- Update from NSA

Merged set_selinuxmnt patch from Bill Nottingham (Red Hat). Rewrote get_ordered_context_list and helpers, including changing logic to allow variable MLS fields.
2005-04-29 19:01:28 +00:00 · 2005-04-29 19:01:28 +00:00 · d3be4d7a20
commit d3be4d7a20
parent 3127b94941
4 changed files with 34 additions and 93 deletions
--- a/.cvsignore
+++ b/.cvsignore
@ -35,3 +35,4 @@ libselinux-1.23.5.tgz
 libselinux-1.23.6.tgz
 libselinux-1.23.7.tgz
 libselinux-1.23.8.tgz
+libselinux-1.23.10.tgz
--- a/libselinux-rhat.patch
+++ b/libselinux-rhat.patch
@ -1,95 +1,33 @@
--- /dev/null	2005-04-20 05:34:52.522685192 -0400
-+++ libselinux-1.23.7/man/man3/selinux_policy_root.3	2005-04-21 09:54:24.000000000 -0400
-@@ -0,0 +1,17 @@
-+.TH "selinux_policy_root" "3" "25 May 2004" "dwalsh@redhat.com" "SE Linux API documentation"
-+.SH "NAME"
-+selinux_policy_root \- return the path of the SELinux policy files for this machine.
-+.SH "SYNOPSIS"
-+.B #include <selinux/selinux.h>
-+.sp
-+.B char *selinux_policy_root();
-+.br
-+
-+.SH "DESCRIPTION"
-+.B selinux_policy_root
-+Reads the contents of the /etc/selinux/config file to determine which policy files should be used for this machine.
-+.SH "RETURN VALUE"
-+On success, returns a directory path containing the SELinux policy files.
-+On failure, NULL is returned.
-+
-+
--- libselinux-1.23.7/man/man8/matchpathcon.8.rhat	2005-04-21 10:05:45.000000000 -0400
-+++ libselinux-1.23.7/man/man8/matchpathcon.8	2005-04-21 10:12:24.000000000 -0400
-@@ -0,0 +1,20 @@
-+.TH "matchpathcon" "8" "21 April 2005" "dwalsh@redhat.com" "SE Linux Command Line documentation"
-+.SH "NAME"
-+matchpathcon \- get the default security context for the specified path from the file contexts configuration.
-+
-+.SH "SYNOPSIS"
-+.B matchpathcon [-n] filepath...
-+
-+.SH "DESCRIPTION"
-+.B matchpathcon
-+Prints the file path and the default security context associated with it.
-+.br
-+If the -n option is given, do not display path.
-+
-+.SH AUTHOR	
-+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
-+.br
-+The program was written by NSA
-+
-+.SH "SEE ALSO"
-+.BR mathpathcon "(3), " 
--- libselinux-1.23.7/utils/matchpathcon.c.rhat	2005-04-13 11:34:19.000000000 -0400
-+++ libselinux-1.23.7/utils/matchpathcon.c	2005-04-21 10:02:04.000000000 -0400
-@@ -1,25 +1,43 @@
- #include <unistd.h>
- #include <stdio.h>
- #include <stdlib.h>
-+#include <getopt.h>
- #include <selinux/selinux.h>
+diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinux.8 libselinux-1.23.10/man/man8/selinux.8
+--- nsalibselinux/man/man8/selinux.8	2004-11-02 14:26:19.000000000 -0500
+++ libselinux-1.23.10/man/man8/selinux.8	2005-04-29 14:58:05.000000000 -0400
+@@ -1,4 +1,4 @@
+-.TH  "selinux"  "8"  "11 Aug 2004" "dwalsh@redhat.com" "SELinux Command Line documentation"
+.TH  "selinux"  "8"  "29 Apr 2005" "dwalsh@redhat.com" "SELinux Command Line documentation"
 
-+void usage(const char *progname) 
-+{
-+	fprintf(stderr, "usage:  %s [-n] path...\n", progname);
-+	exit(1);
-+}
-+
- int main(int argc, char **argv) 
- {
- 	char *buf;
- 	int rc, i;
-+	int header=1, opt;
+ .SH "NAME"
+ selinux \- NSA Security-Enhanced Linux (SELinux)
+@@ -62,11 +62,22 @@
+ .B system-config-securitylevel
+ allows customization of these booleans and tunables.
 
-	if (argc < 2) {
-		fprintf(stderr, "usage:  %s path...\n", argv[0]);
-		return 1;
-	}
-+	if (argc < 2) usage(argv[0]);
- 
-	for (i = 1; i < argc; i++) {
-+	while ((opt = getopt(argc, argv, "n")) > 0) {
-+		switch (opt) {
-+		case 'n':
-+			header=0;
-+			break;
-+		default:
-+			usage(argv[0]);
-+		}
-+	}
-+	for (i = optind; i < argc; i++) {
- 		rc = matchpathcon(argv[i], 0, &buf);
- 		if (rc < 0) {
- 			fprintf(stderr, "%s:  matchpathcon(%s) failed\n", argv[0], argv[i]);
- 			return 2;
- 		}
-		printf("%s\t%s\n", argv[i], buf);
-+		if (header)
-+			printf("%s\t%s\n", argv[i], buf);
-+		else
-+			printf("%s\n", buf);
+.br
+Many domains that are protected by SELinux also include selinux man pages explainging how to customize their policy.  
 +
- 		freecon(buf);
- 	}
- 	return 0;
+.SH FILE LABELING
+
+All files, directories, devices ... have a security context/label associated with them.  These context are stored in the extended attributes of the file system.
+Problems with SELinux often arise from the file system being mislabeled. This can be caused by booting the machine with a non selinux kernel.  If you see an error message containing file_t, that is usually a good indicator that you have a serious problem with file system labeling.  
+.br 
+The best way to relabel the file system is to create the flag file /.autorelabel and reboot.  system-config-securitylevel, also has this capability.  The restorcon/fixfiles commands are also available for relabeling files. 
+  
+ .SH AUTHOR	
+ This manual page was written by Dan Walsh <dwalsh@redhat.com>.
+ 
+ .SH "SEE ALSO"
+-booleans(8), setsebool(8), selinuxenabled(8), togglesebool(8)
+booleans(8), setsebool(8), selinuxenabled(8), togglesebool(8), restorecon(8), setfiles(8), ftpd_selinux(8), named_selinux(8), rsync_selinux(8), httpd_selinux(8), nfs_selinux(8), samba_selinux(8), kerberos_selinux(8), nis_selinux(8), ypbind_selinux(8)
+
+ 
+ .SH FILES
+ /etc/selinux/config
--- a/libselinux.spec
+++ b/libselinux.spec
@ -5,6 +5,7 @@ Release: 1
 License: Public domain (uncopyrighted)
 Group: System Environment/Libraries
 Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
+Patch: libselinux-rhat.patch

 BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot

@ -34,6 +35,7 @@ needed for developing SELinux applications.

 %prep
 %setup -q
+%patch -p1 -b .rhat

 %build
 make CFLAGS="-g %{optflags}"
--- a/2
+++ b/2
@ -1 +1 @@
-df37eb28e2ff559f399ce77ccbf64aa1  libselinux-1.23.8.tgz
+42f1e94a07c52e0c2bf685bacba42e39  libselinux-1.23.10.tgz