This makes semodule consistent with other commands to no reload the
policy into the kernel after the given change.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
By default only the effective branch of a tunable conditional would be
expanded and written to raw policy, while all needless unused branches
would be discarded.
Add a new option '-P' or "--preserve_tunables" to the semodule program.
By default it is 0, if set to 1 then the above preserve_tunables flag
in the sepol_handle_t would be set to 1 accordingly.
Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Add a -p option to semodule which will allow it to operate on the
specified semanaged root instead of the default.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Basically it makes semodule -u file.pp, install file.pp if it does not exist. This matches the rpm syntax, and allows us too update/install many packages with a transaction without know whether the package is updated or installed.
Currently we can only do a -i which could hammer a newwer version.
commit 3a5ed0fdf42200d0efd6cb1064eab91d2eb5ca52
Author: Dan Walsh <dwalsh@redhat.com>
Date: Mon Aug 24 11:36:41 2009 -0400
i Upgrade patch
Patch for semodule command
semodule -B
Will now turn on dontaudit rules
semodule -DB
Will turn off dontaudit rules.
With other patch all other semanage commands will maintain state.
Created by Dan Walsh
Signed-off-by: Christopher Pardy <cpardy@redhat.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Email: dwalsh@redhat.com
Subject: Make removing of a module a warning rather then an error.
Date: Tue, 13 Jan 2009 08:57:17 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This way if I say a command line
semodule -r mypol -i newmypol
and mypol was not there the semodule command does not error out.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAklsnb0ACgkQrlYvE4MpobNwFACfTqc17wREKC2aAhLOIkfbqgeg
GxgAn2/ZBz5ljtyK1aiVkqoCBj98y9Ey
=I4uX
-----END PGP SIGNATURE-----
Signed-off-by: Joshua Brindle <method@manicmethod.com>