| 432077b4dda7baa15b6daa1458759e674d398fa3 |
|
26-Feb-2015 |
Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com> |
libsemanage: Fix memory leaks when parsing semanage.conf
- Free args as they are parsed and strdup args when neccessary. Memory used for
lex initialization is now freed using yylex_destroy().
- Add noyywrap option to flex. This is the correct way to make the scanner
not call yywrap upon an end of file. Before, we were overriding the
function and returning 1.
Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
Acked-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/libsemanage/src/conf-scan.l
|
| 057197c69aaa36cf28694517151479de8ebb3c4c |
|
26-Feb-2015 |
Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com> |
libsemanage: Add option to remove HLL files after compilation
This adds a 'remove-hll' option to semanage.conf. If set to 'true', all
HLL files will be removed from the SELinux store after successfully
buildling the SELinux modules. The default for this option is 'false'.
In order to delete already compiled HLL files, the modules need to be
recompiled with the ignore-module-cache option.
Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
Acked-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/libsemanage/src/conf-scan.l
|
| 5e75b96e91534ae37405e1e417f4627f1e47d5c2 |
|
03-Apr-2014 |
Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com> |
libsemanage: add the ability to set an alternative root path for store
Allow an alternative selinux store root path to be used. The option
can be set in semanage.conf as store_root. If no option is provided, the
default path for the store_root is "/var/lib/selinux".
Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
/external/selinux/libsemanage/src/conf-scan.l
|
| cae4a4c951aa19b2717254d76deeb986af466238 |
|
07-Feb-2014 |
Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com> |
libsemanage: add support for HLL to CIL compilers
An HLL to CIL compiler must exist in the compiler_directory path which
is configubrable in semanage.conf. By default, this path is
/usr/libexec/selinux/hll/. The compiler name needs to match the HLL
language extension. For example, for pp files,
/usr/libexec/selinux/hll/pp must exist.
The HLL infrastructure uncompresses the HLL module and pipes the data to
the appropriate CIL compiler. The output CIL from the compiler is read
from another pipe, compressed, and saved to the module store as a cached
CIL file. This file will be used on all subsequent policy builds, unless
a new module is installed with the same name at the same priority, at
which point the cache is deleted and is subsequently rebuilt and cached.
A new option is added to semanage.conf, ignore_cache, which if set to
true will cause the cached CIL files to be ignored and all HLL files to
be recompiled and the resulting CIL to be recached.
Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
/external/selinux/libsemanage/src/conf-scan.l
|
| c654ca1cf4e872e5d84bcd3fe7168e7f5f5400df |
|
13-Oct-2011 |
Steve Lawrence <slawrence@tresys.com> |
libsemanage: add target-platform option to semanage.conf
The target platform used to come from the base module. However, CIL has
no concept of a base module or a target platform. This adds an option to
semanage.conf (target-platform) to control how policies should be built.
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/libsemanage/src/conf-scan.l
|
| 28baa721e0f544d0899b68eb5eee070ed2b4b02b |
|
14-Sep-2012 |
rhatdan <dwalsh@redhat.com> |
libsemanage: Add sefcontext_compile to compile regex everytime policy is rebuilt
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libsemanage/src/conf-scan.l
|
| 915b5f885f030aa24a2ca648a184fa02cb5bbdcd |
|
29-Jun-2011 |
Eric Paris <eparis@redhat.com> |
libsemanage: add ignoredirs config for genhomedircon
For a long time /root has been treated differently in Red Hat
Distributions then upstream policy.
We do not want to label /root the same as a users homedir. Because of
this we have carried a patch in libsemanage/genhomedircon.c to ignore
/root.
This patch adds a flag to semanage.conf, ignoredirs. That will allow
distributions or users to specify directories that genhomedircon
should ignore when setting up users homedir labeling.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libsemanage/src/conf-scan.l
|
| c8d100bb03e0fe0501037b914fe3638afd593ee4 |
|
25-Feb-2010 |
Daniel J Walsh <dwalsh@redhat.com> |
Patch to run genhomedircon without looking at /etc/passwd
I want to change the default of libsemanage to not look for home
directories in getpwent. This patch allows you to set the flag
usepasswd=false in the semanage.conf file. and genhomedircon will only
setup the labeling of /home, /export/home and any confined users homedirs.
If this patch is not acceptable because libsemanage is being rewritten,
I would like the functionality to be added to the new libsemanage.
/external/selinux/libsemanage/src/conf-scan.l
|
| ee9827000137fed2d3300124115fc1572acafe2f |
|
04-Aug-2009 |
Stephen Smalley <sds@tycho.nsa.gov> |
libsemanage: Enable configuration of bzip behavior
Allow the administrator to customize the bzip block size and "small"
flag via semanage.conf. After applying you can add entries like these
to your /etc/selinux/semanage.conf to trade off memory vs disk space
(block size) and to trade off memory vs runtime (small):
bzip-blocksize=4
bzip-small=true
You can also disable bzip compression altogether for your module store
via:
bzip-blocksize=0
The semanage.conf entries are now validated against legal value ranges
at handle creation time.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/libsemanage/src/conf-scan.l
|
| 13cd4c8960688af11ad23b4c946149015c80d549 |
|
19-Aug-2008 |
Joshua Brindle <method@manicmethod.com> |
initial import from svn trunk revision 2950
/external/selinux/libsemanage/src/conf-scan.l
|