From e27f80642e47b4accd2f05fb5f107e0219978f89 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Feb 21 2013 17:28:18 +0000 Subject: Fix selinux man page to reflect what current selinux policy is. --- diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch index 92bf21b..d8434a4 100644 --- a/libselinux-rhat.patch +++ b/libselinux-rhat.patch @@ -18,6 +18,22 @@ index a4079aa..80ba628 100644 extern const char *selinux_binary_policy_path(void); extern const char *selinux_failsafe_context_path(void); extern const char *selinux_removable_context_path(void); +diff --git a/libselinux/man/man3/security_compute_av.3 b/libselinux/man/man3/security_compute_av.3 +index c6837fc..de62d26 100644 +--- a/libselinux/man/man3/security_compute_av.3 ++++ b/libselinux/man/man3/security_compute_av.3 +@@ -37,9 +37,9 @@ the SELinux policy database in the kernel + .sp + .BI "int security_compute_user_raw(security_context_t "scon ", const char *" username ", security_context_t **" con ); + .sp +-.BI "int security_get_initial_context(const char *" name ", security_context_t " con ); ++.BI "int security_get_initial_context(const char *" name ", security_context_t *" con ); + .sp +-.BI "int security_get_initial_context_raw(const char *" name ", security_context_t " con ); ++.BI "int security_get_initial_context_raw(const char *" name ", security_context_t *" con ); + .sp + .BI "int selinux_check_access(const security_context_t " scon ", const security_context_t " tcon ", const char *" class ", const char *" perm ", void *" auditdata); + .sp diff --git a/libselinux/man/man3/selinux_binary_policy_path.3 b/libselinux/man/man3/selinux_binary_policy_path.3 index ec97dcf..503c52c 100644 --- a/libselinux/man/man3/selinux_binary_policy_path.3 @@ -56,6 +72,65 @@ index 0000000..175a611 +++ b/libselinux/man/man3/selinux_current_policy_path.3 @@ -0,0 +1 @@ +.so man3/selinux_binary_policy_path.3 +diff --git a/libselinux/man/man8/selinux.8 b/libselinux/man/man8/selinux.8 +index a328866..50868e4 100644 +--- a/libselinux/man/man8/selinux.8 ++++ b/libselinux/man/man8/selinux.8 +@@ -37,20 +37,22 @@ The + configuration file also controls what policy + is active on the system. SELinux allows for multiple policies to be + installed on the system, but only one policy may be active at any +-given time. At present, two kinds of SELinux policy exist: targeted +-and strict. The targeted policy is designed as a policy where most +-processes operate without restrictions, and only specific services are ++given time. At present, multiple kinds of SELinux policy exist: targeted, ++mls for example. The targeted policy is designed as a policy where most ++user processes operate without restrictions, and only specific services are + placed into distinct security domains that are confined by the policy. + For example, the user would run in a completely unconfined domain + while the named daemon or apache daemon would run in a specific domain +-tailored to its operation. The strict policy is designed as a policy +-where all processes are partitioned into fine-grained security domains +-and confined by policy. It is anticipated in the future that other +-policies will be created (Multi-Level Security for example). You can ++tailored to its operation. The MLS (Multi-Level Security) policy is designed ++as a policy where all processes are partitioned into fine-grained security ++domains and confined by policy. MLS also supports the Bell And LaPadula model, where processes are not only confined by the type but also the level of the data. ++ ++You can + define which policy you will run by setting the + .B SELINUXTYPE + environment variable within + .IR /etc/selinux/config . ++You must reboot and possibly relabel if you change the policy type to have it take effect on the system. + The corresponding + policy configuration for each such policy must be installed in the + .I /etc/selinux/{SELINUXTYPE}/ +@@ -58,7 +60,7 @@ directories. + + A given SELinux policy can be customized further based on a set of + compile-time tunable options and a set of runtime policy booleans. +-.B \%system\-config\-securitylevel ++.B \%system\-config\-selinux + allows customization of these booleans and tunables. + + Many domains that are protected by SELinux also include SELinux man pages explaining how to customize their policy. +@@ -86,11 +88,13 @@ This manual page was written by Dan Walsh . + .nh + .BR booleans (8), + .BR setsebool (8), +-.BR selinuxenabled (8), ++.BR sepolicy (8), ++.BR system-config-selinux (8), + .BR togglesebool (8), + .BR restorecon (8), ++.BR fixfiles (8), + .BR setfiles (8), +-.BR semange (8), ++.BR semanage (8), + .BR sepolicy(8) + + Every confined service on the system has a man page in the following format: diff --git a/libselinux/src/audit2why.c b/libselinux/src/audit2why.c index ffe381b..560bc25 100644 --- a/libselinux/src/audit2why.c diff --git a/libselinux.spec b/libselinux.spec index 8adb7ab..b944435 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -10,7 +10,7 @@ Summary: SELinux library and simple utilities Name: libselinux Version: 2.1.13 -Release: 4%{?dist} +Release: 5%{?dist} License: Public Domain Group: System Environment/Libraries Source: %{name}-%{version}.tgz @@ -241,6 +241,9 @@ rm -rf %{buildroot} %{ruby_sitearch}/selinux.so %changelog +* Thu Feb 21 2013 Dan Walsh - 2.1.13-5 +- Fix selinux man page to reflect what current selinux policy is. + * Fri Feb 15 2013 Dan Walsh - 2.1.13-4 - Add new constant SETRANS_DIR which points to the directory where mstransd can find the socket and libvirt can write its translations files.