From 67d0acbf49799004bc2f5f8293f16d86c8368f4a Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 29 Jun 2005 20:04:50 +0000 Subject: [PATCH] - Update from NSA Merged security_setupns() from Chad Sellers. - fix selinuxenabled man page --- .cvsignore | 1 + libselinux-rhat.patch | 74 ++++++------------------------------------- libselinux.spec | 9 +++++- sources | 2 +- 4 files changed, 20 insertions(+), 66 deletions(-) diff --git a/.cvsignore b/.cvsignore index dcd5c5a..83169dd 100644 --- a/.cvsignore +++ b/.cvsignore @@ -37,3 +37,4 @@ libselinux-1.23.7.tgz libselinux-1.23.8.tgz libselinux-1.23.10.tgz libselinux-1.23.11.tgz +libselinux-1.24.1.tgz diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch index f885810..aca6b3c 100644 --- a/libselinux-rhat.patch +++ b/libselinux-rhat.patch @@ -1,66 +1,12 @@ ---- libselinux-1.23.10/man/man8/selinux.8.rhat 2005-04-29 14:07:14.000000000 -0400 -+++ libselinux-1.23.10/man/man8/selinux.8 2005-05-11 10:56:10.000000000 -0400 -@@ -1,4 +1,4 @@ --.TH "selinux" "8" "11 Aug 2004" "dwalsh@redhat.com" "SELinux Command Line documentation" -+.TH "selinux" "8" "29 Apr 2005" "dwalsh@redhat.com" "SELinux Command Line documentation" +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxenabled.8 libselinux-1.23.11/man/man8/selinuxenabled.8 +--- nsalibselinux/man/man8/selinuxenabled.8 2004-11-02 14:26:19.000000000 -0500 ++++ libselinux-1.23.11/man/man8/selinuxenabled.8 2005-06-29 15:57:28.000000000 -0400 +@@ -7,7 +7,7 @@ + .SH "DESCRIPTION" + .B selinuxenabled + Indicates whether SELinux is enabled or disabled. It exits with status 0 +-if SELinux is enabled and -256 if it is not enabled. ++if SELinux is enabled and 1 if it is not enabled. - .SH "NAME" - selinux \- NSA Security-Enhanced Linux (SELinux) -@@ -62,11 +62,22 @@ - .B system-config-securitylevel - allows customization of these booleans and tunables. - -+.br -+Many domains that are protected by SELinux also include selinux man pages explainging how to customize their policy. -+ -+.SH FILE LABELING -+ -+All files, directories, devices ... have a security context/label associated with them. These context are stored in the extended attributes of the file system. -+Problems with SELinux often arise from the file system being mislabeled. This can be caused by booting the machine with a non selinux kernel. If you see an error message containing file_t, that is usually a good indicator that you have a serious problem with file system labeling. -+.br -+The best way to relabel the file system is to create the flag file /.autorelabel and reboot. system-config-securitylevel, also has this capability. The restorcon/fixfiles commands are also available for relabeling files. -+ .SH AUTHOR - This manual page was written by Dan Walsh . - - .SH "SEE ALSO" --booleans(8), setsebool(8), selinuxenabled(8), togglesebool(8) -+booleans(8), setsebool(8), selinuxenabled(8), togglesebool(8), restorecon(8), setfiles(8), ftpd_selinux(8), named_selinux(8), rsync_selinux(8), httpd_selinux(8), nfs_selinux(8), samba_selinux(8), kerberos_selinux(8), nis_selinux(8), ypbind_selinux(8) -+ - - .SH FILES - /etc/selinux/config ---- libselinux-1.23.10/utils/avcstat.c.rhat 2005-04-29 14:07:14.000000000 -0400 -+++ libselinux-1.23.10/utils/avcstat.c 2005-05-11 10:57:30.000000000 -0400 -@@ -90,12 +90,15 @@ - - int main(int argc, char **argv) - { -+ struct avc_cache_stats tot, rel, last; - int fd, i, cumulative = 0; - struct sigaction sa; - char avcstatfile[PATH_MAX]; - snprintf(avcstatfile, sizeof avcstatfile, "%s%s", selinux_mnt, DEF_STAT_FILE); - progname = basename(argv[0]); - -+ memset(&last, 0, sizeof(last)); -+ - while((i = getopt(argc, argv, "cf:h?-")) != -1) { - switch (i) { - case 'c': -@@ -144,7 +147,6 @@ - for (i = 0;; i++) { - char *line; - ssize_t ret, parsed = 0; -- struct avc_cache_stats tot, rel, last; - - memset(buf, 0, DEF_BUF_SIZE); - ret = read(fd, buf, DEF_BUF_SIZE); -@@ -166,7 +168,6 @@ - "hits", "misses", "allocs", "reclaims", "frees"); - - memset(&tot, 0, sizeof(tot)); -- memset(&last, 0, sizeof(last)); - - while ((line = strtok(NULL, "\n"))) { - struct avc_cache_stats tmp; + Dan Walsh, diff --git a/libselinux.spec b/libselinux.spec index a28db8f..2dd88a8 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -1,10 +1,11 @@ Summary: SELinux library and simple utilities Name: libselinux -Version: 1.23.11 +Version: 1.24.1 Release: 1 License: Public domain (uncopyrighted) Group: System Environment/Libraries Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz +Patch: libselinux-rhat.patch BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot @@ -34,6 +35,7 @@ needed for developing SELinux applications. %prep %setup -q +%patch -p1 -b .rhat %build make CFLAGS="-g %{optflags}" @@ -83,6 +85,11 @@ rm -rf ${RPM_BUILD_ROOT} %{_mandir}/man8/* %changelog +* Wed Jun 29 2005 Dan Walsh 1.24.1-1 +- Update from NSA + * Merged security_setupns() from Chad Sellers. +- fix selinuxenabled man page + * Fri May 20 2005 Dan Walsh 1.23.11-1 - Update from NSA * Merged avcstat and selinux man page from Dan Walsh. diff --git a/sources b/sources index 0ee186b..7eacaaa 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -7183899028e4c8279742ea68b3f7f237 libselinux-1.23.11.tgz +c3a827ad8f38eaefb82478cf80a641d7 libselinux-1.24.1.tgz