Sandbox policy is huge do to macro expansion. We do not install this by default
but sandbox command can fail without it installed. This patch prints a message to the
user to install the package.
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
libselinux uses weak bindings to pthread functions and will fall
back to non-threaded implementations if the caller is not linked
with libpthread. Avoid requiring all users of libselinux to
link with libpthread.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Use Type=forking and pass PIDFile option, this allows better tracking of
the livecycle of the daemon.
Only attempt to start the daemon if selinux is enabled.
Drop After=syslog.target, syslog is socket activated anyway
Running valgrind flagged up three "definitely lost" malloc/realloc errors
when checking constraints.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Allow mls/constraint mls/validatetrans constraints to be displayed
in debug mode. If POLICY_KERN version is >=
POLICYDB_VERSION_CONSTRAINT_NAMES then the policy defined
types/attributes will be returned.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
This will return mls/validatetrans constraint information for each
expression in a buffer. If POLICY_KERN version is >=
POLICYDB_VERSION_CONSTRAINT_NAMES then the policy defined types/attributes
will be returned.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The default encoding patch, was never upstreamed. default_encoding module
switched python2 to always use unicode. Potentially in some languages
semanage will blow up when errors are reported.
The need for this patch is going away in python3, which should be the default
in Fedora 21/22.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlJ5DT4ACgkQrlYvE4MpobMvrgCfcEvZY4q7F17q9dbYJrHJXpae
Ut8AoM2TP99Ca0/lJAjoMTGsqr50P35/
=BHTe
-----END PGP SIGNATURE-----
make-update script is for generating an update for an existing release,
e.g. for a bug fix update.
release script is for generating a new release.
Per-package tagging may fail on the release script if the version
has not changed; this is harmless.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Tag the release before generating it, and automatically generate
a template for use in updating the wiki page. Also, make the
output directory unique to each release, delete any prior contents,
and tell the user where to find it.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Help the administrator/policy developer to see what parts of the label are different.
For example if you get a constraint violation and the role of the source and target
differ, audit2allow will suggest this might be the problem.
