Fix selinux man page to reflect what current selinux policy is.

This commit is contained in:
Dan Walsh 2013-02-21 18:28:18 +01:00
parent 0781a5c3ae
commit e27f80642e
2 changed files with 79 additions and 1 deletions

View File

@ -18,6 +18,22 @@ index a4079aa..80ba628 100644
extern const char *selinux_binary_policy_path(void);
extern const char *selinux_failsafe_context_path(void);
extern const char *selinux_removable_context_path(void);
diff --git a/libselinux/man/man3/security_compute_av.3 b/libselinux/man/man3/security_compute_av.3
index c6837fc..de62d26 100644
--- a/libselinux/man/man3/security_compute_av.3
+++ b/libselinux/man/man3/security_compute_av.3
@@ -37,9 +37,9 @@ the SELinux policy database in the kernel
.sp
.BI "int security_compute_user_raw(security_context_t "scon ", const char *" username ", security_context_t **" con );
.sp
-.BI "int security_get_initial_context(const char *" name ", security_context_t " con );
+.BI "int security_get_initial_context(const char *" name ", security_context_t *" con );
.sp
-.BI "int security_get_initial_context_raw(const char *" name ", security_context_t " con );
+.BI "int security_get_initial_context_raw(const char *" name ", security_context_t *" con );
.sp
.BI "int selinux_check_access(const security_context_t " scon ", const security_context_t " tcon ", const char *" class ", const char *" perm ", void *" auditdata);
.sp
diff --git a/libselinux/man/man3/selinux_binary_policy_path.3 b/libselinux/man/man3/selinux_binary_policy_path.3
index ec97dcf..503c52c 100644
--- a/libselinux/man/man3/selinux_binary_policy_path.3
@ -56,6 +72,65 @@ index 0000000..175a611
+++ b/libselinux/man/man3/selinux_current_policy_path.3
@@ -0,0 +1 @@
+.so man3/selinux_binary_policy_path.3
diff --git a/libselinux/man/man8/selinux.8 b/libselinux/man/man8/selinux.8
index a328866..50868e4 100644
--- a/libselinux/man/man8/selinux.8
+++ b/libselinux/man/man8/selinux.8
@@ -37,20 +37,22 @@ The
configuration file also controls what policy
is active on the system. SELinux allows for multiple policies to be
installed on the system, but only one policy may be active at any
-given time. At present, two kinds of SELinux policy exist: targeted
-and strict. The targeted policy is designed as a policy where most
-processes operate without restrictions, and only specific services are
+given time. At present, multiple kinds of SELinux policy exist: targeted,
+mls for example. The targeted policy is designed as a policy where most
+user processes operate without restrictions, and only specific services are
placed into distinct security domains that are confined by the policy.
For example, the user would run in a completely unconfined domain
while the named daemon or apache daemon would run in a specific domain
-tailored to its operation. The strict policy is designed as a policy
-where all processes are partitioned into fine-grained security domains
-and confined by policy. It is anticipated in the future that other
-policies will be created (Multi-Level Security for example). You can
+tailored to its operation. The MLS (Multi-Level Security) policy is designed
+as a policy where all processes are partitioned into fine-grained security
+domains and confined by policy. MLS also supports the Bell And LaPadula model, where processes are not only confined by the type but also the level of the data.
+
+You can
define which policy you will run by setting the
.B SELINUXTYPE
environment variable within
.IR /etc/selinux/config .
+You must reboot and possibly relabel if you change the policy type to have it take effect on the system.
The corresponding
policy configuration for each such policy must be installed in the
.I /etc/selinux/{SELINUXTYPE}/
@@ -58,7 +60,7 @@ directories.
A given SELinux policy can be customized further based on a set of
compile-time tunable options and a set of runtime policy booleans.
-.B \%system\-config\-securitylevel
+.B \%system\-config\-selinux
allows customization of these booleans and tunables.
Many domains that are protected by SELinux also include SELinux man pages explaining how to customize their policy.
@@ -86,11 +88,13 @@ This manual page was written by Dan Walsh <dwalsh@redhat.com>.
.nh
.BR booleans (8),
.BR setsebool (8),
-.BR selinuxenabled (8),
+.BR sepolicy (8),
+.BR system-config-selinux (8),
.BR togglesebool (8),
.BR restorecon (8),
+.BR fixfiles (8),
.BR setfiles (8),
-.BR semange (8),
+.BR semanage (8),
.BR sepolicy(8)
Every confined service on the system has a man page in the following format:
diff --git a/libselinux/src/audit2why.c b/libselinux/src/audit2why.c
index ffe381b..560bc25 100644
--- a/libselinux/src/audit2why.c

View File

@ -10,7 +10,7 @@
Summary: SELinux library and simple utilities
Name: libselinux
Version: 2.1.13
Release: 4%{?dist}
Release: 5%{?dist}
License: Public Domain
Group: System Environment/Libraries
Source: %{name}-%{version}.tgz
@ -241,6 +241,9 @@ rm -rf %{buildroot}
%{ruby_sitearch}/selinux.so
%changelog
* Thu Feb 21 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-5
- Fix selinux man page to reflect what current selinux policy is.
* Fri Feb 15 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-4
- Add new constant SETRANS_DIR which points to the directory where mstransd can find the socket and libvirt can write its translations files.