| Age | Commit message (Collapse) | Author |
|---|
|
The gnulib provided sc_tight_scope target was ineffective,
as it was checking against an invalid blank regular expression,
and thus ignoring any extern function issues. This is now
fixed up in gnulib, and so we need to fix our scoping issues
before the next gnulib update.
* cfg.mk: Setup and document the tight_scope config variables
appropriately.
* src/selinux.h: Since declared in *_SOURCES, use the two line
form for the extern function declarations.
* src/set-fields.h: Add the extern declarations, and since declared
in noinst_HEADERS use the single line form.
|
|
Run "make update-copyright" and then...
* tests/sample-test: Adjust to use the single most recent year.
* tests/du/bind-mount-dir-cycle-v2.sh: Fix case in copyright message,
so that year is updated automatically in future.
|
|
* src/selinux.c: As the copyright is assigned to the FSF for all
of coreutils, replace the copyright holder from "Red Hat, Inc."
to "Free Software Foundation, Inc.". Prompted by a warning of
'make update-copyright'. Also update the copyright year.
|
|
* src/selinux.h (ignorable_ctx_err): A new function used
to determine if a warning should be given after a call
to defaultcon() or restorecon().
* src/cp.c (main): Fix the setfscreatecon() call to use
the argument passed by the user.
* src/mkdir.c (make_ancestor): Show all but "ignoreable" errors
from defaultcon() and restorecon().
* tests/misc/selinux.sh: Add a test run as root in selinux enforcing
mode, to ensure cp --context=invalid is honored and fails immediately.
|
|
Handle both newer selinux libraries with mode_to_security_class(),
and systems without selinux at all. We could easily adjust
gnulib to provide the necessary stubs for use by this module,
but it's more efficient to just stub out the module completely,
when not using selinux.
* src/selinux.h: Define stubs for the two module functions,
when SELinux is not available.
* src/selinux.c: Exclude all logic in preference for the stubs
when selinux isn't used. Also when newer selinux libs are used,
don't use our conflicting static version of mode_to_security_class().
m4/jm-macros.m4: Check for the system mode_to_security_class().
|
|
* src/selinux.c: A new module implementing "restorecon" functionality.
There are two main functions to adjust the type of the referenced
file system item. defaultcon() will setup the process context so
that new items will have the required context without races. This is
the preferred method. For existing files, the equivalent restorecon()
is available which has two modes. With the "local" parameter set to
false, restorecon() will adjust the type according to the system
configuration for that file, and set to true will update the context
as per the context for the current process (disregarding type).
* src/selinux.h: Likewise.
* po/POTFILES.in: Reference the new module.
|
