mirror of
https://github.com/SELinuxProject/selinux
synced 2025-03-11 04:37:29 +00:00
Merge branch 'master' of jbrindle@oss.tresys.com:/home/git/selinux
This commit is contained in:
Joshua Brindle
commit
3ba84a9f7f
@ -1,3 +1,6 @@
|
||||
2.0.33 2009-07-07
|
||||
* Maintain disable dontaudit state from Christopher Pardy.
|
||||
|
||||
2.0.32 2009-05-28
|
||||
* Ruby bindings from David Quigley.
|
||||
|
||||
|
||||
@ -1 +1 @@
|
||||
2.0.32
|
||||
2.0.33
|
||||
|
||||
@ -69,6 +69,9 @@ void semanage_set_rebuild(semanage_handle_t * handle, int do_rebuild);
|
||||
* 1 for yes, 0 for no (default) */
|
||||
void semanage_set_create_store(semanage_handle_t * handle, int create_store);
|
||||
|
||||
/*Get whether or not dontaudits will be disabled upon commit */
|
||||
int semanage_get_disable_dontaudit(semanage_handle_t * handle);
|
||||
|
||||
/* Set whether or not to disable dontaudits upon commit */
|
||||
void semanage_set_disable_dontaudit(semanage_handle_t * handle, int disable_dontaudit);
|
||||
|
||||
|
||||
@ -20,6 +20,7 @@
|
||||
*/
|
||||
|
||||
#include <sepol/module.h>
|
||||
#include <sepol/handle.h>
|
||||
#include <selinux/selinux.h>
|
||||
|
||||
#include <assert.h>
|
||||
@ -111,6 +112,7 @@ int semanage_direct_is_managed(semanage_handle_t * sh)
|
||||
int semanage_direct_connect(semanage_handle_t * sh)
|
||||
{
|
||||
char polpath[PATH_MAX];
|
||||
const char *path;
|
||||
|
||||
snprintf(polpath, PATH_MAX, "%s%s", selinux_path(),
|
||||
sh->conf->store_path);
|
||||
@ -223,6 +225,13 @@ int semanage_direct_connect(semanage_handle_t * sh)
|
||||
if (bool_activedb_dbase_init(sh, semanage_bool_dbase_active(sh)) < 0)
|
||||
goto err;
|
||||
|
||||
/* set the disable dontaudit value */
|
||||
path = semanage_path(SEMANAGE_ACTIVE, SEMANAGE_DISABLE_DONTAUDIT);
|
||||
if (access(path, F_OK) == 0)
|
||||
sepol_set_disable_dontaudit(sh->sepolh, 1);
|
||||
else
|
||||
sepol_set_disable_dontaudit(sh->sepolh, 0);
|
||||
|
||||
return STATUS_SUCCESS;
|
||||
|
||||
err:
|
||||
@ -645,7 +654,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
|
||||
char **mod_filenames = NULL;
|
||||
char *sorted_fc_buffer = NULL, *sorted_nc_buffer = NULL;
|
||||
size_t sorted_fc_buffer_len = 0, sorted_nc_buffer_len = 0;
|
||||
const char *linked_filename = NULL, *ofilename = NULL;
|
||||
const char *linked_filename = NULL, *ofilename = NULL, *path;
|
||||
sepol_module_package_t *base = NULL;
|
||||
int retval = -1, num_modfiles = 0, i;
|
||||
sepol_policydb_t *out = NULL;
|
||||
@ -669,6 +678,27 @@ static int semanage_direct_commit(semanage_handle_t * sh)
|
||||
dbase_config_t *pfcontexts = semanage_fcontext_dbase_policy(sh);
|
||||
dbase_config_t *seusers = semanage_seuser_dbase_local(sh);
|
||||
|
||||
/* Create or remove the disable_dontaudit flag file. */
|
||||
path = semanage_path(SEMANAGE_TMP, SEMANAGE_DISABLE_DONTAUDIT);
|
||||
if (sepol_get_disable_dontaudit(sh->sepolh) == 1) {
|
||||
FILE *touch;
|
||||
touch = fopen(path, "w");
|
||||
if (touch != NULL) {
|
||||
if (fclose(touch) != 0) {
|
||||
ERR(sh, "Error attempting to create disable_dontaudit flag.");
|
||||
goto cleanup;
|
||||
}
|
||||
} else {
|
||||
ERR(sh, "Error attempting to create disable_dontaudit flag.");
|
||||
goto cleanup;
|
||||
}
|
||||
} else {
|
||||
if (remove(path) == -1 && errno != ENOENT) {
|
||||
ERR(sh, "Error removing the disable_dontaudit flag.");
|
||||
goto cleanup;
|
||||
}
|
||||
}
|
||||
|
||||
/* Before we do anything else, flush the join to its component parts.
|
||||
* This *does not* flush to disk automatically */
|
||||
if (users->dtable->is_modified(users->dbase)) {
|
||||
|
||||
@ -110,6 +110,13 @@ void semanage_set_create_store(semanage_handle_t * sh, int create_store)
|
||||
return;
|
||||
}
|
||||
|
||||
int semanage_get_disable_dontaudit(semanage_handle_t * sh)
|
||||
{
|
||||
assert(sh != NULL);
|
||||
|
||||
return sepol_get_disable_dontaudit(sh->sepolh);
|
||||
}
|
||||
|
||||
void semanage_set_disable_dontaudit(semanage_handle_t * sh, int disable_dontaudit)
|
||||
{
|
||||
assert(sh != NULL);
|
||||
|
||||
@ -15,7 +15,7 @@ LIBSEMANAGE_1.0 {
|
||||
semanage_iface_*; semanage_port_*; semanage_context_*;
|
||||
semanage_node_*;
|
||||
semanage_fcontext_*; semanage_access_check; semanage_set_create_store;
|
||||
semanage_is_connected; semanage_set_disable_dontaudit;
|
||||
semanage_is_connected; semanage_get_disable_dontaudit; semanage_set_disable_dontaudit;
|
||||
semanage_mls_enabled;
|
||||
local: *;
|
||||
};
|
||||
|
||||
@ -114,6 +114,7 @@ static const char *semanage_sandbox_paths[SEMANAGE_STORE_NUM_PATHS] = {
|
||||
"/users_extra",
|
||||
"/netfilter_contexts",
|
||||
"/file_contexts.homedirs",
|
||||
"/disable_dontaudit",
|
||||
};
|
||||
|
||||
/* A node used in a linked list of file contexts; used for sorting.
|
||||
|
||||
@ -58,6 +58,7 @@ enum semanage_sandbox_defs {
|
||||
SEMANAGE_USERS_EXTRA,
|
||||
SEMANAGE_NC,
|
||||
SEMANAGE_FC_HOMEDIRS,
|
||||
SEMANAGE_DISABLE_DONTAUDIT,
|
||||
SEMANAGE_STORE_NUM_PATHS
|
||||
};
|
||||
|
||||
|
||||
@ -1,3 +1,6 @@
|
||||
2.0.37 2009-07-07
|
||||
* Add method to check disable dontaudit flag from Christopher Pardy.
|
||||
|
||||
2.0.36 2009-03-25
|
||||
* Fix boolean state smashing from Joshua Brindle.
|
||||
|
||||
|
||||
@ -1 +1 @@
|
||||
2.0.36
|
||||
2.0.37
|
||||
|
||||
@ -7,6 +7,12 @@ typedef struct sepol_handle sepol_handle_t;
|
||||
/* Create and return a sepol handle. */
|
||||
sepol_handle_t *sepol_handle_create(void);
|
||||
|
||||
/* Get whether or not dontaudits will be disabled, same values as
|
||||
* specified by set_disable_dontaudit. This value reflects the state
|
||||
* your system will be set to upon commit, not necessarily its
|
||||
* current state.*/
|
||||
int sepol_get_disable_dontaudit(sepol_handle_t * sh);
|
||||
|
||||
/* Set whether or not to disable dontaudits, 0 is default and does
|
||||
* not disable dontaudits, 1 disables them */
|
||||
void sepol_set_disable_dontaudit(sepol_handle_t * sh, int disable_dontaudit);
|
||||
|
||||
@ -21,6 +21,12 @@ sepol_handle_t *sepol_handle_create(void)
|
||||
return sh;
|
||||
}
|
||||
|
||||
int sepol_get_disable_dontaudit(sepol_handle_t *sh)
|
||||
{
|
||||
assert(sh !=NULL);
|
||||
return sh->disable_dontaudit;
|
||||
}
|
||||
|
||||
void sepol_set_disable_dontaudit(sepol_handle_t * sh, int disable_dontaudit)
|
||||
{
|
||||
assert(sh !=NULL);
|
||||
|
||||
@ -12,6 +12,7 @@
|
||||
sepol_policydb_*; sepol_set_policydb_from_file;
|
||||
sepol_policy_kern_*;
|
||||
sepol_policy_file_*;
|
||||
sepol_get_disable_dontaudit;
|
||||
sepol_set_disable_dontaudit;
|
||||
sepol_set_expand_consume_base;
|
||||
local: *;
|
||||
|
||||
@ -1,3 +1,7 @@
|
||||
2.0.67 2009-07-07
|
||||
* Re-enable disable_dontaudit rules upon semodule -B from Christopher
|
||||
Pardy and Dan Walsh.
|
||||
|
||||
2.0.66 2009-07-07
|
||||
* setfiles converted to fts from Thomas Liu.
|
||||
|
||||
|
||||
@ -1 +1 @@
|
||||
2.0.66
|
||||
2.0.67
|
||||
|
||||
@ -421,6 +421,9 @@ int main(int argc, char *argv[])
|
||||
semanage_set_rebuild(sh, 1);
|
||||
if (disable_dontaudit)
|
||||
semanage_set_disable_dontaudit(sh, 1);
|
||||
else if (build)
|
||||
semanage_set_disable_dontaudit(sh, 0);
|
||||
|
||||
result = semanage_commit(sh);
|
||||
}
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user