Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Bump selinux policy versionv1.27-1 | Nathan Straz | 2012-06-27 | 1 | -1/+1 |
| | |||||
* | Bump version for next release and update changelog | Nathan Straz | 2012-06-27 | 1 | -2/+10 |
| | |||||
* | Depend on policy.xml directly | Nathan Straz | 2012-06-27 | 1 | -1/+1 |
| | |||||
* | Update selinux policy for Fedora 17 | Nathan Straz | 2012-06-27 | 1 | -9/+21 |
| | |||||
* | Add script to detect and work around some selinux policy issues | Nathan Straz | 2012-06-27 | 2 | -1/+36 |
| | |||||
* | Spotted a missing free | Nathan Straz | 2012-04-19 | 1 | -0/+1 |
| | |||||
* | Pass hints into getaddrinfo | Nathan Straz | 2012-04-19 | 1 | -1/+1 |
| | | | | | Without the hints we could end up creating a non-stream socket which would cause qarsh to hang reading the packet in set_remote_user(). | ||||
* | Move error message and exit from signal handler. | Nathan Straz | 2012-02-20 | 1 | -2/+6 |
| | |||||
* | Check return of send_package and exit on error | Nathan Straz | 2012-02-20 | 1 | -1/+6 |
| | |||||
* | Fix exit code for connection failures. | Nathan Straz | 2012-01-26 | 1 | -1/+1 |
| | |||||
* | Don't limit instances of qarshd in xinetd | Nathan Straz | 2011-08-19 | 1 | -0/+1 |
| | |||||
* | Merge branch 'ipv6' of ssh://sts-a//home/msp/djansa/src/git/qarsh into ipv6 | Nathan Straz | 2010-09-30 | 9 | -97/+207 |
|\ | | | | | | | | | | | Conflicts: qarsh.c sockutil.c | ||||
| * | First crack at ipv6/ipv4 agnostic qarsh/qacp. | Dean Jansa | 2010-09-28 | 5 | -47/+125 |
| | | |||||
| * | Shouldn't need to restrict btimed to IPv4 now. | Dean Jansa | 2010-09-03 | 1 | -1/+0 |
| | | |||||
| * | update btime and hbeat libs to understand ipv6 as well as ipv4. | Dean Jansa | 2010-09-03 | 3 | -49/+83 |
| | | |||||
* | | Cache last used port in bind_any | Nathan Straz | 2010-09-29 | 1 | -0/+10 |
| | | | | | | | | This way we don't try to bind to ports we already checked | ||||
* | | Wait up to 30 second to establish a connection | Nathan Straz | 2010-09-28 | 1 | -1/+2 |
| | | | | | | | | | | | | The user specified time for holding a connection only. If the user uses too small a time, like if they are rebooting a node, the initial connection may fail. | ||||
* | | Fix requires for selinux-policy build | Nathan Straz | 2010-09-15 | 1 | -3/+3 |
| | | | | | | | | | | These files need to be instaled before %post so mark the requirements as such. | ||||
* | | Turn SELinux BuildRequires to Requires | Nathan Straz | 2010-09-03 | 1 | -1/+1 |
| | | | | | | | | | | We need these on the install system since we're building the SELinux policy at install time. | ||||
* | | Remove qarshd.pp from rpm file list | Nathan Straz | 2010-08-20 | 1 | -2/+1 |
|/ | |||||
* | Bump version for new releasev1.26-1 | Nathan Straz | 2010-08-20 | 1 | -1/+6 |
| | |||||
* | Remove pre-build selinux files | Nathan Straz | 2010-08-20 | 1 | -5/+1 |
| | | | | | These are not going to be used at all since the post-install rebuild puts it all in /etc/selinux/... | ||||
* | Don't build selinux-policy during build | Nathan Straz | 2010-08-20 | 1 | -4/+3 |
| | | | | | | The policy is dynamic so should be built on the system after install since we can't guarantee that the build chroot includes the latest selinux-policy package. | ||||
* | Remove use of policyhelp | Nathan Straz | 2010-08-20 | 1 | -7/+1 |
| | | | | The file is gone is recent RHEL6 trees | ||||
* | Allow all domains more rights to qarshd_t sockets | Nathan Straz | 2010-06-30 | 1 | -2/+4 |
| | | | | | | qarshd_t sockets end up as stdin, stdout, and stderr. Some programs will fstat them to determine what they are or change flags on the file descriptor, this is ok. | ||||
* | [selinux] Require make | Nathan Straz | 2010-06-17 | 1 | -1/+1 |
| | | | | Make is needed to rebuild the qarshd selinux policy. | ||||
* | Set child_pid to 0 after child returns | Nathan Straz | 2010-06-03 | 1 | -0/+1 |
| | | | | This is mostly for clarity while debugging qarshd. | ||||
* | Close file descriptors left open by parent process | Nathan Straz | 2010-04-28 | 1 | -0/+4 |
| | | | | | | Running things in parallel with pthreads in perl can lead to file descriptor leaks which may cause hangs in qarsh. | ||||
* | Only include lvm and logging parts of system policy | Nathan Straz | 2009-12-03 | 2 | -17/+11 |
| | | | | | There were a lot of bad things to include in the system layer. Exclude anything with "spec" in the name. | ||||
* | Add system interfaces to qarshd policy | Nathan Straz | 2009-11-30 | 2 | -1/+8 |
| | | | | | This allows qarshd to make any system interface transition. Tested against selinux-policy-3.6.32-41.fc12.noarch. | ||||
* | Fix warnings from rpmlint | Nathan Straz | 2009-11-24 | 1 | -10/+10 |
| | | | | | - Switch to tabs on all fields - Change to valid groups | ||||
* | Bump version for new releasev1.25-1 | Nathan Straz | 2009-11-20 | 1 | -2/+9 |
| | |||||
* | Update bad-interfaces for Fedora 12 | Nathan Straz | 2009-11-20 | 1 | -17/+11 |
| | |||||
* | Pull in all services and apps interfaces | Nathan Straz | 2009-11-19 | 4 | -21/+46 |
| | | | | | | | | This isn't completely possible because some interfaces cause syntax or load errors. We need to keep a list of interfaces to filter out to get something that loads. This adds gxpp as a requirement to build qarsh. | ||||
* | Clean the SELinux directory after install | Nathan Straz | 2009-10-22 | 1 | -0/+1 |
| | | | | This will prevent temp files from being packaged | ||||
* | Add SELinux policy for qarshd | Nathan Straz | 2009-10-22 | 6 | -1/+116 |
| | | | | We generate the policy based on which services we want to test. | ||||
* | Only look up local username if remote not specified | Nathan Straz | 2009-10-08 | 1 | -4/+4 |
| | | | | | | In rare cases the getpwuid() call will fail because of a YP or LDAP timeout. If we're not using the local username we shouldn't even bother looking it up. | ||||
* | Add quiet option, document exit status | Nathan Straz | 2009-10-01 | 2 | -7/+16 |
| | |||||
* | Handle growing files better in qacp | Nathan Straz | 2009-09-14 | 1 | -3/+19 |
| | | | | | | Cache the results from the rstat packet and use that file size during the following sendfile so we don't send more than qacp is expecting. This should allow us to qacp root@host:/var/log/messages | ||||
* | Check Makefile to make an archive from gitv1.24-2 | Nathan Straz | 2009-04-17 | 1 | -11/+7 |
| | |||||
* | Fix up spec file to work with proper tarballs | Nathan Straz | 2009-04-17 | 1 | -8/+11 |
| | |||||
* | Bump version for new buildv1.24-1 | Nathan Straz | 2009-04-17 | 1 | -1/+9 |
| | |||||
* | [qarsh] Handle a very broken qarshd | Nathan Straz | 2009-03-27 | 1 | -1/+5 |
| | | | | | | If qarshd is broken enough that it can't load libxml2.so, it won't return an XML packet which we can parse. set_remote_user() really needs to error out of we didn't get a packet back. | ||||
* | [btime] Increase time to wait for response | Nathan Straz | 2009-03-27 | 1 | -1/+1 |
| | | | | | A quarter of a second may be too short for some connections. Increasing it to half a second should make it more reliable. | ||||
* | [btimec] Fail if the host is down | Nathan Straz | 2009-03-27 | 1 | -1/+3 |
| | | | | Make btimec return proper exit codes so it is more useful in scripts. | ||||
* | [qacp] Fix improper free when connect fails | Nathan Straz | 2009-02-05 | 1 | -5/+5 |
| | | | | | Freeing from the middle of an allocated string is not right. Keep a pointer to the strdup so we can free it correctly. | ||||
* | [qarsh] Remove continue which could make qarsh hang | Nathan Straz | 2009-01-08 | 1 | -4/+0 |
| | | | | | | | | | I don't know how, but I found one instance of qarsh looping through the pselect loop with a one second timeout. If the command has exited and the output file descriptors are all closed, we fall onto this continue which prevents us from getting to the break at the end of the loop. The only thing the continue skips over is that check which we really should check, so remove the continue. | ||||
* | [qacp] Check that we have two or more paths | Nathan Straz | 2008-12-01 | 1 | -1/+1 |
| | |||||
* | Force btimed to be an IPv4 service | Nathan Straz | 2008-11-25 | 1 | -0/+1 |
| | | | | | When we tried it out on Fedora 10, it was sending responses to IPv6 addresses and returning ENETUNREACH (Network is unreachable). | ||||
* | Bump version to include pselect speedup.v1.23-1 | Nathan Straz | 2008-11-10 | 1 | -1/+5 |
| |