Since they are being removed, there will be nothing to install.
Suggested-by: Petr Lautrbach <plautrba@redhat.com>
Signed-off-by: James Carter <jwcart2@gmail.com>
Acked-by: Petr Lautrbach <lautrbach@redhat.com>
The Russian translations have not been maintained and are out of
date, so remove them.
Suggested-by: Petr Lautrbach <plautrba@redhat.com>
Signed-off-by: James Carter <jwcart2@gmail.com>
Acked-by: Petr Lautrbach <lautrbach@redhat.com>
setsebool does not directly use any symbols from libsepol. Any
transitional ones, via libsemanage, are available by linking against
libsemanage.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Support the usage format of multiple booleans to change, e.g.:
setsebool bool1=on bool2=off
Support the options -N and -V.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
In case there are errors when committing changes to booleans, the
errors may not be reported to user except by nonzero exit status. With
"setsebool -V" it's possible to see errors from commit phase, but
otherwise the unfixed command is silent:
# setsebool -V -P secure_mode_insmod=off
libsemanage.semanage_install_final_tmp: Could not copy /var/lib/selinux/final/default/contexts/files/file_contexts to /etc/selinux/default/contexts/files/file_contexts. (Read-only file system).
libsemanage.semanage_install_final_tmp: Could not copy /var/lib/selinux/final/default/contexts/files/file_contexts to /etc/selinux/default/contexts/files/file_contexts. (Read-only file system).
Fixed version alerts the user about problems even without -V:
# setsebool -P secure_mode_insmod=off
Failed to commit changes to booleans: Read-only file system
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
As reported in #123, setsebool immediately exits with an error if
SELinux is disabled, preventing its use for setting boolean persistent
values. In contrast, semanage boolean -m works on SELinux-disabled
hosts. Change setsebool so that it can be used with the -P option
(persistent changes) even if SELinux is disabled. In the SELinux-disabled
case, skip setting of active boolean values, but set the persistent value
in the policy store. Policy reload is automatically disabled by libsemanage
when SELinux is disabled, so we only need to call semanage_set_reload()
if -N was used.
Fixes: https://github.com/SELinuxProject/selinux/issues/123
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
There were several places in the makefiles where LDLIBS or CFLAGS were
supposed to include options to build. They were missing the override
keyword so would be skipped if these vars were set on the make cmdline.
Add the override directive to fix this.
Signed-off-by: Jason Zaman <jason@perfinion.com>
The toolchain automatically handles them and they break cross compiling.
LDFLAGS should also come before object files, some flags (eg,
-Wl,as-needed) can break things if they are in the wrong place)
Gentoo-Bug: https://bugs.gentoo.org/500674
Signed-off-by: Jason Zaman <jason@perfinion.com>
If one were to use multiple options such as both -P and -N we would have
problems. The issue is that for some reason instead of looking at
optind (the first non-option) we were looking at argc-optind. These
happen to be the same if there are 0 or 1 options, but doesn't work with
more than 1 option.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Fix setsebool to use -N to not reload policy into the kernel optional on
permanant changes.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
This is purely personal preference. Most of the Makefiles use $() for
Makefile variables, but a couple of places use ${}. Since this obscured
some later Makefile changes I figured I'd just make them all the same up
front.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Add a different error message when setsebool is unable to run because
the user is not root. This just helps people who try to change booleans
based on setroubleshoot output and don't know what went wrong.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
