Commit graph

860 commits

Author SHA1 Message Date
Joshua Brindle
1dce6736bd Author: Daniel J Walsh
Email: dwalsh@redhat.com
Subject: Latest translations of SELinux policoreutils patch
Date: Fri, 12 Sep 2008 11:57:31 -0400

http://people.fedoraproject.org/~dwalsh/SELinux/policycoreutils-po.patch
2008-09-18 09:52:36 -04:00
Joshua Brindle
a4c9f58e03 Author: Daniel J Walsh
Email: dwalsh@redhat.com
Subject: Changes to semanage to allow it to handle transactions.
Date: Fri, 12 Sep 2008 11:52:31 -0400

Joshua Brindle wrote:
> Daniel J Walsh wrote:
> semanage -S targeted -i - << __eof
> user -a -P user -R "unconfined_r system_r" -r s0-s0:c0.c1023 unconfined_u
> user -a -P user -R guest_r guest_u
> user -a -P user -R xguest_r xguest_u
> __eof
> semanage -S targeted -i - << __eof
> login -m  -s unconfined_u -r s0-s0:c0.c1023 __default__
> login -m  -s unconfined_u -r s0-s0:c0.c1023 root
> __eof
>
> So you can add multiple records in a single pass.
>>

> This patch seems to cause some issues:

> [root@misterfreeze selinux-pristine]# semanage --help
> Traceback (most recent call last):
>   File "/usr/sbin/semanage", line 433, in <module>
>     usage(_("Requires 2 or more arguments"))
>   File "/usr/sbin/semanage", line 98, in usage
>     """) % message)
> TypeError: float argument required

Patch off your latest policycoreutils.

Signed-off-by: Joshua Brindle <method@manicmethod.com>
2008-09-07 22:00:20 -04:00
Joshua Brindle
5214ee3d97 bump policycoreutils to 2.0.56 and sepolgen to 1.0.14 2008-09-07 18:57:50 -04:00
Joshua Brindle
f33c230526 Author: Daniel J Walsh
Email: dwalsh@redhat.com
Subject: Changes to semanage to allow it to handle transactions.
Date: Mon, 08 Sep 2008 15:05:36 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

semanage -S targeted -i - << __eof
user -a -P user -R "unconfined_r system_r" -r s0-s0:c0.c1023 unconfined_u
user -a -P user -R guest_r guest_u
user -a -P user -R xguest_r xguest_u
__eof
semanage -S targeted -i - << __eof
login -m  -s unconfined_u -r s0-s0:c0.c1023 __default__
login -m  -s unconfined_u -r s0-s0:c0.c1023 root
__eof

So you can add multiple records in a single pass.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkjFd4AACgkQrlYvE4MpobMaoQCgxeqYTX2mpRIiIr0461/fvblU
3fQAoIbM8x9rWL0f8iPz0UeoM2mf60XW
=hxC3
-----END PGP SIGNATURE-----

Signed-off-by: Joshua Brindle <method@manicmethod.com>
2008-09-07 18:53:26 -04:00
Joshua Brindle
64d7ef5d44 Author: Daniel J Walsh
Email: dwalsh@redhat.com
Subject: Add glob support for restorecond
Date: Mon, 08 Sep 2008 15:03:51 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have added supported for GLOB expressions in restorecond.  In order to
get nsplugin to work well, you need all of the contents of the homedir
labeled correctly.  Unfortunately gnome creates directories at a fairly
random pace.  FCFS.  So it is very difficult to get transitions to
happen properly.  As a tradeoff, we can use restorecond to watch the
homedir and relabel the directory when it is created.  I know this is a
potential race condition. where some of the files created in the
directory will still have the wrong context, but I don't know of a
better solution.

Telling everyone they need to restorcon -R -v ~ is not a great solution.
 If you are worried about information flow you should never rely on
restorecond.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkjFdxcACgkQrlYvE4MpobPtjACg3uyqaHD78FRxdaG5mfitnoB/
lh0AnjvfDC2vmCWisxzWq2qFsZMMu3XK
=JiG7
-----END PGP SIGNATURE-----

Signed-off-by: Joshua Brindle <method@manicmethod.com>
2008-09-07 18:51:09 -04:00
Joshua Brindle
2928ff2189 Author: Daniel J Walsh
Email: dwalsh@redhat.com
Subject: fixfiles fixes
Date: Mon, 08 Sep 2008 15:03:35 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Removes all files from /tmp, previous one would leave /tmp/.a and /tmp/.b

Fixed context on unlabeled_t and file_t files in /tmp and /var/tmp.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkjFdwYACgkQrlYvE4MpobMZJACfRsCuVFja3fvYZYtptyW2h3lH
yAQAn0xmDAYELt+res60OIcL3UDrUFRv
=09W1
-----END PGP SIGNATURE-----

Signed-off-by: Joshua Brindle <method@manicmethod.com>
2008-09-07 18:47:23 -04:00
Stephen Smalley
107d46ff3e Update policycoreutils VERSION and ChangeLog. 2008-08-26 09:40:22 -04:00
Stephen Smalley
55fe3dbba5 Fix locallist (-lC) functionality for semanage node. 2008-08-26 09:36:09 -04:00
Christian Kuester
49706ad9f8 Revised Patch for local nodecon support in semanage (was: Adding local nodecon's through semanage)
Stephen Smalley schrieb:

Hi List,

> On Tue, 2008-07-08 at 08:30 -0400, Stephen Smalley wrote:
>> On Tue, 2008-07-08 at 12:13 +0200, Christian Kuester wrote:
>>>> Other tidbits on the semanage patch that I noticed:
>>>> - semanage node -l was broken, requires additional argument that has
>>>> been added to the list methods subsequently.  Also would be nice to
>>>> support locallist/-C option.
>>>> - semanage node -p option should take a string rather than an integer
>>>> and map it to the proper symbolic constant for ipv4/ipv6.
>> Please be sure to test each of the nodeRecords methods.
> Are you still pursuing getting this cleaned up and merged?

Sorry, it took some time. The revised patch for nodecon support in
the semanage tool is attached.

It now takes strings as arguments for the ip protocol. list/locallist
work as expected and output is more readable. I also made changes for
the semanage.8 man page.

Kind Regards,
Christian

--
tarent Gesellschaft für Softwareentwicklung und IT-Beratung mbH

Heilsbachstr. 24, 53123 Bonn  | Poststr. 4-5, 10178 Berlin
fon: +49(228) / 52675-0       | fon: +49(30) / 27594853
fax: +49(228) / 52675-25      | fax: +49(30) / 78709617

Geschäftsführer
Boris Esser, Elmar Geese
HRB AG Bonn 5168
Ust-ID: DE122264941

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2008-08-21 16:48:03 -04:00
Joshua Brindle
13cd4c8960 initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00