Tomasz Swierczek [Fri, 12 Jan 2018 06:54:46 +0000 (07:54 +0100)]
Added binary hardening options
* stack-protector-strong
* FORTIFY_SOURCE
* -zrelro -znow
Change-Id: I260204b87da91e1d26bfe3b63f95c72ac5296703
Rafal Krypa [Fri, 3 Nov 2017 17:02:49 +0000 (18:02 +0100)]
Merge tag 'v1.3.1' into HEAD
Change-Id: I25df2ea84fcd9bf8b02348d90ee27443789eedbc
jin-gyu.kim [Mon, 12 Jun 2017 08:26:16 +0000 (17:26 +0900)]
Fix potenial buffer overflow in smack_set_onlycap_from_file()
While reading Smack onlycap labels from a file, take care of possibility
to read a label that is longer than SMACK_LABEL_LEN.
Change-Id: Ic1406cd125be258af1f6eaa2b4561cbaeed0cec1
Rafal Krypa [Fri, 28 Jul 2017 09:55:23 +0000 (11:55 +0200)]
Release version 1.3.1
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Thu, 27 Jul 2017 19:32:28 +0000 (21:32 +0200)]
Improve guards against buffer overflows
Make the libsmack code more defensive with regard to filling memory buffers.
Rafał Krypa [Sat, 1 Jul 2017 08:35:58 +0000 (10:35 +0200)]
Merge pull request #128 from rafal-krypa/issue128
Fix potential buffer overflow in smack_set_onlycap_from_file()
Rafal Krypa [Thu, 8 Jun 2017 16:11:30 +0000 (18:11 +0200)]
Fix potential buffer overflow in smack_set_onlycap_from_file()
While reading Smack onlycap labels from a file, take care of possibility
to read a label that is longer than SMACK_LABEL_LEN.
Rafal Krypa [Mon, 14 Nov 2016 16:40:58 +0000 (17:40 +0100)]
Merge and release upstream version 1.3.0
Change-Id: Ib539d705bd76567ba61f91d2f549f5152f286936
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Tue, 18 Oct 2016 14:13:08 +0000 (16:13 +0200)]
Release version 1.3.0
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Tue, 18 Oct 2016 14:40:29 +0000 (16:40 +0200)]
libsmack: add new function for retrieving Smack label of any process
Until now libsmack provided only function for returning Smack label of the
calling process. But it is often needed to get label of another process.
User programs needed to implement this by themselves by accessing appropriate
procfs interface.
Add new function smack_new_label_from_process that takes PID of the process
and returns its label.
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Mon, 17 Oct 2016 15:04:18 +0000 (17:04 +0200)]
chsmack: fixes to function processing Smack labels in directory
Modify the explore() function providing abstract processing of directories
and files inside them:
- replace usage of readdir_r() (which is now deprecated in glibc) by
readdir()
- use more meaningful names for local variables
- don't use magic numbers for padding buffer size "just in case", calculate
actual needed buffer size with care
- prevent memory leak when realloc() fails
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Tomasz Swierczek [Wed, 18 May 2016 15:25:29 +0000 (17:25 +0200)]
Add smack_set_onlycap, smack_set_onlycap_from_file APIs
smack_set_onlycap applies the list of supplied labels to kernel.
Its usage in smack_load_policy() searches for the text file
with list of labels in /etc/smack/onlycap (each label
in separate line). smack_set_onlycap_from_file usage was also added
to smack_load_policy() function.
Signed-off-by: Tomasz Swierczek <t.swierczek@samsung.com>
Rafał Krypa [Mon, 17 Oct 2016 14:21:05 +0000 (16:21 +0200)]
Merge pull request #124 from grzelewski/master
Unify smack function behaviour and fix description in headers.
Bartlomiej Grzelewski [Tue, 14 Jun 2016 10:08:32 +0000 (12:08 +0200)]
Unify implementation of smack functions
The new implementation does not count NULL char to string length.
Bartlomiej Grzelewski [Thu, 16 Jun 2016 10:07:31 +0000 (12:07 +0200)]
Fix descriptions in header file
Description of this function has been changed:
* smack_set_label_for_path
* smack_set_label_for_file
Both functions return 0 on success and negative
value on error.
Yunjin Lee [Thu, 23 Jun 2016 05:28:40 +0000 (22:28 -0700)]
Revert "Update minor version: 1.2.1"
This reverts commit
fe3d94ae86c452df19cecf8e7f353182af497d4c.
Change-Id: I69ea7c058a83a53e6c70df05f568f430a6f80927
Yunjin Lee [Thu, 23 Jun 2016 04:19:24 +0000 (13:19 +0900)]
Update minor version: 1.2.1
Change-Id: Ib3cb075102ca97fad65f7b90c1701701ffca2c74
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Thu, 23 Jun 2016 04:04:59 +0000 (13:04 +0900)]
Apply ASLR on smack utils
Change-Id: I93535399086f5cd207474e641a97caa78dcab76a
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Rafal Krypa [Mon, 16 May 2016 08:31:12 +0000 (10:31 +0200)]
Merge and release upstream version 1.2.0
Change-Id: I67d44eaab31feb30344f6a3ca219734699929734
Rafal Krypa [Fri, 13 May 2016 09:32:09 +0000 (11:32 +0200)]
debian: adapt to version 1.2.x
Fix debian changelog and library symbols information.
Change-Id: I3803edabb995dc0579a40751857253c63e88574f
Rafal Krypa [Fri, 13 May 2016 09:32:42 +0000 (11:32 +0200)]
Bumped version to 1.2.0
Change-Id: I8eaf7569bb85af8d621e7188d145e4b12c3c5db3
Rafal Krypa [Fri, 13 May 2016 09:32:09 +0000 (11:32 +0200)]
debian: adapt to version 1.2.x
Fix debian changelog and library symbols information.
Change-Id: I3803edabb995dc0579a40751857253c63e88574f
Rafał Krypa [Fri, 13 May 2016 09:10:41 +0000 (11:10 +0200)]
Merge pull request #122 from jpeach/check-file-dtype
Support filesystems that don't fill in d_type.
Rafał Krypa [Fri, 13 May 2016 09:05:57 +0000 (11:05 +0200)]
Merge pull request #121 from jobol/master
this closes #103 issue
José Bollo [Mon, 4 Apr 2016 10:26:53 +0000 (12:26 +0200)]
chsmack: integrates remarks from review
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
José Bollo [Mon, 4 Apr 2016 10:02:41 +0000 (12:02 +0200)]
chsmack: linux formating of code
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
José Bollo [Thu, 7 Jan 2016 16:41:21 +0000 (17:41 +0100)]
chsmack: add recursive option
The option if set will enter the directories
and apply the settings of properties or just
list properties of files.
The symbolic links will not be followed except
if present in the command line.
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
José Bollo [Thu, 7 Jan 2016 15:53:38 +0000 (16:53 +0100)]
chsmack: make option -d obsolete
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
José Bollo [Thu, 7 Jan 2016 15:43:23 +0000 (16:43 +0100)]
chsmack: use functions for processing
This commit prepares implementation of
recursive processing.
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
José Bollo [Thu, 7 Jan 2016 15:29:56 +0000 (16:29 +0100)]
chsmack: use function to check arguments
The function 'set_state' greatly improves the
readability of the code.
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
José Bollo [Thu, 7 Jan 2016 15:01:50 +0000 (16:01 +0100)]
chsmack: use global variables and cosmetics
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
José Bollo [Thu, 7 Jan 2016 14:39:46 +0000 (15:39 +0100)]
chsmack: add more option for dropping properties
4 new options allow to drop Smack properties
either in the same time that others are set
or specifically.
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
José Bollo [Thu, 7 Jan 2016 14:08:52 +0000 (15:08 +0100)]
chsmack: adds 'drop' option
This option allows to drop any property that
is not explicitely set. This option is intended
to prevent to call chsmack times.
By eample, the following sequence:
chsmack -d file
chsmask -a User::Item file
becomes
chsmack -D -a User::Item file
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
José Bollo [Thu, 7 Jan 2016 11:49:25 +0000 (12:49 +0100)]
chsmack: merge modification loops
The two separate loops, one for deleting,
one for setting are now merged in only
one loop.
It prepares implementation of future
options.
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
José Bollo [Thu, 7 Jan 2016 11:23:55 +0000 (12:23 +0100)]
chsmack: better naming
The name 'option_flag' wasn't very good.
The new name 'modify' is more explicit.
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
José Bollo [Thu, 7 Jan 2016 11:14:04 +0000 (12:14 +0100)]
chsmack: implement the state logic
The state for attribute now reflects the expected
action: positive for adding attribute, negative for
removing it.
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
José Bollo [Thu, 7 Jan 2016 10:54:25 +0000 (11:54 +0100)]
chsmack: less error printing
Is it really an error to remove an attribute
that doesn't exists? I don't think so because
the final result is the expected result.
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
José Bollo [Thu, 7 Jan 2016 10:36:29 +0000 (11:36 +0100)]
chsmack: minor refactor of structures
This is an intermediate commits that prepare
the evolution of how settings and removings
are handled.
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
José Bollo [Thu, 7 Jan 2016 10:03:42 +0000 (11:03 +0100)]
chsmack: removing of 'option_map'
The array 'option_map' is mostly needed for
printing errors.
Thus why to loose very little time
for setting it if it will not be needed?
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
James Peach [Tue, 15 Mar 2016 16:15:55 +0000 (09:15 -0700)]
Support filesystems that don't fill in d_type.
If the filesystem doesn't fill in the d_type dirent field, stat the name
to figure out the inode type. This can happen on older XFS filesystems
created with old mkfs options.
Signed-off-by: James Peach <jpeach@apache.org>
Rafał Krypa [Thu, 31 Dec 2015 15:53:42 +0000 (16:53 +0100)]
Merge pull request #120 from v14dz/master
Ends the smackcipso usage with a newline
Rafal Krypa [Tue, 17 Nov 2015 19:18:22 +0000 (20:18 +0100)]
libsmack: add function for configuring relabel-self interface
Implement smack_set_relabel_self() libsmack function for updating list
of labels to which the current process will be allowed to switch.
The caller must hold CAP_MAC_ADMIN capability, but if it drops
capabilities later, it will be permitted to change its label only to one
of labels permitted.
Bump the library version to 1.2.0 and put the new function there.
Change-Id: I9bb252baa9e8238781c66fa60111997c79047439
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Kidong Kim [Mon, 28 Dec 2015 08:09:47 +0000 (17:09 +0900)]
add license file(GPL-2.0)
Change-Id: I6cf8e4a56a08ce7a84a86d1fe3530b6b4df9f499
(cherry picked from commit
8f5c0d11107b071cd72bbe2f3bc8db05a15a37d7)
vladz [Tue, 28 Jul 2015 18:38:17 +0000 (20:38 +0200)]
Ends the smackcipso usage with a newline
Rafał Krypa [Thu, 21 May 2015 16:31:05 +0000 (18:31 +0200)]
Merge pull request #119 from doughdemon/master
libsmack/common.c: Include <limits.h> for PATH_MAX
Felix Janda [Wed, 20 May 2015 19:25:22 +0000 (21:25 +0200)]
libsmack/common.c: Include <limits.h> for PATH_MAX
Signed-off-by: Felix Janda <felix.janda@posteo.de>
Rafał Krypa [Mon, 13 Apr 2015 14:24:26 +0000 (16:24 +0200)]
Merge pull request #118 from JanCybulski/master
chsmack: print error message if obtaining access label fails
Jan Cybulski [Thu, 2 Apr 2015 13:35:59 +0000 (15:35 +0200)]
chsmack: print error message if obtaining access label fails
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
Rafal Krypa [Mon, 16 Feb 2015 16:20:00 +0000 (17:20 +0100)]
packaging: update version information
Version 1.1.0 has been released and merged.
Change-Id: Ib5d1a24554ac4aeecffe4e632e3af18d1c86c1b4
Rafal Krypa [Mon, 16 Feb 2015 16:32:18 +0000 (17:32 +0100)]
Merge tag 'v1.1.0' into tizen
Conflicts:
configure.ac
debian/libsmack1.symbols
libsmack/Makefile.am
libsmack/libsmack.c
libsmack/sys/smack.h
Change-Id: Ic77fc70eeac91d8113a646a517f56cb59ffb4235
Rafal Krypa [Mon, 16 Feb 2015 16:01:27 +0000 (17:01 +0100)]
Bumped version to 1.1.0
Rafal Krypa [Mon, 16 Feb 2015 16:06:45 +0000 (17:06 +0100)]
build: Ignore and clean up generated file doc/doxygen_sqlite3.db
Rafal Krypa [Mon, 16 Feb 2015 15:53:52 +0000 (16:53 +0100)]
Update maintainer and copyright information
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafał Krypa [Mon, 16 Feb 2015 15:45:57 +0000 (16:45 +0100)]
Merge pull request #114 from jobol/goto-1.1
Going to a delivery of version 1.1
Rafal Krypa [Fri, 9 Jan 2015 10:47:13 +0000 (11:47 +0100)]
packaging: update version information
Version 1.0.5 has been released and merged.
Change-Id: I2a2be59f16583d092ef56e2eb070fcc691c38ab5
Rafal Krypa [Fri, 9 Jan 2015 10:41:44 +0000 (11:41 +0100)]
Merge remote-tracking branch 'tizen/upstream' into tizen
Change-Id: Ib8d978e8e9f223c8b76b52e6e0e04ce0949cf5a2
Rafal Krypa [Fri, 9 Jan 2015 10:38:45 +0000 (11:38 +0100)]
Changed library version to 1.0.5
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Tue, 30 Dec 2014 17:27:12 +0000 (09:27 -0800)]
Revert "libsmack: fix parsing of CIPSO settings"
Replacing it with the final version that got into upstream repo.
This reverts commit
cd52b27e4a3d7c19466b597b341128e7f05c8796.
Change-Id: I15dc6a88a3721af2798ef85b837cdc51a0a1e94a
Rafal Krypa [Fri, 26 Dec 2014 12:53:43 +0000 (12:53 +0000)]
libsmack: use bit array to reduce the size of struct cipso_mapping
To decrease size of struct cipso_mapping, categories are now stored in a
bit array. This reduces the size of the whole struct.
On a i386 machine it will occupy 292 bytes instead of 1004.
Change-Id: I5e9119ee822131cd0adcb479359a0693f094aee6
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Fri, 26 Dec 2014 12:33:54 +0000 (12:33 +0000)]
libsmack: fix parsing of CIPSO settings
Adjust CIPSO parsing to expected kernel format:
- maximum number of categories is 184
- each category value must be between 1 and 184
Change-Id: Ic5e4ccd2104ed3284a873087339bf792536b2125
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Jan Cybulski [Mon, 22 Dec 2014 10:07:58 +0000 (11:07 +0100)]
smackcipso: usage update
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
Rafał Krypa [Sun, 28 Dec 2014 10:56:42 +0000 (10:56 +0000)]
Merge pull request #117 from JanCybulski/master
smackcipso: usage update
Rafał Krypa [Sun, 28 Dec 2014 10:56:06 +0000 (10:56 +0000)]
Merge pull request #116 from rafal-krypa/issue116
libsmack: fix parsing of CIPSO settings
Rafal Krypa [Fri, 26 Dec 2014 12:53:43 +0000 (12:53 +0000)]
libsmack: use bit array to reduce the size of struct cipso_mapping
To decrease size of struct cipso_mapping, categories are now stored in a
bit array. This reduces the size of the whole struct.
On a i386 machine it will occupy 292 bytes instead of 1004.
Change-Id: I5e9119ee822131cd0adcb479359a0693f094aee6
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Fri, 26 Dec 2014 12:33:54 +0000 (12:33 +0000)]
libsmack: fix parsing of CIPSO settings
Adjust CIPSO parsing to expected kernel format:
- maximum number of categories is 184
- each category value must be between 1 and 184
Change-Id: Ic5e4ccd2104ed3284a873087339bf792536b2125
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Jan Cybulski [Mon, 22 Dec 2014 10:07:58 +0000 (11:07 +0100)]
smackcipso: usage update
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
Rafal Krypa [Sat, 20 Dec 2014 01:31:05 +0000 (01:31 +0000)]
libsmack: fix parsing of CIPSO settings
Adjust CIPSO parsing to expected kernel format:
- maximum number of categories is 184
- each category value must be between 1 and 184
To decrease size of struct cipso_mapping, categories are now stored in a
bit array. Thanks to this, category bitmap occupies 96 bits instead of 736.
Change-Id: I38b8fa5bd0830abc59de9dc3ebf208e18a82bbeb
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
José Bollo [Tue, 15 Apr 2014 07:12:45 +0000 (09:12 +0200)]
smackctl: Adding reliable usage
Adding help text providing usage information for smackctl utility.
Minor improvement of the manual page for smackctl.
Change-Id: I31f8fd4a4c866284255e4865bf7bb9512e3c793f
Signed-off-by: José Bollo <jose.bollo@open.eurogiciel.org>
José Bollo [Thu, 9 Oct 2014 07:04:41 +0000 (09:04 +0200)]
libsmack: New functions handling file's attributes
The new functions are:
- smack_new_label_from_file
- smack_set_label_for_file
- smack_remove_label_for_file
This functions allow to operate on opened
files using their linux file descritor for
reading, writing or destroying the named
file attribute given.
Change-Id: I454e96ca2eeb21e08a40c39c830e5b903875580b
Signed-off-by: José Bollo <jose.bollo@open.eurogiciel.org>
Krzysztof Jackiewicz [Thu, 28 Aug 2014 15:39:01 +0000 (17:39 +0200)]
Fixed memory leak CID: 40641
Change-Id: I0c768b65964bdf2f7578ee937b7807054336e41c
Jarkko Sakkinen [Thu, 5 Jun 2014 16:24:46 +0000 (19:24 +0300)]
Merge branch 'v1.0.x'
Jarkko Sakkinen [Thu, 5 Jun 2014 16:24:17 +0000 (19:24 +0300)]
Merge remote-tracking branch 'penszo/v1.0.x' into v1.0.x
Jarkko Sakkinen [Thu, 5 Jun 2014 16:22:23 +0000 (19:22 +0300)]
Revert "libsmack: Terminate attribute string"
This reverts commit
cbdd52af82bce9d2ab79e43e0757c4d077d08907.
Rafal Krypa [Tue, 15 Apr 2014 15:24:19 +0000 (17:24 +0200)]
libsmack: fix smack_new_label_from_path() (regression in
e6890752)
Function smack_new_label_from_path failed to null-terminate xattr value
before passing it to get_label.
Change-Id: I7338c97eb6ec2925c7b5a9d30b4f428002bcb3b6
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Zbigniew Jasinski [Thu, 29 May 2014 09:57:12 +0000 (11:57 +0200)]
libsmack: fix memory leak
Signed-off-by: Zbigniew Jasinski <z.jasinski@samsung.com>
Casey Schaufler [Fri, 9 May 2014 14:55:08 +0000 (07:55 -0700)]
Merge "Clean spec file and remove depreacated /smack install directory." into tizen
Adrian Negreanu [Thu, 21 Nov 2013 18:52:37 +0000 (20:52 +0200)]
require pkg-config at build time
[ 296s] ./configure: line 10783: syntax error near unexpected token `SYSTEMD,'
[ 296s] ./configure: line 10783: `PKG_CHECK_MODULES(SYSTEMD,'
[ 297s] error: Bad exit status from /var/tmp/rpm-tmp.u3al6b (%build)
Change-Id: I6e565f370f7330366be0d7d7fa57edb74dc8635e
Signed-off-by: Adrian Negreanu <adrian.m.negreanu@intel.com>
Casey Schaufler [Fri, 2 May 2014 23:34:24 +0000 (16:34 -0700)]
libsmack: Terminate attribute string
The smack_new_label_from_path function reads an xattr
that may not be null byte terminated. This occurs in the
SMACK64TRANSMUTE case. Technically, the transmute attribute
isn't a label, so this function shouldn't be used to fetch
the value, but we'll let that go. This is just good string
hygiene in any case.
This is an issue because chsmack prints transmute="TRUE0"
without this fix.
Signed-off-by: Casey Schaufler <casey.schaufler@intel.com>
Jarkko Sakkinen [Thu, 24 Apr 2014 05:08:37 +0000 (08:08 +0300)]
Merge branch 'v1.0.x'
Conflicts:
utils/smackctl.c
Jarkko Sakkinen [Thu, 24 Apr 2014 04:22:29 +0000 (07:22 +0300)]
Merge remote-tracking branch 'rafal-krypa/issue108' into v1.0.x
Jarkko Sakkinen [Mon, 14 Apr 2014 22:37:21 +0000 (01:37 +0300)]
utils: add options for version and usage information
Added option -v/--version for displaying version information
and -h/--help for displaying usage information.
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Ronan Le Martret [Fri, 21 Mar 2014 16:28:18 +0000 (17:28 +0100)]
Clean spec file and remove depreacated /smack install directory.
Change-Id: If6234f54899df5b88091959062a324df66fc8551
Signed-off-by: Ronan Le Martret <ronan@fridu.net>
Rafal Krypa [Tue, 15 Apr 2014 15:24:19 +0000 (17:24 +0200)]
libsmack: fix smack_new_label_from_path() (regression in
e6890752)
Function smack_new_label_from_path failed to null-terminate xattr value
before passing it to get_label.
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Jarkko Sakkinen [Mon, 14 Apr 2014 22:24:00 +0000 (01:24 +0300)]
Merge branch 'v1.0.x'
Jarkko Sakkinen [Mon, 14 Apr 2014 22:09:00 +0000 (01:09 +0300)]
utils/smackaccess: added missing include libgen.h
libgen.h must be included for basename()
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Jarkko Sakkinen [Mon, 14 Apr 2014 21:22:21 +0000 (00:22 +0300)]
Merge branch 'v1.0.x'
Jarkko Sakkinen [Mon, 14 Apr 2014 21:20:23 +0000 (00:20 +0300)]
utils/chsmack: added missing include libgen.h
libgen.h must be included for basename()
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Rafal Krypa [Fri, 11 Apr 2014 15:32:46 +0000 (17:32 +0200)]
packaging: update version information
Version 1.0.4 has been merged previously, but spec was left with 1.0.3.1.
Change-Id: I8b722f7d11c285be5748f00fbdc15d1ea74babff
jsakkine [Sun, 30 Mar 2014 16:17:32 +0000 (19:17 +0300)]
Merge pull request #105 from jobol/issue105
libsmack: `verify_smackfs_mnt` wrongly expects smackfs to be writable
José Bollo [Thu, 27 Mar 2014 14:47:02 +0000 (15:47 +0100)]
libsmack: Removes checking smackfs isn't read only
Assuming that smack is available only if the filesystem
smackfs is mounted without being set to read-only have
negative side effects on tools like 'id', 'ls', 'ps'.
In effect, these tools are using libsmack to detect
availability of Smack and to tune their output to
print contexts.
This fixes smack-team/smack#105
Signed-off-by: José Bollo <jose.bollo@open.eurogiciel.org>
Rafal Krypa [Mon, 17 Mar 2014 16:09:31 +0000 (17:09 +0100)]
libsmack: fix smack_have_access() (regression in
d7319c71)
Commit
d7319c71 introduced an internal function for opening smackfs files,
when there is a long and short label version. The new function always
opens the file write only, but smack_have access() requires O_RDWR.
The internal function is now extended to take argument with file access
mode.
Change-Id: Ibf3d55cbcbbf746f95660d2f630ef0bfe719026c
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Jarkko Sakkinen [Tue, 18 Mar 2014 06:49:28 +0000 (08:49 +0200)]
Merge branch 'v1.0.x'
Rafal Krypa [Mon, 17 Mar 2014 16:09:31 +0000 (17:09 +0100)]
libsmack: fix smack_have_access() (regression in
d7319c71)
Commit
d7319c71 introduced an internal function for opening smackfs files,
when there is a long and short label version. The new function always
opens the file write only, but smack_have access() requires O_RDWR.
The internal function is now extended to take argument with file access
mode.
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Thu, 13 Mar 2014 17:40:44 +0000 (18:40 +0100)]
libsmack: add function for policy loading at system startup
New function smack_load_policy() is intended to be used by systemd for
policy loading at system startup. It reuses existing code from
utils/common.c, now moved to libsmack/common.c.
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Jarkko Sakkinen [Thu, 13 Mar 2014 13:44:42 +0000 (15:44 +0200)]
Merge branch 'upstream' into tizen
Conflicts:
libsmack/libsmack.c
Rafal Krypa [Thu, 20 Feb 2014 14:04:57 +0000 (15:04 +0100)]
libsmack: add functions for setting and removing labels on files
Jóse Bollo implemented two functions as part of this various
improvements for the chsmack command-line utility:
- smack_set_label_for_path() (see f1dfd85)
- smack_remove_label_for_path() (see 5da1a22)
Since they are generally useful, they should be part of the
API in libsmack 1.1.
This patch migrates these functions to libsmack and exports
the symbols. Also, the chsmack is modified to use the new API
instead of the internal functions.
[jsakkine: rewrote the patch description]
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Jarkko Sakkinen [Thu, 20 Feb 2014 11:35:38 +0000 (13:35 +0200)]
Merge branch 'v1.0.x'
Conflicts:
configure.ac
libsmack/Makefile.am
libsmack/libsmack.c
Jarkko Sakkinen [Thu, 20 Feb 2014 11:31:28 +0000 (13:31 +0200)]
Changed library version to 1.0.4
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Jarkko Sakkinen [Thu, 20 Feb 2014 11:27:18 +0000 (13:27 +0200)]
Merge remote-tracking branch 'rafal-krypa/issue51' into v1.0.x
Jarkko Sakkinen [Thu, 20 Feb 2014 11:27:06 +0000 (13:27 +0200)]
Merge remote-tracking branch 'jobol/issue94' into v1.0.x
projects / platform / upstream / smack.git / log