From d3be4d7a20f76aa5d9a260cf0e7780cbd354852d Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Apr 29 2005 19:01:28 +0000 Subject: - Update from NSA Merged set_selinuxmnt patch from Bill Nottingham (Red Hat). Rewrote get_ordered_context_list and helpers, including changing logic to allow variable MLS fields. --- diff --git a/.cvsignore b/.cvsignore index 629f380..b18220a 100644 --- a/.cvsignore +++ b/.cvsignore @@ -35,3 +35,4 @@ libselinux-1.23.5.tgz libselinux-1.23.6.tgz libselinux-1.23.7.tgz libselinux-1.23.8.tgz +libselinux-1.23.10.tgz diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch index 36f2589..e6e4a8b 100644 --- a/libselinux-rhat.patch +++ b/libselinux-rhat.patch @@ -1,95 +1,33 @@ ---- /dev/null 2005-04-20 05:34:52.522685192 -0400 -+++ libselinux-1.23.7/man/man3/selinux_policy_root.3 2005-04-21 09:54:24.000000000 -0400 -@@ -0,0 +1,17 @@ -+.TH "selinux_policy_root" "3" "25 May 2004" "dwalsh@redhat.com" "SE Linux API documentation" -+.SH "NAME" -+selinux_policy_root \- return the path of the SELinux policy files for this machine. -+.SH "SYNOPSIS" -+.B #include -+.sp -+.B char *selinux_policy_root(); -+.br -+ -+.SH "DESCRIPTION" -+.B selinux_policy_root -+Reads the contents of the /etc/selinux/config file to determine which policy files should be used for this machine. -+.SH "RETURN VALUE" -+On success, returns a directory path containing the SELinux policy files. -+On failure, NULL is returned. -+ -+ ---- libselinux-1.23.7/man/man8/matchpathcon.8.rhat 2005-04-21 10:05:45.000000000 -0400 -+++ libselinux-1.23.7/man/man8/matchpathcon.8 2005-04-21 10:12:24.000000000 -0400 -@@ -0,0 +1,20 @@ -+.TH "matchpathcon" "8" "21 April 2005" "dwalsh@redhat.com" "SE Linux Command Line documentation" -+.SH "NAME" -+matchpathcon \- get the default security context for the specified path from the file contexts configuration. -+ -+.SH "SYNOPSIS" -+.B matchpathcon [-n] filepath... -+ -+.SH "DESCRIPTION" -+.B matchpathcon -+Prints the file path and the default security context associated with it. +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinux.8 libselinux-1.23.10/man/man8/selinux.8 +--- nsalibselinux/man/man8/selinux.8 2004-11-02 14:26:19.000000000 -0500 ++++ libselinux-1.23.10/man/man8/selinux.8 2005-04-29 14:58:05.000000000 -0400 +@@ -1,4 +1,4 @@ +-.TH "selinux" "8" "11 Aug 2004" "dwalsh@redhat.com" "SELinux Command Line documentation" ++.TH "selinux" "8" "29 Apr 2005" "dwalsh@redhat.com" "SELinux Command Line documentation" + + .SH "NAME" + selinux \- NSA Security-Enhanced Linux (SELinux) +@@ -62,11 +62,22 @@ + .B system-config-securitylevel + allows customization of these booleans and tunables. + +.br -+If the -n option is given, do not display path. ++Many domains that are protected by SELinux also include selinux man pages explainging how to customize their policy. + -+.SH AUTHOR -+This manual page was written by Dan Walsh . -+.br -+The program was written by NSA ++.SH FILE LABELING + -+.SH "SEE ALSO" -+.BR mathpathcon "(3), " ---- libselinux-1.23.7/utils/matchpathcon.c.rhat 2005-04-13 11:34:19.000000000 -0400 -+++ libselinux-1.23.7/utils/matchpathcon.c 2005-04-21 10:02:04.000000000 -0400 -@@ -1,25 +1,43 @@ - #include - #include - #include -+#include - #include ++All files, directories, devices ... have a security context/label associated with them. These context are stored in the extended attributes of the file system. ++Problems with SELinux often arise from the file system being mislabeled. This can be caused by booting the machine with a non selinux kernel. If you see an error message containing file_t, that is usually a good indicator that you have a serious problem with file system labeling. ++.br ++The best way to relabel the file system is to create the flag file /.autorelabel and reboot. system-config-securitylevel, also has this capability. The restorcon/fixfiles commands are also available for relabeling files. ++ + .SH AUTHOR + This manual page was written by Dan Walsh . -+void usage(const char *progname) -+{ -+ fprintf(stderr, "usage: %s [-n] path...\n", progname); -+ exit(1); -+} + .SH "SEE ALSO" +-booleans(8), setsebool(8), selinuxenabled(8), togglesebool(8) ++booleans(8), setsebool(8), selinuxenabled(8), togglesebool(8), restorecon(8), setfiles(8), ftpd_selinux(8), named_selinux(8), rsync_selinux(8), httpd_selinux(8), nfs_selinux(8), samba_selinux(8), kerberos_selinux(8), nis_selinux(8), ypbind_selinux(8) + - int main(int argc, char **argv) - { - char *buf; - int rc, i; -+ int header=1, opt; -- if (argc < 2) { -- fprintf(stderr, "usage: %s path...\n", argv[0]); -- return 1; -- } -+ if (argc < 2) usage(argv[0]); - -- for (i = 1; i < argc; i++) { -+ while ((opt = getopt(argc, argv, "n")) > 0) { -+ switch (opt) { -+ case 'n': -+ header=0; -+ break; -+ default: -+ usage(argv[0]); -+ } -+ } -+ for (i = optind; i < argc; i++) { - rc = matchpathcon(argv[i], 0, &buf); - if (rc < 0) { - fprintf(stderr, "%s: matchpathcon(%s) failed\n", argv[0], argv[i]); - return 2; - } -- printf("%s\t%s\n", argv[i], buf); -+ if (header) -+ printf("%s\t%s\n", argv[i], buf); -+ else -+ printf("%s\n", buf); -+ - freecon(buf); - } - return 0; + .SH FILES + /etc/selinux/config diff --git a/libselinux.spec b/libselinux.spec index 404b9a5..6008425 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -5,6 +5,7 @@ Release: 1 License: Public domain (uncopyrighted) Group: System Environment/Libraries Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz +Patch: libselinux-rhat.patch BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot @@ -34,6 +35,7 @@ needed for developing SELinux applications. %prep %setup -q +%patch -p1 -b .rhat %build make CFLAGS="-g %{optflags}" diff --git a/sources b/sources index 3329e3e..762f6fb 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -df37eb28e2ff559f399ce77ccbf64aa1 libselinux-1.23.8.tgz +42f1e94a07c52e0c2bf685bacba42e39 libselinux-1.23.10.tgz