 2013-10-24 13:58:40 -04:00
Dan Walsh
85d76c1671 Add new test suite for sepolicy tool set. 
This test should be run before we do any builds to make sure there are
no regressions
 2013-10-24 13:58:40 -04:00
Dan Walsh
0ebf819eb9 Add org.selinux.config.selinux.policy for use with policykit and pk_exec 2013-10-24 13:58:40 -04:00
Dan Walsh
678de8fda2 Change polgengui to use latest interfaces availabel in sepolicy toolchain. 2013-10-24 13:58:40 -04:00
Dan Walsh
953d4b6683 Mv some of the setup we were doing in the policycoreutils.spec file into the main code 
Basically add an icon, setup the desktop environment, setup system-config-selinux to run
via pkexec.
 2013-10-24 13:58:40 -04:00
Dan Walsh
5102ed4cb8 If users of seobject set serange or seuser to "", we need to override. 
Do not want bad data getting into the system
 2013-10-24 13:58:40 -04:00
Dan Walsh
417fc54d78 Fix customized of fcontext and booleans to return proper transaction code 2013-10-24 13:58:40 -04:00
Dan Walsh
6f24fe24f6 Make sure file equivalance target and source do not end with a / 2013-10-24 13:58:40 -04:00
Dan Walsh
9d815b2dbb <<none>> should be a valid type to be used with the semanage fcontext call 
Users want to add labels like

semanage fcontext -t <<none>> '/foobar(/.*)?'

This fix allows this to work.
 2013-10-24 13:58:40 -04:00
Dan Walsh
a9bf18c4a5 Return the level when looking at the customized changes of users. 
If someone specifies an initial level other then s0, we want to catch this and
report it in customized.
 2013-10-24 13:58:40 -04:00
Dan Walsh
3dafb1046d Add deleteall customizations field for modules. 
Basically if a user asks to delete all module custmization, this will remove all
disabled modules.
 2013-10-24 13:58:40 -04:00
Dan Walsh
ffe0052ad8 If a user specifies a module to add that does not exist print error. 
Currently we wait for libsemange to give us a random error, this gives a clean
error
 2013-10-24 13:58:40 -04:00
Dan Walsh
51a490b152 Only list disabled modules if the user ask for locallist on modules 2013-10-24 13:58:40 -04:00
Dan Walsh
7f70a2bf94 Add customized calls for modules to list disabled modules 2013-10-24 13:58:40 -04:00
Dan Walsh
8d7f15a95a Fix bug in logger. 
If you do not use auding, the syslog calls blows up because of this bug.
 2013-10-24 13:58:40 -04:00
Dan Walsh
3c1d51c01a Add new FILE_STRING constands 
Basically sepolicy is going to use single letters to indicate file types, need
to setup a dictionary to go back and forth between full names and short names.
 2013-10-24 13:58:40 -04:00
Dan Walsh
b15a87f254 Cleanup handling of translations code 2013-10-24 13:58:40 -04:00
Dan Walsh
1886d463c6 Fix lots of bugs in the bash completion script. 
Fixes include handling of roles.
Types
handling of impore/export commands.
 2013-10-24 13:58:40 -04:00
Dan Walsh
c1f763e293 Convert semanage command to use argparse 
This is the current way to do getopt handling in python. Really cleans up the
code and makes semanage command -h work nicely.
 2013-10-24 13:58:40 -04:00
Dan Walsh
9aea9f3a4d Add test script for testing semanage functionality. 
This script should be run before all commits of changes to the semanage
command to make sure you do not have any regressions.
 2013-10-24 13:58:40 -04:00
Dan Walsh
1925e1e91d Break the semanage man page into different man pages per category. 
This adds a lot of new man pages but cleans up the descriptions and makes it
much easier to handle.
 2013-10-24 13:58:40 -04:00
Dan Walsh
a9dfbeeb72 bash completsion scripts have moved. 
This patch moves the semanage bash completion script to the new location.
 2013-10-24 13:58:39 -04:00
Dan Walsh
91d0de4adf genhomedircon is no longer a script, but a link to semodule 2013-10-24 13:58:39 -04:00
Dan Walsh
790ae0a0e2 Fix spelling 2013-10-24 13:58:39 -04:00
Dan Walsh
2910ca2185 Lots of fixes for fixfiles 
Fix check for seclabel flag.
Restorecon commands should always use FORCEFLAG command if passed in.
Found a bug in handling of regex difference
All restorecon commands should use the exclude file path call.
Only cleanup /tmp on a Full Relabel, not a Check.
Set BOOTIME flag in /.autorelabel file, so that we can only relabel
files created since this time.  Should speed up relabel.
 2013-10-24 13:58:39 -04:00
Dan Walsh
e63a8fa875 Give people who use run_init or newrole an indicator to make it not ask for passwords 2013-10-24 13:58:39 -04:00
Dan Walsh
f2051b20fa Handle cleanup of locks properly 2013-10-24 13:58:39 -04:00
Dan Walsh
53ccfb3b4d Add support for systemd service for restorecond 2013-10-24 13:58:39 -04:00
Dan Walsh
f1a5a0ad6c Fix spelling mistake 2013-10-24 13:58:39 -04:00
Dan Walsh
e4488ecd87 Allow users to have homedir as a symbolic link but mount on the homedir 
Also do not error out on setfsuid if errno == success.  This breaks on systems
that use file capabilities rather then on setuid apps.
 2013-10-24 13:58:39 -04:00
Dan Walsh
a387e158f5 Xephry now supports resizable flag 2013-10-24 13:58:39 -04:00
Dan Walsh
9e0c737307 Swith to using openbox for window manager rather then matchbox 
openbox has an upstream where matchbox is dead.

Also remove VERSION string since not used.
sandbox_file_t is only file type allowed.
 2013-10-24 13:58:39 -04:00
Dan Walsh
ae1cedbac8 Handle audit2allow and audit2why with the same executable Remove audit2why directory and combine this into audit2allow directory 2013-10-24 13:58:39 -04:00
Dan Walsh
f7d40d920c We were asked to open output file for append rather then write. 2013-10-24 13:58:39 -04:00