SELinux library and simple utilities
Security-enhanced Linux is a feature of the Linux(R) kernel and a
number of utilities with enhanced security functionality designed to
add mandatory access controls to Linux. The Security-enhanced Linux
kernel contains new architectural components originally developed to
improve the security of the Flask operating system. These architectural
components provide general support for the enforcement of many kinds of
mandatory access control policies, including those based on the
concepts of Type Enforcement(R), Role-based Access Control, and
Multi-level Security.
libselinux provides an API for SELinux applications to get and set
process and file security contexts and to obtain security policy
decisions. Required for any applications that use the SELinux API.
- Sources inherited from project SUSE:SLE-12-SP2:GA
-
1
derived packages
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout SUSE:SLE-12-SP3:GA/libselinux && cd $_ - Create Badge
Refresh
Refresh
Source Files
| Filename | Size | Changed |
|---|---|---|
| baselibs.conf | 0000000012 12 Bytes | |
| libselinux-2.2-ruby.patch | 0000001323 1.29 KB | |
| libselinux-2.5.tar.gz | 0000189019 185 KB | |
| libselinux-bindings.changes | 0000010321 10.1 KB | |
| libselinux-bindings.spec | 0000005587 5.46 KB | |
| libselinux.changes | 0000017365 17 KB | |
| libselinux.spec | 0000007155 6.99 KB | |
| python-selinux-swig-3.10.patch | 0000000581 581 Bytes | |
| selinux-ready | 0000006390 6.24 KB |
Revision 2 (latest revision is 4)
Stefan Behlert (sbehlert)
committed
(revision 2)
update version 2.5. I was working on this for a while, not sure if it's possible to get
this in that late. If so I have
checkpolicy libsemanage libsepol policycoreutils python-semanage
left to submit, but they need a current libselinux version
old: SUSE:SLE-12-SP2:GA/libselinux
new: openSUSE.org:security:SELinux/libselinux rev 31996ea50185995654b46eb474bdfb35
Index: libselinux-2.2-ruby.patch
===================================================================
--- libselinux-2.2-ruby.patch (revision 1)
+++ libselinux-2.2-ruby.patch (revision 31996ea50185995654b46eb474bdfb35)
@@ -1,19 +1,19 @@
Index: src/Makefile
===================================================================
---- src/Makefile.orig 2013-01-30 13:24:55.549631752 +0100
-+++ src/Makefile 2013-01-30 13:25:56.148209843 +0100
-@@ -16,8 +16,8 @@
+--- src/Makefile.orig
++++ src/Makefile
+@@ -16,8 +16,8 @@ PYINC ?= $(shell pkg-config --cflags $(P
PYLIBDIR ?= $(LIBDIR)/$(PYLIBVER)
RUBYLIBVER ?= $(shell $(RUBY) -e 'print RUBY_VERSION.split(".")[0..1].join(".")')
RUBYPLATFORM ?= $(shell $(RUBY) -e 'print RUBY_PLATFORM')
-RUBYINC ?= $(shell pkg-config --cflags ruby)
-RUBYINSTALL ?= $(LIBDIR)/ruby/site_ruby/$(RUBYLIBVER)/$(RUBYPLATFORM)
-+RUBYINC ?= $(shell ruby -r rbconfig -e "print Config::CONFIG['rubyhdrdir'].nil? ? '$(LIBDIR)/ruby/$(RUBYLIBVER)' : Config::CONFIG['rubyhdrdir']")
-+RUBYINSTALL ?= $(shell ruby -r rbconfig -e "print Config::CONFIG['vendorarchdir'].nil? ? '$(DESTDIR)'+Config::CONFIG['sitearchdir'] : '$(DESTDIR)'+Config::CONFIG['vendorarchdir']")
++RUBYINC ?= $(shell ruby -r rbconfig -e "print RbConfig::CONFIG['rubyhdrdir'].nil? ? '$(LIBDIR)/ruby/$(RUBYLIBVER)' : RbConfig::CONFIG['rubyhdrdir']")
++RUBYINSTALL ?= $(shell ruby -r rbconfig -e "print RbConfig::CONFIG['vendorarchdir'].nil? ? '$(DESTDIR)'+RbConfig::CONFIG['sitearchdir'] : '$(DESTDIR)'+RbConfig::CONFIG['vendorarchdir']")
LIBBASE ?= $(shell basename $(LIBDIR))
VERSION = $(shell cat ../VERSION)
-@@ -103,7 +103,7 @@ $(SWIGLOBJ): $(SWIGCOUT)
+@@ -98,7 +98,7 @@ $(SWIGLOBJ): $(SWIGCOUT)
$(CC) $(CFLAGS) $(SWIG_CFLAGS) $(PYINC) -fPIC -DSHARED -c -o $@ $<
$(SWIGRUBYLOBJ): $(SWIGRUBYCOUT)
Index: libselinux-bindings.changes
===================================================================
--- libselinux-bindings.changes (revision 1)
+++ libselinux-bindings.changes (revision 31996ea50185995654b46eb474bdfb35)
@@ -1,4 +1,87 @@
-------------------------------------------------------------------
+Thu Jul 14 07:59:04 UTC 2016 - jsegitz@novell.com
+
+- Adjusted source link
+
+-------------------------------------------------------------------
+Tue Jul 5 16:44:44 UTC 2016 - i@marguerite.su
+
+- add patch: python-selinux-swig-3.10.patch, fixed boo#985368
+ * swig-3.10 in Factory use importlib instead of imp to find
+ _selinux.so. imp searched the same directory as __init__.py
+ is while importlib searchs only standard paths. so we have
+ to move _selinux.so. fixed by upstream
+- update version 2.5
+ * Add selinux_restorecon function
+ * read_spec_entry: fail on non-ascii
+ * Add man information about thread specific functions
+ * Don't wrap rpm_execcon with DISABLE_RPM with SWIG
+ * Correct line count for property and service context files
+ * label_file: fix memory leaks and uninitialized jump
+ * Replace selabel_digest hash function
+ * Fix selabel_open(3) services if no digest requested
+ * Add selabel_digest function
+ * Flush the class/perm string mapping cache on policy reload
+ * Fix restorecon when path has no context
+ * Free memory when processing media and x specfiles
+ * Fix mmap memory release for file labeling
+ * Add policy context validation to sefcontext_compile
+ * Do not treat an empty file_contexts(.local) as an error
+ * Fail hard on invalid property_contexts entries
+ * Fail hard on invalid file_contexts entries
+ * Support context validation on file_contexts.bin
+ * Add selabel_cmp interface and label_file backend
+ * Support specifying file_contexts.bin file path
+ * Support file_contexts.bin without file_contexts
+ * Simplify procattr cache
+ * Use /proc/thread-self when available
+ * Add const to selinux_opt for label backends
+ * Fix binary file labels for regexes with metachars
+ * Fix file labels for regexes with metachars
+ * Fix if file_contexts not '\n' terminated
+ * Enhance file context support
+ * Fix property processing and cleanup formatting
+ * Add read_spec_entries function to replace sscanf
+ * Support consistent mode size for bin files
+ * Fix more bin file processing core dumps
+ * add selinux_openssh_contexts_path()
+ * setrans_client: minimize overhead when mcstransd is not present
+ * Ensure selabel_lookup_best_match links NULL terminated
+ * Fix core dumps with corrupt *.bin files
+ * Add selabel partial and best match APIs
+ * Use os.walk() instead of the deprecated os.path.walk()
+ * Remove deprecated mudflap option
+ * Mount procfs before checking /proc/filesystems
+ * Fix -Wformat errors with gcc-5.0.0
+ * label_file: handle newlines in file names
+ * Fix audit2why error handling if SELinux is disabled
+ * pcre_study can return NULL without error
+ * Only check SELinux enabled status once in selinux_check_access
+- changes in 2.4
+ * Remove assumption that SHLIBDIR is ../../ relative to LIBDIR
+ * Fix bugs found by hardened gcc flags
+ * Set the system to permissive if failing to disable SELinux because
+ policy has already been loaded
+ * Add db_exception and db_datatype support to label_db backend
+ * Log an error on unknown classes and permissions
+ * Add pcre version string to the compiled file_contexts format
+ * Deprecate use of flask.h and av_permissions.h
+ * Compiled file_context files and the original should have the same DAC
+ permissions
+-------------------------------------------------------------------
+Wed May 27 11:53:54 UTC 2015 - dimstar@opensuse.org
+
+- Update libselinux-2.2-ruby.patch: use RbConfig instead of
+ deprecated Config.
+
+-------------------------------------------------------------------
+Sun May 18 00:15:17 UTC 2014 - crrodriguez@opensuse.org
+
+- Update to version 2.3
+* Get rid of security_context_t and fix const declarations.
+* Refactor rpm_execcon() into a new setexecfilecon() from Guillem Jover.
+
+-------------------------------------------------------------------
Thu Oct 31 13:43:41 UTC 2013 - p.drouand@gmail.com
- Update to version 2.2
Index: libselinux-bindings.spec
===================================================================
--- libselinux-bindings.spec (revision 1)
+++ libselinux-bindings.spec (revision 31996ea50185995654b46eb474bdfb35)
@@ -1,7 +1,7 @@
#
# spec file for package libselinux-bindings
#
-# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -16,10 +16,10 @@
#
-%define libsepol_ver 2.3
+%define libsepol_ver 2.5
Name: libselinux-bindings
-Version: 2.3
+Version: 2.5
Release: 0
Url: http://userspace.selinuxproject.org/
Summary: SELinux library and simple utilities
@@ -27,10 +27,12 @@
Group: System/Libraries
# embedded is the MD5
-Source: http://userspace.selinuxproject.org/releases/20140506/libselinux-%{version}.tar.gz
+Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223/libselinux-%{version}.tar.gz
Source1: selinux-ready
Source2: baselibs.conf
Patch1: libselinux-2.2-ruby.patch
+# PATCH-FIX-UPSTREAM swig-3.10 use importlib which not search the directory __init__.py is in but standard path
+Patch2: python-selinux-swig-3.10.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: libsepol-devel-static >= %{libsepol_ver}
BuildRequires: pcre-devel
@@ -106,6 +108,7 @@
%prep
%setup -q -n libselinux-%{version}
%patch1
+%patch2 -p1
%build
make %{?_smp_mflags} LIBDIR="%{_libdir}" CFLAGS="$RPM_OPT_FLAGS" -C src
@@ -122,6 +125,7 @@
%files -n python-selinux
%defattr(-,root,root,-)
%dir %{py_sitedir}/selinux
+%{py_sitedir}/_selinux.so
%{py_sitedir}/selinux/*
%files -n ruby-selinux
Index: libselinux.changes
===================================================================
--- libselinux.changes (revision 1)
+++ libselinux.changes (revision 31996ea50185995654b46eb474bdfb35)
@@ -1,5 +1,76 @@
-------------------------------------------------------------------
-Thu Jul 30 12:21:29 UTC 2015 - jsegitz@novell.com
+Thu Jul 14 07:58:49 UTC 2016 - jsegitz@novell.com
+
+- Adjusted source link
+
+-------------------------------------------------------------------
+Tue Jul 5 16:42:03 UTC 2016 - i@marguerite.su
+
+- add patch: python-selinux-swig-3.10.patch, fixed boo#985368
+ * swig-3.10 in Factory use importlib instead of imp to find
+ _selinux.so. imp searched the same directory as __init__.py
+ is while importlib searchs only standard paths. so we have
+ to move _selinux.so. fixed by upstream
+- update version 2.5
+ * Add selinux_restorecon function
+ * read_spec_entry: fail on non-ascii
+ * Add man information about thread specific functions
+ * Don't wrap rpm_execcon with DISABLE_RPM with SWIG
+ * Correct line count for property and service context files
+ * label_file: fix memory leaks and uninitialized jump
+ * Replace selabel_digest hash function
+ * Fix selabel_open(3) services if no digest requested
+ * Add selabel_digest function
+ * Flush the class/perm string mapping cache on policy reload
+ * Fix restorecon when path has no context
+ * Free memory when processing media and x specfiles
+ * Fix mmap memory release for file labeling
+ * Add policy context validation to sefcontext_compile
+ * Do not treat an empty file_contexts(.local) as an error
+ * Fail hard on invalid property_contexts entries
+ * Fail hard on invalid file_contexts entries
+ * Support context validation on file_contexts.bin
+ * Add selabel_cmp interface and label_file backend
+ * Support specifying file_contexts.bin file path
+ * Support file_contexts.bin without file_contexts
+ * Simplify procattr cache
+ * Use /proc/thread-self when available
+ * Add const to selinux_opt for label backends
+ * Fix binary file labels for regexes with metachars
+ * Fix file labels for regexes with metachars
+ * Fix if file_contexts not '\n' terminated
+ * Enhance file context support
+ * Fix property processing and cleanup formatting
+ * Add read_spec_entries function to replace sscanf
+ * Support consistent mode size for bin files
+ * Fix more bin file processing core dumps
+ * add selinux_openssh_contexts_path()
+ * setrans_client: minimize overhead when mcstransd is not present
+ * Ensure selabel_lookup_best_match links NULL terminated
+ * Fix core dumps with corrupt *.bin files
+ * Add selabel partial and best match APIs
+ * Use os.walk() instead of the deprecated os.path.walk()
+ * Remove deprecated mudflap option
+ * Mount procfs before checking /proc/filesystems
+ * Fix -Wformat errors with gcc-5.0.0
+ * label_file: handle newlines in file names
+ * Fix audit2why error handling if SELinux is disabled
+ * pcre_study can return NULL without error
+ * Only check SELinux enabled status once in selinux_check_access
+- changes in 2.4
+ * Remove assumption that SHLIBDIR is ../../ relative to LIBDIR
+ * Fix bugs found by hardened gcc flags
+ * Set the system to permissive if failing to disable SELinux because
+ policy has already been loaded
+ * Add db_exception and db_datatype support to label_db backend
+ * Log an error on unknown classes and permissions
+ * Add pcre version string to the compiled file_contexts format
+ * Deprecate use of flask.h and av_permissions.h
+ * Compiled file_context files and the original should have the same DAC
+ permissions
+
+-------------------------------------------------------------------
+Thu Jul 30 12:00:27 UTC 2015 - jsegitz@novell.com
- fixed selinux-ready to work with initrd files created by dracut (bsc#940006)
Index: libselinux.spec
===================================================================
--- libselinux.spec (revision 1)
+++ libselinux.spec (revision 31996ea50185995654b46eb474bdfb35)
@@ -1,7 +1,7 @@
#
# spec file for package libselinux
#
-# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -16,20 +16,22 @@
#
-%define libsepol_ver 2.3
+%define libsepol_ver 2.5
Name: libselinux
-Version: 2.3
+Version: 2.5
Release: 0
Url: http://userspace.selinuxproject.org/
Summary: SELinux library and simple utilities
License: GPL-2.0 and SUSE-Public-Domain
Group: System/Libraries
-Source: http://userspace.selinuxproject.org/releases/20140506/%{name}-%{version}.tar.gz
+Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223/%{name}-%{version}.tar.gz
Source1: selinux-ready
Source2: baselibs.conf
Patch1: %{name}-2.2-ruby.patch
+# PATCH-FIX-UPSTREAM swig-3.10 use importlib which not search the directory __init__.py is in but standard path
+Patch2: python-selinux-swig-3.10.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: fdupes
BuildRequires: libsepol-devel >= %{libsepol_ver}
@@ -120,6 +122,7 @@
%prep
%setup -q
%patch1
+%patch2 -p1
%build
make %{?_smp_mflags} LIBDIR="%{_libdir}" CC="%{__cc}" CFLAGS="$RPM_OPT_FLAGS"
@@ -159,11 +162,16 @@
%{_sbindir}/getenforce
%{_sbindir}/getsebool
%{_sbindir}/matchpathcon
+%{_sbindir}/selabel_digest
+%{_sbindir}/selabel_lookup
+%{_sbindir}/selabel_lookup_best_match
+%{_sbindir}/selabel_partial_match
%{_sbindir}/selinuxconlist
%{_sbindir}/selinuxdefcon
%{_sbindir}/selinuxenabled
%{_sbindir}/setenforce
%{_sbindir}/togglesebool
+%{_sbindir}/selinux_restorecon
%{_sbindir}/selinux-ready
%{_sbindir}/selinuxexeccon
%{_sbindir}/sefcontext_compile
Index: libselinux-2.5.tar.gz
===================================================================
Binary files libselinux-2.5.tar.gz (revision 31996ea50185995654b46eb474bdfb35) added
Index: python-selinux-swig-3.10.patch
===================================================================
--- python-selinux-swig-3.10.patch (added)
+++ python-selinux-swig-3.10.patch (revision 31996ea50185995654b46eb474bdfb35)
@@ -0,0 +1,13 @@
+Index: b/src/Makefile
+===================================================================
+--- a/src/Makefile
++++ b/src/Makefile
+@@ -155,7 +155,7 @@ install: all
+
+ install-pywrap: pywrap
+ test -d $(PYLIBDIR)/site-packages/selinux || install -m 755 -d $(PYLIBDIR)/site-packages/selinux
+- install -m 755 $(SWIGSO) $(PYLIBDIR)/site-packages/selinux/_selinux.so
++ install -m 755 $(SWIGSO) $(PYLIBDIR)/site-packages/_selinux.so
+ install -m 755 $(AUDIT2WHYSO) $(PYLIBDIR)/site-packages/selinux/audit2why.so
+ install -m 644 $(SWIGPYOUT) $(PYLIBDIR)/site-packages/selinux/__init__.py
+
Index: libselinux-2.3.tar.gz
===================================================================
Binary files libselinux-2.3.tar.gz (revision 1) deleted
Comments 0