~lukeshu/systemd - Unnamed repository; edit this file 'description' to name the repository.

Age	Commit message (Collapse)	Author
2014-12-04	selinux: figure out selinux context applied on exec() before closing all fds	Michal Sekletar
	We need original socket_fd around otherwise mac_selinux_get_child_mls_label fails with -EINVAL return code. Also don't call setexeccon twice but rather pass context value of SELinuxContext option as an extra argument. Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
2014-11-14	shared: create files even if the SELinux policy has no context for them	Michal Schmidt
	The SELinux policy defines no context for some files. E.g.: $ matchpathcon /run/lock/subsys /dev/mqueue /run/lock/subsys <<none>> /dev/mqueue <<none>> We still need to be able to create them. In this case selabel_lookup_raw() returns ENOENT. We should then skip setfscreatecon(), but still return success. It was broken since c34255bdb2 ("label: unify code to make directories, symlinks"). Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
2014-10-26	src/shared/selinux-util.c: add path_is_absolute() check	Anthony G. Basile
	Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
2014-10-25	selinux: clean up selinux label function naming	Lennart Poettering
	Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
2014-10-25	selinux: simplify and unify logging	Lennart Poettering
	Normally we shouldn#t log from "library" functions, but SELinux is weird, hence upgrade security messages uniformly to LOG_ERR when in enforcing mode. Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
2014-10-25	selinux: rework label query APIs	Lennart Poettering
	APIs that query and return something cannot silently fail, they must either return something useful, or an error. Fix that. Also, properly rollback socket unit fd creation when something goes wrong with the security framework. Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
2014-10-25	smack: rework SMACK label fixing code to follow more closely the semantics ↵	Lennart Poettering
	of the matching selinux code Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
2014-10-25	selinux: make use of cleanup gcc magic	Lennart Poettering
	Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
2014-10-25	mac: also rename use_{smack,selinux,apparmor}() calls so that they share the ↵	Lennart Poettering
	new mac_{smack,selinux,apparmor}_xyz() convention Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
2014-10-25	mac: rename apis with mac_{selinux/smack}_ prefix	WaLyong Cho
	Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
2014-10-25	label: rearrange mandatory access control(MAC) apis	WaLyong Cho
	move label apis to selinux-util.ch or smack-util.ch appropriately. Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
2014-08-14	src/shared: some stylistic changes	Anthony G. Basile
	Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
2014-08-14	src/shared: import more code cleanups from upstream	Anthony G. Basile
	Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
2012-11-15	Isolation of udev code from remaining systemd	Anthony G. Basile
	This commit is a first attempt to isolate the udev code from the remaining code base. It intentionally does not modify any files but purely delete files which, on a first examination, appear to not be needed. This is a sweeping commit which may easily have missed needed code. Files can be retrieved by doing a checkout from the previous commit: git checkout 2944f347d0 -- <filename>
2012-10-03	build-sys: fix !HAVE_SELINUX case	Colin Walters

2012-10-02	selinux: rework selinux access check logic	Lennart Poettering
	a) Instead of parsing the bus messages inside of selinux-access.c simply pass everything pre-parsed in the functions b) implement the access checking with a macro that resolves to nothing on non-selinux builds c) split out the selinux checks into their own sources selinux-util.[ch] d) this unifies the job creation code behind the D-Bus calls Manager.StartUnit() and Unit.Start().