71 lines
3.2 KiB
Diff
71 lines
3.2 KiB
Diff
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinux.8 libselinux-1.23.10/man/man8/selinux.8
|
|
--- nsalibselinux/man/man8/selinux.8 2004-11-02 14:26:19.000000000 -0500
|
|
+++ libselinux-1.23.10/man/man8/selinux.8 2005-05-11 10:34:11.000000000 -0400
|
|
@@ -1,4 +1,4 @@
|
|
-.TH "selinux" "8" "11 Aug 2004" "dwalsh@redhat.com" "SELinux Command Line documentation"
|
|
+.TH "selinux" "8" "29 Apr 2005" "dwalsh@redhat.com" "SELinux Command Line documentation"
|
|
|
|
.SH "NAME"
|
|
selinux \- NSA Security-Enhanced Linux (SELinux)
|
|
@@ -62,11 +62,22 @@
|
|
.B system-config-securitylevel
|
|
allows customization of these booleans and tunables.
|
|
|
|
+.br
|
|
+Many domains that are protected by SELinux also include selinux man pages explainging how to customize their policy.
|
|
+
|
|
+.SH FILE LABELING
|
|
+
|
|
+All files, directories, devices ... have a security context/label associated with them. These context are stored in the extended attributes of the file system.
|
|
+Problems with SELinux often arise from the file system being mislabeled. This can be caused by booting the machine with a non selinux kernel. If you see an error message containing file_t, that is usually a good indicator that you have a serious problem with file system labeling.
|
|
+.br
|
|
+The best way to relabel the file system is to create the flag file /.autorelabel and reboot. system-config-securitylevel, also has this capability. The restorcon/fixfiles commands are also available for relabeling files.
|
|
+
|
|
.SH AUTHOR
|
|
This manual page was written by Dan Walsh <dwalsh@redhat.com>.
|
|
|
|
.SH "SEE ALSO"
|
|
-booleans(8), setsebool(8), selinuxenabled(8), togglesebool(8)
|
|
+booleans(8), setsebool(8), selinuxenabled(8), togglesebool(8), restorecon(8), setfiles(8), ftpd_selinux(8), named_selinux(8), rsync_selinux(8), httpd_selinux(8), nfs_selinux(8), samba_selinux(8), kerberos_selinux(8), nis_selinux(8), ypbind_selinux(8)
|
|
+
|
|
|
|
.SH FILES
|
|
/etc/selinux/config
|
|
Binary files nsalibselinux/utils/avcstat and libselinux-1.23.10/utils/avcstat differ
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/utils/avcstat.c libselinux-1.23.10/utils/avcstat.c
|
|
--- nsalibselinux/utils/avcstat.c 2005-05-11 10:42:09.000000000 -0400
|
|
+++ libselinux-1.23.10/utils/avcstat.c 2005-05-11 10:45:11.000000000 -0400
|
|
@@ -90,12 +90,17 @@
|
|
|
|
int main(int argc, char **argv)
|
|
{
|
|
+ struct avc_cache_stats tot, rel, last;
|
|
int fd, i, cumulative = 0;
|
|
struct sigaction sa;
|
|
char avcstatfile[PATH_MAX];
|
|
snprintf(avcstatfile, sizeof avcstatfile, "%s%s", selinux_mnt, DEF_STAT_FILE);
|
|
progname = basename(argv[0]);
|
|
|
|
+ memset(&last, 0, sizeof(last));
|
|
+ memset(&tot, 0, sizeof(tot));
|
|
+ memset(&rel, 0, sizeof(rel));
|
|
+
|
|
while((i = getopt(argc, argv, "cf:h?-")) != -1) {
|
|
switch (i) {
|
|
case 'c':
|
|
@@ -141,11 +146,9 @@
|
|
if (fd < 0)
|
|
die("open: \'%s\'", avcstatfile);
|
|
|
|
- memset(&last, 0, sizeof(last));
|
|
for (i = 0;; i++) {
|
|
char *line;
|
|
ssize_t ret, parsed = 0;
|
|
- struct avc_cache_stats tot, rel, last;
|
|
|
|
memset(buf, 0, DEF_BUF_SIZE);
|
|
ret = read(fd, buf, DEF_BUF_SIZE);
|
|
Binary files nsalibselinux/utils/compute_av and libselinux-1.23.10/utils/compute_av differ
|
|
Binary files nsalibselinux/utils/compute_create and libselinux-1.23.10/utils/compute_create differ
|
|
Binary files nsalibselinux/utils/compute_member and libselinux-1.23.10/utils/compute_member differ
|