From 876a4a8ad903b4a026ac992e742da09b759cfc0b Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Fri, 28 Jun 2013 06:10:55 -0400 Subject: [PATCH] Add sefcontext_compile.8 man page - Add Russell Coker patch to fix man pages - Add patches from Laurent Bigonville to fix Makefiles for debian. - modify spec file to use %{_prefix}/lib --- libselinux-rhat.patch | 137 ++++++++++++++++++++++++++++++++++++++++++ libselinux.spec | 47 ++++++++------- 2 files changed, 163 insertions(+), 21 deletions(-) diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch index d19cc56..98da2bc 100644 --- a/libselinux-rhat.patch +++ b/libselinux-rhat.patch @@ -42,6 +42,44 @@ index c6837fc..de62d26 100644 .sp .BI "int selinux_check_access(const security_context_t " scon ", const security_context_t " tcon ", const char *" class ", const char *" perm ", void *" auditdata); .sp +diff --git a/libselinux/man/man3/security_disable.3 b/libselinux/man/man3/security_disable.3 +index aeb78da..c75ce0d 100644 +--- a/libselinux/man/man3/security_disable.3 ++++ b/libselinux/man/man3/security_disable.3 +@@ -17,7 +17,7 @@ and then unmounts + This function can only be called at runtime and prior to the initial policy + load. After the initial policy load, the SELinux kernel code cannot be disabled, + but only placed in "permissive" mode by using +-.BR setenforce (1). ++.BR security_setenforce(3). + . + .SH "RETURN VALUE" + .BR security_disable () +@@ -27,4 +27,4 @@ returns zero on success or \-1 on error. + This manual page has been written by Guido Trentalancia + . + .SH "SEE ALSO" +-.BR selinux (8), " setenforce "(3) ++.BR selinux (8), " setenforce "(8) +diff --git a/libselinux/man/man3/security_load_policy.3 b/libselinux/man/man3/security_load_policy.3 +index c4439bf..af56163 100644 +--- a/libselinux/man/man3/security_load_policy.3 ++++ b/libselinux/man/man3/security_load_policy.3 +@@ -43,7 +43,7 @@ unmounted using a call to + .BR security_disable (3). + Therefore, after the initial policy load, the only operational changes + are those permitted by +-.BR setenforce (3) ++.BR security_setenforce (3) + (i.e. eventually setting the framework in permissive mode rather than + in enforcing one). + . +@@ -54,4 +54,4 @@ Returns zero on success or \-1 on error. + This manual page has been written by Guido Trentalancia + . + .SH "SEE ALSO" +-.BR selinux "(8), " security_disable "(3), " setenforce "(1) ++.BR selinux "(8), " security_disable "(3), " setenforce "(8) diff --git a/libselinux/man/man3/selinux_binary_policy_path.3 b/libselinux/man/man3/selinux_binary_policy_path.3 index ec97dcf..503c52c 100644 --- a/libselinux/man/man3/selinux_binary_policy_path.3 @@ -312,6 +350,16 @@ index b834577..0000000 -. -.SH "SEE ALSO" -.BR selinux "(8), " selinux_raw_context_to_color "(3), " selinux_colors_path "(3)" +diff --git a/libselinux/man/man8/getenforce.8 b/libselinux/man/man8/getenforce.8 +index 906279f..e0924d8 100644 +--- a/libselinux/man/man8/getenforce.8 ++++ b/libselinux/man/man8/getenforce.8 +@@ -1,4 +1,4 @@ +-.TH "getenforce" "1" "7 April 2004" "dwalsh@redhat.com" "SELinux Command Line documentation" ++.TH "getenforce" "8" "7 April 2004" "dwalsh@redhat.com" "SELinux Command Line documentation" + .SH "NAME" + getenforce \- get the current mode of SELinux + . diff --git a/libselinux/man/man8/matchpathcon.8 b/libselinux/man/man8/matchpathcon.8 index 368991f..5d60789 100644 --- a/libselinux/man/man8/matchpathcon.8 @@ -335,6 +383,31 @@ index 368991f..5d60789 100644 .B \-V Verify file context on disk matches defaults . +diff --git a/libselinux/man/man8/sefcontext_compile.8 b/libselinux/man/man8/sefcontext_compile.8 +new file mode 100644 +index 0000000..c37ed4a +--- /dev/null ++++ b/libselinux/man/man8/sefcontext_compile.8 +@@ -0,0 +1,19 @@ ++.TH "sefcontext_compile" "8" "27 Jun 2013" "dwalsh@redhat.com" "SELinux Command Line documentation" ++.SH "NAME" ++sefcontext_compile \- compile file context regular expression files ++. ++.SH "SYNOPSIS" ++.B sefcontext_compile inputfile ++. ++.SH "DESCRIPTION" ++sefcontext_compile is used libsemanage to compile file context regular expressions into prce format. sefcontext_compile writes the compiled prce file with the .bin suffix appended "inputfile".bin. This compiled file is used by libselinux file labeling functions. ++ ++.SH "EXAMPLE" ++sefcontext_compile /etc/selinux/targeted/contexts/files/file_contexts ++. ++.SH AUTHOR ++Dan Walsh, ++. ++.SH "SEE ALSO" ++.BR selinux (8), ++.BR semanage (8), diff --git a/libselinux/man/man8/selinux.8 b/libselinux/man/man8/selinux.8 index a328866..50868e4 100644 --- a/libselinux/man/man8/selinux.8 @@ -394,6 +467,70 @@ index a328866..50868e4 100644 .BR sepolicy(8) Every confined service on the system has a man page in the following format: +diff --git a/libselinux/man/man8/selinuxenabled.8 b/libselinux/man/man8/selinuxenabled.8 +index e0b5201..ac20587 100644 +--- a/libselinux/man/man8/selinuxenabled.8 ++++ b/libselinux/man/man8/selinuxenabled.8 +@@ -1,4 +1,4 @@ +-.TH "selinuxenabled" "1" "7 April 2004" "dwalsh@redhat.com" "SELinux Command Line documentation" ++.TH "selinuxenabled" "8" "7 April 2004" "dwalsh@redhat.com" "SELinux Command Line documentation" + .SH "NAME" + selinuxenabled \- tool to be used within shell scripts to determine if selinux is enabled + . +diff --git a/libselinux/man/man8/selinuxexeccon.8 b/libselinux/man/man8/selinuxexeccon.8 +index 765cf8c..30c20ed 100644 +--- a/libselinux/man/man8/selinuxexeccon.8 ++++ b/libselinux/man/man8/selinuxexeccon.8 +@@ -1,4 +1,4 @@ +-.TH "selinuxexeccon" "1" "14 May 2011" "dwalsh@redhat.com" "SELinux Command Line documentation" ++.TH "selinuxexeccon" "8" "14 May 2011" "dwalsh@redhat.com" "SELinux Command Line documentation" + .SH "NAME" + selinuxexeccon \- report SELinux context used for this executable + . +diff --git a/libselinux/man/man8/setenforce.8 b/libselinux/man/man8/setenforce.8 +index b038da0..8a24f1c 100644 +--- a/libselinux/man/man8/setenforce.8 ++++ b/libselinux/man/man8/setenforce.8 +@@ -1,4 +1,4 @@ +-.TH "setenforce" "1" "7 April 2004" "dwalsh@redhat.com" "SELinux Command Line documentation" ++.TH "setenforce" "8" "7 April 2004" "dwalsh@redhat.com" "SELinux Command Line documentation" + .SH "NAME" + setenforce \- modify the mode SELinux is running in + . +diff --git a/libselinux/man/man8/togglesebool.8 b/libselinux/man/man8/togglesebool.8 +index 948aff1..598dc94 100644 +--- a/libselinux/man/man8/togglesebool.8 ++++ b/libselinux/man/man8/togglesebool.8 +@@ -1,4 +1,4 @@ +-.TH "togglesebool" "1" "26 Oct 2004" "sgrubb@redhat.com" "SELinux Command Line documentation" ++.TH "togglesebool" "8" "26 Oct 2004" "sgrubb@redhat.com" "SELinux Command Line documentation" + .SH "NAME" + togglesebool \- flip the current value of a SELinux boolean + . +diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile +index c4f5d4c..8f557a1 100644 +--- a/libselinux/src/Makefile ++++ b/libselinux/src/Makefile +@@ -18,9 +18,7 @@ RUBYLIBVER ?= $(shell $(RUBY) -e 'print RUBY_VERSION.split(".")[0..1].join(".")' + RUBYPLATFORM ?= $(shell $(RUBY) -e 'print RUBY_PLATFORM') + RUBYINC ?= $(shell pkg-config --cflags ruby) + RUBYINSTALL ?= $(LIBDIR)/ruby/site_ruby/$(RUBYLIBVER)/$(RUBYPLATFORM) +-LIBBASE=$(shell basename $(LIBDIR)) +- +-LDFLAGS ?= -lpcre -lpthread ++LIBBASE ?= $(shell basename $(LIBDIR)) + + VERSION = $(shell cat ../VERSION) + LIBVERSION = 1 +@@ -116,7 +114,7 @@ $(LIBA): $(OBJS) + $(RANLIB) $@ + + $(LIBSO): $(LOBJS) +- $(CC) $(CFLAGS) -shared -o $@ $^ -ldl $(LDFLAGS) -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro ++ $(CC) $(CFLAGS) -shared -o $@ $^ -lpcre -lpthread -ldl $(LDFLAGS) -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro + ln -sf $@ $(TARGET) + + $(LIBPC): $(LIBPC).in ../VERSION diff --git a/libselinux/src/audit2why.c b/libselinux/src/audit2why.c index ffe381b..560bc25 100644 --- a/libselinux/src/audit2why.c diff --git a/libselinux.spec b/libselinux.spec index aad4bdc..b7fe3c9 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -10,7 +10,7 @@ Summary: SELinux library and simple utilities Name: libselinux Version: 2.1.13 -Release: 15%{?dist} +Release: 16%{?dist} License: Public Domain Group: System Environment/Libraries Source: %{name}-%{version}.tgz @@ -145,13 +145,12 @@ InstallPythonWrapper() { } rm -rf %{buildroot} -mkdir -p %{buildroot}/%{_lib} +mkdir -p %{buildroot}/%{_prefix}/lib/tmpfiles.d mkdir -p %{buildroot}/%{_libdir} mkdir -p %{buildroot}%{_includedir} mkdir -p %{buildroot}%{_sbindir} mkdir -p %{buildroot}/var/run/setrans -mkdir -p %{buildroot}/usr/lib/tmpfiles.d -echo "d /var/run/setrans 0755 root root" > %{buildroot}/usr/lib/tmpfiles.d/libselinux.conf +echo "d /var/run/setrans 0755 root root" > %{buildroot}/%{_prefix}/lib/tmpfiles.d/libselinux.conf InstallPythonWrapper %{__python} %if 0%{?with_python3} @@ -193,7 +192,7 @@ rm -rf %{buildroot} %{_libdir}/libselinux.so.* /var/run/setrans %{_sbindir}/sefcontext_compile -/usr/lib/tmpfiles.d/libselinux.conf +%{_prefix}/lib/tmpfiles.d/libselinux.conf %files utils %defattr(-,root,root,-) @@ -241,6 +240,12 @@ rm -rf %{buildroot} %{ruby_sitearch}/selinux.so %changelog +* Fri Jun 28 2013 Dan Walsh - 2.1.13-16 +- Add sefcontext_compile.8 man page +- Add Russell Coker patch to fix man pages +- Add patches from Laurent Bigonville to fix Makefiles for debian. +- modify spec file to use %{_prefix}/lib + * Mon May 6 2013 Dan Walsh - 2.1.13-15 - Fix patch that Handles substitutions for / @@ -763,7 +768,7 @@ pthread_key_delete, and is ignored. - add python3 subpackage from David Malcolm * Wed Mar 24 2010 Dan Walsh - 2.0.94-1 - * Set errno=EINVAL for invalid contexts from Dan Walsh. +* Set errno=EINVAL for invalid contexts from Dan Walsh. * Tue Mar 16 2010 Dan Walsh - 2.0.93-1 - Update to upstream @@ -1241,8 +1246,8 @@ pthread_key_delete, and is ignored. * Fri Jun 1 2007 Dan Walsh - 2.0.18-1 - Upgrade to upstream - * Merged patch to reduce size of libselinux and remove need for libsepol for embedded systems from Yuichi Nakamura. - This patch also turns the link-time dependency on libsepol into a runtime (dlopen) dependency even in the non-embedded case. +- Merged patch to reduce size of libselinux and remove need for libsepol for embedded systems from Yuichi Nakamura. + This patch also turns the link-time dependency on libsepol into a runtime (dlopen) dependency even in the non-embedded case. 2.0.17 2007-05-31 * Updated Lindent script and reindented two header files. @@ -1290,9 +1295,9 @@ pthread_key_delete, and is ignored. - Add stdint.h to avc.h * Mon Mar 12 2007 Dan Walsh - 2.0.7-1 - * Merged patch to drop support for CACHETRANS=0 config option from Steve Grubb. - * Merged patch to drop support for old /etc/sysconfig/selinux and - /etc/security policy file layout from Steve Grubb. +- Merged patch to drop support for CACHETRANS=0 config option from Steve Grubb. +- Merged patch to drop support for old /etc/sysconfig/selinux and +- /etc/security policy file layout from Steve Grubb. * Thu Mar 8 2007 Dan Walsh - 2.0.5-2 - Do not fail on permission denied in getsebool @@ -1312,13 +1317,13 @@ pthread_key_delete, and is ignored. * Sun Feb 18 2007 Dan Walsh - 2.0.1-1 - Upgrade to upstream - * Merged patch from Todd Miller to convert int types over to C99 style. + * Merged patch from Todd Miller to convert int types over to C99 style. * Wed Feb 7 2007 Dan Walsh - 2.0.0-1 - * Merged patch from Todd Miller to remove sscanf in matchpathcon.c because - of the use of the non-standard format (original patch changed - for style). - * Merged patch from Todd Miller to fix memory leak in matchpathcon.c. +- Merged patch from Todd Miller to remove sscanf in matchpathcon.c because + of the use of the non-standard format (original patch changed + for style). +- Merged patch from Todd Miller to fix memory leak in matchpathcon.c. * Fri Jan 19 2007 Dan Walsh - 1.34.0-2 - Add context function to python to split context into 4 parts @@ -1499,8 +1504,8 @@ Resolves: #200110 - Check for selinux_mnt == NULL * Tue May 30 2006 Dan Walsh 1.30.11-1 - * Merged matchmediacon and trans_to_raw_context fixes from - Serge Hallyn. +- Merged matchmediacon and trans_to_raw_context fixes from + Serge Hallyn. * Fri May 26 2006 Dan Walsh 1.30.10-4 - Remove getseuser @@ -1569,7 +1574,7 @@ Resolves: #200110 - Fix booleans man page * Mon Mar 27 2006 Dan Walsh 1.30.1-1 - * Merged Makefile PYLIBVER definition patch from Dan Walsh. +- Merged Makefile PYLIBVER definition patch from Dan Walsh. * Fri Mar 10 2006 Dan Walsh 1.30-1 - Make some fixes so it will build on RHEL4 @@ -1847,8 +1852,8 @@ Resolves: #200110 - Allow set_comp on unset ranges * Wed Aug 24 2005 Dan Walsh 1.25.3-1 - * Merged context translation patch, originally by TCS, - with modifications by Dan Walsh (Red Hat). +- Merged context translation patch, originally by TCS, + with modifications by Dan Walsh (Red Hat). * Wed Aug 17 2005 Dan Walsh 1.25.2-2 - Apply translation patch