{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":21831766,"defaultBranch":"rawhide","name":"selinux","ownerLogin":"fedora-selinux","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2014-07-14T19:03:50.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/8161548?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1699916993.0","currentOid":""},"activityList":{"items":[{"before":"bd6a803553a82238a9f618d1bb22f288682f8195","after":"d045edd5298a75284ce1cc289d039cce8b7a24ae","ref":"refs/heads/rawhide","pushedAt":"2024-09-10T17:20:27.000Z","pushType":"push","commitsCount":7,"pusher":{"login":"vmojzis","name":null,"path":"/vmojzis","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/13166921?s=80&v=4"},"commit":{"message":"libsepol/cil: Check that sym_index is within bounds\n\nMake sure sym_index is within the bounds of symtab array before using it\nto index the array.\n\nFixes:\n  Error: OVERRUN (CWE-119):\n  libsepol-3.6/cil/src/cil_resolve_ast.c:3157: assignment: Assigning: \"sym_index\" = \"CIL_SYM_UNKNOWN\".\n  libsepol-3.6/cil/src/cil_resolve_ast.c:3189: overrun-call: Overrunning callee's array of size 19 by passing argument \"sym_index\" (which evaluates to 20) in call to \"cil_resolve_name\".\n  \\# 3187|                   switch (curr->flavor) {\n  \\# 3188|                   case CIL_STRING:\n  \\# 3189|->                         rc = cil_resolve_name(parent, curr->data, sym_index, db, &res_datum);\n  \\# 3190|                           if (rc != SEPOL_OK) {\n  \\# 3191|                                   goto exit;\n\nSigned-off-by: Vit Mojzis <vmojzis@redhat.com>\nAcked-by: James Carter <jwcart2@gmail.com>","shortMessageHtmlLink":"libsepol/cil: Check that sym_index is within bounds"}},{"before":"be02ae5d861e4a80bb80f9b1a659315efb5b2aab","after":"69350fc74302f2a75e9ee056d4c7906846a4a38f","ref":"refs/heads/c9s","pushedAt":"2024-08-20T13:48:30.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"vmojzis","name":null,"path":"/vmojzis","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/13166921?s=80&v=4"},"commit":{"message":"libsemanage: Preserve file context and ownership in policy store\n\nMake sure that file context (all parts) and ownership of\nfiles/directories in policy store does not change no matter which user\nand under which context executes policy rebuild.\n\nFixes:\n  # semodule -B\n  # ls -lZ  /etc/selinux/targeted/contexts/files\n\n-rw-r--r--. 1 root root unconfined_u:object_r:file_context_t:s0 421397 Jul 11 09:57 file_contexts\n-rw-r--r--. 1 root root unconfined_u:object_r:file_context_t:s0 593470 Jul 11 09:57 file_contexts.bin\n-rw-r--r--. 1 root root unconfined_u:object_r:file_context_t:s0  14704 Jul 11 09:57 file_contexts.homedirs\n-rw-r--r--. 1 root root unconfined_u:object_r:file_context_t:s0  20289 Jul 11 09:57 file_contexts.homedirs.bin\n\n  SELinux user changed from system_u to the user used to execute semodule\n\n  # capsh --user=testuser --caps=\"cap_dac_override,cap_chown+eip\" --addamb=cap_dac_override,cap_chown -- -c \"semodule -B\"\n  # ls -lZ  /etc/selinux/targeted/contexts/files\n\n-rw-r--r--. 1 testuser testuser unconfined_u:object_r:file_context_t:s0 421397 Jul 19 09:10 file_contexts\n-rw-r--r--. 1 testuser testuser unconfined_u:object_r:file_context_t:s0 593470 Jul 19 09:10 file_contexts.bin\n-rw-r--r--. 1 testuser testuser unconfined_u:object_r:file_context_t:s0  14704 Jul 19 09:10 file_contexts.homedirs\n-rw-r--r--. 1 testuser testuser unconfined_u:object_r:file_context_t:s0  20289 Jul 19 09:10 file_contexts.homedirs.bin\n\n  Both file context and ownership changed -- causes remote login\n  failures and other issues in some scenarios.\n\nSigned-off-by: Vit Mojzis <vmojzis@redhat.com>\nAcked-by: Stephen Smalley <stephen.smalley.work@gmail.com>","shortMessageHtmlLink":"libsemanage: Preserve file context and ownership in policy store"}},{"before":"cb1b3bdca016edaa90e92b49d51544f8a38cba19","after":"bd6a803553a82238a9f618d1bb22f288682f8195","ref":"refs/heads/rawhide","pushedAt":"2024-08-20T08:57:27.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"bachradsusi","name":"Petr Lautrbach","path":"/bachradsusi","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8234493?s=80&v=4"},"commit":{"message":"libselinux: set free'd data to NULL\n\nFixes segfault in selabel_open() on systems with SELinux disabled and without any\nSELinux policy installed introduced by commit 5876aca0484f (\"libselinux: free\ndata on selabel open failure\"):\n\n    $ sestatus\n    SELinux status:                 disabled\n\n    $ cat /etc/selinux/config\n    cat: /etc/selinux/config: No such file or directory\n\n    $ matchpathcon /abc\n    [1]    907999 segmentation fault (core dumped)  matchpathcon /abc\n\nSigned-off-by: Petr Lautrbach <lautrbach@redhat.com>","shortMessageHtmlLink":"libselinux: set free'd data to NULL"}},{"before":"d2ccfadb79251ee70b73fafb9350f6129573ba9e","after":"be02ae5d861e4a80bb80f9b1a659315efb5b2aab","ref":"refs/heads/c9s","pushedAt":"2024-08-15T14:40:41.000Z","pushType":"push","commitsCount":3,"pusher":{"login":"bachradsusi","name":"Petr Lautrbach","path":"/bachradsusi","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8234493?s=80&v=4"},"commit":{"message":"fixfiles: drop unnecessary \\ line endings\n\nSee https://github.com/koalaman/shellcheck/issues/2769\n\nFixes:\n    $ shellcheck -S error fixfiles\n\n    In fixfiles line 189:\n            # These two sorts need to be separate commands \\\n                                                            ^-- SC1143 (error): This backslash is part of a comment and does not continue the line.\n\n    For more information:\n      https://www.shellcheck.net/wiki/SC1143 -- This backslash is part of a comme...\n\nSigned-off-by: Petr Lautrbach <lautrbach@redhat.com>\nAcked-by: James Carter <jwcart2@gmail.com>","shortMessageHtmlLink":"fixfiles: drop unnecessary \\ line endings"}},{"before":"73cdf35fce6ffbbaff7a912d26d0f1818f20599b","after":"cb1b3bdca016edaa90e92b49d51544f8a38cba19","ref":"refs/heads/rawhide","pushedAt":"2024-06-27T14:16:04.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"bachradsusi","name":"Petr Lautrbach","path":"/bachradsusi","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8234493?s=80&v=4"},"commit":{"message":"python/sepolicy: Fix spec file dependencies\n\nsemanage is part of policycoreutils-python-utils package, selinuxenabled\nis part of libselinux-utils (required by ^^^) and restorecon/load_policy\nare part of policycoreutils (also required by policycoreutils-python-utils).\n\nSigned-off-by: Vit Mojzis <vmojzis@redhat.com>","shortMessageHtmlLink":"python/sepolicy: Fix spec file dependencies"}},{"before":"d2c1492a7ab437362958c09d44b73c2e0f18c319","after":"d2ccfadb79251ee70b73fafb9350f6129573ba9e","ref":"refs/heads/c9s","pushedAt":"2024-01-18T14:57:27.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"bachradsusi","name":"Petr Lautrbach","path":"/bachradsusi","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8234493?s=80&v=4"},"commit":{"message":"Revert \"checkpolicy: Remove the Russian translations\"\n\nThis reverts commit b7e39e509b4fd3427adfd4c11e610609fa4f0911.","shortMessageHtmlLink":"Revert \"checkpolicy: Remove the Russian translations\""}},{"before":"4417766f66fb5a1d41503c2d1f0008823ae11269","after":"73cdf35fce6ffbbaff7a912d26d0f1818f20599b","ref":"refs/heads/rawhide","pushedAt":"2024-01-18T10:53:25.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"bachradsusi","name":"Petr Lautrbach","path":"/bachradsusi","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8234493?s=80&v=4"},"commit":{"message":"python/sepolicy: Fix spec file dependencies\n\nsemanage is part of policycoreutils-python-utils package, selinuxenabled\nis part of libselinux-utils (required by ^^^) and restorecon/load_policy\nare part of policycoreutils (also required by policycoreutils-python-utils).\n\nSigned-off-by: Vit Mojzis <vmojzis@redhat.com>","shortMessageHtmlLink":"python/sepolicy: Fix spec file dependencies"}},{"before":"d925b00da35384331df9bf31935398c37117f895","after":"4417766f66fb5a1d41503c2d1f0008823ae11269","ref":"refs/heads/rawhide","pushedAt":"2023-11-20T16:04:10.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"bachradsusi","name":"Petr Lautrbach","path":"/bachradsusi","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8234493?s=80&v=4"},"commit":{"message":"sepolicy: port to dnf4 python API\n\nyum module is not available since RHEL 7.\n\nDrop -systemd related code as it's obsoleted these days - only 2\npackages ship their .service in -systemd subpackage\n\nSigned-off-by: Petr Lautrbach <lautrbach@redhat.com>","shortMessageHtmlLink":"sepolicy: port to dnf4 python API"}},{"before":"a478ebe9cf47557862788086c624f6671215fe27","after":"d2c1492a7ab437362958c09d44b73c2e0f18c319","ref":"refs/heads/c9s","pushedAt":"2023-11-13T23:09:53.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"bachradsusi","name":"Petr Lautrbach","path":"/bachradsusi","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8234493?s=80&v=4"},"commit":{"message":"Revert \"checkpolicy: Remove the Russian translations\"\n\nThis reverts commit b7e39e509b4fd3427adfd4c11e610609fa4f0911.","shortMessageHtmlLink":"Revert \"checkpolicy: Remove the Russian translations\""}},{"before":"7f00d6b53f73ee501fa4c6e48f85e641841efcc1","after":"d925b00da35384331df9bf31935398c37117f895","ref":"refs/heads/rawhide","pushedAt":"2023-09-05T14:43:13.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"bachradsusi","name":"Petr Lautrbach","path":"/bachradsusi","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8234493?s=80&v=4"},"commit":{"message":"sepolicy: port to dnf4 python API\n\nyum module is not available since RHEL 7.\n\nDrop -systemd related code as it's obsoleted these days - only 2\npackages ship their .service in -systemd subpackage\n\nSigned-off-by: Petr Lautrbach <lautrbach@redhat.com>","shortMessageHtmlLink":"sepolicy: port to dnf4 python API"}},{"before":"22312b1bd9e754a7362ae3d72e5ae7816d31a587","after":"a478ebe9cf47557862788086c624f6671215fe27","ref":"refs/heads/c9s","pushedAt":"2023-06-30T13:22:06.000Z","pushType":"push","commitsCount":15,"pusher":{"login":"bachradsusi","name":"Petr Lautrbach","path":"/bachradsusi","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8234493?s=80&v=4"},"commit":{"message":"python: update python.pot\n\nSigned-off-by: Petr Lautrbach <lautrbach@redhat.com>","shortMessageHtmlLink":"python: update python.pot"}},{"before":"f6cba3b763bd4968287a814532a85109547a93b5","after":"7f00d6b53f73ee501fa4c6e48f85e641841efcc1","ref":"refs/heads/rawhide","pushedAt":"2023-06-26T12:06:23.000Z","pushType":"push","commitsCount":4,"pusher":{"login":"bachradsusi","name":"Petr Lautrbach","path":"/bachradsusi","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8234493?s=80&v=4"},"commit":{"message":"python: update python.pot\n\nSigned-off-by: Petr Lautrbach <lautrbach@redhat.com>","shortMessageHtmlLink":"python: update python.pot"}},{"before":"3a9bb0000dd9386b80ec54ecb64a99dd07b2f93a","after":"f6cba3b763bd4968287a814532a85109547a93b5","ref":"refs/heads/f38","pushedAt":"2023-06-23T13:43:57.000Z","pushType":"push","commitsCount":12,"pusher":{"login":"vmojzis","name":null,"path":"/vmojzis","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/13166921?s=80&v=4"},"commit":{"message":"python/sepolicy: Fix spec file dependencies\n\nsemanage is part of policycoreutils-python-utils package, selinuxenabled\nis part of libselinux-utils (required by ^^^) and restorecon/load_policy\nare part of policycoreutils (also required by policycoreutils-python-utils).\n\nSigned-off-by: Vit Mojzis <vmojzis@redhat.com>","shortMessageHtmlLink":"python/sepolicy: Fix spec file dependencies"}},{"before":"a6b472835502d5fc9fc263db07de69527943ac91","after":"f6cba3b763bd4968287a814532a85109547a93b5","ref":"refs/heads/rawhide","pushedAt":"2023-06-22T06:55:19.752Z","pushType":"pr_merge","commitsCount":11,"pusher":{"login":"bachradsusi","name":"Petr Lautrbach","path":"/bachradsusi","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8234493?s=80&v=4"},"commit":{"message":"python/sepolicy: Fix spec file dependencies\n\nsemanage is part of policycoreutils-python-utils package, selinuxenabled\nis part of libselinux-utils (required by ^^^) and restorecon/load_policy\nare part of policycoreutils (also required by policycoreutils-python-utils).\n\nSigned-off-by: Vit Mojzis <vmojzis@redhat.com>","shortMessageHtmlLink":"python/sepolicy: Fix spec file dependencies"}},{"before":"3a9bb0000dd9386b80ec54ecb64a99dd07b2f93a","after":"a6b472835502d5fc9fc263db07de69527943ac91","ref":"refs/heads/rawhide","pushedAt":"2023-03-24T15:36:37.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"bachradsusi","name":"Petr Lautrbach","path":"/bachradsusi","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8234493?s=80&v=4"},"commit":{"message":"libsemanage: include more parameters in the module checksum\n\nThe check_ext_changes option currently assumes that as long as the\nmodule content is unchanged, it is safe to assume that the policy.linked\nfile doesn't need to be rebuilt. However, there are some additional\nparameters that can affect the content of this policy file, namely:\n* the disable_dontaudit and preserve_tunables flags\n* the target_platform and policyvers configuration values\n\nInclude these in the checksum so that the option works correctly when\nonly some of these input values are changed versus the current state.\n\nFixes: 286a679fadc4 (\"libsemanage: optionally rebuild policy when modules are changed externally\")\nAcked-by: Stephen Smalley <stephen.smalley.work@gmail.com>\nSigned-off-by: Ondrej Mosnacek <omosnace@redhat.com>","shortMessageHtmlLink":"libsemanage: include more parameters in the module checksum"}},{"before":"c9cbd0c2b22f6579ac5f1ee30b84e6b3d7bf5b5d","after":"22312b1bd9e754a7362ae3d72e5ae7816d31a587","ref":"refs/heads/c9s","pushedAt":"2023-03-24T11:43:46.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"bachradsusi","name":"Petr Lautrbach","path":"/bachradsusi","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8234493?s=80&v=4"},"commit":{"message":"libsemanage: include more parameters in the module checksum\n\nThe check_ext_changes option currently assumes that as long as the\nmodule content is unchanged, it is safe to assume that the policy.linked\nfile doesn't need to be rebuilt. However, there are some additional\nparameters that can affect the content of this policy file, namely:\n* the disable_dontaudit and preserve_tunables flags\n* the target_platform and policyvers configuration values\n\nInclude these in the checksum so that the option works correctly when\nonly some of these input values are changed versus the current state.\n\nFixes: 286a679fadc4 (\"libsemanage: optionally rebuild policy when modules are changed externally\")\nAcked-by: Stephen Smalley <stephen.smalley.work@gmail.com>\nSigned-off-by: Ondrej Mosnacek <omosnace@redhat.com>","shortMessageHtmlLink":"libsemanage: include more parameters in the module checksum"}}],"hasNextPage":false,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"Y3Vyc29yOnYyOpK7MjAyNC0wOS0xMFQxNzoyMDoyNy4wMDAwMDBazwAAAASyVuMR","startCursor":"Y3Vyc29yOnYyOpK7MjAyNC0wOS0xMFQxNzoyMDoyNy4wMDAwMDBazwAAAASyVuMR","endCursor":"Y3Vyc29yOnYyOpK7MjAyMy0wMy0yNFQxMTo0Mzo0Ni4wMDAwMDBazwAAAAMKev2G"}},"title":"Activity · fedora-selinux/selinux"}