Commit Graph

14 Commits

Author SHA1 Message Date
Yuli Khodorkovskiy 057197c69a libsemanage: Add option to remove HLL files after compilation
This adds a 'remove-hll' option to semanage.conf. If set to 'true', all
HLL files will be removed from the SELinux store after successfully
buildling the SELinux modules. The default for this option is 'false'.

In order to delete already compiled HLL files, the modules need to be
recompiled with the ignore-module-cache option.

Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
Acked-by: Steve Lawrence <slawrence@tresys.com>
2015-02-27 08:41:59 -05:00
Yuli Khodorkovskiy 5e75b96e91 libsemanage: add the ability to set an alternative root path for store
Allow an alternative selinux store root path to be used. The option
can be set in semanage.conf as store_root. If no option is provided, the
default path for the store_root is "/var/lib/selinux".

Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2014-08-26 08:03:31 -04:00
Yuli Khodorkovskiy cae4a4c951 libsemanage: add support for HLL to CIL compilers
An HLL to CIL compiler must exist in the compiler_directory path which
is configubrable in semanage.conf. By default, this path is
/usr/libexec/selinux/hll/. The compiler name needs to match the HLL
language extension. For example, for pp files,
/usr/libexec/selinux/hll/pp must exist.

The HLL infrastructure uncompresses the HLL module and pipes the data to
the appropriate CIL compiler. The output CIL from the compiler is read
from another pipe, compressed, and saved to the module store as a cached
CIL file. This file will be used on all subsequent policy builds, unless
a new module is installed with the same name at the same priority, at
which point the cache is deleted and is subsequently rebuilt and cached.

A new option is added to semanage.conf, ignore_cache, which if set to
true will cause the cached CIL files to be ignored and all HLL files to
be recompiled and the resulting CIL to be recached.

Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2014-08-26 08:03:31 -04:00
Steve Lawrence c654ca1cf4 libsemanage: add target-platform option to semanage.conf
The target platform used to come from the base module. However, CIL has
no concept of a base module or a target platform. This adds an option to
semanage.conf (target-platform) to control how policies should be built.

Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2014-08-26 08:02:16 -04:00
Steve Lawrence c35678eb6d libsemanage: add back support for semange_set_root using the new source policy infrastructure
Removed in commits:
- Revert "libsemanage: introduce semanage_set_root and friends"
- Revert "libsemanage: Alternate path for semanage.conf"
- Revert "libsemanage: Use default semanage.conf as a fallback"

Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2014-08-26 08:02:16 -04:00
Steve Lawrence 844810d9ac Revert "libsemanage: introduce semanage_set_root and friends"
This reverts commit 9cd587f553.

Conflicts:

	libsemanage/include/semanage/handle.h
2014-08-26 08:02:16 -04:00
Laurent Bigonville c8dd59ba96 libsemanage: Fix cases where hyphen were used as minus sign in manpages 2013-10-16 15:11:18 -04:00
Eric Paris 915b5f885f libsemanage: add ignoredirs config for genhomedircon
For a long time /root has been treated differently in Red Hat
Distributions then upstream policy.

We do not want to label /root the same as a users homedir.  Because of
this we have carried a patch in libsemanage/genhomedircon.c to ignore
/root.

This patch adds a flag to semanage.conf, ignoredirs.  That will allow
distributions or users to specify directories that genhomedircon
should ignore when setting up users homedir labeling.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-21 12:25:28 -05:00
Dan Walsh 2c4eca16dd libsemanage: create man5dir if not exist
Make new man page directory if it doesn't exist.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-11-02 15:37:11 -04:00
Guido Trentalancia 06f53004d9 libsemanage: semanage.conf man page
Add a new semanage.conf man page.

Signed-off-by: Eric Paris <eparis@redhat.com>
2011-11-02 15:37:11 -04:00
Guido Trentalancia eb695e5a56 whole tree: default make target to all not install
Change the default "make" target for the libraries from "install" to
"all" in the makefiles.

Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-09-16 11:54:04 -04:00
Eric Paris 9cd587f553 libsemanage: introduce semanage_set_root and friends
Allow applications to specify an alternate root for selinux stores.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-08-11 23:35:52 -04:00
Manoj Srivastava a6700ba05f libsemanage: Fix the format of the NAME lines
Each manual page should start with a "NAME" section, which lists the
name and a brief description of the page separated by "\-". These
sections are parsed by "mandb" and stored in a database for the use of
"apropos" and "whatis", so they must be in a certain format. These
manual pages apparently use the wrong format and cannot be parsed by
"mandb". This commit fixes that.

Signed-off-by: Manoj Srivastava <srivasta@debian.org>
Signed-off-by: Joshua Brindle <method@manicmethod.com>
2009-11-27 12:51:57 -05:00
Joshua Brindle 13cd4c8960 initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00