Cross Reference: /external/selinux/libselinux/

History log of /external/selinux/libselinux/
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
3ff0579778e7ca294fa3e5232a60806407434a00	07-May-2015	Stephen Smalley <sds@tycho.nsa.gov>	Update libselinux ChangeLog. (cherry picked from commit fe0366b8edaf2a2752240cfada657f6273113c55) Change-Id: I00b1eb520a95bb2f242cdf4fd6dfdb00face47f4 hangeLog
ce633ba7e938be2773a77f750b7f6f78732a690e	07-May-2015	Richard Haines <richard_c_haines@btinternet.com>	libselinux: Fix core dumps with corrupt .bin files Check buffer address limits when processing .bin files to catch any over-runs. On failure process text file instead. To test, the bin files were corrupted by adding and removing various bits of data. Various file sizes were also checked and all were caught by the patch. (cherry picked from commit a351eb01a8238c1bd465619c6c5885c2da1c6663) Change-Id: I3fcecbb02f8f73e516695a82efbe497fff0788a7 Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> rc/label_file.c
de4f82bb7ffb593b27952fcbed2a332d3bd5597b	21-Apr-2015	Steve Lawrence <slawrence@tresys.com>	Move ChangeLog entry to the correct project hangeLog
42ac8d6dc4c999a0a9b5347f20159a6732cec253	21-Apr-2015	Miro Hrončok <mhroncok@redhat.com>	libselinux: selinux.py - use os.walk() instead of os.path.walk() os.path.walk() function is deprecated and has been removed in Python 3 Signed-off-by: Petr Lautrbach <plautrba@redhat.com> Acked-by: Steve Lawrence <slawrence@tresys.com> rc/selinuxswig_python.i
27d5377cc7e3512877ffb9586eed1344c8294672	17-Apr-2015	Stephen Smalley <sds@tycho.nsa.gov>	Updated libselinux ChangeLog. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> hangeLog
685f4aeeadc0b60f3770404d4f149610d656e3c8	17-Apr-2015	Stephen Smalley <sds@tycho.nsa.gov>	libselinux: is_selinux_enabled(): drop no-policy-loaded test. SELinux can be disabled via the selinux=0 kernel parameter or via /sys/fs/selinux/disable (triggered by setting SELINUX=disabled in /etc/selinux/config). In either case, selinuxfs will be unmounted and unregistered and therefore it is sufficient to check for the selinuxfs mount. We do not need to check for no-policy-loaded and treat that as SELinux-disabled anymore; that is a relic of Fedora Core 2 days. Drop the no-policy-loaded test, which was a bit of a hack anyway (checking whether getcon_raw() returned "kernel" as that can only happen if no policy is yet loaded and therefore security_sid_to_context() only has the initial SID name available to return as the context). May possibly fix https://bugzilla.redhat.com/show_bug.cgi?id=1195074 by virtue of removing the call to getcon_raw() and therefore avoiding use of tls on is_selinux_enabled() calls. Regardless, it will make is_selinux_enabled() faster and simpler. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> rc/enabled.c
974f565415b595e7307b2f792af27a012d010edb	16-Apr-2015	Stephen Smalley <sds@tycho.nsa.gov>	Update libselinux ChangeLog. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> hangeLog
082f1d1274bac6fafa0d107f5780730eb9fb5172	16-Apr-2015	Stephen Smalley <sds@tycho.nsa.gov>	libselinux: Remove deprecated mudflap option. The mudflap run time checker was removed in GCC 4.9. The option no longer does anything and triggers a warning from gcc 4.9 and later. Remove it. We might want to add -fsanitize=address to enable AddressSanitizer in its place, but that should be a separate change. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> rc/Makefile tils/Makefile
c4bd3964928d099d4857ca5229a3e1d7effa40fd	16-Apr-2015	Stephen Smalley <sds@tycho.nsa.gov>	Update libselinux ChangeLog. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> hangeLog
9df498884665d79474b79f0f30d1cd67df11bd3e	15-Apr-2015	Ben Shelton <ben.shelton@ni.com>	libselinux: Mount procfs before checking /proc/filesystems In the case where the SELinux security module is not loaded in the kernel and it's early enough in the boot process that /proc has not yet been mounted, selinuxfs_exists() will incorrectly return 1, and selinux_init_load_policy() will print a message like this to the console: Mount failed for selinuxfs on /sys/fs/selinux: No such file or directory To fix this, mount the procfs before attempting to open /proc/filesystems, and unmount it when done if it was initially not mounted. This is the same thing that selinux_init_load_policy() does when reading /proc/cmdline. Signed-off-by: Ben Shelton <ben.shelton@ni.com> rc/init.c
50788b155db801d32c3f5c21983121260ea66788	13-Mar-2015	Stephen Smalley <sds@tycho.nsa.gov>	Update libselinux and policycoreutils ChangeLog. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> hangeLog
417cb8d076a31c57710429b255aebc595613eb6b	13-Mar-2015	Petr Lautrbach <plautrba@redhat.com>	Fix -Wformat errors Fixes two types of errors which appear when building with gcc-5.0.0 - format ‘%d’ expects argument of type ‘int’, but argument X has type ‘unsigned int’ - format ‘%a’ expects argument of type ‘float ’, but argument X has type ‘char *’ Signed-off-by: Petr Lautrbach <plautrba@redhat.com> rc/avc.c rc/avc_internal.c rc/avc_sidtab.c rc/label_android_property.c rc/label_db.c rc/label_file.c rc/label_media.c rc/label_x.c rc/matchpathcon.c tils/sefcontext_compile.c tils/togglesebool.c
ae44b7bb397529cfb2046ac5541c858f6926b007	24-Feb-2015	Stephen Smalley <sds@tycho.nsa.gov>	libselinux: sefcontext_compile: handle newlines in file names restorecon on file names with newlines are not handled properly. Use PCRE_DOTALL so that dots in regular expressions match all characters, and don't exclude the newline character. See https://www.mail-archive.com/seandroid-list@tycho.nsa.gov/msg02001.html for background. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> tils/sefcontext_compile.c
07ed7784cf1204053f889b139691d41f226a72b4	24-Feb-2015	Stephen Smalley <sds@tycho.nsa.gov>	Update libselinux ChangeLog. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> hangeLog
716e3820c571fa082f2a57c040802c54ed422f37	24-Feb-2015	Nick Kralevich <nnk@google.com>	libselinux: label_file: handle newlines in file names restorecon on file names with newlines are not handled properly. Use PCRE_DOTALL so that dots in regular expressions match all characters, and don't exclude the newline character. See https://www.mail-archive.com/seandroid-list@tycho.nsa.gov/msg02001.html for background. Change-Id: I0dde8f2567305f746d19ebd75a9e2add7406eb9a Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> rc/label_file.c
b2beb5304d10f5a43c3b68bf3519ad0ca4001d71	23-Feb-2015	Stephen Smalley <sds@tycho.nsa.gov>	Update libselinux Changelog. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> hangeLog
2d5ac1c9317edf2b9dcf5cce604c1c461f1322ce	23-Feb-2015	Stephen Smalley <sds@tycho.nsa.gov>	libselinux: getcon.3: Fix setcon description. The man page description for setcon() was never updated for the introduction of bounded transitions in Linux 2.6.28. Update it. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> an/man3/getcon.3
d8b2a0ab50c2b90ccfaa49c9c9a28f9191b4c427	13-Feb-2015	Stephen Smalley <sds@tycho.nsa.gov>	Update libselinux and policycoreutils ChangeLogs. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> hangeLog
914e591c416ae6145588a99f8cd3f02b8468accf	13-Feb-2015	Stephen Smalley <sds@tycho.nsa.gov>	libselinux: fix audit2why error handling if SELinux is disabled. If SELinux is disabled, then selinux_current_policy_path() returns NULL. At present, if you run audit2allow on a SELinux-disabled host without the -p option, you get: unable to open (null): Bad address We haven't seen this because most people running audit2allow are doing it on SELinux-enabled hosts and using the host policy. But for Android, the build host OS often has SELinux disabled and we need to pass audit2allow the path to the Android policy. Handle this case and provide a hint to the user. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> rc/audit2why.c
54075fb3cda1a01c82eafc0858cfa63212ad6914	03-Feb-2015	Stephen Smalley <sds@tycho.nsa.gov>	Update libselinux and libsepol ChangeLogs. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> hangeLog
14342674191ca11c4455ff7ac9b76b05173eb575	02-Feb-2015	Stephen Smalley <sds@tycho.nsa.gov>	libselinux: pcre_study can return NULL without error. Per the man page, pcre_study can return NULL without error if it could not find any additional information. Errors are indicated by the combination of a NULL return value and a non-NULL error string. Fix the handling so that we do not incorrectly reject file_contexts entries. Change-Id: I2e7b7e01d85d96dd7fe78545d3ee3834281c4eba Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> rc/label_file.c
eb0ba200b513d05d176e10a85061fdf01d0426f7	24-Jan-2013	Robert Craig <rpcraig@tycho.ncsc.mil>	libselinux: Adjustments to android property backend. Allow the android property backend parser to accept the SELABEL_OPT_VALIDATE option and to perform a validate callback. Extracted from the Android external/libselinux tree. Change-Id: If061502c5e2489a1155798fac1d8357dbb8d13ba Signed-off-by: Robert Craig <rpcraig@tycho.ncsc.mil> rc/label_android_property.c
2fa21cc840bce76274ba5d1b9ddbb0abebfaf06d	14-Sep-2012	Stephen Smalley <sds@tycho.nsa.gov>	libselinux: Only check SELinux enabled status once in selinux_check_access(). Move the SELinux enabled check to the once handler so that we do not perform this on each call to selinux_check_access(). Reduces overhead in both the SELinux-enabled and the SELinux-disabled cases. Extracted from the Android external/libselinux tree. Change-Id: I61fe85bc04fe53cbf840ba712c81bdb06e4e0c2f Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> rc/checkAccess.c
f0c9966f881211dcde89cfcad93f0360a71f959a	02-Feb-2015	Steve Lawrence <slawrence@tresys.com>	Bump to final release hangeLog ERSION
823ebc8c6b89cb6531fcd943ddb8059bd8743dd9	02-Dec-2014	Steve Lawrence <slawrence@tresys.com>	Bump to release candidate 7 hangeLog ERSION
07e75a9cc711b46e4c691defbb570624d2c5b2d7	12-Nov-2014	Steve Lawrence <slawrence@tresys.com>	Bump to release candidate 6 hangeLog ERSION
d1db56c52bf35039f37e809ae74052c484158874	29-Oct-2014	Steve Lawrence <slawrence@tresys.com>	Bump to release candidate 5 hangeLog ERSION
71393a181d63c9baae5fe8dcaeb9411d1f253998	20-Oct-2014	Steve Lawrence <slawrence@tresys.com>	libselinux: libsepol: use ln --relative to create .so symlinks The current build system assumes SHLIBDIR is ../../ relative to LIBDIR. However, this isn't always the case. For example, Arch Linux sets both LIBDIR and SHLIBDIR to /usr/lib, which results in broken symlinks. Instead of making that assumption, create .so symlinks using ln --relative so that the correct relative paths are used. Note that this adds a dependency for the build system to use coretuils-8.16 or later. Fixes #2 Reported-by: Nicolas Iooss <nicolas.iooss@m4x.org> Signed-off-by: Steve Lawrence <slawrence@tresys.com> rc/Makefile
6280387034812da544cd8b13dbdc91078af7d731	06-Oct-2014	Steve Lawrence <slawrence@tresys.com>	Bump to release candidate 4 hangeLog ERSION
ff5bbe6dcf79fc074b1379bed5cc5fdb32ede8aa	01-Oct-2014	Steve Lawrence <slawrence@tresys.com>	Bump VERSION/ChangeLog for release candidate 3 Signed-off-by: Steve Lawrence <slawrence@tresys.com> hangeLog ERSION
ae5de8ae697675ce674262f10a54fe3b37968a70	14-Sep-2014	Nicolas Iooss <nicolas.iooss@m4x.org>	libselinux: fix gcc -Wsign-compare warnings Acked-by: Steve Lawrence <slawrence@tresys.com> rc/label_file.c rc/label_file.h tils/sefcontext_compile.c
1550132edea4f74003c4c63f085b6c8cebee4607	31-Aug-2014	Laurent Bigonville <bigon@bigon.be>	libselinux: man: Add missing manpage links to security_load_policy.3 Add the missing manpage link for selinux_init_load_policy(3) and selinux_mkload_policy(3) to security_load_policy(3) https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753803 Acked-by: Steve Lawrence <slawrence@tresys.com> an/man3/selinux_init_load_policy.3 an/man3/selinux_mkload_policy.3
213c3189d058ca512ff92552414f6ece1c5362e2	27-Aug-2014	Steve Lawrence <slawrence@tresys.com>	Bump versions for r2 Signed-off-by: Steve Lawrence <slawrence@tresys.com> hangeLog ERSION
8f9d3a7c95249116473b8d9d56f0a040e231a83c	26-Aug-2014	Steve Lawrence <slawrence@tresys.com>	Fix typos in ChangeLog and Versions hangeLog
79fd2d06abf2e6e4e566e5fc57ae7a44e0b5dc7e	26-Aug-2014	Steve Lawrence <slawrence@tresys.com>	Bump versions and update ChangeLog Signed-off-by: Steve Lawrence <slawrence@tresys.com> hangeLog ERSION
70b23853a87551604474abd9c1b0188d80e7f64e	16-Aug-2014	Dan Walsh <dwalsh@redhat.com>	libselinux: Compiled file context files and the original should have the same permissions Currently the compiled file context files can end up with different permissions then the original. This can lead to non priv users not being able to read the compiled versions. tils/sefcontext_compile.c
76913d8adb61b5afe28fd3b4ce91feab29e284dd	09-Jul-2014	Stephen Smalley <sds@tycho.nsa.gov>	Deprecate use of flask.h and av_permissions.h. Also remove all internal uses by libselinux. This requires deleting the old class/perm string lookup tables and compatibility code for kernels that predate the /sys/fs/selinux/class tree, i.e. Linux < 2.6.23. This also fixes a longstanding bug in the stringrep code; it was allocating NVECTORS (number of vectors in the legacy av_perm_to_string table, i.e. the total number of legacy permissions) entries in the per-class perms array rather than MAXVECTORS (the maximum number of permissions in any access vector). Ho hum. I already fixed this in Android but forgot it here. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> nclude/selinux/av_permissions.h nclude/selinux/flask.h rc/av_inherit.h rc/av_perm_to_string.h rc/checkAccess.c rc/class_to_string.h rc/common_perm_to_string.h rc/selinuxswig.i rc/setexecfilecon.c rc/stringrep.c tils/selinuxexeccon.c
ac33098a807671204720aae97d6bcf6429d3fa92	09-Jul-2014	Stephen Smalley <sds@tycho.nsa.gov>	Add pcre version string to the compiled file_contexts format. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> rc/label_file.c rc/label_file.h tils/sefcontext_compile.c
7bdc38ccb21133155658279895b10ceb347b0b5a	08-Jul-2014	Stephen Smalley <sds@tycho.nsa.gov>	Log an error on unknown classes and permissions. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> rc/checkAccess.c
056efe85d6f133a3f42aa224d7fc34ed8eb7789b	25-Jun-2014	Artyom Smirnov <artyom.smirnov@red-soft.biz>	Add db_exception and db_datatype support to label_db backend Hi, in https://github.com/TresysTechnology/refpolicy/pull/1 db_exception and db_datatype were added to reference policy. This small patch extends ability of label_db backend to work with these objects. Regards. nclude/selinux/label.h an/man5/selabel_db.5 rc/label_db.c
78c9c97ab95e71b37ade2fbc162ca405d76c2b74	23-May-2014	Nicolas Iooss <nicolas.iooss@m4x.org>	libselinux: fix typo in man page an/man8/selinux.8
241fac27288a431198ac2fa72198b5a799a91775	29-Apr-2014	Will Woods <wwoods@redhat.com>	selinux_init_load_policy: setenforce(0) if security_disable() fails If you run selinux_init_load_policy() after a chroot/switch-root, it's possible that your previous root loaded policy, but your new root wants SELinux disabled. We can't disable SELinux in this case, but we do need to make sure it's permissive. Otherwise we may continue to enforce the old policy. So, if seconfig = -1, but security_disable() fails, we set *enforce=0, and then let the existing code handle the security_{get,set}enforce stuff. Once that's handled, exit with failure via "goto noload", as before. rc/load_policy.c
1e6482134b9dc2e4480a1cecaf1d366c9d42b0e7	06-May-2014	Stephen Smalley <sds@tycho.nsa.gov>	Bump version and update ChangeLog for release. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> hangeLog ERSION
35b3c259a7770538b4fd702007f726ef93f155a3	25-Mar-2014	Stephen Smalley <sds@tycho.nsa.gov>	2.3-rc1 (release candidate 1). Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> hangeLog ERSION
269b45c8bbf7d2e3c7f82e65f136e984641254b8	19-Feb-2014	Stephen Smalley <sds@tycho.nsa.gov>	Update libselinux/ChangeLog for next. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> hangeLog
9eb9c9327563014ad6a807814e7975424642d5b9	19-Feb-2014	Stephen Smalley <sds@tycho.nsa.gov>	Get rid of security_context_t and fix const declarations. In attempting to enable building various part of Android with -Wall -Werror, we found that the const security_context_t declarations in libselinux are incorrect; const char * was intended, but const security_context_t translates to char * const and triggers warnings on passing const char * from the caller. Easiest fix is to replace them all with const char *. And while we are at it, just get rid of all usage of security_context_t itself as it adds no value - there is no true encapsulation of the security context strings and callers already directly use string functions on them. typedef left to permit building legacy users until such a time as all are updated. This is a port of Change-Id I2f9df7bb9f575f76024c3e5f5b660345da2931a7 from Android, augmented to deal with all of the other code in upstream libselinux and updating the man pages too. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Eric Paris <eparis@redhat.com> nclude/selinux/avc.h nclude/selinux/get_context_list.h nclude/selinux/label.h nclude/selinux/selinux.h an/man3/avc_context_to_sid.3 an/man3/get_ordered_context_list.3 an/man3/getcon.3 an/man3/getexeccon.3 an/man3/getfilecon.3 an/man3/getfscreatecon.3 an/man3/getkeycreatecon.3 an/man3/getsockcreatecon.3 an/man3/is_context_customizable.3 an/man3/matchmediacon.3 an/man3/matchpathcon.3 an/man3/security_check_context.3 an/man3/security_compute_av.3 an/man3/selabel_lookup.3 an/man3/selinux_check_securetty_context.3 an/man3/selinux_file_context_cmp.3 an/man3/selinux_raw_context_to_color.3 an/man3/selinux_set_callback.3 an/man3/setfilecon.3 an/man5/selabel_db.5 an/man5/selabel_file.5 an/man5/selabel_media.5 an/man5/selabel_x.5 rc/audit2why.c rc/avc.c rc/avc_sidtab.c rc/avc_sidtab.h rc/callbacks.c rc/callbacks.h rc/canonicalize_context.c rc/checkAccess.c rc/check_context.c rc/compute_av.c rc/compute_create.c rc/compute_member.c rc/compute_relabel.c rc/compute_user.c rc/enabled.c rc/fgetfilecon.c rc/freecon.c rc/freeconary.c rc/fsetfilecon.c rc/get_context_list.c rc/get_initial_context.c rc/getfilecon.c rc/getpeercon.c rc/is_customizable_type.c rc/label.c rc/label_internal.h rc/lgetfilecon.c rc/lsetfilecon.c rc/matchmediacon.c rc/matchpathcon.c rc/procattr.c rc/query_user_context.c rc/selinux_check_securetty_context.c rc/selinuxswig.i rc/selinuxswig_python.i rc/selinuxswig_ruby.i rc/setexecfilecon.c rc/setfilecon.c rc/setrans_client.c tils/getconlist.c tils/getdefaultcon.c tils/getseuser.c tils/matchpathcon.c tils/selinuxexeccon.c
1cb368636bdaf465cd63178a0692db38865e943b	06-Jan-2014	Stephen Smalley <sds@tycho.nsa.gov>	Updated libselinux/ChangeLog for next. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> hangeLog
a2737333c795cae2aa4e31deed95a8e155d64d4a	20-Nov-2012	Guillem Jover <guillem@debian.org>	libselinux: Refactor rpm_execcon() into a new setexecfilecon() This new function allows a process to invoke helper programs with a new execution context based on the filename, this is initially intended for package managers so that they can easily execute package scriptlets or maintainer scripts. Base rpm_execcon() off this new function. Signed-off-by: Guillem Jover <guillem@debian.org> akefile nclude/selinux/selinux.h an/man3/getexeccon.3 rc/Makefile rc/rpm.c rc/setexecfilecon.c
2ba1541f218234b2b9fd39dc6a766f5ff9d0908c	30-Dec-2013	Stephen Smalley <sds@tycho.nsa.gov>	Merge branch 'master' into next
edc2e99687b050d5be21a78a66d038aa1fc068d9	30-Dec-2013	Stephen Smalley <sds@tycho.nsa.gov>	libselinux 2.2.2 - userspace AVC per-domain permissive handling fix. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> hangeLog ERSION
dcd8167f7722c1f00c71f54af5425434da2d6cbc	30-Dec-2013	Stephen Smalley <sds@tycho.nsa.gov>	Coding style fix for sizeof operator. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> rc/avc.c
85a42ec87d51daad9f99ffa972a5a22542d9d928	23-Dec-2013	Stephen Smalley <sds@tycho.nsa.gov>	Fix a bug in the userspace AVC that broke per-domain permissive mode. Failure to copy the entire av_decision structure, including the flags field, would prevent preservation of the SELINUX_AVD_FLAGS_PERMISSIVE flag and thus cause per-domain permissive to not be honored for userspace permission checks. Also ensure that we clear the entire structure. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> rc/avc.c
d24fb6834d8089832a24e80d862d5944e3781b43	07-Nov-2013	Colin Walters <walters@verbum.org>	selinux_set_mapping: Document it This patch may not actually be useful since there's a man page. nclude/selinux/selinux.h
27238433ada38171af58a711313cccaccc4c1227	06-Nov-2013	Stephen Smalley <sds@tycho.nsa.gov>	Bump libselinux version to 2.2.1 for pkg-config fix. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> hangeLog ERSION
7e7916932b6a1bfc26acafccd1ee76fbdb416f73	06-Nov-2013	Stephen Smalley <sds@tycho.nsa.gov>	Remove -lpthread from pkg-config file. libselinux uses weak bindings to pthread functions and will fall back to non-threaded implementations if the caller is not linked with libpthread. Avoid requiring all users of libselinux to link with libpthread. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> rc/libselinux.pc.in
7c4bb77999e6fab77547feb404a032ecc917e1b6	30-Oct-2013	Stephen Smalley <sds@tycho.nsa.gov>	Version bump for release. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> hangeLog ERSION
8e5d4653353abc594172058d7e994bf39c6d28df	30-Oct-2013	Stephen Smalley <sds@tycho.nsa.gov>	Update ChangeLog files. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> hangeLog
9792099fd7847266377df151e7738f9b38ffc18d	20-May-2013	Laurent Bigonville <bigon@bigon.be>	Properly build the swig exception file even if the headers are missing During build if the headers are not installed in the system path, the generated swig exception (.i) file might be empty. rc/exception.sh
6d0f11142172ef8a827e53e871030d26829ab39f	28-Oct-2013	Dan Walsh <dwalsh@redhat.com>	Change audit2why to return constraint information on denial. This patch uses Richard Haines fixes in libsepol to help identify which constraint is blocking access. The end goal is helping policy writers and administrators to diagnose issues with their policy. rc/audit2why.c
8b114a3bf25b7b818910cca77528de80cdb953f8	28-Oct-2013	Stephen Smalley <sds@tycho.nsa.gov>	Fix avc_has_perm() returns -1 even when SELinux is in permissive mode. If we get an EINVAL from security_compute_av* (indicates an invalid source or target security context, likely due to a policy reload that removed one or the other) and we are in permissive mode, then handle it like any other permission denial, i.e. log but do not deny it. Reported-by: Laurent Bigonville <bigon@debian.org> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> rc/avc.c
a08010023b9fe66e8df5c187a53d93bfb0f2b939	25-Oct-2013	Stephen Smalley <sds@tycho.nsa.gov>	Update ChangeLogs and bump VERSIONs to an intermediate value. 2.1.99 is just a placeholder to distinguish it from the prior release. 2.2 will be the released version. Switching to 2-component versions. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> hangeLog ERSION
56258807ea4b33cf3c7a1dbf1b574ab77c91f899	25-Oct-2013	Stephen Smalley <sds@tycho.nsa.gov>	Revert "Richard Haines patch that allows us discover constraint violation information" This reverts commit 56b49ab7114f367f46b70e41d84dc7e6d52d5209. Conflicts: libselinux/src/audit2why.c rc/audit2why.c
f458b7607618ad3d95568b595065c745c3c69022	24-Oct-2013	Stephen Smalley <sds@tycho.nsa.gov>	Merge branch 'fedora' into master-merge Conflicts: libselinux/src/Makefile libselinux/src/selinux_config.c policycoreutils/audit2allow/audit2allow.1 policycoreutils/scripts/fixfiles.8 policycoreutils/semanage/semanage.8 policycoreutils/sepolicy/Makefile policycoreutils/sepolicy/sepolicy/transition.py policycoreutils/setsebool/setsebool.8
52d52fe2d679b546e7205a5224e550860839c415	25-Sep-2013	Sven Vermeulen <sven.vermeulen@siphos.be>	Make RANLIB variable overridable If the RANLIB variable is defined by the user, use that value instead of the /usr/bin/ranlib binary. Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be> rc/Makefile
e1ecb2cdb4623c1bcb7b6efcbcd40faf8112aa49	25-Sep-2013	Sven Vermeulen <sven.vermeulen@siphos.be>	Update pkgconfig definition Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be> rc/libselinux.pc.in
6068fcb36172b2f346e8fe2db3c87ebdfe8022e8	25-Sep-2013	Sven Vermeulen <sven.vermeulen@siphos.be>	Mount sys before trying to mount selinuxfs If /sys is not present, the attempt to mount selinuxfs will of course fail. So we try to mount /sys first (and only if that fails fall back to the /selinux mount point) and then try to mount selinuxfs. Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be> rc/load_policy.c
874a976470f6acb589de4a3fdba2abfe178899c5	09-Oct-2013	Dan Walsh <dwalsh@redhat.com>	Fix handling of temporary file in sefcontext_compile.c This way if something goes wrong regex file will not be corrupt. tils/sefcontext_compile.c
c32da69e016061c1a06ec08298aae8c995fbea31	09-Oct-2013	Dan Walsh <dwalsh@redhat.com>	Fixes for procattr calls to handle cache properly. We were asked not to link to libpthread but to use gcc internals. We were not handling properly the fact that a cache was UNSET, and this patch fixes this. rc/Makefile rc/procattr.c
9639f5d9a837df2d026748543c96cecbc95cb1e2	09-Oct-2013	Dan Walsh <dwalsh@redhat.com>	Add decent constants for python for return of getenforce call. rc/selinuxswig_python.i
22671378f1ace857be4697a3b3aaf1645076d398	09-Oct-2013	Dan Walsh <dwalsh@redhat.com>	Fix label substituion to work with the equiv path of "/" Software collections are setting up equiv directories to the root directory. rc/label.c
7eec00a5be8b5cebcbbc9a30b42b34f4a623c587	09-Oct-2013	Dan Walsh <dwalsh@redhat.com>	Add selinux_current_policy_path, which returns the a pointer to the loaded policy Also change audit2why to look at the loaded policy rather then searching on disk for the policy file. It is more likely that you are examining the running policy. nclude/selinux/selinux.h an/man3/selinux_binary_policy_path.3 an/man3/selinux_current_policy_path.3 rc/audit2why.c rc/selinux_config.c rc/selinux_internal.h
403f2cfeb808d3b3420050434763d9a7689d8388	09-Oct-2013	Dan Walsh <dwalsh@redhat.com>	Change get_context_list to return an error rather then guess at a match. In the past pam_selinux would return a bogus login context if the login program was running with the wrong context. If you ran sshd as unconfined_t you might get the login user loggin in as pam_oddjob_mkhomedir_t or some other bogus type. This change fixes the code to return an error if it can not return a good match. rc/get_context_list.c
f1598dff7e951f0dbfb68d9c45bc15fe6d2e821e	09-Oct-2013	Dan Walsh <dwalsh@redhat.com>	Support udev-197 and higher The errno value was not set, causing wrong return notifications and failing to have udev label things correctly. See https://bugzilla.redhat.com/show_bug.cgi?id=909826#c24 and see https://bugs.gentoo.org/show_bug.cgi?id=462626 Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be> rc/label_file.c
fd56c5230cea6b81fbe74d1d0a228936a6797923	09-Oct-2013	Dan Walsh <dwalsh@redhat.com>	Separate out the calling of local subs and dist subs in selabel_sub We want to allow users to setup their substitions to run fist and then run the distro subs second. This fixes the problem where a user defines a sub like /usr/local/foobar and we ignore it. We need this for software collections which is setting up local subs of /opt/src/foobar/root / rc/label.c rc/label_file.c rc/label_internal.h
51d9a078c260b230f65863766e73e6db0b2c2d3a	09-Oct-2013	Dan Walsh <dwalsh@redhat.com>	Patch to change setfilecon to not return ENOSUP if context matches. Tools like cp -A try to maintain the context of a program and call setfilecon, currently if the file system does not support XAttrs we return ENOSUPP. We have been requested to check if the context that is being set is the same to not return this error. So if I try to set the label on an nfs share to system_u:object_r:nfs_t:s0 and I get ENOSUPP, it will not return an error. rc/fsetfilecon.c rc/lsetfilecon.c rc/setfilecon.c
756013edc51bf9db084acec447f8fb35a06b9517	09-Oct-2013	Dan Walsh <dwalsh@redhat.com>	This patch fixes python parsing. Eliminates a potential memory leaks. rc/audit2why.c
851266c1803ed7ce3e8ec2cb2b76e038ca3bd3de	09-Oct-2013	Dan Walsh <dwalsh@redhat.com>	define SELINUX_TRANS_DIR in selinux.h I wanted to separate this directory out in order for a new patch to mcstransd to watch this directory for newly created files, which it could then translate. The idea is libvirt would write to /var/run/setrans/c0:c1,c2 with the contents of vm1, then setrans could translate the processes to show system_u:system_r:svirt_t:vm1 nclude/selinux/selinux.h rc/setrans_internal.h
ce2a8848ad45e375cfdb58cebe28bc12431bb3db	09-Oct-2013	Dan Walsh <dwalsh@redhat.com>	Add selinux_systemd_contexts_path systemd has some internal contexts like generated systemd unit files that we want to allow it to check against processes trying to manage them. nclude/selinux/selinux.h rc/file_path_suffixes.h rc/selinux_config.c rc/selinux_internal.h
7fe6036ca5e3624d6e3a0294b909d93b145eac31	09-Oct-2013	Dan Walsh <dwalsh@redhat.com>	Add selinux_set_policy_root sets an alternate policy root directory path This allows us to specify under which the compiled policy file and context configuration files exist. We can use this with matchpathcon to check the labels under alternate policies, and we can use it for sepolicy manpage to build manpages during policy build. nclude/selinux/selinux.h an/man3/selinux_set_policy_root.3 an/man8/matchpathcon.8 rc/selinux_config.c tils/matchpathcon.c
2af252621b2dde8ed545c201b6c9bbae9c9d12fb	09-Oct-2013	Dan Walsh <dwalsh@redhat.com>	Add missing man page for sefcontext_compile an/man8/sefcontext_compile.8
2540b20096bed9a4f2581548ad37c3dae8654512	09-Oct-2013	Dan Walsh <dwalsh@redhat.com>	Laurent Bigonville patch to fix various minor manpage issues and correct section numbering. an/man3/security_compute_av.3 an/man3/security_disable.3 an/man3/security_load_policy.3 an/man3/selinux_policy_root.3 an/man8/getenforce.8 an/man8/selinux.8 an/man8/selinuxenabled.8 an/man8/selinuxexeccon.8 an/man8/setenforce.8 an/man8/togglesebool.8
a8b3340288cb5252b2a8844e4892c066d5b8fdf5	09-Oct-2013	Dan Walsh <dwalsh@redhat.com>	Laurent Bigonville patch to allow overriding PATH Definitions in Makefiles rc/Makefile
56b49ab7114f367f46b70e41d84dc7e6d52d5209	09-Oct-2013	Dan Walsh <dwalsh@redhat.com>	Richard Haines patch that allows us discover constraint violation information Basically we need this information to allow audit2allow/audit2why to better describe which constraint is being broken. rc/audit2why.c
39b5a40295883570a3b43a6be5ddfa9fbced214d	23-Oct-2013	Stephen Smalley <sds@tycho.nsa.gov>	Fix relabel target. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> nclude/Makefile an/Makefile
fceca652c137084a891e1cf070ba9c8c063bc949	21-Oct-2013	Joe MacDonald <joe@deserted.net>	libselinux: avoid shadowing 'stat' in load_mmap label_file.c: In function ‘load_mmap’: label_file.c:238:81: error: declaration of ‘stat’ shadows a global declaration [-Werror=shadow] cc1: all warnings being treated as errors Signed-off-by: Joe MacDonald <joe@deserted.net> rc/label_file.c
2864f757dddaba5b062d3c4701b7093c1168d1d5	22-Oct-2013	Joe MacDonald <joe@deserted.net>	libselinux: support building on older PCRE libs Versions of PCRE prior to 8.20 did not have pcre_free_study(). In its absence, use pcre_free() instead. Signed-off-by: Joe MacDonald <joe@deserted.net> rc/label_file.h
ead1e1d8e2889e55ca882ba76ddfeda4f742470c	10-May-2013	Laurent Bigonville <bigon@bigon.be>	libselinux: Fix various minor manpage issues and correct section numbering. an/man3/security_disable.3 an/man3/security_load_policy.3 an/man8/getenforce.8 an/man8/selinuxenabled.8 an/man8/selinuxexeccon.8 an/man8/setenforce.8 an/man8/togglesebool.8
50b1654c1d9a21c57fbf7beff2e493750bd1a08f	10-May-2013	Laurent Bigonville <bigon@bigon.be>	libselinux: Do not use LDFLAGS to set -lpcre and -lpthread This is breaking build if LDFLAGS is redefined. This is the case on Debian where hardening flags are passed automatically by the build system. rc/Makefile
c45f797b2830c36fbba036c9b3e856053ed43f16	10-May-2013	Laurent Bigonville <bigon@bigon.be>	libselinux: Allow overriding LIBBASE in src/Makefile rc/Makefile
32e76a314ed30b9be3f860e1686a9271d1c2620d	25-Sep-2013	Sven Vermeulen <sven.vermeulen@siphos.be>	Current stable policycoreutils requires selinux_current_policy_path Without this fix, stolen from Fedora's patchset, recent policycoreutils just fails. See http://marc.info/?t=136926404600001&r=1&w=2 and see http://marc.info/?l=selinux&m=136692033821285&w=2 Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be> nclude/selinux/selinux.h an/man3/selinux_binary_policy_path.3 rc/selinux_config.c rc/selinux_internal.h
a15451b523d267b4dbf94616e9473ab196b88525	25-Sep-2013	Sven Vermeulen <sven.vermeulen@siphos.be>	Support udev-197 and higher The errno value was not set, causing wrong return notifications and failing to have udev label things correctly. See https://bugzilla.redhat.com/show_bug.cgi?id=909826#c24 and see https://bugs.gentoo.org/show_bug.cgi?id=462626 Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be> rc/label_file.c
e4cee831af03b852c63c66b97b663e41bf6830d7	25-Sep-2013	Sven Vermeulen <sven.vermeulen@siphos.be>	Make RANLIB variable overridable If the RANLIB variable is defined by the user, use that value instead of the /usr/bin/ranlib binary. Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be> rc/Makefile
1310e36026096a1ac027c32f0f919153c7beb801	25-Sep-2013	Sven Vermeulen <sven.vermeulen@siphos.be>	Update pkgconfig definition Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be> rc/libselinux.pc.in
ef3e072f581b2418f9bb1703170ad34f32c9408d	25-Sep-2013	Sven Vermeulen <sven.vermeulen@siphos.be>	Mount sys before trying to mount selinuxfs If /sys is not present, the attempt to mount selinuxfs will of course fail. So we try to mount /sys first (and only if that fails fall back to the /selinux mount point) and then try to mount selinuxfs. Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be> rc/load_policy.c
e9410c9b0622c05761002994dfbd0746bbe6aaf7	01-Feb-2013	Eric Paris <eparis@redhat.com>	VERSION BUMP FOR UPSTREAM PUSH hangeLog ERSION
ce39302fd01a4217c3de7fdb787987fada5bb33d	06-Feb-2013	Eric Paris <eparis@redhat.com>	libselinux: sefcontext_compile: do not leak fd on error We open the file which is to be used to write the binary format of file contexts. If we hit an error actually writing things out, we return, but never close the fd. Do not leak. Signed-off-by: Eric Paris <eparis@redhat.com> tils/sefcontext_compile.c
4e5eaacc5996220726f237d7345a44ab962a2141	06-Feb-2013	Eric Paris <eparis@redhat.com>	libselinux: matchmediacon: do not leak fd Every time matchmediacon is called we open the selinux_media_context_path(). But we never close the file. Close the file when we are finished with it. Signed-off-by: Eric Paris <eparis@redhat.com> rc/matchmediacon.c
1e8f102e8cec4ae84f09cc595013234398270366	06-Feb-2013	Eric Paris <eparis@redhat.com>	libselinux: src/label_android_property: do not leak fd on error We were opening the path, but if the fstat failed or it was not a regular file we would return without closing the fd. Fix my using the common error exit path rather than just returning. Signed-off-by: Eric Paris <eparis@redhat.com> rc/label_android_property.c
0834ff302264319097eb3f52295f5f671091cba9	23-Jan-2013	Eric Paris <eparis@redhat.com>	libselinux: do not leak file contexts with mmap'd backend We use strdup to store the intended context when we have an mmap'd file backend. We, however, skipped freeing those contexts. Signed-off-by: Eric Paris <eparis@redhat.com> rc/label_file.c
efb6347dd3c089f6e4fa6fbe06e23964a16acee1	23-Jan-2013	Eric Paris <eparis@redhat.com>	libselinux: unmap file contexts on selabel_close() We were leaking all of the file context db because we didn't unmap them on selabel_close() Signed-off-by: Eric Paris <eparis@redhat.com> rc/label_file.c rc/label_file.h
9c83b206e11e59f0b6ccb8020836f2d7c65dd3d7	23-Jan-2013	Dan Walsh <dwalsh@redhat.com>	libselinux: pkg-config do not specifc ruby version pkg-config do not work if you specifiy the version of ruby in Fedora 19 Signed-off-by: Eric Paris <eparis@redhat.com> rc/Makefile
1d403326aecd92dfa0120cfd2e9c3c52a2a3cdf1	09-Jan-2013	Eric Paris <eparis@redhat.com>	libselinux: optimize setcon functions Setcon now caches the security context and only re-sets it if it changes. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/Makefile rc/procattr.c
e9759ea7af3ce8f126a981ecb4f504ad7a300ab4	08-Jun-2012	Dan Walsh <dwalsh@redhat.com>	libselinux: Change boooleans.subs to booleans.subs_dist. Currently we ship other subs files with the _dist to indicate they come with the distribution as opposed to being modified by the user. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/file_path_suffixes.h
aa62cd60f7192123b509c2518e7a2083e34a65a2	29-Nov-2012	Eric Paris <eparis@redhat.com>	libselinux: Fix errors found by coverity Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/audit2why.c rc/avc_internal.c rc/get_context_list.c rc/label_android_property.c rc/label_file.c rc/mapping.c rc/setrans_client.c rc/seusers.c rc/stringrep.c tils/avcstat.c
c89deab09a5b5ee33f4576a340f0e76647b533f9	12-Dec-2012	Eric Paris <eparis@redhat.com>	libselinux: selinux_status_open: do not leak statusfd on exec Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/sestatus.c
761881c947912b68c15576d9aa22b5e147c25b2b	12-Dec-2012	Eric Paris <eparis@redhat.com>	libselinux: selinux_status_open: handle error from sysconf We didn't handle sysconf(_SC_PAGESIZE) returning an error. It should be very rare, obviously, be we should handle it. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/sestatus.c
2f624c94c70a1a3dcc0387350030f166d6bb6d56	04-Dec-2012	Pádraig Brady <P@draigbrady.com>	libselinux: man: context_new(3): fix the return value description Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> an/man3/context_new.3
be2d728599c08e5e4a3cf0cebcc4f7876786cd5c	13-Nov-2012	Guillem Jover <guillem@debian.org>	libselinux: Use ENOTSUP instead of EOPNOTSUPP for getfilecon functions EOPNOTSUPP means "operation not supoorted on socket", and ENOTSUP means "not supported", although per POSIX they can be alised to the same value and on Linux they do, ENOTSUP seems the more correct error code. In addition these function are documented as returning ENOTSUP, and given that they are implemented in means of getxattr(2) which does return ENOTSUP too, this just consolidates their behaviour. Signed-off-by: Guillem Jover <guillem@debian.org> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/fgetfilecon.c rc/getfilecon.c rc/lgetfilecon.c
9acdd37989ce2bd3c239a7c14a9f7a7a9bb971e3	10-Nov-2012	Guillem Jover <guillem@debian.org>	libselinux: man: Add references and man page links to _raw function variants Signed-off-by: Guillem Jover <guillem@debian.org> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> an/man3/fgetfilecon_raw.3 an/man3/fsetfilecon_raw.3 an/man3/getcon.3 an/man3/getcon_raw.3 an/man3/getexeccon.3 an/man3/getexeccon_raw.3 an/man3/getfilecon.3 an/man3/getfilecon_raw.3 an/man3/getfscreatecon.3 an/man3/getfscreatecon_raw.3 an/man3/getkeycreatecon.3 an/man3/getkeycreatecon_raw.3 an/man3/getpeercon_raw.3 an/man3/getpidcon_raw.3 an/man3/getprevcon_raw.3 an/man3/getsockcreatecon.3 an/man3/getsockcreatecon_raw.3 an/man3/lgetfilecon_raw.3 an/man3/lsetfilecon_raw.3 an/man3/security_check_context.3 an/man3/security_check_context_raw.3 an/man3/security_compute_av.3 an/man3/security_compute_av_flags_raw.3 an/man3/security_compute_av_raw.3 an/man3/security_compute_create_name_raw.3 an/man3/security_compute_create_raw.3 an/man3/security_compute_member_raw.3 an/man3/security_compute_relabel_raw.3 an/man3/security_compute_user_raw.3 an/man3/security_get_initial_context_raw.3 an/man3/selabel_lookup_raw.3 an/man3/setcon_raw.3 an/man3/setexeccon_raw.3 an/man3/setfilecon.3 an/man3/setfilecon_raw.3 an/man3/setfscreatecon_raw.3 an/man3/setkeycreatecon_raw.3 an/man3/setsockcreatecon_raw.3
4f289b50ac1aa32e228e06ee0d29e2e472c8a661	14-Nov-2012	Guillem Jover <guillem@debian.org>	libselinux: man: Fix typo in man page Signed-off-by: Guillem Jover <guillem@debian.org> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> an/man3/selinux_status_open.3
6ef13eeda7697bc7b816c98817204f25ffb87a00	13-Nov-2012	Guillem Jover <guillem@debian.org>	libselinux: man: Fix man pages formatting - Add man page sections '(N)' to external references, and '()' on functions described in the same man page. - Escape minus signs when those are expected to be used on the command line or files. - Mark files and variables in italic; Note headings, function names, constants, program options and man page references in bold. - Do not justify and hyphenate SEE ALSO section, and avoid hyphenation on symbol names by prepending them with \%. - Remove trailing dot from NAME section description. - Split sections with a no-op command '.', to visually distinguish them but to avoid introducing spurious vertical space in the formatted output. - Add explicit .sp commands in the SYNOPSIS section between function prototypes, and fix space placement in function protoypes. - Split header includes with .br (instead of the explicit or implicit .sp) so that they are vertically contiguous. - Add missing {} around SELINUXTYPE and POLICYTYPE variable text in paths. - Remove unneeded formatting commands. - Remove spurious blank lines. Signed-off-by: Guillem Jover <guillem@debian.org> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> an/man3/avc_add_callback.3 an/man3/avc_cache_stats.3 an/man3/avc_compute_create.3 an/man3/avc_context_to_sid.3 an/man3/avc_has_perm.3 an/man3/avc_init.3 an/man3/avc_netlink_loop.3 an/man3/avc_open.3 an/man3/context_new.3 an/man3/get_ordered_context_list.3 an/man3/getcon.3 an/man3/getexeccon.3 an/man3/getfilecon.3 an/man3/getfscreatecon.3 an/man3/getkeycreatecon.3 an/man3/getseuserbyname.3 an/man3/getsockcreatecon.3 an/man3/init_selinuxmnt.3 an/man3/is_context_customizable.3 an/man3/is_selinux_enabled.3 an/man3/matchmediacon.3 an/man3/matchpathcon.3 an/man3/matchpathcon_checkmatches.3 an/man3/security_check_context.3 an/man3/security_class_to_string.3 an/man3/security_compute_av.3 an/man3/security_disable.3 an/man3/security_getenforce.3 an/man3/security_load_booleans.3 an/man3/security_load_policy.3 an/man3/security_policyvers.3 an/man3/selabel_lookup.3 an/man3/selabel_open.3 an/man3/selabel_stats.3 an/man3/selinux_binary_policy_path.3 an/man3/selinux_boolean_sub.3 an/man3/selinux_check_securetty_context.3 an/man3/selinux_colors_path.3 an/man3/selinux_file_context_cmp.3 an/man3/selinux_file_context_verify.3 an/man3/selinux_getenforcemode.3 an/man3/selinux_getpolicytype.3 an/man3/selinux_lsetfilecon_default.3 an/man3/selinux_policy_root.3 an/man3/selinux_raw_context_to_color.3 an/man3/selinux_set_callback.3 an/man3/selinux_set_mapping.3 an/man3/selinux_status_open.3 an/man3/set_matchpathcon_flags.3 an/man3/setfilecon.3 an/man5/booleans.5 an/man5/customizable_types.5 an/man5/default_contexts.5 an/man5/default_type.5 an/man5/failsafe_context.5 an/man5/local.users.5 an/man5/removable_context.5 an/man5/secolor.conf.5 an/man5/securetty_types.5 an/man5/selabel_db.5 an/man5/selabel_file.5 an/man5/selabel_media.5 an/man5/selabel_x.5 an/man5/service_seusers.5 an/man5/seusers.5 an/man5/user_contexts.5 an/man5/virtual_domain_context.5 an/man5/virtual_image_context.5 an/man8/avcstat.8 an/man8/booleans.8 an/man8/getenforce.8 an/man8/getsebool.8 an/man8/matchpathcon.8 an/man8/selinux.8 an/man8/selinuxenabled.8 an/man8/selinuxexeccon.8 an/man8/setenforce.8 an/man8/togglesebool.8
8cc79bcd981abb616ad9cafebcb4302acf392311	16-Nov-2012	Guillem Jover <guillem@debian.org>	libselinux: man: Fix program synopsis and function prototypes in man pages Fix typos, or wrong function prototypes. Signed-off-by: Guillem Jover <guillem@debian.org> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> an/man3/selabel_stats.3 an/man3/selinux_binary_policy_path.3 an/man3/selinux_boolean_sub.3 an/man3/selinux_getpolicytype.3 an/man3/selinux_policy_root.3 an/man3/selinux_status_open.3 an/man5/selabel_db.5 an/man8/selinuxexeccon.8
7504bbd87302c61f39f8f7641df63213f5da6cd8	21-Nov-2012	Dan Walsh <dwalsh@redhat.com>	libselinux: audit2why: Cleanup audit2why analysys function Tee-tiny cleanup to remove needless {} Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/audit2why.c
13b599d7b80c1464683f66a1e93e02b984d94c1d	17-Oct-2012	rhatdan <dwalsh@redhat.com>	libselinux: mode_to_security_class: interface to translate a mode_t in to a security class coreutils needs to be able to take a statbuf and ask permissions questions. This gives us the interface to translate that statbuf mode_t into a security class which can be used. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> nclude/selinux/selinux.h an/man3/mode_to_security_class.3 an/man3/security_class_to_string.3 rc/stringrep.c
d09bcb75f5e7c87ba4b8fd8b55ec28c69a1c94fa	19-Nov-2012	Eric Paris <eparis@redhat.com>	libselinux: audit2why: do not leak on multiple init() calls If init() was already called then avc will be set. If avc is set just return. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/audit2why.c
019e6fd6d4e383ae82b65a2f5868e377dd8af571	15-Oct-2012	rhatdan <dwalsh@redhat.com>	libselinux: audit2why: Fix segfault if finish() called twice If audit2why.finish is called more than once the global avc variable will be NULL, and thus dereferencing it will obviously cause problems. Thus just bail if avc is NULL and we know cleanup is done. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/audit2why.c
2677b72191205b329d4743d2cf0d5607091d18d0	12-Oct-2012	rhatdan <dwalsh@redhat.com>	libselinux: man: make selinux.8 mention service man pages We were listing a number of service man pages (like httpd_selinux) in the see also section of selinux.8. As that number of pages explodes it does not make sense to try to list them all. Instead tell people to use man -k selinux to find them. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> an/man8/selinux.8
44cba24ba68d5021862c3b9e962b96d63e587dce	14-Sep-2012	rhatdan <dwalsh@redhat.com>	libselinux: sefcontontext_compile: Add error handling to help debug problems in libsemanage. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> tils/sefcontext_compile.c
a293048a59aa8eae68f76d1bafe08acba9285f97	01-Nov-2012	Eric Paris <eparis@redhat.com>	libselinux: do not leak mmapfd On failure, common if .bin is older than the text version, we will leak the mmapfd. Don't do that. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/label_file.c
9ebd779353764299e40f63f843eb26209ffbd771	30-Aug-2012	Eric Paris <eparis@redhat.com>	libselinux: label_file: use precompiled filecontext when possible When loading the filecontext database, check to see if there is a newer binary version. If so, mmap that file, is used to populate the regex db instead of reading from the text representation and compiling regex's as needed. If the text file is newer it will use the text version and ignore the binary version. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/label_file.c rc/label_file.h
dac8b32c1781dde089e8fc45904fc01a1a21b8ed	30-Aug-2012	Eric Paris <eparis@redhat.com>	libselinux: utils: new file context regex compiler This is a new 'compiler' which tranforms the file context database into a binary format. This binary format may be mmap'd in later removing the need to compile the regular expression at run time. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> tils/.gitignore tils/Makefile tils/sefcontext_compile.c
933840af6c41ea0203485227c4ac2258f15d40f5	04-Dec-2012	Eric Paris <eparis@redhat.com>	libselinux: audit2why: make sure path is nul terminated We use strncpy which could leave a non-nul terminated string if the source is longer than PATH_MAX. Add that nul. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/audit2why.c
8638197342f77d66b3e21ee93009060886020064	13-Sep-2012	Eric Paris <eparis@redhat.com>	Version bumps for upstream push hangeLog ERSION
45658fc6d5c7ed84a7356275f547eca92d4a959f	20-Aug-2012	Guido Trentalancia <guido@trentalancia.com>	libselinux: improve the file_contexts.5 manual page Manual page improvements for the file_contexts and related policy configuration files (section 5): - create links to selabel_file.5 not only for file_contexts.5 but also for the other optional policy configuration files (including the so-called file contexts "substitution" files); - clarify the above mentioned manual page(s), in particular relatively to the action performed by the so-called file contexts "substitution" policy configuration files (aliasing/equivalence versus substitution); - improve the explanation of the form that the "substitution" files shall have. Signed-off-by: Guido Trentalancia <guido@trentalancia.com> Signed-off-by: Eric Paris <eparis@redhat.com> an/man5/file_contexts.homedirs.5 an/man5/file_contexts.local.5 an/man5/file_contexts.subs.5 an/man5/file_contexts.subs_dist.5 an/man5/selabel_file.5
1c8a7c194d3a3f72be5d02d50df2f7b679aeabe7	31-Jul-2012	Dan Walsh <dwalsh@redhat.com>	libselinux: Ensure that we only close the selinux netlink socket once. Taken from our Android libselinux tree. From Stephen Smalley. Signed-off-by: Eric Paris <eparis@redhat.com> rc/avc_internal.c
4d04f4c443b916cd078f12930f683374da2291e4	31-Aug-2012	Eric Paris <eparis@redhat.com>	libselinux: label_file: only run array once when sorting Instead of running the array two times, sorting the 'hasMeta' the first time and the !hasMeta the second, run the array once putting hasMeta in the front and !hasMeta in the back. Then ONLY run the !hasMeta section a second time reversing its order so its sorted as it should be. Signed-off-by: Eric Paris <eparis@redhat.com> rc/label_file.h
36ab97dadc3ae8d504d6a4cfa7490d92b49b370d	30-Aug-2012	Eric Paris <eparis@redhat.com>	libselinux: label_file: struct reorg Use char instead of int, reorder to put the chars together. Just litle things. Signed-off-by: Eric Paris <eparis@redhat.com> rc/label_file.h
de5bc062ca60668c7e5cae741fd0ae646c0d16bb	30-Aug-2012	Eric Paris <eparis@redhat.com>	libselinux: label_file: break up find_stem_from_spec Right now find_stem_from_spec does a number of things: - calculate the length of th stem - look for that stem - duplicate the stem - add the stem to the array break those things up a bit because the mmap version isn't going to need to do some of those things. Signed-off-by: Eric Paris <eparis@redhat.com> rc/label_file.h
16b578895e5c20ad6594186a14a04d848c735889	30-Aug-2012	Eric Paris <eparis@redhat.com>	libselinux: label_file: new process_file function We currently duplicate code 3 times for the main file, the homedirs, and the local file. Just put that stuff in its own function so we don't have to deal with it multiple times. Signed-off-by: Eric Paris <eparis@redhat.com> rc/label_file.c
79b6a8d78fc184b01133ac11d1d0c683633dcaf3	30-Aug-2012	Eric Paris <eparis@redhat.com>	libselinux: label_file: only run regex files one time We currectly run all of the regex files 2 times. The first time counts the lines and does the simple validatation. We then allocate an array of exactly the right size to hold the entries and run them a second time doing stronger validation, regex compile, etc. This is dumb. Just run them one time and use realloc to grow the size of the array as needed. At the end the array will get sized perfectly to fit by the sorting function, so even if we accidentally allocated entra memory we'll get it back. Signed-off-by: Eric Paris <eparis@redhat.com> rc/label_file.c rc/label_file.h
ee88185aff38b18b16da0d0ed38796d7142632d1	27-Aug-2012	Eric Paris <eparis@redhat.com>	libselinux: label_file: add accessors for the pcre extra data When we use an mmap backed version of data we need to declare the pcre extra data since we are only given a point to the data->buffer. Since sometimes the spec will hold a pointer to the extra data and sometimes we want to declare it on the stack I introduce and use an accessor for the extra data instead of using it directly. Signed-off-by: Eric Paris <eparis@redhat.com> rc/label_file.c rc/label_file.h
247759031a3e41e5a0f462dc7dfecc0d79d1652e	30-Aug-2012	Eric Paris <eparis@redhat.com>	libselinux: label_file: move regex sorting to the header We want to do the same thing in the compiler and as we do in in the code which reads regexes in from the text file. Move that sorting into the header. Signed-off-by: Eric Paris <eparis@redhat.com> rc/label_file.c rc/label_file.h
dd61029c549b01efe41576a3406f6ff513699461	27-Aug-2012	Eric Paris <eparis@redhat.com>	libselinux: label_file: fix potential read past buffer in spec_hasMetaChars An illegal regex may end with a single \ followed by nul. This could cause us to search past the end of the character array. The loop formation looks like so: c = regex_str; len = strlen(c); end = c + len; while (c != end) { switch (c) { ... case '\\': / skip the next character */ c++; break; ... } c++; } If the \ is the last character then we will increment c and break from the switch. The while loop will then increment c. So now c == end+1. This means we will keep running into infinity and beyond! Easy fix. Make the loop check (c < end). Thus even if we jump past end, we still exit the loop. Signed-off-by: Eric Paris <eparis@redhat.com> rc/label_file.h
48682e2853f3c66a628adcaf0dbd6030630802f2	27-Aug-2012	Eric Paris <eparis@redhat.com>	libselinux: label_file: move spec_hasMetaChars to header So we can use it in the new compile utility, move the spec_hasMetaChars() function, which looks for things like .*?+^$ in regular expressions into the internal header file. Signed-off-by: Eric Paris <eparis@redhat.com> rc/label_file.c rc/label_file.h
fcc895661d0cfc619f0895e5c8cb3017cc97364e	27-Aug-2012	Eric Paris <eparis@redhat.com>	libselinux: label_file: drop useless ncomp field from label_file data The libselinux label_file backend counted the number of regexes which had been compiled. We didn't use it and it wasn't useful information. Stop doing it. Signed-off-by: Eric Paris <eparis@redhat.com> rc/label_file.c rc/label_file.h
9937685cbe8ae6a57cd0b653f2e04f1f45efe46e	22-Aug-2012	Eric Paris <eparis@redhat.com>	libselinux: label_file: move stem/spec handling to header We want to be able to find the stem and the spec from our new utility. So move those functions to the header file. Signed-off-by: Eric Paris <eparis@redhat.com> rc/label_file.c rc/label_file.h
b9482941ce29e17cd669da457ec3bc176e43fcc6	22-Aug-2012	Eric Paris <eparis@redhat.com>	libselinux: label_file: move error reporting back into caller If we want to use these functions in utilities we shouldn't call such libselinux internal functions. Move the error reporting up to the caller. Signed-off-by: Eric Paris <eparis@redhat.com> rc/label_file.c rc/label_file.h
f744f239fbfcd1f74bac3196acd616d871ab6108	22-Aug-2012	Eric Paris <eparis@redhat.com>	libselinux: label_file: do string to mode_t conversion in a helper function So the string to mode_t conversion in a helper function so it can be used later by a regex compilation program. Signed-off-by: Eric Paris <eparis@redhat.com> rc/label_file.c rc/label_file.h
c27101a58317a3d535437f6bd82a3af4a7140074	22-Aug-2012	Eric Paris <eparis@redhat.com>	libselinux: label_file: move definitions to include file We want to use some label_file internals in a utility to compile fcontext files into binary data for fast use. So start pushing structures and such into a header file. Signed-off-by: Eric Paris <eparis@redhat.com> rc/label_file.c rc/label_file.h
dc1db39e28d8319ee72429dfb5fdbb18208d8977	22-Aug-2012	Eric Paris <eparis@redhat.com>	libselinux: label_file: remove all typedefs I hate them. They just indirectly you needlessly. Just use the struct definitions. Signed-off-by: Eric Paris <eparis@redhat.com> rc/label_file.c
091eb526dd2036d993517d09e4fc67b2bec3ec5e	22-Aug-2012	Eric Paris <eparis@redhat.com>	libselinux: label_file: use PCRE instead of glibc regex functions The PCRE functions are about x10 faster than the glibc functions. So use the external library. Signed-off-by: Eric Paris <eparis@redhat.com> rc/Makefile rc/label_file.c
ac5f5645b6f285a66ceceb5625e05fbbe3ac1329	12-Jun-2012	Eric Paris <eparis@redhat.com>	libselinux: stop messages when SELinux disabled If SELinux is disabled we should send any messages. We shouldn't do anything. Just return. Signed-off-by: Eric Paris <eparis@redhat.com> rc/callbacks.c
b2d86f82196e26e6d62443a6e216c5c807d03018	03-Jul-2012	Eric Paris <eparis@redhat.com>	libselinux: booleans: initialize pointer to silence coveriety The coveriety scanner is too stupid to realize that the strtok_r() function initializes the saveptr variable. Since we are passing a variable location without initializing it coveriety gets angry. Just shut up the scanner, but nothing was wrong to start with. Signed-off-by: Eric Paris <eparis@redhat.com> rc/booleans.c
bd8ea2eb6caf103398fef80e41e0ef86ba3892b7	21-Jun-2012	Dan Walsh <dwalsh@redhat.com>	libselinux: seusers: Check for strchr failure If we have a malformed seusers entry we may not find the : proceeding the level and would thus get a NULL. This can blow up. Check for this error and bail gracefully. Found by coverity Signed-off-by: Eric Paris <eparis@redhat.com> rc/seusers.c
fa7a9a604ee9f12dbfa63950adc0122880c092b0	21-Jun-2012	Dan Walsh <dwalsh@redhat.com>	libselinux: utils: avcstat: clear sa_mask set We were leaving random stack garbage in sa.sa_mask. Clear it the way one should. (spotted by coveriety) Signed-off-by: Eric Paris <eparis@redhat.com> tils/avcstat.c
1db01640eec01d4819e3033aff519c5beb753e1a	12-Sep-2012	Eric Paris <eparis@redhat.com>	libselinux: matchpathcon: add -m option to force file type check We may want to force matchpathcon to respond if the path is question is a dir, sockfile, chr, blk, etc. Add an option so you can force it to hit the right rule types. Signed-off-by: Eric Paris <eparis@redhat.com> an/man8/matchpathcon.8 tils/matchpathcon.c
ee6901618c9da360515474145504c7b58258441f	11-Jun-2012	Dan Walsh <dwalsh@redhat.com>	libselinux: expose selinux_boolean_sub Make selinux_boolean_sub a public method so getsebool can use it, as well as potentially used within libsemanage. Signed-off-by: Eric Paris <eparis@redhat.com> nclude/selinux/selinux.h rc/booleans.c rc/selinux_internal.h
179ee6c18725d61bd04019b4631d3ff43d964c67	11-Jun-2012	Dan Walsh <dwalsh@redhat.com>	libselinux: Add man page for new selinux_boolean_sub function. Signed-off-by: Eric Paris <eparis@redhat.com> an/man3/selinux_boolean_sub.3
bac96c8c70e2b37362090cb1ffc96aa54c160bca	11-Jun-2012	Dan Walsh <dwalsh@redhat.com>	libselinux: getsebool: support boolean name substitution Use selinux_boolean_sub to translate the boolean name handed in by the user. Report back the correct name of the boolean. Signed-off-by: Eric Paris <eparis@redhat.com> tils/getsebool.c
88c35241535803247bd3044187c6c3b3c7f02c79	18-Apr-2012	Eric Paris <eparis@redhat.com>	libselinux: boolean name equivalency Add support for booleans.subs file. Basically this allows us to finally change badly named booleans to some standard name. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> nclude/selinux/selinux.h rc/booleans.c rc/file_path_suffixes.h rc/selinux_config.c rc/selinux_internal.h
1024ea34c6ff68625037fd8abbda5dc910ac31e5	01-Jun-2012	Eric Paris <eparis@redhat.com>	libselinux: libsemanage: remove PYTHONLIBDIR and ruby equivalent We generate pkg-config --libs and use that to build the libselinux python so file. We do not use it to build the libsemanage versions. We also never use the ruby equivalent. So stop calling pkg-config uselessly. Signed-off-by: Eric Paris <eparis@redhat.com> rc/Makefile
b2523dc167b1b61ea3cc42a97c8da6ac60ad7550	01-Jun-2012	Eric Paris <eparis@redhat.com>	libselinux: libsemanage: do not set soname needlessly We explicitly set the soname of the python and ruby files. We don't need this. We are using the -o name as the soname, so just let the toolchain do its thing. It just makes the Makefile nicer to read. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/Makefile
056f23c4bf65a0c62be4e7b8c858ad4f23ce0308	21-Jun-2012	Eric Paris <eparis@redhat.com>	libselinux: utils: add service to getdefaultcon Add a -s option to getdefaultcon which allows one to specify the service in question. This exposes all of the abilities of getseuser instead of only the abilities of getseuserbyname. Signed-off-by: Eric Paris <eparis@redhat.com> tils/getdefaultcon.c
c802d4a6d53120a7c067c29625a17b09f922f4d3	18-Apr-2012	Dan Walsh <dwalsh@redhat.com>	libselinux: Add support for lxc_contexts_path In order for lxc to look up its process and file labels we add new libselinux support. This is what we do for everything else, like libvirt, seposgresql, etc. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> nclude/selinux/selinux.h rc/file_path_suffixes.h rc/selinux_config.c rc/selinux_internal.h
f05a71b92d94771ed976a7c74e5fa378d02b590b	28-Jun-2012	Eric Paris <eparis@redhat.com>	Version bumps for upstream push hangeLog ERSION
824df4b60b8f3de26fb900ed5f74ca6379de6d99	01-Jun-2012	Eric Paris <eparis@redhat.com>	libselinux: additional makefile support for rubywrap SELinux ruby bindings didn't build from the top level the swig generated .c file wasn't gitignored use pkg-config for ruby info like we do for python Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/.gitignore rc/Makefile
30900902b16c70fabe78a22aafb120443acdd53c	31-May-2012	Eric Paris <eparis@redhat.com>	libselinux: label_android_property whitespace cleanups Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/label_android_property.c
cfc492cf11e1b641e2a0478907d56a17b771a067	31-May-2012	rpcraig <rpcraig@tycho.ncsc.mil>	libselinux: New Android property labeling backend This is already in the android repo. This is here to prevent potential conflicts of the selabel indices, and possibly with an eye toward an eventual reunification of the two libselinuxes down the road. Reviewed-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> nclude/selinux/label.h rc/label.c rc/label_android_property.c rc/label_internal.h
5e3171f658d1d2f1e0068f485b3fff7c164e05e4	21-Jun-2012	Eric Paris <eparis@redhat.com>	libselinux: seusers: getseuser: gracefully handle NULL service getseuser() would unconditionally check strlen on the service variable even though it could be NULL. Whoops. If service is NULL we should only match on *: entries. Signed-off-by: Eric Paris <eparis@redhat.com> rc/seusers.c
5b344c112a3cea38d015271509a11e13a06f84b4	21-Jun-2012	Eric Paris <eparis@redhat.com>	libselinux: seusers: remove unused lineno The lineno variable was being incremented, but nothing was being done with it. Remove it. Signed-off-by: Eric Paris <eparis@redhat.com> rc/seusers.c
12e2a0f9fceffca224a2fbe80d144afe237907df	20-Jun-2012	Eric Paris <eparis@redhat.com>	libselinux: matchpathcon: bad handling of symlinks in / The realpath_not_final() function did not properly handle symlinks in the / directory. The reason is because when it determined the symlink was in the root directory it would set the resolved portion of the path to /, it would then add a / to the end of the resolved portion, and then append the symlink name. The fix is to instead set the resolved portion to "". Thus when the '/' at the end of the resolved portion is added it will be correct. While I am at it, strip extraneous leading / so that //tmp returns /tmp. Signed-off-by: Eric Paris <eparis@redhat.com> rc/matchpathcon.c
5d19b707232718377e7378d43a677011e6f97a58	19-Apr-2012	Eric Paris <eparis@redhat.com>	libselinux: libsemanage: remove build warning when build swig c files swig creates C files with warnings. Turn off the warnings so the build is clean. We can't help the code it produces anyway... Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/Makefile
9b3055ada5fffd40c2b8fb23485364bba2c4c111	19-Apr-2012	Eric Paris <eparis@redhat.com>	libselinux: audit2why: silence -Wmissing-prototypes warning The init functions are non-static but did not have a prototype declaration. They are called magically from python, so just declare the prototype to silence the warning. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/audit2why.c
378dfe4d6ab7c007013d8534d2bc902dd6c29833	03-Feb-2012	Dan Walsh <dwalsh@redhat.com>	libselinux: avc_netlink_recieve handle EINTR should continue to poll if it receinves an EINTR rather then exiting with an error. This was a major bug within dbus that was causing dbus to crash it was discussed at the time whether this is a dbus bug or an libselinux bug, it was decided that we should fix it within libselinux. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/avc_internal.c
2ca19f3f676a2747a38cf2d7dcf5037ccc8a9eb1	25-May-2012	Dan Walsh <dwalsh@redhat.com>	libselinux: asprintf return code must be checked Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/label.c
ac6ab3afc04adb98a072a8b213814862b0ab9e31	25-May-2012	Dan Walsh <dwalsh@redhat.com>	libselinux: Fortify source now requires all code to be compiled with -O flag Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/Makefile tils/Makefile
7a86fe1a3decc4c05598eb3f9339175251cd5447	28-Mar-2012	Eric Paris <eparis@redhat.com>	bump version and changelog for upstream push hangeLog ERSION
a4f84109b51263599a284b167bf04e088e7da95d	26-Mar-2012	Laurent Bigonville <bigon@debian.org>	libselinux: Hide unnecessarily-exported library destructors Description: Hide unnecessarily-exported library destructors This change was extracted from the old monolithic Debian patch. Signed-off-by: Laurent Bigonville <bigon@debian.org> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/matchpathcon.c rc/setrans_client.c
f7a75f17612d82385aeb338035f85016cff53b3d	26-Mar-2012	Laurent Bigonville <bigon@debian.org>	libselinux: Do not link against python library, this is considered bad practice in debian Do not link python module with libpython, the interpreter is already linked against it. Signed-off-by: Laurent Bigonville <bigon@debian.org> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/Makefile
2b5a0530e7c06150c84fc233fbfab40c57130f84	25-Mar-2012	Kohei KaiGai <kaigai@kaigai.gr.jp>	libselinux: security_compute_create_name(3) I'd like to use this interface to implement special case handling for the default labeling behavior on temporary database objects. Allow userspace to use the filename_trans rules added to policy. Signed-off-by: KaiGai Kohei <kohei.kaigai@emea.nec.com> Signed-off-by: Eric Paris <eparis@redhat.com> nclude/selinux/selinux.h an/man3/security_compute_av.3 an/man3/security_compute_create_name.3 rc/compute_create.c rc/selinux_internal.h
c7d749efe2fa6f1e765b0bc215476d533f1b4d7b	16-Mar-2012	Dan Walsh <dwalsh@redhat.com>	libselinux: take security_deny_unknown into account selinux_check_access() should not error on bad class or perms if the security_deny_unkown() function return false. If policy tells us to allow unknown classes and perms we should respect that. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/checkAccess.c
ed5dc69dad117006ba9dddf258e064431bb96cfb	06-Mar-2012	Dan Walsh <dwalsh@redhat.com>	libselinux: assert if avc_init() not called To simplify finding why programs don't work, assert that avc_init() was called any time avc functions are called. This means we won't get 'random' segfaults and will instead be able to hopefully quickly determine what we did wrong as application developers. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/avc.c
5766295bb2ad45c85a1cc489f220dde07074b737	15-Feb-2012	Dan Walsh <dwalsh@redhat.com>	libselinux: build with either ruby 1.9 or ruby 1.8 Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/Makefile
dc21b09c255a88790d1b212ead0cbe91bcca79ff	15-Feb-2012	Dan Walsh <dwalsh@redhat.com>	libselinux: pkg-config to figure out where ruby include files are located Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/Makefile
9b796ead1a18f2c59d5b660c986cbdb2e6b5f83c	27-Jan-2012	Dan Walsh <dwalsh@redhat.com>	libselinux: utils: Stop separating out matchpathcon as something special It's not special and doesn't need its own Makefile lines. Just make it a normal target. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> tils/Makefile
46d294f645abf02f3d4dc4514cf53092a3e80e33	27-Jan-2012	Dan Walsh <dwalsh@redhat.com>	libselinux: Update Makefiles to handle /usrmove Move everything into /usr/* and just put links from /*. The whole /usr thing hasn't really worked in all situations for a long long time. Just accept that fact and move along. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> akefile nclude/Makefile an/Makefile tils/Makefile
c9a8ff9bae4be7e3c81f5a9c7fb52c1787de3ad3	23-Jan-2012	Daniel P. Berrange <berrange@redhat.com>	libselinux: Ensure there is a prototype for 'matchpathcon_lib_destructor' Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/matchpathcon.c
bcdf92aac4ba9ec7b0188a8350799ed237e907bd	23-Jan-2012	Daniel P. Berrange <berrange@redhat.com>	libselinux: Change annotation on include/selinux/avc.h to avoid upsetting SWIG The earlier patch to avc.c put the struct member annotation at the end of the line, which works fine for GCC, but upsets SWIG. Equivalent code in selinux.h demonstrates how to place the annotation without upsetting SWIG. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> nclude/selinux/avc.h
a1044d4c84aeb2e9f98823afa932d87934c7ac64	23-Jan-2012	Daniel P. Berrange <berrange@redhat.com>	libselinux: utils: Enable many more gcc warnings for libselinux/utils builds Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> tils/Makefile
41649ca786b3243d92f8118238a33ec2d44cc5d3	23-Jan-2012	Daniel P. Berrange <berrange@redhat.com>	libselinux: Enable many more gcc warnings for libselinux/src/ builds XXX: -Wno-redundant-decls really shouldn't be set, if some way can be found to deal with warnings generated by dso.h XXX: the maximum stack size should be much lower, but there are too many functions using PATH_MAX which need to be rewritten to use the heap instead. XXX: probe for whether the user's GCC supports a flag ? Signed-off-by: Eric Paris <eparis@redhat.com> rc/Makefile
5f8ce370216fd0ece9789f974023d24df752241e	23-Jan-2012	Daniel P. Berrange <berrange@redhat.com>	libselinux: Fix const-ness of parameters & make usage() methods static Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> tils/getconlist.c tils/getdefaultcon.c tils/getsebool.c tils/matchpathcon.c tils/selinux_check_securetty_context.c tils/selinuxexeccon.c tils/setenforce.c tils/togglesebool.c
91d9fe8af05a9a9ded5d02bcd8c1c5a1e1ef670e	23-Jan-2012	Daniel P. Berrange <berrange@redhat.com>	libselinux: Add printf format attribute annotation to die() method Annotating the die method as taking printf format exposes a bug in error reporting Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> tils/avcstat.c
57928fa1fd2222558543134211340f40ff1b9e02	23-Jan-2012	Daniel P. Berrange <berrange@redhat.com>	libselinux: Add more printf format annotations The public avc.h file must use a printf annotation in the struct callback members, otherwise application code will get compiler warnings that the method should have an annotation set. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> nclude/selinux/avc.h rc/avc_internal.h
da5e7e3b81c8300f597d01907d1b228e51ebe8f9	23-Jan-2012	Daniel P. Berrange <berrange@redhat.com>	libselinux: Add prototype decl for destructor Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/setrans_client.c
435fae64a931301ac00930af1eebc28bd9b0c576	23-Jan-2012	Daniel P. Berrange <berrange@redhat.com>	libselinux: Remove unused flush_class_cache method * stringrep.c: Delete flush_class_cache Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/stringrep.c
b82b7e02dfcd46db75a94352815830fdb651fa94	23-Jan-2012	Daniel P. Berrange <berrange@redhat.com>	libselinux: Fix const-correctness * include/selinux/selinux.h, src/init.c: set_selinuxmnt should take a const char mntpath src/get_default_type.c: Avoid bad cast discarding const * load_policy.c: Fix var decl to avoid discarding const Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> nclude/selinux/selinux.h rc/get_default_type.c rc/init.c rc/load_policy.c
86795159d4112b6842584cfff317659cdb931218	23-Jan-2012	Daniel P. Berrange <berrange@redhat.com>	libselinux: Fix old style function definitions Add 'void' parameter to all functions which take no arguments * selinux_config.c: s/()/(void)/ Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/selinux_config.c
c87df3493d9550429193a8dc7d78a6bfc4c234d3	23-Jan-2012	Daniel P. Berrange <berrange@redhat.com>	libselinux: Remove jump over variable declaration seusers.c: In function ‘getseuser’: seusers.c:273:3: error: jump skips variable initialization [-Werror=jump-misses-init] seusers.c:317:2: note: label ‘err’ defined here seusers.c:274:8: note: ‘fp’ declared here * seusers.c: Declare FILE *fp at start of getseuser() method Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/seusers.c
18e3a8d3966f6974d2ac83904890ad00dd6c6b28	16-Jan-2012	Dan Walsh <dwalsh@redhat.com>	checkpolicy: libselinux: Fix dead links to www.nsa.gov/selinux Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> an/man8/selinux.8
339f8079d7b9dd1e0b0138e2d096dc7c60b2092e	21-Dec-2011	Eric Paris <eparis@redhat.com>	update VERSION and Changelog for public push hangeLog ERSION
297d2bee23fe96962c9cb819a36ccf0d80421515	21-Dec-2011	Eric Paris <eparis@redhat.com>	libselinux: merge freecon with getcon man page The getcon man page already includes setcon() and other non-"get" entries. Why send people somewhere else just for freecon? Put it here. Signed-off-by: Eric Paris <eparis@redhat.com> an/man3/freecon.3 an/man3/freeconary.3 an/man3/getcon.3
cb71d68aa1236bf8b1fecad859f53318f61d23dc	20-Dec-2011	Dan Walsh <dwalsh@redhat.com>	libselinux: Cleanup Man pages Typos, indenting, nothing fancy. Signed-off-by: Eric Paris <eparis@redhat.com> an/man3/context_new.3 an/man3/getcon.3
27915ec2aa7368d750a5b14e61e17c4a165185ac	19-Dec-2011	Dan Walsh <dwalsh@redhat.com>	libselinux: Fix setenforce man page to refer to selinux man page Do not talk about disabling selinux in the setenforce man page. Point people in the right direction instead. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> an/man8/setenforce.8
16a37c9f94c1e2dfb865e17e4200d2824d4971f5	19-Dec-2011	Richard Haines <richard_c_haines@btinternet.com>	libselinux - correct selabel invalid context logging When selabel_lookup found an invalid context with validation enabled, it always stated it was 'file_contexts' whether media, x, db or file. The fix is to store the spec file name in the selabel_lookup_rec on selabel_open and use this as output for logs. Also a minor fix if key is NULL to stop seg faults. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/label.c rc/label_db.c rc/label_file.c rc/label_internal.h rc/label_media.c rc/label_x.c rc/matchpathcon.c
d65c02f066fe8590fb5b5ea7479e47fde06eeb36	05-Dec-2011	Eric Paris <eparis@redhat.com>	bump version and changelog hangeLog ERSION
85cfd2fe2e7fc351e631cf622a3ddbdf2bbea17e	05-Dec-2011	Eric Paris <eparis@redhat.com>	libselinux: use -W and -Werror in utils Add the flags and fix the one build break. Signed-off-by: Eric Paris <eparis@redhat.com> tils/Makefile tils/getenforce.c
426d62472362b3320bfe4d60d8af2ed2dffeee37	02-Dec-2011	Richard Haines <richard_c_haines@btinternet.com>	libselinux: Add man/man5 man pages Add service_seusers(5) - those in the ./logins directory, seusers(5), user_contexts(5) - those in the ./contexts/users directory, virtual_domain_context(5) and virtual_image_context(5) man pages. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> an/man5/service_seusers.5 an/man5/seusers.5 an/man5/user_contexts.5 an/man5/virtual_domain_context.5 an/man5/virtual_image_context.5
accf6a433f650b2ced86305349c247c62480c22d	02-Dec-2011	Richard Haines <richard_c_haines@btinternet.com>	libselinux: Add man/man5 man pages Add failsafe_context(5), local.users(5), removable_contexts(5) and securetty_types(5) man pages. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> an/man5/failsafe_context.5 an/man5/local.users.5 an/man5/removable_context.5 an/man5/securetty_types.5
cc9e7e58652c0bd96e6597439a16993cab8190d9	02-Dec-2011	Richard Haines <richard_c_haines@btinternet.com>	libselinux: Add man/man5 man pages Add booleans(5), customizable_types(5), default_contexts(5) and default_type(5) man pages. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> an/man5/booleans.5 an/man5/customizable_types.5 an/man5/default_contexts.5 an/man5/default_type.5
af9608245a22ecb84e17735d5e74fd5a7d01f4b9	01-Dec-2011	Richard Haines <richard_c_haines@btinternet.com>	libselinux: Updated selabel_x(5) man page Updated selabel_x(5) with X-Windows context configuration file format and added x_contexts(5) man page that links to it. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> an/man5/selabel_x.5 an/man5/x_contexts.5
a566af7974aeed474e7db66867e0740f5855d7d9	01-Dec-2011	Richard Haines <richard_c_haines@btinternet.com>	libselinux: Updated selabel_media(5) man page Updated selabel_media(5) with media context configuration file format and added media(5) man page that links to it. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> an/man5/media.5 an/man5/selabel_media.5
30bd4567cf513904aaf3333a35802517b89b65cf	01-Dec-2011	Richard Haines <richard_c_haines@btinternet.com>	libselinux: Updated selabel_db(5) man page Updated selabel_db(5) with RDBMS context configuration file format and added sepgsql_contexts(5) man page that links to it. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> an/man5/selabel_db.5 an/man5/sepgsql_contexts.5
5f2e362d25ad0c38343e40dfc2668c8bfd9d3f56	01-Dec-2011	Richard Haines <richard_c_haines@btinternet.com>	libselinux: Updated selabel_file(5) man page Updated selabel_file(5) with file context configuration file format and added file_contexts(5) man page that links to it. selabel_file(5) also describes the .local, .homedirs, .subs and .subs_dist configuration file formats. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> an/man5/file_contexts.5 an/man5/selabel_file.5
aed37210a31f3bbfe40926065c83b0b82b0ecafc	27-Nov-2011	Richard Haines <richard_c_haines@btinternet.com>	libselinux: return EINVAL if invalid role selected For get_default_context_with_role(3) and get_default_context_with_rolelevel(3), return errno = EINVAL if invalid role. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/get_context_list.c
83161f73eaa046b530aec6e672aaffbe493838a4	27-Nov-2011	Richard Haines <richard_c_haines@btinternet.com>	libselinux: get_default_type now sets EINVAL if no entry. get_default_type(3) now returns with errno set to EINVAL if the entry does not exist. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/get_default_type.c
d0a8d81882c9b3eb7ad5601b45254a5c19479085	27-Nov-2011	Richard Haines <richard_c_haines@btinternet.com>	libselinux: Mapped compute functions now obey deny_unknown flag If selinux_set_mapping(3) is used to map classes, and an invalid class is used to compute a decision (tclass = 0), the result did not obey the status of the deny_unknown flag. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/compute_av.c
98234cf543474b8998c654cfc5b1d1cbc738c38b	27-Nov-2011	Richard Haines <richard_c_haines@btinternet.com>	libselinux: Remove assert in security_get_boolean_names(3) Remove assert in security_get_boolean_names(3) if the len invalid and stop seg fault if names is null. Set EINVAL instead and return error. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/booleans.c
7e81db0eb85755947619b6baa69049a7a726fa62	29-Nov-2011	Dan Walsh <dwalsh@redhat.com>	libselinux: selinuxswig_python.i: don't make syscall if it won't change anything Add a check to restorecon, to not change a context if the context on disk matches Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/selinuxswig_python.i
14e4b70b933a330fc1e63bf0ac5ebab4f9664062	03-Nov-2011	Eric Paris <eparis@redhat.com>	Bump Version and Changelog for commit hangeLog ERSION
d4a39ca15b5a41b545630aeaa04e96fe7c0346fe	29-Sep-2011	Eric Paris <eparis@redhat.com>	policycoreutils: label_file: style changes to make Eric happy. Sometimes sticking to 80 characters sucks a lot. I don't care. Buy a wider monitor so I can read the code. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/label_file.c
2b06f474006db3f32895dab9e393324febb9e16f	23-Sep-2011	Eric Paris <eparis@redhat.com>	libselinux: rename and export symlink_realpath symlink_realpath is used by both libselinux and policycoreutils. Instead of coding it twice, export the libselinux version under a new name that makes it sound more generic. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> nclude/selinux/selinux.h rc/matchpathcon.c
74a9a5296688e2617d669b346d3f5ef6e31ae2d9	27-Oct-2011	Dan Walsh <dwalsh@redhat.com>	libselinux: audit2why: close fd on enomem Potential file descriptor leak on this code path, need to close file descriptor if out of memory. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/audit2why.c
dd563b35e1f6918e5c96de29ea255b04ad34e891	24-Oct-2011	Dan Walsh <dwalsh@redhat.com>	libselinux: seusers: fix to handle large sets of groups If a user was in too many groups the check_group function might not pass a large enough buffer to getgrnam_r to handle things. This could return ERANGE which we then aborted. Instead we should make the buffer larger and try again. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/seusers.c
3b5e45f004e508cca8958f6e3a46961753af291e	20-Oct-2011	Dan Walsh <dwalsh@redhat.com>	libselinux: Don't reinitialize avc_init if it has been called previously Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/avc.c
9c46a0a3153124753e3afbd2090fea65a09e1df1	20-Oct-2011	Dan Walsh <dwalsh@redhat.com>	libselinux: simple interface for access checks Some programs, like passwd, need to do simeple one time access checks. Rather than set up a full avc cache and use that infrastructure they were directly using security_compute_av. A problem with this approach is the lack of audit on denials. This patch creates a new interface that is simple to use and which will still listen to things like permissive and output audit messages on denials. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> nclude/selinux/selinux.h an/man3/security_compute_av.3 an/man3/selinux_check_access.3 rc/checkAccess.c
023c9c1fdee963606d830b70db108bd9031390f4	03-Oct-2011	Eric Paris <eparis@redhat.com>	libselinux: label: cosmetic cleanups Return early to save an indent. Clean up all memory on ENOMEM conditions. Use '\0' instead of 0 for nul terminiator. Style changes to make Eric happy. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/label.c
c81a43c753efbda6f2106dbf0a291005683474f8	28-Sep-2011	Eric Paris <eparis@redhat.com>	libselinux: libsemanage: libsepol: regenerate .pc on VERSION change The makefile which generated the package config files did not have the VERSION file as a dependancy. Thus if you updated a tree you have previously build the .pc file wouldn't be rebuilt and the old version would be reinstalled. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/Makefile
b3b19fdce58ff6ddfa6dfb8e5576c922c96e1e45	22-Sep-2011	Eric Paris <eparis@redhat.com>	libselinux: load_policy: handle selinux=0 and /sys/fs/selinux not exist Handle situation where selinux=0 passed to the kernel and both /selinux and /sys/fs/selinux directories do not exist. We used to handle selinux=0 (or kernel compile without selinux) by getting ENODEV when we tried to mount selinuxfs on /selinux. Now selinux=0 means that /sys/fs/selinux won't exist and we never create the real directory /selinux at all. So we get ENOENT instead of ENODEV. The solution is to check to see if the mount failure was for ENODEV and if not to check if selinuxfs exists in /proc/filesystems at all. If it doesn't exist, that's equivalent to ENODEV. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> nclude/selinux/selinux.h rc/init.c rc/load_policy.c rc/selinux_internal.h
468bff095253171300a5faa4bb23f0b2524fde08	19-Sep-2011	Eric Paris <eparis@redhat.com>	tree: Makefiles: syntax, convert all ${VAR} to $(VAR) This is purely personal preference. Most of the Makefiles use $() for Makefile variables, but a couple of places use ${}. Since this obscured some later Makefile changes I figured I'd just make them all the same up front. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/Makefile
418dbc70e8e7b6b313a0a23455d24256c6807a46	16-Sep-2011	Eric Paris <eparis@redhat.com>	Bump version and changelog for all components. hangeLog ERSION
eb695e5a5618ede939af2f9c9daed7c53e14b50a	14-Sep-2011	Guido Trentalancia <guido@trentalancia.com>	whole tree: default make target to all not install Change the default "make" target for the libraries from "install" to "all" in the makefiles. Signed-off-by: Guido Trentalancia <guido@trentalancia.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> nclude/Makefile an/Makefile
e172b87a305e3ef602ae9caf3272fcb1cae0f1a3	14-Sep-2011	Eric Paris <eparis@redhat.com>	libselinux: put libselinux.so.1 in /lib not /usr/lib Commit 874bac80bbfbf0a5 incorrectly changed the default install location of libselinux.so.1 from /lib to /usr/lib. This patch fixes that problem by reverting that portion of the change. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/Makefile
7bfaa63839955b2f743f84f2d873fc13298f5777	15-Sep-2011	Eric Paris <eparis@redhat.com>	libselinux: src: matchpathcon: make sure resolved path starts with / Resolving paths from relative to absolute didn't always start with a /. Make sure they start with a /. Signed-off-by: Eric Paris <eparis@redhat.com> rc/matchpathcon.c
09b635fa20cb47d155ec67eb2909c0dd33c677cb	15-Sep-2011	Eric Paris <eparis@redhat.com>	libselinux: src: matchpathcon: use myprintf not fprintf Use the myprintf helper rather than fprintf directly. Signed-off-by: Eric Paris <eparis@redhat.com> rc/matchpathcon.c
bedd2a8dc4d95360fcc6dd870be04e615b4f2766	15-Sep-2011	Eric Paris <eparis@redhat.com>	libselinux: utils: matchpathcon: remove duplicate declaration We declare rc both for a function and inside a stanze. We only need it in the stanze so remove the declaration for the whole function. Signed-off-by: Eric Paris <eparis@redhat.com> tils/matchpathcon.c
1f8cf403be49dd8b918e2ff21969a6a47928d672	26-Aug-2011	Eric Paris <eparis@redhat.com>	update changelog and versions for 2011-08-26 hangeLog ERSION
bc1a8e2a4af543d04e8df70a92a5a7a3aeebf669	09-Mar-2011	Richard Haines <richard_c_haines@btinternet.com>	libselinux: selinux_file_context_verify function returns wrong value. selinux_file_context_verify(3) should now return the correct codes and matchpathcon(8) has been modified to handle them. The selinux_file_context_verify(3)and selinux_file_context_cmp(3) man pages have also been updated (re-written really) to correct return codes. I found that selabel_open left errno set to ENOENT because a file_contexts.subs file did not exist on my system, but left selabel_open alone and set errno = 0 before calling selinux_filecontext_cmp. [fix uninitialize init variable in matchpathcon.c::main - eparis] Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> nclude/selinux/selinux.h an/man3/selinux_file_context_cmp.3 an/man3/selinux_file_context_verify.3 rc/matchpathcon.c tils/matchpathcon.c
7df397d3d916e7018981b9fcf8062f992b4cec49	17-Aug-2011	Eric Paris <eparis@redhat.com>	libselinux: move realpath helper to matchpathcon library Instead of only doing path simplification and symlink following for the matchpathcon helper instead do it in the library potion. This was an issue when in python some called selinux.matchpatchcon("//lib64", 0) and got the wrong answer (because the // wasn't being dealt with) Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/matchpathcon.c tils/matchpathcon.c
57c6012f8662d8f40d42fe145a5ec55bbd1b0f73	22-Aug-2011	Dan Walsh <dwalsh@redhat.com>	libselinux: python wrapper makefile changes Allow Change libselinux Makefile to be able to build by default and to build if you change the version of Python Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/Makefile
6b6b475dcfe77dbf3d37b4f6e4fee3539346f359	17-Aug-2011	Eric Paris <eparis@redhat.com>	update changelog and VERSION for latest changes hangeLog ERSION
34d9c258dac686f4baa2e7f0d6f25f7e7ca5aac6	30-Mar-2011	Richard Haines <richard_c_haines@btinternet.com>	libselinux: mapping fix for invalid class/perms after selinux_set_mapping call Please find another libselinux patch. I've tested quite extensively with the compute_av and string functions with and without mapping and seems okay. The patch covers: When selinux_set_mapping(3) is used to set the class and permissions allowed by an object manager, then an invalid class and/or permissions are selected (e.g. using security_class_to_string), then mapping.c in libselinux forces an assert. This patch removes the asserts and allows the functions to return a class/perm of 0 (unknown) with errno set to EINVAL. A minor patch to set EINVAL in security_av_perm_to_string_compat is also included. All the functions to convert perms & classes to strings and back should now return the correct errno with or without mapping enabled. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/mapping.c rc/stringrep.c
8faf23de0b534a19555691e8ba111dcde8f02af3	03-Aug-2011	Eric Paris <eparis@redhat.com>	libselinux: audit2why: work around python bug not defining SIZEOF_SOCKET_T A at least one broken python headers didn't define SIZEOF_SOCKET_T. Define it if we happen upon one of those. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/audit2why.c
4ad18969546c16bd78206799de642af6eb2293ea	29-Jun-2011	Eric Paris <eparis@redhat.com>	libselinux: resolv symlinks and dot directories before matching paths matchpathcon cannot handle ./ or ../ in pathnames and doesn't do well with symlinks. This patch uses the glibc function realpath() to try to determine a real path with resolved symlinks and dot directories. For example before this pach we would see: $ matchpathcon /tmp/../eric /tmp/../eric <<none>> $ matchpathcon /eric /eric system_u:object_r:default_t:s0 Whereas after the path we get the same results. The one quirk with the patch is that we need special code to make sure that realpath() does not follow a symlink if it is the final component. aka if we have a symlink from /eric to /tmp/eric we do not want to resolv to /tmp/eric. We want to just resolv to the actual symlink /eric. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> tils/matchpathcon.c
47499404268aa4f064fe078710ccf7a139061753	04-Aug-2011	Eric Paris <eparis@redhat.com>	update repo for 2011-08-03 with version and changelog updates hangeLog ERSION
802369fbe2c7aadc6a9de3c5c5c4f60b81203d5d	05-Jul-2011	Eric Paris <eparis@redhat.com>	audit2allow: do not print statistics I believe this is just to stop flooding the screen with libsepol statistics every time you run audit2allow or any other libsepol command. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/audit2why.c
c7ed95f449882f8a3bba47ed71416f034e345042	29-Jun-2011	Eric Paris <eparis@redhat.com>	libselinux: make python bindings for restorecon work on relative path This patch just makes python bindings for restorecon work on relative paths. $ cd /etc $ python > import selinux > selinux.restorecon("resolv.conf") Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/selinuxswig_python.i
2ea80c28a560ede4ad318aa7ccbfd5f555264465	29-Jun-2011	Eric Paris <eparis@redhat.com>	libselinux: fix python audit2why binding error There is a missing error check in audit2why.c. Check for error and return NULL if we can't initialize instead of just pretending it worked. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/audit2why.c
63df0f7ef12844b9b86cc293299671da772fcf84	29-Jun-2011	Eric Paris <eparis@redhat.com>	libselinux: support new python3 functions python3 does not have PyString_FromString use PyBytes_FromString instead. The same for PyString_Check->PyBytes_Check and for PyString_AsString->PyBytes_AsString Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/selinuxswig_python.i
4f621a168682f96d0c98f7818493397766b13fd2	29-Jun-2011	Eric Paris <eparis@redhat.com>	libselinux: do not check fcontext duplicates on use Tools like restorecon or systemd, which load the fcontext database to make labeling decisions do not need to check for duplicate rules. Only the first rule will be used. Instead we should only check for duplicates when new rules are added to the database. And fail the transaction if we find one. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/label_file.c
874bac80bbfbf0a5af51bfa02cad2c233aac7273	24-Jun-2011	Daniel J Walsh <dwalsh@redhat.com>	Patch for python3 for libselinux Allow the specification of python3 in the swig creation This patch adds the new option PYPREFIX which causes the swig created libraries to have a prefix. This allows one to build both the python2 and python3 libraries in the same source tree. The install will then later strip this prefix back off when it drops the files into the python approriate site package directory. This patch also needs to update the PYINC definition as newer python patckages on fedora exist in /usr/include/python3.2mu instead of /usr/include/python3.2 as the other method of detemrining PYINC would have found. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/Makefile rc/audit2why.c
78b4b56857145367256ece69b78c89146e1a423d	02-Aug-2011	Eric Paris <eparis@redhat.com>	Made updates to checkpolicy libselinux and policycoreutils so update version and changelogs Signed-off-by: Eric Paris <eparis@redhat.com> hangeLog ERSION
84ea17b5f3dd06c47470a50e35e334236ceb2210	29-Jun-2011	Eric Paris <eparis@localhost.localdomain>	libselinux: move .gitignore into utils There is a .gitignore at the head of the directory but only contains entries for the utils directory. Move to the utils directory. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> gitignore tils/.gitignore
5ef65fd7846cb407e2327f494f85c52e1d5d2201	29-Jun-2011	Eric Paris <eparis@localhost.localdomain>	libselinux: new setexecon utility This utility will tell what context a new task will have after exec based on the pathname and the context of the launching task. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> an/man8/selinuxexeccon.8 tils/.gitignore tils/selinuxexeccon.c
441cf2ea924c13ed5002012aadd128f71d9e9c9d	18-Apr-2011	Richard Haines <richard_c_haines@btinternet.com>	libselinux: selabel_open fix processing of substitution files libselinux selabel_open function always processed the substitution files (if installed) from the active policy contexts/files/file_contexts.subs and subs_dist irrespective of the backend type or SELABEL_OPT_PATH setting. This patch now processes the correct subs files when selabel_open is called with SELABEL_CTX_FILE. The other backends could also process their own substitution files if needed in their own areas. [move the init declaration to label_internal.h - eparis] Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/label.c rc/label_file.c rc/label_internal.h
e3cab998b48ab293a9962faf9779d70ca339c65d	03-May-2011	Daniel J Walsh <dwalsh@redhat.com>	libselinux mountpoint changing patch. The Fedora Distribution is looking to standardize kernel subsystem file systems to be mounted under /sys/fs. They would like us to move /selinux to /sys/fs/selinux. This patch changes libselinux in the following ways: 1. load_policy will first check if /sys/fs/selinux exists and mount the selinuxfs at this location, if it does not exists it will fall back to mounting the file system at /selinux (if it exists). 2. The init functions of selinux will now check if /sys/fs/selinux is mounted, if it is and has an SELinuxfs mounted on it, the code will then check if the selinuxfs is mounted rw, if it is, libselinux will set the mountpoint, if it is readonly, libselinux will return no mountpoint. If /sys/fs/selinux does not exists, the same check will be done for /selinux and finally for an entry in /proc/mounts. NOTE: We added the check for RO, to allow tools like mock to be able to tell a chroot that SELinux is disabled while enforcing it outside the chroot. $ getenforce Enabled $ mount --bind /selinux /var/chroot/selinux $ mount -o remount,ro /var/chroot/selinux $ chroot /var/chroot $ getenforce Disabled 3. In order to make this work, I needed to stop enabled from checking if /proc/filesystem for entries if selinux_mnt did not exist. Now enabeled checks if selinux_mnt has been discovered otherwise it will report selinux disabled. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/enabled.c rc/init.c rc/load_policy.c rc/policy.h
e4f49b120abfa5a46280de59b64384449c8a63f6	22-Jun-2011	root <root@(none).(none)>	libselinux: simplify SRCS in Makefile The makefile does: SRCS= $(filter-out $A, $(filter-out $B, )) When it can just do: SRCS= $(filter-out $A $B, ) Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/Makefile
510003b63f3abd3039b1d154cab24fc13be0c581	01-Aug-2011	Eric Paris <eparis@redhat.com>	Minor version bump for updates as of 2011-08-01 checkpolicy libselinux libsemanage libsepol policycoreutils Signed-off-by: Eric Paris <eparis@redhat.com> hangeLog ERSION
6fe09c7080dc31a0215121e6afe3e27fbcb140d0	24-Jun-2011	Eric Paris <eparis@redhat.com>	libselinux: do not store generated files in git libselinux/src/selinux.py and libselinux/src/selinuxswig_wrap.c are both generated rather than being real code. Do not store them in git. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> rc/.gitignore rc/selinux.py rc/selinuxswig_python_exception.i rc/selinuxswig_wrap.c
44121f662411dbc17bf2e196911c655ee6969d59	26-Jul-2011	Steve Lawrence <slawrence@tresys.com>	Minor version bump for release Bump checkpolicy to 2.1.0 Bump libselinux to 2.1.0 Bump libsepol to 2.1.0 Bump libsemanage to 2.1.0 Bump policycoreutils to 2.1.0 Bump sepolgen to 1.1.0 hangeLog ERSION
c7512cf11cc9c4de2be8381a5fefe2b2d5f4bf5f	11-Apr-2011	Steve Lawrence <slawrence@tresys.com>	Revision version bump Bump checkpolicy to 2.0.24 Bump libselinux to 2.0.102 Bump libsepol to 2.0.43 Bump policycoreutils to 2.0.86 Signed-off-by: Steve Lawrence <slawrence@tresys.com> hangeLog ERSION
a0ea2d893df6d5ae57e941be5cad8e078de1c831	11-Apr-2011	Steve Lawrence <slawrence@tresys.com>	Fix plural secolor.conf in the man page and black/white mixup Signed-off-by: Steve Lawrence <slawrence@tresys.com> an/man3/selinux_raw_context_to_color.3 an/man5/secolor.conf.5 an/man5/secolors.conf.5
c99414fc1f0f04001f8bf76c34846b8b59cc5702	10-Apr-2011	Richard Haines <richard_c_haines@btinternet.com>	Add libselinux man pages for colour functions Add man pages for selinux_raw_context_to_color(5), selinux_colors_path(3) and secolors.conf(5). Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Steve Lawrence <slawrence@tresys.com> an/man3/selinux_colors_path.3 an/man3/selinux_raw_context_to_color.3 an/man5/secolors.conf.5
20b43b3fd3d392c4f12a963a4e46c264e7ed5163	06-Apr-2011	Daniel J Walsh <dwalsh@redhat.com>	This patch adds a new subs_dist file. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The idea is to allow distributions to ship a subs file as well as let the user modify subs. In F16 we are looking at shipping a file_contexts.subs_dist file like this cat file_contexts.subs_dist /run /var/run /run/lock /var/lock /var/run/lock /var/lock /lib64 /lib /usr/lib64 /usr/lib The we will remove all (64)? from policy. This will allow us to make sure all /usr/lib/libBLAH is labeled the same as /usr/lib64/libBLAH -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk2c1ksACgkQrlYvE4MpobNXcQCgqgAiQJxmwa1+NdIq8E3tQRp6 QT0An0ihA60di9CRsEqEdVbSaHOwtte5 =LXgd -----END PGP SIGNATURE----- Signed-off-by: Steve Lawrence <slawrence@tresys.com> nclude/selinux/selinux.h rc/file_path_suffixes.h rc/label.c rc/selinux_config.c rc/selinux_internal.h
1629d2f89a8c5f758413b87b94740aaaa5f21144	06-Apr-2011	Daniel J Walsh <dwalsh@redhat.com>	This patch cleans up a couple of crashes caused by libselinux -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If you fail to load_policy in the init or SELinux is disabled, you need to free the selinux_mnt variable and clear the memory. systemd was calling load_polcy on a DISABLED system then later on it would call is_selinux_enabled() and get incorrect response, since selinux_mnt still had valid data. The second bug in libselinux, resolves around calling the selinux_key_delete(destructor_key) if the selinux_key_create call had never been called. This was causing data to be freed in other applications that loaded an unloaded the libselinux library but never setup setrans or matchpathcon. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk2c0/UACgkQrlYvE4MpobMP1QCfXAFD3pfWFLd1lylU/vjsZmpM mcUAnA2l3/GKGC3hT8XB9E+2pTfpy+uj =jpyr -----END PGP SIGNATURE----- Signed-off-by: Steve Lawrence <slawrence@tresys.com> nclude/selinux/selinux.h rc/init.c rc/load_policy.c rc/matchpathcon.c rc/selinux_internal.h rc/setrans_client.c
5c6729b4d26fe6b3e64f9301efe6b0fa7d5c8487	06-Apr-2011	Daniel J Walsh <dwalsh@redhat.com>	Resend: This patch causes the mount points created in load_policy to have a proper name -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/06/2011 05:10 PM, Daniel J Walsh wrote: > "proc" and "selinuxfs" > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk2c14AACgkQrlYvE4MpobMC7gCglauBYIKMfBRUcQPaMGKTzYZV udUAn3X/rgUgJ55401IVwyCHC051bGQA =47TI -----END PGP SIGNATURE----- Signed-off-by: Steve Lawrence <slawrence@tresys.com> rc/load_policy.c
acd3b7f9f1b7f52880ab80e4a4fa42e793017a36	23-Mar-2011	Stephen Smalley <sds@tycho.nsa.gov>	Bump libselinux to 2.0.101 hangeLog ERSION
c4737c2e3281f6d5ebece9a85d87c5ed366f9af1	06-Jan-2011	KaiGai Kohei <kaigai@ak.jp.nec.com>	add db_language support on label_db.c The attached patch add support db_language object class to the selabel_lookup(_raw) interfaces. It is needed to inform object manager initial label of procedural language object. Thanks, -- KaiGai Kohei <kaigai@ak.jp.nec.com> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> nclude/selinux/label.h rc/label_db.c
44d8ff2b0f560a086b8bab254c20cd21f4c54788	09-Mar-2011	Eamon Walsh <ewalsh@tycho.nsa.gov>	bump libselinux to 2.0.100 Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> hangeLog ERSION
f0b3127ca3c99ae218dba43a6e3f7430081c412b	09-Mar-2011	Eamon Walsh <ewalsh@tycho.nsa.gov>	Use library destructors to destroy per-thread keys. This prevents the key destructors, intented to free per-thread heap storage, from being called after libselinux has been unloaded. Fixes https://bugzilla.redhat.com/show_bug.cgi?id=680887 Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> rc/matchpathcon.c rc/selinux_internal.h rc/setrans_client.c
fdab2ec2791e6b964055cbb5cde0de3391efe0a9	01-Mar-2011	Steve Lawrence <slawrence@tresys.com>	bump libselinux to 2.0.99 Signed-off-by: Steve Lawrence <slawrence@tresys.com> ERSION
6caa4cbe32e68bf3296ce8cbcf218509e58b550c	01-Mar-2011	Daniel J Walsh <dwalsh@redhat.com>	selinux man page fixes Signed-off-by: Steve Lawrence <slawrence@tresys.com> an/man8/selinux.8
bc2a8f418e3b7bd9c2abd83e441a45ad59631f1f	01-Mar-2011	KaiGai Kohei <kaigai@ak.jp.nec.com>	libselinux: add selinux_status_* interfaces for /selinux/status The attached patch adds several interfaces to reference /selinux/status according to sequential-lock logic. selinux_status_open() open the kernel status page and mmap it with read-only mode, or open netlink socket as a fallback in older kernels. Then, we can obtain status information from the mmap'ed page using selinux_status_updated(), selinux_status_getenfoce(), selinux_status_policyload() or selinux_status_deny_unknown(). It enables to help to implement userspace avc with heavy access control decision; that we cannot ignore the cost to communicate with kernel for validation of userspace caches. Signed-off-by: Steve Lawrence <slawrence@tresys.com> nclude/selinux/avc.h an/man3/selinux_status_close.3 an/man3/selinux_status_deny_unknown.3 an/man3/selinux_status_getenforce.3 an/man3/selinux_status_open.3 an/man3/selinux_status_policyload.3 an/man3/selinux_status_updated.3 rc/sestatus.c
d17ed0d90d100acb4d270613d12988f909cc1c3f	16-Dec-2010	Chad Sellers <csellers@tresys.com>	bump checkpolicy to 2.0.23 bump libselinux to 2.0.98 bump libsepol to 2.0.42 bump libsemanage to 2.0.46 Signed-off-by: Chad Sellers <csellers@tresys.com> hangeLog ERSION
7bc4ffb5df96c2acaac80f3e7c7c8e27faccd627	14-Dec-2010	Daniel J Walsh <dwalsh@redhat.com>	Author: Daniel J Walsh Email: dwalsh@redhat.com Subject: I think it is time to turn off default user handling in libselinux Date: Mon, 13 Dec 2010 13:28:01 -0500 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This patch will turn this handling off. Meaning you will not end up with some bizarro context and fail to login if the login program can not figure how to log you in. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk0GZbEACgkQrlYvE4MpobOF7QCgsD1XYuNC6B5MyIezCZvN9mYL UX4AoOe9GsP3bhuvMBPea9LXeV/7tCPS =B9Pk -----END PGP SIGNATURE----- Signed-off-by: Chad Sellers <csellers@tresys.com> rc/get_context_list.c
705071c6b178dd5df710c69cc21d24b662eebe42	03-Dec-2010	Eamon Walsh <ewalsh@tycho.nsa.gov>	bump libselinux to 2.0.97 Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> hangeLog ERSION
569ce5498553b87dc7af343b2efb4da8d3ecdb4f	03-Dec-2010	Eamon Walsh <ewalsh@tycho.nsa.gov>	matchpathcon: Close selabel handle in thread destructor. This is necessary because the handle is thread-local. Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> rc/matchpathcon.c
a00fd94a46e92a233f4e613660e9962918f28207	03-Dec-2010	Eamon Walsh <ewalsh@tycho.nsa.gov>	selabel: Store substitution data in the handle instead of globally. This is for thread safety. Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> rc/label.c rc/label_internal.h
a29ff33baf366825c0fbe721d30b12b5b96a64e1	02-Dec-2010	Eamon Walsh <ewalsh@tycho.nsa.gov>	Implement destructors for thread-local heap data. Description of problem: Use of __thread variables is great for creating a thread-safe variable, but only insofar as the contents of that variable can safely be abandoned on pthread_exit(). The moment you store malloc()d data into a __thread void* variable, you have leaked memory when the thread exits, since there is no way to associate a destructor with __thread variables. The _only_ safe way to use thread-local caching of malloc()d data is to use pthread_key_create, and associate a destructor that will call free() on the resulting data when the thread exits. libselinux is guilty of abusing __thread variables to store malloc()d data as a form of a cache, to minimize computation by reusing earlier results from the same thread. As a result of this memory leak, repeated starting and stopping of domains via libvirt can result in the OOM killer triggering, since libvirt fires up a thread per domain, and each thread uses selinux calls such as fgetfilecon. Version-Release number of selected component (if applicable): libselinux-2.0.94-2.el6.x86_64 libvirt-0.8.1-27.el6.x86_64 How reproducible: 100% Steps to Reproduce: 0. These steps are run as root, assuming hardware kvm support and existence of a VM named fedora (adjust the steps below as appropriate); if desired, I can reduce this to a simpler test case that does not rely on libvirt, by using a single .c file that links against libselinux and repeatedly spawns threads. 1. service libvirtd stop 2. valgrind --quiet --leak-check=full /usr/sbin/libvirtd& pid=$! 3. virsh start fedora 4. kill $pid Actual results: The biggest leak reported is due to libselinux' abuse of __thread: ==26696== 829,730 (40 direct, 829,690 indirect) bytes in 1 blocks are definitely lost in loss record 500 of 500 ==26696== at 0x4A0515D: malloc (vg_replace_malloc.c:195) ==26696== by 0x3022E0D48C: selabel_open (label.c:165) ==26696== by 0x3022E11646: matchpathcon_init_prefix (matchpathcon.c:296) ==26696== by 0x3022E1190D: matchpathcon (matchpathcon.c:317) ==26696== by 0x3033ED7FB5: SELinuxRestoreSecurityFileLabel (security_selinux.c:381) ==26696== by 0x3033ED8539: SELinuxRestoreSecurityAllLabel (security_selinux.c:749) ==26696== by 0x459153: qemuSecurityStackedRestoreSecurityAllLabel (qemu_security_stacked.c:257) ==26696== by 0x43F0C5: qemudShutdownVMDaemon (qemu_driver.c:4311) ==26696== by 0x4555C9: qemudStartVMDaemon (qemu_driver.c:4234) ==26696== by 0x458416: qemudDomainObjStart (qemu_driver.c:7268) ==26696== by 0x45896F: qemudDomainStart (qemu_driver.c:7308) ==26696== by 0x3033E75412: virDomainCreate (libvirt.c:4881) ==26696== Basically, libvirt created a thread that used matchpathcon during 'virsh start fedora', and matchpathcon stuffed over 800k of malloc'd data into: static __thread char **con_array; which are then inaccessible when libvirt exits the thread as part of shutting down on SIGTERM. Expected results: valgrind should not report any memory leaks related to libselinux. Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> Reported-by: Eric Blake <eblake@redhat.com> Tested-by: Eric Blake <eblake@redhat.com> rc/matchpathcon.c rc/selinux_internal.h rc/setrans_client.c
fe19c7a6acf984f20875bbc1c3735e9796fc98ca	14-Jun-2010	Chad Sellers <csellers@tresys.com>	bump libselinux to 2.0.96 and checkpolicy to 2.0.22 Signed-off-by: Chad Sellers <csellers@tresys.com> hangeLog ERSION
6a17cfaafcdab82c9909eccff56968913b36a631	14-Jun-2010	KaiGai Kohei <kaigai@ak.jp.nec.com>	Author: KaiGai Kohei Email: kaigai@ak.jp.nec.com Subject: libselinux APIs should take "const" qualifier? Date: Tue, 23 Mar 2010 11:56:36 +0900 (2010/03/19 22:32), Stephen Smalley wrote: > On Fri, 2010-03-19 at 16:52 +0900, KaiGai Kohei wrote: >> Right now, security_context_t is an alias of char , declared in selinux.h. >> >> Various kind of libselinux API takes security_context_t arguments, >> however, it is inconvenience in several situations. >> >> For example, the following query is parsed, then delivered to access >> control subsystem with the security context as "const char " cstring. >> >> ALTER TABLE my_tbl SECURITY LABEL TO 'system_u:object_r:sepgsql_table_t:SystemHigh'; >> const char <---- ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >> >> In this case, we want to call selinux_trans_to_raw_context() to translate >> the given security context into raw format. But it takes security_context_t >> argument for the source context, although this pointer is read-only. >> In the result, compiler raises warnings because we gave "const char " pointer >> into functions which take security_context_t (= char ). >> >> Any comments? >> >> It seems to me the following functions' prototype should be qualified by >> "const". > > That seems reasonable and should have no impact on library ABI. > On the other hand, others have pointed out that security_context_t is > not a properly encapsulated data type at all, and perhaps should be > deprecated and replaced with direct use of char/const char* throughout. > > There are other library API issues as well that have come up in the > past, such as lack of adequate namespacing (with approaches put forth), > but we don't ever seem to get a round tuit. At first, I tried to add const qualifiers read-only security_context_t pointers, but didn't replace them by char /const char yet, right now. BTW, I could find out the following code: int security_compute_create(security_context_t scon, security_context_t tcon, security_class_t tclass, security_context_t * newcon) { int ret; security_context_t rscon = scon; security_context_t rtcon = tcon; security_context_t rnewcon; if (selinux_trans_to_raw_context(scon, &rscon)) return -1; if (selinux_trans_to_raw_context(tcon, &rtcon)) { freecon(rscon); return -1; } : In this case, scon and tcon can be qualified by const, and the first argument of selinux_trans_to_raw_context() can take const pointer. But it tries to initialize rscon and tscon by const pointer, although these are used to store raw security contexts. The selinux_trans_to_raw_context() always set dynamically allocated text string on the second argument, so we don't need to initialize it anyway. I also removed these initializations in this patch. Does the older mcstrans code could return without allocation of raw format when the given scon is already raw format? I don't know why these are initialized in this manner. Thanks. -- KaiGai Kohei <kaigai@ak.jp.nec.com> Signed-off-by: Chad Sellers <csellers@tresys.com> nclude/selinux/avc.h nclude/selinux/selinux.h rc/avc.c rc/avc_sidtab.c rc/canonicalize_context.c rc/check_context.c rc/compute_av.c rc/compute_create.c rc/compute_member.c rc/compute_relabel.c rc/compute_user.c rc/fsetfilecon.c rc/is_customizable_type.c rc/lsetfilecon.c rc/procattr.c rc/selinux_check_securetty_context.c rc/setfilecon.c rc/setrans_client.c
0750eb51143bb3f440d562fed80ef930bf3bfe85	10-Jun-2010	Chad Sellers <csellers@tresys.com>	bump libselinux to 2.0.95 hangeLog ERSION
537721089af4466962e1520a571e4478d040edb3	10-Jun-2010	Steve Lawrence <slawrence@tresys.com>	Author: Steve Lawrence Email: slawrence@tresys.com Subject: Add chcon method to libselinux python bindings Date: Mon, 7 Jun 2010 17:40:05 -0400 Adds a chcon method to the libselinux python bindings to change the context of a file/directory tree. Signed-off-by: Chad Sellers <csellers@tresys.com> rc/selinuxswig_python.i
8f007923dd4ff89652479587d96e22bc63dbf822	02-Jun-2010	Chad Sellers <csellers@tresys.com>	[PATCH] Remove duplicate slashes in paths in selabel_lookup This patch simply removes duplicate slashes (meaning "//") from pathnames passed into selabel_lookup. It does not do a full realpath() calculation (e.g. following symlinks, etc.), as the client should really do that before calling into libselinux. Signed-off-by: Chad Sellers <csellers@tresys.com> rc/label_file.c
734f7621b8b4e6d8af0746ed9cce927a80667470	24-Mar-2010	Joshua Brindle <method@manicmethod.com>	bump libselinux to 2.0.94 hangeLog ERSION
7dcf27a7916db8172db015439ded5b914da25bc1	24-Mar-2010	Daniel J Walsh <dwalsh@redhat.com>	Patch to context_new to set errno to EINVAL on bad values Signed-off-by: Joshua Brindle <method@manicmethod.com> rc/context.c
386ab8df8e2f0ab4938edaa4a82779ef2c794a9c	18-Mar-2010	Eamon Walsh <ewalsh@tycho.nsa.gov>	Typo fix in ChangeLog. Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> hangeLog
e53b2cebf21b5e793642cbc6b12334407756734d	18-Mar-2010	Joshua Brindle <method@manicmethod.com>	Merge branch 'master' of oss.tresys.com:/home/git/selinux
5af082709774bd19e7b6836eccc6bfb162a87185	18-Mar-2010	Daniel J Walsh <dwalsh@redhat.com>	Author: Daniel J Walsh Email: dwalsh@redhat.com Subject: Small patch to fix is_selinux_enabled man page. Date: Tue, 16 Mar 2010 12:35:22 -0400 Signed-off-by: Joshua Brindle <method@manicmethod.com> an/man3/is_selinux_enabled.3
0b2e0bd5d0b05e5f498ba9ea51af8fa7bb8ac788	16-Mar-2010	Eamon Walsh <ewalsh@tycho.nsa.gov>	Bump libselinux to 2.0.93 hangeLog ERSION
dbbd0ab9038349e6f085f575fc0fdfd4791710b3	15-Mar-2010	Eamon Walsh <ewalsh@tycho.nsa.gov>	Show strerror for security_getenforce(). Patch by Colin Waters. Acked-by: Stephen Smalley <sds@tycho.nsa.gov> rc/avc.c
70aeeb918aa721ad90ed8e1b433a55c8ecf2cb83	15-Mar-2010	Eamon Walsh <ewalsh@tycho.nsa.gov>	This patch allows selabel_() interfaces to provide an expected security context for the given database object identified by its name and object class. It is necessary to implement a feature something like the restorecon on databases. The specfile shall be described as follows: ------------------------ # # The specfile for database objects # (for SE-PostgreSQL) # # <object class> <object name> <security context> # db_database system_u:object_r:sepgsql_db_t:s0 db_schema .pg_catalog system_u:obejct_r:sepgsql_sys_schema_t:s0 db_schema .* system_u:object_r:sepgsql_schema_t:s0 db_table .pg_catalog. system_u:object_r:sepgsql_sysobj_t:s0 db_table ..* system_u:object_r:sepgsql_table_t:s0 ------------------------ - All the characters after the '#' are ignored. - Wildcards ('' and '?') are available. - It returns the first match security context. Note that hierarchy of the namespace of database objects depends on RDBMS. So, author of the specfile needs to write correct patterns which are suitable for the target RDBMS. The patched selabel_() interfaces don't have any heuristics for the namespace hierarchy to be suitable for widespread RDBMSs. In the case of SE-PgSQL, when we lookup an expected security context for the 'my_table' table in the 'public' schema and 'postgres' database, the caller shall provide 'postgres.public.my_table' as a key. In the default, it tries to read a specfile which maps database objects and security context from the /etc/selinux/$POLICYTYPE/contexts/sepgsql_contexts. Note that when another RDBMS uses this interface, it needs to give an explicit SELABEL_OPT_PATH option on the selabel_open(). Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com> Acked-by: Eamon Walsh <ewalsh@tycho.nsa.gov> nclude/selinux/label.h nclude/selinux/selinux.h an/man3/selabel_open.3 an/man3/selinux_binary_policy_path.3 an/man5/selabel_db.5 rc/file_path_suffixes.h rc/label.c rc/label_db.c rc/label_internal.h rc/selinux_config.c rc/selinux_internal.h
61d005b739f34b9471244428769a156d57358c9c	26-Feb-2010	Eamon Walsh <ewalsh@tycho.nsa.gov>	libselinux: fix avc_netlink_loop() error caused by nonblocking mode. avc_open() creates the netlink socket in nonblocking mode. If the application later takes control of the netlink socket with avc_netlink_acquire_fd() and then calls avc_netlink_loop(), it will fail with EWOULDBLOCK. To remedy this, remove the O_NONBLOCK flag from the netlink socket at the start of avc_netlink_loop(). Also, with this fix, there is no need for avc_open() to ever create a blocking socket, so change that and update the man page. -v2: use poll() in avc_netlink_check_nb(). This makes both avc_netlink_loop() and avc_netlink_check_nb() independent of the O_NONBLOCK flag. -v3: move poll() to avc_receive() internal function; patch by KaiGai Kohei <kaigai@kaigai.gr.jp> Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> an/man3/avc_netlink_loop.3 rc/avc.c rc/avc_internal.c
e6bfff4372a2bf5fe8dbd1de49ffb6cf366b39e0	07-Mar-2010	Joshua Brindle <method@manicmethod.com>	bump libsemanage to 2.0.45 and libselinux to 2.0.92 hangeLog ERSION
7420787817c4949276d7947202b49d78eba37c13	24-Feb-2010	Daniel J Walsh <dwalsh@redhat.com>	updated libselinux pkgconfig does not work correctly on lib64 machines. On 02/24/2010 02:24 PM, Daniel J Walsh wrote: > Ignore the first patch it was missing pc.in files. Acked-by: Eamon Walsh <ewalsh@tycho.nsa.gov> Signed-off-by: Joshua Brindle <method@manicmethod.com> rc/Makefile rc/libselinux.pc.in
d03b94113615c1751b8a074bbd4064d915c70ff9	06-Mar-2010	Joshua Brindle <method@manicmethod.com>	regenerate swig wrappers rc/selinux.py rc/selinuxswig_wrap.c
660f70f4c4c169214da8ac670fbecfb37ce3d2d5	28-Feb-2010	Daniel J Walsh <dwalsh@redhat.com>	Author: Daniel J Walsh Email: dwalsh@redhat.com Subject: Fix memory leak on disabled selinux machines. Date: Wed, 24 Feb 2010 14:15:31 -0500 I think this patch originally came from Eric Paris and was updated by others but has not been adopted yet. Not sure why. Always free buf on exit. Signed-off-by: Joshua Brindle <method@manicmethod.com> rc/init.c
955f8d8e288bbba32732a661d1db6b2c471ae91e	22-Feb-2010	Stephen Smalley <sds@tycho.nsa.gov>	libselinux 2.0.91 hangeLog ERSION
070505f16f59b1ddbc6af670a04a3610253f50fc	16-Feb-2010	Stephen Smalley <sds@tycho.nsa.gov>	label_file.c:434: error: implicit declaration of function 'fstat' On Mon, 2010-02-15 at 14:19 -0800, Justin Mattock wrote: > this is new: > > > make[2]: Leaving directory `/home/kernel/selinux/libselinux/include' > make -C src install > make[2]: Entering directory `/home/kernel/selinux/libselinux/src' > cc -Werror -Wall -W -Wundef -Wshadow -Wmissing-noreturn > -Wmissing-format-attribute -I../include -I/usr/include -D_GNU_SOURCE > -D_FILE_OFFSET_BITS=64 -c -o label_file.o label_file.c > cc1: warnings being treated as errors > label_file.c: In function 'init': > label_file.c:434: error: implicit declaration of function 'fstat' > label_file.c:436: error: implicit declaration of function 'S_ISREG' > make[2]: * [label_file.o] Error 1 > make[2]: Leaving directory `/home/kernel/selinux/libselinux/src' > make[1]: * [install] Error 2 > make[1]: Leaving directory `/home/kernel/selinux/libselinux' > make: *** [install] Error 1 > > three areas where this could of been created > update glibc > updated kernel > update userspace(altohugh there was not vary many commits in the pull). Newer glibc headers expose a failure to #include the required headers for stat(2). Also exposes a conflict in redefining close() in that file. Patch below should fix. rc/label_file.c
0fc6c7762c2174a5fb3b978891b0adf8930aa184	05-Feb-2010	Stephen Smalley <sds@tycho.nsa.gov>	libselinux: Only audit permissions specified by the policy Only audit the permissions specified by the policy, excluding any permissions specified via dontaudit or not specified via auditallow. This only shows up when a single avc_has_perm() call is made with multiple permissions where some of those permissions are dontaudit'd or auditallow'd while others are not. The corresponding kernel patch has already been applied, see: http://git.kernel.org/?p=linux/kernel/git/jmorris/security-testing-2.6.git;a=commit;h=b6cac5a30b325e14cda425670bb3568d3cad0aa8 Signed-off-by: Stephen D. Smalley <sds@tycho.nsa.gov> rc/avc.c
32cf5d539b4b4852d9de966578eae3ad5560cd63	27-Nov-2009	Joshua Brindle <method@manicmethod.com>	bump checkpolicy to 2.0.21, libselinux to 2.0.90 and sepolgen to 1.0.19 hangeLog ERSION
a69fb97edd244b94b2289ee3d0874f989b6ffe9c	20-Oct-2009	Manoj Srivastava <srivasta@debian.org>	exception.sh contains bashisms Hi folks, The script, src/exception.sh, contains so called bashisms (constructs not supported by POSIX, but present as bash extensions). This means when trying to build on systems where /bin/sh is not bash, the build fails with an error. This patch uses bash to run exception.sh. This bug affects a significant subset of Debian and Debian derivative machines. manoj Signed-off-by: Manoj Srivastava <srivasta@debian.org> Signed-off-by: Joshua Brindle <method@manicmethod.com> rc/Makefile
48412c39302de7dfd1ba20d8bab042e6fa082c33	27-Nov-2009	Joshua Brindle <method@manicmethod.com>	Author: Guido Trentalancia Email: guido@trentalancia.com Subject: Contributed manual pages for libselinux Date: Sat, 21 Nov 2009 20:51:17 +0100 Hello Eamon ! On Fri, 2009-11-20 at 21:42 -0500, Eamon Walsh wrote: > Hi, thanks for doing this. Some quick review below. You are welcome, I suppose it was a boring task for many... Thanks very much for reviewing the changes. And please accept my apologies for not placing "[PATCH]" in the subject of the original post. I had just subscribed to the list. I left you cc address intact here... > There is too much in matchpathcon(3) now. It's going to need to be > split up into different pages, perhaps the init/fini/teardown stuff in > one page, the lookup calls in another, and the non-matchpathcon prefixed > calls in a third page. > > Also, .so manpage links are needed for all the calls here. Yes, matchpathcon is a mess. Following your guidelines, I have now splitted the huge and messy page in several different man pages. It's easier to consult and easier to maintain. The first part (page) is strictly related to _init, its variant _init_index, _fini, matchpathcon and its variant matchpathcon_index. Nice and concise. References are provided in the "SEE ALSO" section to the rest. The second page describes the auxiliary lookup calls (matchpathcon_checkmatches) and the inode associations functions (matchpathcon_filespec_{add,destroy,eval}). The reference section points to the main matchpathcon page. A third page has been created for the functions that are used to set the flags (set_matchpathcon_flags) or to configure the behaviour of the main matchpathcon functions (set_matchpathcon_invalidcon and set_matchpathcon_printf). A fourth and fifth page is devoted to functions that should never had ended up in matchpathcon (selinux_file_context_cmp and selinux_file_context_verify in one page and selinux_lsetfilecon_default in another one): we do not really need to save electrons needed for new pages... > > > > * print_access_vector > > > > Looks good. No modifications. > > * security_disable > > > > See the selinux.h comments for this. It needs to be documented that > this function can only be called at startup time. Ok. I have stressed that now and also mentioned that after the policy has been loaded at startup, then only "setenforce" can be used to alter (not disable) the mode of the SELinux kernel code (for example by placing it into "permissive" mode). > > * security_set_boolean_list > > > > a RETURN VALUE section is needed in this page, documenting at least this > call if not the others in that page. I have now added a "RETURN VALUE" section. Also, to avoid confusion, I have rephrased the word "returns" in "provides" when not strictly referring the to the return value of the function (take for example security_get_boolean_names(), strictly speaking the function returns an integer representing 0=success or -1=failure, although from a conceptual point of view it also returns a list trough modification of one of its parameters passed by reference). Usually when an application developer looks at the "RETURN VALUE" section it is because he/she has already planned/coded the call to the function (and thus also the handling to parameters passed by reference) and only needs to check for the function exit status so that it can be handled properly at the call point. > > * selinux_check_passwd_access > > > > This is a replacement for the inconsistently named "checkPasswdAccess" > function. So, the existing description of checkPasswdAccess should be > moved to this function, and checkPasswdAccess should be changed to "this > is a deprecated alias for selinux_check_passwd_access". Yes, I have now mentioned that checkPasswdAccess is deprecated. We are referring to file security_compute_av.3 as the description of these two functions lives there... By the way, it has been pointed out that this function should not hard-code a string. I also agree with him, there is a generic constant for such "passwd" object class, it is defined in flask.h could be used instead of the string, thus avoiding hard-coding and also allowing to save a few cycles and be theoretically future-proof (if ever the name would change, say to "password", "auth-token" or anything else). libselinux/src/checkAccess.c.orig 2009-11-21 20:07:21.000000000 libselinux/src/checkAccess.c 2009-11-21 20:08:36.000000000 @@ -13,17 +13,12 @@ int selinux_check_passwd_access(access_v if (is_selinux_enabled() == 0) return 0; if (getprevcon_raw(&user_context) == 0) { - security_class_t passwd_class; struct av_decision avd; int retval; - passwd_class = string_to_security_class("passwd"); - if (passwd_class == 0) - return 0; - retval = security_compute_av_raw(user_context, user_context, - passwd_class, + SECCLASS_PASSWD, requested, &avd); Note that the above code, should really live in the application and not in the selinux library. It used to be like that, then for some reason it has been introduced. Redhat's passwd and cronie are calling the library function and thus at the moment they rely on it. But for example, util-linux-ng has the code in it and does not call this function, as I believe it should be. A very minor issue anyway... > > * selinux_init_load_policy > > > > A paragraph break is needed in the DESCRIPTION section before this function. Done. I have also added a note to the already mentioned fact that after initial policy load, SELinux cannot be anymore disabled using calls to security_disable(3). > > * selinux_lsetfilecon_default > > > > See notes above about the matchpathcon manpage. Yes, separate man page now. > > * selinux_mkload_policy > > > > Looks good. No modifications. > > * set_selinuxmnt > > > > This manpage includes two static functions that are not part of the > libselinux API (at least, not anymore) and should be removed. > > Also, I'm not comfortable with the description given. Instead, use the > comments in selinux.h, which are more accurate and verbose. > Please let me know if things are any better now. I did also provide on the same day a patch for beautifying and improving the command-line option parsing of a few utilities (a ticket had been created by somebody). That patch provides those improvement according to GNU-style parsing of "help" and "version" options (including long-option variants). I think it also fixes a couple of typos here and there. Feel free to include that patch too if you like it, so that the ticket can be closed ! I will attach it again in another separate message: it has been slightly modified in order to apply cleanly to the latest git snapshot. More important, I was also thinking about fingerprinting (and subsequently checking) the libraries with some cryptographic hash function such as the NIST-recommended SHA2. It is beginning to be done for security-related projects like OpenSSL, so I believe it is even more essential for SELinux. Ever thought about anything like that ? Best regards, Guido Signed-off-By: Joshua Brindle <method@manicmethod.com> an/man3/fini_selinuxmnt.3 an/man3/init_selinuxmnt.3 an/man3/matchpathcon.3 an/man3/matchpathcon_checkmatches.3 an/man3/matchpathcon_filespec_add.3 an/man3/matchpathcon_filespec_destroy.3 an/man3/matchpathcon_filespec_eval.3 an/man3/matchpathcon_index.3 an/man3/print_access_vector.3 an/man3/security_class_to_string.3 an/man3/security_compute_av.3 an/man3/security_disable.3 an/man3/security_load_booleans.3 an/man3/security_load_policy.3 an/man3/security_mkload_policy.3 an/man3/selinux_binary_policy_path.3 an/man3/selinux_check_passwd_access.3 an/man3/selinux_file_context_cmp.3 an/man3/selinux_file_context_verify.3 an/man3/selinux_lsetfilecon_default.3 an/man3/set_matchpathcon_flags.3 an/man3/set_matchpathcon_invalidcon.3 an/man3/set_matchpathcon_printf.3 an/man3/set_selinuxmnt.3
7cdfd6e659dde3c7988e78ab2322a35e67ca8726	29-Oct-2009	Eamon Walsh <ewalsh@tycho.nsa.gov>	Bump libsepol to 2.0.40, libselinux to 2.0.89, libsemanage to 2.0.41. hangeLog ERSION
12777502c638698a9e1dd6748a2309cb87946a65	21-Oct-2009	Eamon Walsh <ewalsh@tycho.nsa.gov>	Add pkgconfig files for libsepol, libselinux, and libsemanage. Having a pkgconfig files allows the pkg-config tool to be used to query the presence of the library (or a particular version of it), and to obtain the C flags and linker arguments to build with it. Based on Debian patches by Manoj Srivastava <srivasta@debian.org>. Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> rc/Makefile rc/libselinux.pc.in
6f4660679f0051e3608c11050b7a52882e667b52	22-Oct-2009	Chad Sellers <csellers@tresys.com>	Bump libselinux to 2.0.88 and libsemanage to 2.0.40 hangeLog ERSION
7d19f9df510daef5dc929df5854c2dda2a64f475	20-Oct-2009	Chad Sellers <csellers@tresys.com>	libselinux: Export reset_selinux_config() In integrating SELinux policy into rpm, we have a need to be able to reset the configuration data (e.g. policy type) loaded into libselinux. These values are currently loaded lazily by a number of different functions (e.g. matchpatchcon_init()). Since we are changing rpm to install policy, including initial base policy, we need to be able to reload these configuration items after the policy has been installed. reset_selinux_config() already exists and is used by selinux_init_load_policy() for a similar reason, but it is not exported. This was probably intentionaly since it is not thread safe at all. That said, rpm needs to do the same thing. This patch makes the function public, and places a warning in the header comment that it is not thread safe. Signed-off-by: Chad Sellers <csellers@tresys.com> nclude/selinux/selinux.h rc/load_policy.c rc/selinux_config.c rc/selinux_internal.h
0857e3e4782789a326426e1284dce95ba6d6b851	21-Oct-2009	Eamon Walsh <ewalsh@tycho.nsa.gov>	Add subdirectory .gitignore files. These take care of executables and generated source files. Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> gitignore
0e421afd55407cf5e6e3793558e4449aef6fcf52	24-Sep-2009	Joshua Brindle <method@manicmethod.com>	bump libselinux to 2.0.87 and libsemanage to 2.0.39 hangeLog ERSION
00f0d550d556ec4cda88cc89aa5a63e6aa043fad	24-Sep-2009	Daniel J Walsh <dwalsh@redhat.com>	Author: Daniel J Walsh Email: dwalsh@redhat.com Subject: refpolicy: nsalibselinux_utils_matchpathcon.c changes Date: Tue, 07 Jul 2009 12:30:52 -0400 --text follows this line-- Signed-off-by: Joshua Brindle <method@manicmethod.com> tils/matchpathcon.c
94c51ba3b12e476c0b7108c9d83b939ed56b8359	24-Sep-2009	Joshua Brindle <method@manicmethod.com>	make swigify rc/selinux.py rc/selinuxswig_python_exception.i rc/selinuxswig_wrap.c
8569b09417ac29b1792da6241f0745b76367f813	24-Sep-2009	Joshua Brindle <method@manicmethod.com>	This updates commit 66d07600075d53735197520e4a5bbe6796a89d25 This seems to work better on my system (aux-info on temp.c didn't do anything) Also it fixes the noted Makefile issues rc/Makefile
95d8143b35913fc34bb6c92f7c36f2e155c53049	24-Sep-2009	Joshua Brindle <method@manicmethod.com>	This updates commit 66d07600075d53735197520e4a5bbe6796a89d25 This seems to work better on my system (aux-info on temp.c didn't do anything) rc/exception.sh
66d07600075d53735197520e4a5bbe6796a89d25	16-Sep-2009	Daniel J Walsh <dwalsh@redhat.com>	This patch fixes the exception handling in libselinux-python bindings On 09/16/2009 03:35 PM, Joshua Brindle wrote: > > > Joshua Brindle wrote: >> >> >> Daniel J Walsh wrote: >>> What do you think of this one. Removed excess swig cruft, >>> >>> You need to run >>> >>> make swigify to generate those changes. >>> >> >> Ok, looking at this now. I don't completely get how it works. I'm trying >> to reproduce what you are doing by hand but nothing comes out of gcc: >> >> [root@localhost src]# echo '#include "../include/selinux/selinux.h"' > >> temp.c >> [root@localhost src]# gcc -c temp.c -aux-info temp.aux >> [root@localhost src]# ls temp.* >> temp.c temp.o >> >> >> What is the purpose of the aux-info thing, and why doesn't it work on my >> F11 machine? >> >> also, I'm not sure if the best place for selinuxswig_exception.i is >> swigify or pywrap. In the swigify case it shouldn't be in the clean >> target because if you check out the repo and do make clean; make pywrap >> you'll get an error. (I can make these fixes, I'm just trying to figure >> out how it all works first). >> > > Oh, one more thing, should this be python specific? (E.g, should it be > named selinuxswig_python_exception.i ?) Changed name to selinux_python_exception.i WOrks for me on F11 and F12 dwalsh@localhost$ echo '#include "../include/selinux/selinux.h"' > temp.c dwalsh@localhost$ gcc -c temp.c -aux-info temp.aux dwalsh@localhost$ ls temp.* temp.aux temp.c temp.o cat temp.aux /* compiled from: . / / /usr/include/sys/select.h:109:NC / extern int select (int, fd_set , fd_set , fd_set , struct timeval ); / /usr/include/sys/select.h:121:NC / extern int pselect (int, fd_set , fd_set , fd_set , const struct timespec , const __sigset_t ); /* /usr/include/sys/sysmacros.h:31:NC / extern unsigned int gnu_dev_major (long long unsigned int); / /usr/include/sys/sysmacros.h:34:NC / extern unsigned int gnu_dev_minor (long long unsigned int); / /usr/include/sys/sysmacros.h:37:NC / extern long long unsigned int gnu_dev_makedev (unsigned int, unsigned int); / ../include/selinux/selinux.h:12:NC / extern int is_selinux_enabled (void); / ../include/selinux/selinux.h:14:NC / extern int is_selinux_mls_enabled (void); / ../include/selinux/selinux.h:19:NC / extern void freecon (security_context_t); / ../include/selinux/selinux.h:22:NC / extern void freeconary (security_context_t ); ... commit 38d98bd958f42ea18c9376e624d733795665ee22 Author: Dan Walsh <dwalsh@redhat.com> Date: Wed Sep 16 16:51:14 2009 -0400 Add exception code nclude/selinux/selinux.h rc/Makefile rc/exception.sh rc/selinuxswig.i rc/selinuxswig_python.i
206e2dfe7a35e25c971baa79eee22c5eb4981b09	03-Sep-2009	Eamon Walsh <ewalsh@tycho.nsa.gov>	libselinux 2.0.86 hangeLog ERSION
09cd8160d97770533d3290aeafc466b5c6fe8939	03-Sep-2009	Eamon Walsh <ewalsh@tycho.nsa.gov>	Documentation updates for the removal of recounted SID's. Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> an/man3/avc_compute_create.3 an/man3/avc_context_to_sid.3 an/man3/avc_open.3
58866dd5668e845fd1cc0f62ae8dd4b93d9caf2b	02-Sep-2009	Eamon Walsh <ewalsh@tycho.nsa.gov>	The userspace AVC currently has refcounted SID's. This patch strips out the refcounting under the following justifications: 1. Managing the refcounts by calling sidput() and sidget() as appropriate is a difficult and bug-prone task for users of the library. 2. The userspace AVC doesn't currently make use of the refcounts to reclaim unused SID's unless avc_cleanup() is explicitly called. 3. The kernel itself no longer uses refcounting for it's own SID's. The implication of this change is that SID's (basically malloc'ed copies of security contexts) will persist in the AVC's SID table until the next call to avc_destroy(). This presents the potential for increased memory usage, but in practice I don't believe this will be an issue. ABI compatibility is preserved: the avc_cleanup(), sidput(), and sidget() calls are changed to no-ops. Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> rc/avc.c rc/avc_internal.h rc/avc_sidtab.c rc/avc_sidtab.h
919c98984735076f9981f18c3960893f5c637cbe	14-Jul-2009	Stephen Smalley <sds@tycho.nsa.gov>	libselinux 2.0.85 hangeLog ERSION
8c372f665db44cf753bb299e2ee7dcf6143b9e9e	01-Jul-2009	Stephen Smalley <sds@tycho.nsa.gov>	libselinux: lazy init Revive Steve Grubb's patch for libselinux lazy init and extend it to address not only the reading of /etc/selinux/config but also probing for /selinux/class and reading of /selinux/mls. This should reduce the need for dontaudit rules for programs that link with libselinux and it should reduce unnecessary overhead. I did not convert init_selinuxmnt over to lazy init since the functions that use selinux_mnt are not localized, and it only requires stat'ing of /selinux in the common case. I couldn't see a valid reason why we needed fini_obj_class_compat(), as the existence of /selinux/class will only change across a reboot with different kernel versions. fini_context_translations() already had a comment saying that it was unnecessary as well. Before: $ strace ls 2> err $ grep selinux err open("/lib/libselinux.so.1", O_RDONLY) = 3 open("/etc/selinux/config", O_RDONLY\|O_LARGEFILE) = 3 statfs64("/selinux", 84, {f_type=0xf97cff8c, f_bsize=4096, f_blocks=0, f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={0, 0}, f_namelen=255, f_frsize=4096}) = 0 stat64("/selinux/class", {st_mode=S_IFDIR\|0555, st_size=0, ...}) = 0 open("/selinux/mls", O_RDONLY\|O_LARGEFILE) = 3 After: $ strace ls 2> err $ grep selinux err open("/lib/libselinux.so.1", O_RDONLY) = 3 statfs64("/selinux", 84, {f_type=0xf97cff8c, f_bsize=4096, f_blocks=0, f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={0, 0}, f_namelen=255, f_frsize=4096}) = 0 Original-patch-by: Steve Grubb <linux_4ever@yahoo.com> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> rc/init.c rc/selinux_config.c rc/selinux_internal.h rc/setrans_client.c rc/setrans_internal.h rc/stringrep.c
1ac1ff6382505fa1e245fdc9c91b2448a7843101	14-Jul-2009	Stephen Smalley <sds@tycho.nsa.gov>	Revert Tomas Mraz's fix for freeing thread local storage in libselinux. This reverts commit a842c9dae863c5a8a28bd6b6abf192c8b5ba1838. rc/Makefile rc/setrans_client.c
1591e426259ed456a4c1f93d46854762df81fbfd	07-Jul-2009	Joshua Brindle <method@manicmethod.com>	bump libselinux to 2.0.84 hangeLog ERSION
532bd9a8926b4123c9444660041f4e9961543577	07-Jul-2009	Daniel J Walsh <dwalsh@redhat.com>	Author: Daniel J Walsh Email: dwalsh@redhat.com Subject: This patch add seusers support to SELinux Date: Mon, 18 May 2009 14:20:30 -0400 The idea here is to break the seusers file up into lots of little seusers file that can be user specific, also adds the service field to be used by tools like pam_selinux to choose which is the correct context to log a user in as. Patch was added to facilitate IPA handing out SELinux content for selection of roles at login. Signed-off-by: Joshua Brindle <method@manicmethod.com> nclude/selinux/selinux.h rc/seusers.c
f85eec055107f0caf1e8eec9b7a6c366f68f4328	07-Jul-2009	Joshua Brindle <method@manicmethod.com>	Merge branch 'master' of jbrindle@oss.tresys.com:/home/git/selinux
41be6cf7fad1981f51cda91b4a9a25e54da27d8d	07-Jul-2009	Stephen Smalley <sds@tycho.nsa.gov>	libselinux 2.0.83 hangeLog ERSION
b985905d2f58836993acf03edc0395acd1f3f7f1	20-May-2009	Stephen Smalley <sds@tycho.nsa.gov>	Policy loading problem On Wed, 2009-05-20 at 22:57 +0800, Dennis Wronka wrote: > Okay, here we go: > > I unmounted /selinux and then got this: > load_policy: Can't load policy: Invalid argument > > I attached my kernel-config and the two traces (trace1 for the "Device or > resource busy"-error, trace2 for the "Invalid argument"-error). Possible patch for libselinux to a) gracefully handle the situation where selinuxfs is already mounted, b) report errors when switching to permissive, and c) proceed with the policy load even if we cannot switch to permissive mode as requested, as proceeding without a policy when the kernel only supports enforcing mode is not desirable. Signed-off-by: Joshua Brindle <method@manicmethod.com> rc/load_policy.c
f057914941e29c460f5cd700d55b4d193c7927ef	24-Jun-2009	Eric Paris <eparis@redhat.com>	check /proc/filesystems before /proc/mounts for selinuxfs Al was complaining that he has selinux disabled and has 100,000+ mounts in /proc/mounts. Every time he runs ls the thing takes 5 seconds because the libselinux constructor runs the entirety of his /proc/mounts looking for selinuxfs, which doesn't exist. Speed things up by first checking for selinuxfs in /proc/filesystems, only if the fs is even registered should we bother to run all of /proc/mounts. Signed-off-by: Eric Paris <eparis@redhat.com> rc/init.c
33844aa60d306fabf77c6e84f91dbcdbc494ae75	22-Jun-2009	Joshua Brindle <method@manicmethod.com>	bump libselinux to 2.0.82 and policycoreutils to 2.0.64 hangeLog ERSION
a842c9dae863c5a8a28bd6b6abf192c8b5ba1838	10-Jun-2009	Tomas Mraz <tmraz@redhat.com>	Author: Tomas Mraz Email: tmraz@redhat.com Subject: Problems with freeing thread local storage in libselinux Date: Wed, 06 May 2009 12:38:35 +0200 On Wed, 2009-05-06 at 01:32 -0500, Manoj Srivastava wrote: > Hi folks, > > There have been numerous reports in Debian and derivatives of > programs linked with libselinux intermittently getting segfaults. > There is, for instance, the Debian report 505920[0], and Ubuntu > reports[1], [3] and [5], and Gnome [2]. I have not been able to > reproduce the error myself, though I have run the test cases a number > of times. > > The common thread in unclutter, libavg, gst-inspect et al. is a > segmentation fault in libselinux1, in the 'fini' destructor functions, > referencing the thread local variables. > > The Ubuntu bug log reference my old patch for libselinux from > 1.X days, where I replaced the thread local storage with regular > variables and mutexes, and people report success with that. I suspect > that something is corrupting the thread local storage. From the ubuntu > report: > --8<---------------cut here---------------start------------->8--- > Valgrind reports: > =29183== Invalid read of size 8 > ==29183== at 0xE29B9DD: fini_context_translations (setrans_client.c:211) > ==29183== by 0xE28F1F1: (within /lib/libselinux.so.1) > ==29183== by 0xE29D040: (within /lib/libselinux.so.1) > ==29183== by 0x570010F: exit (exit.c:75) > 505920==29183== by 0x56E91CA: (below main) (libc-start.c:252) > ==29183== Address 0x80 is not stack'd, malloc'd or (recently) free'd > ==29183== > ==29183== Process terminating with default action of signal 11 (SIGSEGV): dumping core > ==29183== Access not within mapped region at address 0x80 > ==29183== at 0xE29B9DD: fini_context_translations (setrans_client.c:211) > ==29183== by 0xE28F1F1: (within /lib/libselinux.so.1) > ==29183== by 0xE29D040: (within /lib/libselinux.so.1)==29183== by 0x570010F: exit (exit.c:75) > ==29183== by 0x56E91CA: (below main) (libc-start.c:252) > > > (gdb) bt > #0 0x00007f3ae812a9dd in fini_context_translations () at setrans_client.c:211 > #1 0x00007f3ae811e1f2 in __do_global_dtors_aux () from /lib/libselinux.so.1 > #2 0x00007ffff9097700 in ?? () > #3 0x00007f3ae812c041 in _fini () from /lib/libselinux.so.1 > #4 0x00007ffff9097700 in ?? () > #5 0x00007f3af0e88796 in _dl_fini () from /lib64/ld-linux-x86-64.so.2 > Backtrace stopped: previous frame inner to this frame (corrupt stack?) > --8<---------------cut here---------------end--------------->8--- > > There have been two sets of patches proposed for this; first one > merely initializes the variables in the init function, and this works > for a number of people, but at least one person has reported a second > segfault even with the patch installed[6] > > The second patch below converts a thread local cache to a > process wide cache, with mutex guards, which makes the cache slower, > and non-thread local caches means that cache misses are more likely. > > I'll try and follow up with people who can reproduce the > problems to see if either one of the patches solve their problems > without triggering other segmentation faults, but I'd appreciate > comments if anyone has insight into the issue. The problem is with freeing storage referenced by TLS variables in destructors. The destructor is called only in one of the threads and the variables might not be even properly initialized in that thread. One possibility is to not free the storage at all but that will leak memory if the libselinux is loaded/unloaded multiple times in a process. The only proper way is to use TSD (pthread_key_create, pthread_setspecific etc.) to store the pointers to the cached contexts. The attached patch implements this. I did not test it thoroughly though. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb Signed-off-by: Chad Sellers <csellers@tresys.com> rc/Makefile rc/setrans_client.c
20271d94ed2b26b94b052ba6ed90b63566cecbb7	04-Jun-2009	Daniel J Walsh <dwalsh@redhat.com>	Author: Daniel J Walsh Email: dwalsh@redhat.com Subject: SELinux context patch Date: Mon, 18 May 2009 14:16:12 -0400 This patch adds context files for virtual_domain and virtual_image, these are both being used to locat the default context to be executed by svirt. I also included the subs patch which I submitted before. This patch allows us to substitute prefixes to matchpathcon. So we can say /export/home == /home and /web == /var/www Author: Chad Sellers Email: csellers@tresys.com Flipped free()'s in original patch when strdup'd fail to proper order. Signed-off-by: Chad Sellers <csellers@tresys.com> nclude/selinux/selinux.h rc/file_path_suffixes.h rc/label.c rc/selinux_config.c rc/selinux_internal.h
99afa3cb774218f00ac40e494bd3d7ad4a818e60	06-May-2009	Joshua Brindle <method@manicmethod.com>	bump libselinux to 2.0.81 hangeLog ERSION
20eff2b9a53eeae4269ffc082bb95103596cd0b8	14-May-2009	Daniel J Walsh <dwalsh@redhat.com>	Author: Daniel J Walsh Email: dwalsh@redhat.com Subject: Patch to getdefaultcon to print just the correct match and add verbose option Date: Wed, 04 Mar 2009 15:41:37 -0500 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I really want to rename this to selinuxdefaultcon, which is what we ship in Fedora. Also exit with proper error on failure. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkmu54AACgkQrlYvE4MpobNoZACdHgQDP2Hp/KDBpGCD7G08HjOX p68An25Uu83SlOqjKyy9EG8ZgdIcuTCB =L6UU -----END PGP SIGNATURE----- Signed-off-by: Chad Sellers <csellers@tresys.com> tils/getdefaultcon.c
72d535fdb822135fcfa23c82977c62c7f1500e34	07-May-2009	Chad Sellers <csellers@tresys.com>	Author: Daniel J Walsh Email: dwalsh@redhat.com Subject: We have moved matchpathcon to /sbin from /usr/sbin Date: Wed, 01 Apr 2009 10:21:53 -0400 Some init scripts wanted to use matchpathcon before /usr is mounted. Author: Chad Sellers Email: csellers@tresys.com Added matchpathcon to clean target Signed-off-by: Chad Sellers <csellers@tresys.com> tils/Makefile
a4af847dc6f52688a25bb0323ff3b84b13dded67	11-Apr-2009	Hiroshi Shinji <hiroshi.shinji@gmail.com>	Author: Hiroshi Shinji Email: hiroshi.shinji@gmail.com Subject: Memory leak in libselinux/src/label_file.c Date: Fri, 3 Apr 2009 13:58:01 +0900 Hi, I found memory leak in libselinux/src/label_file.c. Please fix it. Regards, -- Hiroshi Shinji Signed-off-by: Chad Sellers <csellers@tresys.com> rc/label_file.c
5f1746a17e8f0882d379ce9cff24075bef9ca746	11-Apr-2009	Chad Sellers <csellers@tresys.com>	Merge branch 'master' of http://oss.tresys.com/git/selinux
7610baa968ad499667c60c222cba326b737c532a	06-May-2009	Stephen Smalley <sds@tycho.nsa.gov>	Trivial: Wrap the #define MNT_DETACH with #ifndef MNT_DETACH...#endif so that it does not break with the latest glibc headers, as in F11/rawhide. rc/load_policy.c
93a680280ffd538444d996482e4885cdd8cfbe95	10-Apr-2009	Daniel J Walsh <dwalsh@redhat.com>	Author: Daniel J Walsh Email: dwalsh@redhat.com Subject: Patch matchpathcon to eliminate file "/" Date: Wed, 04 Mar 2009 15:39:31 -0500 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 So matchpathcon /etc/ Will work the same as matchpathcon /etc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkmu5wMACgkQrlYvE4MpobNK4gCgiVeXXEZcCMsJKXM7jqh6r1u3 OScAoLcmXBIR63gpvA8RS3g07pcPC6IF =e+Re -----END PGP SIGNATURE----- Signed-off-by: Chad Sellers <csellers@tresys.com> tils/matchpathcon.c
a07493d1a16f23479657c6ea7fc86ffc3f9d7c85	08-Apr-2009	Eamon Walsh <ewalsh@tycho.nsa.gov>	bump libselinux to 2.0.80. hangeLog ERSION
433a99d4032706af724ff779d8d9d539f20793f8	08-Apr-2009	KaiGai Kohei <kaigai@ak.jp.nec.com>	It is useful for userspace object manager, if libselinux has an interface something like: int security_deny_unknown(void); This interface can suggest applications preferable behavior when string_to_security_class() or string_to_av_perm() returns invalid value which means the security policy does not define required ones. Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com> nclude/selinux/selinux.h an/man3/security_deny_unknown.3 an/man3/security_getenforce.3 rc/deny_unknown.c rc/selinux_internal.h
55ed6e7fa6b7d55c628fa04508521920e60a43f7	08-Apr-2009	KaiGai Kohei <kaigai@ak.jp.nec.com>	This patch enables applications to handle permissive domain correctly. Since the v2.6.26 kernel, SELinux has supported an idea of permissive domain which allows certain processes to work as if permissive mode, even if the global setting is enforcing mode. However, we don't have an application program interface to inform what domains are permissive one, and what domains are not. It means applications focuses on SELinux (XACE/SELinux, SE-PostgreSQL and so on) cannot handle permissive domain correctly. This patch add the sixth field (flags) on the reply of the /selinux/access interface which is used to make an access control decision from userspace. If the first bit of the flags field is positive, it means the required access control decision is on permissive domain, so application should allow any required actions, as the kernel doing. This patch also has a side benefit. The av_decision.flags is set at context_struct_compute_av(). It enables to check required permissions without read_lock(&policy_rwlock). Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com> nclude/selinux/selinux.h an/man3/security_compute_av.3 an/man3/security_compute_av_flags.3 rc/avc.c rc/compute_av.c rc/selinux_internal.h
318748d65917fa5a96c17ce3b564074e43482d75	08-Apr-2009	KaiGai Kohei <kaigai@ak.jp.nec.com>	The attached patch enables userspace object managers to handle notification messages via netlink socket from SELinux. * Two new callbacks were added to selinux_set_callback(3) - SELINUX_CB_SETENFORCE is invoked when it got SELNL_MSG_SETENFORCE message in the avc_netlink_process(). - SELINUX_CB_POLICYLOAD is invoked when it got SELNL_MSG_POLICYLOAD message in the avc_netlink_process(). * Three functions were exposed to applications. - int avc_netlink_open(int blocking); - void avc_netlink_loop(void); - void avc_netlink_close(void); Due to a few reasons, SE-PostgreSQL implements its own userspace avc, so it needs to copy and paste some of avc_internal.c. This update enables to share common part from such kind of application. Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com> nclude/selinux/avc.h nclude/selinux/selinux.h an/man3/avc_netlink_acquire_fd.3 an/man3/avc_netlink_check_nb.3 an/man3/avc_netlink_close.3 an/man3/avc_netlink_loop.3 an/man3/avc_netlink_open.3 an/man3/avc_netlink_release_fd.3 an/man3/selinux_set_callback.3 rc/avc_internal.c rc/avc_internal.h rc/callbacks.c rc/callbacks.h
3028bc3c5811b90af9cd051c6fbdfdcd2c77f44f	12-Mar-2009	Eamon Walsh <ewalsh@tycho.nsa.gov>	bump libselinux to 2.0.79. hangeLog ERSION
7239480c7019281893b1a12b1edc8cc28f8695b7	12-Mar-2009	Eamon Walsh <ewalsh@tycho.nsa.gov>	In one benchmark the X server was found to be extremely slow creating windows with selinux running. Part of the reason for this was because libselinux called into the kernel /selinux/create interface for every object. This patch caches the results of /selinux/create in the userspace avc to significantly increase the speed of these types of operations. Revised to correct locking, interface issues. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> rc/avc.c
7ab6b29011dc62b0f344087e1ca4d8cdd2a9e508	11-Mar-2009	Eamon Walsh <ewalsh@tycho.nsa.gov>	Netlink socket handoff functions from Adam Jackson. nclude/selinux/avc.h rc/avc.c rc/avc_internal.c rc/avc_internal.h rc/selinuxswig.i
5032faa9848e2312b53d09c32c45238f4507d36a	28-Feb-2009	Eamon Walsh <ewalsh@tycho.nsa.gov>	bump libselinux to 2.0.78 hangeLog ERSION
b27ff3397dcef05a4a22343dccf18f3a29b7de90	28-Feb-2009	Eamon Walsh <ewalsh@tycho.nsa.gov>	Fix an incorrect conversion specifier in the discover_class code. Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> rc/stringrep.c
c8a18807d5988ec2ff4fe3422397cca41771ba5a	12-Jan-2009	Joshua Brindle <method@manicmethod.com>	Merge branch 'master' of jbrindle@oss.tresys.com:/home/git/selinux Conflicts: libselinux/ChangeLog
a9e6fbdeaeb64af621127d08870e16d23363d69b	12-Jan-2009	Joshua Brindle <method@manicmethod.com>	bump libselinux to 2.0.76 hangeLog ERSION
3726a7783ef6bac3a75d8503a18ffe47152d2c03	12-Jan-2009	Joshua Brindle <method@manicmethod.com>	regerate swig wrappers for commit 09836bf0c1bd3cd9e1807e1b29b0faea2545baf4 rc/selinux.py
09836bf0c1bd3cd9e1807e1b29b0faea2545baf4	12-Jan-2009	Joshua Brindle <method@manicmethod.com>	Author: Daniel J Walsh Email: dwalsh@redhat.com Subject: Add restorecon and install methods for libselinux python bindings. Date: Tue, 06 Jan 2009 10:31:04 -0500 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Daniel J Walsh wrote: > Joshua Brindle wrote: >> Daniel J Walsh wrote: >> Luke Macken wrote restorecon and install functions used in Fedora >> Infrastructure which can be used to install files with the proper >> context and to fix the labels of files/directories without having to >> exec restorecon. > >> diff --exclude-from=exclude -N -u -r >> nsalibselinux/src/selinuxswig_python.i >> libselinux-2.0.75/src/selinuxswig_python.i >> --- nsalibselinux/src/selinuxswig_python.i 2008-08-28 >> 09:34:24.000000000 -0400 >> +++ libselinux-2.0.75/src/selinuxswig_python.i 2008-11-14 >> 17:09:50.000000000 -0500 >> @@ -6,6 +6,32 @@ >> #include "selinux/selinux.h" >> %} > >> +%pythoncode %{ >> + >> +import shutil, os >> + >> +def restorecon(path, recursive=False): >> + """ Restore SELinux context on a given path """ >> + mode = os.stat(path)[stat.ST_MODE] > >> stat doesn't exist here, perhaps he meant mode? > >> + status, context = matchpathcon(path, mode) >> + if status == 0: >> + lsetfilecon(path, context) >> + if recursive: >> + os.path.walk(path, lambda arg, dirname, fnames: >> + map(restorecon, [os.path.join(dirname, fname) >> + s for fname in fnames]), >> None) > >> typo, the s causes a syntax error > >> + >> +def copytree(src, dest): >> + """ An SELinux-friendly shutil.copytree method """ >> + shutil.copytree(src, dest) >> + restorecon(dest, recursive=True) >> + >> +def install(src, dest): >> + """ An SELinux-friendly shutil.move method """ >> + shutil.move(src, dest) >> + restorecon(dest, recursive=True) >> +%} >> + >> /* security_get_boolean_names() typemap / >> %typemap(argout) (char *names, int len) { >> PyObject* list = PyList_New(*$2); > >> This patch doesn't appear correct, I'll fix the things above, have you >> been testing this at all? > > Must have sent you a bad patch. > > > This is what the current patch looks like. > And this is still broken. One more fix. + mode = os.stat(path)[stat.ST_MODE] should be + mode = os.lstat(path)[stat.ST_MODE] Modified to remove copytree and install functions Signed-off-by: Joshua Brindle <method@manicmethod.com> rc/selinuxswig_python.i
71cb6604ad1ea4f04fefb63018c6a8bd936bb195	05-Jan-2009	Joshua Brindle <method@manicmethod.com>	regenerate swig bindings for color translation in commit cfa3cb6fa5d0cc00fde75ee74ec2da577f62e141 rc/selinux.py rc/selinuxswig_wrap.c
7817c92986edf432268f794a80cd52efb9f8b858	06-Jan-2009	Eamon Walsh <ewalsh@tycho.nsa.gov>	Bump libselinux to 2.0.76 hangeLog ERSION
f9b1f1a2a17298b60a94780ab5899a8d91cbf100	01-Jan-2009	Eamon Walsh <ewalsh@tycho.nsa.gov>	Add config path function for secolor.conf file. Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> nclude/selinux/selinux.h rc/file_path_suffixes.h rc/selinux_config.c rc/selinux_internal.h
cfa3cb6fa5d0cc00fde75ee74ec2da577f62e141	26-Nov-2008	Eamon Walsh <ewalsh@tycho.nsa.gov>	Add client routines for translating raw security contexts into colors. Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> nclude/selinux/selinux.h rc/selinux_internal.h rc/setrans_client.c rc/setrans_internal.h
aa92cfbe74633895696dbb1bd4bcf3b20a7f807b	19-Nov-2008	Eamon Walsh <ewalsh@tycho.nsa.gov>	Bump libselinux to 2.0.75 hangeLog ERSION
66b2af371aca28734346d23c3b5344cf094bcfbb	14-Nov-2008	Eamon Walsh <ewalsh@tycho.nsa.gov>	Allow shell-style wildcard patterns in the X labeling backend. Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> rc/label_x.c
cc502813e0e64c1f7d380503d153cd49e8fcb130	03-Nov-2008	Eamon Walsh <ewalsh@tycho.nsa.gov>	Bump libselinux to 2.0.74 hangeLog ERSION
eee0f022e44ade05143eeee3748dd78fbd17966b	31-Oct-2008	Eamon Walsh <ewalsh@tycho.nsa.gov>	Put a proper message type into each message logged by the userspace AVC. Currently, the message types are defined but not used. This will allow better separation of messages when logging to facilities such as libaudit. Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> rc/avc.c rc/avc_internal.c rc/avc_internal.h
3d431ae08f5349b906879f7a6abd0e2bbd182e92	14-Oct-2008	Joshua Brindle <method@manicmethod.com>	bump libselinux and checkpolicy versions hangeLog ERSION
345fb4a99b7aa6442b2f9ead4cc391d031d4b6ba	14-Oct-2008	Joshua Brindle <method@manicmethod.com>	Author: Daniel J Walsh Email: dwalsh@redhat.com Subject: Yet another man page patch Date: Tue, 30 Sep 2008 08:52:58 -0400 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 int selinux_file_context_cmp(const security_context_t a, + const security_context_t b);" + +.BI "int selinux_file_context_verify(const char *path, mode_t mode);" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkjiISoACgkQrlYvE4MpobPV9gCg0KZ+rsxGsIalBS1qvbObK7bA 0H8Anj8FnGzOnSjnOfbk+5R4Bf2OyxW+ =nJ7k -----END PGP SIGNATURE----- Signed-off-by: Joshua Brindle <method@manicmethod.com> an/man3/matchpathcon.3 an/man3/selinux_file_context_cmp.3 an/man3/selinux_file_context_verify.3
86562db50a328b82626f7db7a8bf8ff7f55ca045	14-Oct-2008	Joshua Brindle <method@manicmethod.com>	Author: Daniel J Walsh Email: dwalsh@redhat.com Subject: matchpathcon -V does not always work as expected. Date: Tue, 30 Sep 2008 08:54:18 -0400 matchpathcon -V should be passing the mode when checking whether the file context on a file is correct. Signed-off-by: Joshua Brindle <method@manicmethod.com> tils/matchpathcon.c
922103e7f27a404be0b06baeb441396ce7e3e5c0	30-Sep-2008	Joshua Brindle <method@manicmethod.com>	bump libselinux to 2.0.73 hangeLog ERSION
06c2dd5d04a1505d2c3e397b5b8a624fdd02805b	29-Sep-2008	Joshua Brindle <method@manicmethod.com>	Author: Daniel J Walsh Email: dwalsh@redhat.com Subject: Some missing man pages from libselinux Date: Wed, 24 Sep 2008 08:57:44 -0400 We are still missing the following man pages. Perhaps some of these functions should be removed? selinux_users_path seems to return a bogus directory? Also do not have _raw functions defined in man pages. matchpathcon_checkmatches matchpathcon_filespec_add matchpathcon_filespec_destroy matchpathcon_filespec_eval matchpathcon_index matchpathcon_init_prefix print_access_vector security_canonicalize_context security_disable security_set_boolean_list selinux_check_passwd_access selinux_customizable_types_path selinux_file_context_cmp selinux_file_context_verify selinux_get_callback selinux_init_load_policy selinux_lsetfilecon_default selinux_mkload_policy selinux_raw_to_trans_context selinux_trans_to_raw_context selinux_translations_path selinux_users_path set_selinuxmnt Signed-off-by: Joshua Brindle <method@manicmethod.com> an/man3/avc_get_initial_sid.3 an/man3/get_default_type.3 an/man3/getsockcreatecon.3 an/man3/is_selinux_enabled.3 an/man3/is_selinux_mls_enabled.3 an/man3/matchpathcon_fini.3 an/man3/matchpathcon_init.3 an/man3/selinux_binary_policy_path.3 an/man3/selinux_default_type_path.3 an/man3/selinux_file_context_homedir_path.3 an/man3/selinux_file_context_local_path.3 an/man3/selinux_getpolicytype.3 an/man3/selinux_homedir_context_path.3 an/man3/selinux_netfilter_context_path.3 an/man3/selinux_path.3 an/man3/selinux_usersconf_path.3 an/man3/selinux_x_context_path.3 an/man3/set_matchpathcon_flags.3 an/man3/setsockcreatecon.3
85ea2db4bd450be86fc12723a553ba84bf746311	29-Sep-2008	Joshua Brindle <method@manicmethod.com>	Author: Daniel J Walsh Email: dwalsh@redhat.com Subject: Man page fixes for libselinux. Date: Mon, 22 Sep 2008 13:52:13 -0400 Signed-off-by: Joshua Brindle <method@manicmethod.com> an/man3/fgetfilecon.3 an/man3/getkeycreatecon.3 an/man3/lgetfilecon.3 an/man3/setkeycreatecon.3
5973c54402317126e63902ed2b288f567bd7ee59	29-Sep-2008	Joshua Brindle <method@manicmethod.com>	Author: Daniel J Walsh Email: dwalsh@redhat.com Subject: Latest flask definitions for libselinux. Date: Mon, 22 Sep 2008 13:50:26 -0400 Adds open, X Definitions and nlmsg_tty_audit for netlink_audit_socket Signed-off-by: Joshua Brindle <method@manicmethod.com> nclude/selinux/av_permissions.h nclude/selinux/flask.h rc/av_perm_to_string.h rc/class_to_string.h
4611c09d6b22ff2aebb55388d777bcf8921dd50b	26-Aug-2008	Stephen Smalley <sds@tycho.nsa.gov>	Fix EMBEDDED=y build. rc/load_policy.c
13cd4c8960688af11ad23b4c946149015c80d549	19-Aug-2008	Joshua Brindle <method@manicmethod.com>	initial import from svn trunk revision 2950 hangeLog ICENSE akefile ERSION nclude/Makefile nclude/selinux/av_permissions.h nclude/selinux/avc.h nclude/selinux/context.h nclude/selinux/flask.h nclude/selinux/get_context_list.h nclude/selinux/get_default_type.h nclude/selinux/label.h nclude/selinux/selinux.h an/Makefile an/man3/avc_add_callback.3 an/man3/avc_audit.3 an/man3/avc_av_stats.3 an/man3/avc_cache_stats.3 an/man3/avc_cleanup.3 an/man3/avc_compute_create.3 an/man3/avc_compute_member.3 an/man3/avc_context_to_sid.3 an/man3/avc_destroy.3 an/man3/avc_entry_ref_init.3 an/man3/avc_get_initial_context.3 an/man3/avc_has_perm.3 an/man3/avc_has_perm_noaudit.3 an/man3/avc_init.3 an/man3/avc_open.3 an/man3/avc_reset.3 an/man3/avc_sid_stats.3 an/man3/avc_sid_to_context.3 an/man3/checkPasswdAccess.3 an/man3/context_free.3 an/man3/context_new.3 an/man3/context_range_get.3 an/man3/context_range_set.3 an/man3/context_role_get.3 an/man3/context_role_set.3 an/man3/context_type_get.3 an/man3/context_type_set.3 an/man3/context_user_get.3 an/man3/context_user_set.3 an/man3/freecon.3 an/man3/freeconary.3 an/man3/fsetfilecon.3 an/man3/get_default_context.3 an/man3/get_default_context_with_level.3 an/man3/get_default_context_with_role.3 an/man3/get_default_context_with_rolelevel.3 an/man3/get_ordered_context_list.3 an/man3/get_ordered_context_list_with_level.3 an/man3/getcon.3 an/man3/getexeccon.3 an/man3/getfilecon.3 an/man3/getfscreatecon.3 an/man3/getpeercon.3 an/man3/getpidcon.3 an/man3/getprevcon.3 an/man3/getseuserbyname.3 an/man3/is_context_customizable.3 an/man3/is_selinux_enabled.3 an/man3/lsetfilecon.3 an/man3/manual_user_enter_context.3 an/man3/matchmediacon.3 an/man3/matchpathcon.3 an/man3/query_user_context.3 an/man3/rpm_execcon.3 an/man3/security_av_perm_to_string.3 an/man3/security_av_string.3 an/man3/security_check_context.3 an/man3/security_class_to_string.3 an/man3/security_commit_booleans.3 an/man3/security_compute_av.3 an/man3/security_compute_create.3 an/man3/security_compute_member.3 an/man3/security_compute_relabel.3 an/man3/security_compute_user.3 an/man3/security_get_boolean_active.3 an/man3/security_get_boolean_names.3 an/man3/security_get_boolean_pending.3 an/man3/security_get_initial_context.3 an/man3/security_getenforce.3 an/man3/security_load_booleans.3 an/man3/security_load_policy.3 an/man3/security_policyvers.3 an/man3/security_set_boolean.3 an/man3/security_setenforce.3 an/man3/selabel_close.3 an/man3/selabel_lookup.3 an/man3/selabel_open.3 an/man3/selabel_stats.3 an/man3/selinux_binary_policy_path.3 an/man3/selinux_booleans_path.3 an/man3/selinux_check_securetty_context.3 an/man3/selinux_contexts_path.3 an/man3/selinux_default_context_path.3 an/man3/selinux_failsafe_context_path.3 an/man3/selinux_file_context_path.3 an/man3/selinux_getenforcemode.3 an/man3/selinux_media_context_path.3 an/man3/selinux_policy_root.3 an/man3/selinux_removable_context_path.3 an/man3/selinux_securetty_types_path.3 an/man3/selinux_set_callback.3 an/man3/selinux_set_mapping.3 an/man3/selinux_user_contexts_path.3 an/man3/set_matchpathcon_printf.3 an/man3/setcon.3 an/man3/setexeccon.3 an/man3/setfilecon.3 an/man3/setfscreatecon.3 an/man3/sidget.3 an/man3/sidput.3 an/man3/string_to_av_perm.3 an/man3/string_to_security_class.3 an/man5/selabel_file.5 an/man5/selabel_media.5 an/man5/selabel_x.5 an/man8/avcstat.8 an/man8/booleans.8 an/man8/getenforce.8 an/man8/getsebool.8 an/man8/matchpathcon.8 an/man8/selinux.8 an/man8/selinuxenabled.8 an/man8/setenforce.8 an/man8/togglesebool.8 rc/Makefile rc/audit2why.c rc/av_inherit.h rc/av_perm_to_string.h rc/avc.c rc/avc_internal.c rc/avc_internal.h rc/avc_sidtab.c rc/avc_sidtab.h rc/booleans.c rc/callbacks.c rc/callbacks.h rc/canonicalize_context.c rc/checkAccess.c rc/check_context.c rc/class_to_string.h rc/common_perm_to_string.h rc/compute_av.c rc/compute_create.c rc/compute_member.c rc/compute_relabel.c rc/compute_user.c rc/context.c rc/context_internal.h rc/disable.c rc/dso.h rc/enabled.c rc/fgetfilecon.c rc/file_path_suffixes.h rc/freecon.c rc/freeconary.c rc/fsetfilecon.c rc/get_context_list.c rc/get_context_list_internal.h rc/get_default_type.c rc/get_default_type_internal.h rc/get_initial_context.c rc/getenforce.c rc/getfilecon.c rc/getpeercon.c rc/init.c rc/is_customizable_type.c rc/label.c rc/label_file.c rc/label_internal.h rc/label_media.c rc/label_x.c rc/lgetfilecon.c rc/load_policy.c rc/lsetfilecon.c rc/mapping.c rc/mapping.h rc/matchmediacon.c rc/matchpathcon.c rc/policy.h rc/policyvers.c rc/procattr.c rc/query_user_context.c rc/rpm.c rc/selinux.py rc/selinux_check_securetty_context.c rc/selinux_config.c rc/selinux_internal.h rc/selinux_netlink.h rc/selinuxswig.i rc/selinuxswig_python.i rc/selinuxswig_ruby.i rc/selinuxswig_wrap.c rc/setenforce.c rc/setfilecon.c rc/setrans_client.c rc/setrans_internal.h rc/seusers.c rc/stringrep.c tils/Makefile tils/avcstat.c tils/compute_av.c tils/compute_create.c tils/compute_member.c tils/compute_relabel.c tils/compute_user.c tils/getconlist.c tils/getdefaultcon.c tils/getenforce.c tils/getfilecon.c tils/getpidcon.c tils/getsebool.c tils/getseuser.c tils/matchpathcon.c tils/policyvers.c tils/selinux_check_securetty_context.c tils/selinuxenabled.c tils/setenforce.c tils/setfilecon.c tils/togglesebool.c