Add sefcontext_compile.8 man page

- Add Russell Coker  patch to fix man pages
- Add patches from Laurent Bigonville to fix Makefiles for debian.
- modify spec file to use %{_prefix}/lib
This commit is contained in:
Dan Walsh 2013-06-28 06:10:55 -04:00
parent 4720ddb09f
commit 876a4a8ad9
2 changed files with 163 additions and 21 deletions

View File

@ -42,6 +42,44 @@ index c6837fc..de62d26 100644
.sp .sp
.BI "int selinux_check_access(const security_context_t " scon ", const security_context_t " tcon ", const char *" class ", const char *" perm ", void *" auditdata); .BI "int selinux_check_access(const security_context_t " scon ", const security_context_t " tcon ", const char *" class ", const char *" perm ", void *" auditdata);
.sp .sp
diff --git a/libselinux/man/man3/security_disable.3 b/libselinux/man/man3/security_disable.3
index aeb78da..c75ce0d 100644
--- a/libselinux/man/man3/security_disable.3
+++ b/libselinux/man/man3/security_disable.3
@@ -17,7 +17,7 @@ and then unmounts
This function can only be called at runtime and prior to the initial policy
load. After the initial policy load, the SELinux kernel code cannot be disabled,
but only placed in "permissive" mode by using
-.BR setenforce (1).
+.BR security_setenforce(3).
.
.SH "RETURN VALUE"
.BR security_disable ()
@@ -27,4 +27,4 @@ returns zero on success or \-1 on error.
This manual page has been written by Guido Trentalancia <guido@trentalancia.com>
.
.SH "SEE ALSO"
-.BR selinux (8), " setenforce "(3)
+.BR selinux (8), " setenforce "(8)
diff --git a/libselinux/man/man3/security_load_policy.3 b/libselinux/man/man3/security_load_policy.3
index c4439bf..af56163 100644
--- a/libselinux/man/man3/security_load_policy.3
+++ b/libselinux/man/man3/security_load_policy.3
@@ -43,7 +43,7 @@ unmounted using a call to
.BR security_disable (3).
Therefore, after the initial policy load, the only operational changes
are those permitted by
-.BR setenforce (3)
+.BR security_setenforce (3)
(i.e. eventually setting the framework in permissive mode rather than
in enforcing one).
.
@@ -54,4 +54,4 @@ Returns zero on success or \-1 on error.
This manual page has been written by Guido Trentalancia <guido@trentalancia.com>
.
.SH "SEE ALSO"
-.BR selinux "(8), " security_disable "(3), " setenforce "(1)
+.BR selinux "(8), " security_disable "(3), " setenforce "(8)
diff --git a/libselinux/man/man3/selinux_binary_policy_path.3 b/libselinux/man/man3/selinux_binary_policy_path.3 diff --git a/libselinux/man/man3/selinux_binary_policy_path.3 b/libselinux/man/man3/selinux_binary_policy_path.3
index ec97dcf..503c52c 100644 index ec97dcf..503c52c 100644
--- a/libselinux/man/man3/selinux_binary_policy_path.3 --- a/libselinux/man/man3/selinux_binary_policy_path.3
@ -312,6 +350,16 @@ index b834577..0000000
-. -.
-.SH "SEE ALSO" -.SH "SEE ALSO"
-.BR selinux "(8), " selinux_raw_context_to_color "(3), " selinux_colors_path "(3)" -.BR selinux "(8), " selinux_raw_context_to_color "(3), " selinux_colors_path "(3)"
diff --git a/libselinux/man/man8/getenforce.8 b/libselinux/man/man8/getenforce.8
index 906279f..e0924d8 100644
--- a/libselinux/man/man8/getenforce.8
+++ b/libselinux/man/man8/getenforce.8
@@ -1,4 +1,4 @@
-.TH "getenforce" "1" "7 April 2004" "dwalsh@redhat.com" "SELinux Command Line documentation"
+.TH "getenforce" "8" "7 April 2004" "dwalsh@redhat.com" "SELinux Command Line documentation"
.SH "NAME"
getenforce \- get the current mode of SELinux
.
diff --git a/libselinux/man/man8/matchpathcon.8 b/libselinux/man/man8/matchpathcon.8 diff --git a/libselinux/man/man8/matchpathcon.8 b/libselinux/man/man8/matchpathcon.8
index 368991f..5d60789 100644 index 368991f..5d60789 100644
--- a/libselinux/man/man8/matchpathcon.8 --- a/libselinux/man/man8/matchpathcon.8
@ -335,6 +383,31 @@ index 368991f..5d60789 100644
.B \-V .B \-V
Verify file context on disk matches defaults Verify file context on disk matches defaults
. .
diff --git a/libselinux/man/man8/sefcontext_compile.8 b/libselinux/man/man8/sefcontext_compile.8
new file mode 100644
index 0000000..c37ed4a
--- /dev/null
+++ b/libselinux/man/man8/sefcontext_compile.8
@@ -0,0 +1,19 @@
+.TH "sefcontext_compile" "8" "27 Jun 2013" "dwalsh@redhat.com" "SELinux Command Line documentation"
+.SH "NAME"
+sefcontext_compile \- compile file context regular expression files
+.
+.SH "SYNOPSIS"
+.B sefcontext_compile inputfile
+.
+.SH "DESCRIPTION"
+sefcontext_compile is used libsemanage to compile file context regular expressions into prce format. sefcontext_compile writes the compiled prce file with the .bin suffix appended "inputfile".bin. This compiled file is used by libselinux file labeling functions.
+
+.SH "EXAMPLE"
+sefcontext_compile /etc/selinux/targeted/contexts/files/file_contexts
+.
+.SH AUTHOR
+Dan Walsh, <dwalsh@redhat.com>
+.
+.SH "SEE ALSO"
+.BR selinux (8),
+.BR semanage (8),
diff --git a/libselinux/man/man8/selinux.8 b/libselinux/man/man8/selinux.8 diff --git a/libselinux/man/man8/selinux.8 b/libselinux/man/man8/selinux.8
index a328866..50868e4 100644 index a328866..50868e4 100644
--- a/libselinux/man/man8/selinux.8 --- a/libselinux/man/man8/selinux.8
@ -394,6 +467,70 @@ index a328866..50868e4 100644
.BR sepolicy(8) .BR sepolicy(8)
Every confined service on the system has a man page in the following format: Every confined service on the system has a man page in the following format:
diff --git a/libselinux/man/man8/selinuxenabled.8 b/libselinux/man/man8/selinuxenabled.8
index e0b5201..ac20587 100644
--- a/libselinux/man/man8/selinuxenabled.8
+++ b/libselinux/man/man8/selinuxenabled.8
@@ -1,4 +1,4 @@
-.TH "selinuxenabled" "1" "7 April 2004" "dwalsh@redhat.com" "SELinux Command Line documentation"
+.TH "selinuxenabled" "8" "7 April 2004" "dwalsh@redhat.com" "SELinux Command Line documentation"
.SH "NAME"
selinuxenabled \- tool to be used within shell scripts to determine if selinux is enabled
.
diff --git a/libselinux/man/man8/selinuxexeccon.8 b/libselinux/man/man8/selinuxexeccon.8
index 765cf8c..30c20ed 100644
--- a/libselinux/man/man8/selinuxexeccon.8
+++ b/libselinux/man/man8/selinuxexeccon.8
@@ -1,4 +1,4 @@
-.TH "selinuxexeccon" "1" "14 May 2011" "dwalsh@redhat.com" "SELinux Command Line documentation"
+.TH "selinuxexeccon" "8" "14 May 2011" "dwalsh@redhat.com" "SELinux Command Line documentation"
.SH "NAME"
selinuxexeccon \- report SELinux context used for this executable
.
diff --git a/libselinux/man/man8/setenforce.8 b/libselinux/man/man8/setenforce.8
index b038da0..8a24f1c 100644
--- a/libselinux/man/man8/setenforce.8
+++ b/libselinux/man/man8/setenforce.8
@@ -1,4 +1,4 @@
-.TH "setenforce" "1" "7 April 2004" "dwalsh@redhat.com" "SELinux Command Line documentation"
+.TH "setenforce" "8" "7 April 2004" "dwalsh@redhat.com" "SELinux Command Line documentation"
.SH "NAME"
setenforce \- modify the mode SELinux is running in
.
diff --git a/libselinux/man/man8/togglesebool.8 b/libselinux/man/man8/togglesebool.8
index 948aff1..598dc94 100644
--- a/libselinux/man/man8/togglesebool.8
+++ b/libselinux/man/man8/togglesebool.8
@@ -1,4 +1,4 @@
-.TH "togglesebool" "1" "26 Oct 2004" "sgrubb@redhat.com" "SELinux Command Line documentation"
+.TH "togglesebool" "8" "26 Oct 2004" "sgrubb@redhat.com" "SELinux Command Line documentation"
.SH "NAME"
togglesebool \- flip the current value of a SELinux boolean
.
diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
index c4f5d4c..8f557a1 100644
--- a/libselinux/src/Makefile
+++ b/libselinux/src/Makefile
@@ -18,9 +18,7 @@ RUBYLIBVER ?= $(shell $(RUBY) -e 'print RUBY_VERSION.split(".")[0..1].join(".")'
RUBYPLATFORM ?= $(shell $(RUBY) -e 'print RUBY_PLATFORM')
RUBYINC ?= $(shell pkg-config --cflags ruby)
RUBYINSTALL ?= $(LIBDIR)/ruby/site_ruby/$(RUBYLIBVER)/$(RUBYPLATFORM)
-LIBBASE=$(shell basename $(LIBDIR))
-
-LDFLAGS ?= -lpcre -lpthread
+LIBBASE ?= $(shell basename $(LIBDIR))
VERSION = $(shell cat ../VERSION)
LIBVERSION = 1
@@ -116,7 +114,7 @@ $(LIBA): $(OBJS)
$(RANLIB) $@
$(LIBSO): $(LOBJS)
- $(CC) $(CFLAGS) -shared -o $@ $^ -ldl $(LDFLAGS) -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
+ $(CC) $(CFLAGS) -shared -o $@ $^ -lpcre -lpthread -ldl $(LDFLAGS) -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
ln -sf $@ $(TARGET)
$(LIBPC): $(LIBPC).in ../VERSION
diff --git a/libselinux/src/audit2why.c b/libselinux/src/audit2why.c diff --git a/libselinux/src/audit2why.c b/libselinux/src/audit2why.c
index ffe381b..560bc25 100644 index ffe381b..560bc25 100644
--- a/libselinux/src/audit2why.c --- a/libselinux/src/audit2why.c

View File

@ -10,7 +10,7 @@
Summary: SELinux library and simple utilities Summary: SELinux library and simple utilities
Name: libselinux Name: libselinux
Version: 2.1.13 Version: 2.1.13
Release: 15%{?dist} Release: 16%{?dist}
License: Public Domain License: Public Domain
Group: System Environment/Libraries Group: System Environment/Libraries
Source: %{name}-%{version}.tgz Source: %{name}-%{version}.tgz
@ -145,13 +145,12 @@ InstallPythonWrapper() {
} }
rm -rf %{buildroot} rm -rf %{buildroot}
mkdir -p %{buildroot}/%{_lib} mkdir -p %{buildroot}/%{_prefix}/lib/tmpfiles.d
mkdir -p %{buildroot}/%{_libdir} mkdir -p %{buildroot}/%{_libdir}
mkdir -p %{buildroot}%{_includedir} mkdir -p %{buildroot}%{_includedir}
mkdir -p %{buildroot}%{_sbindir} mkdir -p %{buildroot}%{_sbindir}
mkdir -p %{buildroot}/var/run/setrans mkdir -p %{buildroot}/var/run/setrans
mkdir -p %{buildroot}/usr/lib/tmpfiles.d echo "d /var/run/setrans 0755 root root" > %{buildroot}/%{_prefix}/lib/tmpfiles.d/libselinux.conf
echo "d /var/run/setrans 0755 root root" > %{buildroot}/usr/lib/tmpfiles.d/libselinux.conf
InstallPythonWrapper %{__python} InstallPythonWrapper %{__python}
%if 0%{?with_python3} %if 0%{?with_python3}
@ -193,7 +192,7 @@ rm -rf %{buildroot}
%{_libdir}/libselinux.so.* %{_libdir}/libselinux.so.*
/var/run/setrans /var/run/setrans
%{_sbindir}/sefcontext_compile %{_sbindir}/sefcontext_compile
/usr/lib/tmpfiles.d/libselinux.conf %{_prefix}/lib/tmpfiles.d/libselinux.conf
%files utils %files utils
%defattr(-,root,root,-) %defattr(-,root,root,-)
@ -241,6 +240,12 @@ rm -rf %{buildroot}
%{ruby_sitearch}/selinux.so %{ruby_sitearch}/selinux.so
%changelog %changelog
* Fri Jun 28 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-16
- Add sefcontext_compile.8 man page
- Add Russell Coker patch to fix man pages
- Add patches from Laurent Bigonville to fix Makefiles for debian.
- modify spec file to use %{_prefix}/lib
* Mon May 6 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-15 * Mon May 6 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-15
- Fix patch that Handles substitutions for / - Fix patch that Handles substitutions for /
@ -763,7 +768,7 @@ pthread_key_delete, and is ignored.
- add python3 subpackage from David Malcolm - add python3 subpackage from David Malcolm
* Wed Mar 24 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.94-1 * Wed Mar 24 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.94-1
* Set errno=EINVAL for invalid contexts from Dan Walsh. * Set errno=EINVAL for invalid contexts from Dan Walsh.
* Tue Mar 16 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.93-1 * Tue Mar 16 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.93-1
- Update to upstream - Update to upstream
@ -1241,8 +1246,8 @@ pthread_key_delete, and is ignored.
* Fri Jun 1 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.18-1 * Fri Jun 1 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.18-1
- Upgrade to upstream - Upgrade to upstream
* Merged patch to reduce size of libselinux and remove need for libsepol for embedded systems from Yuichi Nakamura. - Merged patch to reduce size of libselinux and remove need for libsepol for embedded systems from Yuichi Nakamura.
This patch also turns the link-time dependency on libsepol into a runtime (dlopen) dependency even in the non-embedded case. This patch also turns the link-time dependency on libsepol into a runtime (dlopen) dependency even in the non-embedded case.
2.0.17 2007-05-31 2.0.17 2007-05-31
* Updated Lindent script and reindented two header files. * Updated Lindent script and reindented two header files.
@ -1290,9 +1295,9 @@ pthread_key_delete, and is ignored.
- Add stdint.h to avc.h - Add stdint.h to avc.h
* Mon Mar 12 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.7-1 * Mon Mar 12 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.7-1
* Merged patch to drop support for CACHETRANS=0 config option from Steve Grubb. - Merged patch to drop support for CACHETRANS=0 config option from Steve Grubb.
* Merged patch to drop support for old /etc/sysconfig/selinux and - Merged patch to drop support for old /etc/sysconfig/selinux and
/etc/security policy file layout from Steve Grubb. - /etc/security policy file layout from Steve Grubb.
* Thu Mar 8 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.5-2 * Thu Mar 8 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.5-2
- Do not fail on permission denied in getsebool - Do not fail on permission denied in getsebool
@ -1312,13 +1317,13 @@ pthread_key_delete, and is ignored.
* Sun Feb 18 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.1-1 * Sun Feb 18 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.1-1
- Upgrade to upstream - Upgrade to upstream
* Merged patch from Todd Miller to convert int types over to C99 style. * Merged patch from Todd Miller to convert int types over to C99 style.
* Wed Feb 7 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.0-1 * Wed Feb 7 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.0-1
* Merged patch from Todd Miller to remove sscanf in matchpathcon.c because - Merged patch from Todd Miller to remove sscanf in matchpathcon.c because
of the use of the non-standard format (original patch changed of the use of the non-standard format (original patch changed
for style). for style).
* Merged patch from Todd Miller to fix memory leak in matchpathcon.c. - Merged patch from Todd Miller to fix memory leak in matchpathcon.c.
* Fri Jan 19 2007 Dan Walsh <dwalsh@redhat.com> - 1.34.0-2 * Fri Jan 19 2007 Dan Walsh <dwalsh@redhat.com> - 1.34.0-2
- Add context function to python to split context into 4 parts - Add context function to python to split context into 4 parts
@ -1499,8 +1504,8 @@ Resolves: #200110
- Check for selinux_mnt == NULL - Check for selinux_mnt == NULL
* Tue May 30 2006 Dan Walsh <dwalsh@redhat.com> 1.30.11-1 * Tue May 30 2006 Dan Walsh <dwalsh@redhat.com> 1.30.11-1
* Merged matchmediacon and trans_to_raw_context fixes from - Merged matchmediacon and trans_to_raw_context fixes from
Serge Hallyn. Serge Hallyn.
* Fri May 26 2006 Dan Walsh <dwalsh@redhat.com> 1.30.10-4 * Fri May 26 2006 Dan Walsh <dwalsh@redhat.com> 1.30.10-4
- Remove getseuser - Remove getseuser
@ -1569,7 +1574,7 @@ Resolves: #200110
- Fix booleans man page - Fix booleans man page
* Mon Mar 27 2006 Dan Walsh <dwalsh@redhat.com> 1.30.1-1 * Mon Mar 27 2006 Dan Walsh <dwalsh@redhat.com> 1.30.1-1
* Merged Makefile PYLIBVER definition patch from Dan Walsh. - Merged Makefile PYLIBVER definition patch from Dan Walsh.
* Fri Mar 10 2006 Dan Walsh <dwalsh@redhat.com> 1.30-1 * Fri Mar 10 2006 Dan Walsh <dwalsh@redhat.com> 1.30-1
- Make some fixes so it will build on RHEL4 - Make some fixes so it will build on RHEL4
@ -1847,8 +1852,8 @@ Resolves: #200110
- Allow set_comp on unset ranges - Allow set_comp on unset ranges
* Wed Aug 24 2005 Dan Walsh <dwalsh@redhat.com> 1.25.3-1 * Wed Aug 24 2005 Dan Walsh <dwalsh@redhat.com> 1.25.3-1
* Merged context translation patch, originally by TCS, - Merged context translation patch, originally by TCS,
with modifications by Dan Walsh (Red Hat). with modifications by Dan Walsh (Red Hat).
* Wed Aug 17 2005 Dan Walsh <dwalsh@redhat.com> 1.25.2-2 * Wed Aug 17 2005 Dan Walsh <dwalsh@redhat.com> 1.25.2-2
- Apply translation patch - Apply translation patch