3ff0579778e7ca294fa3e5232a60806407434a00 |
07-May-2015 |
Stephen Smalley <sds@tycho.nsa.gov> |
Update libselinux ChangeLog. (cherry picked from commit fe0366b8edaf2a2752240cfada657f6273113c55) Change-Id: I00b1eb520a95bb2f242cdf4fd6dfdb00face47f4
hangeLog
|
ce633ba7e938be2773a77f750b7f6f78732a690e |
07-May-2015 |
Richard Haines <richard_c_haines@btinternet.com> |
libselinux: Fix core dumps with corrupt *.bin files Check buffer address limits when processing *.bin files to catch any over-runs. On failure process text file instead. To test, the bin files were corrupted by adding and removing various bits of data. Various file sizes were also checked and all were caught by the patch. (cherry picked from commit a351eb01a8238c1bd465619c6c5885c2da1c6663) Change-Id: I3fcecbb02f8f73e516695a82efbe497fff0788a7 Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
rc/label_file.c
|
de4f82bb7ffb593b27952fcbed2a332d3bd5597b |
21-Apr-2015 |
Steve Lawrence <slawrence@tresys.com> |
Move ChangeLog entry to the correct project
hangeLog
|
42ac8d6dc4c999a0a9b5347f20159a6732cec253 |
21-Apr-2015 |
Miro Hrončok <mhroncok@redhat.com> |
libselinux: selinux.py - use os.walk() instead of os.path.walk() os.path.walk() function is deprecated and has been removed in Python 3 Signed-off-by: Petr Lautrbach <plautrba@redhat.com> Acked-by: Steve Lawrence <slawrence@tresys.com>
rc/selinuxswig_python.i
|
27d5377cc7e3512877ffb9586eed1344c8294672 |
17-Apr-2015 |
Stephen Smalley <sds@tycho.nsa.gov> |
Updated libselinux ChangeLog. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
hangeLog
|
685f4aeeadc0b60f3770404d4f149610d656e3c8 |
17-Apr-2015 |
Stephen Smalley <sds@tycho.nsa.gov> |
libselinux: is_selinux_enabled(): drop no-policy-loaded test. SELinux can be disabled via the selinux=0 kernel parameter or via /sys/fs/selinux/disable (triggered by setting SELINUX=disabled in /etc/selinux/config). In either case, selinuxfs will be unmounted and unregistered and therefore it is sufficient to check for the selinuxfs mount. We do not need to check for no-policy-loaded and treat that as SELinux-disabled anymore; that is a relic of Fedora Core 2 days. Drop the no-policy-loaded test, which was a bit of a hack anyway (checking whether getcon_raw() returned "kernel" as that can only happen if no policy is yet loaded and therefore security_sid_to_context() only has the initial SID name available to return as the context). May possibly fix https://bugzilla.redhat.com/show_bug.cgi?id=1195074 by virtue of removing the call to getcon_raw() and therefore avoiding use of tls on is_selinux_enabled() calls. Regardless, it will make is_selinux_enabled() faster and simpler. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
rc/enabled.c
|
974f565415b595e7307b2f792af27a012d010edb |
16-Apr-2015 |
Stephen Smalley <sds@tycho.nsa.gov> |
Update libselinux ChangeLog. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
hangeLog
|
082f1d1274bac6fafa0d107f5780730eb9fb5172 |
16-Apr-2015 |
Stephen Smalley <sds@tycho.nsa.gov> |
libselinux: Remove deprecated mudflap option. The mudflap run time checker was removed in GCC 4.9. The option no longer does anything and triggers a warning from gcc 4.9 and later. Remove it. We might want to add -fsanitize=address to enable AddressSanitizer in its place, but that should be a separate change. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
rc/Makefile
tils/Makefile
|
c4bd3964928d099d4857ca5229a3e1d7effa40fd |
16-Apr-2015 |
Stephen Smalley <sds@tycho.nsa.gov> |
Update libselinux ChangeLog. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
hangeLog
|
9df498884665d79474b79f0f30d1cd67df11bd3e |
15-Apr-2015 |
Ben Shelton <ben.shelton@ni.com> |
libselinux: Mount procfs before checking /proc/filesystems In the case where the SELinux security module is not loaded in the kernel and it's early enough in the boot process that /proc has not yet been mounted, selinuxfs_exists() will incorrectly return 1, and selinux_init_load_policy() will print a message like this to the console: Mount failed for selinuxfs on /sys/fs/selinux: No such file or directory To fix this, mount the procfs before attempting to open /proc/filesystems, and unmount it when done if it was initially not mounted. This is the same thing that selinux_init_load_policy() does when reading /proc/cmdline. Signed-off-by: Ben Shelton <ben.shelton@ni.com>
rc/init.c
|
50788b155db801d32c3f5c21983121260ea66788 |
13-Mar-2015 |
Stephen Smalley <sds@tycho.nsa.gov> |
Update libselinux and policycoreutils ChangeLog. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
hangeLog
|
417cb8d076a31c57710429b255aebc595613eb6b |
13-Mar-2015 |
Petr Lautrbach <plautrba@redhat.com> |
Fix -Wformat errors Fixes two types of errors which appear when building with gcc-5.0.0 - format ‘%d’ expects argument of type ‘int’, but argument X has type ‘unsigned int’ - format ‘%a’ expects argument of type ‘float *’, but argument X has type ‘char **’ Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
rc/avc.c
rc/avc_internal.c
rc/avc_sidtab.c
rc/label_android_property.c
rc/label_db.c
rc/label_file.c
rc/label_media.c
rc/label_x.c
rc/matchpathcon.c
tils/sefcontext_compile.c
tils/togglesebool.c
|
ae44b7bb397529cfb2046ac5541c858f6926b007 |
24-Feb-2015 |
Stephen Smalley <sds@tycho.nsa.gov> |
libselinux: sefcontext_compile: handle newlines in file names restorecon on file names with newlines are not handled properly. Use PCRE_DOTALL so that dots in regular expressions match all characters, and don't exclude the newline character. See https://www.mail-archive.com/seandroid-list@tycho.nsa.gov/msg02001.html for background. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
tils/sefcontext_compile.c
|
07ed7784cf1204053f889b139691d41f226a72b4 |
24-Feb-2015 |
Stephen Smalley <sds@tycho.nsa.gov> |
Update libselinux ChangeLog. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
hangeLog
|
716e3820c571fa082f2a57c040802c54ed422f37 |
24-Feb-2015 |
Nick Kralevich <nnk@google.com> |
libselinux: label_file: handle newlines in file names restorecon on file names with newlines are not handled properly. Use PCRE_DOTALL so that dots in regular expressions match all characters, and don't exclude the newline character. See https://www.mail-archive.com/seandroid-list@tycho.nsa.gov/msg02001.html for background. Change-Id: I0dde8f2567305f746d19ebd75a9e2add7406eb9a Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
rc/label_file.c
|
b2beb5304d10f5a43c3b68bf3519ad0ca4001d71 |
23-Feb-2015 |
Stephen Smalley <sds@tycho.nsa.gov> |
Update libselinux Changelog. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
hangeLog
|
2d5ac1c9317edf2b9dcf5cce604c1c461f1322ce |
23-Feb-2015 |
Stephen Smalley <sds@tycho.nsa.gov> |
libselinux: getcon.3: Fix setcon description. The man page description for setcon() was never updated for the introduction of bounded transitions in Linux 2.6.28. Update it. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
an/man3/getcon.3
|
d8b2a0ab50c2b90ccfaa49c9c9a28f9191b4c427 |
13-Feb-2015 |
Stephen Smalley <sds@tycho.nsa.gov> |
Update libselinux and policycoreutils ChangeLogs. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
hangeLog
|
914e591c416ae6145588a99f8cd3f02b8468accf |
13-Feb-2015 |
Stephen Smalley <sds@tycho.nsa.gov> |
libselinux: fix audit2why error handling if SELinux is disabled. If SELinux is disabled, then selinux_current_policy_path() returns NULL. At present, if you run audit2allow on a SELinux-disabled host without the -p option, you get: unable to open (null): Bad address We haven't seen this because most people running audit2allow are doing it on SELinux-enabled hosts and using the host policy. But for Android, the build host OS often has SELinux disabled and we need to pass audit2allow the path to the Android policy. Handle this case and provide a hint to the user. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
rc/audit2why.c
|
54075fb3cda1a01c82eafc0858cfa63212ad6914 |
03-Feb-2015 |
Stephen Smalley <sds@tycho.nsa.gov> |
Update libselinux and libsepol ChangeLogs. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
hangeLog
|
14342674191ca11c4455ff7ac9b76b05173eb575 |
02-Feb-2015 |
Stephen Smalley <sds@tycho.nsa.gov> |
libselinux: pcre_study can return NULL without error. Per the man page, pcre_study can return NULL without error if it could not find any additional information. Errors are indicated by the combination of a NULL return value and a non-NULL error string. Fix the handling so that we do not incorrectly reject file_contexts entries. Change-Id: I2e7b7e01d85d96dd7fe78545d3ee3834281c4eba Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
rc/label_file.c
|
eb0ba200b513d05d176e10a85061fdf01d0426f7 |
24-Jan-2013 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
libselinux: Adjustments to android property backend. Allow the android property backend parser to accept the SELABEL_OPT_VALIDATE option and to perform a validate callback. Extracted from the Android external/libselinux tree. Change-Id: If061502c5e2489a1155798fac1d8357dbb8d13ba Signed-off-by: Robert Craig <rpcraig@tycho.ncsc.mil>
rc/label_android_property.c
|
2fa21cc840bce76274ba5d1b9ddbb0abebfaf06d |
14-Sep-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
libselinux: Only check SELinux enabled status once in selinux_check_access(). Move the SELinux enabled check to the once handler so that we do not perform this on each call to selinux_check_access(). Reduces overhead in both the SELinux-enabled and the SELinux-disabled cases. Extracted from the Android external/libselinux tree. Change-Id: I61fe85bc04fe53cbf840ba712c81bdb06e4e0c2f Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
rc/checkAccess.c
|
f0c9966f881211dcde89cfcad93f0360a71f959a |
02-Feb-2015 |
Steve Lawrence <slawrence@tresys.com> |
Bump to final release
hangeLog
ERSION
|
823ebc8c6b89cb6531fcd943ddb8059bd8743dd9 |
02-Dec-2014 |
Steve Lawrence <slawrence@tresys.com> |
Bump to release candidate 7
hangeLog
ERSION
|
07e75a9cc711b46e4c691defbb570624d2c5b2d7 |
12-Nov-2014 |
Steve Lawrence <slawrence@tresys.com> |
Bump to release candidate 6
hangeLog
ERSION
|
d1db56c52bf35039f37e809ae74052c484158874 |
29-Oct-2014 |
Steve Lawrence <slawrence@tresys.com> |
Bump to release candidate 5
hangeLog
ERSION
|
71393a181d63c9baae5fe8dcaeb9411d1f253998 |
20-Oct-2014 |
Steve Lawrence <slawrence@tresys.com> |
libselinux: libsepol: use ln --relative to create .so symlinks The current build system assumes SHLIBDIR is ../../ relative to LIBDIR. However, this isn't always the case. For example, Arch Linux sets both LIBDIR and SHLIBDIR to /usr/lib, which results in broken symlinks. Instead of making that assumption, create .so symlinks using ln --relative so that the correct relative paths are used. Note that this adds a dependency for the build system to use coretuils-8.16 or later. Fixes #2 Reported-by: Nicolas Iooss <nicolas.iooss@m4x.org> Signed-off-by: Steve Lawrence <slawrence@tresys.com>
rc/Makefile
|
6280387034812da544cd8b13dbdc91078af7d731 |
06-Oct-2014 |
Steve Lawrence <slawrence@tresys.com> |
Bump to release candidate 4
hangeLog
ERSION
|
ff5bbe6dcf79fc074b1379bed5cc5fdb32ede8aa |
01-Oct-2014 |
Steve Lawrence <slawrence@tresys.com> |
Bump VERSION/ChangeLog for release candidate 3 Signed-off-by: Steve Lawrence <slawrence@tresys.com>
hangeLog
ERSION
|
ae5de8ae697675ce674262f10a54fe3b37968a70 |
14-Sep-2014 |
Nicolas Iooss <nicolas.iooss@m4x.org> |
libselinux: fix gcc -Wsign-compare warnings Acked-by: Steve Lawrence <slawrence@tresys.com>
rc/label_file.c
rc/label_file.h
tils/sefcontext_compile.c
|
1550132edea4f74003c4c63f085b6c8cebee4607 |
31-Aug-2014 |
Laurent Bigonville <bigon@bigon.be> |
libselinux: man: Add missing manpage links to security_load_policy.3 Add the missing manpage link for selinux_init_load_policy(3) and selinux_mkload_policy(3) to security_load_policy(3) https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753803 Acked-by: Steve Lawrence <slawrence@tresys.com>
an/man3/selinux_init_load_policy.3
an/man3/selinux_mkload_policy.3
|
213c3189d058ca512ff92552414f6ece1c5362e2 |
27-Aug-2014 |
Steve Lawrence <slawrence@tresys.com> |
Bump versions for r2 Signed-off-by: Steve Lawrence <slawrence@tresys.com>
hangeLog
ERSION
|
8f9d3a7c95249116473b8d9d56f0a040e231a83c |
26-Aug-2014 |
Steve Lawrence <slawrence@tresys.com> |
Fix typos in ChangeLog and Versions
hangeLog
|
79fd2d06abf2e6e4e566e5fc57ae7a44e0b5dc7e |
26-Aug-2014 |
Steve Lawrence <slawrence@tresys.com> |
Bump versions and update ChangeLog Signed-off-by: Steve Lawrence <slawrence@tresys.com>
hangeLog
ERSION
|
70b23853a87551604474abd9c1b0188d80e7f64e |
16-Aug-2014 |
Dan Walsh <dwalsh@redhat.com> |
libselinux: Compiled file context files and the original should have the same permissions Currently the compiled file context files can end up with different permissions then the original. This can lead to non priv users not being able to read the compiled versions.
tils/sefcontext_compile.c
|
76913d8adb61b5afe28fd3b4ce91feab29e284dd |
09-Jul-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Deprecate use of flask.h and av_permissions.h. Also remove all internal uses by libselinux. This requires deleting the old class/perm string lookup tables and compatibility code for kernels that predate the /sys/fs/selinux/class tree, i.e. Linux < 2.6.23. This also fixes a longstanding bug in the stringrep code; it was allocating NVECTORS (number of vectors in the legacy av_perm_to_string table, i.e. the total number of legacy permissions) entries in the per-class perms array rather than MAXVECTORS (the maximum number of permissions in any access vector). Ho hum. I already fixed this in Android but forgot it here. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
nclude/selinux/av_permissions.h
nclude/selinux/flask.h
rc/av_inherit.h
rc/av_perm_to_string.h
rc/checkAccess.c
rc/class_to_string.h
rc/common_perm_to_string.h
rc/selinuxswig.i
rc/setexecfilecon.c
rc/stringrep.c
tils/selinuxexeccon.c
|
ac33098a807671204720aae97d6bcf6429d3fa92 |
09-Jul-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Add pcre version string to the compiled file_contexts format. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
rc/label_file.c
rc/label_file.h
tils/sefcontext_compile.c
|
7bdc38ccb21133155658279895b10ceb347b0b5a |
08-Jul-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Log an error on unknown classes and permissions. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
rc/checkAccess.c
|
056efe85d6f133a3f42aa224d7fc34ed8eb7789b |
25-Jun-2014 |
Artyom Smirnov <artyom.smirnov@red-soft.biz> |
Add db_exception and db_datatype support to label_db backend Hi, in https://github.com/TresysTechnology/refpolicy/pull/1 db_exception and db_datatype were added to reference policy. This small patch extends ability of label_db backend to work with these objects. Regards.
nclude/selinux/label.h
an/man5/selabel_db.5
rc/label_db.c
|
78c9c97ab95e71b37ade2fbc162ca405d76c2b74 |
23-May-2014 |
Nicolas Iooss <nicolas.iooss@m4x.org> |
libselinux: fix typo in man page
an/man8/selinux.8
|
241fac27288a431198ac2fa72198b5a799a91775 |
29-Apr-2014 |
Will Woods <wwoods@redhat.com> |
selinux_init_load_policy: setenforce(0) if security_disable() fails If you run selinux_init_load_policy() after a chroot/switch-root, it's possible that your *previous* root loaded policy, but your *new* root wants SELinux disabled. We can't disable SELinux in this case, but we *do* need to make sure it's permissive. Otherwise we may continue to enforce the old policy. So, if seconfig = -1, but security_disable() fails, we set *enforce=0, and then let the existing code handle the security_{get,set}enforce stuff. Once that's handled, exit with failure via "goto noload", as before.
rc/load_policy.c
|
1e6482134b9dc2e4480a1cecaf1d366c9d42b0e7 |
06-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Bump version and update ChangeLog for release. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
hangeLog
ERSION
|
35b3c259a7770538b4fd702007f726ef93f155a3 |
25-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
2.3-rc1 (release candidate 1). Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
hangeLog
ERSION
|
269b45c8bbf7d2e3c7f82e65f136e984641254b8 |
19-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Update libselinux/ChangeLog for next. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
hangeLog
|
9eb9c9327563014ad6a807814e7975424642d5b9 |
19-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Get rid of security_context_t and fix const declarations. In attempting to enable building various part of Android with -Wall -Werror, we found that the const security_context_t declarations in libselinux are incorrect; const char * was intended, but const security_context_t translates to char * const and triggers warnings on passing const char * from the caller. Easiest fix is to replace them all with const char *. And while we are at it, just get rid of all usage of security_context_t itself as it adds no value - there is no true encapsulation of the security context strings and callers already directly use string functions on them. typedef left to permit building legacy users until such a time as all are updated. This is a port of Change-Id I2f9df7bb9f575f76024c3e5f5b660345da2931a7 from Android, augmented to deal with all of the other code in upstream libselinux and updating the man pages too. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Eric Paris <eparis@redhat.com>
nclude/selinux/avc.h
nclude/selinux/get_context_list.h
nclude/selinux/label.h
nclude/selinux/selinux.h
an/man3/avc_context_to_sid.3
an/man3/get_ordered_context_list.3
an/man3/getcon.3
an/man3/getexeccon.3
an/man3/getfilecon.3
an/man3/getfscreatecon.3
an/man3/getkeycreatecon.3
an/man3/getsockcreatecon.3
an/man3/is_context_customizable.3
an/man3/matchmediacon.3
an/man3/matchpathcon.3
an/man3/security_check_context.3
an/man3/security_compute_av.3
an/man3/selabel_lookup.3
an/man3/selinux_check_securetty_context.3
an/man3/selinux_file_context_cmp.3
an/man3/selinux_raw_context_to_color.3
an/man3/selinux_set_callback.3
an/man3/setfilecon.3
an/man5/selabel_db.5
an/man5/selabel_file.5
an/man5/selabel_media.5
an/man5/selabel_x.5
rc/audit2why.c
rc/avc.c
rc/avc_sidtab.c
rc/avc_sidtab.h
rc/callbacks.c
rc/callbacks.h
rc/canonicalize_context.c
rc/checkAccess.c
rc/check_context.c
rc/compute_av.c
rc/compute_create.c
rc/compute_member.c
rc/compute_relabel.c
rc/compute_user.c
rc/enabled.c
rc/fgetfilecon.c
rc/freecon.c
rc/freeconary.c
rc/fsetfilecon.c
rc/get_context_list.c
rc/get_initial_context.c
rc/getfilecon.c
rc/getpeercon.c
rc/is_customizable_type.c
rc/label.c
rc/label_internal.h
rc/lgetfilecon.c
rc/lsetfilecon.c
rc/matchmediacon.c
rc/matchpathcon.c
rc/procattr.c
rc/query_user_context.c
rc/selinux_check_securetty_context.c
rc/selinuxswig.i
rc/selinuxswig_python.i
rc/selinuxswig_ruby.i
rc/setexecfilecon.c
rc/setfilecon.c
rc/setrans_client.c
tils/getconlist.c
tils/getdefaultcon.c
tils/getseuser.c
tils/matchpathcon.c
tils/selinuxexeccon.c
|
1cb368636bdaf465cd63178a0692db38865e943b |
06-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Updated libselinux/ChangeLog for next. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
hangeLog
|
a2737333c795cae2aa4e31deed95a8e155d64d4a |
20-Nov-2012 |
Guillem Jover <guillem@debian.org> |
libselinux: Refactor rpm_execcon() into a new setexecfilecon() This new function allows a process to invoke helper programs with a new execution context based on the filename, this is initially intended for package managers so that they can easily execute package scriptlets or maintainer scripts. Base rpm_execcon() off this new function. Signed-off-by: Guillem Jover <guillem@debian.org>
akefile
nclude/selinux/selinux.h
an/man3/getexeccon.3
rc/Makefile
rc/rpm.c
rc/setexecfilecon.c
|
2ba1541f218234b2b9fd39dc6a766f5ff9d0908c |
30-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Merge branch 'master' into next
|
edc2e99687b050d5be21a78a66d038aa1fc068d9 |
30-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
libselinux 2.2.2 - userspace AVC per-domain permissive handling fix. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
hangeLog
ERSION
|
dcd8167f7722c1f00c71f54af5425434da2d6cbc |
30-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Coding style fix for sizeof operator. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
rc/avc.c
|
85a42ec87d51daad9f99ffa972a5a22542d9d928 |
23-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Fix a bug in the userspace AVC that broke per-domain permissive mode. Failure to copy the entire av_decision structure, including the flags field, would prevent preservation of the SELINUX_AVD_FLAGS_PERMISSIVE flag and thus cause per-domain permissive to not be honored for userspace permission checks. Also ensure that we clear the entire structure. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
rc/avc.c
|
d24fb6834d8089832a24e80d862d5944e3781b43 |
07-Nov-2013 |
Colin Walters <walters@verbum.org> |
selinux_set_mapping: Document it This patch may not actually be useful since there's a man page.
nclude/selinux/selinux.h
|
27238433ada38171af58a711313cccaccc4c1227 |
06-Nov-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Bump libselinux version to 2.2.1 for pkg-config fix. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
hangeLog
ERSION
|
7e7916932b6a1bfc26acafccd1ee76fbdb416f73 |
06-Nov-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Remove -lpthread from pkg-config file. libselinux uses weak bindings to pthread functions and will fall back to non-threaded implementations if the caller is not linked with libpthread. Avoid requiring all users of libselinux to link with libpthread. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
rc/libselinux.pc.in
|
7c4bb77999e6fab77547feb404a032ecc917e1b6 |
30-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Version bump for release. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
hangeLog
ERSION
|
8e5d4653353abc594172058d7e994bf39c6d28df |
30-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Update ChangeLog files. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
hangeLog
|
9792099fd7847266377df151e7738f9b38ffc18d |
20-May-2013 |
Laurent Bigonville <bigon@bigon.be> |
Properly build the swig exception file even if the headers are missing During build if the headers are not installed in the system path, the generated swig exception (.i) file might be empty.
rc/exception.sh
|
6d0f11142172ef8a827e53e871030d26829ab39f |
28-Oct-2013 |
Dan Walsh <dwalsh@redhat.com> |
Change audit2why to return constraint information on denial. This patch uses Richard Haines fixes in libsepol to help identify which constraint is blocking access. The end goal is helping policy writers and administrators to diagnose issues with their policy.
rc/audit2why.c
|
8b114a3bf25b7b818910cca77528de80cdb953f8 |
28-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Fix avc_has_perm() returns -1 even when SELinux is in permissive mode. If we get an EINVAL from security_compute_av* (indicates an invalid source or target security context, likely due to a policy reload that removed one or the other) and we are in permissive mode, then handle it like any other permission denial, i.e. log but do not deny it. Reported-by: Laurent Bigonville <bigon@debian.org> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
rc/avc.c
|
a08010023b9fe66e8df5c187a53d93bfb0f2b939 |
25-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Update ChangeLogs and bump VERSIONs to an intermediate value. 2.1.99 is just a placeholder to distinguish it from the prior release. 2.2 will be the released version. Switching to 2-component versions. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
hangeLog
ERSION
|
56258807ea4b33cf3c7a1dbf1b574ab77c91f899 |
25-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Revert "Richard Haines patch that allows us discover constraint violation information" This reverts commit 56b49ab7114f367f46b70e41d84dc7e6d52d5209. Conflicts: libselinux/src/audit2why.c
rc/audit2why.c
|
f458b7607618ad3d95568b595065c745c3c69022 |
24-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Merge branch 'fedora' into master-merge Conflicts: libselinux/src/Makefile libselinux/src/selinux_config.c policycoreutils/audit2allow/audit2allow.1 policycoreutils/scripts/fixfiles.8 policycoreutils/semanage/semanage.8 policycoreutils/sepolicy/Makefile policycoreutils/sepolicy/sepolicy/transition.py policycoreutils/setsebool/setsebool.8
|
52d52fe2d679b546e7205a5224e550860839c415 |
25-Sep-2013 |
Sven Vermeulen <sven.vermeulen@siphos.be> |
Make RANLIB variable overridable If the RANLIB variable is defined by the user, use that value instead of the /usr/bin/ranlib binary. Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
rc/Makefile
|
e1ecb2cdb4623c1bcb7b6efcbcd40faf8112aa49 |
25-Sep-2013 |
Sven Vermeulen <sven.vermeulen@siphos.be> |
Update pkgconfig definition Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
rc/libselinux.pc.in
|
6068fcb36172b2f346e8fe2db3c87ebdfe8022e8 |
25-Sep-2013 |
Sven Vermeulen <sven.vermeulen@siphos.be> |
Mount sys before trying to mount selinuxfs If /sys is not present, the attempt to mount selinuxfs will of course fail. So we try to mount /sys first (and only if that fails fall back to the /selinux mount point) and then try to mount selinuxfs. Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
rc/load_policy.c
|
874a976470f6acb589de4a3fdba2abfe178899c5 |
09-Oct-2013 |
Dan Walsh <dwalsh@redhat.com> |
Fix handling of temporary file in sefcontext_compile.c This way if something goes wrong regex file will not be corrupt.
tils/sefcontext_compile.c
|
c32da69e016061c1a06ec08298aae8c995fbea31 |
09-Oct-2013 |
Dan Walsh <dwalsh@redhat.com> |
Fixes for procattr calls to handle cache properly. We were asked not to link to libpthread but to use gcc internals. We were not handling properly the fact that a cache was UNSET, and this patch fixes this.
rc/Makefile
rc/procattr.c
|
9639f5d9a837df2d026748543c96cecbc95cb1e2 |
09-Oct-2013 |
Dan Walsh <dwalsh@redhat.com> |
Add decent constants for python for return of getenforce call.
rc/selinuxswig_python.i
|
22671378f1ace857be4697a3b3aaf1645076d398 |
09-Oct-2013 |
Dan Walsh <dwalsh@redhat.com> |
Fix label substituion to work with the equiv path of "/" Software collections are setting up equiv directories to the root directory.
rc/label.c
|
7eec00a5be8b5cebcbbc9a30b42b34f4a623c587 |
09-Oct-2013 |
Dan Walsh <dwalsh@redhat.com> |
Add selinux_current_policy_path, which returns the a pointer to the loaded policy Also change audit2why to look at the loaded policy rather then searching on disk for the policy file. It is more likely that you are examining the running policy.
nclude/selinux/selinux.h
an/man3/selinux_binary_policy_path.3
an/man3/selinux_current_policy_path.3
rc/audit2why.c
rc/selinux_config.c
rc/selinux_internal.h
|
403f2cfeb808d3b3420050434763d9a7689d8388 |
09-Oct-2013 |
Dan Walsh <dwalsh@redhat.com> |
Change get_context_list to return an error rather then guess at a match. In the past pam_selinux would return a bogus login context if the login program was running with the wrong context. If you ran sshd as unconfined_t you might get the login user loggin in as pam_oddjob_mkhomedir_t or some other bogus type. This change fixes the code to return an error if it can not return a good match.
rc/get_context_list.c
|
f1598dff7e951f0dbfb68d9c45bc15fe6d2e821e |
09-Oct-2013 |
Dan Walsh <dwalsh@redhat.com> |
Support udev-197 and higher The errno value was not set, causing wrong return notifications and failing to have udev label things correctly. See https://bugzilla.redhat.com/show_bug.cgi?id=909826#c24 and see https://bugs.gentoo.org/show_bug.cgi?id=462626 Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
rc/label_file.c
|
fd56c5230cea6b81fbe74d1d0a228936a6797923 |
09-Oct-2013 |
Dan Walsh <dwalsh@redhat.com> |
Separate out the calling of local subs and dist subs in selabel_sub We want to allow users to setup their substitions to run fist and then run the distro subs second. This fixes the problem where a user defines a sub like /usr/local/foobar and we ignore it. We need this for software collections which is setting up local subs of /opt/src/foobar/root /
rc/label.c
rc/label_file.c
rc/label_internal.h
|
51d9a078c260b230f65863766e73e6db0b2c2d3a |
09-Oct-2013 |
Dan Walsh <dwalsh@redhat.com> |
Patch to change *setfilecon to not return ENOSUP if context matches. Tools like cp -A try to maintain the context of a program and call *setfilecon, currently if the file system does not support XAttrs we return ENOSUPP. We have been requested to check if the context that is being set is the same to not return this error. So if I try to set the label on an nfs share to system_u:object_r:nfs_t:s0 and I get ENOSUPP, it will not return an error.
rc/fsetfilecon.c
rc/lsetfilecon.c
rc/setfilecon.c
|
756013edc51bf9db084acec447f8fb35a06b9517 |
09-Oct-2013 |
Dan Walsh <dwalsh@redhat.com> |
This patch fixes python parsing. Eliminates a potential memory leaks.
rc/audit2why.c
|
851266c1803ed7ce3e8ec2cb2b76e038ca3bd3de |
09-Oct-2013 |
Dan Walsh <dwalsh@redhat.com> |
define SELINUX_TRANS_DIR in selinux.h I wanted to separate this directory out in order for a new patch to mcstransd to watch this directory for newly created files, which it could then translate. The idea is libvirt would write to /var/run/setrans/c0:c1,c2 with the contents of vm1, then setrans could translate the processes to show system_u:system_r:svirt_t:vm1
nclude/selinux/selinux.h
rc/setrans_internal.h
|
ce2a8848ad45e375cfdb58cebe28bc12431bb3db |
09-Oct-2013 |
Dan Walsh <dwalsh@redhat.com> |
Add selinux_systemd_contexts_path systemd has some internal contexts like generated systemd unit files that we want to allow it to check against processes trying to manage them.
nclude/selinux/selinux.h
rc/file_path_suffixes.h
rc/selinux_config.c
rc/selinux_internal.h
|
7fe6036ca5e3624d6e3a0294b909d93b145eac31 |
09-Oct-2013 |
Dan Walsh <dwalsh@redhat.com> |
Add selinux_set_policy_root sets an alternate policy root directory path This allows us to specify under which the compiled policy file and context configuration files exist. We can use this with matchpathcon to check the labels under alternate policies, and we can use it for sepolicy manpage to build manpages during policy build.
nclude/selinux/selinux.h
an/man3/selinux_set_policy_root.3
an/man8/matchpathcon.8
rc/selinux_config.c
tils/matchpathcon.c
|
2af252621b2dde8ed545c201b6c9bbae9c9d12fb |
09-Oct-2013 |
Dan Walsh <dwalsh@redhat.com> |
Add missing man page for sefcontext_compile
an/man8/sefcontext_compile.8
|
2540b20096bed9a4f2581548ad37c3dae8654512 |
09-Oct-2013 |
Dan Walsh <dwalsh@redhat.com> |
Laurent Bigonville patch to fix various minor manpage issues and correct section numbering.
an/man3/security_compute_av.3
an/man3/security_disable.3
an/man3/security_load_policy.3
an/man3/selinux_policy_root.3
an/man8/getenforce.8
an/man8/selinux.8
an/man8/selinuxenabled.8
an/man8/selinuxexeccon.8
an/man8/setenforce.8
an/man8/togglesebool.8
|
a8b3340288cb5252b2a8844e4892c066d5b8fdf5 |
09-Oct-2013 |
Dan Walsh <dwalsh@redhat.com> |
Laurent Bigonville patch to allow overriding PATH Definitions in Makefiles
rc/Makefile
|
56b49ab7114f367f46b70e41d84dc7e6d52d5209 |
09-Oct-2013 |
Dan Walsh <dwalsh@redhat.com> |
Richard Haines patch that allows us discover constraint violation information Basically we need this information to allow audit2allow/audit2why to better describe which constraint is being broken.
rc/audit2why.c
|
39b5a40295883570a3b43a6be5ddfa9fbced214d |
23-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Fix relabel target. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
nclude/Makefile
an/Makefile
|
fceca652c137084a891e1cf070ba9c8c063bc949 |
21-Oct-2013 |
Joe MacDonald <joe@deserted.net> |
libselinux: avoid shadowing 'stat' in load_mmap label_file.c: In function ‘load_mmap’: label_file.c:238:81: error: declaration of ‘stat’ shadows a global declaration [-Werror=shadow] cc1: all warnings being treated as errors Signed-off-by: Joe MacDonald <joe@deserted.net>
rc/label_file.c
|
2864f757dddaba5b062d3c4701b7093c1168d1d5 |
22-Oct-2013 |
Joe MacDonald <joe@deserted.net> |
libselinux: support building on older PCRE libs Versions of PCRE prior to 8.20 did not have pcre_free_study(). In its absence, use pcre_free() instead. Signed-off-by: Joe MacDonald <joe@deserted.net>
rc/label_file.h
|
ead1e1d8e2889e55ca882ba76ddfeda4f742470c |
10-May-2013 |
Laurent Bigonville <bigon@bigon.be> |
libselinux: Fix various minor manpage issues and correct section numbering.
an/man3/security_disable.3
an/man3/security_load_policy.3
an/man8/getenforce.8
an/man8/selinuxenabled.8
an/man8/selinuxexeccon.8
an/man8/setenforce.8
an/man8/togglesebool.8
|
50b1654c1d9a21c57fbf7beff2e493750bd1a08f |
10-May-2013 |
Laurent Bigonville <bigon@bigon.be> |
libselinux: Do not use LDFLAGS to set -lpcre and -lpthread This is breaking build if LDFLAGS is redefined. This is the case on Debian where hardening flags are passed automatically by the build system.
rc/Makefile
|
c45f797b2830c36fbba036c9b3e856053ed43f16 |
10-May-2013 |
Laurent Bigonville <bigon@bigon.be> |
libselinux: Allow overriding LIBBASE in src/Makefile
rc/Makefile
|
32e76a314ed30b9be3f860e1686a9271d1c2620d |
25-Sep-2013 |
Sven Vermeulen <sven.vermeulen@siphos.be> |
Current stable policycoreutils requires selinux_current_policy_path Without this fix, stolen from Fedora's patchset, recent policycoreutils just fails. See http://marc.info/?t=136926404600001&r=1&w=2 and see http://marc.info/?l=selinux&m=136692033821285&w=2 Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
nclude/selinux/selinux.h
an/man3/selinux_binary_policy_path.3
rc/selinux_config.c
rc/selinux_internal.h
|
a15451b523d267b4dbf94616e9473ab196b88525 |
25-Sep-2013 |
Sven Vermeulen <sven.vermeulen@siphos.be> |
Support udev-197 and higher The errno value was not set, causing wrong return notifications and failing to have udev label things correctly. See https://bugzilla.redhat.com/show_bug.cgi?id=909826#c24 and see https://bugs.gentoo.org/show_bug.cgi?id=462626 Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
rc/label_file.c
|
e4cee831af03b852c63c66b97b663e41bf6830d7 |
25-Sep-2013 |
Sven Vermeulen <sven.vermeulen@siphos.be> |
Make RANLIB variable overridable If the RANLIB variable is defined by the user, use that value instead of the /usr/bin/ranlib binary. Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
rc/Makefile
|
1310e36026096a1ac027c32f0f919153c7beb801 |
25-Sep-2013 |
Sven Vermeulen <sven.vermeulen@siphos.be> |
Update pkgconfig definition Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
rc/libselinux.pc.in
|
ef3e072f581b2418f9bb1703170ad34f32c9408d |
25-Sep-2013 |
Sven Vermeulen <sven.vermeulen@siphos.be> |
Mount sys before trying to mount selinuxfs If /sys is not present, the attempt to mount selinuxfs will of course fail. So we try to mount /sys first (and only if that fails fall back to the /selinux mount point) and then try to mount selinuxfs. Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
rc/load_policy.c
|
e9410c9b0622c05761002994dfbd0746bbe6aaf7 |
01-Feb-2013 |
Eric Paris <eparis@redhat.com> |
VERSION BUMP FOR UPSTREAM PUSH
hangeLog
ERSION
|
ce39302fd01a4217c3de7fdb787987fada5bb33d |
06-Feb-2013 |
Eric Paris <eparis@redhat.com> |
libselinux: sefcontext_compile: do not leak fd on error We open the file which is to be used to write the binary format of file contexts. If we hit an error actually writing things out, we return, but never close the fd. Do not leak. Signed-off-by: Eric Paris <eparis@redhat.com>
tils/sefcontext_compile.c
|
4e5eaacc5996220726f237d7345a44ab962a2141 |
06-Feb-2013 |
Eric Paris <eparis@redhat.com> |
libselinux: matchmediacon: do not leak fd Every time matchmediacon is called we open the selinux_media_context_path(). But we never close the file. Close the file when we are finished with it. Signed-off-by: Eric Paris <eparis@redhat.com>
rc/matchmediacon.c
|
1e8f102e8cec4ae84f09cc595013234398270366 |
06-Feb-2013 |
Eric Paris <eparis@redhat.com> |
libselinux: src/label_android_property: do not leak fd on error We were opening the path, but if the fstat failed or it was not a regular file we would return without closing the fd. Fix my using the common error exit path rather than just returning. Signed-off-by: Eric Paris <eparis@redhat.com>
rc/label_android_property.c
|
0834ff302264319097eb3f52295f5f671091cba9 |
23-Jan-2013 |
Eric Paris <eparis@redhat.com> |
libselinux: do not leak file contexts with mmap'd backend We use strdup to store the intended context when we have an mmap'd file backend. We, however, skipped freeing those contexts. Signed-off-by: Eric Paris <eparis@redhat.com>
rc/label_file.c
|
efb6347dd3c089f6e4fa6fbe06e23964a16acee1 |
23-Jan-2013 |
Eric Paris <eparis@redhat.com> |
libselinux: unmap file contexts on selabel_close() We were leaking all of the file context db because we didn't unmap them on selabel_close() Signed-off-by: Eric Paris <eparis@redhat.com>
rc/label_file.c
rc/label_file.h
|
9c83b206e11e59f0b6ccb8020836f2d7c65dd3d7 |
23-Jan-2013 |
Dan Walsh <dwalsh@redhat.com> |
libselinux: pkg-config do not specifc ruby version pkg-config do not work if you specifiy the version of ruby in Fedora 19 Signed-off-by: Eric Paris <eparis@redhat.com>
rc/Makefile
|
1d403326aecd92dfa0120cfd2e9c3c52a2a3cdf1 |
09-Jan-2013 |
Eric Paris <eparis@redhat.com> |
libselinux: optimize set*con functions Set*con now caches the security context and only re-sets it if it changes. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/Makefile
rc/procattr.c
|
e9759ea7af3ce8f126a981ecb4f504ad7a300ab4 |
08-Jun-2012 |
Dan Walsh <dwalsh@redhat.com> |
libselinux: Change boooleans.subs to booleans.subs_dist. Currently we ship other subs files with the _dist to indicate they come with the distribution as opposed to being modified by the user. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/file_path_suffixes.h
|
aa62cd60f7192123b509c2518e7a2083e34a65a2 |
29-Nov-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: Fix errors found by coverity Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/audit2why.c
rc/avc_internal.c
rc/get_context_list.c
rc/label_android_property.c
rc/label_file.c
rc/mapping.c
rc/setrans_client.c
rc/seusers.c
rc/stringrep.c
tils/avcstat.c
|
c89deab09a5b5ee33f4576a340f0e76647b533f9 |
12-Dec-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: selinux_status_open: do not leak statusfd on exec Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/sestatus.c
|
761881c947912b68c15576d9aa22b5e147c25b2b |
12-Dec-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: selinux_status_open: handle error from sysconf We didn't handle sysconf(_SC_PAGESIZE) returning an error. It should be very rare, obviously, be we should handle it. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/sestatus.c
|
2f624c94c70a1a3dcc0387350030f166d6bb6d56 |
04-Dec-2012 |
Pádraig Brady <P@draigbrady.com> |
libselinux: man: context_new(3): fix the return value description Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
an/man3/context_new.3
|
be2d728599c08e5e4a3cf0cebcc4f7876786cd5c |
13-Nov-2012 |
Guillem Jover <guillem@debian.org> |
libselinux: Use ENOTSUP instead of EOPNOTSUPP for getfilecon functions EOPNOTSUPP means "operation not supoorted on socket", and ENOTSUP means "not supported", although per POSIX they can be alised to the same value and on Linux they do, ENOTSUP seems the more correct error code. In addition these function are documented as returning ENOTSUP, and given that they are implemented in means of getxattr(2) which does return ENOTSUP too, this just consolidates their behaviour. Signed-off-by: Guillem Jover <guillem@debian.org> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/fgetfilecon.c
rc/getfilecon.c
rc/lgetfilecon.c
|
9acdd37989ce2bd3c239a7c14a9f7a7a9bb971e3 |
10-Nov-2012 |
Guillem Jover <guillem@debian.org> |
libselinux: man: Add references and man page links to _raw function variants Signed-off-by: Guillem Jover <guillem@debian.org> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
an/man3/fgetfilecon_raw.3
an/man3/fsetfilecon_raw.3
an/man3/getcon.3
an/man3/getcon_raw.3
an/man3/getexeccon.3
an/man3/getexeccon_raw.3
an/man3/getfilecon.3
an/man3/getfilecon_raw.3
an/man3/getfscreatecon.3
an/man3/getfscreatecon_raw.3
an/man3/getkeycreatecon.3
an/man3/getkeycreatecon_raw.3
an/man3/getpeercon_raw.3
an/man3/getpidcon_raw.3
an/man3/getprevcon_raw.3
an/man3/getsockcreatecon.3
an/man3/getsockcreatecon_raw.3
an/man3/lgetfilecon_raw.3
an/man3/lsetfilecon_raw.3
an/man3/security_check_context.3
an/man3/security_check_context_raw.3
an/man3/security_compute_av.3
an/man3/security_compute_av_flags_raw.3
an/man3/security_compute_av_raw.3
an/man3/security_compute_create_name_raw.3
an/man3/security_compute_create_raw.3
an/man3/security_compute_member_raw.3
an/man3/security_compute_relabel_raw.3
an/man3/security_compute_user_raw.3
an/man3/security_get_initial_context_raw.3
an/man3/selabel_lookup_raw.3
an/man3/setcon_raw.3
an/man3/setexeccon_raw.3
an/man3/setfilecon.3
an/man3/setfilecon_raw.3
an/man3/setfscreatecon_raw.3
an/man3/setkeycreatecon_raw.3
an/man3/setsockcreatecon_raw.3
|
4f289b50ac1aa32e228e06ee0d29e2e472c8a661 |
14-Nov-2012 |
Guillem Jover <guillem@debian.org> |
libselinux: man: Fix typo in man page Signed-off-by: Guillem Jover <guillem@debian.org> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
an/man3/selinux_status_open.3
|
6ef13eeda7697bc7b816c98817204f25ffb87a00 |
13-Nov-2012 |
Guillem Jover <guillem@debian.org> |
libselinux: man: Fix man pages formatting - Add man page sections '(N)' to external references, and '()' on functions described in the same man page. - Escape minus signs when those are expected to be used on the command line or files. - Mark files and variables in italic; Note headings, function names, constants, program options and man page references in bold. - Do not justify and hyphenate SEE ALSO section, and avoid hyphenation on symbol names by prepending them with \%. - Remove trailing dot from NAME section description. - Split sections with a no-op command '.', to visually distinguish them but to avoid introducing spurious vertical space in the formatted output. - Add explicit .sp commands in the SYNOPSIS section between function prototypes, and fix space placement in function protoypes. - Split header includes with .br (instead of the explicit or implicit .sp) so that they are vertically contiguous. - Add missing {} around SELINUXTYPE and POLICYTYPE variable text in paths. - Remove unneeded formatting commands. - Remove spurious blank lines. Signed-off-by: Guillem Jover <guillem@debian.org> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
an/man3/avc_add_callback.3
an/man3/avc_cache_stats.3
an/man3/avc_compute_create.3
an/man3/avc_context_to_sid.3
an/man3/avc_has_perm.3
an/man3/avc_init.3
an/man3/avc_netlink_loop.3
an/man3/avc_open.3
an/man3/context_new.3
an/man3/get_ordered_context_list.3
an/man3/getcon.3
an/man3/getexeccon.3
an/man3/getfilecon.3
an/man3/getfscreatecon.3
an/man3/getkeycreatecon.3
an/man3/getseuserbyname.3
an/man3/getsockcreatecon.3
an/man3/init_selinuxmnt.3
an/man3/is_context_customizable.3
an/man3/is_selinux_enabled.3
an/man3/matchmediacon.3
an/man3/matchpathcon.3
an/man3/matchpathcon_checkmatches.3
an/man3/security_check_context.3
an/man3/security_class_to_string.3
an/man3/security_compute_av.3
an/man3/security_disable.3
an/man3/security_getenforce.3
an/man3/security_load_booleans.3
an/man3/security_load_policy.3
an/man3/security_policyvers.3
an/man3/selabel_lookup.3
an/man3/selabel_open.3
an/man3/selabel_stats.3
an/man3/selinux_binary_policy_path.3
an/man3/selinux_boolean_sub.3
an/man3/selinux_check_securetty_context.3
an/man3/selinux_colors_path.3
an/man3/selinux_file_context_cmp.3
an/man3/selinux_file_context_verify.3
an/man3/selinux_getenforcemode.3
an/man3/selinux_getpolicytype.3
an/man3/selinux_lsetfilecon_default.3
an/man3/selinux_policy_root.3
an/man3/selinux_raw_context_to_color.3
an/man3/selinux_set_callback.3
an/man3/selinux_set_mapping.3
an/man3/selinux_status_open.3
an/man3/set_matchpathcon_flags.3
an/man3/setfilecon.3
an/man5/booleans.5
an/man5/customizable_types.5
an/man5/default_contexts.5
an/man5/default_type.5
an/man5/failsafe_context.5
an/man5/local.users.5
an/man5/removable_context.5
an/man5/secolor.conf.5
an/man5/securetty_types.5
an/man5/selabel_db.5
an/man5/selabel_file.5
an/man5/selabel_media.5
an/man5/selabel_x.5
an/man5/service_seusers.5
an/man5/seusers.5
an/man5/user_contexts.5
an/man5/virtual_domain_context.5
an/man5/virtual_image_context.5
an/man8/avcstat.8
an/man8/booleans.8
an/man8/getenforce.8
an/man8/getsebool.8
an/man8/matchpathcon.8
an/man8/selinux.8
an/man8/selinuxenabled.8
an/man8/selinuxexeccon.8
an/man8/setenforce.8
an/man8/togglesebool.8
|
8cc79bcd981abb616ad9cafebcb4302acf392311 |
16-Nov-2012 |
Guillem Jover <guillem@debian.org> |
libselinux: man: Fix program synopsis and function prototypes in man pages Fix typos, or wrong function prototypes. Signed-off-by: Guillem Jover <guillem@debian.org> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
an/man3/selabel_stats.3
an/man3/selinux_binary_policy_path.3
an/man3/selinux_boolean_sub.3
an/man3/selinux_getpolicytype.3
an/man3/selinux_policy_root.3
an/man3/selinux_status_open.3
an/man5/selabel_db.5
an/man8/selinuxexeccon.8
|
7504bbd87302c61f39f8f7641df63213f5da6cd8 |
21-Nov-2012 |
Dan Walsh <dwalsh@redhat.com> |
libselinux: audit2why: Cleanup audit2why analysys function Tee-tiny cleanup to remove needless {} Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/audit2why.c
|
13b599d7b80c1464683f66a1e93e02b984d94c1d |
17-Oct-2012 |
rhatdan <dwalsh@redhat.com> |
libselinux: mode_to_security_class: interface to translate a mode_t in to a security class coreutils needs to be able to take a statbuf and ask permissions questions. This gives us the interface to translate that statbuf mode_t into a security class which can be used. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
nclude/selinux/selinux.h
an/man3/mode_to_security_class.3
an/man3/security_class_to_string.3
rc/stringrep.c
|
d09bcb75f5e7c87ba4b8fd8b55ec28c69a1c94fa |
19-Nov-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: audit2why: do not leak on multiple init() calls If init() was already called then avc will be set. If avc is set just return. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/audit2why.c
|
019e6fd6d4e383ae82b65a2f5868e377dd8af571 |
15-Oct-2012 |
rhatdan <dwalsh@redhat.com> |
libselinux: audit2why: Fix segfault if finish() called twice If audit2why.finish is called more than once the global avc variable will be NULL, and thus dereferencing it will obviously cause problems. Thus just bail if avc is NULL and we know cleanup is done. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/audit2why.c
|
2677b72191205b329d4743d2cf0d5607091d18d0 |
12-Oct-2012 |
rhatdan <dwalsh@redhat.com> |
libselinux: man: make selinux.8 mention service man pages We were listing a number of service man pages (like httpd_selinux) in the see also section of selinux.8. As that number of pages explodes it does not make sense to try to list them all. Instead tell people to use man -k selinux to find them. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
an/man8/selinux.8
|
44cba24ba68d5021862c3b9e962b96d63e587dce |
14-Sep-2012 |
rhatdan <dwalsh@redhat.com> |
libselinux: sefcontontext_compile: Add error handling to help debug problems in libsemanage. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
tils/sefcontext_compile.c
|
a293048a59aa8eae68f76d1bafe08acba9285f97 |
01-Nov-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: do not leak mmapfd On failure, common if .bin is older than the text version, we will leak the mmapfd. Don't do that. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/label_file.c
|
9ebd779353764299e40f63f843eb26209ffbd771 |
30-Aug-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: label_file: use precompiled filecontext when possible When loading the filecontext database, check to see if there is a newer binary version. If so, mmap that file, is used to populate the regex db instead of reading from the text representation and compiling regex's as needed. If the text file is newer it will use the text version and ignore the binary version. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/label_file.c
rc/label_file.h
|
dac8b32c1781dde089e8fc45904fc01a1a21b8ed |
30-Aug-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: utils: new file context regex compiler This is a new 'compiler' which tranforms the file context database into a binary format. This binary format may be mmap'd in later removing the need to compile the regular expression at run time. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
tils/.gitignore
tils/Makefile
tils/sefcontext_compile.c
|
933840af6c41ea0203485227c4ac2258f15d40f5 |
04-Dec-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: audit2why: make sure path is nul terminated We use strncpy which could leave a non-nul terminated string if the source is longer than PATH_MAX. Add that nul. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/audit2why.c
|
8638197342f77d66b3e21ee93009060886020064 |
13-Sep-2012 |
Eric Paris <eparis@redhat.com> |
Version bumps for upstream push
hangeLog
ERSION
|
45658fc6d5c7ed84a7356275f547eca92d4a959f |
20-Aug-2012 |
Guido Trentalancia <guido@trentalancia.com> |
libselinux: improve the file_contexts.5 manual page Manual page improvements for the file_contexts and related policy configuration files (section 5): - create links to selabel_file.5 not only for file_contexts.5 but also for the other optional policy configuration files (including the so-called file contexts "substitution" files); - clarify the above mentioned manual page(s), in particular relatively to the action performed by the so-called file contexts "substitution" policy configuration files (aliasing/equivalence versus substitution); - improve the explanation of the form that the "substitution" files shall have. Signed-off-by: Guido Trentalancia <guido@trentalancia.com> Signed-off-by: Eric Paris <eparis@redhat.com>
an/man5/file_contexts.homedirs.5
an/man5/file_contexts.local.5
an/man5/file_contexts.subs.5
an/man5/file_contexts.subs_dist.5
an/man5/selabel_file.5
|
1c8a7c194d3a3f72be5d02d50df2f7b679aeabe7 |
31-Jul-2012 |
Dan Walsh <dwalsh@redhat.com> |
libselinux: Ensure that we only close the selinux netlink socket once. Taken from our Android libselinux tree. From Stephen Smalley. Signed-off-by: Eric Paris <eparis@redhat.com>
rc/avc_internal.c
|
4d04f4c443b916cd078f12930f683374da2291e4 |
31-Aug-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: label_file: only run array once when sorting Instead of running the array two times, sorting the 'hasMeta' the first time and the !hasMeta the second, run the array once putting hasMeta in the front and !hasMeta in the back. Then ONLY run the !hasMeta section a second time reversing its order so its sorted as it should be. Signed-off-by: Eric Paris <eparis@redhat.com>
rc/label_file.h
|
36ab97dadc3ae8d504d6a4cfa7490d92b49b370d |
30-Aug-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: label_file: struct reorg Use char instead of int, reorder to put the chars together. Just litle things. Signed-off-by: Eric Paris <eparis@redhat.com>
rc/label_file.h
|
de5bc062ca60668c7e5cae741fd0ae646c0d16bb |
30-Aug-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: label_file: break up find_stem_from_spec Right now find_stem_from_spec does a number of things: - calculate the length of th stem - look for that stem - duplicate the stem - add the stem to the array break those things up a bit because the mmap version isn't going to need to do some of those things. Signed-off-by: Eric Paris <eparis@redhat.com>
rc/label_file.h
|
16b578895e5c20ad6594186a14a04d848c735889 |
30-Aug-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: label_file: new process_file function We currently duplicate code 3 times for the main file, the homedirs, and the local file. Just put that stuff in its own function so we don't have to deal with it multiple times. Signed-off-by: Eric Paris <eparis@redhat.com>
rc/label_file.c
|
79b6a8d78fc184b01133ac11d1d0c683633dcaf3 |
30-Aug-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: label_file: only run regex files one time We currectly run all of the regex files 2 times. The first time counts the lines and does the simple validatation. We then allocate an array of exactly the right size to hold the entries and run them a second time doing stronger validation, regex compile, etc. This is dumb. Just run them one time and use realloc to grow the size of the array as needed. At the end the array will get sized perfectly to fit by the sorting function, so even if we accidentally allocated entra memory we'll get it back. Signed-off-by: Eric Paris <eparis@redhat.com>
rc/label_file.c
rc/label_file.h
|
ee88185aff38b18b16da0d0ed38796d7142632d1 |
27-Aug-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: label_file: add accessors for the pcre extra data When we use an mmap backed version of data we need to declare the pcre extra data since we are only given a point to the data->buffer. Since sometimes the spec will hold a pointer to the extra data and sometimes we want to declare it on the stack I introduce and use an accessor for the extra data instead of using it directly. Signed-off-by: Eric Paris <eparis@redhat.com>
rc/label_file.c
rc/label_file.h
|
247759031a3e41e5a0f462dc7dfecc0d79d1652e |
30-Aug-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: label_file: move regex sorting to the header We want to do the same thing in the compiler and as we do in in the code which reads regexes in from the text file. Move that sorting into the header. Signed-off-by: Eric Paris <eparis@redhat.com>
rc/label_file.c
rc/label_file.h
|
dd61029c549b01efe41576a3406f6ff513699461 |
27-Aug-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: label_file: fix potential read past buffer in spec_hasMetaChars An illegal regex may end with a single \ followed by nul. This could cause us to search past the end of the character array. The loop formation looks like so: c = regex_str; len = strlen(c); end = c + len; while (c != end) { switch (*c) { ... case '\\': /* skip the next character */ c++; break; ... } c++; } If the \ is the last character then we will increment c and break from the switch. The while loop will then increment c. So now c == end+1. This means we will keep running into infinity and beyond! Easy fix. Make the loop check (c < end). Thus even if we jump past end, we still exit the loop. Signed-off-by: Eric Paris <eparis@redhat.com>
rc/label_file.h
|
48682e2853f3c66a628adcaf0dbd6030630802f2 |
27-Aug-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: label_file: move spec_hasMetaChars to header So we can use it in the new compile utility, move the spec_hasMetaChars() function, which looks for things like .*?+^$ in regular expressions into the internal header file. Signed-off-by: Eric Paris <eparis@redhat.com>
rc/label_file.c
rc/label_file.h
|
fcc895661d0cfc619f0895e5c8cb3017cc97364e |
27-Aug-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: label_file: drop useless ncomp field from label_file data The libselinux label_file backend counted the number of regexes which had been compiled. We didn't use it and it wasn't useful information. Stop doing it. Signed-off-by: Eric Paris <eparis@redhat.com>
rc/label_file.c
rc/label_file.h
|
9937685cbe8ae6a57cd0b653f2e04f1f45efe46e |
22-Aug-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: label_file: move stem/spec handling to header We want to be able to find the stem and the spec from our new utility. So move those functions to the header file. Signed-off-by: Eric Paris <eparis@redhat.com>
rc/label_file.c
rc/label_file.h
|
b9482941ce29e17cd669da457ec3bc176e43fcc6 |
22-Aug-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: label_file: move error reporting back into caller If we want to use these functions in utilities we shouldn't call such libselinux internal functions. Move the error reporting up to the caller. Signed-off-by: Eric Paris <eparis@redhat.com>
rc/label_file.c
rc/label_file.h
|
f744f239fbfcd1f74bac3196acd616d871ab6108 |
22-Aug-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: label_file: do string to mode_t conversion in a helper function So the string to mode_t conversion in a helper function so it can be used later by a regex compilation program. Signed-off-by: Eric Paris <eparis@redhat.com>
rc/label_file.c
rc/label_file.h
|
c27101a58317a3d535437f6bd82a3af4a7140074 |
22-Aug-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: label_file: move definitions to include file We want to use some label_file internals in a utility to compile fcontext files into binary data for fast use. So start pushing structures and such into a header file. Signed-off-by: Eric Paris <eparis@redhat.com>
rc/label_file.c
rc/label_file.h
|
dc1db39e28d8319ee72429dfb5fdbb18208d8977 |
22-Aug-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: label_file: remove all typedefs I hate them. They just indirectly you needlessly. Just use the struct definitions. Signed-off-by: Eric Paris <eparis@redhat.com>
rc/label_file.c
|
091eb526dd2036d993517d09e4fc67b2bec3ec5e |
22-Aug-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: label_file: use PCRE instead of glibc regex functions The PCRE functions are about x10 faster than the glibc functions. So use the external library. Signed-off-by: Eric Paris <eparis@redhat.com>
rc/Makefile
rc/label_file.c
|
ac5f5645b6f285a66ceceb5625e05fbbe3ac1329 |
12-Jun-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: stop messages when SELinux disabled If SELinux is disabled we should send any messages. We shouldn't do anything. Just return. Signed-off-by: Eric Paris <eparis@redhat.com>
rc/callbacks.c
|
b2d86f82196e26e6d62443a6e216c5c807d03018 |
03-Jul-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: booleans: initialize pointer to silence coveriety The coveriety scanner is too stupid to realize that the strtok_r() function initializes the saveptr variable. Since we are passing a variable location without initializing it coveriety gets angry. Just shut up the scanner, but nothing was wrong to start with. Signed-off-by: Eric Paris <eparis@redhat.com>
rc/booleans.c
|
bd8ea2eb6caf103398fef80e41e0ef86ba3892b7 |
21-Jun-2012 |
Dan Walsh <dwalsh@redhat.com> |
libselinux: seusers: Check for strchr failure If we have a malformed seusers entry we may not find the : proceeding the level and would thus get a NULL. This can blow up. Check for this error and bail gracefully. Found by coverity Signed-off-by: Eric Paris <eparis@redhat.com>
rc/seusers.c
|
fa7a9a604ee9f12dbfa63950adc0122880c092b0 |
21-Jun-2012 |
Dan Walsh <dwalsh@redhat.com> |
libselinux: utils: avcstat: clear sa_mask set We were leaving random stack garbage in sa.sa_mask. Clear it the way one should. (spotted by coveriety) Signed-off-by: Eric Paris <eparis@redhat.com>
tils/avcstat.c
|
1db01640eec01d4819e3033aff519c5beb753e1a |
12-Sep-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: matchpathcon: add -m option to force file type check We may want to force matchpathcon to respond if the path is question is a dir, sockfile, chr, blk, etc. Add an option so you can force it to hit the right rule types. Signed-off-by: Eric Paris <eparis@redhat.com>
an/man8/matchpathcon.8
tils/matchpathcon.c
|
ee6901618c9da360515474145504c7b58258441f |
11-Jun-2012 |
Dan Walsh <dwalsh@redhat.com> |
libselinux: expose selinux_boolean_sub Make selinux_boolean_sub a public method so getsebool can use it, as well as potentially used within libsemanage. Signed-off-by: Eric Paris <eparis@redhat.com>
nclude/selinux/selinux.h
rc/booleans.c
rc/selinux_internal.h
|
179ee6c18725d61bd04019b4631d3ff43d964c67 |
11-Jun-2012 |
Dan Walsh <dwalsh@redhat.com> |
libselinux: Add man page for new selinux_boolean_sub function. Signed-off-by: Eric Paris <eparis@redhat.com>
an/man3/selinux_boolean_sub.3
|
bac96c8c70e2b37362090cb1ffc96aa54c160bca |
11-Jun-2012 |
Dan Walsh <dwalsh@redhat.com> |
libselinux: getsebool: support boolean name substitution Use selinux_boolean_sub to translate the boolean name handed in by the user. Report back the correct name of the boolean. Signed-off-by: Eric Paris <eparis@redhat.com>
tils/getsebool.c
|
88c35241535803247bd3044187c6c3b3c7f02c79 |
18-Apr-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: boolean name equivalency Add support for booleans.subs file. Basically this allows us to finally change badly named booleans to some standard name. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
nclude/selinux/selinux.h
rc/booleans.c
rc/file_path_suffixes.h
rc/selinux_config.c
rc/selinux_internal.h
|
1024ea34c6ff68625037fd8abbda5dc910ac31e5 |
01-Jun-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: libsemanage: remove PYTHONLIBDIR and ruby equivalent We generate pkg-config --libs and use that to build the libselinux python so file. We do not use it to build the libsemanage versions. We also never use the ruby equivalent. So stop calling pkg-config uselessly. Signed-off-by: Eric Paris <eparis@redhat.com>
rc/Makefile
|
b2523dc167b1b61ea3cc42a97c8da6ac60ad7550 |
01-Jun-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: libsemanage: do not set soname needlessly We explicitly set the soname of the python and ruby files. We don't need this. We are using the -o name as the soname, so just let the toolchain do its thing. It just makes the Makefile nicer to read. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/Makefile
|
056f23c4bf65a0c62be4e7b8c858ad4f23ce0308 |
21-Jun-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: utils: add service to getdefaultcon Add a -s option to getdefaultcon which allows one to specify the service in question. This exposes all of the abilities of getseuser instead of only the abilities of getseuserbyname. Signed-off-by: Eric Paris <eparis@redhat.com>
tils/getdefaultcon.c
|
c802d4a6d53120a7c067c29625a17b09f922f4d3 |
18-Apr-2012 |
Dan Walsh <dwalsh@redhat.com> |
libselinux: Add support for lxc_contexts_path In order for lxc to look up its process and file labels we add new libselinux support. This is what we do for everything else, like libvirt, seposgresql, etc. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
nclude/selinux/selinux.h
rc/file_path_suffixes.h
rc/selinux_config.c
rc/selinux_internal.h
|
f05a71b92d94771ed976a7c74e5fa378d02b590b |
28-Jun-2012 |
Eric Paris <eparis@redhat.com> |
Version bumps for upstream push
hangeLog
ERSION
|
824df4b60b8f3de26fb900ed5f74ca6379de6d99 |
01-Jun-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: additional makefile support for rubywrap SELinux ruby bindings didn't build from the top level the swig generated .c file wasn't gitignored use pkg-config for ruby info like we do for python Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/.gitignore
rc/Makefile
|
30900902b16c70fabe78a22aafb120443acdd53c |
31-May-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: label_android_property whitespace cleanups Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/label_android_property.c
|
cfc492cf11e1b641e2a0478907d56a17b771a067 |
31-May-2012 |
rpcraig <rpcraig@tycho.ncsc.mil> |
libselinux: New Android property labeling backend This is already in the android repo. This is here to prevent potential conflicts of the selabel indices, and possibly with an eye toward an eventual reunification of the two libselinuxes down the road. Reviewed-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
nclude/selinux/label.h
rc/label.c
rc/label_android_property.c
rc/label_internal.h
|
5e3171f658d1d2f1e0068f485b3fff7c164e05e4 |
21-Jun-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: seusers: getseuser: gracefully handle NULL service getseuser() would unconditionally check strlen on the service variable even though it could be NULL. Whoops. If service is NULL we should only match on *: entries. Signed-off-by: Eric Paris <eparis@redhat.com>
rc/seusers.c
|
5b344c112a3cea38d015271509a11e13a06f84b4 |
21-Jun-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: seusers: remove unused lineno The lineno variable was being incremented, but nothing was being done with it. Remove it. Signed-off-by: Eric Paris <eparis@redhat.com>
rc/seusers.c
|
12e2a0f9fceffca224a2fbe80d144afe237907df |
20-Jun-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: matchpathcon: bad handling of symlinks in / The realpath_not_final() function did not properly handle symlinks in the / directory. The reason is because when it determined the symlink was in the root directory it would set the resolved portion of the path to /, it would then add a / to the end of the resolved portion, and then append the symlink name. The fix is to instead set the resolved portion to "". Thus when the '/' at the end of the resolved portion is added it will be correct. While I am at it, strip extraneous leading / so that //tmp returns /tmp. Signed-off-by: Eric Paris <eparis@redhat.com>
rc/matchpathcon.c
|
5d19b707232718377e7378d43a677011e6f97a58 |
19-Apr-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: libsemanage: remove build warning when build swig c files swig creates C files with warnings. Turn off the warnings so the build is clean. We can't help the code it produces anyway... Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/Makefile
|
9b3055ada5fffd40c2b8fb23485364bba2c4c111 |
19-Apr-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: audit2why: silence -Wmissing-prototypes warning The init functions are non-static but did not have a prototype declaration. They are called magically from python, so just declare the prototype to silence the warning. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/audit2why.c
|
378dfe4d6ab7c007013d8534d2bc902dd6c29833 |
03-Feb-2012 |
Dan Walsh <dwalsh@redhat.com> |
libselinux: avc_netlink_recieve handle EINTR should continue to poll if it receinves an EINTR rather then exiting with an error. This was a major bug within dbus that was causing dbus to crash it was discussed at the time whether this is a dbus bug or an libselinux bug, it was decided that we should fix it within libselinux. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/avc_internal.c
|
2ca19f3f676a2747a38cf2d7dcf5037ccc8a9eb1 |
25-May-2012 |
Dan Walsh <dwalsh@redhat.com> |
libselinux: asprintf return code must be checked Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/label.c
|
ac6ab3afc04adb98a072a8b213814862b0ab9e31 |
25-May-2012 |
Dan Walsh <dwalsh@redhat.com> |
libselinux: Fortify source now requires all code to be compiled with -O flag Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/Makefile
tils/Makefile
|
7a86fe1a3decc4c05598eb3f9339175251cd5447 |
28-Mar-2012 |
Eric Paris <eparis@redhat.com> |
bump version and changelog for upstream push
hangeLog
ERSION
|
a4f84109b51263599a284b167bf04e088e7da95d |
26-Mar-2012 |
Laurent Bigonville <bigon@debian.org> |
libselinux: Hide unnecessarily-exported library destructors Description: Hide unnecessarily-exported library destructors This change was extracted from the old monolithic Debian patch. Signed-off-by: Laurent Bigonville <bigon@debian.org> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/matchpathcon.c
rc/setrans_client.c
|
f7a75f17612d82385aeb338035f85016cff53b3d |
26-Mar-2012 |
Laurent Bigonville <bigon@debian.org> |
libselinux: Do not link against python library, this is considered bad practice in debian Do not link python module with libpython, the interpreter is already linked against it. Signed-off-by: Laurent Bigonville <bigon@debian.org> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/Makefile
|
2b5a0530e7c06150c84fc233fbfab40c57130f84 |
25-Mar-2012 |
Kohei KaiGai <kaigai@kaigai.gr.jp> |
libselinux: security_compute_create_name(3) I'd like to use this interface to implement special case handling for the default labeling behavior on temporary database objects. Allow userspace to use the filename_trans rules added to policy. Signed-off-by: KaiGai Kohei <kohei.kaigai@emea.nec.com> Signed-off-by: Eric Paris <eparis@redhat.com>
nclude/selinux/selinux.h
an/man3/security_compute_av.3
an/man3/security_compute_create_name.3
rc/compute_create.c
rc/selinux_internal.h
|
c7d749efe2fa6f1e765b0bc215476d533f1b4d7b |
16-Mar-2012 |
Dan Walsh <dwalsh@redhat.com> |
libselinux: take security_deny_unknown into account selinux_check_access() should not error on bad class or perms if the security_deny_unkown() function return false. If policy tells us to allow unknown classes and perms we should respect that. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/checkAccess.c
|
ed5dc69dad117006ba9dddf258e064431bb96cfb |
06-Mar-2012 |
Dan Walsh <dwalsh@redhat.com> |
libselinux: assert if avc_init() not called To simplify finding why programs don't work, assert that avc_init() was called any time avc functions are called. This means we won't get 'random' segfaults and will instead be able to hopefully quickly determine what we did wrong as application developers. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/avc.c
|
5766295bb2ad45c85a1cc489f220dde07074b737 |
15-Feb-2012 |
Dan Walsh <dwalsh@redhat.com> |
libselinux: build with either ruby 1.9 or ruby 1.8 Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/Makefile
|
dc21b09c255a88790d1b212ead0cbe91bcca79ff |
15-Feb-2012 |
Dan Walsh <dwalsh@redhat.com> |
libselinux: pkg-config to figure out where ruby include files are located Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/Makefile
|
9b796ead1a18f2c59d5b660c986cbdb2e6b5f83c |
27-Jan-2012 |
Dan Walsh <dwalsh@redhat.com> |
libselinux: utils: Stop separating out matchpathcon as something special It's not special and doesn't need its own Makefile lines. Just make it a normal target. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
tils/Makefile
|
46d294f645abf02f3d4dc4514cf53092a3e80e33 |
27-Jan-2012 |
Dan Walsh <dwalsh@redhat.com> |
libselinux: Update Makefiles to handle /usrmove Move everything into /usr/* and just put links from /*. The whole /usr thing hasn't really worked in all situations for a long long time. Just accept that fact and move along. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
akefile
nclude/Makefile
an/Makefile
tils/Makefile
|
c9a8ff9bae4be7e3c81f5a9c7fb52c1787de3ad3 |
23-Jan-2012 |
Daniel P. Berrange <berrange@redhat.com> |
libselinux: Ensure there is a prototype for 'matchpathcon_lib_destructor' Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/matchpathcon.c
|
bcdf92aac4ba9ec7b0188a8350799ed237e907bd |
23-Jan-2012 |
Daniel P. Berrange <berrange@redhat.com> |
libselinux: Change annotation on include/selinux/avc.h to avoid upsetting SWIG The earlier patch to avc.c put the struct member annotation at the end of the line, which works fine for GCC, but upsets SWIG. Equivalent code in selinux.h demonstrates how to place the annotation without upsetting SWIG. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
nclude/selinux/avc.h
|
a1044d4c84aeb2e9f98823afa932d87934c7ac64 |
23-Jan-2012 |
Daniel P. Berrange <berrange@redhat.com> |
libselinux: utils: Enable many more gcc warnings for libselinux/utils builds Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
tils/Makefile
|
41649ca786b3243d92f8118238a33ec2d44cc5d3 |
23-Jan-2012 |
Daniel P. Berrange <berrange@redhat.com> |
libselinux: Enable many more gcc warnings for libselinux/src/ builds XXX: -Wno-redundant-decls really shouldn't be set, if some way can be found to deal with warnings generated by dso.h XXX: the maximum stack size should be much lower, but there are too many functions using PATH_MAX which need to be rewritten to use the heap instead. XXX: probe for whether the user's GCC supports a flag ? Signed-off-by: Eric Paris <eparis@redhat.com>
rc/Makefile
|
5f8ce370216fd0ece9789f974023d24df752241e |
23-Jan-2012 |
Daniel P. Berrange <berrange@redhat.com> |
libselinux: Fix const-ness of parameters & make usage() methods static Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
tils/getconlist.c
tils/getdefaultcon.c
tils/getsebool.c
tils/matchpathcon.c
tils/selinux_check_securetty_context.c
tils/selinuxexeccon.c
tils/setenforce.c
tils/togglesebool.c
|
91d9fe8af05a9a9ded5d02bcd8c1c5a1e1ef670e |
23-Jan-2012 |
Daniel P. Berrange <berrange@redhat.com> |
libselinux: Add printf format attribute annotation to die() method Annotating the die method as taking printf format exposes a bug in error reporting Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
tils/avcstat.c
|
57928fa1fd2222558543134211340f40ff1b9e02 |
23-Jan-2012 |
Daniel P. Berrange <berrange@redhat.com> |
libselinux: Add more printf format annotations The public avc.h file must use a printf annotation in the struct callback members, otherwise application code will get compiler warnings that the method should have an annotation set. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
nclude/selinux/avc.h
rc/avc_internal.h
|
da5e7e3b81c8300f597d01907d1b228e51ebe8f9 |
23-Jan-2012 |
Daniel P. Berrange <berrange@redhat.com> |
libselinux: Add prototype decl for destructor Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/setrans_client.c
|
435fae64a931301ac00930af1eebc28bd9b0c576 |
23-Jan-2012 |
Daniel P. Berrange <berrange@redhat.com> |
libselinux: Remove unused flush_class_cache method * stringrep.c: Delete flush_class_cache Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/stringrep.c
|
b82b7e02dfcd46db75a94352815830fdb651fa94 |
23-Jan-2012 |
Daniel P. Berrange <berrange@redhat.com> |
libselinux: Fix const-correctness * include/selinux/selinux.h, src/init.c: set_selinuxmnt should take a const char *mntpath * src/get_default_type.c: Avoid bad cast discarding const * load_policy.c: Fix var decl to avoid discarding const Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
nclude/selinux/selinux.h
rc/get_default_type.c
rc/init.c
rc/load_policy.c
|
86795159d4112b6842584cfff317659cdb931218 |
23-Jan-2012 |
Daniel P. Berrange <berrange@redhat.com> |
libselinux: Fix old style function definitions Add 'void' parameter to all functions which take no arguments * selinux_config.c: s/()/(void)/ Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/selinux_config.c
|
c87df3493d9550429193a8dc7d78a6bfc4c234d3 |
23-Jan-2012 |
Daniel P. Berrange <berrange@redhat.com> |
libselinux: Remove jump over variable declaration seusers.c: In function ‘getseuser’: seusers.c:273:3: error: jump skips variable initialization [-Werror=jump-misses-init] seusers.c:317:2: note: label ‘err’ defined here seusers.c:274:8: note: ‘fp’ declared here * seusers.c: Declare FILE *fp at start of getseuser() method Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/seusers.c
|
18e3a8d3966f6974d2ac83904890ad00dd6c6b28 |
16-Jan-2012 |
Dan Walsh <dwalsh@redhat.com> |
checkpolicy: libselinux: Fix dead links to www.nsa.gov/selinux Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
an/man8/selinux.8
|
339f8079d7b9dd1e0b0138e2d096dc7c60b2092e |
21-Dec-2011 |
Eric Paris <eparis@redhat.com> |
update VERSION and Changelog for public push
hangeLog
ERSION
|
297d2bee23fe96962c9cb819a36ccf0d80421515 |
21-Dec-2011 |
Eric Paris <eparis@redhat.com> |
libselinux: merge freecon with getcon man page The getcon man page already includes setcon() and other non-"get" entries. Why send people somewhere else just for freecon? Put it here. Signed-off-by: Eric Paris <eparis@redhat.com>
an/man3/freecon.3
an/man3/freeconary.3
an/man3/getcon.3
|
cb71d68aa1236bf8b1fecad859f53318f61d23dc |
20-Dec-2011 |
Dan Walsh <dwalsh@redhat.com> |
libselinux: Cleanup Man pages Typos, indenting, nothing fancy. Signed-off-by: Eric Paris <eparis@redhat.com>
an/man3/context_new.3
an/man3/getcon.3
|
27915ec2aa7368d750a5b14e61e17c4a165185ac |
19-Dec-2011 |
Dan Walsh <dwalsh@redhat.com> |
libselinux: Fix setenforce man page to refer to selinux man page Do not talk about disabling selinux in the setenforce man page. Point people in the right direction instead. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
an/man8/setenforce.8
|
16a37c9f94c1e2dfb865e17e4200d2824d4971f5 |
19-Dec-2011 |
Richard Haines <richard_c_haines@btinternet.com> |
libselinux - correct selabel invalid context logging When selabel_lookup found an invalid context with validation enabled, it always stated it was 'file_contexts' whether media, x, db or file. The fix is to store the spec file name in the selabel_lookup_rec on selabel_open and use this as output for logs. Also a minor fix if key is NULL to stop seg faults. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/label.c
rc/label_db.c
rc/label_file.c
rc/label_internal.h
rc/label_media.c
rc/label_x.c
rc/matchpathcon.c
|
d65c02f066fe8590fb5b5ea7479e47fde06eeb36 |
05-Dec-2011 |
Eric Paris <eparis@redhat.com> |
bump version and changelog
hangeLog
ERSION
|
85cfd2fe2e7fc351e631cf622a3ddbdf2bbea17e |
05-Dec-2011 |
Eric Paris <eparis@redhat.com> |
libselinux: use -W and -Werror in utils Add the flags and fix the one build break. Signed-off-by: Eric Paris <eparis@redhat.com>
tils/Makefile
tils/getenforce.c
|
426d62472362b3320bfe4d60d8af2ed2dffeee37 |
02-Dec-2011 |
Richard Haines <richard_c_haines@btinternet.com> |
libselinux: Add man/man5 man pages Add service_seusers(5) - those in the ./logins directory, seusers(5), user_contexts(5) - those in the ./contexts/users directory, virtual_domain_context(5) and virtual_image_context(5) man pages. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com>
an/man5/service_seusers.5
an/man5/seusers.5
an/man5/user_contexts.5
an/man5/virtual_domain_context.5
an/man5/virtual_image_context.5
|
accf6a433f650b2ced86305349c247c62480c22d |
02-Dec-2011 |
Richard Haines <richard_c_haines@btinternet.com> |
libselinux: Add man/man5 man pages Add failsafe_context(5), local.users(5), removable_contexts(5) and securetty_types(5) man pages. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com>
an/man5/failsafe_context.5
an/man5/local.users.5
an/man5/removable_context.5
an/man5/securetty_types.5
|
cc9e7e58652c0bd96e6597439a16993cab8190d9 |
02-Dec-2011 |
Richard Haines <richard_c_haines@btinternet.com> |
libselinux: Add man/man5 man pages Add booleans(5), customizable_types(5), default_contexts(5) and default_type(5) man pages. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com>
an/man5/booleans.5
an/man5/customizable_types.5
an/man5/default_contexts.5
an/man5/default_type.5
|
af9608245a22ecb84e17735d5e74fd5a7d01f4b9 |
01-Dec-2011 |
Richard Haines <richard_c_haines@btinternet.com> |
libselinux: Updated selabel_x(5) man page Updated selabel_x(5) with X-Windows context configuration file format and added x_contexts(5) man page that links to it. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
an/man5/selabel_x.5
an/man5/x_contexts.5
|
a566af7974aeed474e7db66867e0740f5855d7d9 |
01-Dec-2011 |
Richard Haines <richard_c_haines@btinternet.com> |
libselinux: Updated selabel_media(5) man page Updated selabel_media(5) with media context configuration file format and added media(5) man page that links to it. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
an/man5/media.5
an/man5/selabel_media.5
|
30bd4567cf513904aaf3333a35802517b89b65cf |
01-Dec-2011 |
Richard Haines <richard_c_haines@btinternet.com> |
libselinux: Updated selabel_db(5) man page Updated selabel_db(5) with RDBMS context configuration file format and added sepgsql_contexts(5) man page that links to it. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
an/man5/selabel_db.5
an/man5/sepgsql_contexts.5
|
5f2e362d25ad0c38343e40dfc2668c8bfd9d3f56 |
01-Dec-2011 |
Richard Haines <richard_c_haines@btinternet.com> |
libselinux: Updated selabel_file(5) man page Updated selabel_file(5) with file context configuration file format and added file_contexts(5) man page that links to it. selabel_file(5) also describes the .local, .homedirs, .subs and .subs_dist configuration file formats. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
an/man5/file_contexts.5
an/man5/selabel_file.5
|
aed37210a31f3bbfe40926065c83b0b82b0ecafc |
27-Nov-2011 |
Richard Haines <richard_c_haines@btinternet.com> |
libselinux: return EINVAL if invalid role selected For get_default_context_with_role(3) and get_default_context_with_rolelevel(3), return errno = EINVAL if invalid role. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/get_context_list.c
|
83161f73eaa046b530aec6e672aaffbe493838a4 |
27-Nov-2011 |
Richard Haines <richard_c_haines@btinternet.com> |
libselinux: get_default_type now sets EINVAL if no entry. get_default_type(3) now returns with errno set to EINVAL if the entry does not exist. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/get_default_type.c
|
d0a8d81882c9b3eb7ad5601b45254a5c19479085 |
27-Nov-2011 |
Richard Haines <richard_c_haines@btinternet.com> |
libselinux: Mapped compute functions now obey deny_unknown flag If selinux_set_mapping(3) is used to map classes, and an invalid class is used to compute a decision (tclass = 0), the result did not obey the status of the deny_unknown flag. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/compute_av.c
|
98234cf543474b8998c654cfc5b1d1cbc738c38b |
27-Nov-2011 |
Richard Haines <richard_c_haines@btinternet.com> |
libselinux: Remove assert in security_get_boolean_names(3) Remove assert in security_get_boolean_names(3) if the len invalid and stop seg fault if names is null. Set EINVAL instead and return error. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/booleans.c
|
7e81db0eb85755947619b6baa69049a7a726fa62 |
29-Nov-2011 |
Dan Walsh <dwalsh@redhat.com> |
libselinux: selinuxswig_python.i: don't make syscall if it won't change anything Add a check to restorecon, to not change a context if the context on disk matches Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/selinuxswig_python.i
|
14e4b70b933a330fc1e63bf0ac5ebab4f9664062 |
03-Nov-2011 |
Eric Paris <eparis@redhat.com> |
Bump Version and Changelog for commit
hangeLog
ERSION
|
d4a39ca15b5a41b545630aeaa04e96fe7c0346fe |
29-Sep-2011 |
Eric Paris <eparis@redhat.com> |
policycoreutils: label_file: style changes to make Eric happy. Sometimes sticking to 80 characters sucks a lot. I don't care. Buy a wider monitor so I can read the code. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/label_file.c
|
2b06f474006db3f32895dab9e393324febb9e16f |
23-Sep-2011 |
Eric Paris <eparis@redhat.com> |
libselinux: rename and export symlink_realpath symlink_realpath is used by both libselinux and policycoreutils. Instead of coding it twice, export the libselinux version under a new name that makes it sound more generic. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
nclude/selinux/selinux.h
rc/matchpathcon.c
|
74a9a5296688e2617d669b346d3f5ef6e31ae2d9 |
27-Oct-2011 |
Dan Walsh <dwalsh@redhat.com> |
libselinux: audit2why: close fd on enomem Potential file descriptor leak on this code path, need to close file descriptor if out of memory. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/audit2why.c
|
dd563b35e1f6918e5c96de29ea255b04ad34e891 |
24-Oct-2011 |
Dan Walsh <dwalsh@redhat.com> |
libselinux: seusers: fix to handle large sets of groups If a user was in too many groups the check_group function might not pass a large enough buffer to getgrnam_r to handle things. This could return ERANGE which we then aborted. Instead we should make the buffer larger and try again. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/seusers.c
|
3b5e45f004e508cca8958f6e3a46961753af291e |
20-Oct-2011 |
Dan Walsh <dwalsh@redhat.com> |
libselinux: Don't reinitialize avc_init if it has been called previously Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/avc.c
|
9c46a0a3153124753e3afbd2090fea65a09e1df1 |
20-Oct-2011 |
Dan Walsh <dwalsh@redhat.com> |
libselinux: simple interface for access checks Some programs, like passwd, need to do simeple one time access checks. Rather than set up a full avc cache and use that infrastructure they were directly using security_compute_av. A problem with this approach is the lack of audit on denials. This patch creates a new interface that is simple to use and which will still listen to things like permissive and output audit messages on denials. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
nclude/selinux/selinux.h
an/man3/security_compute_av.3
an/man3/selinux_check_access.3
rc/checkAccess.c
|
023c9c1fdee963606d830b70db108bd9031390f4 |
03-Oct-2011 |
Eric Paris <eparis@redhat.com> |
libselinux: label: cosmetic cleanups Return early to save an indent. Clean up all memory on ENOMEM conditions. Use '\0' instead of 0 for nul terminiator. Style changes to make Eric happy. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/label.c
|
c81a43c753efbda6f2106dbf0a291005683474f8 |
28-Sep-2011 |
Eric Paris <eparis@redhat.com> |
libselinux: libsemanage: libsepol: regenerate .pc on VERSION change The makefile which generated the package config files did not have the VERSION file as a dependancy. Thus if you updated a tree you have previously build the .pc file wouldn't be rebuilt and the old version would be reinstalled. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/Makefile
|
b3b19fdce58ff6ddfa6dfb8e5576c922c96e1e45 |
22-Sep-2011 |
Eric Paris <eparis@redhat.com> |
libselinux: load_policy: handle selinux=0 and /sys/fs/selinux not exist Handle situation where selinux=0 passed to the kernel and both /selinux and /sys/fs/selinux directories do not exist. We used to handle selinux=0 (or kernel compile without selinux) by getting ENODEV when we tried to mount selinuxfs on /selinux. Now selinux=0 means that /sys/fs/selinux won't exist and we never create the real directory /selinux at all. So we get ENOENT instead of ENODEV. The solution is to check to see if the mount failure was for ENODEV and if not to check if selinuxfs exists in /proc/filesystems at all. If it doesn't exist, that's equivalent to ENODEV. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
nclude/selinux/selinux.h
rc/init.c
rc/load_policy.c
rc/selinux_internal.h
|
468bff095253171300a5faa4bb23f0b2524fde08 |
19-Sep-2011 |
Eric Paris <eparis@redhat.com> |
tree: Makefiles: syntax, convert all ${VAR} to $(VAR) This is purely personal preference. Most of the Makefiles use $() for Makefile variables, but a couple of places use ${}. Since this obscured some later Makefile changes I figured I'd just make them all the same up front. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/Makefile
|
418dbc70e8e7b6b313a0a23455d24256c6807a46 |
16-Sep-2011 |
Eric Paris <eparis@redhat.com> |
Bump version and changelog for all components.
hangeLog
ERSION
|
eb695e5a5618ede939af2f9c9daed7c53e14b50a |
14-Sep-2011 |
Guido Trentalancia <guido@trentalancia.com> |
whole tree: default make target to all not install Change the default "make" target for the libraries from "install" to "all" in the makefiles. Signed-off-by: Guido Trentalancia <guido@trentalancia.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
nclude/Makefile
an/Makefile
|
e172b87a305e3ef602ae9caf3272fcb1cae0f1a3 |
14-Sep-2011 |
Eric Paris <eparis@redhat.com> |
libselinux: put libselinux.so.1 in /lib not /usr/lib Commit 874bac80bbfbf0a5 incorrectly changed the default install location of libselinux.so.1 from /lib to /usr/lib. This patch fixes that problem by reverting that portion of the change. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/Makefile
|
7bfaa63839955b2f743f84f2d873fc13298f5777 |
15-Sep-2011 |
Eric Paris <eparis@redhat.com> |
libselinux: src: matchpathcon: make sure resolved path starts with / Resolving paths from relative to absolute didn't always start with a /. Make sure they start with a /. Signed-off-by: Eric Paris <eparis@redhat.com>
rc/matchpathcon.c
|
09b635fa20cb47d155ec67eb2909c0dd33c677cb |
15-Sep-2011 |
Eric Paris <eparis@redhat.com> |
libselinux: src: matchpathcon: use myprintf not fprintf Use the myprintf helper rather than fprintf directly. Signed-off-by: Eric Paris <eparis@redhat.com>
rc/matchpathcon.c
|
bedd2a8dc4d95360fcc6dd870be04e615b4f2766 |
15-Sep-2011 |
Eric Paris <eparis@redhat.com> |
libselinux: utils: matchpathcon: remove duplicate declaration We declare rc both for a function and inside a stanze. We only need it in the stanze so remove the declaration for the whole function. Signed-off-by: Eric Paris <eparis@redhat.com>
tils/matchpathcon.c
|
1f8cf403be49dd8b918e2ff21969a6a47928d672 |
26-Aug-2011 |
Eric Paris <eparis@redhat.com> |
update changelog and versions for 2011-08-26
hangeLog
ERSION
|
bc1a8e2a4af543d04e8df70a92a5a7a3aeebf669 |
09-Mar-2011 |
Richard Haines <richard_c_haines@btinternet.com> |
libselinux: selinux_file_context_verify function returns wrong value. selinux_file_context_verify(3) should now return the correct codes and matchpathcon(8) has been modified to handle them. The selinux_file_context_verify(3)and selinux_file_context_cmp(3) man pages have also been updated (re-written really) to correct return codes. I found that selabel_open left errno set to ENOENT because a file_contexts.subs file did not exist on my system, but left selabel_open alone and set errno = 0 before calling selinux_filecontext_cmp. [fix uninitialize init variable in matchpathcon.c::main - eparis] Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
nclude/selinux/selinux.h
an/man3/selinux_file_context_cmp.3
an/man3/selinux_file_context_verify.3
rc/matchpathcon.c
tils/matchpathcon.c
|
7df397d3d916e7018981b9fcf8062f992b4cec49 |
17-Aug-2011 |
Eric Paris <eparis@redhat.com> |
libselinux: move realpath helper to matchpathcon library Instead of only doing path simplification and symlink following for the matchpathcon helper instead do it in the library potion. This was an issue when in python some called selinux.matchpatchcon("//lib64", 0) and got the wrong answer (because the // wasn't being dealt with) Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/matchpathcon.c
tils/matchpathcon.c
|
57c6012f8662d8f40d42fe145a5ec55bbd1b0f73 |
22-Aug-2011 |
Dan Walsh <dwalsh@redhat.com> |
libselinux: python wrapper makefile changes Allow Change libselinux Makefile to be able to build by default and to build if you change the version of Python Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/Makefile
|
6b6b475dcfe77dbf3d37b4f6e4fee3539346f359 |
17-Aug-2011 |
Eric Paris <eparis@redhat.com> |
update changelog and VERSION for latest changes
hangeLog
ERSION
|
34d9c258dac686f4baa2e7f0d6f25f7e7ca5aac6 |
30-Mar-2011 |
Richard Haines <richard_c_haines@btinternet.com> |
libselinux: mapping fix for invalid class/perms after selinux_set_mapping call Please find another libselinux patch. I've tested quite extensively with the compute_av and string functions with and without mapping and seems okay. The patch covers: When selinux_set_mapping(3) is used to set the class and permissions allowed by an object manager, then an invalid class and/or permissions are selected (e.g. using security_class_to_string), then mapping.c in libselinux forces an assert. This patch removes the asserts and allows the functions to return a class/perm of 0 (unknown) with errno set to EINVAL. A minor patch to set EINVAL in security_av_perm_to_string_compat is also included. All the functions to convert perms & classes to strings and back should now return the correct errno with or without mapping enabled. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/mapping.c
rc/stringrep.c
|
8faf23de0b534a19555691e8ba111dcde8f02af3 |
03-Aug-2011 |
Eric Paris <eparis@redhat.com> |
libselinux: audit2why: work around python bug not defining SIZEOF_SOCKET_T A at least one broken python headers didn't define SIZEOF_SOCKET_T. Define it if we happen upon one of those. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/audit2why.c
|
4ad18969546c16bd78206799de642af6eb2293ea |
29-Jun-2011 |
Eric Paris <eparis@redhat.com> |
libselinux: resolv symlinks and dot directories before matching paths matchpathcon cannot handle ./ or ../ in pathnames and doesn't do well with symlinks. This patch uses the glibc function realpath() to try to determine a real path with resolved symlinks and dot directories. For example before this pach we would see: $ matchpathcon /tmp/../eric /tmp/../eric <<none>> $ matchpathcon /eric /eric system_u:object_r:default_t:s0 Whereas after the path we get the same results. The one quirk with the patch is that we need special code to make sure that realpath() does not follow a symlink if it is the final component. aka if we have a symlink from /eric to /tmp/eric we do not want to resolv to /tmp/eric. We want to just resolv to the actual symlink /eric. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
tils/matchpathcon.c
|
47499404268aa4f064fe078710ccf7a139061753 |
04-Aug-2011 |
Eric Paris <eparis@redhat.com> |
update repo for 2011-08-03 with version and changelog updates
hangeLog
ERSION
|
802369fbe2c7aadc6a9de3c5c5c4f60b81203d5d |
05-Jul-2011 |
Eric Paris <eparis@redhat.com> |
audit2allow: do not print statistics I believe this is just to stop flooding the screen with libsepol statistics every time you run audit2allow or any other libsepol command. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/audit2why.c
|
c7ed95f449882f8a3bba47ed71416f034e345042 |
29-Jun-2011 |
Eric Paris <eparis@redhat.com> |
libselinux: make python bindings for restorecon work on relative path This patch just makes python bindings for restorecon work on relative paths. $ cd /etc $ python > import selinux > selinux.restorecon("resolv.conf") Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/selinuxswig_python.i
|
2ea80c28a560ede4ad318aa7ccbfd5f555264465 |
29-Jun-2011 |
Eric Paris <eparis@redhat.com> |
libselinux: fix python audit2why binding error There is a missing error check in audit2why.c. Check for error and return NULL if we can't initialize instead of just pretending it worked. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/audit2why.c
|
63df0f7ef12844b9b86cc293299671da772fcf84 |
29-Jun-2011 |
Eric Paris <eparis@redhat.com> |
libselinux: support new python3 functions python3 does not have PyString_FromString use PyBytes_FromString instead. The same for PyString_Check->PyBytes_Check and for PyString_AsString->PyBytes_AsString Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/selinuxswig_python.i
|
4f621a168682f96d0c98f7818493397766b13fd2 |
29-Jun-2011 |
Eric Paris <eparis@redhat.com> |
libselinux: do not check fcontext duplicates on use Tools like restorecon or systemd, which load the fcontext database to make labeling decisions do not need to check for duplicate rules. Only the first rule will be used. Instead we should only check for duplicates when new rules are added to the database. And fail the transaction if we find one. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/label_file.c
|
874bac80bbfbf0a5af51bfa02cad2c233aac7273 |
24-Jun-2011 |
Daniel J Walsh <dwalsh@redhat.com> |
Patch for python3 for libselinux Allow the specification of python3 in the swig creation This patch adds the new option PYPREFIX which causes the swig created libraries to have a prefix. This allows one to build both the python2 and python3 libraries in the same source tree. The install will then later strip this prefix back off when it drops the files into the python approriate site package directory. This patch also needs to update the PYINC definition as newer python patckages on fedora exist in /usr/include/python3.2mu instead of /usr/include/python3.2 as the other method of detemrining PYINC would have found. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/Makefile
rc/audit2why.c
|
78b4b56857145367256ece69b78c89146e1a423d |
02-Aug-2011 |
Eric Paris <eparis@redhat.com> |
Made updates to checkpolicy libselinux and policycoreutils so update version and changelogs Signed-off-by: Eric Paris <eparis@redhat.com>
hangeLog
ERSION
|
84ea17b5f3dd06c47470a50e35e334236ceb2210 |
29-Jun-2011 |
Eric Paris <eparis@localhost.localdomain> |
libselinux: move .gitignore into utils There is a .gitignore at the head of the directory but only contains entries for the utils directory. Move to the utils directory. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
gitignore
tils/.gitignore
|
5ef65fd7846cb407e2327f494f85c52e1d5d2201 |
29-Jun-2011 |
Eric Paris <eparis@localhost.localdomain> |
libselinux: new setexecon utility This utility will tell what context a new task will have after exec based on the pathname and the context of the launching task. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
an/man8/selinuxexeccon.8
tils/.gitignore
tils/selinuxexeccon.c
|
441cf2ea924c13ed5002012aadd128f71d9e9c9d |
18-Apr-2011 |
Richard Haines <richard_c_haines@btinternet.com> |
libselinux: selabel_open fix processing of substitution files libselinux selabel_open function always processed the substitution files (if installed) from the active policy contexts/files/file_contexts.subs and subs_dist irrespective of the backend type or SELABEL_OPT_PATH setting. This patch now processes the correct subs files when selabel_open is called with SELABEL_CTX_FILE. The other backends could also process their own substitution files if needed in their own areas. [move the init declaration to label_internal.h - eparis] Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/label.c
rc/label_file.c
rc/label_internal.h
|
e3cab998b48ab293a9962faf9779d70ca339c65d |
03-May-2011 |
Daniel J Walsh <dwalsh@redhat.com> |
libselinux mountpoint changing patch. The Fedora Distribution is looking to standardize kernel subsystem file systems to be mounted under /sys/fs. They would like us to move /selinux to /sys/fs/selinux. This patch changes libselinux in the following ways: 1. load_policy will first check if /sys/fs/selinux exists and mount the selinuxfs at this location, if it does not exists it will fall back to mounting the file system at /selinux (if it exists). 2. The init functions of selinux will now check if /sys/fs/selinux is mounted, if it is and has an SELinuxfs mounted on it, the code will then check if the selinuxfs is mounted rw, if it is, libselinux will set the mountpoint, if it is readonly, libselinux will return no mountpoint. If /sys/fs/selinux does not exists, the same check will be done for /selinux and finally for an entry in /proc/mounts. NOTE: We added the check for RO, to allow tools like mock to be able to tell a chroot that SELinux is disabled while enforcing it outside the chroot. $ getenforce Enabled $ mount --bind /selinux /var/chroot/selinux $ mount -o remount,ro /var/chroot/selinux $ chroot /var/chroot $ getenforce Disabled 3. In order to make this work, I needed to stop enabled from checking if /proc/filesystem for entries if selinux_mnt did not exist. Now enabeled checks if selinux_mnt has been discovered otherwise it will report selinux disabled. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/enabled.c
rc/init.c
rc/load_policy.c
rc/policy.h
|
e4f49b120abfa5a46280de59b64384449c8a63f6 |
22-Jun-2011 |
root <root@(none).(none)> |
libselinux: simplify SRCS in Makefile The makefile does: SRCS= $(filter-out $A, $(filter-out $B, *)) When it can just do: SRCS= $(filter-out $A $B, *) Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/Makefile
|
510003b63f3abd3039b1d154cab24fc13be0c581 |
01-Aug-2011 |
Eric Paris <eparis@redhat.com> |
Minor version bump for updates as of 2011-08-01 checkpolicy libselinux libsemanage libsepol policycoreutils Signed-off-by: Eric Paris <eparis@redhat.com>
hangeLog
ERSION
|
6fe09c7080dc31a0215121e6afe3e27fbcb140d0 |
24-Jun-2011 |
Eric Paris <eparis@redhat.com> |
libselinux: do not store generated files in git libselinux/src/selinux.py and libselinux/src/selinuxswig_wrap.c are both generated rather than being real code. Do not store them in git. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
rc/.gitignore
rc/selinux.py
rc/selinuxswig_python_exception.i
rc/selinuxswig_wrap.c
|
44121f662411dbc17bf2e196911c655ee6969d59 |
26-Jul-2011 |
Steve Lawrence <slawrence@tresys.com> |
Minor version bump for release Bump checkpolicy to 2.1.0 Bump libselinux to 2.1.0 Bump libsepol to 2.1.0 Bump libsemanage to 2.1.0 Bump policycoreutils to 2.1.0 Bump sepolgen to 1.1.0
hangeLog
ERSION
|
c7512cf11cc9c4de2be8381a5fefe2b2d5f4bf5f |
11-Apr-2011 |
Steve Lawrence <slawrence@tresys.com> |
Revision version bump Bump checkpolicy to 2.0.24 Bump libselinux to 2.0.102 Bump libsepol to 2.0.43 Bump policycoreutils to 2.0.86 Signed-off-by: Steve Lawrence <slawrence@tresys.com>
hangeLog
ERSION
|
a0ea2d893df6d5ae57e941be5cad8e078de1c831 |
11-Apr-2011 |
Steve Lawrence <slawrence@tresys.com> |
Fix plural secolor.conf in the man page and black/white mixup Signed-off-by: Steve Lawrence <slawrence@tresys.com>
an/man3/selinux_raw_context_to_color.3
an/man5/secolor.conf.5
an/man5/secolors.conf.5
|
c99414fc1f0f04001f8bf76c34846b8b59cc5702 |
10-Apr-2011 |
Richard Haines <richard_c_haines@btinternet.com> |
Add libselinux man pages for colour functions Add man pages for selinux_raw_context_to_color(5), selinux_colors_path(3) and secolors.conf(5). Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Steve Lawrence <slawrence@tresys.com>
an/man3/selinux_colors_path.3
an/man3/selinux_raw_context_to_color.3
an/man5/secolors.conf.5
|
20b43b3fd3d392c4f12a963a4e46c264e7ed5163 |
06-Apr-2011 |
Daniel J Walsh <dwalsh@redhat.com> |
This patch adds a new subs_dist file. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The idea is to allow distributions to ship a subs file as well as let the user modify subs. In F16 we are looking at shipping a file_contexts.subs_dist file like this cat file_contexts.subs_dist /run /var/run /run/lock /var/lock /var/run/lock /var/lock /lib64 /lib /usr/lib64 /usr/lib The we will remove all (64)? from policy. This will allow us to make sure all /usr/lib/libBLAH is labeled the same as /usr/lib64/libBLAH -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk2c1ksACgkQrlYvE4MpobNXcQCgqgAiQJxmwa1+NdIq8E3tQRp6 QT0An0ihA60di9CRsEqEdVbSaHOwtte5 =LXgd -----END PGP SIGNATURE----- Signed-off-by: Steve Lawrence <slawrence@tresys.com>
nclude/selinux/selinux.h
rc/file_path_suffixes.h
rc/label.c
rc/selinux_config.c
rc/selinux_internal.h
|
1629d2f89a8c5f758413b87b94740aaaa5f21144 |
06-Apr-2011 |
Daniel J Walsh <dwalsh@redhat.com> |
This patch cleans up a couple of crashes caused by libselinux -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If you fail to load_policy in the init or SELinux is disabled, you need to free the selinux_mnt variable and clear the memory. systemd was calling load_polcy on a DISABLED system then later on it would call is_selinux_enabled() and get incorrect response, since selinux_mnt still had valid data. The second bug in libselinux, resolves around calling the selinux_key_delete(destructor_key) if the selinux_key_create call had never been called. This was causing data to be freed in other applications that loaded an unloaded the libselinux library but never setup setrans or matchpathcon. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk2c0/UACgkQrlYvE4MpobMP1QCfXAFD3pfWFLd1lylU/vjsZmpM mcUAnA2l3/GKGC3hT8XB9E+2pTfpy+uj =jpyr -----END PGP SIGNATURE----- Signed-off-by: Steve Lawrence <slawrence@tresys.com>
nclude/selinux/selinux.h
rc/init.c
rc/load_policy.c
rc/matchpathcon.c
rc/selinux_internal.h
rc/setrans_client.c
|
5c6729b4d26fe6b3e64f9301efe6b0fa7d5c8487 |
06-Apr-2011 |
Daniel J Walsh <dwalsh@redhat.com> |
Resend: This patch causes the mount points created in load_policy to have a proper name -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/06/2011 05:10 PM, Daniel J Walsh wrote: > "proc" and "selinuxfs" > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk2c14AACgkQrlYvE4MpobMC7gCglauBYIKMfBRUcQPaMGKTzYZV udUAn3X/rgUgJ55401IVwyCHC051bGQA =47TI -----END PGP SIGNATURE----- Signed-off-by: Steve Lawrence <slawrence@tresys.com>
rc/load_policy.c
|
acd3b7f9f1b7f52880ab80e4a4fa42e793017a36 |
23-Mar-2011 |
Stephen Smalley <sds@tycho.nsa.gov> |
Bump libselinux to 2.0.101
hangeLog
ERSION
|
c4737c2e3281f6d5ebece9a85d87c5ed366f9af1 |
06-Jan-2011 |
KaiGai Kohei <kaigai@ak.jp.nec.com> |
add db_language support on label_db.c The attached patch add support db_language object class to the selabel_lookup(_raw) interfaces. It is needed to inform object manager initial label of procedural language object. Thanks, -- KaiGai Kohei <kaigai@ak.jp.nec.com> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
nclude/selinux/label.h
rc/label_db.c
|
44d8ff2b0f560a086b8bab254c20cd21f4c54788 |
09-Mar-2011 |
Eamon Walsh <ewalsh@tycho.nsa.gov> |
bump libselinux to 2.0.100 Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
hangeLog
ERSION
|
f0b3127ca3c99ae218dba43a6e3f7430081c412b |
09-Mar-2011 |
Eamon Walsh <ewalsh@tycho.nsa.gov> |
Use library destructors to destroy per-thread keys. This prevents the key destructors, intented to free per-thread heap storage, from being called after libselinux has been unloaded. Fixes https://bugzilla.redhat.com/show_bug.cgi?id=680887 Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
rc/matchpathcon.c
rc/selinux_internal.h
rc/setrans_client.c
|
fdab2ec2791e6b964055cbb5cde0de3391efe0a9 |
01-Mar-2011 |
Steve Lawrence <slawrence@tresys.com> |
bump libselinux to 2.0.99 Signed-off-by: Steve Lawrence <slawrence@tresys.com>
ERSION
|
6caa4cbe32e68bf3296ce8cbcf218509e58b550c |
01-Mar-2011 |
Daniel J Walsh <dwalsh@redhat.com> |
selinux man page fixes Signed-off-by: Steve Lawrence <slawrence@tresys.com>
an/man8/selinux.8
|
bc2a8f418e3b7bd9c2abd83e441a45ad59631f1f |
01-Mar-2011 |
KaiGai Kohei <kaigai@ak.jp.nec.com> |
libselinux: add selinux_status_* interfaces for /selinux/status The attached patch adds several interfaces to reference /selinux/status according to sequential-lock logic. selinux_status_open() open the kernel status page and mmap it with read-only mode, or open netlink socket as a fallback in older kernels. Then, we can obtain status information from the mmap'ed page using selinux_status_updated(), selinux_status_getenfoce(), selinux_status_policyload() or selinux_status_deny_unknown(). It enables to help to implement userspace avc with heavy access control decision; that we cannot ignore the cost to communicate with kernel for validation of userspace caches. Signed-off-by: Steve Lawrence <slawrence@tresys.com>
nclude/selinux/avc.h
an/man3/selinux_status_close.3
an/man3/selinux_status_deny_unknown.3
an/man3/selinux_status_getenforce.3
an/man3/selinux_status_open.3
an/man3/selinux_status_policyload.3
an/man3/selinux_status_updated.3
rc/sestatus.c
|
d17ed0d90d100acb4d270613d12988f909cc1c3f |
16-Dec-2010 |
Chad Sellers <csellers@tresys.com> |
bump checkpolicy to 2.0.23 bump libselinux to 2.0.98 bump libsepol to 2.0.42 bump libsemanage to 2.0.46 Signed-off-by: Chad Sellers <csellers@tresys.com>
hangeLog
ERSION
|
7bc4ffb5df96c2acaac80f3e7c7c8e27faccd627 |
14-Dec-2010 |
Daniel J Walsh <dwalsh@redhat.com> |
Author: Daniel J Walsh Email: dwalsh@redhat.com Subject: I think it is time to turn off default user handling in libselinux Date: Mon, 13 Dec 2010 13:28:01 -0500 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This patch will turn this handling off. Meaning you will not end up with some bizarro context and fail to login if the login program can not figure how to log you in. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk0GZbEACgkQrlYvE4MpobOF7QCgsD1XYuNC6B5MyIezCZvN9mYL UX4AoOe9GsP3bhuvMBPea9LXeV/7tCPS =B9Pk -----END PGP SIGNATURE----- Signed-off-by: Chad Sellers <csellers@tresys.com>
rc/get_context_list.c
|
705071c6b178dd5df710c69cc21d24b662eebe42 |
03-Dec-2010 |
Eamon Walsh <ewalsh@tycho.nsa.gov> |
bump libselinux to 2.0.97 Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
hangeLog
ERSION
|
569ce5498553b87dc7af343b2efb4da8d3ecdb4f |
03-Dec-2010 |
Eamon Walsh <ewalsh@tycho.nsa.gov> |
matchpathcon: Close selabel handle in thread destructor. This is necessary because the handle is thread-local. Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
rc/matchpathcon.c
|
a00fd94a46e92a233f4e613660e9962918f28207 |
03-Dec-2010 |
Eamon Walsh <ewalsh@tycho.nsa.gov> |
selabel: Store substitution data in the handle instead of globally. This is for thread safety. Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
rc/label.c
rc/label_internal.h
|
a29ff33baf366825c0fbe721d30b12b5b96a64e1 |
02-Dec-2010 |
Eamon Walsh <ewalsh@tycho.nsa.gov> |
Implement destructors for thread-local heap data. Description of problem: Use of __thread variables is great for creating a thread-safe variable, but only insofar as the contents of that variable can safely be abandoned on pthread_exit(). The moment you store malloc()d data into a __thread void* variable, you have leaked memory when the thread exits, since there is no way to associate a destructor with __thread variables. The _only_ safe way to use thread-local caching of malloc()d data is to use pthread_key_create, and associate a destructor that will call free() on the resulting data when the thread exits. libselinux is guilty of abusing __thread variables to store malloc()d data as a form of a cache, to minimize computation by reusing earlier results from the same thread. As a result of this memory leak, repeated starting and stopping of domains via libvirt can result in the OOM killer triggering, since libvirt fires up a thread per domain, and each thread uses selinux calls such as fgetfilecon. Version-Release number of selected component (if applicable): libselinux-2.0.94-2.el6.x86_64 libvirt-0.8.1-27.el6.x86_64 How reproducible: 100% Steps to Reproduce: 0. These steps are run as root, assuming hardware kvm support and existence of a VM named fedora (adjust the steps below as appropriate); if desired, I can reduce this to a simpler test case that does not rely on libvirt, by using a single .c file that links against libselinux and repeatedly spawns threads. 1. service libvirtd stop 2. valgrind --quiet --leak-check=full /usr/sbin/libvirtd& pid=$! 3. virsh start fedora 4. kill $pid Actual results: The biggest leak reported is due to libselinux' abuse of __thread: ==26696== 829,730 (40 direct, 829,690 indirect) bytes in 1 blocks are definitely lost in loss record 500 of 500 ==26696== at 0x4A0515D: malloc (vg_replace_malloc.c:195) ==26696== by 0x3022E0D48C: selabel_open (label.c:165) ==26696== by 0x3022E11646: matchpathcon_init_prefix (matchpathcon.c:296) ==26696== by 0x3022E1190D: matchpathcon (matchpathcon.c:317) ==26696== by 0x3033ED7FB5: SELinuxRestoreSecurityFileLabel (security_selinux.c:381) ==26696== by 0x3033ED8539: SELinuxRestoreSecurityAllLabel (security_selinux.c:749) ==26696== by 0x459153: qemuSecurityStackedRestoreSecurityAllLabel (qemu_security_stacked.c:257) ==26696== by 0x43F0C5: qemudShutdownVMDaemon (qemu_driver.c:4311) ==26696== by 0x4555C9: qemudStartVMDaemon (qemu_driver.c:4234) ==26696== by 0x458416: qemudDomainObjStart (qemu_driver.c:7268) ==26696== by 0x45896F: qemudDomainStart (qemu_driver.c:7308) ==26696== by 0x3033E75412: virDomainCreate (libvirt.c:4881) ==26696== Basically, libvirt created a thread that used matchpathcon during 'virsh start fedora', and matchpathcon stuffed over 800k of malloc'd data into: static __thread char **con_array; which are then inaccessible when libvirt exits the thread as part of shutting down on SIGTERM. Expected results: valgrind should not report any memory leaks related to libselinux. Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> Reported-by: Eric Blake <eblake@redhat.com> Tested-by: Eric Blake <eblake@redhat.com>
rc/matchpathcon.c
rc/selinux_internal.h
rc/setrans_client.c
|
fe19c7a6acf984f20875bbc1c3735e9796fc98ca |
14-Jun-2010 |
Chad Sellers <csellers@tresys.com> |
bump libselinux to 2.0.96 and checkpolicy to 2.0.22 Signed-off-by: Chad Sellers <csellers@tresys.com>
hangeLog
ERSION
|
6a17cfaafcdab82c9909eccff56968913b36a631 |
14-Jun-2010 |
KaiGai Kohei <kaigai@ak.jp.nec.com> |
Author: KaiGai Kohei Email: kaigai@ak.jp.nec.com Subject: libselinux APIs should take "const" qualifier? Date: Tue, 23 Mar 2010 11:56:36 +0900 (2010/03/19 22:32), Stephen Smalley wrote: > On Fri, 2010-03-19 at 16:52 +0900, KaiGai Kohei wrote: >> Right now, security_context_t is an alias of char *, declared in selinux.h. >> >> Various kind of libselinux API takes security_context_t arguments, >> however, it is inconvenience in several situations. >> >> For example, the following query is parsed, then delivered to access >> control subsystem with the security context as "const char *" cstring. >> >> ALTER TABLE my_tbl SECURITY LABEL TO 'system_u:object_r:sepgsql_table_t:SystemHigh'; >> const char *<---- ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >> >> In this case, we want to call selinux_trans_to_raw_context() to translate >> the given security context into raw format. But it takes security_context_t >> argument for the source context, although this pointer is read-only. >> In the result, compiler raises warnings because we gave "const char *" pointer >> into functions which take security_context_t (= char *). >> >> Any comments? >> >> It seems to me the following functions' prototype should be qualified by >> "const". > > That seems reasonable and should have no impact on library ABI. > On the other hand, others have pointed out that security_context_t is > not a properly encapsulated data type at all, and perhaps should be > deprecated and replaced with direct use of char*/const char* throughout. > > There are other library API issues as well that have come up in the > past, such as lack of adequate namespacing (with approaches put forth), > but we don't ever seem to get a round tuit. At first, I tried to add const qualifiers read-only security_context_t pointers, but didn't replace them by char */const char * yet, right now. BTW, I could find out the following code: int security_compute_create(security_context_t scon, security_context_t tcon, security_class_t tclass, security_context_t * newcon) { int ret; security_context_t rscon = scon; security_context_t rtcon = tcon; security_context_t rnewcon; if (selinux_trans_to_raw_context(scon, &rscon)) return -1; if (selinux_trans_to_raw_context(tcon, &rtcon)) { freecon(rscon); return -1; } : In this case, scon and tcon can be qualified by const, and the first argument of selinux_trans_to_raw_context() can take const pointer. But it tries to initialize rscon and tscon by const pointer, although these are used to store raw security contexts. The selinux_trans_to_raw_context() always set dynamically allocated text string on the second argument, so we don't need to initialize it anyway. I also removed these initializations in this patch. Does the older mcstrans code could return without allocation of raw format when the given scon is already raw format? I don't know why these are initialized in this manner. Thanks. -- KaiGai Kohei <kaigai@ak.jp.nec.com> Signed-off-by: Chad Sellers <csellers@tresys.com>
nclude/selinux/avc.h
nclude/selinux/selinux.h
rc/avc.c
rc/avc_sidtab.c
rc/canonicalize_context.c
rc/check_context.c
rc/compute_av.c
rc/compute_create.c
rc/compute_member.c
rc/compute_relabel.c
rc/compute_user.c
rc/fsetfilecon.c
rc/is_customizable_type.c
rc/lsetfilecon.c
rc/procattr.c
rc/selinux_check_securetty_context.c
rc/setfilecon.c
rc/setrans_client.c
|
0750eb51143bb3f440d562fed80ef930bf3bfe85 |
10-Jun-2010 |
Chad Sellers <csellers@tresys.com> |
bump libselinux to 2.0.95
hangeLog
ERSION
|
537721089af4466962e1520a571e4478d040edb3 |
10-Jun-2010 |
Steve Lawrence <slawrence@tresys.com> |
Author: Steve Lawrence Email: slawrence@tresys.com Subject: Add chcon method to libselinux python bindings Date: Mon, 7 Jun 2010 17:40:05 -0400 Adds a chcon method to the libselinux python bindings to change the context of a file/directory tree. Signed-off-by: Chad Sellers <csellers@tresys.com>
rc/selinuxswig_python.i
|
8f007923dd4ff89652479587d96e22bc63dbf822 |
02-Jun-2010 |
Chad Sellers <csellers@tresys.com> |
[PATCH] Remove duplicate slashes in paths in selabel_lookup This patch simply removes duplicate slashes (meaning "//") from pathnames passed into selabel_lookup. It does not do a full realpath() calculation (e.g. following symlinks, etc.), as the client should really do that before calling into libselinux. Signed-off-by: Chad Sellers <csellers@tresys.com>
rc/label_file.c
|
734f7621b8b4e6d8af0746ed9cce927a80667470 |
24-Mar-2010 |
Joshua Brindle <method@manicmethod.com> |
bump libselinux to 2.0.94
hangeLog
ERSION
|
7dcf27a7916db8172db015439ded5b914da25bc1 |
24-Mar-2010 |
Daniel J Walsh <dwalsh@redhat.com> |
Patch to context_new to set errno to EINVAL on bad values Signed-off-by: Joshua Brindle <method@manicmethod.com>
rc/context.c
|
386ab8df8e2f0ab4938edaa4a82779ef2c794a9c |
18-Mar-2010 |
Eamon Walsh <ewalsh@tycho.nsa.gov> |
Typo fix in ChangeLog. Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
hangeLog
|
e53b2cebf21b5e793642cbc6b12334407756734d |
18-Mar-2010 |
Joshua Brindle <method@manicmethod.com> |
Merge branch 'master' of oss.tresys.com:/home/git/selinux
|
5af082709774bd19e7b6836eccc6bfb162a87185 |
18-Mar-2010 |
Daniel J Walsh <dwalsh@redhat.com> |
Author: Daniel J Walsh Email: dwalsh@redhat.com Subject: Small patch to fix is_selinux_enabled man page. Date: Tue, 16 Mar 2010 12:35:22 -0400 Signed-off-by: Joshua Brindle <method@manicmethod.com>
an/man3/is_selinux_enabled.3
|
0b2e0bd5d0b05e5f498ba9ea51af8fa7bb8ac788 |
16-Mar-2010 |
Eamon Walsh <ewalsh@tycho.nsa.gov> |
Bump libselinux to 2.0.93
hangeLog
ERSION
|
dbbd0ab9038349e6f085f575fc0fdfd4791710b3 |
15-Mar-2010 |
Eamon Walsh <ewalsh@tycho.nsa.gov> |
Show strerror for security_getenforce(). Patch by Colin Waters. Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
rc/avc.c
|
70aeeb918aa721ad90ed8e1b433a55c8ecf2cb83 |
15-Mar-2010 |
Eamon Walsh <ewalsh@tycho.nsa.gov> |
This patch allows selabel_*() interfaces to provide an expected security context for the given database object identified by its name and object class. It is necessary to implement a feature something like the restorecon on databases. The specfile shall be described as follows: ------------------------ # # The specfile for database objects # (for SE-PostgreSQL) # # <object class> <object name> <security context> # db_database * system_u:object_r:sepgsql_db_t:s0 db_schema *.pg_catalog system_u:obejct_r:sepgsql_sys_schema_t:s0 db_schema *.* system_u:object_r:sepgsql_schema_t:s0 db_table *.pg_catalog.* system_u:object_r:sepgsql_sysobj_t:s0 db_table *.*.* system_u:object_r:sepgsql_table_t:s0 ------------------------ - All the characters after the '#' are ignored. - Wildcards ('*' and '?') are available. - It returns the first match security context. Note that hierarchy of the namespace of database objects depends on RDBMS. So, author of the specfile needs to write correct patterns which are suitable for the target RDBMS. The patched selabel_*() interfaces don't have any heuristics for the namespace hierarchy to be suitable for widespread RDBMSs. In the case of SE-PgSQL, when we lookup an expected security context for the 'my_table' table in the 'public' schema and 'postgres' database, the caller shall provide 'postgres.public.my_table' as a key. In the default, it tries to read a specfile which maps database objects and security context from the /etc/selinux/$POLICYTYPE/contexts/sepgsql_contexts. Note that when another RDBMS uses this interface, it needs to give an explicit SELABEL_OPT_PATH option on the selabel_open(). Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com> Acked-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
nclude/selinux/label.h
nclude/selinux/selinux.h
an/man3/selabel_open.3
an/man3/selinux_binary_policy_path.3
an/man5/selabel_db.5
rc/file_path_suffixes.h
rc/label.c
rc/label_db.c
rc/label_internal.h
rc/selinux_config.c
rc/selinux_internal.h
|
61d005b739f34b9471244428769a156d57358c9c |
26-Feb-2010 |
Eamon Walsh <ewalsh@tycho.nsa.gov> |
libselinux: fix avc_netlink_loop() error caused by nonblocking mode. avc_open() creates the netlink socket in nonblocking mode. If the application later takes control of the netlink socket with avc_netlink_acquire_fd() and then calls avc_netlink_loop(), it will fail with EWOULDBLOCK. To remedy this, remove the O_NONBLOCK flag from the netlink socket at the start of avc_netlink_loop(). Also, with this fix, there is no need for avc_open() to ever create a blocking socket, so change that and update the man page. -v2: use poll() in avc_netlink_check_nb(). This makes both avc_netlink_loop() and avc_netlink_check_nb() independent of the O_NONBLOCK flag. -v3: move poll() to avc_receive() internal function; patch by KaiGai Kohei <kaigai@kaigai.gr.jp> Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
an/man3/avc_netlink_loop.3
rc/avc.c
rc/avc_internal.c
|
e6bfff4372a2bf5fe8dbd1de49ffb6cf366b39e0 |
07-Mar-2010 |
Joshua Brindle <method@manicmethod.com> |
bump libsemanage to 2.0.45 and libselinux to 2.0.92
hangeLog
ERSION
|
7420787817c4949276d7947202b49d78eba37c13 |
24-Feb-2010 |
Daniel J Walsh <dwalsh@redhat.com> |
updated libselinux pkgconfig does not work correctly on lib64 machines. On 02/24/2010 02:24 PM, Daniel J Walsh wrote: > Ignore the first patch it was missing pc.in files. Acked-by: Eamon Walsh <ewalsh@tycho.nsa.gov> Signed-off-by: Joshua Brindle <method@manicmethod.com>
rc/Makefile
rc/libselinux.pc.in
|
d03b94113615c1751b8a074bbd4064d915c70ff9 |
06-Mar-2010 |
Joshua Brindle <method@manicmethod.com> |
regenerate swig wrappers
rc/selinux.py
rc/selinuxswig_wrap.c
|
660f70f4c4c169214da8ac670fbecfb37ce3d2d5 |
28-Feb-2010 |
Daniel J Walsh <dwalsh@redhat.com> |
Author: Daniel J Walsh Email: dwalsh@redhat.com Subject: Fix memory leak on disabled selinux machines. Date: Wed, 24 Feb 2010 14:15:31 -0500 I think this patch originally came from Eric Paris and was updated by others but has not been adopted yet. Not sure why. Always free buf on exit. Signed-off-by: Joshua Brindle <method@manicmethod.com>
rc/init.c
|
955f8d8e288bbba32732a661d1db6b2c471ae91e |
22-Feb-2010 |
Stephen Smalley <sds@tycho.nsa.gov> |
libselinux 2.0.91
hangeLog
ERSION
|
070505f16f59b1ddbc6af670a04a3610253f50fc |
16-Feb-2010 |
Stephen Smalley <sds@tycho.nsa.gov> |
label_file.c:434: error: implicit declaration of function 'fstat' On Mon, 2010-02-15 at 14:19 -0800, Justin Mattock wrote: > this is new: > > > make[2]: Leaving directory `/home/kernel/selinux/libselinux/include' > make -C src install > make[2]: Entering directory `/home/kernel/selinux/libselinux/src' > cc -Werror -Wall -W -Wundef -Wshadow -Wmissing-noreturn > -Wmissing-format-attribute -I../include -I/usr/include -D_GNU_SOURCE > -D_FILE_OFFSET_BITS=64 -c -o label_file.o label_file.c > cc1: warnings being treated as errors > label_file.c: In function 'init': > label_file.c:434: error: implicit declaration of function 'fstat' > label_file.c:436: error: implicit declaration of function 'S_ISREG' > make[2]: *** [label_file.o] Error 1 > make[2]: Leaving directory `/home/kernel/selinux/libselinux/src' > make[1]: *** [install] Error 2 > make[1]: Leaving directory `/home/kernel/selinux/libselinux' > make: *** [install] Error 1 > > three areas where this could of been created > update glibc > updated kernel > update userspace(altohugh there was not vary many commits in the pull). Newer glibc headers expose a failure to #include the required headers for stat(2). Also exposes a conflict in redefining close() in that file. Patch below should fix.
rc/label_file.c
|
0fc6c7762c2174a5fb3b978891b0adf8930aa184 |
05-Feb-2010 |
Stephen Smalley <sds@tycho.nsa.gov> |
libselinux: Only audit permissions specified by the policy Only audit the permissions specified by the policy, excluding any permissions specified via dontaudit or not specified via auditallow. This only shows up when a single avc_has_perm() call is made with multiple permissions where some of those permissions are dontaudit'd or auditallow'd while others are not. The corresponding kernel patch has already been applied, see: http://git.kernel.org/?p=linux/kernel/git/jmorris/security-testing-2.6.git;a=commit;h=b6cac5a30b325e14cda425670bb3568d3cad0aa8 Signed-off-by: Stephen D. Smalley <sds@tycho.nsa.gov>
rc/avc.c
|
32cf5d539b4b4852d9de966578eae3ad5560cd63 |
27-Nov-2009 |
Joshua Brindle <method@manicmethod.com> |
bump checkpolicy to 2.0.21, libselinux to 2.0.90 and sepolgen to 1.0.19
hangeLog
ERSION
|
a69fb97edd244b94b2289ee3d0874f989b6ffe9c |
20-Oct-2009 |
Manoj Srivastava <srivasta@debian.org> |
exception.sh contains bashisms Hi folks, The script, src/exception.sh, contains so called bashisms (constructs not supported by POSIX, but present as bash extensions). This means when trying to build on systems where /bin/sh is not bash, the build fails with an error. This patch uses bash to run exception.sh. This bug affects a significant subset of Debian and Debian derivative machines. manoj Signed-off-by: Manoj Srivastava <srivasta@debian.org> Signed-off-by: Joshua Brindle <method@manicmethod.com>
rc/Makefile
|
48412c39302de7dfd1ba20d8bab042e6fa082c33 |
27-Nov-2009 |
Joshua Brindle <method@manicmethod.com> |
Author: Guido Trentalancia Email: guido@trentalancia.com Subject: Contributed manual pages for libselinux Date: Sat, 21 Nov 2009 20:51:17 +0100 Hello Eamon ! On Fri, 2009-11-20 at 21:42 -0500, Eamon Walsh wrote: > Hi, thanks for doing this. Some quick review below. You are welcome, I suppose it was a boring task for many... Thanks very much for reviewing the changes. And please accept my apologies for not placing "[PATCH]" in the subject of the original post. I had just subscribed to the list. I left you cc address intact here... > There is too much in matchpathcon(3) now. It's going to need to be > split up into different pages, perhaps the init/fini/teardown stuff in > one page, the lookup calls in another, and the non-matchpathcon prefixed > calls in a third page. > > Also, .so manpage links are needed for all the calls here. Yes, matchpathcon is a mess. Following your guidelines, I have now splitted the huge and messy page in several different man pages. It's easier to consult and easier to maintain. The first part (page) is strictly related to _init, its variant _init_index, _fini, matchpathcon and its variant matchpathcon_index. Nice and concise. References are provided in the "SEE ALSO" section to the rest. The second page describes the auxiliary lookup calls (matchpathcon_checkmatches) and the inode associations functions (matchpathcon_filespec_{add,destroy,eval}). The reference section points to the main matchpathcon page. A third page has been created for the functions that are used to set the flags (set_matchpathcon_flags) or to configure the behaviour of the main matchpathcon functions (set_matchpathcon_invalidcon and set_matchpathcon_printf). A fourth and fifth page is devoted to functions that should never had ended up in matchpathcon (selinux_file_context_cmp and selinux_file_context_verify in one page and selinux_lsetfilecon_default in another one): we do not really need to save electrons needed for new pages... > > > > * print_access_vector > > > > Looks good. No modifications. > > * security_disable > > > > See the selinux.h comments for this. It needs to be documented that > this function can only be called at startup time. Ok. I have stressed that now and also mentioned that after the policy has been loaded at startup, then only "setenforce" can be used to alter (not disable) the mode of the SELinux kernel code (for example by placing it into "permissive" mode). > > * security_set_boolean_list > > > > a RETURN VALUE section is needed in this page, documenting at least this > call if not the others in that page. I have now added a "RETURN VALUE" section. Also, to avoid confusion, I have rephrased the word "returns" in "provides" when not strictly referring the to the return value of the function (take for example security_get_boolean_names(), strictly speaking the function returns an integer representing 0=success or -1=failure, although from a conceptual point of view it also returns a list trough modification of one of its parameters passed by reference). Usually when an application developer looks at the "RETURN VALUE" section it is because he/she has already planned/coded the call to the function (and thus also the handling to parameters passed by reference) and only needs to check for the function exit status so that it can be handled properly at the call point. > > * selinux_check_passwd_access > > > > This is a replacement for the inconsistently named "checkPasswdAccess" > function. So, the existing description of checkPasswdAccess should be > moved to this function, and checkPasswdAccess should be changed to "this > is a deprecated alias for selinux_check_passwd_access". Yes, I have now mentioned that checkPasswdAccess is deprecated. We are referring to file security_compute_av.3 as the description of these two functions lives there... By the way, it has been pointed out that this function should not hard-code a string. I also agree with him, there is a generic constant for such "passwd" object class, it is defined in flask.h could be used instead of the string, thus avoiding hard-coding and also allowing to save a few cycles and be theoretically future-proof (if ever the name would change, say to "password", "auth-token" or anything else). libselinux/src/checkAccess.c.orig 2009-11-21 20:07:21.000000000 libselinux/src/checkAccess.c 2009-11-21 20:08:36.000000000 @@ -13,17 +13,12 @@ int selinux_check_passwd_access(access_v if (is_selinux_enabled() == 0) return 0; if (getprevcon_raw(&user_context) == 0) { - security_class_t passwd_class; struct av_decision avd; int retval; - passwd_class = string_to_security_class("passwd"); - if (passwd_class == 0) - return 0; - retval = security_compute_av_raw(user_context, user_context, - passwd_class, + SECCLASS_PASSWD, requested, &avd); Note that the above code, should really live in the application and not in the selinux library. It used to be like that, then for some reason it has been introduced. Redhat's passwd and cronie are calling the library function and thus at the moment they rely on it. But for example, util-linux-ng has the code in it and does not call this function, as I believe it should be. A very minor issue anyway... > > * selinux_init_load_policy > > > > A paragraph break is needed in the DESCRIPTION section before this function. Done. I have also added a note to the already mentioned fact that after initial policy load, SELinux cannot be anymore disabled using calls to security_disable(3). > > * selinux_lsetfilecon_default > > > > See notes above about the matchpathcon manpage. Yes, separate man page now. > > * selinux_mkload_policy > > > > Looks good. No modifications. > > * set_selinuxmnt > > > > This manpage includes two static functions that are not part of the > libselinux API (at least, not anymore) and should be removed. > > Also, I'm not comfortable with the description given. Instead, use the > comments in selinux.h, which are more accurate and verbose. > Please let me know if things are any better now. I did also provide on the same day a patch for beautifying and improving the command-line option parsing of a few utilities (a ticket had been created by somebody). That patch provides those improvement according to GNU-style parsing of "help" and "version" options (including long-option variants). I think it also fixes a couple of typos here and there. Feel free to include that patch too if you like it, so that the ticket can be closed ! I will attach it again in another separate message: it has been slightly modified in order to apply cleanly to the latest git snapshot. More important, I was also thinking about fingerprinting (and subsequently checking) the libraries with some cryptographic hash function such as the NIST-recommended SHA2. It is beginning to be done for security-related projects like OpenSSL, so I believe it is even more essential for SELinux. Ever thought about anything like that ? Best regards, Guido Signed-off-By: Joshua Brindle <method@manicmethod.com>
an/man3/fini_selinuxmnt.3
an/man3/init_selinuxmnt.3
an/man3/matchpathcon.3
an/man3/matchpathcon_checkmatches.3
an/man3/matchpathcon_filespec_add.3
an/man3/matchpathcon_filespec_destroy.3
an/man3/matchpathcon_filespec_eval.3
an/man3/matchpathcon_index.3
an/man3/print_access_vector.3
an/man3/security_class_to_string.3
an/man3/security_compute_av.3
an/man3/security_disable.3
an/man3/security_load_booleans.3
an/man3/security_load_policy.3
an/man3/security_mkload_policy.3
an/man3/selinux_binary_policy_path.3
an/man3/selinux_check_passwd_access.3
an/man3/selinux_file_context_cmp.3
an/man3/selinux_file_context_verify.3
an/man3/selinux_lsetfilecon_default.3
an/man3/set_matchpathcon_flags.3
an/man3/set_matchpathcon_invalidcon.3
an/man3/set_matchpathcon_printf.3
an/man3/set_selinuxmnt.3
|
7cdfd6e659dde3c7988e78ab2322a35e67ca8726 |
29-Oct-2009 |
Eamon Walsh <ewalsh@tycho.nsa.gov> |
Bump libsepol to 2.0.40, libselinux to 2.0.89, libsemanage to 2.0.41.
hangeLog
ERSION
|
12777502c638698a9e1dd6748a2309cb87946a65 |
21-Oct-2009 |
Eamon Walsh <ewalsh@tycho.nsa.gov> |
Add pkgconfig files for libsepol, libselinux, and libsemanage. Having a pkgconfig files allows the pkg-config tool to be used to query the presence of the library (or a particular version of it), and to obtain the C flags and linker arguments to build with it. Based on Debian patches by Manoj Srivastava <srivasta@debian.org>. Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
rc/Makefile
rc/libselinux.pc.in
|
6f4660679f0051e3608c11050b7a52882e667b52 |
22-Oct-2009 |
Chad Sellers <csellers@tresys.com> |
Bump libselinux to 2.0.88 and libsemanage to 2.0.40
hangeLog
ERSION
|
7d19f9df510daef5dc929df5854c2dda2a64f475 |
20-Oct-2009 |
Chad Sellers <csellers@tresys.com> |
libselinux: Export reset_selinux_config() In integrating SELinux policy into rpm, we have a need to be able to reset the configuration data (e.g. policy type) loaded into libselinux. These values are currently loaded lazily by a number of different functions (e.g. matchpatchcon_init()). Since we are changing rpm to install policy, including initial base policy, we need to be able to reload these configuration items after the policy has been installed. reset_selinux_config() already exists and is used by selinux_init_load_policy() for a similar reason, but it is not exported. This was probably intentionaly since it is not thread safe at all. That said, rpm needs to do the same thing. This patch makes the function public, and places a warning in the header comment that it is not thread safe. Signed-off-by: Chad Sellers <csellers@tresys.com>
nclude/selinux/selinux.h
rc/load_policy.c
rc/selinux_config.c
rc/selinux_internal.h
|
0857e3e4782789a326426e1284dce95ba6d6b851 |
21-Oct-2009 |
Eamon Walsh <ewalsh@tycho.nsa.gov> |
Add subdirectory .gitignore files. These take care of executables and generated source files. Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
gitignore
|
0e421afd55407cf5e6e3793558e4449aef6fcf52 |
24-Sep-2009 |
Joshua Brindle <method@manicmethod.com> |
bump libselinux to 2.0.87 and libsemanage to 2.0.39
hangeLog
ERSION
|
00f0d550d556ec4cda88cc89aa5a63e6aa043fad |
24-Sep-2009 |
Daniel J Walsh <dwalsh@redhat.com> |
Author: Daniel J Walsh Email: dwalsh@redhat.com Subject: refpolicy: nsalibselinux_utils_matchpathcon.c changes Date: Tue, 07 Jul 2009 12:30:52 -0400 --text follows this line-- Signed-off-by: Joshua Brindle <method@manicmethod.com>
tils/matchpathcon.c
|
94c51ba3b12e476c0b7108c9d83b939ed56b8359 |
24-Sep-2009 |
Joshua Brindle <method@manicmethod.com> |
make swigify
rc/selinux.py
rc/selinuxswig_python_exception.i
rc/selinuxswig_wrap.c
|
8569b09417ac29b1792da6241f0745b76367f813 |
24-Sep-2009 |
Joshua Brindle <method@manicmethod.com> |
This updates commit 66d07600075d53735197520e4a5bbe6796a89d25 This seems to work better on my system (aux-info on temp.c didn't do anything) Also it fixes the noted Makefile issues
rc/Makefile
|
95d8143b35913fc34bb6c92f7c36f2e155c53049 |
24-Sep-2009 |
Joshua Brindle <method@manicmethod.com> |
This updates commit 66d07600075d53735197520e4a5bbe6796a89d25 This seems to work better on my system (aux-info on temp.c didn't do anything)
rc/exception.sh
|
66d07600075d53735197520e4a5bbe6796a89d25 |
16-Sep-2009 |
Daniel J Walsh <dwalsh@redhat.com> |
This patch fixes the exception handling in libselinux-python bindings On 09/16/2009 03:35 PM, Joshua Brindle wrote: > > > Joshua Brindle wrote: >> >> >> Daniel J Walsh wrote: >>> What do you think of this one. Removed excess swig cruft, >>> >>> You need to run >>> >>> make swigify to generate those changes. >>> >> >> Ok, looking at this now. I don't completely get how it works. I'm trying >> to reproduce what you are doing by hand but nothing comes out of gcc: >> >> [root@localhost src]# echo '#include "../include/selinux/selinux.h"' > >> temp.c >> [root@localhost src]# gcc -c temp.c -aux-info temp.aux >> [root@localhost src]# ls temp.* >> temp.c temp.o >> >> >> What is the purpose of the aux-info thing, and why doesn't it work on my >> F11 machine? >> >> also, I'm not sure if the best place for selinuxswig_exception.i is >> swigify or pywrap. In the swigify case it shouldn't be in the clean >> target because if you check out the repo and do make clean; make pywrap >> you'll get an error. (I can make these fixes, I'm just trying to figure >> out how it all works first). >> > > Oh, one more thing, should this be python specific? (E.g, should it be > named selinuxswig_python_exception.i ?) Changed name to selinux_python_exception.i WOrks for me on F11 and F12 dwalsh@localhost$ echo '#include "../include/selinux/selinux.h"' > temp.c dwalsh@localhost$ gcc -c temp.c -aux-info temp.aux dwalsh@localhost$ ls temp.* temp.aux temp.c temp.o cat temp.aux /* compiled from: . */ /* /usr/include/sys/select.h:109:NC */ extern int select (int, fd_set *, fd_set *, fd_set *, struct timeval *); /* /usr/include/sys/select.h:121:NC */ extern int pselect (int, fd_set *, fd_set *, fd_set *, const struct timespec *, const __sigset_t *); /* /usr/include/sys/sysmacros.h:31:NC */ extern unsigned int gnu_dev_major (long long unsigned int); /* /usr/include/sys/sysmacros.h:34:NC */ extern unsigned int gnu_dev_minor (long long unsigned int); /* /usr/include/sys/sysmacros.h:37:NC */ extern long long unsigned int gnu_dev_makedev (unsigned int, unsigned int); /* ../include/selinux/selinux.h:12:NC */ extern int is_selinux_enabled (void); /* ../include/selinux/selinux.h:14:NC */ extern int is_selinux_mls_enabled (void); /* ../include/selinux/selinux.h:19:NC */ extern void freecon (security_context_t); /* ../include/selinux/selinux.h:22:NC */ extern void freeconary (security_context_t *); ... commit 38d98bd958f42ea18c9376e624d733795665ee22 Author: Dan Walsh <dwalsh@redhat.com> Date: Wed Sep 16 16:51:14 2009 -0400 Add exception code
nclude/selinux/selinux.h
rc/Makefile
rc/exception.sh
rc/selinuxswig.i
rc/selinuxswig_python.i
|
206e2dfe7a35e25c971baa79eee22c5eb4981b09 |
03-Sep-2009 |
Eamon Walsh <ewalsh@tycho.nsa.gov> |
libselinux 2.0.86
hangeLog
ERSION
|
09cd8160d97770533d3290aeafc466b5c6fe8939 |
03-Sep-2009 |
Eamon Walsh <ewalsh@tycho.nsa.gov> |
Documentation updates for the removal of recounted SID's. Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
an/man3/avc_compute_create.3
an/man3/avc_context_to_sid.3
an/man3/avc_open.3
|
58866dd5668e845fd1cc0f62ae8dd4b93d9caf2b |
02-Sep-2009 |
Eamon Walsh <ewalsh@tycho.nsa.gov> |
The userspace AVC currently has refcounted SID's. This patch strips out the refcounting under the following justifications: 1. Managing the refcounts by calling sidput() and sidget() as appropriate is a difficult and bug-prone task for users of the library. 2. The userspace AVC doesn't currently make use of the refcounts to reclaim unused SID's unless avc_cleanup() is explicitly called. 3. The kernel itself no longer uses refcounting for it's own SID's. The implication of this change is that SID's (basically malloc'ed copies of security contexts) will persist in the AVC's SID table until the next call to avc_destroy(). This presents the potential for increased memory usage, but in practice I don't believe this will be an issue. ABI compatibility is preserved: the avc_cleanup(), sidput(), and sidget() calls are changed to no-ops. Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
rc/avc.c
rc/avc_internal.h
rc/avc_sidtab.c
rc/avc_sidtab.h
|
919c98984735076f9981f18c3960893f5c637cbe |
14-Jul-2009 |
Stephen Smalley <sds@tycho.nsa.gov> |
libselinux 2.0.85
hangeLog
ERSION
|
8c372f665db44cf753bb299e2ee7dcf6143b9e9e |
01-Jul-2009 |
Stephen Smalley <sds@tycho.nsa.gov> |
libselinux: lazy init Revive Steve Grubb's patch for libselinux lazy init and extend it to address not only the reading of /etc/selinux/config but also probing for /selinux/class and reading of /selinux/mls. This should reduce the need for dontaudit rules for programs that link with libselinux and it should reduce unnecessary overhead. I did not convert init_selinuxmnt over to lazy init since the functions that use selinux_mnt are not localized, and it only requires stat'ing of /selinux in the common case. I couldn't see a valid reason why we needed fini_obj_class_compat(), as the existence of /selinux/class will only change across a reboot with different kernel versions. fini_context_translations() already had a comment saying that it was unnecessary as well. Before: $ strace ls 2> err $ grep selinux err open("/lib/libselinux.so.1", O_RDONLY) = 3 open("/etc/selinux/config", O_RDONLY|O_LARGEFILE) = 3 statfs64("/selinux", 84, {f_type=0xf97cff8c, f_bsize=4096, f_blocks=0, f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={0, 0}, f_namelen=255, f_frsize=4096}) = 0 stat64("/selinux/class", {st_mode=S_IFDIR|0555, st_size=0, ...}) = 0 open("/selinux/mls", O_RDONLY|O_LARGEFILE) = 3 After: $ strace ls 2> err $ grep selinux err open("/lib/libselinux.so.1", O_RDONLY) = 3 statfs64("/selinux", 84, {f_type=0xf97cff8c, f_bsize=4096, f_blocks=0, f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={0, 0}, f_namelen=255, f_frsize=4096}) = 0 Original-patch-by: Steve Grubb <linux_4ever@yahoo.com> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
rc/init.c
rc/selinux_config.c
rc/selinux_internal.h
rc/setrans_client.c
rc/setrans_internal.h
rc/stringrep.c
|
1ac1ff6382505fa1e245fdc9c91b2448a7843101 |
14-Jul-2009 |
Stephen Smalley <sds@tycho.nsa.gov> |
Revert Tomas Mraz's fix for freeing thread local storage in libselinux. This reverts commit a842c9dae863c5a8a28bd6b6abf192c8b5ba1838.
rc/Makefile
rc/setrans_client.c
|
1591e426259ed456a4c1f93d46854762df81fbfd |
07-Jul-2009 |
Joshua Brindle <method@manicmethod.com> |
bump libselinux to 2.0.84
hangeLog
ERSION
|
532bd9a8926b4123c9444660041f4e9961543577 |
07-Jul-2009 |
Daniel J Walsh <dwalsh@redhat.com> |
Author: Daniel J Walsh Email: dwalsh@redhat.com Subject: This patch add seusers support to SELinux Date: Mon, 18 May 2009 14:20:30 -0400 The idea here is to break the seusers file up into lots of little seusers file that can be user specific, also adds the service field to be used by tools like pam_selinux to choose which is the correct context to log a user in as. Patch was added to facilitate IPA handing out SELinux content for selection of roles at login. Signed-off-by: Joshua Brindle <method@manicmethod.com>
nclude/selinux/selinux.h
rc/seusers.c
|
f85eec055107f0caf1e8eec9b7a6c366f68f4328 |
07-Jul-2009 |
Joshua Brindle <method@manicmethod.com> |
Merge branch 'master' of jbrindle@oss.tresys.com:/home/git/selinux
|
41be6cf7fad1981f51cda91b4a9a25e54da27d8d |
07-Jul-2009 |
Stephen Smalley <sds@tycho.nsa.gov> |
libselinux 2.0.83
hangeLog
ERSION
|
b985905d2f58836993acf03edc0395acd1f3f7f1 |
20-May-2009 |
Stephen Smalley <sds@tycho.nsa.gov> |
Policy loading problem On Wed, 2009-05-20 at 22:57 +0800, Dennis Wronka wrote: > Okay, here we go: > > I unmounted /selinux and then got this: > load_policy: Can't load policy: Invalid argument > > I attached my kernel-config and the two traces (trace1 for the "Device or > resource busy"-error, trace2 for the "Invalid argument"-error). Possible patch for libselinux to a) gracefully handle the situation where selinuxfs is already mounted, b) report errors when switching to permissive, and c) proceed with the policy load even if we cannot switch to permissive mode as requested, as proceeding without a policy when the kernel only supports enforcing mode is not desirable. Signed-off-by: Joshua Brindle <method@manicmethod.com>
rc/load_policy.c
|
f057914941e29c460f5cd700d55b4d193c7927ef |
24-Jun-2009 |
Eric Paris <eparis@redhat.com> |
check /proc/filesystems before /proc/mounts for selinuxfs Al was complaining that he has selinux disabled and has 100,000+ mounts in /proc/mounts. Every time he runs ls the thing takes 5 seconds because the libselinux constructor runs the entirety of his /proc/mounts looking for selinuxfs, which doesn't exist. Speed things up by first checking for selinuxfs in /proc/filesystems, only if the fs is even registered should we bother to run all of /proc/mounts. Signed-off-by: Eric Paris <eparis@redhat.com>
rc/init.c
|
33844aa60d306fabf77c6e84f91dbcdbc494ae75 |
22-Jun-2009 |
Joshua Brindle <method@manicmethod.com> |
bump libselinux to 2.0.82 and policycoreutils to 2.0.64
hangeLog
ERSION
|
a842c9dae863c5a8a28bd6b6abf192c8b5ba1838 |
10-Jun-2009 |
Tomas Mraz <tmraz@redhat.com> |
Author: Tomas Mraz Email: tmraz@redhat.com Subject: Problems with freeing thread local storage in libselinux Date: Wed, 06 May 2009 12:38:35 +0200 On Wed, 2009-05-06 at 01:32 -0500, Manoj Srivastava wrote: > Hi folks, > > There have been numerous reports in Debian and derivatives of > programs linked with libselinux intermittently getting segfaults. > There is, for instance, the Debian report 505920[0], and Ubuntu > reports[1], [3] and [5], and Gnome [2]. I have not been able to > reproduce the error myself, though I have run the test cases a number > of times. > > The common thread in unclutter, libavg, gst-inspect et al. is a > segmentation fault in libselinux1, in the 'fini' destructor functions, > referencing the thread local variables. > > The Ubuntu bug log reference my old patch for libselinux from > 1.X days, where I replaced the thread local storage with regular > variables and mutexes, and people report success with that. I suspect > that something is corrupting the thread local storage. From the ubuntu > report: > --8<---------------cut here---------------start------------->8--- > Valgrind reports: > =29183== Invalid read of size 8 > ==29183== at 0xE29B9DD: fini_context_translations (setrans_client.c:211) > ==29183== by 0xE28F1F1: (within /lib/libselinux.so.1) > ==29183== by 0xE29D040: (within /lib/libselinux.so.1) > ==29183== by 0x570010F: exit (exit.c:75) > 505920==29183== by 0x56E91CA: (below main) (libc-start.c:252) > ==29183== Address 0x80 is not stack'd, malloc'd or (recently) free'd > ==29183== > ==29183== Process terminating with default action of signal 11 (SIGSEGV): dumping core > ==29183== Access not within mapped region at address 0x80 > ==29183== at 0xE29B9DD: fini_context_translations (setrans_client.c:211) > ==29183== by 0xE28F1F1: (within /lib/libselinux.so.1) > ==29183== by 0xE29D040: (within /lib/libselinux.so.1)==29183== by 0x570010F: exit (exit.c:75) > ==29183== by 0x56E91CA: (below main) (libc-start.c:252) > > > (gdb) bt > #0 0x00007f3ae812a9dd in fini_context_translations () at setrans_client.c:211 > #1 0x00007f3ae811e1f2 in __do_global_dtors_aux () from /lib/libselinux.so.1 > #2 0x00007ffff9097700 in ?? () > #3 0x00007f3ae812c041 in _fini () from /lib/libselinux.so.1 > #4 0x00007ffff9097700 in ?? () > #5 0x00007f3af0e88796 in _dl_fini () from /lib64/ld-linux-x86-64.so.2 > Backtrace stopped: previous frame inner to this frame (corrupt stack?) > --8<---------------cut here---------------end--------------->8--- > > There have been two sets of patches proposed for this; first one > merely initializes the variables in the init function, and this works > for a number of people, but at least one person has reported a second > segfault even with the patch installed[6] > > The second patch below converts a thread local cache to a > process wide cache, with mutex guards, which makes the cache slower, > and non-thread local caches means that cache misses are more likely. > > I'll try and follow up with people who can reproduce the > problems to see if either one of the patches solve their problems > without triggering other segmentation faults, but I'd appreciate > comments if anyone has insight into the issue. The problem is with freeing storage referenced by TLS variables in destructors. The destructor is called only in one of the threads and the variables might not be even properly initialized in that thread. One possibility is to not free the storage at all but that will leak memory if the libselinux is loaded/unloaded multiple times in a process. The only proper way is to use TSD (pthread_key_create, pthread_setspecific etc.) to store the pointers to the cached contexts. The attached patch implements this. I did not test it thoroughly though. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb Signed-off-by: Chad Sellers <csellers@tresys.com>
rc/Makefile
rc/setrans_client.c
|
20271d94ed2b26b94b052ba6ed90b63566cecbb7 |
04-Jun-2009 |
Daniel J Walsh <dwalsh@redhat.com> |
Author: Daniel J Walsh Email: dwalsh@redhat.com Subject: SELinux context patch Date: Mon, 18 May 2009 14:16:12 -0400 This patch adds context files for virtual_domain and virtual_image, these are both being used to locat the default context to be executed by svirt. I also included the subs patch which I submitted before. This patch allows us to substitute prefixes to matchpathcon. So we can say /export/home == /home and /web == /var/www Author: Chad Sellers Email: csellers@tresys.com Flipped free()'s in original patch when strdup'd fail to proper order. Signed-off-by: Chad Sellers <csellers@tresys.com>
nclude/selinux/selinux.h
rc/file_path_suffixes.h
rc/label.c
rc/selinux_config.c
rc/selinux_internal.h
|
99afa3cb774218f00ac40e494bd3d7ad4a818e60 |
06-May-2009 |
Joshua Brindle <method@manicmethod.com> |
bump libselinux to 2.0.81
hangeLog
ERSION
|
20eff2b9a53eeae4269ffc082bb95103596cd0b8 |
14-May-2009 |
Daniel J Walsh <dwalsh@redhat.com> |
Author: Daniel J Walsh Email: dwalsh@redhat.com Subject: Patch to getdefaultcon to print just the correct match and add verbose option Date: Wed, 04 Mar 2009 15:41:37 -0500 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I really want to rename this to selinuxdefaultcon, which is what we ship in Fedora. Also exit with proper error on failure. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkmu54AACgkQrlYvE4MpobNoZACdHgQDP2Hp/KDBpGCD7G08HjOX p68An25Uu83SlOqjKyy9EG8ZgdIcuTCB =L6UU -----END PGP SIGNATURE----- Signed-off-by: Chad Sellers <csellers@tresys.com>
tils/getdefaultcon.c
|
72d535fdb822135fcfa23c82977c62c7f1500e34 |
07-May-2009 |
Chad Sellers <csellers@tresys.com> |
Author: Daniel J Walsh Email: dwalsh@redhat.com Subject: We have moved matchpathcon to /sbin from /usr/sbin Date: Wed, 01 Apr 2009 10:21:53 -0400 Some init scripts wanted to use matchpathcon before /usr is mounted. Author: Chad Sellers Email: csellers@tresys.com Added matchpathcon to clean target Signed-off-by: Chad Sellers <csellers@tresys.com>
tils/Makefile
|
a4af847dc6f52688a25bb0323ff3b84b13dded67 |
11-Apr-2009 |
Hiroshi Shinji <hiroshi.shinji@gmail.com> |
Author: Hiroshi Shinji Email: hiroshi.shinji@gmail.com Subject: Memory leak in libselinux/src/label_file.c Date: Fri, 3 Apr 2009 13:58:01 +0900 Hi, I found memory leak in libselinux/src/label_file.c. Please fix it. Regards, -- Hiroshi Shinji Signed-off-by: Chad Sellers <csellers@tresys.com>
rc/label_file.c
|
5f1746a17e8f0882d379ce9cff24075bef9ca746 |
11-Apr-2009 |
Chad Sellers <csellers@tresys.com> |
Merge branch 'master' of http://oss.tresys.com/git/selinux
|
7610baa968ad499667c60c222cba326b737c532a |
06-May-2009 |
Stephen Smalley <sds@tycho.nsa.gov> |
Trivial: Wrap the #define MNT_DETACH with #ifndef MNT_DETACH...#endif so that it does not break with the latest glibc headers, as in F11/rawhide.
rc/load_policy.c
|
93a680280ffd538444d996482e4885cdd8cfbe95 |
10-Apr-2009 |
Daniel J Walsh <dwalsh@redhat.com> |
Author: Daniel J Walsh Email: dwalsh@redhat.com Subject: Patch matchpathcon to eliminate file "/" Date: Wed, 04 Mar 2009 15:39:31 -0500 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 So matchpathcon /etc/ Will work the same as matchpathcon /etc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkmu5wMACgkQrlYvE4MpobNK4gCgiVeXXEZcCMsJKXM7jqh6r1u3 OScAoLcmXBIR63gpvA8RS3g07pcPC6IF =e+Re -----END PGP SIGNATURE----- Signed-off-by: Chad Sellers <csellers@tresys.com>
tils/matchpathcon.c
|
a07493d1a16f23479657c6ea7fc86ffc3f9d7c85 |
08-Apr-2009 |
Eamon Walsh <ewalsh@tycho.nsa.gov> |
bump libselinux to 2.0.80.
hangeLog
ERSION
|
433a99d4032706af724ff779d8d9d539f20793f8 |
08-Apr-2009 |
KaiGai Kohei <kaigai@ak.jp.nec.com> |
It is useful for userspace object manager, if libselinux has an interface something like: int security_deny_unknown(void); This interface can suggest applications preferable behavior when string_to_security_class() or string_to_av_perm() returns invalid value which means the security policy does not define required ones. Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com>
nclude/selinux/selinux.h
an/man3/security_deny_unknown.3
an/man3/security_getenforce.3
rc/deny_unknown.c
rc/selinux_internal.h
|
55ed6e7fa6b7d55c628fa04508521920e60a43f7 |
08-Apr-2009 |
KaiGai Kohei <kaigai@ak.jp.nec.com> |
This patch enables applications to handle permissive domain correctly. Since the v2.6.26 kernel, SELinux has supported an idea of permissive domain which allows certain processes to work as if permissive mode, even if the global setting is enforcing mode. However, we don't have an application program interface to inform what domains are permissive one, and what domains are not. It means applications focuses on SELinux (XACE/SELinux, SE-PostgreSQL and so on) cannot handle permissive domain correctly. This patch add the sixth field (flags) on the reply of the /selinux/access interface which is used to make an access control decision from userspace. If the first bit of the flags field is positive, it means the required access control decision is on permissive domain, so application should allow any required actions, as the kernel doing. This patch also has a side benefit. The av_decision.flags is set at context_struct_compute_av(). It enables to check required permissions without read_lock(&policy_rwlock). Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com>
nclude/selinux/selinux.h
an/man3/security_compute_av.3
an/man3/security_compute_av_flags.3
rc/avc.c
rc/compute_av.c
rc/selinux_internal.h
|
318748d65917fa5a96c17ce3b564074e43482d75 |
08-Apr-2009 |
KaiGai Kohei <kaigai@ak.jp.nec.com> |
The attached patch enables userspace object managers to handle notification messages via netlink socket from SELinux. * Two new callbacks were added to selinux_set_callback(3) - SELINUX_CB_SETENFORCE is invoked when it got SELNL_MSG_SETENFORCE message in the avc_netlink_process(). - SELINUX_CB_POLICYLOAD is invoked when it got SELNL_MSG_POLICYLOAD message in the avc_netlink_process(). * Three functions were exposed to applications. - int avc_netlink_open(int blocking); - void avc_netlink_loop(void); - void avc_netlink_close(void); Due to a few reasons, SE-PostgreSQL implements its own userspace avc, so it needs to copy and paste some of avc_internal.c. This update enables to share common part from such kind of application. Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com>
nclude/selinux/avc.h
nclude/selinux/selinux.h
an/man3/avc_netlink_acquire_fd.3
an/man3/avc_netlink_check_nb.3
an/man3/avc_netlink_close.3
an/man3/avc_netlink_loop.3
an/man3/avc_netlink_open.3
an/man3/avc_netlink_release_fd.3
an/man3/selinux_set_callback.3
rc/avc_internal.c
rc/avc_internal.h
rc/callbacks.c
rc/callbacks.h
|
3028bc3c5811b90af9cd051c6fbdfdcd2c77f44f |
12-Mar-2009 |
Eamon Walsh <ewalsh@tycho.nsa.gov> |
bump libselinux to 2.0.79.
hangeLog
ERSION
|
7239480c7019281893b1a12b1edc8cc28f8695b7 |
12-Mar-2009 |
Eamon Walsh <ewalsh@tycho.nsa.gov> |
In one benchmark the X server was found to be extremely slow creating windows with selinux running. Part of the reason for this was because libselinux called into the kernel /selinux/create interface for every object. This patch caches the results of /selinux/create in the userspace avc to significantly increase the speed of these types of operations. Revised to correct locking, interface issues. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
rc/avc.c
|
7ab6b29011dc62b0f344087e1ca4d8cdd2a9e508 |
11-Mar-2009 |
Eamon Walsh <ewalsh@tycho.nsa.gov> |
Netlink socket handoff functions from Adam Jackson.
nclude/selinux/avc.h
rc/avc.c
rc/avc_internal.c
rc/avc_internal.h
rc/selinuxswig.i
|
5032faa9848e2312b53d09c32c45238f4507d36a |
28-Feb-2009 |
Eamon Walsh <ewalsh@tycho.nsa.gov> |
bump libselinux to 2.0.78
hangeLog
ERSION
|
b27ff3397dcef05a4a22343dccf18f3a29b7de90 |
28-Feb-2009 |
Eamon Walsh <ewalsh@tycho.nsa.gov> |
Fix an incorrect conversion specifier in the discover_class code. Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
rc/stringrep.c
|
c8a18807d5988ec2ff4fe3422397cca41771ba5a |
12-Jan-2009 |
Joshua Brindle <method@manicmethod.com> |
Merge branch 'master' of jbrindle@oss.tresys.com:/home/git/selinux Conflicts: libselinux/ChangeLog
|
a9e6fbdeaeb64af621127d08870e16d23363d69b |
12-Jan-2009 |
Joshua Brindle <method@manicmethod.com> |
bump libselinux to 2.0.76
hangeLog
ERSION
|
3726a7783ef6bac3a75d8503a18ffe47152d2c03 |
12-Jan-2009 |
Joshua Brindle <method@manicmethod.com> |
regerate swig wrappers for commit 09836bf0c1bd3cd9e1807e1b29b0faea2545baf4
rc/selinux.py
|
09836bf0c1bd3cd9e1807e1b29b0faea2545baf4 |
12-Jan-2009 |
Joshua Brindle <method@manicmethod.com> |
Author: Daniel J Walsh Email: dwalsh@redhat.com Subject: Add restorecon and install methods for libselinux python bindings. Date: Tue, 06 Jan 2009 10:31:04 -0500 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Daniel J Walsh wrote: > Joshua Brindle wrote: >> Daniel J Walsh wrote: >> Luke Macken wrote restorecon and install functions used in Fedora >> Infrastructure which can be used to install files with the proper >> context and to fix the labels of files/directories without having to >> exec restorecon. > >> diff --exclude-from=exclude -N -u -r >> nsalibselinux/src/selinuxswig_python.i >> libselinux-2.0.75/src/selinuxswig_python.i >> --- nsalibselinux/src/selinuxswig_python.i 2008-08-28 >> 09:34:24.000000000 -0400 >> +++ libselinux-2.0.75/src/selinuxswig_python.i 2008-11-14 >> 17:09:50.000000000 -0500 >> @@ -6,6 +6,32 @@ >> #include "selinux/selinux.h" >> %} > >> +%pythoncode %{ >> + >> +import shutil, os >> + >> +def restorecon(path, recursive=False): >> + """ Restore SELinux context on a given path """ >> + mode = os.stat(path)[stat.ST_MODE] > >> stat doesn't exist here, perhaps he meant mode? > >> + status, context = matchpathcon(path, mode) >> + if status == 0: >> + lsetfilecon(path, context) >> + if recursive: >> + os.path.walk(path, lambda arg, dirname, fnames: >> + map(restorecon, [os.path.join(dirname, fname) >> + s for fname in fnames]), >> None) > >> typo, the s causes a syntax error > >> + >> +def copytree(src, dest): >> + """ An SELinux-friendly shutil.copytree method """ >> + shutil.copytree(src, dest) >> + restorecon(dest, recursive=True) >> + >> +def install(src, dest): >> + """ An SELinux-friendly shutil.move method """ >> + shutil.move(src, dest) >> + restorecon(dest, recursive=True) >> +%} >> + >> /* security_get_boolean_names() typemap */ >> %typemap(argout) (char ***names, int *len) { >> PyObject* list = PyList_New(*$2); > >> This patch doesn't appear correct, I'll fix the things above, have you >> been testing this at all? > > Must have sent you a bad patch. > > > This is what the current patch looks like. > And this is still broken. One more fix. + mode = os.stat(path)[stat.ST_MODE] should be + mode = os.lstat(path)[stat.ST_MODE] Modified to remove copytree and install functions Signed-off-by: Joshua Brindle <method@manicmethod.com>
rc/selinuxswig_python.i
|
71cb6604ad1ea4f04fefb63018c6a8bd936bb195 |
05-Jan-2009 |
Joshua Brindle <method@manicmethod.com> |
regenerate swig bindings for color translation in commit cfa3cb6fa5d0cc00fde75ee74ec2da577f62e141
rc/selinux.py
rc/selinuxswig_wrap.c
|
7817c92986edf432268f794a80cd52efb9f8b858 |
06-Jan-2009 |
Eamon Walsh <ewalsh@tycho.nsa.gov> |
Bump libselinux to 2.0.76
hangeLog
ERSION
|
f9b1f1a2a17298b60a94780ab5899a8d91cbf100 |
01-Jan-2009 |
Eamon Walsh <ewalsh@tycho.nsa.gov> |
Add config path function for secolor.conf file. Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
nclude/selinux/selinux.h
rc/file_path_suffixes.h
rc/selinux_config.c
rc/selinux_internal.h
|
cfa3cb6fa5d0cc00fde75ee74ec2da577f62e141 |
26-Nov-2008 |
Eamon Walsh <ewalsh@tycho.nsa.gov> |
Add client routines for translating raw security contexts into colors. Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
nclude/selinux/selinux.h
rc/selinux_internal.h
rc/setrans_client.c
rc/setrans_internal.h
|
aa92cfbe74633895696dbb1bd4bcf3b20a7f807b |
19-Nov-2008 |
Eamon Walsh <ewalsh@tycho.nsa.gov> |
Bump libselinux to 2.0.75
hangeLog
ERSION
|
66b2af371aca28734346d23c3b5344cf094bcfbb |
14-Nov-2008 |
Eamon Walsh <ewalsh@tycho.nsa.gov> |
Allow shell-style wildcard patterns in the X labeling backend. Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
rc/label_x.c
|
cc502813e0e64c1f7d380503d153cd49e8fcb130 |
03-Nov-2008 |
Eamon Walsh <ewalsh@tycho.nsa.gov> |
Bump libselinux to 2.0.74
hangeLog
ERSION
|
eee0f022e44ade05143eeee3748dd78fbd17966b |
31-Oct-2008 |
Eamon Walsh <ewalsh@tycho.nsa.gov> |
Put a proper message type into each message logged by the userspace AVC. Currently, the message types are defined but not used. This will allow better separation of messages when logging to facilities such as libaudit. Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
rc/avc.c
rc/avc_internal.c
rc/avc_internal.h
|
3d431ae08f5349b906879f7a6abd0e2bbd182e92 |
14-Oct-2008 |
Joshua Brindle <method@manicmethod.com> |
bump libselinux and checkpolicy versions
hangeLog
ERSION
|
345fb4a99b7aa6442b2f9ead4cc391d031d4b6ba |
14-Oct-2008 |
Joshua Brindle <method@manicmethod.com> |
Author: Daniel J Walsh Email: dwalsh@redhat.com Subject: Yet another man page patch Date: Tue, 30 Sep 2008 08:52:58 -0400 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 int selinux_file_context_cmp(const security_context_t a, + const security_context_t b);" + +.BI "int selinux_file_context_verify(const char *path, mode_t mode);" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkjiISoACgkQrlYvE4MpobPV9gCg0KZ+rsxGsIalBS1qvbObK7bA 0H8Anj8FnGzOnSjnOfbk+5R4Bf2OyxW+ =nJ7k -----END PGP SIGNATURE----- Signed-off-by: Joshua Brindle <method@manicmethod.com>
an/man3/matchpathcon.3
an/man3/selinux_file_context_cmp.3
an/man3/selinux_file_context_verify.3
|
86562db50a328b82626f7db7a8bf8ff7f55ca045 |
14-Oct-2008 |
Joshua Brindle <method@manicmethod.com> |
Author: Daniel J Walsh Email: dwalsh@redhat.com Subject: matchpathcon -V does not always work as expected. Date: Tue, 30 Sep 2008 08:54:18 -0400 matchpathcon -V should be passing the mode when checking whether the file context on a file is correct. Signed-off-by: Joshua Brindle <method@manicmethod.com>
tils/matchpathcon.c
|
922103e7f27a404be0b06baeb441396ce7e3e5c0 |
30-Sep-2008 |
Joshua Brindle <method@manicmethod.com> |
bump libselinux to 2.0.73
hangeLog
ERSION
|
06c2dd5d04a1505d2c3e397b5b8a624fdd02805b |
29-Sep-2008 |
Joshua Brindle <method@manicmethod.com> |
Author: Daniel J Walsh Email: dwalsh@redhat.com Subject: Some missing man pages from libselinux Date: Wed, 24 Sep 2008 08:57:44 -0400 We are still missing the following man pages. Perhaps some of these functions should be removed? selinux_users_path seems to return a bogus directory? Also do not have _raw functions defined in man pages. matchpathcon_checkmatches matchpathcon_filespec_add matchpathcon_filespec_destroy matchpathcon_filespec_eval matchpathcon_index matchpathcon_init_prefix print_access_vector security_canonicalize_context security_disable security_set_boolean_list selinux_check_passwd_access selinux_customizable_types_path selinux_file_context_cmp selinux_file_context_verify selinux_get_callback selinux_init_load_policy selinux_lsetfilecon_default selinux_mkload_policy selinux_raw_to_trans_context selinux_trans_to_raw_context selinux_translations_path selinux_users_path set_selinuxmnt Signed-off-by: Joshua Brindle <method@manicmethod.com>
an/man3/avc_get_initial_sid.3
an/man3/get_default_type.3
an/man3/getsockcreatecon.3
an/man3/is_selinux_enabled.3
an/man3/is_selinux_mls_enabled.3
an/man3/matchpathcon_fini.3
an/man3/matchpathcon_init.3
an/man3/selinux_binary_policy_path.3
an/man3/selinux_default_type_path.3
an/man3/selinux_file_context_homedir_path.3
an/man3/selinux_file_context_local_path.3
an/man3/selinux_getpolicytype.3
an/man3/selinux_homedir_context_path.3
an/man3/selinux_netfilter_context_path.3
an/man3/selinux_path.3
an/man3/selinux_usersconf_path.3
an/man3/selinux_x_context_path.3
an/man3/set_matchpathcon_flags.3
an/man3/setsockcreatecon.3
|
85ea2db4bd450be86fc12723a553ba84bf746311 |
29-Sep-2008 |
Joshua Brindle <method@manicmethod.com> |
Author: Daniel J Walsh Email: dwalsh@redhat.com Subject: Man page fixes for libselinux. Date: Mon, 22 Sep 2008 13:52:13 -0400 Signed-off-by: Joshua Brindle <method@manicmethod.com>
an/man3/fgetfilecon.3
an/man3/getkeycreatecon.3
an/man3/lgetfilecon.3
an/man3/setkeycreatecon.3
|
5973c54402317126e63902ed2b288f567bd7ee59 |
29-Sep-2008 |
Joshua Brindle <method@manicmethod.com> |
Author: Daniel J Walsh Email: dwalsh@redhat.com Subject: Latest flask definitions for libselinux. Date: Mon, 22 Sep 2008 13:50:26 -0400 Adds open, X Definitions and nlmsg_tty_audit for netlink_audit_socket Signed-off-by: Joshua Brindle <method@manicmethod.com>
nclude/selinux/av_permissions.h
nclude/selinux/flask.h
rc/av_perm_to_string.h
rc/class_to_string.h
|
4611c09d6b22ff2aebb55388d777bcf8921dd50b |
26-Aug-2008 |
Stephen Smalley <sds@tycho.nsa.gov> |
Fix EMBEDDED=y build.
rc/load_policy.c
|
13cd4c8960688af11ad23b4c946149015c80d549 |
19-Aug-2008 |
Joshua Brindle <method@manicmethod.com> |
initial import from svn trunk revision 2950
hangeLog
ICENSE
akefile
ERSION
nclude/Makefile
nclude/selinux/av_permissions.h
nclude/selinux/avc.h
nclude/selinux/context.h
nclude/selinux/flask.h
nclude/selinux/get_context_list.h
nclude/selinux/get_default_type.h
nclude/selinux/label.h
nclude/selinux/selinux.h
an/Makefile
an/man3/avc_add_callback.3
an/man3/avc_audit.3
an/man3/avc_av_stats.3
an/man3/avc_cache_stats.3
an/man3/avc_cleanup.3
an/man3/avc_compute_create.3
an/man3/avc_compute_member.3
an/man3/avc_context_to_sid.3
an/man3/avc_destroy.3
an/man3/avc_entry_ref_init.3
an/man3/avc_get_initial_context.3
an/man3/avc_has_perm.3
an/man3/avc_has_perm_noaudit.3
an/man3/avc_init.3
an/man3/avc_open.3
an/man3/avc_reset.3
an/man3/avc_sid_stats.3
an/man3/avc_sid_to_context.3
an/man3/checkPasswdAccess.3
an/man3/context_free.3
an/man3/context_new.3
an/man3/context_range_get.3
an/man3/context_range_set.3
an/man3/context_role_get.3
an/man3/context_role_set.3
an/man3/context_type_get.3
an/man3/context_type_set.3
an/man3/context_user_get.3
an/man3/context_user_set.3
an/man3/freecon.3
an/man3/freeconary.3
an/man3/fsetfilecon.3
an/man3/get_default_context.3
an/man3/get_default_context_with_level.3
an/man3/get_default_context_with_role.3
an/man3/get_default_context_with_rolelevel.3
an/man3/get_ordered_context_list.3
an/man3/get_ordered_context_list_with_level.3
an/man3/getcon.3
an/man3/getexeccon.3
an/man3/getfilecon.3
an/man3/getfscreatecon.3
an/man3/getpeercon.3
an/man3/getpidcon.3
an/man3/getprevcon.3
an/man3/getseuserbyname.3
an/man3/is_context_customizable.3
an/man3/is_selinux_enabled.3
an/man3/lsetfilecon.3
an/man3/manual_user_enter_context.3
an/man3/matchmediacon.3
an/man3/matchpathcon.3
an/man3/query_user_context.3
an/man3/rpm_execcon.3
an/man3/security_av_perm_to_string.3
an/man3/security_av_string.3
an/man3/security_check_context.3
an/man3/security_class_to_string.3
an/man3/security_commit_booleans.3
an/man3/security_compute_av.3
an/man3/security_compute_create.3
an/man3/security_compute_member.3
an/man3/security_compute_relabel.3
an/man3/security_compute_user.3
an/man3/security_get_boolean_active.3
an/man3/security_get_boolean_names.3
an/man3/security_get_boolean_pending.3
an/man3/security_get_initial_context.3
an/man3/security_getenforce.3
an/man3/security_load_booleans.3
an/man3/security_load_policy.3
an/man3/security_policyvers.3
an/man3/security_set_boolean.3
an/man3/security_setenforce.3
an/man3/selabel_close.3
an/man3/selabel_lookup.3
an/man3/selabel_open.3
an/man3/selabel_stats.3
an/man3/selinux_binary_policy_path.3
an/man3/selinux_booleans_path.3
an/man3/selinux_check_securetty_context.3
an/man3/selinux_contexts_path.3
an/man3/selinux_default_context_path.3
an/man3/selinux_failsafe_context_path.3
an/man3/selinux_file_context_path.3
an/man3/selinux_getenforcemode.3
an/man3/selinux_media_context_path.3
an/man3/selinux_policy_root.3
an/man3/selinux_removable_context_path.3
an/man3/selinux_securetty_types_path.3
an/man3/selinux_set_callback.3
an/man3/selinux_set_mapping.3
an/man3/selinux_user_contexts_path.3
an/man3/set_matchpathcon_printf.3
an/man3/setcon.3
an/man3/setexeccon.3
an/man3/setfilecon.3
an/man3/setfscreatecon.3
an/man3/sidget.3
an/man3/sidput.3
an/man3/string_to_av_perm.3
an/man3/string_to_security_class.3
an/man5/selabel_file.5
an/man5/selabel_media.5
an/man5/selabel_x.5
an/man8/avcstat.8
an/man8/booleans.8
an/man8/getenforce.8
an/man8/getsebool.8
an/man8/matchpathcon.8
an/man8/selinux.8
an/man8/selinuxenabled.8
an/man8/setenforce.8
an/man8/togglesebool.8
rc/Makefile
rc/audit2why.c
rc/av_inherit.h
rc/av_perm_to_string.h
rc/avc.c
rc/avc_internal.c
rc/avc_internal.h
rc/avc_sidtab.c
rc/avc_sidtab.h
rc/booleans.c
rc/callbacks.c
rc/callbacks.h
rc/canonicalize_context.c
rc/checkAccess.c
rc/check_context.c
rc/class_to_string.h
rc/common_perm_to_string.h
rc/compute_av.c
rc/compute_create.c
rc/compute_member.c
rc/compute_relabel.c
rc/compute_user.c
rc/context.c
rc/context_internal.h
rc/disable.c
rc/dso.h
rc/enabled.c
rc/fgetfilecon.c
rc/file_path_suffixes.h
rc/freecon.c
rc/freeconary.c
rc/fsetfilecon.c
rc/get_context_list.c
rc/get_context_list_internal.h
rc/get_default_type.c
rc/get_default_type_internal.h
rc/get_initial_context.c
rc/getenforce.c
rc/getfilecon.c
rc/getpeercon.c
rc/init.c
rc/is_customizable_type.c
rc/label.c
rc/label_file.c
rc/label_internal.h
rc/label_media.c
rc/label_x.c
rc/lgetfilecon.c
rc/load_policy.c
rc/lsetfilecon.c
rc/mapping.c
rc/mapping.h
rc/matchmediacon.c
rc/matchpathcon.c
rc/policy.h
rc/policyvers.c
rc/procattr.c
rc/query_user_context.c
rc/rpm.c
rc/selinux.py
rc/selinux_check_securetty_context.c
rc/selinux_config.c
rc/selinux_internal.h
rc/selinux_netlink.h
rc/selinuxswig.i
rc/selinuxswig_python.i
rc/selinuxswig_ruby.i
rc/selinuxswig_wrap.c
rc/setenforce.c
rc/setfilecon.c
rc/setrans_client.c
rc/setrans_internal.h
rc/seusers.c
rc/stringrep.c
tils/Makefile
tils/avcstat.c
tils/compute_av.c
tils/compute_create.c
tils/compute_member.c
tils/compute_relabel.c
tils/compute_user.c
tils/getconlist.c
tils/getdefaultcon.c
tils/getenforce.c
tils/getfilecon.c
tils/getpidcon.c
tils/getsebool.c
tils/getseuser.c
tils/matchpathcon.c
tils/policyvers.c
tils/selinux_check_securetty_context.c
tils/selinuxenabled.c
tils/setenforce.c
tils/setfilecon.c
tils/togglesebool.c
|