- Update from NSA
Merged set_selinuxmnt patch from Bill Nottingham (Red Hat).
Rewrote get_ordered_context_list and helpers, including changing logic to
    allow variable MLS fields.
			
			
This commit is contained in:
		
							parent
							
								
									3127b94941
								
							
						
					
					
						commit
						d3be4d7a20
					
				| @ -35,3 +35,4 @@ libselinux-1.23.5.tgz | ||||
| libselinux-1.23.6.tgz | ||||
| libselinux-1.23.7.tgz | ||||
| libselinux-1.23.8.tgz | ||||
| libselinux-1.23.10.tgz | ||||
|  | ||||
| @ -1,95 +1,33 @@ | ||||
| --- /dev/null	2005-04-20 05:34:52.522685192 -0400
 | ||||
| +++ libselinux-1.23.7/man/man3/selinux_policy_root.3	2005-04-21 09:54:24.000000000 -0400
 | ||||
| @@ -0,0 +1,17 @@
 | ||||
| +.TH "selinux_policy_root" "3" "25 May 2004" "dwalsh@redhat.com" "SE Linux API documentation"
 | ||||
| +.SH "NAME"
 | ||||
| +selinux_policy_root \- return the path of the SELinux policy files for this machine.
 | ||||
| +.SH "SYNOPSIS"
 | ||||
| +.B #include <selinux/selinux.h>
 | ||||
| +.sp
 | ||||
| +.B char *selinux_policy_root();
 | ||||
| +.br
 | ||||
| +
 | ||||
| +.SH "DESCRIPTION"
 | ||||
| +.B selinux_policy_root
 | ||||
| +Reads the contents of the /etc/selinux/config file to determine which policy files should be used for this machine.
 | ||||
| +.SH "RETURN VALUE"
 | ||||
| +On success, returns a directory path containing the SELinux policy files.
 | ||||
| +On failure, NULL is returned.
 | ||||
| +
 | ||||
| +
 | ||||
| --- libselinux-1.23.7/man/man8/matchpathcon.8.rhat	2005-04-21 10:05:45.000000000 -0400
 | ||||
| +++ libselinux-1.23.7/man/man8/matchpathcon.8	2005-04-21 10:12:24.000000000 -0400
 | ||||
| @@ -0,0 +1,20 @@
 | ||||
| +.TH "matchpathcon" "8" "21 April 2005" "dwalsh@redhat.com" "SE Linux Command Line documentation"
 | ||||
| +.SH "NAME"
 | ||||
| +matchpathcon \- get the default security context for the specified path from the file contexts configuration.
 | ||||
| +
 | ||||
| +.SH "SYNOPSIS"
 | ||||
| +.B matchpathcon [-n] filepath...
 | ||||
| +
 | ||||
| +.SH "DESCRIPTION"
 | ||||
| +.B matchpathcon
 | ||||
| +Prints the file path and the default security context associated with it.
 | ||||
| +.br
 | ||||
| +If the -n option is given, do not display path.
 | ||||
| +
 | ||||
| +.SH AUTHOR	
 | ||||
| +This manual page was written by Dan Walsh <dwalsh@redhat.com>.
 | ||||
| +.br
 | ||||
| +The program was written by NSA
 | ||||
| +
 | ||||
| +.SH "SEE ALSO"
 | ||||
| +.BR mathpathcon "(3), " 
 | ||||
| --- libselinux-1.23.7/utils/matchpathcon.c.rhat	2005-04-13 11:34:19.000000000 -0400
 | ||||
| +++ libselinux-1.23.7/utils/matchpathcon.c	2005-04-21 10:02:04.000000000 -0400
 | ||||
| @@ -1,25 +1,43 @@
 | ||||
|  #include <unistd.h> | ||||
|  #include <stdio.h> | ||||
|  #include <stdlib.h> | ||||
| +#include <getopt.h>
 | ||||
|  #include <selinux/selinux.h> | ||||
| diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinux.8 libselinux-1.23.10/man/man8/selinux.8
 | ||||
| --- nsalibselinux/man/man8/selinux.8	2004-11-02 14:26:19.000000000 -0500
 | ||||
| +++ libselinux-1.23.10/man/man8/selinux.8	2005-04-29 14:58:05.000000000 -0400
 | ||||
| @@ -1,4 +1,4 @@
 | ||||
| -.TH  "selinux"  "8"  "11 Aug 2004" "dwalsh@redhat.com" "SELinux Command Line documentation"
 | ||||
| +.TH  "selinux"  "8"  "29 Apr 2005" "dwalsh@redhat.com" "SELinux Command Line documentation"
 | ||||
|   | ||||
| +void usage(const char *progname) 
 | ||||
| +{
 | ||||
| +	fprintf(stderr, "usage:  %s [-n] path...\n", progname);
 | ||||
| +	exit(1);
 | ||||
| +}
 | ||||
| +
 | ||||
|  int main(int argc, char **argv)  | ||||
|  { | ||||
|  	char *buf; | ||||
|  	int rc, i; | ||||
| +	int header=1, opt;
 | ||||
|  .SH "NAME" | ||||
|  selinux \- NSA Security-Enhanced Linux (SELinux) | ||||
| @@ -62,11 +62,22 @@
 | ||||
|  .B system-config-securitylevel | ||||
|  allows customization of these booleans and tunables. | ||||
|   | ||||
| -	if (argc < 2) {
 | ||||
| -		fprintf(stderr, "usage:  %s path...\n", argv[0]);
 | ||||
| -		return 1;
 | ||||
| -	}
 | ||||
| +	if (argc < 2) usage(argv[0]);
 | ||||
|   | ||||
| -	for (i = 1; i < argc; i++) {
 | ||||
| +	while ((opt = getopt(argc, argv, "n")) > 0) {
 | ||||
| +		switch (opt) {
 | ||||
| +		case 'n':
 | ||||
| +			header=0;
 | ||||
| +			break;
 | ||||
| +		default:
 | ||||
| +			usage(argv[0]);
 | ||||
| +		}
 | ||||
| +	}
 | ||||
| +	for (i = optind; i < argc; i++) {
 | ||||
|  		rc = matchpathcon(argv[i], 0, &buf); | ||||
|  		if (rc < 0) { | ||||
|  			fprintf(stderr, "%s:  matchpathcon(%s) failed\n", argv[0], argv[i]); | ||||
|  			return 2; | ||||
|  		} | ||||
| -		printf("%s\t%s\n", argv[i], buf);
 | ||||
| +		if (header)
 | ||||
| +			printf("%s\t%s\n", argv[i], buf);
 | ||||
| +		else
 | ||||
| +			printf("%s\n", buf);
 | ||||
| +.br
 | ||||
| +Many domains that are protected by SELinux also include selinux man pages explainging how to customize their policy.  
 | ||||
| +
 | ||||
|  		freecon(buf); | ||||
|  	} | ||||
|  	return 0; | ||||
| +.SH FILE LABELING
 | ||||
| +
 | ||||
| +All files, directories, devices ... have a security context/label associated with them.  These context are stored in the extended attributes of the file system.
 | ||||
| +Problems with SELinux often arise from the file system being mislabeled. This can be caused by booting the machine with a non selinux kernel.  If you see an error message containing file_t, that is usually a good indicator that you have a serious problem with file system labeling.  
 | ||||
| +.br 
 | ||||
| +The best way to relabel the file system is to create the flag file /.autorelabel and reboot.  system-config-securitylevel, also has this capability.  The restorcon/fixfiles commands are also available for relabeling files. 
 | ||||
| +  
 | ||||
|  .SH AUTHOR	 | ||||
|  This manual page was written by Dan Walsh <dwalsh@redhat.com>. | ||||
|   | ||||
|  .SH "SEE ALSO" | ||||
| -booleans(8), setsebool(8), selinuxenabled(8), togglesebool(8)
 | ||||
| +booleans(8), setsebool(8), selinuxenabled(8), togglesebool(8), restorecon(8), setfiles(8), ftpd_selinux(8), named_selinux(8), rsync_selinux(8), httpd_selinux(8), nfs_selinux(8), samba_selinux(8), kerberos_selinux(8), nis_selinux(8), ypbind_selinux(8)
 | ||||
| +
 | ||||
|   | ||||
|  .SH FILES | ||||
|  /etc/selinux/config | ||||
|  | ||||
| @ -5,6 +5,7 @@ Release: 1 | ||||
| License: Public domain (uncopyrighted) | ||||
| Group: System Environment/Libraries | ||||
| Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz | ||||
| Patch: libselinux-rhat.patch | ||||
| 
 | ||||
| BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot | ||||
| 
 | ||||
| @ -34,6 +35,7 @@ needed for developing SELinux applications. | ||||
| 
 | ||||
| %prep | ||||
| %setup -q | ||||
| %patch -p1 -b .rhat | ||||
| 
 | ||||
| %build | ||||
| make CFLAGS="-g %{optflags}" | ||||
|  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user