forked from pool/libselinux
Accepting request 37222 from home:thomasbiege:branches:security:SELinux
Copy from home:thomasbiege:branches:security:SELinux/libselinux via accept of submit request 37222 revision 5. Request was accepted with message: ok OBS-URL: https://build.opensuse.org/request/show/37222 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libselinux?expand=0&rev=29
This commit is contained in:
parent
72159dfb6e
commit
56b6dc1745
@ -1,3 +1,13 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Apr 7 13:26:59 UTC 2010 - thomas@novell.com
|
||||||
|
|
||||||
|
- selinux-ready: fixed init ramfs checking
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Apr 7 12:59:41 UTC 2010 - thomas@novell.com
|
||||||
|
|
||||||
|
- added new selinux-ready script
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Feb 25 14:57:16 UTC 2010 - prusnak@suse.cz
|
Thu Feb 25 14:57:16 UTC 2010 - prusnak@suse.cz
|
||||||
|
|
||||||
|
@ -22,7 +22,7 @@ check_dir()
|
|||||||
check_filesystem()
|
check_filesystem()
|
||||||
{
|
{
|
||||||
FSPATH="/proc/filesystems"
|
FSPATH="/proc/filesystems"
|
||||||
FSNAME="selinuxfs"
|
FSNAME="securityfs"
|
||||||
|
|
||||||
grep -w $FSNAME $FSPATH 1>&2 >/dev/null
|
grep -w $FSNAME $FSPATH 1>&2 >/dev/null
|
||||||
|
|
||||||
@ -37,11 +37,11 @@ check_filesystem()
|
|||||||
|
|
||||||
check_boot()
|
check_boot()
|
||||||
{
|
{
|
||||||
BPARAM="security=selinux.*selinux=1.*enforcing=?" # XXX order not mandatory
|
BPARAM="selinux=1"
|
||||||
|
|
||||||
printf "\tcheck_boot: Assuming GRUB as bootloader.\n"
|
printf "\tcheck_boot: Assuming GRUB as bootloader.\n"
|
||||||
|
|
||||||
BLINE=$(grep -E $BPARAM /boot/grub/menu.lst 2>/dev/null) # XXX check for multiple lines in config
|
BLINE=$(grep -- $BPARAM /boot/grub/menu.lst 2>/dev/null) # XXX check for multiple lines in config
|
||||||
|
|
||||||
if [ $? == 0 ]; then
|
if [ $? == 0 ]; then
|
||||||
K=$(echo $BLINE | awk -F' ' '{print $2}')
|
K=$(echo $BLINE | awk -F' ' '{print $2}')
|
||||||
@ -80,20 +80,51 @@ check_mkinitrd()
|
|||||||
cd initrd-extracted
|
cd initrd-extracted
|
||||||
gunzip -c $TD/i.cpio.gz | cpio -i --force-local --no-absolute-filenames 2>/dev/null
|
gunzip -c $TD/i.cpio.gz | cpio -i --force-local --no-absolute-filenames 2>/dev/null
|
||||||
grep -E -- $MCMD boot/* 2>&1 >/dev/null
|
grep -E -- $MCMD boot/* 2>&1 >/dev/null
|
||||||
FLG=$?
|
FLG1=$?
|
||||||
|
grep -E -- load_policy boot/* 2>&1 >/dev/null
|
||||||
|
FLG2=$?
|
||||||
popd 2>&1>/dev/null
|
popd 2>&1>/dev/null
|
||||||
|
|
||||||
if [ $FLG == 0 ];then
|
if [ $FLG1 == 0 -a $FLG2 == 0 ];then
|
||||||
printf "\tcheck_mkinitrd: OK. Your initrd seems to be correct.\n"
|
printf "\tcheck_mkinitrd: OK. Your initrd seems to be correct.\n"
|
||||||
return 0
|
return 0
|
||||||
else
|
else
|
||||||
printf "\tcheck_mkinitrd: ERR. Your initrd seems not to mount /proc of\n"
|
printf "\tcheck_mkinitrd: ERR. Your initrd seems not to mount /proc of\n"
|
||||||
printf "\t the root filesystem during boot, this may be a\n"
|
printf "\t the root filesystem during boot and/or load_policy\n"
|
||||||
printf "\t reason for SELinux not working.\n"
|
printf "\t is missing,\n"
|
||||||
|
printf "\t this may be a reason for SELinux not working.\n"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
check_initupstart()
|
||||||
|
{
|
||||||
|
CFGFILE="/etc/selinux/config"
|
||||||
|
|
||||||
|
if ! [ -f $CFGFILE ]; then
|
||||||
|
printf "\tcheck_initupstart: ERR. $CFGFILE does not exist.\n"
|
||||||
|
return 1;
|
||||||
|
fi
|
||||||
|
|
||||||
|
POL=$(grep SELINUXTYPE $CFGFILE | sed "s/SELINUXTYPE\s*=\s*"//)
|
||||||
|
|
||||||
|
if ! [ -f /etc/selinux/$POL/booleans ]; then
|
||||||
|
printf "\tcheck_initupstart: ERR. booleans file for policy $POL does not exist.\n"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
INITUS=$(grep init_upstart /etc/selinux/$POL/booleans | sed "s/.*init_upstart\s*=\s*//")
|
||||||
|
|
||||||
|
if [ "$INITUS" == 1 ]; then
|
||||||
|
printf "\tcheck_initupstart: OK. init_upstart in $POL/booleans is set to 1.\n"
|
||||||
|
return 0
|
||||||
|
else
|
||||||
|
printf "\tcheck_initupstart: ERR. init_upstart in $POL/booleans is NOT set to 1 ($INITUS).\n"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
check_packages()
|
check_packages()
|
||||||
{
|
{
|
||||||
PKGLST="checkpolicy policycoreutils selinux-tools libselinux1 libsepol1 libsemanage1 selinux-policy"
|
PKGLST="checkpolicy policycoreutils selinux-tools libselinux1 libsepol1 libsemanage1 selinux-policy"
|
||||||
@ -120,8 +151,13 @@ check_config()
|
|||||||
{
|
{
|
||||||
CF="/etc/selinux/config"
|
CF="/etc/selinux/config"
|
||||||
|
|
||||||
|
|
||||||
if [ -f $CF ];then
|
if [ -f $CF ];then
|
||||||
printf "\tcheck_config: OK. Config file seems to be there.\n"
|
printf "\tcheck_config: OK. Config file seems to be there.\n"
|
||||||
|
if ! [ $(stat --printf=%a $CF) -eq "644" ]; then
|
||||||
|
printf "\tcheck_config: ERR. Config file '$CF' has wrong permissions.\n"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
return 0
|
return 0
|
||||||
else
|
else
|
||||||
printf "\tcheck_config: ERR. Config file '$CF' is missing.\n"
|
printf "\tcheck_config: ERR. Config file '$CF' is missing.\n"
|
||||||
@ -138,6 +174,7 @@ check_boot
|
|||||||
check_mkinitrd
|
check_mkinitrd
|
||||||
check_packages
|
check_packages
|
||||||
check_config
|
check_config
|
||||||
|
check_initupstart
|
||||||
|
|
||||||
rm -rf $TD
|
rm -rf $TD
|
||||||
|
#echo $TD
|
||||||
|
Loading…
Reference in New Issue
Block a user