forked from pool/libselinux
Accepting request 143038 from home:vitezslav_cizek:branches:security:SELinux
- update selinux-ready script OBS-URL: https://build.opensuse.org/request/show/143038 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libselinux?expand=0&rev=55
This commit is contained in:
parent
9696cb31b5
commit
a3f964e427
@ -27,7 +27,7 @@ Version: 2.1.9
|
|||||||
Release: 0
|
Release: 0
|
||||||
Url: http://userspace.selinuxproject.org/
|
Url: http://userspace.selinuxproject.org/
|
||||||
Summary: SELinux library and simple utilities
|
Summary: SELinux library and simple utilities
|
||||||
License: GPL-2.0 ; SUSE-Public-Domain
|
License: GPL-2.0 and SUSE-Public-Domain
|
||||||
Group: System/Libraries
|
Group: System/Libraries
|
||||||
Source: http://userspace.selinuxproject.org/releases/20120216/libselinux-%{version}.tar.gz
|
Source: http://userspace.selinuxproject.org/releases/20120216/libselinux-%{version}.tar.gz
|
||||||
Source1: selinux-ready
|
Source1: selinux-ready
|
||||||
|
@ -1,3 +1,8 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Nov 27 12:38:29 UTC 2012 - vcizek@suse.com
|
||||||
|
|
||||||
|
- update selinux-ready script
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Jul 25 11:15:02 UTC 2012 - meissner@suse.com
|
Wed Jul 25 11:15:02 UTC 2012 - meissner@suse.com
|
||||||
|
|
||||||
|
@ -25,7 +25,7 @@ Version: 2.1.9
|
|||||||
Release: 0
|
Release: 0
|
||||||
Url: http://userspace.selinuxproject.org/
|
Url: http://userspace.selinuxproject.org/
|
||||||
Summary: SELinux library and simple utilities
|
Summary: SELinux library and simple utilities
|
||||||
License: GPL-2.0 ; SUSE-Public-Domain
|
License: GPL-2.0 and SUSE-Public-Domain
|
||||||
Group: System/Libraries
|
Group: System/Libraries
|
||||||
Source: http://userspace.selinuxproject.org/releases/20120216/%{name}-%{version}.tar.gz
|
Source: http://userspace.selinuxproject.org/releases/20120216/%{name}-%{version}.tar.gz
|
||||||
Source1: selinux-ready
|
Source1: selinux-ready
|
||||||
|
@ -22,37 +22,58 @@ check_dir()
|
|||||||
check_filesystem()
|
check_filesystem()
|
||||||
{
|
{
|
||||||
FSPATH="/proc/filesystems"
|
FSPATH="/proc/filesystems"
|
||||||
FSNAME="securityfs"
|
FSNAMES="securityfs selinuxfs"
|
||||||
|
OK="O"
|
||||||
|
|
||||||
|
for FSNAME in $FSNAMES; do
|
||||||
grep -w $FSNAME $FSPATH 1>&2 >/dev/null
|
grep -w $FSNAME $FSPATH 1>&2 >/dev/null
|
||||||
|
|
||||||
if [ $? == 0 ]; then
|
if [ $? == 0 ]; then
|
||||||
printf "\tcheck_filesystem: OK. Filesystem '$FSNAME' exists.\n"
|
printf "\tcheck_filesystem: OK. Filesystem '$FSNAME' exists.\n"
|
||||||
return 0
|
|
||||||
else
|
else
|
||||||
printf "\tcheck_filesystem: ERR. Filesystem '$FSNAME' is missing. Please enable SELinux while compiling the kernel.\n"
|
printf "\tcheck_filesystem: ERR. Filesystem '$FSNAME' is missing. Please enable SELinux while compiling the kernel.\n"
|
||||||
return 0
|
OK="1"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
if [ "$OK" == "0" ]; then
|
||||||
|
return 0;
|
||||||
|
else
|
||||||
|
return 1;
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
check_boot()
|
check_boot()
|
||||||
{
|
{
|
||||||
BPARAM="selinux=1"
|
BPARAM1="security=selinux"
|
||||||
|
BPARAM2="selinux=1"
|
||||||
|
|
||||||
printf "\tcheck_boot: Assuming GRUB as bootloader.\n"
|
printf "\tcheck_boot: Assuming GRUB2 as bootloader.\n"
|
||||||
|
|
||||||
BLINE=$(grep -- $BPARAM /boot/grub/menu.lst 2>/dev/null) # XXX check for multiple lines in config
|
# look for parameters of the current kernel
|
||||||
|
CURRENT_KERNEL=$(uname -r)
|
||||||
if [ $? == 0 ]; then
|
OTHERS=""
|
||||||
|
RETVAL="FAIL"
|
||||||
|
while read BLINE
|
||||||
|
do
|
||||||
K=$(echo $BLINE | awk -F' ' '{print $2}')
|
K=$(echo $BLINE | awk -F' ' '{print $2}')
|
||||||
KERNEL=$(basename $K)
|
KERNEL=$(basename $K)
|
||||||
K=$(echo $KERNEL | sed s/vmlinuz-//)
|
K=$(echo $KERNEL | sed s/vmlinuz-//)
|
||||||
|
|
||||||
|
if [ "$K" == "$CURRENT_KERNEL" ]; then
|
||||||
INITRD=initrd-$K
|
INITRD=initrd-$K
|
||||||
printf "\tcheck_boot: OK. Kernel '$KERNEL' has boot-parameter '$BPARAM'\n"
|
RETVAL="OK"
|
||||||
|
else
|
||||||
|
OTHERS="$KERNEL $OTHERS"
|
||||||
|
fi
|
||||||
|
done < <(grep -- $BPARAM1 /boot/grub2/grub.cfg 2>/dev/null | grep -- $BPARAM2)
|
||||||
|
|
||||||
|
if [ "$RETVAL" == OK ]; then
|
||||||
|
printf "\tcheck_boot: OK. Current kernel '$KERNEL' has boot-parameters '$BPARAM1 $BPARAM2'\n"
|
||||||
|
printf "\tcheck_boot: OK. Other kernels with correct parameters: $OTHERS\n"
|
||||||
return 0
|
return 0
|
||||||
else
|
else
|
||||||
printf "\tcheck_boot: ERR. Boot-parameter missing for booting the kernel.\n"
|
printf "\tcheck_boot: ERR. Boot-parameter missing for booting the kernel.\n"
|
||||||
printf "\t Please use YaST2 to add 'selinux=1' to the kernel boot-parameter list.\n"
|
printf "\t Please use YaST2 to add 'security=selinux selinux=1' to the kernel boot-parameter list.\n"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
@ -141,7 +162,7 @@ check_initupstart()
|
|||||||
return 1;
|
return 1;
|
||||||
fi
|
fi
|
||||||
|
|
||||||
POL=$(grep SELINUXTYPE $CFGFILE | sed "s/SELINUXTYPE\s*=\s*"//)
|
POL=$(grep "^\s*SELINUXTYPE" $CFGFILE | sed "s/SELINUXTYPE\s*=\(\S*\)\s*"/\\1/)
|
||||||
|
|
||||||
if ! [ -f /etc/selinux/$POL/booleans ]; then
|
if ! [ -f /etc/selinux/$POL/booleans ]; then
|
||||||
printf "\tcheck_initupstart: ERR. booleans file for policy $POL does not exist.\n"
|
printf "\tcheck_initupstart: ERR. booleans file for policy $POL does not exist.\n"
|
||||||
|
Loading…
Reference in New Issue
Block a user