Accepting request 143256 from security:SELinux

- update selinux-ready script (forwarded request 143038 from vitezslav_cizek)

OBS-URL: https://build.opensuse.org/request/show/143256
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libselinux?expand=0&rev=32
This commit is contained in:
Stephan Kulow 2012-11-28 10:07:37 +00:00 committed by Git OBS Bridge
parent 8a1e764b29
commit c103ffa55b
4 changed files with 44 additions and 18 deletions

View File

@ -27,7 +27,7 @@ Version: 2.1.9
Release: 0 Release: 0
Url: http://userspace.selinuxproject.org/ Url: http://userspace.selinuxproject.org/
Summary: SELinux library and simple utilities Summary: SELinux library and simple utilities
License: GPL-2.0 ; SUSE-Public-Domain License: GPL-2.0 and SUSE-Public-Domain
Group: System/Libraries Group: System/Libraries
Source: http://userspace.selinuxproject.org/releases/20120216/libselinux-%{version}.tar.gz Source: http://userspace.selinuxproject.org/releases/20120216/libselinux-%{version}.tar.gz
Source1: selinux-ready Source1: selinux-ready

View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Tue Nov 27 12:38:29 UTC 2012 - vcizek@suse.com
- update selinux-ready script
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Jul 25 11:15:02 UTC 2012 - meissner@suse.com Wed Jul 25 11:15:02 UTC 2012 - meissner@suse.com

View File

@ -25,7 +25,7 @@ Version: 2.1.9
Release: 0 Release: 0
Url: http://userspace.selinuxproject.org/ Url: http://userspace.selinuxproject.org/
Summary: SELinux library and simple utilities Summary: SELinux library and simple utilities
License: GPL-2.0 ; SUSE-Public-Domain License: GPL-2.0 and SUSE-Public-Domain
Group: System/Libraries Group: System/Libraries
Source: http://userspace.selinuxproject.org/releases/20120216/%{name}-%{version}.tar.gz Source: http://userspace.selinuxproject.org/releases/20120216/%{name}-%{version}.tar.gz
Source1: selinux-ready Source1: selinux-ready

View File

@ -22,37 +22,58 @@ check_dir()
check_filesystem() check_filesystem()
{ {
FSPATH="/proc/filesystems" FSPATH="/proc/filesystems"
FSNAME="securityfs" FSNAMES="securityfs selinuxfs"
OK="O"
grep -w $FSNAME $FSPATH 1>&2 >/dev/null for FSNAME in $FSNAMES; do
grep -w $FSNAME $FSPATH 1>&2 >/dev/null
if [ $? == 0 ]; then if [ $? == 0 ]; then
printf "\tcheck_filesystem: OK. Filesystem '$FSNAME' exists.\n" printf "\tcheck_filesystem: OK. Filesystem '$FSNAME' exists.\n"
return 0 else
printf "\tcheck_filesystem: ERR. Filesystem '$FSNAME' is missing. Please enable SELinux while compiling the kernel.\n"
OK="1"
fi
done
if [ "$OK" == "0" ]; then
return 0;
else else
printf "\tcheck_filesystem: ERR. Filesystem '$FSNAME' is missing. Please enable SELinux while compiling the kernel.\n" return 1;
return 0
fi fi
} }
check_boot() check_boot()
{ {
BPARAM="selinux=1" BPARAM1="security=selinux"
BPARAM2="selinux=1"
printf "\tcheck_boot: Assuming GRUB as bootloader.\n" printf "\tcheck_boot: Assuming GRUB2 as bootloader.\n"
BLINE=$(grep -- $BPARAM /boot/grub/menu.lst 2>/dev/null) # XXX check for multiple lines in config # look for parameters of the current kernel
CURRENT_KERNEL=$(uname -r)
if [ $? == 0 ]; then OTHERS=""
RETVAL="FAIL"
while read BLINE
do
K=$(echo $BLINE | awk -F' ' '{print $2}') K=$(echo $BLINE | awk -F' ' '{print $2}')
KERNEL=$(basename $K) KERNEL=$(basename $K)
K=$(echo $KERNEL | sed s/vmlinuz-//) K=$(echo $KERNEL | sed s/vmlinuz-//)
INITRD=initrd-$K
printf "\tcheck_boot: OK. Kernel '$KERNEL' has boot-parameter '$BPARAM'\n" if [ "$K" == "$CURRENT_KERNEL" ]; then
INITRD=initrd-$K
RETVAL="OK"
else
OTHERS="$KERNEL $OTHERS"
fi
done < <(grep -- $BPARAM1 /boot/grub2/grub.cfg 2>/dev/null | grep -- $BPARAM2)
if [ "$RETVAL" == OK ]; then
printf "\tcheck_boot: OK. Current kernel '$KERNEL' has boot-parameters '$BPARAM1 $BPARAM2'\n"
printf "\tcheck_boot: OK. Other kernels with correct parameters: $OTHERS\n"
return 0 return 0
else else
printf "\tcheck_boot: ERR. Boot-parameter missing for booting the kernel.\n" printf "\tcheck_boot: ERR. Boot-parameter missing for booting the kernel.\n"
printf "\t Please use YaST2 to add 'selinux=1' to the kernel boot-parameter list.\n" printf "\t Please use YaST2 to add 'security=selinux selinux=1' to the kernel boot-parameter list.\n"
return 1 return 1
fi fi
} }
@ -141,7 +162,7 @@ check_initupstart()
return 1; return 1;
fi fi
POL=$(grep SELINUXTYPE $CFGFILE | sed "s/SELINUXTYPE\s*=\s*"//) POL=$(grep "^\s*SELINUXTYPE" $CFGFILE | sed "s/SELINUXTYPE\s*=\(\S*\)\s*"/\\1/)
if ! [ -f /etc/selinux/$POL/booleans ]; then if ! [ -f /etc/selinux/$POL/booleans ]; then
printf "\tcheck_initupstart: ERR. booleans file for policy $POL does not exist.\n" printf "\tcheck_initupstart: ERR. booleans file for policy $POL does not exist.\n"