Compare commits
59 Commits
Author | SHA1 | Date | |
---|---|---|---|
|
0da7b6ae1b | ||
|
4d592329d4 | ||
|
1a253cdbb5 | ||
|
bf76b0d7df | ||
|
1fd4fb2b1e | ||
|
bd1e6b9762 | ||
|
7d7ce0fa68 | ||
|
22da83cd59 | ||
|
694ff6c399 | ||
|
37305cf394 | ||
|
6478fce8b4 | ||
|
1134fab731 | ||
|
a511ade05c | ||
|
3fd943391b | ||
|
7c05cac00f | ||
|
a734577217 | ||
|
2ce345832d | ||
|
8b81574ce0 | ||
|
26f22e0381 | ||
|
0601a63599 | ||
|
7e04373055 | ||
|
0722ad3005 | ||
|
a70fc8bcef | ||
|
187c193445 | ||
|
dad65dd008 | ||
|
66ac09e0f6 | ||
|
0765f6c30c | ||
|
c4a27c8221 | ||
|
7d761d4e01 | ||
|
d654f5486c | ||
|
c986c18381 | ||
|
2d8019e8f6 | ||
|
600b68fa02 | ||
|
4888449885 | ||
|
7c6e6abc59 | ||
|
a5dce68d9f | ||
|
4d068c251b | ||
|
6e65bceee9 | ||
|
5c58719d6f | ||
|
efa2ace197 | ||
|
f66181c363 | ||
|
a59173415b | ||
|
92e33b0c5b | ||
|
a88be20832 | ||
|
ce157ae359 | ||
|
6446187368 | ||
|
050ddd614d | ||
|
07ded81ec8 | ||
|
75eac85f3a | ||
|
64eed255c7 | ||
|
79dad5d65c | ||
|
3c4870785a | ||
|
343458c40c | ||
|
df0a4cd7de | ||
|
ea85c5f227 | ||
|
e68be7e9d1 | ||
|
79746a5b9b | ||
|
d2a600fcab | ||
|
8e970a53fb |
14
.cvsignore → .gitignore
vendored
14
.cvsignore → .gitignore
vendored
@ -16,3 +16,17 @@ mcstrans-0.2.5.tgz
|
||||
mcstrans-0.2.6.tgz
|
||||
mcstrans-0.2.7.tgz
|
||||
mcstrans-0.2.8.tgz
|
||||
mcstrans-0.2.9.tgz
|
||||
mcstrans-0.2.10.tgz
|
||||
mcstrans-0.2.11.tgz
|
||||
mcstrans-0.3.0.6.tgz
|
||||
mcstrans-0.3.1.tgz
|
||||
/mcstrans-0.3.2.tgz
|
||||
/mcstrans-0.3.4.tgz
|
||||
/mcstrans-2.8.tar.gz
|
||||
/mcstrans-2.9-rc1.tar.gz
|
||||
/mcstrans-2.9-rc2.tar.gz
|
||||
/mcstrans-2.9.tar.gz
|
||||
/mcstrans-3.0-rc1.tar.gz
|
||||
/mcstrans-3.0.tar.gz
|
||||
/mcstrans-3.1.tar.gz
|
129
0001-mcstrans-Fir-RESOURCE_LEAK-and-USE_AFTER_FREE-coveri.patch
Normal file
129
0001-mcstrans-Fir-RESOURCE_LEAK-and-USE_AFTER_FREE-coveri.patch
Normal file
@ -0,0 +1,129 @@
|
||||
From a9eae01e435c2d6f13f3672a50f545bab03e9992 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Wed, 28 Nov 2018 18:28:05 +0100
|
||||
Subject: [PATCH] mcstrans: Fir RESOURCE_LEAK and USE_AFTER_FREE coverity scan
|
||||
defects
|
||||
|
||||
---
|
||||
mcstrans/src/mcstrans.c | 21 +++++++++++++++++++--
|
||||
mcstrans/src/mcstransd.c | 4 +++-
|
||||
2 files changed, 22 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/mcstrans/src/mcstrans.c b/mcstrans/src/mcstrans.c
|
||||
index 96bdbdff7d8b..0d9d0f3e25b7 100644
|
||||
--- a/mcstrans/src/mcstrans.c
|
||||
+++ b/mcstrans/src/mcstrans.c
|
||||
@@ -633,16 +633,23 @@ add_cache(domain_t *domain, char *raw, char *trans) {
|
||||
|
||||
map->raw = strdup(raw);
|
||||
if (!map->raw) {
|
||||
+ free(map);
|
||||
goto err;
|
||||
}
|
||||
map->trans = strdup(trans);
|
||||
if (!map->trans) {
|
||||
+ free(map->raw);
|
||||
+ free(map);
|
||||
goto err;
|
||||
}
|
||||
|
||||
log_debug(" add_cache (%s,%s)\n", raw, trans);
|
||||
- if (add_to_hashtable(domain->raw_to_trans, map->raw, map) < 0)
|
||||
+ if (add_to_hashtable(domain->raw_to_trans, map->raw, map) < 0) {
|
||||
+ free(map->trans);
|
||||
+ free(map->raw);
|
||||
+ free(map);
|
||||
goto err;
|
||||
+ }
|
||||
|
||||
if (add_to_hashtable(domain->trans_to_raw, map->trans, map) < 0)
|
||||
goto err;
|
||||
@@ -1519,6 +1526,7 @@ trans_context(const security_context_t incon, security_context_t *rcon) {
|
||||
trans = compute_trans_from_raw(range, domain);
|
||||
if (trans)
|
||||
if (add_cache(domain, range, trans) < 0) {
|
||||
+ free(trans);
|
||||
free(range);
|
||||
return -1;
|
||||
}
|
||||
@@ -1530,6 +1538,7 @@ trans_context(const security_context_t incon, security_context_t *rcon) {
|
||||
ltrans = compute_trans_from_raw(lrange, domain);
|
||||
if (ltrans) {
|
||||
if (add_cache(domain, lrange, ltrans) < 0) {
|
||||
+ free(ltrans);
|
||||
free(range);
|
||||
return -1;
|
||||
}
|
||||
@@ -1548,6 +1557,7 @@ trans_context(const security_context_t incon, security_context_t *rcon) {
|
||||
utrans = compute_trans_from_raw(urange, domain);
|
||||
if (utrans) {
|
||||
if (add_cache(domain, urange, utrans) < 0) {
|
||||
+ free(utrans);
|
||||
free(ltrans);
|
||||
free(range);
|
||||
return -1;
|
||||
@@ -1647,14 +1657,19 @@ untrans_context(const security_context_t incon, security_context_t *rcon) {
|
||||
canonical = compute_trans_from_raw(raw, domain);
|
||||
if (canonical && strcmp(canonical, range))
|
||||
if (add_cache(domain, raw, canonical) < 0) {
|
||||
+ free(canonical);
|
||||
free(range);
|
||||
+ free(raw);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
- if (canonical)
|
||||
+ if (canonical) {
|
||||
free(canonical);
|
||||
+ free(raw);
|
||||
+ }
|
||||
if (add_cache(domain, raw, range) < 0) {
|
||||
free(range);
|
||||
+ free(raw);
|
||||
return -1;
|
||||
}
|
||||
} else {
|
||||
@@ -1672,6 +1687,7 @@ untrans_context(const security_context_t incon, security_context_t *rcon) {
|
||||
canonical = compute_trans_from_raw(lraw, domain);
|
||||
if (canonical)
|
||||
if (add_cache(domain, lraw, canonical) < 0) {
|
||||
+ free(canonical);
|
||||
free(lraw);
|
||||
free(range);
|
||||
return -1;
|
||||
@@ -1703,6 +1719,7 @@ untrans_context(const security_context_t incon, security_context_t *rcon) {
|
||||
canonical = compute_trans_from_raw(uraw, domain);
|
||||
if (canonical)
|
||||
if (add_cache(domain, uraw, canonical) < 0) {
|
||||
+ free(canonical);
|
||||
free(uraw);
|
||||
free(lraw);
|
||||
free(range);
|
||||
diff --git a/mcstrans/src/mcstransd.c b/mcstrans/src/mcstransd.c
|
||||
index 858994932e4f..a1ec81acb3c8 100644
|
||||
--- a/mcstrans/src/mcstransd.c
|
||||
+++ b/mcstrans/src/mcstransd.c
|
||||
@@ -335,6 +335,7 @@ process_events(struct pollfd **ufds, int *nfds)
|
||||
/* Setup pollfd for deletion later. */
|
||||
(*ufds)[ii].fd = -1;
|
||||
close(connfd);
|
||||
+ connfd = -1;
|
||||
/* So we don't get bothered later */
|
||||
revents = revents & ~(POLLHUP);
|
||||
}
|
||||
@@ -348,10 +349,11 @@ process_events(struct pollfd **ufds, int *nfds)
|
||||
/* Set the pollfd up for deletion later. */
|
||||
(*ufds)[ii].fd = -1;
|
||||
close(connfd);
|
||||
+ connfd = -1;
|
||||
|
||||
revents = revents & ~(POLLHUP);
|
||||
}
|
||||
- if (revents) {
|
||||
+ if (revents && connfd != -1) {
|
||||
syslog(LOG_ERR, "Unknown/error events (%x) encountered"
|
||||
" for fd (%d)\n", revents, connfd);
|
||||
|
||||
--
|
||||
2.23.0
|
||||
|
28
0002-mcstrans-Fix-USER_AFTER_FREE-problem.patch
Normal file
28
0002-mcstrans-Fix-USER_AFTER_FREE-problem.patch
Normal file
@ -0,0 +1,28 @@
|
||||
From d09b54cfffaa3923c22bb3ff7818cb4a19325905 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Thu, 9 May 2019 16:44:43 +0200
|
||||
Subject: [PATCH] mcstrans: Fix USER_AFTER_FREE problem
|
||||
|
||||
---
|
||||
mcstrans/src/mcstrans.c | 4 +---
|
||||
1 file changed, 1 insertion(+), 3 deletions(-)
|
||||
|
||||
diff --git a/mcstrans/src/mcstrans.c b/mcstrans/src/mcstrans.c
|
||||
index 0d9d0f3e25b7..29cadb78b62c 100644
|
||||
--- a/mcstrans/src/mcstrans.c
|
||||
+++ b/mcstrans/src/mcstrans.c
|
||||
@@ -1663,10 +1663,8 @@ untrans_context(const security_context_t incon, security_context_t *rcon) {
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
- if (canonical) {
|
||||
+ if (canonical)
|
||||
free(canonical);
|
||||
- free(raw);
|
||||
- }
|
||||
if (add_cache(domain, raw, range) < 0) {
|
||||
free(range);
|
||||
free(raw);
|
||||
--
|
||||
2.23.0
|
||||
|
59
0003-mcstrans-Do-not-accept-incomplete-contexts.patch
Normal file
59
0003-mcstrans-Do-not-accept-incomplete-contexts.patch
Normal file
@ -0,0 +1,59 @@
|
||||
From 0173a950563b23080fd40433f55efcb1d6b77923 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Mon, 15 Apr 2019 15:22:51 +0200
|
||||
Subject: [PATCH] mcstrans: Do not accept incomplete contexts
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Fixes:
|
||||
$ python3
|
||||
> import selinux
|
||||
> selinux.selinux_raw_context_to_color("xyz_u:xyz_r:xyz_t:")
|
||||
|
||||
Traceback (most recent call last):
|
||||
File "<stdin>", line 2, in <module>
|
||||
OSError: [Errno 0] Error
|
||||
|
||||
:: [ 10:25:45 ] :: [ BEGIN ] :: Running 'service mcstransd status'
|
||||
Redirecting to /bin/systemctl status mcstransd.service
|
||||
● mcstrans.service - Translates SELinux MCS/MLS labels to human readable form
|
||||
Loaded: loaded (/usr/lib/systemd/system/mcstrans.service; disabled; vendor preset: disabled)
|
||||
Active: failed (Result: core-dump) since Fri 2019-04-12 10:25:44 EDT; 1s ago
|
||||
Process: 16681 ExecStart=/sbin/mcstransd -f (code=dumped, signal=SEGV)
|
||||
Main PID: 16681 (code=dumped, signal=SEGV)
|
||||
|
||||
systemd[1]: mcstrans.service: Main process exited, code=dumped, status=11/SEGV
|
||||
systemd[1]: mcstrans.service: Failed with result 'core-dump'.
|
||||
|
||||
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
|
||||
---
|
||||
mcstrans/src/mcscolor.c | 12 ++++++++----
|
||||
1 file changed, 8 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/mcstrans/src/mcscolor.c b/mcstrans/src/mcscolor.c
|
||||
index 4ee0db507ef2..3a3a6de9a02b 100644
|
||||
--- a/mcstrans/src/mcscolor.c
|
||||
+++ b/mcstrans/src/mcscolor.c
|
||||
@@ -272,10 +272,14 @@ static const unsigned precedence[N_COLOR][N_COLOR - 1] = {
|
||||
static const secolor_t default_color = { 0x000000, 0xffffff };
|
||||
|
||||
static int parse_components(context_t con, char **components) {
|
||||
- components[COLOR_USER] = (char *)context_user_get(con);
|
||||
- components[COLOR_ROLE] = (char *)context_role_get(con);
|
||||
- components[COLOR_TYPE] = (char *)context_type_get(con);
|
||||
- components[COLOR_RANGE] = (char *)context_range_get(con);
|
||||
+ if ((components[COLOR_USER] = (char *)context_user_get(con)) == NULL)
|
||||
+ return -1;
|
||||
+ if ((components[COLOR_ROLE] = (char *)context_role_get(con)) == NULL)
|
||||
+ return -1;
|
||||
+ if ((components[COLOR_TYPE] = (char *)context_type_get(con)) == NULL)
|
||||
+ return -1;
|
||||
+ if ((components[COLOR_RANGE] = (char *)context_range_get(con)) == NULL)
|
||||
+ return -1;
|
||||
|
||||
return 0;
|
||||
}
|
||||
--
|
||||
2.23.0
|
||||
|
21
Makefile
21
Makefile
@ -1,21 +0,0 @@
|
||||
# Makefile for source rpm: mcstrans
|
||||
# $Id: Makefile,v 1.1 2006/05/03 16:13:52 dwalsh Exp $
|
||||
NAME := mcstrans
|
||||
SPECFILE = $(firstword $(wildcard *.spec))
|
||||
|
||||
define find-makefile-common
|
||||
for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
|
||||
endef
|
||||
|
||||
MAKEFILE_COMMON := $(shell $(find-makefile-common))
|
||||
|
||||
ifeq ($(MAKEFILE_COMMON),)
|
||||
# attempt a checkout
|
||||
define checkout-makefile-common
|
||||
test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
|
||||
endef
|
||||
|
||||
MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
|
||||
endif
|
||||
|
||||
include $(MAKEFILE_COMMON)
|
@ -1,29 +0,0 @@
|
||||
--- mcstrans-0.1.8/src/mcstrans.init.subsys-locking 2006-09-13 11:21:11.000000000 -0400
|
||||
+++ mcstrans-0.1.8/src/mcstrans.init 2006-09-13 11:29:18.000000000 -0400
|
||||
@@ -48,7 +48,7 @@
|
||||
RETVAL=$?
|
||||
echo
|
||||
if test $RETVAL = 0 ; then
|
||||
- touch /var/lock/subsys/$prog
|
||||
+ touch /var/lock/subsys/mcstrans
|
||||
fi
|
||||
return $RETVAL
|
||||
}
|
||||
@@ -58,7 +58,7 @@
|
||||
killproc $prog
|
||||
RETVAL=$?
|
||||
echo
|
||||
- rm -f /var/lock/subsys/$prog
|
||||
+ rm -f /var/lock/subsys/mcstrans
|
||||
return $RETVAL
|
||||
}
|
||||
|
||||
@@ -76,7 +76,7 @@
|
||||
}
|
||||
|
||||
condrestart(){
|
||||
- [ -e /var/lock/subsys/$prog ] && restart
|
||||
+ [ -e /var/lock/subsys/mcstrans ] && restart
|
||||
return 0
|
||||
}
|
||||
|
230
mcstrans.spec
230
mcstrans.spec
@ -1,18 +1,26 @@
|
||||
Summary: SELinux Translation Daemon
|
||||
Name: mcstrans
|
||||
Version: 0.2.8
|
||||
Release: 1%{?dist}
|
||||
License: GPL
|
||||
Group: System Environment/Daemons
|
||||
Source: http://fedora.redhat.com/projects/%{name}-%{version}.tgz
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
BuildRequires: libselinux-devel >= 1.30.3-1
|
||||
BuildRequires: libcap-devel
|
||||
Requires(pre): /sbin/chkconfig /sbin/service
|
||||
Requires(post):/sbin/chkconfig /sbin/service
|
||||
Version: 3.1
|
||||
Release: 3%{?dist}
|
||||
License: GPL+
|
||||
Url: https://github.com/SELinuxProject/selinux/wiki
|
||||
Source: https://github.com/SELinuxProject/selinux/releases/download/20200710/mcstrans-3.1.tar.gz
|
||||
Source2: secolor.conf.8
|
||||
# fedora-selinux/selinux: git format-patch -N mcstrans-3.1 -- mcstrans
|
||||
# i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
|
||||
# Patch list start
|
||||
Patch0001: 0001-mcstrans-Fir-RESOURCE_LEAK-and-USE_AFTER_FREE-coveri.patch
|
||||
Patch0002: 0002-mcstrans-Fix-USER_AFTER_FREE-problem.patch
|
||||
Patch0003: 0003-mcstrans-Do-not-accept-incomplete-contexts.patch
|
||||
# Patch list end
|
||||
BuildRequires: gcc
|
||||
BuildRequires: libselinux-devel >= %{version}
|
||||
BuildRequires: libcap-devel pcre-devel libsepol-devel libsepol-static
|
||||
BuildRequires: systemd
|
||||
Requires: pcre
|
||||
%{?systemd_requires}
|
||||
Provides: setransd
|
||||
Provides: libsetrans
|
||||
Obsoletes: libsetrans
|
||||
|
||||
%description
|
||||
Security-enhanced Linux is a feature of the Linux® kernel and a number
|
||||
@ -29,54 +37,208 @@ mcstrans provides an translation daemon to translate SELinux categories
|
||||
from internal representations to user defined representation.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%autosetup -p 2 -n mcstrans-%{version}
|
||||
|
||||
%build
|
||||
make clean
|
||||
make CFLAGS="-g %{optflags}"
|
||||
%set_build_flags
|
||||
|
||||
%make_build LIBDIR="%{_libdir}"
|
||||
|
||||
%install
|
||||
rm -rf %{buildroot}
|
||||
mkdir -p %{buildroot}/%{_lib}
|
||||
mkdir -p %{buildroot}/%{_libdir}
|
||||
make DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" SHLIBDIR="%{buildroot}/%{_lib}" install
|
||||
rm -f %{buildroot}%{_sbindir}/*
|
||||
rm -f %{buildroot}%{_libdir}/*.a
|
||||
mkdir -p %{buildroot}%{_usr}/share/mcstrans
|
||||
mkdir -p %{buildroot}%{_sysconfdir}/selinux/mls/setrans.d
|
||||
|
||||
%clean
|
||||
rm -rf %{buildroot}
|
||||
%make_install LIBDIR="%{_libdir}" SHLIBDIR="%{_lib}" SBINDIR="%{_sbindir}"
|
||||
rm -f %{buildroot}%{_libdir}/*.a
|
||||
cp -r share/* %{buildroot}%{_usr}/share/mcstrans/
|
||||
# Systemd
|
||||
mkdir -p %{buildroot}%{_unitdir}
|
||||
ln -s %{_unitdir}/mcstrans.service %{buildroot}/%{_unitdir}/mcstransd.service
|
||||
rm -rf %{buildroot}/%{_sysconfdir}/rc.d/init.d/mcstrans
|
||||
install -m644 %{SOURCE2} %{buildroot}%{_mandir}/man8/
|
||||
|
||||
%post
|
||||
chkconfig --add mcstrans
|
||||
if [ -f /var/lock/subsys/mcstransd ]; then
|
||||
mv /var/lock/subsys/mcstransd /var/lock/subsys/mcstrans
|
||||
fi
|
||||
%systemd_post mcstransd.service
|
||||
|
||||
%preun
|
||||
if [ $1 -eq 0 ]; then
|
||||
service mcstrans stop > /dev/null 2>&1
|
||||
chkconfig --del mcstrans
|
||||
fi
|
||||
%systemd_preun mcstransd.service
|
||||
|
||||
%postun
|
||||
if [ $1 -ge 1 ]; then
|
||||
service mcstrans condrestart > /dev/null 2>&1 || :
|
||||
fi
|
||||
%systemd_postun mcstransd.service
|
||||
|
||||
%files
|
||||
%defattr(-,root,root,0755)
|
||||
%{_mandir}/man8/mcs.8.gz
|
||||
/sbin/mcstransd
|
||||
%{_sysconfdir}/rc.d/init.d/mcstrans
|
||||
%{_mandir}/man8/mcstransd.8.gz
|
||||
%{_mandir}/man5/setrans.conf.5.gz
|
||||
%{_mandir}/ru/man8/mcs.8.gz
|
||||
%{_mandir}/ru/man8/mcstransd.8.gz
|
||||
%{_mandir}/ru/man5/setrans.conf.5.gz
|
||||
%{_mandir}/man8/secolor.conf.8.gz
|
||||
/usr/sbin/mcstransd
|
||||
%{_unitdir}/mcstrans.service
|
||||
%{_unitdir}/mcstransd.service
|
||||
%dir %{_sysconfdir}/selinux/mls/setrans.d
|
||||
|
||||
%dir %{_usr}/share/mcstrans
|
||||
|
||||
%defattr(0644,root,root,0755)
|
||||
%dir %{_usr}/share/mcstrans/util
|
||||
%dir %{_usr}/share/mcstrans/examples
|
||||
%{_usr}/share/mcstrans/examples/*
|
||||
|
||||
%defattr(0755,root,root,0755)
|
||||
%{_usr}/share/mcstrans/util/*
|
||||
|
||||
%changelog
|
||||
* Tue Jul 28 2020 Tom Stellard <tstellar@redhat.com> - 3.1-3
|
||||
- Use make macros
|
||||
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
|
||||
|
||||
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.1-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
* Thu Jul 16 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-1
|
||||
- SELinux userspace 3.1 release
|
||||
|
||||
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||
|
||||
* Fri Dec 6 2019 Petr Lautrbach <plautrba@redhat.com> - 3.0-1
|
||||
- SELinux userspace 3.0 release
|
||||
|
||||
* Mon Nov 11 2019 Petr Lautrbach <plautrba@redhat.com> - 3.0-0.rc1.1
|
||||
- SELinux userspace 3.0-rc1 release candidate
|
||||
|
||||
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.9-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||
|
||||
* Tue Mar 19 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-1
|
||||
- SELinux userspace 2.9 release
|
||||
|
||||
* Mon Mar 11 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-0.rc2.1
|
||||
- SELinux userspace 2.9-rc2 release
|
||||
|
||||
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.9-0.rc1.1.1
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||
|
||||
* Wed Jan 30 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-0.rc1.1
|
||||
- Update to mcstrans-2.9-rc1
|
||||
|
||||
* Tue Oct 2 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-1
|
||||
- Update to mcstrans-2.8
|
||||
|
||||
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.4-13
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||
|
||||
* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.4-12
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||
|
||||
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.4-11
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
||||
|
||||
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.4-10
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
||||
|
||||
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.4-9
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
||||
|
||||
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.4-8
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
||||
|
||||
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.4-7
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
||||
|
||||
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.4-6
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
|
||||
|
||||
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.4-5
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
||||
|
||||
* Wed Mar 19 2014 Karsten Hopp |karsten@redhat.com> - 0.3.4-4
|
||||
- fix changelog order so that it builds with a recent rpm
|
||||
|
||||
* Wed Oct 16 2013 Dan Walsh <dwalsh@redhat.com> - 0.3.4-3
|
||||
- Make mcstrans PIE and fully relro
|
||||
- Resolves: #983268
|
||||
|
||||
* Tue Oct 15 2013 Dan Walsh <dwalsh@redhat.com> - 0.3.4-2
|
||||
- Add RELRO support for long running services
|
||||
|
||||
* Thu Sep 12 2013 Dan Walsh <dwalsh@redhat.com> - 0.3.4-1
|
||||
- Update to latest version/applying patches
|
||||
- Move binary to /usr/sbin rather then /sbin
|
||||
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.3-8
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
|
||||
|
||||
* Tue Mar 26 2013 Dan Walsh <dwalsh@redhat.com> - 0.3.3-7
|
||||
- Add secolor.conf.5 man page
|
||||
- Make mcstransd watch for content being written to /run/setrans for files names containing translations.
|
||||
-- This will allow apps like libvirt to write content nameing randomly selected MCS labels
|
||||
- Fix memory leak in mcstransd
|
||||
|
||||
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.3-6
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
|
||||
|
||||
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.3-5
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
||||
|
||||
* Fri Feb 10 2012 Petr Pisar <ppisar@redhat.com> - 0.3.3-4
|
||||
- Rebuild against PCRE 8.30
|
||||
|
||||
* Thu Feb 2 2012 Dan Walsh <dwalsh@redhat.com> - 0.3.3-3
|
||||
- Fix the systemd service file
|
||||
|
||||
* Wed Feb 1 2012 Dan Walsh <dwalsh@redhat.com> - 0.3.3-2
|
||||
- Update to upstream
|
||||
- Write pid file
|
||||
|
||||
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.2-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
|
||||
|
||||
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.2-1
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
||||
|
||||
* Wed Jan 5 2011 Ted X Toth <txtoth@gmail.com> - 0.3.2-0
|
||||
- Add constraints
|
||||
- Add setrans.conf man page
|
||||
- Fix mixed raw and translated range bug
|
||||
- Moved todo comments to TODO file
|
||||
|
||||
* Fri Oct 16 2009 Dan Walsh <dwalsh@redhat.com> 0.3.1-4
|
||||
- Add mcstransd man page
|
||||
|
||||
* Thu Sep 17 2009 Miroslav Grepl <mgrepl@redhat.com> 0.3.1-3
|
||||
- Fix init script
|
||||
|
||||
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.1-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
|
||||
|
||||
* Thu Feb 5 2009 Joe Nall <joe@nall.com> 0.3.1-1
|
||||
- Rewrite translations to allow individual word/category mapping
|
||||
- Eamon Walsh's color mapping changes
|
||||
|
||||
* Wed May 28 2008 Tom "spot" Callaway <tcallawa@redhat.com> 0.2.11-2
|
||||
- fix license tag
|
||||
|
||||
* Wed May 7 2008 Dan Walsh <dwalsh@redhat.com> 0.2.11-1
|
||||
- More fixes from Jim Meyering
|
||||
|
||||
* Tue May 6 2008 Dan Walsh <dwalsh@redhat.com> 0.2.10-1
|
||||
- More error checking on failed strdup
|
||||
|
||||
* Tue May 6 2008 Dan Walsh <dwalsh@redhat.com> 0.2.9-1
|
||||
- Start mcstrans before netlabel
|
||||
|
||||
* Mon Apr 14 2008 Dan Walsh <dwalsh@redhat.com> 0.2.8-1
|
||||
- Fix error handling
|
||||
|
||||
* Tue Feb 12 2008 Dan Walsh <dwalsh@redhat.com> 0.2.7-2
|
||||
- Rebuild for gcc 4.3
|
||||
|
||||
* Mon Oct 30 2007 Steve Conklin <sconklin@redhat.com> - 0.2.7-1
|
||||
* Tue Oct 30 2007 Steve Conklin <sconklin@redhat.com> - 0.2.7-1
|
||||
- Folded current patches into tarball
|
||||
|
||||
* Thu Oct 25 2007 Steve Conklin <sconklin@redhat.com> - 0.2.6-3
|
||||
|
12
mcstransd.service
Normal file
12
mcstransd.service
Normal file
@ -0,0 +1,12 @@
|
||||
[Unit]
|
||||
Description= Daemon used to translate SELinux MCS/MLS labels to human readable form
|
||||
After=syslog.target
|
||||
ConditionPathExists=/etc/selinux/mls/setrans.d
|
||||
|
||||
[Service]
|
||||
Type=forking
|
||||
PIDFile=/run/mcstransd.pid
|
||||
ExecStart=/usr/sbin/mcstransd
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
180
secolor.conf.8
Normal file
180
secolor.conf.8
Normal file
@ -0,0 +1,180 @@
|
||||
.TH "secolor.conf" "8" "08 April 2011" "SELinux API documentation"
|
||||
.SH "NAME"
|
||||
secolor.conf \- The SELinux color configuration file
|
||||
.
|
||||
.SH "DESCRIPTION"
|
||||
The
|
||||
.I /etc/selinux/{SELINUXTYPE}/secolor.conf
|
||||
configuation file controls the color to be associated to the context components associated to the
|
||||
.I raw
|
||||
context passed by
|
||||
.BR selinux_raw_context_to_color "(3),"
|
||||
when context related information is to be displayed in color by an SELinux-aware application.
|
||||
.sp
|
||||
.BR selinux_raw_context_to_color "(3)"
|
||||
obtains this color information from the active policy
|
||||
.B secolor.conf
|
||||
file as returned by
|
||||
.BR selinux_colors_path "(3)."
|
||||
.
|
||||
.SH "FILE FORMAT"
|
||||
The file format is as follows:
|
||||
.RS
|
||||
.B color
|
||||
.I color_name
|
||||
.BI "= #"color_mask
|
||||
.br
|
||||
[...]
|
||||
.sp
|
||||
.I context_component string
|
||||
.B =
|
||||
.I fg_color_name bg_color_name
|
||||
.br
|
||||
[...]
|
||||
.sp
|
||||
.RE
|
||||
|
||||
Where:
|
||||
.br
|
||||
.B color
|
||||
.RS
|
||||
The color keyword. Each color entry is on a new line.
|
||||
.RE
|
||||
.I color_name
|
||||
.RS
|
||||
A single word name for the color (e.g. red).
|
||||
.RE
|
||||
.I color_mask
|
||||
.RS
|
||||
A color mask starting with a hash (#) that describes the hexadecimal RGB colors with black being #000000 and white being #ffffff.
|
||||
.RE
|
||||
.I context_component
|
||||
.RS
|
||||
The context component name that must be one of the following:
|
||||
.br
|
||||
.RS
|
||||
user, role, type or range
|
||||
.RE
|
||||
Each
|
||||
.IR context_component " " string " ..."
|
||||
entry is on a new line.
|
||||
.RE
|
||||
.I string
|
||||
.RS
|
||||
This is the
|
||||
.I context_component
|
||||
string that will be matched with the
|
||||
.I raw
|
||||
context component passed by
|
||||
.BR selinux_raw_context_to_color "(3)."
|
||||
.br
|
||||
A wildcard '*' may be used to match any undefined string for the user, role and type
|
||||
.I context_component
|
||||
entries only.
|
||||
.RE
|
||||
|
||||
.I fg_color_name
|
||||
.RS
|
||||
The color_name string that will be used as the foreground color.
|
||||
A
|
||||
.I color_mask
|
||||
may also be used.
|
||||
.RE
|
||||
.I bg_color_name
|
||||
.RS
|
||||
The color_name string that will be used as the background color.
|
||||
A
|
||||
.I color_mask
|
||||
may also be used.
|
||||
.RE
|
||||
.
|
||||
.SH "EXAMPLES"
|
||||
Example 1 entries are:
|
||||
.RS
|
||||
color black = #000000
|
||||
.br
|
||||
color green = #008000
|
||||
.br
|
||||
color yellow = #ffff00
|
||||
.br
|
||||
color blue = #0000ff
|
||||
.br
|
||||
color white = #ffffff
|
||||
.br
|
||||
color red = #ff0000
|
||||
.br
|
||||
color orange = #ffa500
|
||||
.br
|
||||
color tan = #D2B48C
|
||||
.sp
|
||||
user * = black white
|
||||
.br
|
||||
role * = white black
|
||||
.br
|
||||
type * = tan orange
|
||||
.br
|
||||
range s0\-s0:c0.c1023 = black green
|
||||
.br
|
||||
range s1\-s1:c0.c1023 = white green
|
||||
.br
|
||||
range s3\-s3:c0.c1023 = black tan
|
||||
.br
|
||||
range s5\-s5:c0.c1023 = white blue
|
||||
.br
|
||||
range s7\-s7:c0.c1023 = black red
|
||||
.br
|
||||
range s9\-s9:c0.c1023 = black orange
|
||||
.br
|
||||
range s15:c0.c1023 = black yellow
|
||||
.RE
|
||||
|
||||
.sp
|
||||
Example 2 entries are:
|
||||
.RS
|
||||
color black = #000000
|
||||
.br
|
||||
color green = #008000
|
||||
.br
|
||||
color yellow = #ffff00
|
||||
.br
|
||||
color blue = #0000ff
|
||||
.br
|
||||
color white = #ffffff
|
||||
.br
|
||||
color red = #ff0000
|
||||
.br
|
||||
color orange = #ffa500
|
||||
.br
|
||||
color tan = #d2b48c
|
||||
.sp
|
||||
user unconfined_u = #ff0000 green
|
||||
.br
|
||||
role unconfined_r = red #ffffff
|
||||
.br
|
||||
type unconfined_t = red orange
|
||||
.br
|
||||
user user_u = black green
|
||||
.br
|
||||
role user_r = white black
|
||||
.br
|
||||
type user_t = tan red
|
||||
.br
|
||||
user xguest_u = black yellow
|
||||
.br
|
||||
role xguest_r = black red
|
||||
.br
|
||||
type xguest_t = black green
|
||||
.br
|
||||
user sysadm_u = white black
|
||||
.br
|
||||
range s0:c0.c1023 = black white
|
||||
.br
|
||||
user * = black white
|
||||
.br
|
||||
role * = black white
|
||||
.br
|
||||
type * = black white
|
||||
.RE
|
||||
.
|
||||
.SH "SEE ALSO"
|
||||
.BR mcstransd "(8), " selinux_raw_context_to_color "(3), " selinux_colors_path "(3)"
|
Loading…
Reference in New Issue
Block a user