|
 |
8456bc1 |
--- libselinux-1.23.10/man/man8/selinux.8.rhat 2005-04-29 14:07:14.000000000 -0400
|
|
|
8456bc1 |
+++ libselinux-1.23.10/man/man8/selinux.8 2005-05-11 10:56:10.000000000 -0400
|
|
|
d3be4d7 |
@@ -1,4 +1,4 @@
|
|
|
d3be4d7 |
-.TH "selinux" "8" "11 Aug 2004" "dwalsh@redhat.com" "SELinux Command Line documentation"
|
|
|
d3be4d7 |
+.TH "selinux" "8" "29 Apr 2005" "dwalsh@redhat.com" "SELinux Command Line documentation"
|
|
|
d3be4d7 |
|
|
|
d3be4d7 |
.SH "NAME"
|
|
|
d3be4d7 |
selinux \- NSA Security-Enhanced Linux (SELinux)
|
|
|
d3be4d7 |
@@ -62,11 +62,22 @@
|
|
|
d3be4d7 |
.B system-config-securitylevel
|
|
|
d3be4d7 |
allows customization of these booleans and tunables.
|
|
|
d3be4d7 |
|
|
|
4ff3f08 |
+.br
|
|
|
d3be4d7 |
+Many domains that are protected by SELinux also include selinux man pages explainging how to customize their policy.
|
|
|
4ff3f08 |
+
|
|
|
d3be4d7 |
+.SH FILE LABELING
|
|
|
4ff3f08 |
+
|
|
|
d3be4d7 |
+All files, directories, devices ... have a security context/label associated with them. These context are stored in the extended attributes of the file system.
|
|
|
d3be4d7 |
+Problems with SELinux often arise from the file system being mislabeled. This can be caused by booting the machine with a non selinux kernel. If you see an error message containing file_t, that is usually a good indicator that you have a serious problem with file system labeling.
|
|
|
d3be4d7 |
+.br
|
|
|
d3be4d7 |
+The best way to relabel the file system is to create the flag file /.autorelabel and reboot. system-config-securitylevel, also has this capability. The restorcon/fixfiles commands are also available for relabeling files.
|
|
|
d3be4d7 |
+
|
|
|
d3be4d7 |
.SH AUTHOR
|
|
|
d3be4d7 |
This manual page was written by Dan Walsh <dwalsh@redhat.com>.
|
|
|
4ff3f08 |
|
|
|
d3be4d7 |
.SH "SEE ALSO"
|
|
|
d3be4d7 |
-booleans(8), setsebool(8), selinuxenabled(8), togglesebool(8)
|
|
|
d3be4d7 |
+booleans(8), setsebool(8), selinuxenabled(8), togglesebool(8), restorecon(8), setfiles(8), ftpd_selinux(8), named_selinux(8), rsync_selinux(8), httpd_selinux(8), nfs_selinux(8), samba_selinux(8), kerberos_selinux(8), nis_selinux(8), ypbind_selinux(8)
|
|
|
4ff3f08 |
+
|
|
|
4ff3f08 |
|
|
|
d3be4d7 |
.SH FILES
|
|
|
d3be4d7 |
/etc/selinux/config
|
|
|
8456bc1 |
--- libselinux-1.23.10/utils/avcstat.c.rhat 2005-04-29 14:07:14.000000000 -0400
|
|
|
8456bc1 |
+++ libselinux-1.23.10/utils/avcstat.c 2005-05-11 10:57:30.000000000 -0400
|
|
|
8456bc1 |
@@ -90,12 +90,15 @@
|
|
|
8371f52 |
|
|
|
8371f52 |
int main(int argc, char **argv)
|
|
|
8371f52 |
{
|
|
|
8371f52 |
+ struct avc_cache_stats tot, rel, last;
|
|
|
8371f52 |
int fd, i, cumulative = 0;
|
|
|
8371f52 |
struct sigaction sa;
|
|
|
8371f52 |
char avcstatfile[PATH_MAX];
|
|
|
8371f52 |
snprintf(avcstatfile, sizeof avcstatfile, "%s%s", selinux_mnt, DEF_STAT_FILE);
|
|
|
8371f52 |
progname = basename(argv[0]);
|
|
|
8371f52 |
|
|
|
8371f52 |
+ memset(&last, 0, sizeof(last));
|
|
|
8371f52 |
+
|
|
|
8371f52 |
while((i = getopt(argc, argv, "cf:h?-")) != -1) {
|
|
|
8371f52 |
switch (i) {
|
|
|
8371f52 |
case 'c':
|
|
|
8456bc1 |
@@ -144,7 +147,6 @@
|
|
|
8371f52 |
for (i = 0;; i++) {
|
|
|
8371f52 |
char *line;
|
|
|
8371f52 |
ssize_t ret, parsed = 0;
|
|
|
8371f52 |
- struct avc_cache_stats tot, rel, last;
|
|
|
8371f52 |
|
|
|
8371f52 |
memset(buf, 0, DEF_BUF_SIZE);
|
|
|
8371f52 |
ret = read(fd, buf, DEF_BUF_SIZE);
|
|
|
8456bc1 |
@@ -166,7 +168,6 @@
|
|
|
8456bc1 |
"hits", "misses", "allocs", "reclaims", "frees");
|
|
|
8456bc1 |
|
|
|
8456bc1 |
memset(&tot, 0, sizeof(tot));
|
|
|
8456bc1 |
- memset(&last, 0, sizeof(last));
|
|
|
8456bc1 |
|
|
|
8456bc1 |
while ((line = strtok(NULL, "\n"))) {
|
|
|
8456bc1 |
struct avc_cache_stats tmp;
|