":" should be allowed for file trans names
This commit is contained in:
parent
9e5a835ab1
commit
b640f10250
@ -1,3 +1,69 @@
|
|||||||
|
diff --git a/checkpolicy/checkmodule.8 b/checkpolicy/checkmodule.8
|
||||||
|
index 40f73c5..2a7ab5c 100644
|
||||||
|
--- a/checkpolicy/checkmodule.8
|
||||||
|
+++ b/checkpolicy/checkmodule.8
|
||||||
|
@@ -3,7 +3,7 @@
|
||||||
|
checkmodule \- SELinux policy module compiler
|
||||||
|
.SH SYNOPSIS
|
||||||
|
.B checkmodule
|
||||||
|
-.I "[-h] [-b] [-m] [-M] [-U handle_unknown ] [-V] [-o output_file] [input_file]"
|
||||||
|
+.I "[\-h] [\-b] [\-m] [\-M] [\-U handle_unknown ] [\-V] [\-o output_file] [input_file]"
|
||||||
|
.SH "DESCRIPTION"
|
||||||
|
This manual page describes the
|
||||||
|
.BR checkmodule
|
||||||
|
@@ -12,7 +12,7 @@ command.
|
||||||
|
.B checkmodule
|
||||||
|
is a program that checks and compiles a SELinux security policy module
|
||||||
|
into a binary representation. It can generate either a base policy
|
||||||
|
-module (default) or a non-base policy module (-m option); typically,
|
||||||
|
+module (default) or a non-base policy module (\-m option); typically,
|
||||||
|
you would build a non-base policy module to add to an existing module
|
||||||
|
store that already has a base module provided by the base policy. Use
|
||||||
|
semodule_package to combine this module with its optional file
|
||||||
|
@@ -48,7 +48,7 @@ Specify how the kernel should handle unknown classes or permissions (deny, allow
|
||||||
|
.SH EXAMPLE
|
||||||
|
.nf
|
||||||
|
# Build a MLS/MCS-enabled non-base policy module.
|
||||||
|
-$ checkmodule -M -m httpd.te -o httpd.mod
|
||||||
|
+$ checkmodule \-M \-m httpd.te \-o httpd.mod
|
||||||
|
.fi
|
||||||
|
|
||||||
|
.SH "SEE ALSO"
|
||||||
|
diff --git a/checkpolicy/checkpolicy.8 b/checkpolicy/checkpolicy.8
|
||||||
|
index 6826938..0086bdc 100644
|
||||||
|
--- a/checkpolicy/checkpolicy.8
|
||||||
|
+++ b/checkpolicy/checkpolicy.8
|
||||||
|
@@ -3,7 +3,7 @@
|
||||||
|
checkpolicy \- SELinux policy compiler
|
||||||
|
.SH SYNOPSIS
|
||||||
|
.B checkpolicy
|
||||||
|
-.I "[-b] [-d] [-M] [-c policyvers] [-o output_file] [input_file]"
|
||||||
|
+.I "[\-b] [\-d] [\-M] [\-c policyvers] [\-o output_file] [input_file]"
|
||||||
|
.br
|
||||||
|
.SH "DESCRIPTION"
|
||||||
|
This manual page describes the
|
||||||
|
@@ -14,7 +14,7 @@ command.
|
||||||
|
is a program that checks and compiles a SELinux security policy configuration
|
||||||
|
into a binary representation that can be loaded into the kernel. If no
|
||||||
|
input file name is specified, checkpolicy will attempt to read from
|
||||||
|
-policy.conf or policy, depending on whether the -b flag is specified.
|
||||||
|
+policy.conf or policy, depending on whether the \-b flag is specified.
|
||||||
|
|
||||||
|
.SH OPTIONS
|
||||||
|
.TP
|
||||||
|
diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c
|
||||||
|
index 544f235..292f568 100644
|
||||||
|
--- a/checkpolicy/checkpolicy.c
|
||||||
|
+++ b/checkpolicy/checkpolicy.c
|
||||||
|
@@ -402,7 +402,7 @@ int main(int argc, char **argv)
|
||||||
|
{"binary", no_argument, NULL, 'b'},
|
||||||
|
{"debug", no_argument, NULL, 'd'},
|
||||||
|
{"version", no_argument, NULL, 'V'},
|
||||||
|
- {"handle-unknown", optional_argument, NULL, 'U'},
|
||||||
|
+ {"handle-unknown", required_argument, NULL, 'U'},
|
||||||
|
{"mls", no_argument, NULL, 'M'},
|
||||||
|
{"help", no_argument, NULL, 'h'},
|
||||||
|
{NULL, 0, NULL, 0}
|
||||||
diff --git a/checkpolicy/policy_scan.l b/checkpolicy/policy_scan.l
|
diff --git a/checkpolicy/policy_scan.l b/checkpolicy/policy_scan.l
|
||||||
index bba7667..ab046cc 100644
|
index bba7667..ab046cc 100644
|
||||||
--- a/checkpolicy/policy_scan.l
|
--- a/checkpolicy/policy_scan.l
|
||||||
@ -11,3 +77,16 @@ index bba7667..ab046cc 100644
|
|||||||
{letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))* { return(IDENTIFIER); }
|
{letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))* { return(IDENTIFIER); }
|
||||||
{alnum}*{letter}{alnum}* { return(FILESYSTEM); }
|
{alnum}*{letter}{alnum}* { return(FILESYSTEM); }
|
||||||
{digit}+|0x{hexval}+ { return(NUMBER); }
|
{digit}+|0x{hexval}+ { return(NUMBER); }
|
||||||
|
diff --git a/checkpolicy/test/Makefile b/checkpolicy/test/Makefile
|
||||||
|
index 0731e89..63b4d24 100644
|
||||||
|
--- a/checkpolicy/test/Makefile
|
||||||
|
+++ b/checkpolicy/test/Makefile
|
||||||
|
@@ -3,7 +3,7 @@
|
||||||
|
#
|
||||||
|
PREFIX ?= $(DESTDIR)/usr
|
||||||
|
BINDIR=$(PREFIX)/bin
|
||||||
|
-LIBDIR=$(PREFIX)/lib
|
||||||
|
+LIBDIR ?= $(PREFIX)/lib
|
||||||
|
INCLUDEDIR ?= $(PREFIX)/include
|
||||||
|
|
||||||
|
CFLAGS ?= -g -Wall -W -Werror -O2 -pipe
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
Summary: SELinux policy compiler
|
Summary: SELinux policy compiler
|
||||||
Name: checkpolicy
|
Name: checkpolicy
|
||||||
Version: 2.1.12
|
Version: 2.1.12
|
||||||
Release: 3%{?dist}
|
Release: 4%{?dist}
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
Group: Development/System
|
Group: Development/System
|
||||||
Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
|
Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
|
||||||
|
Loading…
Reference in New Issue
Block a user