3
0
forked from pool/libselinux

Accepting request 143038 from home:vitezslav_cizek:branches:security:SELinux

- update selinux-ready script

OBS-URL: https://build.opensuse.org/request/show/143038
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libselinux?expand=0&rev=55
This commit is contained in:
Marcus Meissner 2012-11-27 14:46:54 +00:00 committed by Git OBS Bridge
parent 9696cb31b5
commit a3f964e427
4 changed files with 44 additions and 18 deletions

View File

@ -27,7 +27,7 @@ Version: 2.1.9
Release: 0 Release: 0
Url: http://userspace.selinuxproject.org/ Url: http://userspace.selinuxproject.org/
Summary: SELinux library and simple utilities Summary: SELinux library and simple utilities
License: GPL-2.0 ; SUSE-Public-Domain License: GPL-2.0 and SUSE-Public-Domain
Group: System/Libraries Group: System/Libraries
Source: http://userspace.selinuxproject.org/releases/20120216/libselinux-%{version}.tar.gz Source: http://userspace.selinuxproject.org/releases/20120216/libselinux-%{version}.tar.gz
Source1: selinux-ready Source1: selinux-ready

View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Tue Nov 27 12:38:29 UTC 2012 - vcizek@suse.com
- update selinux-ready script
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Jul 25 11:15:02 UTC 2012 - meissner@suse.com Wed Jul 25 11:15:02 UTC 2012 - meissner@suse.com

View File

@ -25,7 +25,7 @@ Version: 2.1.9
Release: 0 Release: 0
Url: http://userspace.selinuxproject.org/ Url: http://userspace.selinuxproject.org/
Summary: SELinux library and simple utilities Summary: SELinux library and simple utilities
License: GPL-2.0 ; SUSE-Public-Domain License: GPL-2.0 and SUSE-Public-Domain
Group: System/Libraries Group: System/Libraries
Source: http://userspace.selinuxproject.org/releases/20120216/%{name}-%{version}.tar.gz Source: http://userspace.selinuxproject.org/releases/20120216/%{name}-%{version}.tar.gz
Source1: selinux-ready Source1: selinux-ready

View File

@ -22,37 +22,58 @@ check_dir()
check_filesystem() check_filesystem()
{ {
FSPATH="/proc/filesystems" FSPATH="/proc/filesystems"
FSNAME="securityfs" FSNAMES="securityfs selinuxfs"
OK="O"
for FSNAME in $FSNAMES; do
grep -w $FSNAME $FSPATH 1>&2 >/dev/null grep -w $FSNAME $FSPATH 1>&2 >/dev/null
if [ $? == 0 ]; then if [ $? == 0 ]; then
printf "\tcheck_filesystem: OK. Filesystem '$FSNAME' exists.\n" printf "\tcheck_filesystem: OK. Filesystem '$FSNAME' exists.\n"
return 0
else else
printf "\tcheck_filesystem: ERR. Filesystem '$FSNAME' is missing. Please enable SELinux while compiling the kernel.\n" printf "\tcheck_filesystem: ERR. Filesystem '$FSNAME' is missing. Please enable SELinux while compiling the kernel.\n"
return 0 OK="1"
fi
done
if [ "$OK" == "0" ]; then
return 0;
else
return 1;
fi fi
} }
check_boot() check_boot()
{ {
BPARAM="selinux=1" BPARAM1="security=selinux"
BPARAM2="selinux=1"
printf "\tcheck_boot: Assuming GRUB as bootloader.\n" printf "\tcheck_boot: Assuming GRUB2 as bootloader.\n"
BLINE=$(grep -- $BPARAM /boot/grub/menu.lst 2>/dev/null) # XXX check for multiple lines in config # look for parameters of the current kernel
CURRENT_KERNEL=$(uname -r)
if [ $? == 0 ]; then OTHERS=""
RETVAL="FAIL"
while read BLINE
do
K=$(echo $BLINE | awk -F' ' '{print $2}') K=$(echo $BLINE | awk -F' ' '{print $2}')
KERNEL=$(basename $K) KERNEL=$(basename $K)
K=$(echo $KERNEL | sed s/vmlinuz-//) K=$(echo $KERNEL | sed s/vmlinuz-//)
if [ "$K" == "$CURRENT_KERNEL" ]; then
INITRD=initrd-$K INITRD=initrd-$K
printf "\tcheck_boot: OK. Kernel '$KERNEL' has boot-parameter '$BPARAM'\n" RETVAL="OK"
else
OTHERS="$KERNEL $OTHERS"
fi
done < <(grep -- $BPARAM1 /boot/grub2/grub.cfg 2>/dev/null | grep -- $BPARAM2)
if [ "$RETVAL" == OK ]; then
printf "\tcheck_boot: OK. Current kernel '$KERNEL' has boot-parameters '$BPARAM1 $BPARAM2'\n"
printf "\tcheck_boot: OK. Other kernels with correct parameters: $OTHERS\n"
return 0 return 0
else else
printf "\tcheck_boot: ERR. Boot-parameter missing for booting the kernel.\n" printf "\tcheck_boot: ERR. Boot-parameter missing for booting the kernel.\n"
printf "\t Please use YaST2 to add 'selinux=1' to the kernel boot-parameter list.\n" printf "\t Please use YaST2 to add 'security=selinux selinux=1' to the kernel boot-parameter list.\n"
return 1 return 1
fi fi
} }
@ -141,7 +162,7 @@ check_initupstart()
return 1; return 1;
fi fi
POL=$(grep SELINUXTYPE $CFGFILE | sed "s/SELINUXTYPE\s*=\s*"//) POL=$(grep "^\s*SELINUXTYPE" $CFGFILE | sed "s/SELINUXTYPE\s*=\(\S*\)\s*"/\\1/)
if ! [ -f /etc/selinux/$POL/booleans ]; then if ! [ -f /etc/selinux/$POL/booleans ]; then
printf "\tcheck_initupstart: ERR. booleans file for policy $POL does not exist.\n" printf "\tcheck_initupstart: ERR. booleans file for policy $POL does not exist.\n"