Fix selinux man page to reflect what current selinux policy is.
This commit is contained in:
Dan Walsh
parent
0781a5c3ae
commit
e27f80642e
|
|
@ -18,6 +18,22 @@ index a4079aa..80ba628 100644
|
|||
extern const char *selinux_binary_policy_path(void);
|
||||
extern const char *selinux_failsafe_context_path(void);
|
||||
extern const char *selinux_removable_context_path(void);
|
||||
diff --git a/libselinux/man/man3/security_compute_av.3 b/libselinux/man/man3/security_compute_av.3
|
||||
index c6837fc..de62d26 100644
|
||||
--- a/libselinux/man/man3/security_compute_av.3
|
||||
+++ b/libselinux/man/man3/security_compute_av.3
|
||||
@@ -37,9 +37,9 @@ the SELinux policy database in the kernel
|
||||
.sp
|
||||
.BI "int security_compute_user_raw(security_context_t "scon ", const char *" username ", security_context_t **" con );
|
||||
.sp
|
||||
-.BI "int security_get_initial_context(const char *" name ", security_context_t " con );
|
||||
+.BI "int security_get_initial_context(const char *" name ", security_context_t *" con );
|
||||
.sp
|
||||
-.BI "int security_get_initial_context_raw(const char *" name ", security_context_t " con );
|
||||
+.BI "int security_get_initial_context_raw(const char *" name ", security_context_t *" con );
|
||||
.sp
|
||||
.BI "int selinux_check_access(const security_context_t " scon ", const security_context_t " tcon ", const char *" class ", const char *" perm ", void *" auditdata);
|
||||
.sp
|
||||
diff --git a/libselinux/man/man3/selinux_binary_policy_path.3 b/libselinux/man/man3/selinux_binary_policy_path.3
|
||||
index ec97dcf..503c52c 100644
|
||||
--- a/libselinux/man/man3/selinux_binary_policy_path.3
|
||||
|
|
@ -56,6 +72,65 @@ index 0000000..175a611
|
|||
+++ b/libselinux/man/man3/selinux_current_policy_path.3
|
||||
@@ -0,0 +1 @@
|
||||
+.so man3/selinux_binary_policy_path.3
|
||||
diff --git a/libselinux/man/man8/selinux.8 b/libselinux/man/man8/selinux.8
|
||||
index a328866..50868e4 100644
|
||||
--- a/libselinux/man/man8/selinux.8
|
||||
+++ b/libselinux/man/man8/selinux.8
|
||||
@@ -37,20 +37,22 @@ The
|
||||
configuration file also controls what policy
|
||||
is active on the system. SELinux allows for multiple policies to be
|
||||
installed on the system, but only one policy may be active at any
|
||||
-given time. At present, two kinds of SELinux policy exist: targeted
|
||||
-and strict. The targeted policy is designed as a policy where most
|
||||
-processes operate without restrictions, and only specific services are
|
||||
+given time. At present, multiple kinds of SELinux policy exist: targeted,
|
||||
+mls for example. The targeted policy is designed as a policy where most
|
||||
+user processes operate without restrictions, and only specific services are
|
||||
placed into distinct security domains that are confined by the policy.
|
||||
For example, the user would run in a completely unconfined domain
|
||||
while the named daemon or apache daemon would run in a specific domain
|
||||
-tailored to its operation. The strict policy is designed as a policy
|
||||
-where all processes are partitioned into fine-grained security domains
|
||||
-and confined by policy. It is anticipated in the future that other
|
||||
-policies will be created (Multi-Level Security for example). You can
|
||||
+tailored to its operation. The MLS (Multi-Level Security) policy is designed
|
||||
+as a policy where all processes are partitioned into fine-grained security
|
||||
+domains and confined by policy. MLS also supports the Bell And LaPadula model, where processes are not only confined by the type but also the level of the data.
|
||||
+
|
||||
+You can
|
||||
define which policy you will run by setting the
|
||||
.B SELINUXTYPE
|
||||
environment variable within
|
||||
.IR /etc/selinux/config .
|
||||
+You must reboot and possibly relabel if you change the policy type to have it take effect on the system.
|
||||
The corresponding
|
||||
policy configuration for each such policy must be installed in the
|
||||
.I /etc/selinux/{SELINUXTYPE}/
|
||||
@@ -58,7 +60,7 @@ directories.
|
||||
|
||||
A given SELinux policy can be customized further based on a set of
|
||||
compile-time tunable options and a set of runtime policy booleans.
|
||||
-.B \%system\-config\-securitylevel
|
||||
+.B \%system\-config\-selinux
|
||||
allows customization of these booleans and tunables.
|
||||
|
||||
Many domains that are protected by SELinux also include SELinux man pages explaining how to customize their policy.
|
||||
@@ -86,11 +88,13 @@ This manual page was written by Dan Walsh <dwalsh@redhat.com>.
|
||||
.nh
|
||||
.BR booleans (8),
|
||||
.BR setsebool (8),
|
||||
-.BR selinuxenabled (8),
|
||||
+.BR sepolicy (8),
|
||||
+.BR system-config-selinux (8),
|
||||
.BR togglesebool (8),
|
||||
.BR restorecon (8),
|
||||
+.BR fixfiles (8),
|
||||
.BR setfiles (8),
|
||||
-.BR semange (8),
|
||||
+.BR semanage (8),
|
||||
.BR sepolicy(8)
|
||||
|
||||
Every confined service on the system has a man page in the following format:
|
||||
diff --git a/libselinux/src/audit2why.c b/libselinux/src/audit2why.c
|
||||
index ffe381b..560bc25 100644
|
||||
--- a/libselinux/src/audit2why.c
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@
|
|||
Summary: SELinux library and simple utilities
|
||||
Name: libselinux
|
||||
Version: 2.1.13
|
||||
Release: 4%{?dist}
|
||||
Release: 5%{?dist}
|
||||
License: Public Domain
|
||||
Group: System Environment/Libraries
|
||||
Source: %{name}-%{version}.tgz
|
||||
|
|
@ -241,6 +241,9 @@ rm -rf %{buildroot}
|
|||
%{ruby_sitearch}/selinux.so
|
||||
|
||||
%changelog
|
||||
* Thu Feb 21 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-5
|
||||
- Fix selinux man page to reflect what current selinux policy is.
|
||||
|
||||
* Fri Feb 15 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-4
|
||||
- Add new constant SETRANS_DIR which points to the directory where mstransd can find the socket and libvirt can write its translations files.
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue