From 08970918158317a084b1d577224d64507e26e7490109806eee065b21dbeb163f Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Fri, 3 Jul 2009 14:04:45 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libselinux?expand=0&rev=9 --- libselinux-bindings.changes | 16 ++++ libselinux-bindings.spec | 4 +- libselinux.changes | 12 ++- libselinux.spec | 17 +++-- selinux-ready | 143 ++++++++++++++++++++++++++++++++++++ 5 files changed, 183 insertions(+), 9 deletions(-) create mode 100644 selinux-ready diff --git a/libselinux-bindings.changes b/libselinux-bindings.changes index 747284b..d1e7edf 100644 --- a/libselinux-bindings.changes +++ b/libselinux-bindings.changes @@ -1,3 +1,19 @@ +------------------------------------------------------------------- +Wed Jul 1 12:26:48 CEST 2009 - prusnak@suse.cz + +- put libsepol-devel back to Requires of libselinux-devel + +------------------------------------------------------------------- +Mon Jun 29 21:24:16 CEST 2009 - prusnak@suse.cz + +- added selinux-ready tool to selinux-tools package + +------------------------------------------------------------------- +Tue Jun 9 20:17:54 CEST 2009 - crrodriguez@suse.de + +- remove static libraries +- libselinux-devel does not require libsepol-devel + ------------------------------------------------------------------- Wed May 27 14:06:14 CEST 2009 - prusnak@suse.cz diff --git a/libselinux-bindings.spec b/libselinux-bindings.spec index b716e16..16e61d1 100644 --- a/libselinux-bindings.spec +++ b/libselinux-bindings.spec @@ -23,9 +23,9 @@ BuildRequires: libsepol-devel >= %{libsepol_ver} Name: libselinux-bindings Version: 2.0.80 -Release: 1 +Release: 2 Url: http://www.nsa.gov/selinux/ -License: GPL v2 only ; Public Domain, Freeware +License: GPL v2 only ; Public Domain, Freeware Group: System/Libraries Summary: SELinux library and simple utilities Source: libselinux-%{version}.tar.bz2 diff --git a/libselinux.changes b/libselinux.changes index 79b9a3d..d1e7edf 100644 --- a/libselinux.changes +++ b/libselinux.changes @@ -1,8 +1,18 @@ +------------------------------------------------------------------- +Wed Jul 1 12:26:48 CEST 2009 - prusnak@suse.cz + +- put libsepol-devel back to Requires of libselinux-devel + +------------------------------------------------------------------- +Mon Jun 29 21:24:16 CEST 2009 - prusnak@suse.cz + +- added selinux-ready tool to selinux-tools package + ------------------------------------------------------------------- Tue Jun 9 20:17:54 CEST 2009 - crrodriguez@suse.de - remove static libraries -- libselinux-devel does not require libsepol-devel +- libselinux-devel does not require libsepol-devel ------------------------------------------------------------------- Wed May 27 14:06:14 CEST 2009 - prusnak@suse.cz diff --git a/libselinux.spec b/libselinux.spec index 748fda4..bb4dc96 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -22,12 +22,13 @@ BuildRequires: libsepol-devel >= %{libsepol_ver} Name: libselinux Version: 2.0.80 -Release: 1 +Release: 2 Url: http://www.nsa.gov/selinux/ -License: GPL v2 only ; Public Domain, Freeware +License: GPL v2 only ; Public Domain, Freeware Group: System/Libraries Summary: SELinux library and simple utilities Source: %{name}-%{version}.tar.bz2 +Source1: selinux-ready Patch0: %{name}-%{version}-rhat.patch.bz2 BuildRoot: %{_tmppath}/%{name}-%{version}-build %define debug_package_requires libselinux1 = %{version}-%{release} @@ -50,7 +51,7 @@ decisions. Required for any applications that use the SELinux API. %package -n libselinux1 -License: GPL v2 only ; Public Domain, Freeware +License: GPL v2 only ; Public Domain, Freeware Group: System/Libraries Summary: SELinux library and simple utilities @@ -72,7 +73,7 @@ decisions. Required for any applications that use the SELinux API. %package -n selinux-tools -License: GPL v2 only ; Public Domain, Freeware +License: GPL v2 only ; Public Domain, Freeware Group: System/Base Summary: SELinux library and simple utilities @@ -94,10 +95,12 @@ decisions. Required for any applications that use the SELinux API. %package devel -License: GPL v2 only ; Public Domain, Freeware +License: GPL v2 only ; Public Domain, Freeware Summary: Development Include Files and Libraries for SELinux Group: Development/Libraries/C and C++ -Requires: libselinux1 = %{version} glibc-devel +Requires: libselinux1 = %{version} +Requires: libsepol-devel >= %{libsepol_ver} +Requires: glibc-devel %description devel Security-enhanced Linux is a patch of the Linux(R) kernel and a number @@ -144,6 +147,7 @@ rm -f $RPM_BUILD_ROOT%{_sbindir}/getseuser rm -f $RPM_BUILD_ROOT%{_sbindir}/selinux_check_securetty_context mv $RPM_BUILD_ROOT%{_sbindir}/getdefaultcon $RPM_BUILD_ROOT%{_sbindir}/selinuxdefcon mv $RPM_BUILD_ROOT%{_sbindir}/getconlist $RPM_BUILD_ROOT%{_sbindir}/selinuxconlist +install -m 0755 %{SOURCE1} $RPM_BUILD_ROOT%{_sbindir}/selinux-ready rm -f %{buildroot}%{_libdir}/*.a %clean @@ -165,6 +169,7 @@ rm -rf $RPM_BUILD_ROOT %{_sbindir}/selinuxenabled %{_sbindir}/setenforce %{_sbindir}/togglesebool +%{_sbindir}/selinux-ready %{_mandir}/man5/* %{_mandir}/man8/* diff --git a/selinux-ready b/selinux-ready new file mode 100644 index 0000000..de0fbc7 --- /dev/null +++ b/selinux-ready @@ -0,0 +1,143 @@ +#!/bin/bash + +KERNEL="unknown" +INITRD="unknown" +TD="" + + +# init needs /selinux to be there +check_dir() +{ + SLDIR="/selinux" + + if [ -d $SLDIR ];then + printf "\tcheck_dir: OK. $SLDIR exists.\n" + return 0 + else + printf "\tcheck_dir: ERR. $SLDIR does not exists, please execute 'mkdir $SLDIR' as root.\n" + return 1 + fi +} + +check_filesystem() +{ + FSPATH="/proc/filesystems" + FSNAME="securityfs" + + grep -w $FSNAME $FSPATH 1>&2 >/dev/null + + if [ $? == 0 ]; then + printf "\tcheck_filesystem: OK. Filesystem '$FSNAME' exists.\n" + return 0 + else + printf "\tcheck_filesystem: ERR. Filesystem '$FSNAME' is missing. Please enable SELinux while compiling the kernel.\n" + return 0 + fi +} + +check_boot() +{ + BPARAM="selinux=1" + + printf "\tcheck_boot: Assuming GRUB as bootloader.\n" + + BLINE=$(grep -- $BPARAM /boot/grub/menu.lst 2>/dev/null) # XXX check for multiple lines in config + + if [ $? == 0 ]; then + K=$(echo $BLINE | awk -F' ' '{print $2}') + KERNEL=$(basename $K) + K=$(echo $KERNEL | sed s/vmlinuz-//) + INITRD=initrd-$K + printf "\tcheck_boot: OK. Kernel '$KERNEL' has boot-parameter '$BPARAM'\n" + return 0 + else + printf "\tcheck_boot: ERR. Boot-parameter missing for booting the kernel.\n" + printf "\t Please use YaST2 to add 'selinux=1' to the kernel boot-parameter list.\n" + return 1 + fi +} + +check_mkinitrd() +{ + MCMD="mount.*/root/proc.*" + + if ! [ -f "/boot/$INITRD" ];then + printf "\tcheck_mkinitrd: ERR. Unable to locate '/boot/$INITRD'\n" + return 2 + fi + + cp /boot/$INITRD $TD/i.cpio.gz 2>/dev/null + + if ! [ -f "$TD/i.cpio.gz" ];then + printf "\tcheck_mkinitrd: ERR. Error while copying initrd file.'\n" + return 2 + fi + + + pushd . 2>&1>/dev/null + cd $TD + mkdir initrd-extracted + cd initrd-extracted + gunzip -c $TD/i.cpio.gz | cpio -i --force-local --no-absolute-filenames 2>/dev/null + grep -E -- $MCMD boot/* 2>&1 >/dev/null + FLG=$? + popd 2>&1>/dev/null + + if [ $FLG == 0 ];then + printf "\tcheck_mkinitrd: OK. Your initrd seems to be correct.\n" + return 0 + else + printf "\tcheck_mkinitrd: ERR. Your initrd seems not to mount /proc of\n" + printf "\t the root filesystem during boot, this may be a\n" + printf "\t reason for SELinux not working.\n" + return 1 + fi +} + +check_packages() +{ + PKGLST="checkpolicy policycoreutils selinux-tools libselinux1 libsepol1 libsemanage1 selinux-policy" + FAIL=0 + + for i in $PKGLST + do + rpm -q $i 1>&2 >/dev/null + if [ $? == 1 ];then + printf "\tcheck_packages: ERR. Package '$i' not installed, please run 'zypper in $i' as root\n" + FAIL=1 + fi + done + + if [ $FAIL == 0 ]; then + printf "\tcheck_packages: OK. All essential packages are installed\n" + return 0 + else + return 1 + fi +} + +check_config() +{ + CF="/etc/selinux/config" + + if [ -f $CF ];then + printf "\tcheck_config: OK. Config file seems to be there.\n" + return 0 + else + printf "\tcheck_config: ERR. Config file '$CF' is missing.\n" + return 1 + fi +} + +TD=$(mktemp -q -d /tmp/selinux-ready.XXXXXX) + +echo "Start checking your system if it is selinux-ready or not:" +check_dir +check_filesystem +check_boot +check_mkinitrd +check_packages +check_config + +rm -rf $TD +