OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libselinux?expand=0&rev=9

2009-07-03 14:04:45 +00:00 · 2009-07-03 14:04:45 +00:00 · 0897091815
commit 0897091815
parent db47170337
5 changed files with 183 additions and 9 deletions
--- a/libselinux-bindings.changes
+++ b/libselinux-bindings.changes
@ -1,3 +1,19 @@
+-------------------------------------------------------------------
+Wed Jul  1 12:26:48 CEST 2009 - prusnak@suse.cz
+
+- put libsepol-devel back to Requires of libselinux-devel
+
+-------------------------------------------------------------------
+Mon Jun 29 21:24:16 CEST 2009 - prusnak@suse.cz
+
+- added selinux-ready tool to selinux-tools package
+
+-------------------------------------------------------------------
+Tue Jun  9 20:17:54 CEST 2009 - crrodriguez@suse.de
+
+- remove static libraries
+- libselinux-devel does not require libsepol-devel
+
 -------------------------------------------------------------------
 Wed May 27 14:06:14 CEST 2009 - prusnak@suse.cz

--- a/libselinux-bindings.spec
+++ b/libselinux-bindings.spec
@ -23,9 +23,9 @@ BuildRequires:  libsepol-devel >= %{libsepol_ver}

 Name:           libselinux-bindings
 Version:        2.0.80
-Release:        1
+Release:        2
 Url:            http://www.nsa.gov/selinux/
-License:        GPL v2 only ;  Public Domain, Freeware
+License:        GPL v2 only ;   Public Domain, Freeware
 Group:          System/Libraries
 Summary:        SELinux library and simple utilities
 Source:         libselinux-%{version}.tar.bz2
--- a/libselinux.changes
+++ b/libselinux.changes
@ -1,8 +1,18 @@
+-------------------------------------------------------------------
+Wed Jul  1 12:26:48 CEST 2009 - prusnak@suse.cz
+
+- put libsepol-devel back to Requires of libselinux-devel
+
+-------------------------------------------------------------------
+Mon Jun 29 21:24:16 CEST 2009 - prusnak@suse.cz
+
+- added selinux-ready tool to selinux-tools package
+
 -------------------------------------------------------------------
 Tue Jun  9 20:17:54 CEST 2009 - crrodriguez@suse.de

 - remove static libraries
- libselinux-devel does not require libsepol-devel 
+- libselinux-devel does not require libsepol-devel

 -------------------------------------------------------------------
 Wed May 27 14:06:14 CEST 2009 - prusnak@suse.cz
--- a/libselinux.spec
+++ b/libselinux.spec
@ -22,12 +22,13 @@ BuildRequires:  libsepol-devel >= %{libsepol_ver}

 Name:           libselinux
 Version:        2.0.80
-Release:        1
+Release:        2
 Url:            http://www.nsa.gov/selinux/
-License:        GPL v2 only ;  Public Domain, Freeware
+License:        GPL v2 only ;   Public Domain, Freeware
 Group:          System/Libraries
 Summary:        SELinux library and simple utilities
 Source:         %{name}-%{version}.tar.bz2
+Source1:        selinux-ready
 Patch0:         %{name}-%{version}-rhat.patch.bz2
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %define debug_package_requires libselinux1 = %{version}-%{release}
@ -50,7 +51,7 @@ decisions.  Required for any applications that use the SELinux API.


 %package -n libselinux1
-License:        GPL v2 only ;  Public Domain, Freeware
+License:        GPL v2 only ;   Public Domain, Freeware
 Group:          System/Libraries
 Summary:        SELinux library and simple utilities

@ -72,7 +73,7 @@ decisions.  Required for any applications that use the SELinux API.


 %package -n selinux-tools
-License:        GPL v2 only ;  Public Domain, Freeware
+License:        GPL v2 only ;   Public Domain, Freeware
 Group:          System/Base
 Summary:        SELinux library and simple utilities

@ -94,10 +95,12 @@ decisions.  Required for any applications that use the SELinux API.


 %package devel
-License:        GPL v2 only ;  Public Domain, Freeware
+License:        GPL v2 only ;   Public Domain, Freeware
 Summary:        Development Include Files and Libraries for SELinux
 Group:          Development/Libraries/C and C++
-Requires:       libselinux1 = %{version} glibc-devel
+Requires:       libselinux1 = %{version}
+Requires:       libsepol-devel >= %{libsepol_ver}
+Requires:       glibc-devel

 %description devel
 Security-enhanced Linux is a patch of the Linux(R) kernel and a number
@ -144,6 +147,7 @@ rm -f $RPM_BUILD_ROOT%{_sbindir}/getseuser
 rm -f $RPM_BUILD_ROOT%{_sbindir}/selinux_check_securetty_context
 mv $RPM_BUILD_ROOT%{_sbindir}/getdefaultcon $RPM_BUILD_ROOT%{_sbindir}/selinuxdefcon
 mv $RPM_BUILD_ROOT%{_sbindir}/getconlist $RPM_BUILD_ROOT%{_sbindir}/selinuxconlist
+install -m 0755 %{SOURCE1} $RPM_BUILD_ROOT%{_sbindir}/selinux-ready
 rm -f %{buildroot}%{_libdir}/*.a

 %clean
@ -165,6 +169,7 @@ rm -rf $RPM_BUILD_ROOT
 %{_sbindir}/selinuxenabled
 %{_sbindir}/setenforce
 %{_sbindir}/togglesebool
+%{_sbindir}/selinux-ready
 %{_mandir}/man5/*
 %{_mandir}/man8/*

--- a/143
+++ b/143
@ -0,0 +1,143 @@
+#!/bin/bash
+
+KERNEL="unknown"
+INITRD="unknown"
+TD=""
+
+
+# init needs /selinux to be there
+check_dir()
+{
+	SLDIR="/selinux"
+
+	if [ -d $SLDIR ];then
+		printf "\tcheck_dir: OK. $SLDIR exists.\n"
+		return 0
+	else
+		printf "\tcheck_dir: ERR. $SLDIR does not exists, please execute 'mkdir $SLDIR' as root.\n"
+		return 1
+	fi
+}
+
+check_filesystem()
+{
+	FSPATH="/proc/filesystems"
+	FSNAME="securityfs"
+
+	grep -w $FSNAME $FSPATH 1>&2 >/dev/null
+
+	if [ $? == 0 ]; then
+		printf "\tcheck_filesystem: OK. Filesystem '$FSNAME' exists.\n"
+		return 0
+	else
+		printf "\tcheck_filesystem: ERR. Filesystem '$FSNAME' is missing. Please enable SELinux while compiling the kernel.\n"
+		return 0
+	fi
+}
+
+check_boot()
+{
+	BPARAM="selinux=1"
+
+	printf "\tcheck_boot: Assuming GRUB as bootloader.\n"
+
+	BLINE=$(grep -- $BPARAM /boot/grub/menu.lst 2>/dev/null) # XXX check for multiple lines in config
+
+	if [ $? == 0 ]; then
+		K=$(echo $BLINE | awk -F' ' '{print $2}')
+		KERNEL=$(basename $K)
+		K=$(echo $KERNEL | sed s/vmlinuz-//)
+		INITRD=initrd-$K
+		printf "\tcheck_boot: OK. Kernel '$KERNEL' has boot-parameter '$BPARAM'\n"
+		return 0
+	else
+		printf "\tcheck_boot: ERR. Boot-parameter missing for booting the kernel.\n"
+		printf "\t            Please use YaST2 to add 'selinux=1' to the kernel boot-parameter list.\n"
+		return 1
+	fi
+}
+
+check_mkinitrd()
+{
+	MCMD="mount.*/root/proc.*"
+
+	if ! [ -f "/boot/$INITRD" ];then
+		printf "\tcheck_mkinitrd: ERR. Unable to locate '/boot/$INITRD'\n"
+		return 2
+	fi
+
+	cp /boot/$INITRD $TD/i.cpio.gz 2>/dev/null
+
+	if ! [ -f "$TD/i.cpio.gz" ];then
+		printf "\tcheck_mkinitrd: ERR. Error while copying initrd file.'\n"
+		return 2
+	fi
+
+
+	pushd . 2>&1>/dev/null
+	cd $TD
+	mkdir initrd-extracted
+	cd initrd-extracted
+	gunzip -c $TD/i.cpio.gz | cpio -i --force-local --no-absolute-filenames 2>/dev/null
+	grep -E -- $MCMD boot/* 2>&1 >/dev/null
+	FLG=$?
+	popd 2>&1>/dev/null
+
+	if [ $FLG == 0 ];then
+		printf "\tcheck_mkinitrd: OK. Your initrd seems to be correct.\n"
+		return 0
+	else
+		printf "\tcheck_mkinitrd: ERR. Your initrd seems not to mount /proc of\n"
+		printf "\t                the root filesystem during boot, this may be a\n"
+		printf "\t                reason for SELinux not working.\n"
+		return 1
+	fi
+}
+
+check_packages()
+{
+	PKGLST="checkpolicy policycoreutils selinux-tools libselinux1 libsepol1 libsemanage1 selinux-policy"
+	FAIL=0
+
+	for i in $PKGLST
+	do
+		rpm -q $i 1>&2 >/dev/null
+		if [ $? == 1 ];then
+			printf "\tcheck_packages: ERR. Package '$i' not installed, please run 'zypper in $i' as root\n"
+			FAIL=1
+		fi
+	done
+
+	if [ $FAIL == 0 ]; then
+		printf "\tcheck_packages: OK. All essential packages are installed\n"
+		return 0
+	else
+		return 1
+	fi
+}
+
+check_config()
+{
+	CF="/etc/selinux/config"
+
+	if [ -f $CF ];then
+		printf "\tcheck_config: OK. Config file seems to be there.\n"
+		return 0
+	else
+		printf "\tcheck_config: ERR. Config file '$CF' is missing.\n"
+		return 1
+	fi
+}
+
+TD=$(mktemp -q -d /tmp/selinux-ready.XXXXXX)
+
+echo "Start checking your system if it is selinux-ready or not:"
+check_dir
+check_filesystem
+check_boot
+check_mkinitrd
+check_packages
+check_config
+
+rm -rf $TD
+