rpms/libselinux
6
0
Fork 0
Code Issues Pull Requests Releases Activity

- Update from NSA

Browse Source 
Merged security_setupns() from Chad Sellers.
- fix selinuxenabled man page
This commit is contained in:
Daniel J Walsh 2005-06-29 20:04:50 +00:00
parent 661867eccf
commit 67d0acbf49
4 changed files with 20 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.cvsignore
View File

@ -37,3 +37,4 @@ libselinux-1.23.7.tgz
libselinux-1.23.8.tgz libselinux-1.23.8.tgz
libselinux-1.23.10.tgz libselinux-1.23.10.tgz
libselinux-1.23.11.tgz libselinux-1.23.11.tgz
libselinux-1.24.1.tgz

74
libselinux-rhat.patch
View File

@ -1,66 +1,12 @@
--- libselinux-1.23.10/man/man8/selinux.8.rhat 2005-04-29 14:07:14.000000000 -0400 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxenabled.8 libselinux-1.23.11/man/man8/selinuxenabled.8
+++ libselinux-1.23.10/man/man8/selinux.8 2005-05-11 10:56:10.000000000 -0400 --- nsalibselinux/man/man8/selinuxenabled.8 2004-11-02 14:26:19.000000000 -0500
@@ -1,4 +1,4 @@ +++ libselinux-1.23.11/man/man8/selinuxenabled.8 2005-06-29 15:57:28.000000000 -0400
-.TH "selinux" "8" "11 Aug 2004" "dwalsh@redhat.com" "SELinux Command Line documentation" @@ -7,7 +7,7 @@
+.TH "selinux" "8" "29 Apr 2005" "dwalsh@redhat.com" "SELinux Command Line documentation" .SH "DESCRIPTION"
.B selinuxenabled
Indicates whether SELinux is enabled or disabled. It exits with status 0
-if SELinux is enabled and -256 if it is not enabled.
+if SELinux is enabled and 1 if it is not enabled.
.SH "NAME"
selinux \- NSA Security-Enhanced Linux (SELinux)
@@ -62,11 +62,22 @@
.B system-config-securitylevel
allows customization of these booleans and tunables.
+.br
+Many domains that are protected by SELinux also include selinux man pages explainging how to customize their policy.
+
+.SH FILE LABELING
+
+All files, directories, devices ... have a security context/label associated with them. These context are stored in the extended attributes of the file system.
+Problems with SELinux often arise from the file system being mislabeled. This can be caused by booting the machine with a non selinux kernel. If you see an error message containing file_t, that is usually a good indicator that you have a serious problem with file system labeling.
+.br
+The best way to relabel the file system is to create the flag file /.autorelabel and reboot. system-config-securitylevel, also has this capability. The restorcon/fixfiles commands are also available for relabeling files.
+
.SH AUTHOR .SH AUTHOR
This manual page was written by Dan Walsh <dwalsh@redhat.com>. Dan Walsh, <dwalsh@redhat.com>
.SH "SEE ALSO"
-booleans(8), setsebool(8), selinuxenabled(8), togglesebool(8)
+booleans(8), setsebool(8), selinuxenabled(8), togglesebool(8), restorecon(8), setfiles(8), ftpd_selinux(8), named_selinux(8), rsync_selinux(8), httpd_selinux(8), nfs_selinux(8), samba_selinux(8), kerberos_selinux(8), nis_selinux(8), ypbind_selinux(8)
+
.SH FILES
/etc/selinux/config
--- libselinux-1.23.10/utils/avcstat.c.rhat 2005-04-29 14:07:14.000000000 -0400
+++ libselinux-1.23.10/utils/avcstat.c 2005-05-11 10:57:30.000000000 -0400
@@ -90,12 +90,15 @@
int main(int argc, char **argv)
{
+ struct avc_cache_stats tot, rel, last;
int fd, i, cumulative = 0;
struct sigaction sa;
char avcstatfile[PATH_MAX];
snprintf(avcstatfile, sizeof avcstatfile, "%s%s", selinux_mnt, DEF_STAT_FILE);
progname = basename(argv[0]);
+ memset(&last, 0, sizeof(last));
+
while((i = getopt(argc, argv, "cf:h?-")) != -1) {
switch (i) {
case 'c':
@@ -144,7 +147,6 @@
for (i = 0;; i++) {
char *line;
ssize_t ret, parsed = 0;
- struct avc_cache_stats tot, rel, last;
memset(buf, 0, DEF_BUF_SIZE);
ret = read(fd, buf, DEF_BUF_SIZE);
@@ -166,7 +168,6 @@
"hits", "misses", "allocs", "reclaims", "frees");
memset(&tot, 0, sizeof(tot));
- memset(&last, 0, sizeof(last));
while ((line = strtok(NULL, "\n"))) {
struct avc_cache_stats tmp;

9
libselinux.spec
View File

@ -1,10 +1,11 @@
Summary: SELinux library and simple utilities Summary: SELinux library and simple utilities
Name: libselinux Name: libselinux
Version: 1.23.11 Version: 1.24.1
Release: 1 Release: 1
License: Public domain (uncopyrighted) License: Public domain (uncopyrighted)
Group: System Environment/Libraries Group: System Environment/Libraries
Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
Patch: libselinux-rhat.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
@ -34,6 +35,7 @@ needed for developing SELinux applications.
%prep %prep
%setup -q %setup -q
%patch -p1 -b .rhat
%build %build
make CFLAGS="-g %{optflags}" make CFLAGS="-g %{optflags}"
@ -83,6 +85,11 @@ rm -rf ${RPM_BUILD_ROOT}
%{_mandir}/man8/* %{_mandir}/man8/*
%changelog %changelog
* Wed Jun 29 2005 Dan Walsh <dwalsh@redhat.com> 1.24.1-1
- Update from NSA
* Merged security_setupns() from Chad Sellers.
- fix selinuxenabled man page
* Fri May 20 2005 Dan Walsh <dwalsh@redhat.com> 1.23.11-1 * Fri May 20 2005 Dan Walsh <dwalsh@redhat.com> 1.23.11-1
- Update from NSA - Update from NSA
* Merged avcstat and selinux man page from Dan Walsh. * Merged avcstat and selinux man page from Dan Walsh.

2
sources
View File

@ -1 +1 @@
7183899028e4c8279742ea68b3f7f237 libselinux-1.23.11.tgz c3a827ad8f38eaefb82478cf80a641d7 libselinux-1.24.1.tgz