SELinux binary policy manipulation library

Edit Package libsepol

Security-enhanced Linux is a feature of the Linux(R) kernel and a
number of utilities with enhanced security functionality designed to
add mandatory access controls to Linux. The Security-enhanced Linux
kernel contains new architectural components originally developed to
improve the security of the Flask operating system. These architectural
components provide general support for the enforcement of many kinds of
mandatory access control policies, including those based on the
concepts of Type Enforcement(R), Role-based Access Control, and
Multi-level Security.

libsepol provides an API for the manipulation of SELinux binary
policies. It is used by checkpolicy (the policy compiler) and similar
tools, as well as by programs like load_policy that need to perform
specific transformations on binary policies such as customizing policy
boolean settings.

Refresh
Refresh
Source Files
Filename Size Changed
baselibs.conf 0000000010 10 Bytes
libsepol-2.6.tar.gz 0000442549 432 KB
libsepol.changes 0000009866 9.63 KB
libsepol.spec 0000003969 3.88 KB
Latest Revision
Stefan Behlert's avatar Stefan Behlert (sbehlert) committed (revision 2)
- Update to version 2.6. Notable changes:
  * Add support for converting extended permissions to CIL
  * Create user and role caches when building binary policy
  * Check for too many permissions in classes and commons in CIL
  * Fix xperm mapping between avrule and avtab
  * Produce more meaningful error messages for conflicting type rules in CIL
  * Change which attributes CIL keeps in the binary policy
  * Warn instead of fail if permission is not resolved
  * Ignore object_r when adding userrole mappings to policydb
  * Correctly detect unknown classes in sepol_string_to_security_class
  * Fix neverallowxperm checking on attributes
  * Only apply bounds checking to source types in rules
  * Fix CIL and not add an attribute as a type in the attr_type_map
  * Fix extended permissions neverallow checking
  * Fix CIL neverallow and bounds checking
  * Add support for portcon dccp protocol
Comments 0
openSUSE Build Service is sponsored by