Age | Commit message (Collapse) | Author |
|
https://github.com/SELinuxProject/selinux/commit/9eb9c9327563014ad6a807814e7975424642d5b9
deprecated selinux_context_t. Replace with a simple char* everywhere.
Alternative fix for #3719.
|
|
This is a follow-up to 5c5433ad32
|
|
As suggested by Evgeny Vereshchagin as a follow up for
https://github.com/systemd/systemd/pull/2781#issuecomment-191043402.
|
|
https://github.com/systemd/systemd/pull/2508#issuecomment-190901170
Maybe fixes https://bugzilla.redhat.com/show_bug.cgi?id=1308771.
|
|
This should be handled fine now by .dir-locals.el, so need to carry that
stuff in every file.
|
|
My previous patch to only include what we use accidentially placed
the added inlcudes in non-sorted order.
|
|
This is a cleaned up result of running iwyu but without forward
declarations on src/basic.
|
|
Let's distuingish the cases where our code takes an active role in
selinux management, or just passively reports whatever selinux
properties are set.
mac_selinux_have() now checks whether selinux is around for the passive
stuff, and mac_selinux_use() for the active stuff. The latter checks the
former, plus also checks UID == 0, under the assumption that only when
we run priviliged selinux management really makes sense.
Fixes: #1941
|
|
Sort the includes accoding to the new coding style.
|
|
|
|
get_current_dir_name() can return a variety of errors, not just ENOMEM,
hence don't blindly turn its errors to ENOMEM, but return correct errors
in path_make_absolute_cwd().
This trickles down into a couple of other functions, some of which
receive unrelated minor fixes too with this commit.
|
|
|
|
When mcstransd* is running non-raw functions will return translated SELinux
context. Problem is that libselinux will cache this information and in the
future it will return same context even though mcstransd maybe not running at
that time. If you then check with such context against SELinux policy then
selinux_check_access may fail depending on whether mcstransd is running or not.
To workaround this problem/bug in libselinux, we should always get raw context
instead. Most users will not notice because result of access check is logged
only in debug mode.
* SELinux context translation service, which will translates labels to human
readable form
|
|
basic/ can be used by everything
cannot use anything outside of basic/
libsystemd/ can use basic/
cannot use shared/
shared/ can use libsystemd/
|