Commit Graph

15 Commits

Author SHA1 Message Date
Dan Walsh
91d0de4adf genhomedircon is no longer a script, but a link to semodule 2013-10-24 13:58:39 -04:00
Dan Walsh
2540b20096 Laurent Bigonville patch to fix various minor manpage issues and correct section numbering. 2013-10-24 13:58:37 -04:00
Eric Paris
3e4ab5e506 policycoreutils: genhomedircon: regenerate genhomedircon more often
The semodule_path file, inside scripts, which is used to tell the
Makefile where genhomedircon should point to find semodule, was not
being updated.  This patch makes sure we update this file every time
something builds, thus genhomedircon doesn't point to some wild out of
data file location.

Signed-off-by: Eric Paris <eparis@redhat.com>
2013-02-05 20:14:48 -05:00
Guido Trentalancia
46ce32a6ee policycoreutils: genhomedircon: dynamically create genhomedircon
It dynamically creates the policycoreutils "genhomedircon"
script during the build process in order not to hard-code
the full path to the semodule executable, as in general the
latter could reside in non-standard SBINDIR/USRSBINDIR
locations.

It might not be very stylish or it might appear cumbersome,
but at least the script should not break as easily as the
current static one.

The patch also edits the Makefile for the scripts so that
LOCALEDIR correctly uses $(PREFIX) rather than an absolute
path.

Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 21:15:41 -04:00
Dan Walsh
7ae7858a6b policycoreutils: semodule: Add -N qualifier to no reload kernel policy
This makes semodule consistent with other commands to no reload the
policy into the kernel after the given change.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-09-12 12:16:15 -04:00
Dan Walsh
24b31a9da5 policycoreutils: semodule: Document semodule -p in man page
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-11-02 16:22:06 -04:00
Eric Paris
468bff0952 tree: Makefiles: syntax, convert all ${VAR} to $(VAR)
This is purely personal preference.  Most of the Makefiles use $() for
Makefile variables, but a couple of places use ${}.  Since this obscured
some later Makefile changes I figured I'd just make them all the same up
front.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-11-02 15:37:08 -04:00
Harry Ciao
e4bc1b223d libsepol: libsemanage: policycoreutils: Create a new preserve_tunables flag in sepol_handle_t.
By default only the effective branch of a tunable conditional would be
expanded and written to raw policy, while all needless unused branches
would be discarded.

Add a new option '-P' or "--preserve_tunables" to the semodule program.
By default it is 0, if set to 1 then the above preserve_tunables flag
in the sepol_handle_t would be set to 1 accordingly.

Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-09-16 11:54:02 -04:00
Eric Paris
5e096d9ceb policycoreutils: semodule: support for alternative root paths
Add a -p option to semodule which will allow it to operate on the
specified semanaged root instead of the default.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-08-11 23:35:52 -04:00
Daniel J Walsh
654dcb897e Last attempt at upstreaming semodule_disable patch.
This patch allows you to disable/Enable policy modules.

It never seems to get upstreamed.  :^(

Signed-off-by: Joshua Brindle <method@manicmethod.com>
2010-03-06 17:56:24 -05:00
Daniel J Walsh
c282c4024d I think I sent this patch before, it is the upgrade patch.
Basically it makes semodule -u file.pp, install file.pp if it does not exist.  This matches the rpm syntax, and allows us too update/install many packages with a transaction without know whether the package is updated or installed.

Currently we can only do a -i which could hammer a newwer version.

commit 3a5ed0fdf42200d0efd6cb1064eab91d2eb5ca52
Author: Dan Walsh <dwalsh@redhat.com>
Date:   Mon Aug 24 11:36:41 2009 -0400

    i Upgrade patch
2009-09-16 10:50:10 -04:00
Christopher Pardy
2c91f6377d semodule: maintain old functionality
Patch for semodule command
semodule -B
Will now turn on dontaudit rules
semodule -DB
Will turn off dontaudit rules.
With other patch all other semanage commands will maintain state.

Created by Dan Walsh

Signed-off-by: Christopher Pardy <cpardy@redhat.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2009-07-07 14:21:29 -04:00
Joshua Brindle
d8b1ea603b Author: Daniel J Walsh
Email: dwalsh@redhat.com
Subject: Make removing of a module a warning rather then an error.
Date: Tue, 13 Jan 2009 08:57:17 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This way if I say a command line

semodule -r mypol -i newmypol

and mypol was not there the semodule command does not error out.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAklsnb0ACgkQrlYvE4MpobNwFACfTqc17wREKC2aAhLOIkfbqgeg
GxgAn2/ZBz5ljtyK1aiVkqoCBj98y9Ey
=I4uX
-----END PGP SIGNATURE-----

Signed-off-by: Joshua Brindle <method@manicmethod.com>
2009-02-16 11:41:02 -05:00
Joshua Brindle
8c51c70d59 Author: Daniel J Walsh
Email: dwalsh@redhat.com
Subject: semodule patch to use new semanage interfaces
Date: Fri, 07 Nov 2008 09:41:24 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Allows semodule to read bzip compressed policy packages directly.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkkUU5QACgkQrlYvE4MpobMHGQCdGwEl3h1ZwV92u1mfgrr3z7XT
NGYAoIwz76N7QFdEr8I0t3ncGhbo6heq
=raBi
-----END PGP SIGNATURE-----

Signed-off-by: Joshua Brindle <method@manicmethod.com>
2009-01-12 10:19:58 -05:00
Joshua Brindle
13cd4c8960 initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00