| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* bus/selinux.c (bus_selinux_init): Split into two functions,
bus_selinux_pre_init and bus_selinux_post_init.
(bus_selinux_pre_init): Just determine whether SELinux is
enabled.
(bus_selinux_post_init): Do everything else.
* bus/main.c (main): Call bus_selinux_pre_init before parsing
config file, and bus_selinux_post_init after. This ensures that
we don't lose the policyreload notification thread that
bus_selinux_init created before forking previously.
* bus/test-main.c (test_pre_hook): Update for split.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* bus/selinux.h: Add bus_selinux_enabled.
* bus/selinux.c (bus_selinux_enabled): Implement it.
* bus/config-parser.c (struct include): Add
if_selinux_enabled member.
(start_busconfig_child): Parse if_selinux_enabled
attribute for include.
(bus_config_parser_content): Handle it.
* bus/session.conf.in, bus/system.conf.in: Add
inclusion of context mapping to default config files;
conditional on SELinux being enabled.
* doc/busconfig.dtd: Add to if_selinux_enabled to default DTD.
* test/data/invalid-config-files/badselinux-1.conf,
test/data/invalid-config-files/badselinux-2.conf:
Test files for bad syntax.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* bus/selinux.h: Prototype bus_selinux_get_policy_root.
* bus/selinux.c: Create a thread for policy reload notification.
(bus_selinux_get_policy_root): Implement.
Updated SELinux support from Matthew Rickard <mjricka@epoch.ncsc.mil>
* bus/config-parser.c (start_busconfig_child)
(bus_config_parser_content): Support SELinux-root relative
inclusion.
* configure.in <HAVE_SELINUX>: Add -lpthread.
* bus/test-main.c (test_pre_hook, test_post_hook): New.
(test_post_hook): Move memory checking into here.
(test_pre_hook, test_post_hook): Move SELinux checks in
here, but conditional on a DBUS_TEST_SELINUX environment
variable. Unfortunately we can't run the SELinux checks
as a normal user, since they won't have any permissions
for /selinux. So this will have to be tested manually
for now, until we have virtualization for most of
libselinux.
|
|
|
|
|
| |
* COPYING: switch to Academic Free License version 2.1 instead of
2.0, to resolve complaints about patent termination clause.
|
|
SELinux support from Matthew Rickard <mjricka@epoch.ncsc.mil>
* bus/selinux.c, bus/selinux.h: new file encapsulating selinux
functionality
* configure.in: add --enable-selinux
* bus/policy.c (bus_policy_merge): add FIXME to a comment
* bus/main.c (main): initialize and shut down selinux
* bus/connection.c: store SELinux ID on each connection, to avoid
repeated getting of the string context and converting it into
an ID
* bus/bus.c (bus_context_get_policy): new accessor, though it
isn't used
(bus_context_check_security_policy): check whether the security
context of sender connection can send to the security context of
recipient connection
* bus/config-parser.c: add parsing for <selinux> and <associate>
* dbus/dbus-transport.c (_dbus_transport_get_unix_fd): to
implement dbus_connection_get_unix_fd()
* dbus/dbus-connection.c (dbus_connection_get_unix_fd): new
function, used by the selinux stuff
|