":" should be allowed for file trans names

This commit is contained in:
Dan Walsh 2013-07-16 12:35:19 -04:00
parent 9e5a835ab1
commit b640f10250
2 changed files with 80 additions and 1 deletions

View File

@ -1,3 +1,69 @@
diff --git a/checkpolicy/checkmodule.8 b/checkpolicy/checkmodule.8
index 40f73c5..2a7ab5c 100644
--- a/checkpolicy/checkmodule.8
+++ b/checkpolicy/checkmodule.8
@@ -3,7 +3,7 @@
checkmodule \- SELinux policy module compiler
.SH SYNOPSIS
.B checkmodule
-.I "[-h] [-b] [-m] [-M] [-U handle_unknown ] [-V] [-o output_file] [input_file]"
+.I "[\-h] [\-b] [\-m] [\-M] [\-U handle_unknown ] [\-V] [\-o output_file] [input_file]"
.SH "DESCRIPTION"
This manual page describes the
.BR checkmodule
@@ -12,7 +12,7 @@ command.
.B checkmodule
is a program that checks and compiles a SELinux security policy module
into a binary representation. It can generate either a base policy
-module (default) or a non-base policy module (-m option); typically,
+module (default) or a non-base policy module (\-m option); typically,
you would build a non-base policy module to add to an existing module
store that already has a base module provided by the base policy. Use
semodule_package to combine this module with its optional file
@@ -48,7 +48,7 @@ Specify how the kernel should handle unknown classes or permissions (deny, allow
.SH EXAMPLE
.nf
# Build a MLS/MCS-enabled non-base policy module.
-$ checkmodule -M -m httpd.te -o httpd.mod
+$ checkmodule \-M \-m httpd.te \-o httpd.mod
.fi
.SH "SEE ALSO"
diff --git a/checkpolicy/checkpolicy.8 b/checkpolicy/checkpolicy.8
index 6826938..0086bdc 100644
--- a/checkpolicy/checkpolicy.8
+++ b/checkpolicy/checkpolicy.8
@@ -3,7 +3,7 @@
checkpolicy \- SELinux policy compiler
.SH SYNOPSIS
.B checkpolicy
-.I "[-b] [-d] [-M] [-c policyvers] [-o output_file] [input_file]"
+.I "[\-b] [\-d] [\-M] [\-c policyvers] [\-o output_file] [input_file]"
.br
.SH "DESCRIPTION"
This manual page describes the
@@ -14,7 +14,7 @@ command.
is a program that checks and compiles a SELinux security policy configuration
into a binary representation that can be loaded into the kernel. If no
input file name is specified, checkpolicy will attempt to read from
-policy.conf or policy, depending on whether the -b flag is specified.
+policy.conf or policy, depending on whether the \-b flag is specified.
.SH OPTIONS
.TP
diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c
index 544f235..292f568 100644
--- a/checkpolicy/checkpolicy.c
+++ b/checkpolicy/checkpolicy.c
@@ -402,7 +402,7 @@ int main(int argc, char **argv)
{"binary", no_argument, NULL, 'b'},
{"debug", no_argument, NULL, 'd'},
{"version", no_argument, NULL, 'V'},
- {"handle-unknown", optional_argument, NULL, 'U'},
+ {"handle-unknown", required_argument, NULL, 'U'},
{"mls", no_argument, NULL, 'M'},
{"help", no_argument, NULL, 'h'},
{NULL, 0, NULL, 0}
diff --git a/checkpolicy/policy_scan.l b/checkpolicy/policy_scan.l diff --git a/checkpolicy/policy_scan.l b/checkpolicy/policy_scan.l
index bba7667..ab046cc 100644 index bba7667..ab046cc 100644
--- a/checkpolicy/policy_scan.l --- a/checkpolicy/policy_scan.l
@ -11,3 +77,16 @@ index bba7667..ab046cc 100644
{letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))* { return(IDENTIFIER); } {letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))* { return(IDENTIFIER); }
{alnum}*{letter}{alnum}* { return(FILESYSTEM); } {alnum}*{letter}{alnum}* { return(FILESYSTEM); }
{digit}+|0x{hexval}+ { return(NUMBER); } {digit}+|0x{hexval}+ { return(NUMBER); }
diff --git a/checkpolicy/test/Makefile b/checkpolicy/test/Makefile
index 0731e89..63b4d24 100644
--- a/checkpolicy/test/Makefile
+++ b/checkpolicy/test/Makefile
@@ -3,7 +3,7 @@
#
PREFIX ?= $(DESTDIR)/usr
BINDIR=$(PREFIX)/bin
-LIBDIR=$(PREFIX)/lib
+LIBDIR ?= $(PREFIX)/lib
INCLUDEDIR ?= $(PREFIX)/include
CFLAGS ?= -g -Wall -W -Werror -O2 -pipe

View File

@ -3,7 +3,7 @@
Summary: SELinux policy compiler Summary: SELinux policy compiler
Name: checkpolicy Name: checkpolicy
Version: 2.1.12 Version: 2.1.12
Release: 3%{?dist} Release: 4%{?dist}
License: GPLv2 License: GPLv2
Group: Development/System Group: Development/System
Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz