topjohnwu/selinux
1
0
Fork 0
mirror of https://github.com/topjohnwu/selinux.git synced 2024-12-13 22:48:49 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
This is the upstream repository for the Security Enhanced Linux (SELinux) userland libraries and tools. The software provided by this project complements the SELinux features integrated into the Linux kernel and is used by Linux distributions. All bugs an
1,350 Commits 1 Branch 0 Tags 18 MiB
C 71.5%
Python 15.5%
Roff 9%
SWIG 1.1%
Makefile 1%
Other 1.9%
8713313a51
Go to file
Stephen Smalley 8713313a51 libselinux: fail hard on invalid file_contexts entries 
Fail hard on any error during file_contexts processing.
We want to catch any such errors early and not proceed
with a potentially mislabeled system.  This was the original
logic but was loosened long ago to more gracefully handle
user error in Linux distributions (a single typo could lead
to not being able to label anything, even if the relevant
entry for the files in question was correct).  However,
in Android, file_contexts is not modified at runtime and
we want to fully validate it at build, so we want to fail
hard in these cases, and in modern Linux, file_contexts is
modified using tools (semanage, semodule) and a library
(libsemanage) that should already be fully validating values
before adding entries, and that trigger a setfiles -c validation
(equivalent to Android checkfc) before committing the transaction.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-08-06 14:51:36 -04:00
checkpolicy Updated checkpolicy ChangeLog. 2015-07-31 09:04:52 -04:00
libselinux libselinux: fail hard on invalid file_contexts entries 2015-08-06 14:51:36 -04:00
libsemanage Updated libsemanage and policycoreutils ChangeLogs. 2015-08-06 11:01:03 -04:00
libsepol Update libsepol ChangeLog. 2015-08-04 11:11:22 -04:00
policycoreutils Updated libsemanage and policycoreutils ChangeLogs. 2015-08-06 11:01:03 -04:00
scripts Add secilc to release script. 2015-03-31 12:41:28 -04:00
secilc Updated libsepol and secilc ChangeLogs. 2015-06-22 10:04:26 -04:00
sepolgen Updated sepolgen ChangeLog. 2015-08-05 15:16:18 -04:00
.gitignore global: gitignore: add a couple of more editor backup filetypes 2013-02-01 12:14:57 -05:00
Android.mk Add empty top level Android.mk / CleanSpec.mk files 2015-04-16 07:54:09 -04:00
CleanSpec.mk Add empty top level Android.mk / CleanSpec.mk files 2015-04-16 07:54:09 -04:00
Makefile libsepol: Move secilc out of libsepol 2015-03-31 12:31:38 -04:00
README Add further build dependencies. 2015-02-23 09:08:13 -05:00

README 

Please submit all bug reports and patches to selinux@tycho.nsa.gov.
Subscribe via selinux-join@tycho.nsa.gov.

Build dependencies on Fedora:
yum install audit-libs-devel bison bzip2-devel dbus-devel dbus-glib-devel flex flex-devel flex-static glib2-devel libcap-devel libcap-ng-devel pam-devel pcre-devel python-devel setools-devel swig ustr-devel

To build and install everything under a private directory, run:
make DESTDIR=~/obj install install-pywrap

To install as the default system libraries and binaries
(overwriting any previously installed ones - dangerous!),
on x86_64, run:
make LIBDIR=/usr/lib64 SHLIBDIR=/lib64 install install-pywrap relabel
or on x86 (32-bit), run:
make install install-pywrap relabel

This may render your system unusable if the upstream SELinux userspace
lacks library functions or other dependencies relied upon by your
distribution.  If it breaks, you get to keep both pieces.