671 lines
20 KiB
Diff
671 lines
20 KiB
Diff
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-1.27.31/audit2allow/audit2allow
|
|
--- nsapolicycoreutils/audit2allow/audit2allow 2005-11-29 13:43:42.000000000 -0500
|
|
+++ policycoreutils-1.27.31/audit2allow/audit2allow 2005-11-30 14:51:35.000000000 -0500
|
|
@@ -25,8 +25,9 @@
|
|
#
|
|
#
|
|
import commands, sys, os, pwd, string, getopt, re, selinux
|
|
-class allow:
|
|
- def __init__(self, source, target, seclass):
|
|
+class serule:
|
|
+ def __init__(self, type, source, target, seclass):
|
|
+ self.type=type
|
|
self.source=source
|
|
self.target=target
|
|
self.seclass=seclass
|
|
@@ -52,7 +53,7 @@
|
|
return ret
|
|
def out(self, verbose=0):
|
|
ret=""
|
|
- ret=ret+"allow %s %s:%s %s;" % (self.source, self.gettarget(), self.seclass, self.getAccess())
|
|
+ ret=ret+"%s %s %s:%s %s;" % (self.type, self.source, self.gettarget(), self.seclass, self.getAccess())
|
|
if verbose:
|
|
keys=self.avcinfo.keys()
|
|
keys.sort()
|
|
@@ -72,38 +73,104 @@
|
|
else:
|
|
return self.target
|
|
|
|
-class allowRecords:
|
|
- def __init__(self, input, last_reload=0, verbose=0):
|
|
+class seruleRecords:
|
|
+ def __init__(self, input, last_reload=0, verbose=0, te_ind=0):
|
|
self.last_reload=last_reload
|
|
- self.allowRules={}
|
|
+ self.seRules={}
|
|
self.seclasses={}
|
|
self.types=[]
|
|
self.roles=[]
|
|
- self.load(input)
|
|
+ self.load(input, te_ind)
|
|
|
|
def warning(self, error):
|
|
sys.stderr.write("%s: " % sys.argv[0])
|
|
sys.stderr.write("%s\n" % error)
|
|
sys.stderr.flush()
|
|
|
|
- def load(self, input):
|
|
+ def load(self, input, te_ind=0):
|
|
+ VALID_CMDS=("allow", "dontaudit", "auditallow", "role")
|
|
+
|
|
avc=[]
|
|
found=0
|
|
line = input.readline()
|
|
- while line:
|
|
- rec=line.split()
|
|
- for i in rec:
|
|
- if i=="avc:" or i=="message=avc:":
|
|
- found=1
|
|
- else:
|
|
- avc.append(i)
|
|
- if found:
|
|
- self.add(avc)
|
|
- found=0
|
|
- avc=[]
|
|
- line = input.readline()
|
|
+ if te_ind:
|
|
+ while line:
|
|
+ rec=line.split()
|
|
+ if len(rec) and rec[0] in VALID_CMDS:
|
|
+ self.add_terule(line)
|
|
+ line = input.readline()
|
|
+
|
|
+ else:
|
|
+ while line:
|
|
+ rec=line.split()
|
|
+ for i in rec:
|
|
+ if i=="avc:" or i=="message=avc:":
|
|
+ found=1
|
|
+ else:
|
|
+ avc.append(i)
|
|
+ if found:
|
|
+ self.add(avc)
|
|
+ found=0
|
|
+ avc=[]
|
|
+ line = input.readline()
|
|
|
|
|
|
+ def get_target(self, i, rule):
|
|
+ target=[]
|
|
+ if rule[i][0] == "{":
|
|
+ for t in rule[i].split("{"):
|
|
+ if len(t):
|
|
+ target.append(t)
|
|
+ i=i+1
|
|
+ for s in rule[i:]:
|
|
+ if s.find("}") >= 0:
|
|
+ for s1 in s.split("}"):
|
|
+ if len(s1):
|
|
+ target.append(s1)
|
|
+ i=i+1
|
|
+ return (i, target)
|
|
+
|
|
+ target.append(s)
|
|
+ i=i+1
|
|
+ else:
|
|
+ if rule[i].find(";") >= 0:
|
|
+ for s1 in rule[i].split(";"):
|
|
+ if len(s1):
|
|
+ target.append(s1)
|
|
+ else:
|
|
+ target.append(rule[i])
|
|
+
|
|
+ i=i+1
|
|
+ return (i, target)
|
|
+
|
|
+ def rules_split(self, rules):
|
|
+ (idx, target ) = self.get_target(0, rules)
|
|
+ (idx, subject) = self.get_target(idx, rules)
|
|
+ return (target, subject)
|
|
+
|
|
+ def add_terule(self, rule):
|
|
+ rc = rule.split(":")
|
|
+ rules=rc[0].split()
|
|
+ type=rules[0]
|
|
+ if type == "role":
|
|
+ print type
|
|
+ (sources, targets) = self.rules_split(rules[1:])
|
|
+ rules=rc[1].split()
|
|
+ (seclasses, access) = self.rules_split(rules)
|
|
+ for scon in sources:
|
|
+ for tcon in targets:
|
|
+ for seclass in seclasses:
|
|
+ self.add_rule(type, scon, tcon, seclass,access)
|
|
+
|
|
+ def add_rule(self, rule_type, scon, tcon, seclass, access, msg="", comm="", name=""):
|
|
+ self.add_seclass(seclass, access)
|
|
+ self.add_type(tcon)
|
|
+ self.add_type(scon)
|
|
+ if (type, scon, tcon, seclass) not in self.seRules.keys():
|
|
+ self.seRules[(rule_type, scon, tcon, seclass)]=serule(rule_type, scon, tcon, seclass)
|
|
+
|
|
+ self.seRules[(rule_type, scon, tcon, seclass)].add((access, msg, comm, name ))
|
|
+
|
|
def add(self,avc):
|
|
scon=""
|
|
tcon=""
|
|
@@ -117,7 +184,7 @@
|
|
|
|
if "granted" in avc:
|
|
if "load_policy" in avc and self.last_reload:
|
|
- self.allowRules={}
|
|
+ self.seRules={}
|
|
return
|
|
try:
|
|
for i in range (0, len(avc)):
|
|
@@ -160,16 +227,9 @@
|
|
self.warning("Bad AVC Line: %s" % avc)
|
|
return
|
|
|
|
- self.add_seclass(seclass, access)
|
|
- self.add_type(tcon)
|
|
- self.add_type(scon)
|
|
self.add_role(srole)
|
|
self.add_role(trole)
|
|
-
|
|
- if (scon, tcon, seclass) not in self.allowRules.keys():
|
|
- self.allowRules[(scon, tcon, seclass)]=allow(scon, tcon, seclass)
|
|
-
|
|
- self.allowRules[(scon, tcon, seclass)].add((access, msg, comm, name ))
|
|
+ self.add_rule("allow", scon, tcon, seclass, access, msg, comm, name)
|
|
|
|
def add_seclass(self,seclass, access):
|
|
if seclass not in self.seclasses.keys():
|
|
@@ -195,17 +255,23 @@
|
|
keys=self.seclasses.keys()
|
|
keys.sort()
|
|
rec="\n\nrequire {\n"
|
|
- for i in self.roles:
|
|
- rec += "\trole %s; \n" % i
|
|
- rec += "\n\n"
|
|
+ if len(self.roles) > 0:
|
|
+ for i in self.roles:
|
|
+ rec += "\trole %s; \n" % i
|
|
+ rec += "\n"
|
|
+
|
|
for i in keys:
|
|
access=self.seclasses[i]
|
|
- access.sort()
|
|
- rec += "\tclass %s { " % i
|
|
- for a in access:
|
|
- rec += " %s" % a
|
|
- rec += " }; \n"
|
|
- rec += "\n\n"
|
|
+ if len(access) > 1:
|
|
+ access.sort()
|
|
+ rec += "\tclass %s {" % i
|
|
+ for a in access:
|
|
+ rec += " %s" % a
|
|
+ rec += " }; \n"
|
|
+ else:
|
|
+ rec += "\tclass %s %s;\n" % (i, access[0])
|
|
+
|
|
+ rec += "\n"
|
|
|
|
for i in self.types:
|
|
rec += "\ttype %s; \n" % i
|
|
@@ -214,17 +280,19 @@
|
|
|
|
def out(self, require=0, module=""):
|
|
rec=""
|
|
- if len(self.allowRules.keys())==0:
|
|
+ if len(self.seRules.keys())==0:
|
|
raise(ValueError("No AVC messages found."))
|
|
- if module!="":
|
|
+ if module != "":
|
|
rec += self.gen_module(module)
|
|
rec += self.gen_requires()
|
|
else:
|
|
if requires:
|
|
rec+=self.gen_requires()
|
|
-
|
|
- for i in self.allowRules.keys():
|
|
- rec += self.allowRules[i].out(verbose)+"\n"
|
|
+
|
|
+ keys=self.seRules.keys()
|
|
+ keys.sort()
|
|
+ for i in keys:
|
|
+ rec += self.seRules[i].out(verbose)+"\n"
|
|
return rec
|
|
|
|
if __name__ == '__main__':
|
|
@@ -235,8 +303,8 @@
|
|
else:
|
|
return ""
|
|
|
|
- def usage():
|
|
- print 'audit2allow [-adhilrv] [-i <inputfile> ] [[-m|-M] <modulename> ] [-o <outputfile>]\n\
|
|
+ def usage(msg=""):
|
|
+ print 'audit2allow [-adhilrv] [-t file ] [ -f fcfile ] [-i <inputfile> ] [[-m|-M] <modulename> ] [-o <outputfile>]\n\
|
|
-a, --all read input from audit and message log, conflicts with -i\n\
|
|
-d, --dmesg read input from output of /bin/dmesg\n\
|
|
-h, --help display this message\n\
|
|
@@ -246,8 +314,12 @@
|
|
-M generate loadable module package, conflicts with -o\n\
|
|
-o, --output append output to <outputfile>, conflicts with -M\n\
|
|
-r, --requires generate require output \n\
|
|
+ -t, --tefile Indicates input is Existing Type Enforcement file\n\
|
|
+ -f, --fcfile Existing Type Enforcement file, requires -M\n\
|
|
-v, --verbose verbose output\n\
|
|
'
|
|
+ if msg != "":
|
|
+ print msg
|
|
sys.exit(1)
|
|
|
|
def errorExit(error):
|
|
@@ -270,41 +342,50 @@
|
|
buildPP=0
|
|
input_ind=0
|
|
output_ind=0
|
|
+ te_ind=0
|
|
+
|
|
+ fc_file=""
|
|
gopts, cmds = getopt.getopt(sys.argv[1:],
|
|
- 'adhi:lm:M:o:rv',
|
|
+ 'adf:hi:lm:M:o:rtv',
|
|
['all',
|
|
'dmesg',
|
|
+ 'fcfile=',
|
|
'help',
|
|
'input=',
|
|
'lastreload',
|
|
'module=',
|
|
'output=',
|
|
'requires'
|
|
+ 'tefile',
|
|
'verbose'
|
|
])
|
|
for o,a in gopts:
|
|
if o == "-a" or o == "--all":
|
|
- if input_ind:
|
|
+ if input_ind or te_ind:
|
|
usage()
|
|
input=open("/var/log/messages", "r")
|
|
auditlogs=1
|
|
if o == "-d" or o == "--dmesg":
|
|
input=os.popen("/bin/dmesg", "r")
|
|
+ if o == "-f" or o == "--fcfile":
|
|
+ if a[0]=="-":
|
|
+ usage()
|
|
+ fc_file=a
|
|
if o == "-h" or o == "--help":
|
|
usage()
|
|
if o == "-i"or o == "--input":
|
|
- if auditlogs:
|
|
+ if auditlogs or a[0]=="-":
|
|
usage()
|
|
input_ind=1
|
|
input=open(a, "r")
|
|
if o == '--lastreload' or o == "-l":
|
|
last_reload=1
|
|
if o == "-m" or o == "--module":
|
|
- if module != "":
|
|
+ if module != "" or a[0]=="-":
|
|
usage()
|
|
module=a
|
|
if o == "-M":
|
|
- if module != "" or output_ind:
|
|
+ if module != "" or output_ind or a[0]=="-":
|
|
usage()
|
|
module=a
|
|
outfile=a+".te"
|
|
@@ -312,19 +393,30 @@
|
|
output=open(outfile, "w")
|
|
if o == "-r" or o == "--requires":
|
|
requires=1
|
|
+ if o == "-t" or o == "--tefile":
|
|
+ if auditlogs:
|
|
+ usage()
|
|
+ te_ind=1
|
|
if o == "-o" or o == "--output":
|
|
- if module != "":
|
|
+ if module != "" or a[0]=="-":
|
|
usage()
|
|
output=open(a, "a")
|
|
output_ind=1
|
|
if o == "-v" or o == "--verbose":
|
|
verbose=1
|
|
- if len(cmds) != 0:
|
|
- usage()
|
|
- out=allowRecords(input, last_reload, verbose)
|
|
+
|
|
+ if len(cmds) != 0:
|
|
+ usage()
|
|
+
|
|
+ if fc_file != "" and not buildPP:
|
|
+ usage("Error %s: Option -fc requires -M" % sys.argv[0])
|
|
+
|
|
+ out=seruleRecords(input, last_reload, verbose, te_ind)
|
|
+
|
|
if auditlogs:
|
|
- input=open("/var/log/audit/audit.log", "r")
|
|
- out.load(input)
|
|
+ input=os.popen("ausearch -m avc")
|
|
+ out.load(input)
|
|
+
|
|
if buildPP:
|
|
print ("Generating type enforcment file: %s.te" % module)
|
|
output.write(out.out(requires, module))
|
|
@@ -334,8 +426,13 @@
|
|
print "Compiling policy: %s" % cmd
|
|
rc=commands.getstatusoutput(cmd)
|
|
if rc[0]==0:
|
|
- print ("Building package: semodule_package -o %s.pp -m %s.mod" % (module, module))
|
|
- rc=commands.getstatusoutput("semodule_package -o %s.pp -m %s.mod" % (module, module))
|
|
+ cmd="semodule_package -o %s.pp -m %s.mod" % (module, module)
|
|
+ print cmd
|
|
+ if fc_file != "":
|
|
+ cmd = "%s -f %s" % (cmd, fc_file)
|
|
+
|
|
+ print "Building package: %s" % cmd
|
|
+ rc=commands.getstatusoutput(cmd)
|
|
if rc[0]==0:
|
|
print ("\n******************** IMPORTANT ***********************\n")
|
|
print ("In order to load this newly created policy package into the kernel,\nyou are required to execute \n\nsemodule -i %s.pp\n\n" % module)
|
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-1.27.31/audit2allow/audit2allow.1
|
|
--- nsapolicycoreutils/audit2allow/audit2allow.1 2005-11-29 13:43:42.000000000 -0500
|
|
+++ policycoreutils-1.27.31/audit2allow/audit2allow.1 2005-11-30 14:53:31.000000000 -0500
|
|
@@ -33,37 +33,44 @@
|
|
.B "\-a" | "\-\-all"
|
|
Read input from audit and message log, conflicts with -i
|
|
.TP
|
|
-.B "\-h" | "\-\-help"
|
|
-Print a short usage message
|
|
-.TP
|
|
.B "\-d" | "\-\-dmesg"
|
|
Read input from output of
|
|
.I /bin/dmesg.
|
|
-Note that audit messages are not available via dmesg when
|
|
-auditd is running; use -i /var/log/audit/audit.log instead.
|
|
+Note that all audit messages are not available via dmesg when
|
|
+auditd is running; use "ausearch -m avc | audit2allow" or "-a" instead.
|
|
.TP
|
|
-.B "\-v" | "\-\-verbose"
|
|
-Turn on verbose output
|
|
+.B "\-f" | "\-\-fcfile" <File Context File>
|
|
+Add File Context File to generated Module Package. Requires -M option.
|
|
+.TP
|
|
+.B "\-h" | "\-\-help"
|
|
+Print a short usage message
|
|
+.TP
|
|
+.B "\-i <inputfile>" | "\-\-input <inputfile>"
|
|
+read input from
|
|
+.I <inputfile>
|
|
.TP
|
|
.B "\-l" | "\-\-lastreload"
|
|
read input only after last policy reload
|
|
.TP
|
|
-.B "\-r" | "\-\-requires"
|
|
-Generate require output syntax for loadable modules.
|
|
-.TP
|
|
.B "\-m <modulename>" | "\-\-module <modulename>"
|
|
Generate module/require output <modulename>
|
|
.TP
|
|
.B "\-M <modulename>"
|
|
Generate loadable module package, conflicts with -o
|
|
.TP
|
|
-.B "\-i <inputfile>" | "\-\-input <inputfile>"
|
|
-read input from
|
|
-.I <inputfile>
|
|
-.TP
|
|
.B "\-o <outputfile>" | "\-\-output <outputfile>"
|
|
append output to
|
|
.I <outputfile>
|
|
+.TP
|
|
+.B "\-r" | "\-\-requires"
|
|
+Generate require output syntax for loadable modules.
|
|
+.TP
|
|
+.B "\-t " | "\-\-tefile"
|
|
+Indicates input file is a te (type enforcement) file. This can be used to translate old te format to new policy format.
|
|
+.TP
|
|
+.B "\-v" | "\-\-verbose"
|
|
+Turn on verbose output
|
|
+
|
|
.SH DESCRIPTION
|
|
.PP
|
|
This utility scans the logs for messages logged when the system denied
|
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.27.31/scripts/genhomedircon
|
|
--- nsapolicycoreutils/scripts/genhomedircon 2005-11-30 13:59:30.000000000 -0500
|
|
+++ policycoreutils-1.27.31/scripts/genhomedircon 2005-11-30 14:31:26.000000000 -0500
|
|
@@ -32,6 +32,8 @@
|
|
fd=open("/etc/shells", 'r')
|
|
VALID_SHELLS=fd.read().split('\n')
|
|
fd.close()
|
|
+if "/sbin/nologin" in VALID_SHELLS:
|
|
+ VALID_SHELLS.remove("/sbin/nologin")
|
|
|
|
def getStartingUID():
|
|
starting_uid = sys.maxint
|
|
@@ -266,7 +268,7 @@
|
|
homedir = u[5][:string.rfind(u[5], "/")]
|
|
if not homedir in homedirs:
|
|
if self.checkExists(homedir)==0:
|
|
- warning("%s is already defined in %s,\n%s will not create a new context." % (homedir, self.getFileContextFile(), sys.argv[0]))
|
|
+ warning("%s homedir %s or its parent directoy conflicts with a\ndefined context in %s,\n%s will not create a new context." % (u[0], u[5], self.getFileContextFile(), sys.argv[0]))
|
|
else:
|
|
homedirs.append(homedir)
|
|
|
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semodule/Makefile policycoreutils-1.27.31/semodule/Makefile
|
|
--- nsapolicycoreutils/semodule/Makefile 2005-10-10 09:02:48.000000000 -0400
|
|
+++ policycoreutils-1.27.31/semodule/Makefile 2005-11-30 14:31:26.000000000 -0500
|
|
@@ -17,6 +17,8 @@
|
|
install: all
|
|
-mkdir -p $(SBINDIR)
|
|
install -m 755 semodule $(SBINDIR)
|
|
+ test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
|
|
+ install -m 644 semodule.8 $(MANDIR)/man8/
|
|
|
|
relabel:
|
|
|
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semodule/semodule.8 policycoreutils-1.27.31/semodule/semodule.8
|
|
--- nsapolicycoreutils/semodule/semodule.8 1969-12-31 19:00:00.000000000 -0500
|
|
+++ policycoreutils-1.27.31/semodule/semodule.8 2005-11-30 14:31:26.000000000 -0500
|
|
@@ -0,0 +1,53 @@
|
|
+.TH SEMODULE "8" "Nov 2005" "Security Enhanced Linux" NSA
|
|
+.SH NAME
|
|
+semodule \- Manage SELinux policy modules.
|
|
+
|
|
+.SH SYNOPSIS
|
|
+.B semodule
|
|
+.br
|
|
+.SH DESCRIPTION
|
|
+.PP
|
|
+semodule is the tool used to manage policy, it can call functions to load/replace the policy in the kernel, as well as setup load_able modules.
|
|
+
|
|
+.SH "OPTIONS"
|
|
+.TP
|
|
+.B \-R, \-\-reload
|
|
+reload policy
|
|
+.TP
|
|
+.B \-B, \-\-build
|
|
+build and reload policy
|
|
+.TP
|
|
+.B \-i,\-\-install=MODULE_PKG
|
|
+install a new module
|
|
+.TP
|
|
+.B \-u,\-\-upgrade=MODULE_PKG
|
|
+upgrade existing module
|
|
+.TP
|
|
+.B \-b,\-\-base=MODULE_PKG
|
|
+install new base module
|
|
+.TP
|
|
+.B \-r,\-\-remove=MODULE_NAME
|
|
+remove existing module
|
|
+.TP
|
|
+.B \-l,\-\-list-modules
|
|
+display list of installed modules
|
|
+.TP
|
|
+.B \-s,\-\-store
|
|
+name of the store to operate on
|
|
+.TP
|
|
+.B \-n,\-\-noreload
|
|
+do not reload policy after commit
|
|
+.TP
|
|
+.B \-h,\-\-help
|
|
+prints help message and quit
|
|
+.TP
|
|
+.B \-v,\-\-verbose
|
|
+be verbose reset the policy boolean values to the saved policy settings.
|
|
+
|
|
+.SH SEE ALSO
|
|
+.B load_policy(8), semodule_package(8), semodule_expand(8), semodule_link(8)
|
|
+(8),
|
|
+.SH AUTHORS
|
|
+.nf
|
|
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
|
|
+The program was written by Karl MacMillan <kmacmillan@tresys.com>, Joshua Brindle <jbrindle@tresys.com>, Jason Tang <jtang@tresys.com>
|
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semodule_expand/Makefile policycoreutils-1.27.31/semodule_expand/Makefile
|
|
--- nsapolicycoreutils/semodule_expand/Makefile 2005-10-12 15:25:33.000000000 -0400
|
|
+++ policycoreutils-1.27.31/semodule_expand/Makefile 2005-11-30 14:31:26.000000000 -0500
|
|
@@ -3,6 +3,7 @@
|
|
INCLUDEDIR ?= $(PREFIX)/include
|
|
BINDIR ?= $(PREFIX)/bin
|
|
LIBDIR ?= ${PREFIX}/lib
|
|
+MANDIR ?= $(PREFIX)/share/man
|
|
|
|
CFLAGS ?= -Werror -Wall -W
|
|
override CFLAGS += -I$(INCLUDEDIR)
|
|
@@ -15,6 +16,8 @@
|
|
install: all
|
|
-mkdir -p $(BINDIR)
|
|
install -m 755 semodule_expand $(BINDIR)
|
|
+ test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
|
|
+ install -m 644 semodule_expand.8 $(MANDIR)/man8/
|
|
|
|
relabel:
|
|
|
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semodule_expand/semodule_expand.8 policycoreutils-1.27.31/semodule_expand/semodule_expand.8
|
|
--- nsapolicycoreutils/semodule_expand/semodule_expand.8 1969-12-31 19:00:00.000000000 -0500
|
|
+++ policycoreutils-1.27.31/semodule_expand/semodule_expand.8 2005-11-30 14:31:26.000000000 -0500
|
|
@@ -0,0 +1,26 @@
|
|
+.TH SEMODULE_EXPAND "8" "Nov 2005" "Security Enhanced Linux" NSA
|
|
+.SH NAME
|
|
+semodule_expand \- Manage SELinux policy modules.
|
|
+
|
|
+.SH SYNOPSIS
|
|
+.B semodule_expand [-V -c [version]] basemodpkg outputfile
|
|
+.br
|
|
+.SH DESCRIPTION
|
|
+.PP
|
|
+semodule_expand is the tool used to create a policy file from a base policy module. Tool takes to arguments: The name of the base policy package (usually base.pp) and the name of the policy output file (policy.20).
|
|
+
|
|
+.SH "OPTIONS"
|
|
+.TP
|
|
+.B \-V
|
|
+verbose mode
|
|
+.TP
|
|
+.B \-c [version]
|
|
+policy version to create
|
|
+
|
|
+.SH SEE ALSO
|
|
+.B load_policy(8), semodule_package(8), semodule(8), semodule_link(8)
|
|
+(8),
|
|
+.SH AUTHORS
|
|
+.nf
|
|
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
|
|
+The program was written by Karl MacMillan <kmacmillan@tresys.com>, Joshua Brindle <jbrindle@tresys.com>
|
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semodule_link/Makefile policycoreutils-1.27.31/semodule_link/Makefile
|
|
--- nsapolicycoreutils/semodule_link/Makefile 2005-10-12 15:25:33.000000000 -0400
|
|
+++ policycoreutils-1.27.31/semodule_link/Makefile 2005-11-30 14:31:26.000000000 -0500
|
|
@@ -2,6 +2,7 @@
|
|
PREFIX ?= ${DESTDIR}/usr
|
|
INCLUDEDIR ?= $(PREFIX)/include
|
|
BINDIR ?= $(PREFIX)/bin
|
|
+MANDIR ?= $(PREFIX)/share/man
|
|
LIBDIR ?= ${PREFIX}/lib
|
|
|
|
CFLAGS ?= -Werror -Wall -W
|
|
@@ -15,6 +16,8 @@
|
|
install: all
|
|
-mkdir -p $(BINDIR)
|
|
install -m 755 semodule_link $(BINDIR)
|
|
+ test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
|
|
+ install -m 644 semodule_link.8 $(MANDIR)/man8/
|
|
|
|
relabel:
|
|
|
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semodule_link/semodule_link.8 policycoreutils-1.27.31/semodule_link/semodule_link.8
|
|
--- nsapolicycoreutils/semodule_link/semodule_link.8 1969-12-31 19:00:00.000000000 -0500
|
|
+++ policycoreutils-1.27.31/semodule_link/semodule_link.8 2005-11-30 14:31:26.000000000 -0500
|
|
@@ -0,0 +1,27 @@
|
|
+.TH SEMODULE_LINK "8" "Nov 2005" "Security Enhanced Linux" NSA
|
|
+.SH NAME
|
|
+semodule_link \- Link a group of modules together with a base module
|
|
+
|
|
+.SH SYNOPSIS
|
|
+.B semodule_link [-V] [-o outfile] basemodpkg modpkg1 [modpkg2]...
|
|
+.br
|
|
+.SH DESCRIPTION
|
|
+.PP
|
|
+semodule_link is the tool used to create a policy file from a base policy module. and one of more loadable policy modules: The name of the base policy package (usually base.pp) and the name of the policy output file (policy.20).
|
|
+
|
|
+.SH "OPTIONS"
|
|
+.TP
|
|
+.B \-V
|
|
+verbose mode
|
|
+.TP
|
|
+.B \-o \-\-outfile <output file>
|
|
+Loadable package Output file
|
|
+
|
|
+
|
|
+.SH SEE ALSO
|
|
+.B load_policy(8), semodule_package(8), semodule(8), semodule_expand(8)
|
|
+(8),
|
|
+.SH AUTHORS
|
|
+.nf
|
|
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
|
|
+The program was written by Karl MacMillan <kmacmillan@tresys.com>
|
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semodule_package/Makefile policycoreutils-1.27.31/semodule_package/Makefile
|
|
--- nsapolicycoreutils/semodule_package/Makefile 2005-10-12 15:25:33.000000000 -0400
|
|
+++ policycoreutils-1.27.31/semodule_package/Makefile 2005-11-30 14:31:26.000000000 -0500
|
|
@@ -3,6 +3,7 @@
|
|
INCLUDEDIR ?= $(PREFIX)/include
|
|
BINDIR ?= $(PREFIX)/bin
|
|
LIBDIR ?= ${PREFIX}/lib
|
|
+MANDIR ?= $(PREFIX)/share/man
|
|
|
|
CFLAGS ?= -Werror -Wall -W
|
|
override CFLAGS += -I$(INCLUDEDIR)
|
|
@@ -15,6 +16,8 @@
|
|
install: all
|
|
-mkdir -p $(BINDIR)
|
|
install -m 755 semodule_package $(BINDIR)
|
|
+ test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
|
|
+ install -m 644 semodule_package.8 $(MANDIR)/man8/
|
|
|
|
relabel:
|
|
|
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semodule_package/semodule_package.8 policycoreutils-1.27.31/semodule_package/semodule_package.8
|
|
--- nsapolicycoreutils/semodule_package/semodule_package.8 1969-12-31 19:00:00.000000000 -0500
|
|
+++ policycoreutils-1.27.31/semodule_package/semodule_package.8 2005-11-30 14:31:26.000000000 -0500
|
|
@@ -0,0 +1,29 @@
|
|
+.TH SEMODULE_PACKAGE "8" "Nov 2005" "Security Enhanced Linux" NSA
|
|
+.SH NAME
|
|
+semodule_package \- Create loadable policy modules.
|
|
+
|
|
+.SH SYNOPSIS
|
|
+.B semodule_package -o <output file> -m <module> [-f <file contexts>]
|
|
+.br
|
|
+.SH DESCRIPTION
|
|
+.PP
|
|
+semodule_package is the tool used to create a policy file from a base policy module. Tool takes to arguments: The name of the base policy package (usually base.pp) and the name of the policy output file (policy.20).
|
|
+
|
|
+.SH "OPTIONS"
|
|
+.TP
|
|
+.B \-o \-\-outfile <output file>
|
|
+Loadable package Output file
|
|
+.TP
|
|
+.B \-m \-\-module <Module file>
|
|
+Module file (te file)
|
|
+.TP
|
|
+.B \-f \-\-fc <File context file>
|
|
+Policy File contexts file
|
|
+
|
|
+.SH SEE ALSO
|
|
+.B load_policy(8), semodule(8), semodule_expand(8), semodule_link(8)
|
|
+(8),
|
|
+.SH AUTHORS
|
|
+.nf
|
|
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
|
|
+The program was written by Karl MacMillan <kmacmillan@tresys.com>
|