From a9c082be34ed7d34a68fb44c8c61ab29a29f8dde Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Jan 12 2007 16:02:56 +0000 Subject: - Add reference to selinux man page in all man pages to make apropos work Resolves: # 217881 --- diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch index 7b0cc71..f78d0bb 100644 --- a/libselinux-rhat.patch +++ b/libselinux-rhat.patch @@ -1,338 +1,555 @@ -Binary files nsalibselinux/debugsources.list and libselinux-1.33.3/debugsources.list differ -diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/selinux.h libselinux-1.33.3/include/selinux/selinux.h ---- nsalibselinux/include/selinux/selinux.h 2006-11-16 17:15:18.000000000 -0500 -+++ libselinux-1.33.3/include/selinux/selinux.h 2007-01-09 09:49:51.000000000 -0500 -@@ -406,6 +406,7 @@ - extern const char *selinux_homedir_context_path(void); - extern const char *selinux_media_context_path(void); - extern const char *selinux_contexts_path(void); -+ extern const char *selinux_securetty_context_path(void); - extern const char *selinux_booleans_path(void); - extern const char *selinux_customizable_types_path(void); - extern const char *selinux_users_path(void); -@@ -413,12 +414,15 @@ - extern const char *selinux_translations_path(void); - extern const char *selinux_netfilter_context_path(void); - extern const char *selinux_path(void); -- - /* Check a permission in the passwd class. - Return 0 if granted or -1 otherwise. */ - extern int selinux_check_passwd_access(access_vector_t requested); - extern int checkPasswdAccess(access_vector_t requested); - -+/* Check if the tty_context is defined as a securetty -+ Return 1 if secure, 0 if not, or -1 if otherwise. */ -+ extern int selinux_check_securetty_context(security_context_t -+ tty_context); - /* Set the path to the selinuxfs mount point explicitly. - Normally, this is determined automatically during libselinux - initialization, but this is not always possible, e.g. for /sbin/init -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_binary_policy_path.3 libselinux-1.33.3/man/man3/selinux_binary_policy_path.3 ---- nsalibselinux/man/man3/selinux_binary_policy_path.3 2006-11-16 17:15:30.000000000 -0500 -+++ libselinux-1.33.3/man/man3/selinux_binary_policy_path.3 2007-01-09 09:49:51.000000000 -0500 -@@ -27,6 +27,8 @@ +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_add_callback.3 libselinux-1.33.4/man/man3/avc_add_callback.3 +--- nsalibselinux/man/man3/avc_add_callback.3 2006-11-16 17:15:30.000000000 -0500 ++++ libselinux-1.33.4/man/man3/avc_add_callback.3 2007-01-12 10:52:13.000000000 -0500 +@@ -3,7 +3,7 @@ + .\" Author: Eamon Walsh (ewalsh@epoch.ncsc.mil) 2004 + .TH "avc_add_callback" "3" "9 June 2004" "" "SE Linux API documentation" + .SH "NAME" +-avc_add_callback \- additional event notification for userspace object managers. ++avc_add_callback \- additional event notification for SELinux userspace object managers. + .SH "SYNOPSIS" + .B #include .br - extern const char *selinux_media_context_path(void); +@@ -181,3 +181,4 @@ + .BR avc_context_to_sid (3), + .BR avc_cache_stats (3), + .BR security_compute_av (3) ++.BR selinux (8) +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_cache_stats.3 libselinux-1.33.4/man/man3/avc_cache_stats.3 +--- nsalibselinux/man/man3/avc_cache_stats.3 2006-11-16 17:15:30.000000000 -0500 ++++ libselinux-1.33.4/man/man3/avc_cache_stats.3 2007-01-12 10:52:01.000000000 -0500 +@@ -3,7 +3,7 @@ + .\" Author: Eamon Walsh (ewalsh@epoch.ncsc.mil) 2004 + .TH "avc_cache_stats" "3" "27 May 2004" "" "SE Linux API documentation" + .SH "NAME" +-avc_cache_stats, avc_av_stats, avc_sid_stats \- obtain userspace AVC statistics. ++avc_cache_stats, avc_av_stats, avc_sid_stats \- obtain userspace SELinux AVC statistics. + .SH "SYNOPSIS" + .B #include .br -+extern const char *selinux_securetty_context_path(void); -+.br - extern const char *selinux_contexts_path(void); +@@ -96,3 +96,4 @@ + .BR avc_has_perm (3), + .BR avc_context_to_sid (3), + .BR avc_add_callback (3) ++.BR selinux (8) +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_context_to_sid.3 libselinux-1.33.4/man/man3/avc_context_to_sid.3 +--- nsalibselinux/man/man3/avc_context_to_sid.3 2006-11-16 17:15:30.000000000 -0500 ++++ libselinux-1.33.4/man/man3/avc_context_to_sid.3 2007-01-12 10:51:53.000000000 -0500 +@@ -3,7 +3,7 @@ + .\" Author: Eamon Walsh (ewalsh@epoch.ncsc.mil) 2004 + .TH "avc_context_to_sid" "3" "27 May 2004" "" "SE Linux API documentation" + .SH "NAME" +-avc_context_to_sid, avc_sid_to_context, sidput, sidget \- obtain and manipulate security ID's. ++avc_context_to_sid, avc_sid_to_context, sidput, sidget \- obtain and manipulate SELinux security ID's. + .SH "SYNOPSIS" + .B #include .br - extern const char *selinux_booleans_path(void); -@@ -56,6 +58,8 @@ - .sp - selinux_contexts_path() - directory containing all of the context configuration files - .sp -+selinux_securetty_context_path() - defines terminal contexts for securetty -+.sp - selinux_booleans_path() - initial policy boolean settings - - .SH AUTHOR -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_check_securetty_context.3 libselinux-1.33.3/man/man3/selinux_check_securetty_context.3 ---- nsalibselinux/man/man3/selinux_check_securetty_context.3 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-1.33.3/man/man3/selinux_check_securetty_context.3 2007-01-09 09:49:51.000000000 -0500 -@@ -0,0 +1,13 @@ -+.TH "selinux_check_securetty_context" "3" "1 January 2007" "dwalsh@redhat.com" "SE Linux API documentation" -+.SH "NAME" -+selinux_check_securetty_context \- check whether a tty security context is defined as a securetty context -+.SH "SYNOPSIS" -+.B #include -+.sp -+.BI "int selinux_check_securetty_context(security_context_t "tty_context ); +@@ -88,3 +88,4 @@ + .BR avc_add_callback (3), + .BR getcon (3), + .BR freecon (3) ++.BR selinux (8) +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_has_perm.3 libselinux-1.33.4/man/man3/avc_has_perm.3 +--- nsalibselinux/man/man3/avc_has_perm.3 2006-11-16 17:15:30.000000000 -0500 ++++ libselinux-1.33.4/man/man3/avc_has_perm.3 2007-01-12 10:16:17.000000000 -0500 +@@ -152,3 +152,4 @@ + .BR avc_cache_stats (3), + .BR avc_add_callback (3), + .BR security_compute_av (3) ++.BR selinux(8) +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_init.3 libselinux-1.33.4/man/man3/avc_init.3 +--- nsalibselinux/man/man3/avc_init.3 2006-11-16 17:15:30.000000000 -0500 ++++ libselinux-1.33.4/man/man3/avc_init.3 2007-01-12 10:51:40.000000000 -0500 +@@ -3,7 +3,7 @@ + .\" Author: Eamon Walsh (ewalsh@epoch.ncsc.mil) 2004 + .TH "avc_init" "3" "27 May 2004" "" "SE Linux API documentation" + .SH "NAME" +-avc_init, avc_destroy, avc_reset, avc_cleanup \- userspace AVC setup and teardown. ++avc_init, avc_destroy, avc_reset, avc_cleanup \- userspace SELinux AVC setup and teardown. + .SH "SYNOPSIS" + .B #include + .br +@@ -209,3 +209,5 @@ + .BR avc_cache_stats (3), + .BR avc_add_callback (3), + .BR security_compute_av (3) ++.BR selinux (8) + -+.SH "DESCRIPTION" -+.B selinux_check_securetty_context -+returns 1 if tty_context is a securetty context -+returns 0 if tty_context is a not a securetty context -+returns -1 on error. -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_securetty_context_path.3 libselinux-1.33.3/man/man3/selinux_securetty_context_path.3 ---- nsalibselinux/man/man3/selinux_securetty_context_path.3 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-1.33.3/man/man3/selinux_securetty_context_path.3 2007-01-09 09:49:51.000000000 -0500 -@@ -0,0 +1 @@ -+.so man3/selinux_binary_policy_path.3 -diff --exclude-from=exclude -N -u -r nsalibselinux/src/file_path_suffixes.h libselinux-1.33.3/src/file_path_suffixes.h ---- nsalibselinux/src/file_path_suffixes.h 2006-11-16 17:15:25.000000000 -0500 -+++ libselinux-1.33.3/src/file_path_suffixes.h 2007-01-09 09:49:51.000000000 -0500 -@@ -7,6 +7,7 @@ - S_(USER_CONTEXTS, "/contexts/users/") - S_(FAILSAFE_CONTEXT, "/contexts/failsafe_context") - S_(DEFAULT_TYPE, "/contexts/default_type") -+ S_(SECURETTY_CONTEXTS, "/contexts/securetty_contexts") - S_(BOOLEANS, "/booleans") - S_(MEDIA_CONTEXTS, "/contexts/files/media") - S_(REMOVABLE_CONTEXT, "/contexts/removable_context") -diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_check_securetty_context.c libselinux-1.33.3/src/selinux_check_securetty_context.c ---- nsalibselinux/src/selinux_check_securetty_context.c 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-1.33.3/src/selinux_check_securetty_context.c 2007-01-09 10:00:58.000000000 -0500 -@@ -0,0 +1,54 @@ -+#include -+#include -+#include -+#include -+#include -+#include "selinux_internal.h" -+#include "context_internal.h" +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/context_new.3 libselinux-1.33.4/man/man3/context_new.3 +--- nsalibselinux/man/man3/context_new.3 2006-11-16 17:15:30.000000000 -0500 ++++ libselinux-1.33.4/man/man3/context_new.3 2007-01-12 10:15:43.000000000 -0500 +@@ -56,3 +56,6 @@ + On success, zero is returned. On failure, -1 is returned and errno is + set appropriately. + ++.SH "SEE ALSO" ++.BR selinux "(8)" + -+int selinux_check_securetty_context(security_context_t tty_context) -+{ -+ char *line = NULL; -+ char *start, *end = NULL; -+ size_t line_len = 0; -+ size_t len; -+ int found = -1; -+ FILE *fp; -+ fp = fopen(selinux_securetty_context_path(), "r"); -+ if (fp) { -+ context_t con = context_new(tty_context); -+ if (con) { -+ const char *type = context_type_get(con); -+ found = 0; -+ while ((len = getline(&line, &line_len, fp)) != -1) { +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/freecon.3 libselinux-1.33.4/man/man3/freecon.3 +--- nsalibselinux/man/man3/freecon.3 2006-11-16 17:15:30.000000000 -0500 ++++ libselinux-1.33.4/man/man3/freecon.3 2007-01-12 10:51:18.000000000 -0500 +@@ -1,6 +1,6 @@ + .TH "freecon" "3" "1 January 2004" "russell@coker.com.au" "SE Linux API documentation" + .SH "NAME" +-freecon, freeconary \- free memory associated with SE Linux security contexts. ++freecon, freeconary \- free memory associated with SELinux security contexts. + .SH "SYNOPSIS" + .B #include + .sp +@@ -14,3 +14,7 @@ + + .B freeconary + frees the memory allocated for a context array. + -+ if (line[len - 1] == '\n') -+ line[len - 1] = 0; ++.SH "SEE ALSO" ++.BR selinux "(8)" + -+ /* Skip leading whitespace. */ -+ start = line; -+ while (*start && isspace(*start)) -+ start++; -+ if (!(*start)) -+ continue; +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getcon.3 libselinux-1.33.4/man/man3/getcon.3 +--- nsalibselinux/man/man3/getcon.3 2006-11-16 17:15:30.000000000 -0500 ++++ libselinux-1.33.4/man/man3/getcon.3 2007-01-12 10:51:12.000000000 -0500 +@@ -1,6 +1,6 @@ + .TH "getcon" "3" "1 January 2004" "russell@coker.com.au" "SE Linux API documentation" + .SH "NAME" +-getcon, getprevcon, getpidcon \- get SE Linux security context of a process. ++getcon, getprevcon, getpidcon \- get SELinux security context of a process. + .br + getpeercon - get security context of a peer socket. + .br +@@ -59,4 +59,4 @@ + On error -1 is returned. On success 0 is returned. + + .SH "SEE ALSO" +-.BR freecon "(3), " setexeccon "(3)" ++.BR selinux "(8), " freecon "(3), " setexeccon "(3)" +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getexeccon.3 libselinux-1.33.4/man/man3/getexeccon.3 +--- nsalibselinux/man/man3/getexeccon.3 2006-11-16 17:15:30.000000000 -0500 ++++ libselinux-1.33.4/man/man3/getexeccon.3 2007-01-12 10:51:04.000000000 -0500 +@@ -1,6 +1,6 @@ + .TH "getexeccon" "3" "1 January 2004" "russell@coker.com.au" "SE Linux API documentation" + .SH "NAME" +-getexeccon, setexeccon \- get or set the SE Linux security context used for executing a new process. ++getexeccon, setexeccon \- get or set the SELinux security context used for executing a new process. + .br + rpm_execcon \- run a helper for rpm in an appropriate security context + +@@ -55,6 +55,6 @@ + rpm_execcon only returns upon errors, as it calls execve(2). + + .SH "SEE ALSO" +-.BR freecon "(3), " getcon "(3)" ++.BR selinux "(8), " freecon "(3), " getcon "(3)" + + +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getfilecon.3 libselinux-1.33.4/man/man3/getfilecon.3 +--- nsalibselinux/man/man3/getfilecon.3 2006-11-16 17:15:30.000000000 -0500 ++++ libselinux-1.33.4/man/man3/getfilecon.3 2007-01-12 10:50:59.000000000 -0500 +@@ -1,6 +1,6 @@ + .TH "getfilecon" "3" "1 January 2004" "russell@coker.com.au" "SE Linux API documentation" + .SH "NAME" +-getfilecon, fgetfilecon, lgetfilecon \- get SE Linux security context of a file ++getfilecon, fgetfilecon, lgetfilecon \- get SELinux security context of a file + .SH "SYNOPSIS" + .B #include + .sp +@@ -40,4 +40,4 @@ + here. + + .SH "SEE ALSO" +-.BR freecon "(3), " setfilecon "(3), " setfscreatecon "(3)" ++.BR selinux "(8), " freecon "(3), " setfilecon "(3), " setfscreatecon "(3)" +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getfscreatecon.3 libselinux-1.33.4/man/man3/getfscreatecon.3 +--- nsalibselinux/man/man3/getfscreatecon.3 2006-11-16 17:15:30.000000000 -0500 ++++ libselinux-1.33.4/man/man3/getfscreatecon.3 2007-01-12 10:50:55.000000000 -0500 +@@ -1,6 +1,6 @@ + .TH "getfscreatecon" "3" "1 January 2004" "russell@coker.com.au" "SE Linux API documentation" + .SH "NAME" +-getfscreatecon, setfscreatecon \- get or set the SE Linux security context used for creating a new file system object. ++getfscreatecon, setfscreatecon \- get or set the SELinux security context used for creating a new file system object. + + .SH "SYNOPSIS" + .B #include +@@ -35,4 +35,4 @@ + On success 0 is returned. + + .SH "SEE ALSO" +-.BR freecon "(3), " getcon "(3), " getexeccon "(3)" ++.BR selinux "(8), " freecon "(3), " getcon "(3), " getexeccon "(3)" +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/get_ordered_context_list.3 libselinux-1.33.4/man/man3/get_ordered_context_list.3 +--- nsalibselinux/man/man3/get_ordered_context_list.3 2006-11-16 17:15:30.000000000 -0500 ++++ libselinux-1.33.4/man/man3/get_ordered_context_list.3 2007-01-12 10:50:48.000000000 -0500 +@@ -1,6 +1,6 @@ + .TH "get_ordered_context_list" "3" "1 January 2004" "russell@coker.com.au" "SE Linux" + .SH "NAME" +-get_ordered_context_list, get_ordered_context_list_with_level, get_default_context, get_default_context_with_level, get_default_context_with_role, get_default_context_with_rolelevel, query_user_context, manual_user_enter_context, get_default_role \- determine context(s) for user sessions ++get_ordered_context_list, get_ordered_context_list_with_level, get_default_context, get_default_context_with_level, get_default_context_with_role, get_default_context_with_rolelevel, query_user_context, manual_user_enter_context, get_default_role \- determine SELinux context(s) for user sessions + + .SH "SYNOPSIS" + .B #include +@@ -77,4 +77,4 @@ + The other functions return 0 for success or -1 for errors. + + .SH "SEE ALSO" +-.BR freeconary "(3), " freecon "(3), " security_compute_av "(3)", getseuserbyname"(3)" ++.BR selinux "(8), " freeconary "(3), " freecon "(3), " security_compute_av "(3)", getseuserbyname"(3)" +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getseuserbyname.3 libselinux-1.33.4/man/man3/getseuserbyname.3 +--- nsalibselinux/man/man3/getseuserbyname.3 2006-11-16 17:15:30.000000000 -0500 ++++ libselinux-1.33.4/man/man3/getseuserbyname.3 2007-01-12 10:13:47.000000000 -0500 +@@ -23,3 +23,6 @@ + The errors documented for the stat(2) system call are also applicable + here. + ++.SH "SEE ALSO" ++.BR selinux "(8)" + -+ end = start; -+ while (*end && !isspace(*end)) -+ end++; -+ if (*end) -+ *end++ = 0; -+ if (!strcmp(type, start)) { -+ found = 1; -+ break; -+ } -+ } -+ free(line); -+ context_free(con); -+ } -+ fclose(fp); -+ } +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/is_context_customizable.3 libselinux-1.33.4/man/man3/is_context_customizable.3 +--- nsalibselinux/man/man3/is_context_customizable.3 2006-11-16 17:15:30.000000000 -0500 ++++ libselinux-1.33.4/man/man3/is_context_customizable.3 2007-01-12 10:50:33.000000000 -0500 +@@ -1,6 +1,6 @@ + .TH "is_context_customizable" "3" "10 January 2005" "dwalsh@redhat.com" "SELinux API documentation" + .SH "NAME" +-is_context_customizable \- check whether context type is customizable by the administrator. ++is_context_customizable \- check whether SELinux context type is customizable by the administrator. + .SH "SYNOPSIS" + .B #include + .sp +@@ -20,3 +20,6 @@ + .SH "FILE" + /etc/selinux/SELINUXTYPE/context/customizable_types + ++.SH "SEE ALSO" ++.BR selinux "(8)" + -+ return found; -+} +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/is_selinux_enabled.3 libselinux-1.33.4/man/man3/is_selinux_enabled.3 +--- nsalibselinux/man/man3/is_selinux_enabled.3 2006-11-16 17:15:30.000000000 -0500 ++++ libselinux-1.33.4/man/man3/is_selinux_enabled.3 2007-01-12 10:50:24.000000000 -0500 +@@ -1,6 +1,6 @@ + .TH "is_selinux_enabled" "3" "1 January 2004" "russell@coker.com.au" "SE Linux API documentation" + .SH "NAME" +-is_selinux_enabled \- check whether SE Linux is enabled ++is_selinux_enabled \- check whether SELinux is enabled + .SH "SYNOPSIS" + .B #include + .sp +@@ -9,3 +9,7 @@ + .SH "DESCRIPTION" + .B is_selinux_enabled + returns 1 if SE Linux is running or 0 if it is not. May change soon. + -+hidden_def(selinux_check_securetty_context) -diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_config.c libselinux-1.33.3/src/selinux_config.c ---- nsalibselinux/src/selinux_config.c 2006-11-16 17:15:25.000000000 -0500 -+++ libselinux-1.33.3/src/selinux_config.c 2007-01-09 09:49:51.000000000 -0500 -@@ -38,7 +38,8 @@ - #define NETFILTER_CONTEXTS 15 - #define FILE_CONTEXTS_HOMEDIR 16 - #define FILE_CONTEXTS_LOCAL 17 --#define NEL 18 -+#define SECURETTY_CONTEXTS 18 -+#define NEL 19 - - /* New layout is relative to SELINUXDIR/policytype. */ - static char *file_paths[NEL]; -@@ -299,6 +300,13 @@ - - hidden_def(selinux_default_context_path) - -+const char *selinux_securetty_context_path() -+{ -+ return get_path(SECURETTY_CONTEXTS); -+} ++.SH "SEE ALSO" ++.BR selinux "(8)" + -+hidden_def(selinux_securetty_context_path) +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/matchmediacon.3 libselinux-1.33.4/man/man3/matchmediacon.3 +--- nsalibselinux/man/man3/matchmediacon.3 2006-11-16 17:15:30.000000000 -0500 ++++ libselinux-1.33.4/man/man3/matchmediacon.3 2007-01-12 10:50:18.000000000 -0500 +@@ -1,6 +1,6 @@ + .TH "matchmediacon" "3" "15 November 2004" "dwalsh@redhat.com" "SE Linux API documentation" + .SH "NAME" +-matchmediacon \- get the default security context for the specified mediatype from the policy. ++matchmediacon \- get the default SELinux security context for the specified mediatype from the policy. + + .SH "SYNOPSIS" + .B #include +@@ -23,4 +23,4 @@ + /etc/selinux/POLICYTYPE/contexts/files/media + + .SH "SEE ALSO" +-.BR freecon "(3) ++.BR selinux "(8), " freecon "(3) +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/matchpathcon.3 libselinux-1.33.4/man/man3/matchpathcon.3 +--- nsalibselinux/man/man3/matchpathcon.3 2006-11-16 17:15:30.000000000 -0500 ++++ libselinux-1.33.4/man/man3/matchpathcon.3 2007-01-12 10:50:12.000000000 -0500 +@@ -1,6 +1,6 @@ + .TH "matchpathcon" "3" "16 March 2005" "sds@tycho.nsa.gov" "SE Linux API documentation" + .SH "NAME" +-matchpathcon \- get the default security context for the specified path from the file contexts configuration. ++matchpathcon \- get the default SELinux security context for the specified path from the file contexts configuration. + + .SH "SYNOPSIS" + .B #include +@@ -117,4 +117,4 @@ + Returns 0 on success or -1 otherwise. + + .SH "SEE ALSO" +-.BR freecon "(3), " setfilecon "(3), " setfscreatecon "(3)" ++.BR selinux "(8), " freecon "(3), " setfilecon "(3), " setfscreatecon "(3)" +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/security_check_context.3 libselinux-1.33.4/man/man3/security_check_context.3 +--- nsalibselinux/man/man3/security_check_context.3 2006-11-16 17:15:30.000000000 -0500 ++++ libselinux-1.33.4/man/man3/security_check_context.3 2007-01-12 10:50:01.000000000 -0500 +@@ -1,6 +1,6 @@ + .TH "security_check_context" "3" "1 January 2004" "russell@coker.com.au" "SE Linux API documentation" + .SH "NAME" +-security_check_context \- check the validity of a context ++security_check_context \- check the validity of a SELinux context + .SH "SYNOPSIS" + .B #include + .sp +@@ -10,3 +10,7 @@ + .B security_check_context + returns 0 if SE Linux is running and the context is valid, otherwise it + returns -1. + - const char *selinux_failsafe_context_path() - { - return get_path(FAILSAFE_CONTEXT); -diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_internal.h libselinux-1.33.3/src/selinux_internal.h ---- nsalibselinux/src/selinux_internal.h 2006-11-16 17:15:25.000000000 -0500 -+++ libselinux-1.33.3/src/selinux_internal.h 2007-01-09 09:49:51.000000000 -0500 -@@ -53,6 +53,7 @@ - hidden_proto(security_setenforce) - hidden_proto(selinux_binary_policy_path) - hidden_proto(selinux_default_context_path) -+ hidden_proto(selinux_securetty_context_path) - hidden_proto(selinux_failsafe_context_path) - hidden_proto(selinux_removable_context_path) - hidden_proto(selinux_file_context_path) -@@ -66,6 +67,7 @@ - hidden_proto(selinux_media_context_path) - hidden_proto(selinux_path) - hidden_proto(selinux_check_passwd_access) -+ hidden_proto(selinux_check_securetty_context) - hidden_proto(matchpathcon_init_prefix) - hidden_proto(selinux_users_path) - hidden_proto(selinux_usersconf_path); -diff --exclude-from=exclude -N -u -r nsalibselinux/utils/getdefaultcon.c libselinux-1.33.3/utils/getdefaultcon.c ---- nsalibselinux/utils/getdefaultcon.c 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-1.33.3/utils/getdefaultcon.c 2007-01-09 14:55:19.000000000 -0500 -@@ -0,0 +1,75 @@ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include ++.SH "SEE ALSO" ++.BR selinux "(8)" + -+void usage(char *name, char *detail, int rc) -+{ -+ fprintf(stderr, "usage: %s [-l level] user fromcon\n", name); -+ if (detail) -+ fprintf(stderr, "%s: %s\n", name, detail); -+ exit(rc); -+} +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/security_compute_av.3 libselinux-1.33.4/man/man3/security_compute_av.3 +--- nsalibselinux/man/man3/security_compute_av.3 2006-11-16 17:15:30.000000000 -0500 ++++ libselinux-1.33.4/man/man3/security_compute_av.3 2007-01-12 10:49:51.000000000 -0500 +@@ -1,7 +1,7 @@ + .TH "security_compute_av" "3" "1 January 2004" "russell@coker.com.au" "SE Linux API documentation" + .SH "NAME" + security_compute_av, security_compute_create, security_compute_relabel, security_compute_user \- query +-the SE Linux policy database in the kernel. ++the SELinux policy database in the kernel. + + .SH "SYNOPSIS" + .B #include +@@ -51,4 +51,4 @@ + 0 for success and on error -1 is returned. + + .SH "SEE ALSO" +-.BR getcon "(3), " getfilecon "(3), " get_ordered_context_list "(3)" ++.BR selinux "(8), " getcon "(3), " getfilecon "(3), " get_ordered_context_list "(3)" +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/security_getenforce.3 libselinux-1.33.4/man/man3/security_getenforce.3 +--- nsalibselinux/man/man3/security_getenforce.3 2006-11-16 17:15:30.000000000 -0500 ++++ libselinux-1.33.4/man/man3/security_getenforce.3 2007-01-12 10:49:38.000000000 -0500 +@@ -1,6 +1,6 @@ + .TH "security_getenforce" "3" "1 January 2004" "russell@coker.com.au" "SE Linux API documentation" + .SH "NAME" +-security_getenforce, security_setenforce \- get or set the enforcing state of SE Linux ++security_getenforce, security_setenforce \- get or set the enforcing state of SELinux + .SH "SYNOPSIS" + .B #include + .sp +@@ -17,3 +17,7 @@ + sets SE Linux to enforcing mode if the value 1 is passed in, and sets it to + permissive mode if 0 is passed in. On success 0 is returned, on error -1 is + returned. + -+int main(int argc, char **argv) -+{ -+ security_context_t usercon = NULL, cur_context = NULL; -+ char *user = NULL, *level = NULL, *role=NULL, *seuser=NULL; -+ int ret, opt; ++.SH "SEE ALSO" ++.BR selinux "(8)" + -+ while ((opt = getopt(argc, argv, "l:r:")) > 0) { -+ switch (opt) { -+ case 'l': -+ level = strdup(optarg); -+ break; -+ case 'r': -+ role = strdup(optarg); -+ break; -+ default: -+ usage(argv[0], "invalid option", 1); -+ } -+ } +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/security_load_booleans.3 libselinux-1.33.4/man/man3/security_load_booleans.3 +--- nsalibselinux/man/man3/security_load_booleans.3 2006-11-16 17:15:30.000000000 -0500 ++++ libselinux-1.33.4/man/man3/security_load_booleans.3 2007-01-12 10:12:30.000000000 -0500 +@@ -56,4 +56,4 @@ + This manual page was written by Dan Walsh . + + .SH "SEE ALSO" +-getsebool(8), booleans(8), togglesebool(8) ++selinux(8), getsebool(8), booleans(8), togglesebool(8) +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/security_load_policy.3 libselinux-1.33.4/man/man3/security_load_policy.3 +--- nsalibselinux/man/man3/security_load_policy.3 2006-11-16 17:15:30.000000000 -0500 ++++ libselinux-1.33.4/man/man3/security_load_policy.3 2007-01-12 10:49:30.000000000 -0500 +@@ -1,6 +1,6 @@ + .TH "security_load_policy" "3" "1 January 2004" "russell@coker.com.au" "SE Linux API documentation" + .SH "NAME" +-security_load_policy \- load a new policy ++security_load_policy \- load a new SELinux policy + .SH "SYNOPSIS" + .B #include + .sp +@@ -9,3 +9,7 @@ + .SH "DESCRIPTION" + .B security_load_policy + loads a new policy, returns 0 for success and -1 for error. + -+ if (((argc - optind) < 1) || ((argc - optind) > 2)) -+ usage(argv[0], "invalid number of arguments", 2); ++.SH "SEE ALSO" ++.BR selinux "(8)" + -+ /* If selinux isn't available, bail out. */ -+ if (!is_selinux_enabled()) { -+ fprintf(stderr, -+ "%s may be used only on a SELinux kernel.\n", argv[0]); -+ return 1; -+ } +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/security_policyvers.3 libselinux-1.33.4/man/man3/security_policyvers.3 +--- nsalibselinux/man/man3/security_policyvers.3 2006-11-16 17:15:30.000000000 -0500 ++++ libselinux-1.33.4/man/man3/security_policyvers.3 2007-01-12 10:49:22.000000000 -0500 +@@ -1,6 +1,6 @@ + .TH "security_policyvers" "3" "1 January 2004" "russell@coker.com.au" "SE Linux API documentation" + .SH "NAME" +-security_policyvers \- get the version of the SE Linux policy ++security_policyvers \- get the version of the SELinux policy + .SH "SYNOPSIS" + .B #include + .sp +@@ -10,3 +10,7 @@ + .B security_policyvers + returns the version of the policy (a positive integer) on success, or -1 on + error. + -+ user = argv[optind]; ++.SH "SEE ALSO" ++.BR selinux "(8)" + -+ /* If a context wasn't passed, use the current context. */ -+ if (((argc - optind) < 2)) { -+ if (getcon(&cur_context) < 0) { -+ fprintf(stderr, "Couldn't get current context.\n"); -+ return 2; -+ } -+ } else -+ cur_context = argv[optind + 1]; +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_binary_policy_path.3 libselinux-1.33.4/man/man3/selinux_binary_policy_path.3 +--- nsalibselinux/man/man3/selinux_binary_policy_path.3 2007-01-11 14:01:22.000000000 -0500 ++++ libselinux-1.33.4/man/man3/selinux_binary_policy_path.3 2007-01-12 10:49:16.000000000 -0500 +@@ -4,7 +4,7 @@ + selinux_failsafe_context_path, selinux_removable_context_path, + selinux_default_context_path, selinux_user_contexts_path, + selinux_file_context_path, selinux_media_context_path, +-selinux_contexts_path, selinux_booleans_path \- These functions return the paths to the active policy configuration ++selinux_contexts_path, selinux_booleans_path \- These functions return the paths to the active SELinux policy configuration + directories and files. + + .SH "SYNOPSIS" +@@ -65,3 +65,6 @@ + .SH AUTHOR + This manual page was written by Dan Walsh . + ++.SH "SEE ALSO" ++.BR selinux "(8)" + -+ if (getseuserbyname(user, &seuser, &level)==0) { -+ if (role != NULL && role[0]) -+ ret=get_default_context_with_rolelevel(seuser, role, level,cur_context,&usercon); -+ else -+ ret=get_default_context_with_level(seuser, level, cur_context,&usercon); -+ } -+ if (ret < 0) -+ perror(argv[0]); -+ else -+ printf("%s: %s from %s %s %s %s -> %s\n", argv[0], user, cur_context, seuser, role, level, usercon); +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_check_securetty_context.3 libselinux-1.33.4/man/man3/selinux_check_securetty_context.3 +--- nsalibselinux/man/man3/selinux_check_securetty_context.3 2007-01-11 14:01:22.000000000 -0500 ++++ libselinux-1.33.4/man/man3/selinux_check_securetty_context.3 2007-01-12 10:48:56.000000000 -0500 +@@ -1,6 +1,6 @@ + .TH "selinux_check_securetty_context" "3" "1 January 2007" "dwalsh@redhat.com" "SE Linux API documentation" + .SH "NAME" +-selinux_check_securetty_context \- check whether a tty security context is defined as a securetty context ++selinux_check_securetty_context \- check whether a SELinux tty security context is defined as a securetty context + .SH "SYNOPSIS" + .B #include + .sp +@@ -10,3 +10,7 @@ + .B selinux_check_securetty_context + returns 0 if tty_context is a securetty context + returns < 0 otherwise. + ++.SH "SEE ALSO" ++.BR selinux "(8)" + -+ free(usercon); +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_getenforcemode.3 libselinux-1.33.4/man/man3/selinux_getenforcemode.3 +--- nsalibselinux/man/man3/selinux_getenforcemode.3 2006-11-16 17:15:30.000000000 -0500 ++++ libselinux-1.33.4/man/man3/selinux_getenforcemode.3 2007-01-12 10:48:36.000000000 -0500 +@@ -1,6 +1,6 @@ + .TH "selinux_getenforcemode" "3" "25 May 2004" "dwalsh@redhat.com" "SE Linux API documentation" + .SH "NAME" +-selinux_getenforcemode \- get the enforcing state of SE Linux ++selinux_getenforcemode \- get the enforcing state of SELinux + .SH "SYNOPSIS" + .B #include + .sp +@@ -19,4 +19,7 @@ + On success, zero is returned. + On failure, -1 is returned. + ++.SH "SEE ALSO" ++.BR selinux "(8)" + -+ return 0; -+} -diff --exclude-from=exclude -N -u -r nsalibselinux/utils/matchpathcon.c libselinux-1.33.3/utils/matchpathcon.c ---- nsalibselinux/utils/matchpathcon.c 2007-01-04 17:01:41.000000000 -0500 -+++ libselinux-1.33.3/utils/matchpathcon.c 2007-01-09 09:49:51.000000000 -0500 -@@ -95,7 +95,7 @@ - } - } - for (i = optind; i < argc; i++) { -- int mode=0; -+ int mode = 0; - struct stat buf; - if (lstat(argv[i], &buf) == 0) - mode = buf.st_mode; -@@ -114,13 +114,15 @@ - if (rc >= 0) { - printf("%s has context %s, should be ", - argv[i], con); -- error += printmatchpathcon(argv[i], 0, mode); -+ error += -+ printmatchpathcon(argv[i], 0, mode); - freecon(con); - } else { - printf - ("actual context unknown: %s, should be ", - strerror(errno)); -- error += printmatchpathcon(argv[i], 0,mode); -+ error += -+ printmatchpathcon(argv[i], 0, mode); - } - } - } else { -diff --exclude-from=exclude -N -u -r nsalibselinux/utils/selinux_check_securetty_context.c libselinux-1.33.3/utils/selinux_check_securetty_context.c ---- nsalibselinux/utils/selinux_check_securetty_context.c 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-1.33.3/utils/selinux_check_securetty_context.c 2007-01-09 09:49:51.000000000 -0500 -@@ -0,0 +1,38 @@ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include + +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_policy_root.3 libselinux-1.33.4/man/man3/selinux_policy_root.3 +--- nsalibselinux/man/man3/selinux_policy_root.3 2006-11-16 17:15:30.000000000 -0500 ++++ libselinux-1.33.4/man/man3/selinux_policy_root.3 2007-01-12 10:11:54.000000000 -0500 +@@ -14,4 +14,7 @@ + On success, returns a directory path containing the SELinux policy files. + On failure, NULL is returned. + ++.SH "SEE ALSO" ++.BR selinux "(8)" + -+void usage(const char *progname) -+{ -+ fprintf(stderr, "usage: %s tty_context...\n", progname); -+ exit(1); -+} + +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/setfilecon.3 libselinux-1.33.4/man/man3/setfilecon.3 +--- nsalibselinux/man/man3/setfilecon.3 2006-11-16 17:15:30.000000000 -0500 ++++ libselinux-1.33.4/man/man3/setfilecon.3 2007-01-12 10:48:24.000000000 -0500 +@@ -1,6 +1,6 @@ + .TH "setfilecon" "3" "1 January 2004" "russell@coker.com.au" "SE Linux API documentation" + .SH "NAME" +-setfilecon, fsetfilecon, lsetfilecon \- set SE Linux security context of a file ++setfilecon, fsetfilecon, lsetfilecon \- set SELinux security context of a file + + .SH "SYNOPSIS" + .B #include +@@ -38,4 +38,4 @@ + here. + + .SH "SEE ALSO" +-.BR freecon "(3), " getfilecon "(3), " setfscreatecon "(3)" ++.BR selinux "(3), " freecon "(3), " getfilecon "(3), " setfscreatecon "(3)" +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/avcstat.8 libselinux-1.33.4/man/man8/avcstat.8 +--- nsalibselinux/man/man8/avcstat.8 2006-11-16 17:15:26.000000000 -0500 ++++ libselinux-1.33.4/man/man8/avcstat.8 2007-01-12 10:09:24.000000000 -0500 +@@ -22,6 +22,9 @@ + .B \-f + Specifies the location of the AVC statistics file, defaulting to '/selinux/avc/cache_stats'. + ++.SH "SEE ALSO" ++selinux(8) + -+int main(int argc, char **argv) -+{ -+ int i; -+ if (argc < 2) -+ usage(argv[0]); + .SH AUTHOR + This manual page was written by Dan Walsh . + The program was written by James Morris . +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/getenforce.8 libselinux-1.33.4/man/man8/getenforce.8 +--- nsalibselinux/man/man8/getenforce.8 2006-11-16 17:15:26.000000000 -0500 ++++ libselinux-1.33.4/man/man8/getenforce.8 2007-01-12 10:07:11.000000000 -0500 +@@ -12,4 +12,4 @@ + Dan Walsh, + + .SH "SEE ALSO" +-setenforce(8), selinuxenabled(8) ++selinux(8), setenforce(8), selinuxenabled(8) +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/getsebool.8 libselinux-1.33.4/man/man8/getsebool.8 +--- nsalibselinux/man/man8/getsebool.8 2006-11-16 17:15:26.000000000 -0500 ++++ libselinux-1.33.4/man/man8/getsebool.8 2007-01-12 10:11:15.000000000 -0500 +@@ -26,9 +26,10 @@ + .B \-a + Show all SELinux booleans. + ++.SH "SEE ALSO" ++selinux(8), setsebool(8), booleans(8) + -+ for (i = 1; i < argc; i++) { -+ switch (selinux_check_securetty_context(argv[i])) { -+ case 1: -+ printf("%s securetty.\n", argv[i]); -+ break; -+ case 0: -+ printf("%s not securetty.\n", argv[i]); -+ break; -+ case -1: -+ perror("Failed on check if securetty"); -+ return -1; -+ } -+ } -+ return 0; -+} + .SH AUTHOR + This manual page was written by Dan Walsh . + The program was written by Tresys Technology. + +-.SH "SEE ALSO" +-setsebool(8), booleans(8) +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/matchpathcon.8 libselinux-1.33.4/man/man8/matchpathcon.8 +--- nsalibselinux/man/man8/matchpathcon.8 2006-11-16 17:15:26.000000000 -0500 ++++ libselinux-1.33.4/man/man8/matchpathcon.8 2007-01-12 10:47:15.000000000 -0500 +@@ -1,6 +1,6 @@ + .TH "matchpathcon" "8" "21 April 2005" "dwalsh@redhat.com" "SE Linux Command Line documentation" + .SH "NAME" +-matchpathcon \- get the default security context for the specified path from the file contexts configuration. ++matchpathcon \- get the default SELinux security context for the specified path from the file contexts configuration. + + .SH "SYNOPSIS" + .B matchpathcon [-V] [-N] [-n] [-f file_contexts_file ] [-p prefix ] filepath... +@@ -27,4 +27,5 @@ + This manual page was written by Dan Walsh . + + .SH "SEE ALSO" ++.BR selinux "(8), " + .BR mathpathcon "(3), " +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxenabled.8 libselinux-1.33.4/man/man8/selinuxenabled.8 +--- nsalibselinux/man/man8/selinuxenabled.8 2006-11-16 17:15:26.000000000 -0500 ++++ libselinux-1.33.4/man/man8/selinuxenabled.8 2007-01-12 10:07:35.000000000 -0500 +@@ -13,4 +13,4 @@ + Dan Walsh, + + .SH "SEE ALSO" +-setenforce(8), getenforce(8) ++selinux(8), setenforce(8), getenforce(8) +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/setenforce.8 libselinux-1.33.4/man/man8/setenforce.8 +--- nsalibselinux/man/man8/setenforce.8 2006-11-16 17:15:26.000000000 -0500 ++++ libselinux-1.33.4/man/man8/setenforce.8 2007-01-12 10:06:30.000000000 -0500 +@@ -17,7 +17,7 @@ + Dan Walsh, + + .SH "SEE ALSO" +-getenforce(8), selinuxenabled(8) ++selinux(8), getenforce(8), selinuxenabled(8) + + .SH FILES + /etc/grub.conf, /etc/selinux/config +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/togglesebool.8 libselinux-1.33.4/man/man8/togglesebool.8 +--- nsalibselinux/man/man8/togglesebool.8 2006-11-16 17:15:26.000000000 -0500 ++++ libselinux-1.33.4/man/man8/togglesebool.8 2007-01-12 10:46:55.000000000 -0500 +@@ -1,6 +1,6 @@ + .TH "togglesebool" "1" "26 Oct 2004" "sgrubb@redhat.com" "SELinux Command Line documentation" + .SH "NAME" +-togglesebool \- flip the current value of a boolean ++togglesebool \- flip the current value of a SELinux boolean + .SH "SYNOPSIS" + .B togglesebool boolean... + +@@ -14,4 +14,4 @@ + This man page was written by Steve Grubb + + .SH "SEE ALSO" +-booleans(8), getsebool(8), setsebool(8) ++selinux(8), booleans(8), getsebool(8), setsebool(8) diff --git a/libselinux.spec b/libselinux.spec index 46f2abd..5ba0390 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -2,10 +2,11 @@ Summary: SELinux library and simple utilities Name: libselinux Version: 1.33.4 -Release: 1%{?dist} +Release: 2%{?dist} License: Public domain (uncopyrighted) Group: System Environment/Libraries Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz +Patch: libselinux-rhat.patch BuildRequires: libsepol-devel >= %{libsepolver} swig Requires: libsepol >= %{libsepolver} setransd @@ -48,6 +49,7 @@ needed for developing SELinux applications. %prep %setup -q +%patch -p1 -b .rhat %build make clean @@ -118,7 +120,11 @@ exit 0 %{_libdir}/python*/site-packages/selinux.py* %changelog -* Fri Jan 5 2007 Dan Walsh - 1.33.3-3 +* Fri Jan 12 2007 Dan Walsh - 1.33.4-2 +- Add reference to selinux man page in all man pages to make apropos work +Resolves: # 217881 + +* Thu Jan 11 2007 Dan Walsh - 1.33.4-1 - Upstream wanted some minor changes, upgrading to keep api the same - Upgrade to upstream * Merged selinux_check_securetty_context() and support from Dan Walsh.