rpms
/
checkpolicy
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

- Allow modules with 4 sections or more

This commit is contained in:
Daniel J Walsh 2008-05-06 18:22:18 +00:00
parent ce4fbaf6a7
commit a17aa67c97
2 changed files with 29 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

83
checkpolicy-rhat.patch
View File

@ -1,60 +1,23 @@
diff --exclude-from=exclude -N -u -r nsacheckpolicy/checkmodule.8 checkpolicy-1.27.19/checkmodule.8
--- nsacheckpolicy/checkmodule.8 1969-12-31 19:00:00.000000000 -0500
+++ checkpolicy-1.27.19/checkmodule.8 2005-12-01 15:00:22.000000000 -0500
@@ -0,0 +1,45 @@
+.TH CHECKMODULE 8
+.SH NAME
+checkmodule \- SELinux policy module compiler
+.SH SYNOPSIS
+.B checkmodule
+.I "[-b] [-d] [-M] [-c policyvers] [-o output_file] [input_file]"
+ .br
+.SH "DESCRIPTION"
+This manual page describes the
+.BR checkmodule
+command.
+.PP
+.B checkmodule
+is a program that checks and compiles a SELinux security policy module
+into a binary representation. Use semodule_package to combine this module with
+its optional file context to create a policy package that can be loaded into the kernel.
+
+.SH OPTIONS
+.TP
+.B \-b
+Read an existing binary policy file rather than a source policy.conf file.
+.TP
+.B \-d
+Enter debug mode after loading the policy.
+.TP
+.B \-M
+Enable the MLS policy when checking and compiling the policy.
+.TP
+.B \-o filename
+Write a binary policy file to the specified filename.
+.TP
+.B \-c policyvers
+Specify the policy version, defaults to the latest.
+
+.SH "SEE ALSO"
+.B load_policy(8), semodule(8), semodule_package(8), semodule_expand(8), semodule_link(8)
+SELinux documentation at http://www.nsa.gov/selinux/docs.html,
+especially "Configuring the SELinux Policy".
+
+
+.SH AUTHOR
+This manual page was copied from the checkpolicy man page
+written by Arpad Magosanyi <mag@bunuel.tii.matav.hu>,
+and edited by Dan Walsh <dwalsh@redhat.com>.
+The program was written by Stephen Smalley <sds@epoch.ncsc.mil>.
diff --exclude-from=exclude -N -u -r nsacheckpolicy/Makefile checkpolicy-1.27.19/Makefile
--- nsacheckpolicy/Makefile 2005-09-12 16:30:34.000000000 -0400
+++ checkpolicy-1.27.19/Makefile 2005-12-01 15:00:34.000000000 -0500
@@ -45,6 +45,7 @@
-mkdir -p $(MANDIR)/man8
install -m 755 $(TARGETS) $(BINDIR)
install -m 644 checkpolicy.8 $(MANDIR)/man8
+ install -m 644 checkmodule.8 $(MANDIR)/man8
relabel: install
/sbin/restorecon $(BINDIR)/checkpolicy
--- checkpolicy/policy_parse.y 2008-05-05 14:45:13 UTC (rev 2877)
+++ checkpolicy/policy_parse.y 2008-05-05 15:12:17 UTC (rev 2878)
@@ -723,6 +723,7 @@
;
version_identifier : VERSION_IDENTIFIER
{ if (insert_id(yytext,0)) return -1; }
+ | ipv4_addr_def /* version can look like ipv4 address */
;
avrules_block : avrule_decls avrule_user_defs
;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
Selinux-commits mailing list
Selinux-commits@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/selinux-commits

7
checkpolicy.spec
View File

@ -2,10 +2,11 @@
Summary: SELinux policy compiler
Name: checkpolicy
Version: 2.0.14
Release: 1%{?dist}
Release: 2%{?dist}
License: GPL
Group: Development/System
Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
Patch: checkpolicy-rhat.patch
BuildRoot: %{_tmppath}/%{name}-buildroot
BuildRequires: byacc bison flex libsepol-static >= %{libsepolver} libselinux-devel
@ -26,6 +27,7 @@ Only required for building policies.
%prep
%setup -q
%patch -p1 -b .rhat
%build
make clean
@ -53,6 +55,9 @@ rm -rf ${RPM_BUILD_ROOT}
%{_bindir}/sedispol
%changelog
* Tue May 2 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.14-2
- Allow modules with 4 sections or more
* Thu Mar 27 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.14-1
- Latest update from NSA
* Add permissive domain support from Eric Paris.