tequilaOS/platform_external_selinux
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
952 commits 1 branch 0 tags 17 MiB
Commit graph

428 commits

Author SHA1 Message Date
Dan Walsh
e8718ef514 Make sure we do the polkit check on all dbus interfaces. 
Change policy kit to only allow access on the console.
 2013-11-13 11:00:29 -05:00
Dan Walsh
ef102bf81a Call proper dbus function 
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
 2013-11-13 11:00:18 -05:00
Stephen Smalley
f0f1ff4470 Bump policycoreutils version for semanage import default encoding bug fix. 
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
 2013-11-06 09:29:05 -05:00
Daniel J Walsh
a2b443b214 Patch to remove default encoding patch. 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The default encoding patch, was never upstreamed.  default_encoding module
switched python2 to always use unicode.  Potentially in some languages
semanage will blow up when errors are reported.

The need for this patch is going away in python3, which should be the default
in Fedora 21/22.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlJ5DT4ACgkQrlYvE4MpobMvrgCfcEvZY4q7F17q9dbYJrHJXpae
Ut8AoM2TP99Ca0/lJAjoMTGsqr50P35/
=BHTe
-----END PGP SIGNATURE-----
 2013-11-06 09:27:17 -05:00
Stephen Smalley
ac74dde4ae Bump policycoreutils version for sepolicy generate bug fix. 
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
 2013-10-31 12:16:30 -04:00
Dan Walsh
b33b4f42d5 Make yum/extract_rpms optional so that apt based systems can use tool 2013-10-31 12:11:04 -04:00
Dan Walsh
e27d51b17e Add test suite for audit2allow and sepolgen_ifgen 2013-10-31 11:05:28 -04:00
Stephen Smalley
7c4bb77999 Version bump for release. 
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
 2013-10-30 12:45:19 -04:00
Stephen Smalley
8e5d465335 Update ChangeLog files. 
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
 2013-10-30 12:42:05 -04:00
Stephen Smalley
4b41f10db9 Merge branch 'constraintnames' 2013-10-30 11:56:36 -04:00
Stephen Smalley
e40b6ede5f Drop semodule_path; obsoleted by elimination of genhomedircon script. 
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
 2013-10-29 12:21:02 -04:00
Dan Walsh
3ddff86b8f Have audit2allow output additional constraint information 2013-10-29 08:49:52 -04:00
Dan Walsh
e3b1bb1ab7 Make sure userdel cleans up after itself in test 2013-10-28 17:04:45 -04:00
Dan Walsh
959a4e3177 Catch IOError errors within audit2allow 2013-10-28 17:04:36 -04:00
Dan Walsh
e3048525ad Michal Trunecka patch to allow restorecon to accept paths with {} 
The restorecon is unable to resolve paths using braced expressions like this: /sbin/

./restorecon:  lstat(/sbin/ip{6,}tables*) failed:  No such file or directory

The problem is that restorecon calls glob function without GLOB_BRACE flag, which en
 2013-10-25 16:12:40 -04:00
Stephen Smalley
a08010023b Update ChangeLogs and bump VERSIONs to an intermediate value. 
2.1.99 is just a placeholder to distinguish it from the prior release.
2.2 will be the released version.  Switching to 2-component versions.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
 2013-10-25 15:14:23 -04:00
Stephen Smalley
56258807ea Revert "Richard Haines patch that allows us discover constraint violation information" 
This reverts commit 56b49ab711.

Conflicts:
	libselinux/src/audit2why.c
 2013-10-25 13:53:03 -04:00
Stephen Smalley
99b070d5fc Merge branch 'fedora' into master-merge 2013-10-25 09:26:32 -04:00
Dan Walsh
cc131892c7 Need to delete all managed objects before readding them 2013-10-25 09:26:21 -04:00
Dan Walsh
4f63201788 semanage user customized should use -L not -l 
Fixes semanage extract/import problem.
 2013-10-25 09:26:18 -04:00
Stephen Smalley
f458b76076 Merge branch 'fedora' into master-merge 
Conflicts:
	libselinux/src/Makefile
	libselinux/src/selinux_config.c
	policycoreutils/audit2allow/audit2allow.1
	policycoreutils/scripts/fixfiles.8
	policycoreutils/semanage/semanage.8
	policycoreutils/sepolicy/Makefile
	policycoreutils/sepolicy/sepolicy/transition.py
	policycoreutils/setsebool/setsebool.8
 2013-10-24 15:24:17 -04:00
Stephen Smalley
50eedb1e1f Ignore genhomedircon link. 2013-10-24 15:11:01 -04:00
Dan Walsh
fc965a99c6 Remove test_booleans_l from test, it is bogus 2013-10-24 15:10:55 -04:00
Dan Walsh
6020fb0b1e Use power of 2 for STAR_COUNT 2013-10-24 13:58:41 -04:00
Dan Walsh
48663d5ca3 Need to document -o filename in usage statement 2013-10-24 13:58:41 -04:00
Dan Walsh
ca030ec85b setfiles should always return -1 on failures. 
Scripts that are looking for -1 failures were getting confused by 1 and > 1 erros.
We should be consistant on the error status.
 2013-10-24 13:58:41 -04:00
Dan Walsh
62c0cd6194 setsebool does not do a good job of reporting missing booleans. 
This patch will clearly tell the user that he tried to set a boolean that does not exist.
 2013-10-24 13:58:41 -04:00
Dan Walsh
1fd22fc498 Make setsebool be less verbose. 2013-10-24 13:58:41 -04:00
Dan Walsh
e6a1298e54 These are massive changes involved in building new GUI. 
Too difficult to break out into seperate patches at this point.
Since almost no other groups are using sepolicy yet, I will push together.
 2013-10-24 13:58:41 -04:00
Dan Walsh
43c9e8c7e2 Fix error when policy does not match the system. 2013-10-24 13:58:40 -04:00
Dan Walsh
d0b1e420e7 seinfo needs to work if mls is disabled. 
This patch stops seinfo from failing when MLS disabled.
 2013-10-24 13:58:40 -04:00
Dan Walsh
cc3df76279 Return the type aliases. 
We wanted this information in sepolicy.
 2013-10-24 13:58:40 -04:00
Dan Walsh
85d76c1671 Add new test suite for sepolicy tool set. 
This test should be run before we do any builds to make sure there are
no regressions
 2013-10-24 13:58:40 -04:00
Dan Walsh
0ebf819eb9 Add org.selinux.config.selinux.policy for use with policykit and pk_exec 2013-10-24 13:58:40 -04:00
Dan Walsh
678de8fda2 Change polgengui to use latest interfaces availabel in sepolicy toolchain. 2013-10-24 13:58:40 -04:00
Dan Walsh
953d4b6683 Mv some of the setup we were doing in the policycoreutils.spec file into the main code 
Basically add an icon, setup the desktop environment, setup system-config-selinux to run
via pkexec.
 2013-10-24 13:58:40 -04:00
Dan Walsh
5102ed4cb8 If users of seobject set serange or seuser to "", we need to override. 
Do not want bad data getting into the system
 2013-10-24 13:58:40 -04:00
Dan Walsh
417fc54d78 Fix customized of fcontext and booleans to return proper transaction code 2013-10-24 13:58:40 -04:00
Dan Walsh
6f24fe24f6 Make sure file equivalance target and source do not end with a / 2013-10-24 13:58:40 -04:00
Dan Walsh
9d815b2dbb <<none>> should be a valid type to be used with the semanage fcontext call 
Users want to add labels like

semanage fcontext -t <<none>> '/foobar(/.*)?'

This fix allows this to work.
 2013-10-24 13:58:40 -04:00
Dan Walsh
a9bf18c4a5 Return the level when looking at the customized changes of users. 
If someone specifies an initial level other then s0, we want to catch this and
report it in customized.
 2013-10-24 13:58:40 -04:00
Dan Walsh
3dafb1046d Add deleteall customizations field for modules. 
Basically if a user asks to delete all module custmization, this will remove all
disabled modules.
 2013-10-24 13:58:40 -04:00
Dan Walsh
ffe0052ad8 If a user specifies a module to add that does not exist print error. 
Currently we wait for libsemange to give us a random error, this gives a clean
error
 2013-10-24 13:58:40 -04:00
Dan Walsh
51a490b152 Only list disabled modules if the user ask for locallist on modules 2013-10-24 13:58:40 -04:00
Dan Walsh
7f70a2bf94 Add customized calls for modules to list disabled modules 2013-10-24 13:58:40 -04:00
Dan Walsh
8d7f15a95a Fix bug in logger. 
If you do not use auding, the syslog calls blows up because of this bug.
 2013-10-24 13:58:40 -04:00
Dan Walsh
3c1d51c01a Add new FILE_STRING constands 
Basically sepolicy is going to use single letters to indicate file types, need
to setup a dictionary to go back and forth between full names and short names.
 2013-10-24 13:58:40 -04:00
Dan Walsh
b15a87f254 Cleanup handling of translations code 2013-10-24 13:58:40 -04:00
Dan Walsh
1886d463c6 Fix lots of bugs in the bash completion script. 
Fixes include handling of roles.
Types
handling of impore/export commands.
 2013-10-24 13:58:40 -04:00
Dan Walsh
c1f763e293 Convert semanage command to use argparse 
This is the current way to do getopt handling in python. Really cleans up the
code and makes semanage command -h work nicely.
 2013-10-24 13:58:40 -04:00