3
0
forked from pool/libselinux

Accepting request 37222 from home:thomasbiege:branches:security:SELinux

Copy from home:thomasbiege:branches:security:SELinux/libselinux via accept of submit request 37222 revision 5.
Request was accepted with message:
ok

OBS-URL: https://build.opensuse.org/request/show/37222
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libselinux?expand=0&rev=29
This commit is contained in:
Thomas Biege 2010-04-07 13:40:02 +00:00 committed by Git OBS Bridge
parent 72159dfb6e
commit 56b6dc1745
2 changed files with 55 additions and 8 deletions

View File

@ -1,3 +1,13 @@
-------------------------------------------------------------------
Wed Apr 7 13:26:59 UTC 2010 - thomas@novell.com
- selinux-ready: fixed init ramfs checking
-------------------------------------------------------------------
Wed Apr 7 12:59:41 UTC 2010 - thomas@novell.com
- added new selinux-ready script
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Feb 25 14:57:16 UTC 2010 - prusnak@suse.cz Thu Feb 25 14:57:16 UTC 2010 - prusnak@suse.cz

View File

@ -22,7 +22,7 @@ check_dir()
check_filesystem() check_filesystem()
{ {
FSPATH="/proc/filesystems" FSPATH="/proc/filesystems"
FSNAME="selinuxfs" FSNAME="securityfs"
grep -w $FSNAME $FSPATH 1>&2 >/dev/null grep -w $FSNAME $FSPATH 1>&2 >/dev/null
@ -37,11 +37,11 @@ check_filesystem()
check_boot() check_boot()
{ {
BPARAM="security=selinux.*selinux=1.*enforcing=?" # XXX order not mandatory BPARAM="selinux=1"
printf "\tcheck_boot: Assuming GRUB as bootloader.\n" printf "\tcheck_boot: Assuming GRUB as bootloader.\n"
BLINE=$(grep -E $BPARAM /boot/grub/menu.lst 2>/dev/null) # XXX check for multiple lines in config BLINE=$(grep -- $BPARAM /boot/grub/menu.lst 2>/dev/null) # XXX check for multiple lines in config
if [ $? == 0 ]; then if [ $? == 0 ]; then
K=$(echo $BLINE | awk -F' ' '{print $2}') K=$(echo $BLINE | awk -F' ' '{print $2}')
@ -80,20 +80,51 @@ check_mkinitrd()
cd initrd-extracted cd initrd-extracted
gunzip -c $TD/i.cpio.gz | cpio -i --force-local --no-absolute-filenames 2>/dev/null gunzip -c $TD/i.cpio.gz | cpio -i --force-local --no-absolute-filenames 2>/dev/null
grep -E -- $MCMD boot/* 2>&1 >/dev/null grep -E -- $MCMD boot/* 2>&1 >/dev/null
FLG=$? FLG1=$?
grep -E -- load_policy boot/* 2>&1 >/dev/null
FLG2=$?
popd 2>&1>/dev/null popd 2>&1>/dev/null
if [ $FLG == 0 ];then if [ $FLG1 == 0 -a $FLG2 == 0 ];then
printf "\tcheck_mkinitrd: OK. Your initrd seems to be correct.\n" printf "\tcheck_mkinitrd: OK. Your initrd seems to be correct.\n"
return 0 return 0
else else
printf "\tcheck_mkinitrd: ERR. Your initrd seems not to mount /proc of\n" printf "\tcheck_mkinitrd: ERR. Your initrd seems not to mount /proc of\n"
printf "\t the root filesystem during boot, this may be a\n" printf "\t the root filesystem during boot and/or load_policy\n"
printf "\t reason for SELinux not working.\n" printf "\t is missing,\n"
printf "\t this may be a reason for SELinux not working.\n"
return 1 return 1
fi fi
} }
check_initupstart()
{
CFGFILE="/etc/selinux/config"
if ! [ -f $CFGFILE ]; then
printf "\tcheck_initupstart: ERR. $CFGFILE does not exist.\n"
return 1;
fi
POL=$(grep SELINUXTYPE $CFGFILE | sed "s/SELINUXTYPE\s*=\s*"//)
if ! [ -f /etc/selinux/$POL/booleans ]; then
printf "\tcheck_initupstart: ERR. booleans file for policy $POL does not exist.\n"
return 1
fi
INITUS=$(grep init_upstart /etc/selinux/$POL/booleans | sed "s/.*init_upstart\s*=\s*//")
if [ "$INITUS" == 1 ]; then
printf "\tcheck_initupstart: OK. init_upstart in $POL/booleans is set to 1.\n"
return 0
else
printf "\tcheck_initupstart: ERR. init_upstart in $POL/booleans is NOT set to 1 ($INITUS).\n"
return 1
fi
}
check_packages() check_packages()
{ {
PKGLST="checkpolicy policycoreutils selinux-tools libselinux1 libsepol1 libsemanage1 selinux-policy" PKGLST="checkpolicy policycoreutils selinux-tools libselinux1 libsepol1 libsemanage1 selinux-policy"
@ -120,8 +151,13 @@ check_config()
{ {
CF="/etc/selinux/config" CF="/etc/selinux/config"
if [ -f $CF ];then if [ -f $CF ];then
printf "\tcheck_config: OK. Config file seems to be there.\n" printf "\tcheck_config: OK. Config file seems to be there.\n"
if ! [ $(stat --printf=%a $CF) -eq "644" ]; then
printf "\tcheck_config: ERR. Config file '$CF' has wrong permissions.\n"
return 1
fi
return 0 return 0
else else
printf "\tcheck_config: ERR. Config file '$CF' is missing.\n" printf "\tcheck_config: ERR. Config file '$CF' is missing.\n"
@ -138,6 +174,7 @@ check_boot
check_mkinitrd check_mkinitrd
check_packages check_packages
check_config check_config
check_initupstart
rm -rf $TD rm -rf $TD
#echo $TD