| Commit message (Collapse) | Author | Age |
|---|
| | |
|
| | |
|
| |
|
|
| |
move label apis to selinux-util.ch or smack-util.ch appropriately.
|
| |
|
|
|
|
|
|
|
|
| |
This makes possible to spawn service instances triggered by socket with
MLS/MCS SELinux labels which are created based on information provided by
connected peer.
Implementation of label_get_child_mls_label derived from xinetd.
Reviewed-by: Paul Moore <pmoore@redhat.com>
|
| | |
|
| |
|
|
|
|
| |
This reverts commit cf8bd44339b00330fdbc91041d6731ba8aba9fec.
Needs more discussion on the mailing list.
|
| |
|
|
|
|
|
|
|
|
| |
This makes possible to spawn service instances triggered by socket with
MLS/MCS SELinux labels which are created based on information provided by
connected peer.
Implementation of label_get_child_label derived from xinetd.
Reviewed-by: Paul Moore <pmoore@redhat.com>
|
| | |
|
| | |
|
| |
|
|
|
| |
Avoid pulling-in selinux for tools which just create directories
but not need to fix the selinux label.
|
| |
|
|
|
|
|
| |
Also split out some fileio functions to fileio.c and provide a SELinux
aware pendant in fileio-label.c
see https://bugzilla.redhat.com/show_bug.cgi?id=881577
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
#pragma once has been "un-deprecated" in gcc since 3.3, and is widely supported
in other compilers.
I've been using and maintaining (rebasing) this patch for a while now, as
it annoyed me to see #ifndef fooblahfoo, etc all over the place,
almost arrogant about the annoyance of having to define all these names to
perform a commen but neccicary functionality, when a completely superior
alternative exists.
I havn't sent it till now, cause its kindof a style change, and it is bad
voodoo to mess with style that has been established by more established
editors. So feel free to lambast me as a crazy bafoon.
v2 - preserve externally used headers
|
| |
|
|
| |
mount but can't due to EROFS
|
| |
|
|
|
|
|
| |
This reverts commit 9b5af248f04b6cad8a5bca836e89a39e9f6823d9.
Udev now explicitely labels only files/directories in /dev. The selinux
array API is not released and will not work on other distros at this moment.
|
| | |
|
| |
|
|
|
|
| |
systemd-udev is currently incorrectly labeling /run/udev/* content because it is
using selinux prefix labeling of /dev. This patch will allow systemd-udev to
use prefix labeling of /dev and /run.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
We finally got the OK from all contributors with non-trivial commits to
relicense systemd from GPL2+ to LGPL2.1+.
Some udev bits continue to be GPL2+ for now, but we are looking into
relicensing them too, to allow free copy/paste of all code within
systemd.
The bits that used to be MIT continue to be MIT.
The big benefit of the relicensing is that closed source code may now
link against libsystemd-login.so and friends.
|
|
|
internal libraries
Before:
$ ldd /lib/systemd/systemd-timestamp
linux-vdso.so.1 => (0x00007fffb05ff000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f90aac57000)
libcap.so.2 => /lib64/libcap.so.2 (0x00007f90aaa53000)
librt.so.1 => /lib64/librt.so.1 (0x00007f90aa84a000)
libc.so.6 => /lib64/libc.so.6 (0x00007f90aa494000)
/lib64/ld-linux-x86-64.so.2 (0x00007f90aae90000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f90aa290000)
libattr.so.1 => /lib64/libattr.so.1 (0x00007f90aa08a000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f90a9e6e000)
After:
$ ldd systemd-timestamp
linux-vdso.so.1 => (0x00007fff3cbff000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f5eaa1c3000)
librt.so.1 => /lib64/librt.so.1 (0x00007f5ea9fbb000)
libc.so.6 => /lib64/libc.so.6 (0x00007f5ea9c04000)
/lib64/ld-linux-x86-64.so.2 (0x00007f5eaa3fc000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f5ea9a00000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f5ea97e4000)
|
