- Update from NSA
Merged security_setupns() from Chad Sellers. - fix selinuxenabled man page
This commit is contained in:
parent
661867eccf
commit
67d0acbf49
@ -37,3 +37,4 @@ libselinux-1.23.7.tgz
|
||||
libselinux-1.23.8.tgz
|
||||
libselinux-1.23.10.tgz
|
||||
libselinux-1.23.11.tgz
|
||||
libselinux-1.24.1.tgz
|
||||
|
@ -1,66 +1,12 @@
|
||||
--- libselinux-1.23.10/man/man8/selinux.8.rhat 2005-04-29 14:07:14.000000000 -0400
|
||||
+++ libselinux-1.23.10/man/man8/selinux.8 2005-05-11 10:56:10.000000000 -0400
|
||||
@@ -1,4 +1,4 @@
|
||||
-.TH "selinux" "8" "11 Aug 2004" "dwalsh@redhat.com" "SELinux Command Line documentation"
|
||||
+.TH "selinux" "8" "29 Apr 2005" "dwalsh@redhat.com" "SELinux Command Line documentation"
|
||||
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxenabled.8 libselinux-1.23.11/man/man8/selinuxenabled.8
|
||||
--- nsalibselinux/man/man8/selinuxenabled.8 2004-11-02 14:26:19.000000000 -0500
|
||||
+++ libselinux-1.23.11/man/man8/selinuxenabled.8 2005-06-29 15:57:28.000000000 -0400
|
||||
@@ -7,7 +7,7 @@
|
||||
.SH "DESCRIPTION"
|
||||
.B selinuxenabled
|
||||
Indicates whether SELinux is enabled or disabled. It exits with status 0
|
||||
-if SELinux is enabled and -256 if it is not enabled.
|
||||
+if SELinux is enabled and 1 if it is not enabled.
|
||||
|
||||
.SH "NAME"
|
||||
selinux \- NSA Security-Enhanced Linux (SELinux)
|
||||
@@ -62,11 +62,22 @@
|
||||
.B system-config-securitylevel
|
||||
allows customization of these booleans and tunables.
|
||||
|
||||
+.br
|
||||
+Many domains that are protected by SELinux also include selinux man pages explainging how to customize their policy.
|
||||
+
|
||||
+.SH FILE LABELING
|
||||
+
|
||||
+All files, directories, devices ... have a security context/label associated with them. These context are stored in the extended attributes of the file system.
|
||||
+Problems with SELinux often arise from the file system being mislabeled. This can be caused by booting the machine with a non selinux kernel. If you see an error message containing file_t, that is usually a good indicator that you have a serious problem with file system labeling.
|
||||
+.br
|
||||
+The best way to relabel the file system is to create the flag file /.autorelabel and reboot. system-config-securitylevel, also has this capability. The restorcon/fixfiles commands are also available for relabeling files.
|
||||
+
|
||||
.SH AUTHOR
|
||||
This manual page was written by Dan Walsh <dwalsh@redhat.com>.
|
||||
|
||||
.SH "SEE ALSO"
|
||||
-booleans(8), setsebool(8), selinuxenabled(8), togglesebool(8)
|
||||
+booleans(8), setsebool(8), selinuxenabled(8), togglesebool(8), restorecon(8), setfiles(8), ftpd_selinux(8), named_selinux(8), rsync_selinux(8), httpd_selinux(8), nfs_selinux(8), samba_selinux(8), kerberos_selinux(8), nis_selinux(8), ypbind_selinux(8)
|
||||
+
|
||||
|
||||
.SH FILES
|
||||
/etc/selinux/config
|
||||
--- libselinux-1.23.10/utils/avcstat.c.rhat 2005-04-29 14:07:14.000000000 -0400
|
||||
+++ libselinux-1.23.10/utils/avcstat.c 2005-05-11 10:57:30.000000000 -0400
|
||||
@@ -90,12 +90,15 @@
|
||||
|
||||
int main(int argc, char **argv)
|
||||
{
|
||||
+ struct avc_cache_stats tot, rel, last;
|
||||
int fd, i, cumulative = 0;
|
||||
struct sigaction sa;
|
||||
char avcstatfile[PATH_MAX];
|
||||
snprintf(avcstatfile, sizeof avcstatfile, "%s%s", selinux_mnt, DEF_STAT_FILE);
|
||||
progname = basename(argv[0]);
|
||||
|
||||
+ memset(&last, 0, sizeof(last));
|
||||
+
|
||||
while((i = getopt(argc, argv, "cf:h?-")) != -1) {
|
||||
switch (i) {
|
||||
case 'c':
|
||||
@@ -144,7 +147,6 @@
|
||||
for (i = 0;; i++) {
|
||||
char *line;
|
||||
ssize_t ret, parsed = 0;
|
||||
- struct avc_cache_stats tot, rel, last;
|
||||
|
||||
memset(buf, 0, DEF_BUF_SIZE);
|
||||
ret = read(fd, buf, DEF_BUF_SIZE);
|
||||
@@ -166,7 +168,6 @@
|
||||
"hits", "misses", "allocs", "reclaims", "frees");
|
||||
|
||||
memset(&tot, 0, sizeof(tot));
|
||||
- memset(&last, 0, sizeof(last));
|
||||
|
||||
while ((line = strtok(NULL, "\n"))) {
|
||||
struct avc_cache_stats tmp;
|
||||
Dan Walsh, <dwalsh@redhat.com>
|
||||
|
@ -1,10 +1,11 @@
|
||||
Summary: SELinux library and simple utilities
|
||||
Name: libselinux
|
||||
Version: 1.23.11
|
||||
Version: 1.24.1
|
||||
Release: 1
|
||||
License: Public domain (uncopyrighted)
|
||||
Group: System Environment/Libraries
|
||||
Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
|
||||
Patch: libselinux-rhat.patch
|
||||
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
|
||||
|
||||
@ -34,6 +35,7 @@ needed for developing SELinux applications.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch -p1 -b .rhat
|
||||
|
||||
%build
|
||||
make CFLAGS="-g %{optflags}"
|
||||
@ -83,6 +85,11 @@ rm -rf ${RPM_BUILD_ROOT}
|
||||
%{_mandir}/man8/*
|
||||
|
||||
%changelog
|
||||
* Wed Jun 29 2005 Dan Walsh <dwalsh@redhat.com> 1.24.1-1
|
||||
- Update from NSA
|
||||
* Merged security_setupns() from Chad Sellers.
|
||||
- fix selinuxenabled man page
|
||||
|
||||
* Fri May 20 2005 Dan Walsh <dwalsh@redhat.com> 1.23.11-1
|
||||
- Update from NSA
|
||||
* Merged avcstat and selinux man page from Dan Walsh.
|
||||
|
Loading…
Reference in New Issue
Block a user