{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":251572250,"defaultBranch":"main","name":"selinux","ownerLogin":"sailfishos-mirror","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2020-03-31T10:36:08.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/62875150?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1702491403.0","currentOid":""},"activityList":{"items":[{"before":"39b3cc51350a4ba670f9f38493311ec316e4d84d","after":"e81a05a5050354261049cc7b5987372e763fc5f4","ref":"refs/heads/main","pushedAt":"2024-04-04T18:17:27.000Z","pushType":"push","commitsCount":10,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"libsepol: constify function pointer arrays\n\nThe function pointer arrays are never changed, declare them const.\n\nSigned-off-by: Christian Göttsche \nAcked-by: James Carter ","shortMessageHtmlLink":"libsepol: constify function pointer arrays"}},{"before":"5937e9bd26acc13103df38651683d0389bca6ecb","after":"39b3cc51350a4ba670f9f38493311ec316e4d84d","ref":"refs/heads/main","pushedAt":"2024-03-28T00:17:14.000Z","pushType":"push","commitsCount":3,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"checkpolicy: handle unprintable token\n\nIn case the erroneous token is unprintable, e.g. a control character,\nprint its hex value instead.\n\nSigned-off-by: Christian Göttsche \nAcked-by: James Carter ","shortMessageHtmlLink":"checkpolicy: handle unprintable token"}},{"before":"8c9d2d656b35e913f33f723aaaf90cc4ee71a335","after":"5937e9bd26acc13103df38651683d0389bca6ecb","ref":"refs/heads/main","pushedAt":"2024-03-21T00:18:43.000Z","pushType":"push","commitsCount":14,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"audit2allow: CIL output mode\n\nNew flag -C for audit2allow sets output format to CIL instead of\nPolicy Language.\n\nExample:\n;============= mozilla_t ==============\n\n;!!!! This avc is allowed in the current policy\n(allow mozilla_t user_sudo_t (fd (use)))\n\n;============= user_t ==============\n\n;!!!! This avc can be allowed using the boolean 'allow_execmem'\n(allow user_t self (process (execmem)))\n(allow user_t chromium_t (process (noatsecure rlimitinh siginh)))\n\n;!!!! This avc is a constraint violation. You would need to modify the attributes of either the source or target types to allow this access.\n;Constraint rule:\n; constrain dir { ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir } ((u1 == u2 -Fail-) or (u1 == system_u -Fail-) or (u1 == unconfined_u -Fail-) or (u1 == sysadm_u -Fail-) or (u2 == system_u -Fail-) or (t1 != ubac_constrained_type -Fail-) or (t2 != ubac_constrained_type -Fail-) or (t1 == ubacfile -Fail-) ); Constraint DENIED\n\n; Possible cause is the source user (user_u) and target user (sysadm_u) are different.\n(allow user_t user_home_dir_t (dir (getattr relabelto)))\n\nSigned-off-by: Topi Miettinen \nAcked-by: James Carter ","shortMessageHtmlLink":"audit2allow: CIL output mode"}},{"before":"fe16f586d5e1da78e4374fdd5ff938524dd792d0","after":"8c9d2d656b35e913f33f723aaaf90cc4ee71a335","ref":"refs/heads/main","pushedAt":"2024-03-07T18:16:24.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"checkpolicy/fuzz: Update check_level() to use notdefined field\n\nCommit fe16f586 (Fix potential double free of mls_level_t) renamed\nthe \"defined\" field to \"notdefined\", but did not update this use of\nit.\n\nUse the new field \"notdefined\" for the check.\n\nSigned-off-by: James Carter ","shortMessageHtmlLink":"checkpolicy/fuzz: Update check_level() to use notdefined field"}},{"before":"82195e77e317d322dd9b5fc31d402462d6845357","after":"fe16f586d5e1da78e4374fdd5ff938524dd792d0","ref":"refs/heads/main","pushedAt":"2024-03-05T00:17:09.000Z","pushType":"push","commitsCount":20,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"checkpolicy, libsepol: Fix potential double free of mls_level_t\n\nIn checkpolicy, a sensitivity that has one or more aliases will\ntemporarily share the mls_level_t structure with its aliases until\na level statement is processed for the sensitivity (or one of the\naliases) and the aliases are updated to have their own mls_level_t\nstructure. If the policydb is destroyed while they are sharing the\nmls_level_t structure, then a double free of the shared mls_level_t\nwill occur. This does not currently occur only because checkpolicy\ndoes very little clean-up before exiting.\n\nThe \"defined\" field of the level_datum_t is set after a level\nstatement is processed for a sensitivity and its aliases. This means\nthat we know an alias has its own mls_level_t if the \"defined\" field\nis set. The double free can be avoided by not destroying the\nmls_leve_t structure for an alias unless the \"defined\" field is set.\n\nSince the \"defined\" field is only set to false while the mls_level_t\nstructure is being shared, it would be clearer to rename the field\nas \"notdefined\". It would only be set during the time the sensitivity\nand its aliases are sharing the mls_level_t structure. Outside of\ncheckpolicy, the \"notdefined\" field will always be set to 0.\n\nAlso, do more validation of the level_datum_t when validating the\npolicydb.\n\nSigned-off-by: James Carter ","shortMessageHtmlLink":"checkpolicy, libsepol: Fix potential double free of mls_level_t"}},{"before":"97fa708d867ecb26e8d1c766760947f8e3b9e59a","after":"82195e77e317d322dd9b5fc31d402462d6845357","ref":"refs/heads/main","pushedAt":"2024-01-26T00:17:19.000Z","pushType":"push","commitsCount":18,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"libselinux: use reentrant strtok_r(3)\n\nUse the reentrant version strtok_r(3) instead of strtok(3) to avoid\npotential data races with concurrent threads.\n\nSigned-off-by: Christian Göttsche \nAcked-by: James Carter ","shortMessageHtmlLink":"libselinux: use reentrant strtok_r(3)"}},{"before":"5939fb960ba45294ee419a73919690652767f7c0","after":"97fa708d867ecb26e8d1c766760947f8e3b9e59a","ref":"refs/heads/main","pushedAt":"2023-12-13T18:16:19.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"Update VERSIONs to 3.6 for release.\n\nSigned-off-by: Petr Lautrbach ","shortMessageHtmlLink":"Update VERSIONs to 3.6 for release."}},{"before":"89dd980c1e9a800f104c1db2b4c9e77be532ca35","after":"5939fb960ba45294ee419a73919690652767f7c0","ref":"refs/heads/main","pushedAt":"2023-12-12T18:16:21.000Z","pushType":"push","commitsCount":10,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"libselinux: state setexecfilecon(3) sets errno on failure\n\nThe other functions (getexeccon(3) and setexeccon(3)) from the man page\nalso set errno on failure similar to the getcon(3) function family.\n\nSigned-off-by: Christian Göttsche \nAcked-by: James Carter ","shortMessageHtmlLink":"libselinux: state setexecfilecon(3) sets errno on failure"}},{"before":"0f5a8dd3ac8226264dc01df6bd0eca8ae7443db6","after":"89dd980c1e9a800f104c1db2b4c9e77be532ca35","ref":"refs/heads/main","pushedAt":"2023-12-07T00:18:37.000Z","pushType":"push","commitsCount":10,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"Add CPPFLAGS to Makefiles\n\nThis patch adds CPPFLAGS to all of the Makefiles as suggested.\n\nSigned-off-by: Cameron Williams \nAcked-by: James Carter ","shortMessageHtmlLink":"Add CPPFLAGS to Makefiles"}},{"before":"fdb536f38de2a891a49fd015ccbf46a08f6c680c","after":"0f5a8dd3ac8226264dc01df6bd0eca8ae7443db6","ref":"refs/heads/main","pushedAt":"2023-11-22T18:21:36.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"Update VERSIONs to 3.6-rc2 for release.\n\nSigned-off-by: Petr Lautrbach ","shortMessageHtmlLink":"Update VERSIONs to 3.6-rc2 for release."}},{"before":"4f6a3abc4f681f7b8e360ace77eb29554d446cca","after":"fdb536f38de2a891a49fd015ccbf46a08f6c680c","ref":"refs/heads/main","pushedAt":"2023-11-21T18:16:28.000Z","pushType":"push","commitsCount":19,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"libsepol: avoid fixed sized format buffer for xperms\n\nAn extended access vector rule can consist of many individual ranges of\npermissions. Use a dynamically growing sized buffer for formatting such\nrules instead of a static buffer to avoid write failures due to\ntruncations.\n\nSigned-off-by: Christian Göttsche \nAcked-by: James Carter ","shortMessageHtmlLink":"libsepol: avoid fixed sized format buffer for xperms"}},{"before":"1aaf59434652b67e0ffadc9c796912ac7af8d05d","after":"4f6a3abc4f681f7b8e360ace77eb29554d446cca","ref":"refs/heads/main","pushedAt":"2023-11-16T18:16:22.000Z","pushType":"push","commitsCount":19,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"libsepol: validate common classes have at least one permissions\n\nThe traditional language and CIL permit common classes only to be\ndefined with at least one permission. Thus writing a common class\nwithout one will fail.\n\nReported-by: oss-fuzz (issue 64059)\nSigned-off-by: Christian Göttsche \nAcked-by: James Carter ","shortMessageHtmlLink":"libsepol: validate common classes have at least one permissions"}},{"before":"489197c419dad9994ed57dc06097c8e9103c7a09","after":"1aaf59434652b67e0ffadc9c796912ac7af8d05d","ref":"refs/heads/main","pushedAt":"2023-11-08T18:17:45.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"Update VERSIONs to 3.6-rc1 for release.\n\nSigned-off-by: Petr Lautrbach ","shortMessageHtmlLink":"Update VERSIONs to 3.6-rc1 for release."}},{"before":"6df403d5976d234f9f971fdd26d12c9de4fc98bd","after":"489197c419dad9994ed57dc06097c8e9103c7a09","ref":"refs/heads/main","pushedAt":"2023-11-08T00:16:12.000Z","pushType":"push","commitsCount":14,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"Update translations\n\nSource: https://translate.fedoraproject.org/projects/selinux/\n\nSigned-off-by: Petr Lautrbach \nAcked-by: James Carter ","shortMessageHtmlLink":"Update translations"}},{"before":"e60939110598e1a143998daf80b8e9161c156586","after":"6df403d5976d234f9f971fdd26d12c9de4fc98bd","ref":"refs/heads/main","pushedAt":"2023-10-12T18:16:08.000Z","pushType":"push","commitsCount":21,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"libselinux: set errno on label lookup failure\n\nselabel_lookup(3) is expected to set errno on lookup failure, i.e. when\nit returns NULL. Set errno if a regular expression failed to compile in\ncompile_regex().\n\nSigned-off-by: Christian Göttsche \nAcked-by: James Carter ","shortMessageHtmlLink":"libselinux: set errno on label lookup failure"}},{"before":"f6dc6acfa00707ce25c6357169111937f12512dd","after":"e60939110598e1a143998daf80b8e9161c156586","ref":"refs/heads/main","pushedAt":"2023-08-16T18:41:16.000Z","pushType":"push","commitsCount":33,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"checkpolicy: Remove support for role dominance rules\n\nRole dominance has been deprecated for a very, very long time (since\nat least August 2008) and has never been used in any widely deployed\npolicy.\n\nRemove support for compiling role dominance rules.\n\nSupport will remain, for now, in libsepol for backwards compatibility.\n\nSigned-off-by: James Carter \nAcked-by: Petr Lautrbach ","shortMessageHtmlLink":"checkpolicy: Remove support for role dominance rules"}},{"before":"1c19dc4f6408884d9a1256bd9496a1f1c4f288e9","after":"f6dc6acfa00707ce25c6357169111937f12512dd","ref":"refs/heads/main","pushedAt":"2023-08-08T12:25:42.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"python: Use isinstance() instead of type()\n\nCI testing fails while running flake8 on python scripts with the\nmessage \"./python/semanage/seobject.py:250:16: E721 do not compare\ntypes, for exact checks use `is` / `is not`, for instance checks use\n`isinstance()`\"\n\nUse \"isinstance(args, str)\" instead of \"type(args) == str\"\n\nSigned-off-by: James Carter ","shortMessageHtmlLink":"python: Use isinstance() instead of type()"}},{"before":"8963492b5db701e5312b541abea3aced8cedf2d5","after":"1c19dc4f6408884d9a1256bd9496a1f1c4f288e9","ref":"refs/heads/main","pushedAt":"2023-08-07T18:24:01.000Z","pushType":"push","commitsCount":4,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"libsepol: expand: check for memory allocation failure\n\nSigned-off-by: Christian Göttsche \nAcked-by: James Carter ","shortMessageHtmlLink":"libsepol: expand: check for memory allocation failure"}},{"before":"1d2073557d7199a5cc3ecce9c0cba6cb45a3e726","after":"8963492b5db701e5312b541abea3aced8cedf2d5","ref":"refs/heads/main","pushedAt":"2023-08-05T00:37:28.000Z","pushType":"push","commitsCount":20,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"checkpolicy,libselinux,libsepol,policycoreutils,semodule-utils: update my email\n\nUpdate my email address.\n\nSigned-off-by: Stephen Smalley \nAcked-by: James Carter ","shortMessageHtmlLink":"checkpolicy,libselinux,libsepol,policycoreutils,semodule-utils: updat…"}},{"before":"1a29c28afbb96b1e47001dc3dde38c4b6bd9da22","after":"1d2073557d7199a5cc3ecce9c0cba6cb45a3e726","ref":"refs/heads/main","pushedAt":"2023-07-12T18:24:32.000Z","pushType":"push","commitsCount":15,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"libsepol/fuzz: more strict fuzzing of binary policies\n\nValidate policy after optimizing.\n\nRun policy assertion check, ignoring any assertions.\n\nAbort on failures writing the parsed policy, as writing should not fail on\nvalidated policies.\n\nSet close-on-exec flag in case of any sibling thread.\n\nSigned-off-by: Christian Göttsche \nAcked-by: James Carter ","shortMessageHtmlLink":"libsepol/fuzz: more strict fuzzing of binary policies"}},{"before":"b3788b9ce901d8558d31669cf5b72a250b6f3f32","after":"1a29c28afbb96b1e47001dc3dde38c4b6bd9da22","ref":"refs/heads/main","pushedAt":"2023-06-30T18:25:45.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"python/sepolicy: Fix get_os_version except clause\n\nThis adds more exceptions to be handled by the except clause in\n`get_os_version()`:\n\n* If the `distro` package is not installed, then `import distro` raises\n a `ModuleNotFoundError` exception.\n\n* The distro documentation[1] lists `OSError` and `UnicodeError` as\n exceptions that can be raised.\n\n* Older versions of distro (<= 1.6.0) may also raise\n `subprocessCalledProcessError`[2].\n\n[1]: https://github.com/python-distro/distro/blob/v1.8.0/src/distro/distro.py#L749-L753\n[2]: https://github.com/python-distro/distro/blob/v1.6.0/distro.py#L726-L728\n\nSigned-off-by: Jeffery To \nAcked-by: Petr Lautrbach ","shortMessageHtmlLink":"python/sepolicy: Fix get_os_version except clause"}},{"before":"48306c4ef34b4e13c91fd27b4a84ce03b9f9583b","after":"b3788b9ce901d8558d31669cf5b72a250b6f3f32","ref":"refs/heads/main","pushedAt":"2023-06-30T12:24:23.000Z","pushType":"push","commitsCount":6,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"dismod, dispol: reduce the messages in batch mode\n\nA change in v2:\n* pass `verbose' to sepol_module_package_read().\n\nSigned-off-by: Masatake YAMATO ","shortMessageHtmlLink":"dismod, dispol: reduce the messages in batch mode"}},{"before":"391cf1260049b5f9e55406d8b7a981037c40e9b2","after":"48306c4ef34b4e13c91fd27b4a84ce03b9f9583b","ref":"refs/heads/main","pushedAt":"2023-06-27T18:23:53.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"python/sepolicy: Add/remove user even when SELinux is disabled\n\nUse \"semanage user -a/-d\" in spec file generated by \"sepolicy generate\"\neven when SELinux is disabled. The command works properly when SELinux\nis disabled and with this change the user will be present once SELinux\nis re-enabled.\nAlso, do not execute the command when the package is updated, only when\nit is first installed.\n\nSigned-off-by: Vit Mojzis \nAcked-by: Petr Lautrbach ","shortMessageHtmlLink":"python/sepolicy: Add/remove user even when SELinux is disabled"}},{"before":"666a7dfdc8d4524d83c9ca176d001c9e1540b118","after":"391cf1260049b5f9e55406d8b7a981037c40e9b2","ref":"refs/heads/main","pushedAt":"2023-06-12T18:24:30.355Z","pushType":"push","commitsCount":1,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"python/sepolicy: Fix template for confined user policy modules\n\nThe following commit\nhttps://github.com/SELinuxProject/refpolicy/commit/330b0fc3331d3b836691464734c96f3da3044490\nchanged the userdom_base_user_template, which now requires a role\ncorresponding to the user being created to be defined outside of the\ntemplate.\nSimilar change was also done to fedora-selinux/selinux-policy\nhttps://github.com/fedora-selinux/selinux-policy/commit/e1e216b25df1bdb4eb7dbb8f73f32927ad6f3d1f\n\nAlthough I believe the template should define the role (just as it\ndefines the new user), that will require extensive changes to refpolicy.\nIn the meantime the role needs to be defined separately.\n\nFixes:\n # sepolicy generate --term_user -n newuser\n Created the following files:\n /root/a/test/newuser.te # Type Enforcement file\n /root/a/test/newuser.if # Interface file\n /root/a/test/newuser.fc # File Contexts file\n /root/a/test/newuser_selinux.spec # Spec file\n /root/a/test/newuser.sh # Setup Script\n\n # ./newuser.sh\n Building and Loading Policy\n + make -f /usr/share/selinux/devel/Makefile newuser.pp\n Compiling targeted newuser module\n Creating targeted newuser.pp policy package\n rm tmp/newuser.mod tmp/newuser.mod.fc\n + /usr/sbin/semodule -i newuser.pp\n Failed to resolve roleattributeset statement at /var/lib/selinux/targeted/tmp/modules/400/newuser/cil:8\n Failed to resolve AST\n /usr/sbin/semodule: Failed!\n\nSigned-off-by: Vit Mojzis \nAcked-by: Petr Lautrbach ","shortMessageHtmlLink":"python/sepolicy: Fix template for confined user policy modules"}},{"before":"30fe0f19629ba50c498dbd76491b5afa74ecbbab","after":"666a7dfdc8d4524d83c9ca176d001c9e1540b118","ref":"refs/heads/main","pushedAt":"2023-06-09T00:23:46.489Z","pushType":"push","commitsCount":14,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"dispol: add --actions option for non-interactive use\n\nExample session:\n\n $ ./dispol --help\n Usage:\n ./dismod [OPTIONS] binary_pol_file\n\n Options:\n -h, --help print this help message\n -a, --actions ACTIONS run non-interactively\n\n Actions:\n 1 display unconditional AVTAB\n 2 display conditional AVTAB (entirely)\n 3 display conditional AVTAB (only ENABLED rules)\n 4 display conditional AVTAB (only DISABLED rules)\n 5 display conditional bools\n 6 display conditional expressions\n 8 display role transitions\n c display policy capabilities\n b display booleans\n C display classes\n r display roles\n t display types\n a display type attributes\n p display the list of permissive types\n u display unknown handling setting\n F display filename_trans rules\n\n $ ./dispol --actions 1 /etc/selinux/targeted/policy/policy.33 | head\n Reading policy...\n libsepol.policydb_index_others: security: 8 users, 15 roles, 5408 types, 358 bools\n libsepol.policydb_index_others: security: 1 sens, 1024 cats\n libsepol.policydb_index_others: security: 134 classes, 86750 rules, 8818 cond rules\n binary policy file loaded\n\n allow abrt_dump_oops_t sssd_var_lib_t : sock_file { write getattr append open };\n type_transition authconfig_t entropyd_initrc_exec_t : process initrc_t;\n type_transition glusterd_t syslogd_initrc_exec_t : process initrc_t;xxxx\n\nSigned-off-by: Masatake YAMATO \nAcked-by: James Carter ","shortMessageHtmlLink":"dispol: add --actions option for non-interactive use"}},{"before":"820f019ed9e3b9a9e3e62ae378f99282990976a2","after":"30fe0f19629ba50c498dbd76491b5afa74ecbbab","ref":"refs/heads/main","pushedAt":"2023-06-06T00:23:49.197Z","pushType":"push","commitsCount":16,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"libsepol: replace log_err() by ERR()\n\nUse the libsepol internal wrapper ERR() with a NULL handler to emit\nerror messages. ERR() will besides adding a prefix of \"libsepol\" also\nwrite to stderr. One benefit is the option to suppress the messages via\nsepol_debug(), although marked deprecated, e.g. in fuzzers.\n\nSigned-off-by: Christian Göttsche \nAcked-by: James Carter ","shortMessageHtmlLink":"libsepol: replace log_err() by ERR()"}},{"before":null,"after":"820f019ed9e3b9a9e3e62ae378f99282990976a2","ref":"refs/heads/main","pushedAt":"2023-05-25T00:24:15.769Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"python/audit2allow: Remove unused \"debug\" option\n\nThe option is not referenced anywhere in the code and I couldn't figure\nout its purpose from the description.\n\nSigned-off-by: Vit Mojzis ","shortMessageHtmlLink":"python/audit2allow: Remove unused \"debug\" option"}},{"before":"c9b3cbb654ca1e834d47f52af9f170b9f38c857a","after":"820f019ed9e3b9a9e3e62ae378f99282990976a2","ref":"refs/heads/master","pushedAt":"2023-05-11T12:26:58.000Z","pushType":"push","commitsCount":4,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"python/audit2allow: Remove unused \"debug\" option\n\nThe option is not referenced anywhere in the code and I couldn't figure\nout its purpose from the description.\n\nSigned-off-by: Vit Mojzis ","shortMessageHtmlLink":"python/audit2allow: Remove unused \"debug\" option"}},{"before":"e9072e7d45f4559887d11b518099135cbe564163","after":"c9b3cbb654ca1e834d47f52af9f170b9f38c857a","ref":"refs/heads/master","pushedAt":"2023-05-03T18:25:04.000Z","pushType":"push","commitsCount":9,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"libselinux: set CFLAGS for pip installation\n\nExplicitly set CFLAGS for the pip install command, similar to calling\nsetup.py, to ignore known compiler warnings treated as errors, e.g.:\n\n selinuxswig_python_wrap.c:3593:19: error: 'sidget' is deprecated [-Werror,-Wdeprecated-declarations]\n result = (int)sidget(arg1);\n ^\n selinuxswig_python_wrap.c:15024:1: error: no previous prototype for function 'PyInit__selinux' [-Werror,-Wmissing-prototypes]\n SWIG_init(void) {\n ^\n\nSigned-off-by: Christian Göttsche \nAcked-by: Petr Lautrbach ","shortMessageHtmlLink":"libselinux: set CFLAGS for pip installation"}},{"before":"86b49aa7a319b465a3383b89743453708c45b96c","after":"e9072e7d45f4559887d11b518099135cbe564163","ref":"refs/heads/master","pushedAt":"2023-03-31T00:24:05.000Z","pushType":"push","commitsCount":4,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"libsepol/tests: add tests for minus self neverallow rules\n\nSigned-off-by: Christian Göttsche ","shortMessageHtmlLink":"libsepol/tests: add tests for minus self neverallow rules"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEKBuszAA","startCursor":null,"endCursor":null}},"title":"Activity · sailfishos-mirror/selinux"}