Avoid unrelated changes in followup patches.
No functional change.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Add a configuration option that when set to "true" allows duplicate
type, type attribute, and role declarations and duplicate context
rules.
The default is set to "true" to support the removal of the special
handling of certain roles when converting a policy module to CIL
without causing problems for existing policies.
Signed-off-by: James Carter <jwcart2@gmail.com>
Since they are being removed, there will be nothing to install.
Suggested-by: Petr Lautrbach <plautrba@redhat.com>
Signed-off-by: James Carter <jwcart2@gmail.com>
Acked-by: Petr Lautrbach <lautrbach@redhat.com>
The Russian translations have not been maintained and are out of
date, so remove them.
Suggested-by: Petr Lautrbach <plautrba@redhat.com>
Signed-off-by: James Carter <jwcart2@gmail.com>
Acked-by: Petr Lautrbach <lautrbach@redhat.com>
See: RFC 2606
foo.com seems to be privately owned.
Signed-off-by: Markus Linnala <Markus.Linnala@knowit.fi>
Acked-by: Petr Lautrbach <plautrba@redhat.com>
When building binary policy, optionally run it through
sepol_policydb_optimize() just before writing it out.
Add an optimize-policy variable to semanage.conf(5) that controls
whether optimization will be applied during libsemanage operations.
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
This patch solves the following issues:
- DESTDIR is needed during compile time to compute library and header paths which it should not.
- Installing with both DESTDIR and PREFIX set gives us odd paths
- Make usage of DESTDIR and PREFIX more standard
Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
This adds a 'remove-hll' option to semanage.conf. If set to 'true', all
HLL files will be removed from the SELinux store after successfully
buildling the SELinux modules. The default for this option is 'false'.
In order to delete already compiled HLL files, the modules need to be
recompiled with the ignore-module-cache option.
Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
Acked-by: Steve Lawrence <slawrence@tresys.com>
Allow an alternative selinux store root path to be used. The option
can be set in semanage.conf as store_root. If no option is provided, the
default path for the store_root is "/var/lib/selinux".
Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
An HLL to CIL compiler must exist in the compiler_directory path which
is configubrable in semanage.conf. By default, this path is
/usr/libexec/selinux/hll/. The compiler name needs to match the HLL
language extension. For example, for pp files,
/usr/libexec/selinux/hll/pp must exist.
The HLL infrastructure uncompresses the HLL module and pipes the data to
the appropriate CIL compiler. The output CIL from the compiler is read
from another pipe, compressed, and saved to the module store as a cached
CIL file. This file will be used on all subsequent policy builds, unless
a new module is installed with the same name at the same priority, at
which point the cache is deleted and is subsequently rebuilt and cached.
A new option is added to semanage.conf, ignore_cache, which if set to
true will cause the cached CIL files to be ignored and all HLL files to
be recompiled and the resulting CIL to be recached.
Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
The target platform used to come from the base module. However, CIL has
no concept of a base module or a target platform. This adds an option to
semanage.conf (target-platform) to control how policies should be built.
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
Removed in commits:
- Revert "libsemanage: introduce semanage_set_root and friends"
- Revert "libsemanage: Alternate path for semanage.conf"
- Revert "libsemanage: Use default semanage.conf as a fallback"
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
For a long time /root has been treated differently in Red Hat
Distributions then upstream policy.
We do not want to label /root the same as a users homedir. Because of
this we have carried a patch in libsemanage/genhomedircon.c to ignore
/root.
This patch adds a flag to semanage.conf, ignoredirs. That will allow
distributions or users to specify directories that genhomedircon
should ignore when setting up users homedir labeling.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Change the default "make" target for the libraries from "install" to
"all" in the makefiles.
Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Allow applications to specify an alternate root for selinux stores.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Each manual page should start with a "NAME" section, which lists the
name and a brief description of the page separated by "\-". These
sections are parsed by "mandb" and stored in a database for the use of
"apropos" and "whatis", so they must be in a certain format. These
manual pages apparently use the wrong format and cannot be parsed by
"mandb". This commit fixes that.
Signed-off-by: Manoj Srivastava <srivasta@debian.org>
Signed-off-by: Joshua Brindle <method@manicmethod.com>
Christian Göttsche
James Carter
Markus Linnala
Ondrej Mosnacek
Aleksei Nikiforov
Yuri Chornoivan
Marcus Folkesson
Yuli Khodorkovskiy
Steve Lawrence
Laurent Bigonville
Eric Paris
Dan Walsh
Guido Trentalancia
Manoj Srivastava
Joshua Brindle