SELinux library and simple utilities

Overview Repositories Revisions Requests Users Attributes Meta

SELinux library and simple utilities

This package is based on the package 'libselinux' from project 'security:SELinux'.

Security-enhanced Linux is a feature of the Linux® kernel and a number
of utilities with enhanced security functionality designed to add
mandatory access controls to Linux. The Security-enhanced Linux kernel
contains new architectural components originally developed to improve
the security of the Flask operating system. These architectural
components provide general support for the enforcement of many kinds of
mandatory access control policies, including those based on the
concepts of Type Enforcement®, Role-based Access Control, and
Multi-level Security.

libselinux provides an API for SELinux applications to get and set
process and file security contexts and to obtain security policy
decisions. Required for any applications that use the SELinux API.

Devel package for openSUSE:Factory
6 derived packages
Derived Packages
home:skalyanasundaram:pwdutils

home:scabrero:bsc1208887

home:jsegitz:branches:security:SELinux

home:dirkmueller:Factory

home:jsegitz:branches:security:SELinux_7

home:cahu:security:SELinux:fixleapbuild
Cancel
Links to openSUSE:Factory / libselinux
Download package
Checkout Package
osc -A https://api.opensuse.org checkout security:SELinux/libselinux && cd $_
Create Badge

Build Results
RPM Lint

Refresh

Source Files

Filename	Size	Changed
_link	0000000145 145 Bytes	about 1 year ago
_multibuild	0000000069 69 Bytes	about 1 year ago
baselibs.conf	0000000012 12 Bytes	almost 16 years ago
libselinux-3.5.tar.gz	0000211453 206 KB	over 1 year ago
libselinux-3.5.tar.gz.asc	0000000981 981 Bytes	over 1 year ago
libselinux-bindings.changes	0000019217 18.8 KB	11 months ago
libselinux-bindings.spec	0000004586 4.48 KB	11 months ago
libselinux.changes	0000030585 29.9 KB	11 months ago
libselinux.keyring	0000019379 18.9 KB	over 1 year ago
libselinux.spec	0000005915 5.78 KB	11 months ago
python3.8-compat.patch	0000000904 904 Bytes	over 1 year ago
readv-proto.patch	0000000347 347 Bytes	almost 7 years ago
selinux-ready	0000005860 5.72 KB	almost 2 years ago
skip_cycles.patch	0000000432 432 Bytes	about 2 years ago
swig4_moduleimport.patch	0000000431 431 Bytes	over 4 years ago

Revision 161 (latest revision is 170)

Johannes Segitz (jsegitz) accepted request 1102401 from

Matej Cepl (mcepl) 11 months ago (revision 161)

- (bsc#1212618) Divide libselinux and libselinux-bindings again.
  libselinux itself is in Ring0 so it has to have absolutely
  minimal dependencies, so it is better to separate
  libselinux-bindings into a separate pacakge.
- Add explicit BuildRequires for python3-pip and python3-wheel on
  15.5, currently the macros don't do the right thing
- allow building this with different python versions, to make this
  usable for the new sle15 macro (using python3.11)
- Add python-wheel build dependency to build correctly with latest
  python-pip version.
- Add _multibuild to define additional spec files as additional
  flavors.
  Eliminates the need for source package links in OBS.
- Enable LTO as it works fine now.
- Update to version 3.5:
  * check for truncations
  * avoid newline in avc message
  * bail out on path truncations
  * add getpidprevcon to gather the previous context before the last
    exec of a given process
  * Workaround for heap overhead of pcre
  * fix memory leaks on the audit2why module init
  * ignore invalid class name lookup
- Drop restorecon_pin_file.patch, is upstream
- Refreshed python3.8-compat.patch
- Added additional developer key (Jason Zaman)
- Update to version 3.4:
  * Use PCRE2 by default
  * Make selinux_log() and is_context_customizable() thread-safe
  * Prevent leakeing file descriptors
  * Correctly hash specfiles larger than 4G
- Refreshed skip_cycles.patch
- Update to version 3.3:
  * Lots of smaller issues fixed found by fuzzing
- Switch to pcre2:
  + Replace pcre-devel BuildRequires with pkgconfig(libpcre2-8)
  + Pass USE_PCRE2=y to make.
- Update to version 3.2:
  * Use mmap()'ed kernel status page instead of netlink by default.
    See "KERNEL STATUS PAGE" section in avc_init(3) for more details.
  * New log callback levels for enforcing and policy load notices -
    SELINUX_POLICYLOAD, SELINUX_SETENFORCE
  * Changed userspace AVC setenforce and policy load messages to audit 
    format.
- Update to version 3.1:
  * selinux/flask.h, selinux/av_permissions.h and sepol/policydb/flask.h were
    removed. All userspace object managers should have been updated to use the
    dynamic class/perm mapping support.
    Use string_to_security_class(3) and string_to_av_perm(3) to map the class
    and permission names to their policy values, or selinux_set_mapping(3) to
    create a mapping from class and permission index values used by the
    application to the policy values.
  * Removed restrictions in libsepol and checkpolicy that required all declared
    initial SIDs to be assigned a context.
  * Support for new policy capability genfs_seclabel_symlinks
  * selinuxfs is mounted with noexec and nosuid
  * `security_compute_user()` was deprecated
  * Refreshed python3.8-compat.patch
- Update to version 3.0
  * Ignore the stem when looking up all matches in file context
  * Save digest of all partial matches for directory
  * Use Python distutils to install SELinux python bindings
  * ensure that digest_len is not zero
  * fix string conversion of unknown perms
  * mark all exported function "extern"
- Added swig4_moduleimport.patch to prevent import errors due to
  SWIG 4
- Add python3.8-compat.patch which makes build possible even with
  Python 3.8, which doesn’t automatically adds -lpython<ver>
- Disable LTO (boo#1133244).
- Set License: to correct value (bsc#1135710)
- Update to version 2.9
  * Add security_reject_unknown(3) man page
  * Change matchpathcon usage to match with matchpathcon manpage
  * Do not define gettid() if glibc >= 2.30 is used
  * Fix RESOURCE_LEAK defects reported by coverity scan
  * Fix line wrapping in selabel_file.5
  * Do not dereference symlink with statfs in selinux_restorecon
  * Fix overly strict validation of file_contexts.bin
  * Fix selinux_restorecon() on non-SELinux hosts
  * Fix the whatis line for the selinux_boolean_sub.3 manpage
  * Fix printf format string specifier for uint64_t
  * Fix handling of unknown classes/perms
  * Set an appropriate errno in booleans.c
- Dropped python3.patch, is now upstream
- Update to version 2.8 (bsc#1111732). 
  For changes please see
  https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/RELEASE-20180524.txt
- ran spec-cleaner on spec files
- Update to version 2.7.
    * %files needed to be heavily modified
    * Based expressly on python3, not just python 
  For changes please see
  https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/RELEASE-20170804.txt
- Updated spec file to use python3. Added python3.patch to fix
  build
- Update to version 2.6. Notable changes:
  * selinux_restorecon: fix realpath logic
  * sefcontext_compile: invert semantics of "-r" flag
  * sefcontext_compile: Add "-i" flag
  * Introduce configurable backends
  * Add function to find security.restorecon_last entries
  * Add openrc_contexts functions
  * Add support for pcre2
  * Handle NULL pcre study data
  * Add setfiles support to selinux_restorecon(3)
  * Evaluate inodes in selinux_restorecon(3)
  * Change the location of _selinux.so
  * Explain how to free policy type from selinux_getpolicytype()
  * Compare absolute pathname in matchpathcon -V
  * Add selinux_snapperd_contexts_path()
  * Modify audit2why analyze function to use loaded policy
  * Avoid mounting /proc outside of selinux_init_load_policy()
  * Fix location of selinuxfs mount point
  * Only mount /proc if necessary
  * procattr: return einval for <= 0 pid args
  * procattr: return error on invalid pid_t input
- Dropped
  * libselinux-2.2-ruby.patch 
  * libselinux-proc-mount-only-if-needed.patch 
  * python-selinux-swig-3.10.patch
- readv-proto.patch: include <sys/uio.h> for readv prototype
- Update RPM groups, trim description and combine filelist entries.
- Adjusted source link
- add patch: python-selinux-swig-3.10.patch, fixed boo#985368
  * swig-3.10 in Factory use importlib instead of imp to find
    _selinux.so. imp searched the same directory as __init__.py
    is while importlib searchs only standard paths. so we have
    to move _selinux.so. fixed by upstream 
- update version 2.5
  * Add selinux_restorecon function
  * read_spec_entry: fail on non-ascii
  * Add man information about thread specific functions
  * Don't wrap rpm_execcon with DISABLE_RPM with SWIG
  * Correct line count for property and service context files
  * label_file: fix memory leaks and uninitialized jump
  * Replace selabel_digest hash function
  * Fix selabel_open(3) services if no digest requested
  * Add selabel_digest function
  * Flush the class/perm string mapping cache on policy reload
  * Fix restorecon when path has no context
  * Free memory when processing media and x specfiles
  * Fix mmap memory release for file labeling
  * Add policy context validation to sefcontext_compile
  * Do not treat an empty file_contexts(.local) as an error
  * Fail hard on invalid property_contexts entries
  * Fail hard on invalid file_contexts entries
  * Support context validation on file_contexts.bin
  * Add selabel_cmp interface and label_file backend
  * Support specifying file_contexts.bin file path
  * Support file_contexts.bin without file_contexts
  * Simplify procattr cache
  * Use /proc/thread-self when available
  * Add const to selinux_opt for label backends
  * Fix binary file labels for regexes with metachars
  * Fix file labels for regexes with metachars
  * Fix if file_contexts not '\n' terminated
  * Enhance file context support
  * Fix property processing and cleanup formatting
  * Add read_spec_entries function to replace sscanf
  * Support consistent mode size for bin files
  * Fix more bin file processing core dumps
  * add selinux_openssh_contexts_path()
  * setrans_client: minimize overhead when mcstransd is not present
  * Ensure selabel_lookup_best_match links NULL terminated
  * Fix core dumps with corrupt *.bin files
  * Add selabel partial and best match APIs
  * Use os.walk() instead of the deprecated os.path.walk()
  * Remove deprecated mudflap option
  * Mount procfs before checking /proc/filesystems
  * Fix -Wformat errors with gcc-5.0.0
  * label_file:  handle newlines in file names
  * Fix audit2why error handling if SELinux is disabled
  * pcre_study can return NULL without error
  * Only check SELinux enabled status once in selinux_check_access
- changes in 2.4
  * Remove assumption that SHLIBDIR is ../../ relative to LIBDIR
  * Fix bugs found by hardened gcc flags
  * Set the system to permissive if failing to disable SELinux because
    policy has already been loaded
  * Add db_exception and db_datatype support to label_db backend
  * Log an error on unknown classes and permissions
  * Add pcre version string to the compiled file_contexts format
  * Deprecate use of flask.h and av_permissions.h
  * Compiled file_context files and the original should have the same DAC
    permissions
- Update libselinux-2.2-ruby.patch: use RbConfig instead of
  deprecated Config.
- Update to version 2.3 
* Get rid of security_context_t and fix const declarations.
* Refactor rpm_execcon() into a new setexecfilecon() from Guillem Jover.
- Update to version 2.2
  * Fix avc_has_perm() returns -1 even when SELinux is in permissive mode.
  * Support overriding Makefile RANLIB
  * Update pkgconfig definition
  * Mount sysfs before trying to mount selinuxfs.
  * Fix man pages
  * Support overriding PATH  and LIBBASE in Makefile
  * Fix LDFLAGS usage
  * Avoid shadowing stat in load_mmap
  * Support building on older PCRE libraries
  * Fix handling of temporary file in sefcontext_compile
  * Fix procattr cache
  * Define python constants for getenforce result
  * Fix label substitution handling of /
  * Add selinux_current_policy_path from
  * Change get_context_list to only return good matches
  * Support udev-197 and higher
  * Add support for local substitutions
  * Change setfilecon to not return ENOSUP if context is already correct
  * Python wrapper leak fixes
  * Export SELINUX_TRANS_DIR definition in selinux.h
  * Add selinux_systemd_contexts_path
  * Add selinux_set_policy_root
  * Add man page for sefcontext_compile
- Remove libselinux-rhat.patch; merged on upstream
- Adapt libselinux-ruby.patch to upstream changes
- Use fdupes to symlink duplicate manpages
- change the source url to the official 2.1.13 release tarball
- update to 2.1.12
- added BuildRequires: pcre-devel
- Remove obsolete defines/sections
- updated to 2.1.9 again (see below)
- update to libselinux-2.1.9
  * better man pages
  * selinux_status interfaces
  * simple interface for access checks
  * multiple bug fixes
- fix build for ruby-1.9
- use %_smp_mflags
- updated to 2.0.91
  * changes too numerous to list
- add baselibs.conf as a source
- updated selinux-ready script
- change libsepol-devel to libsepol-devel-static in dependencies
  of python bindings
- put libsepol-devel back to Requires of libselinux-devel
- added selinux-ready tool to selinux-tools package
- remove static libraries
- libselinux-devel does not require libsepol-devel
- updated to 2.0.80
  * deny_unknown wrapper function from KaiGai Kohei
  * security_compute_av_flags API from KaiGai Kohei
  * Netlink socket management and callbacks from KaiGai Kohei
  * Netlink socket handoff patch from Adam Jackson
  * AVC caching of compute_create results by Eric Paris
  * fix incorrect conversion in discover_class code
- fixed memory leak (memleak.patch)
- updated to 2.0.77
  * add new function getseuser which will take username and service
    and return seuser and level; ipa will populate file in future
  * change selinuxdefcon to return just the context by default
  * fix segfault if seusers file does not work
  * strip trailing / for matchpathcon
  * fix restorecon python code
- updated to 2.0.76
  * allow shell-style wildcarding in X names
  * add Restorecon/Install python functions
  * correct message types in AVC log messages
  * make matchpathcon -V pass mode
  * add man page for selinux_file_context_cmp
  * update flask headers from refpolicy trunk
- fix debug_packages_requires define
- require only version, not release [bnc#429053]
- updated to 2.0.71
  * Add group support to seusers using %groupname syntax from Dan Walsh.
  * Mark setrans socket close-on-exec from Stephen Smalley.
  * Only apply nodups checking to base file contexts from Stephen Smalley.
  * Merge ruby bindings from Dan Walsh.
- Fix build of debuginfo.
- added baselibs.conf file
- split bindings into separate subpackage (libselinux-bindings)
- split tools into separate subpackage (selinux-tools)
- fix requires for debuginfo package
- initial version 2.0.67
  * based on Fedora package by Dan Walsh <dwalsh@redhat.com>
- (bsc#1212618) Divide libselinux and libselinux-bindings again.
  libselinux itself is in Ring0 so it has to have absolutely
  minimal dependencies, so it is better to separate
  libselinux-bindings into a separate pacakge.

Places

Actions on this page