3
0
forked from pool/libsemanage
libsemanage/semanage.conf
Marcus Meissner d3e4c7a08c Accepting request 161740 from home:vitezslav_cizek:branches:security:SELinux
- update to 2.1.10
  * Add sefcontext_compile to compile regex everytime policy is rebuilt
  * Cleanup/fix enable/disable/remove module.
  * redo genhomedircon minuid
  * fixes from coverity
  * semanage_store: do not leak memory in semanage_exec_prog
  * genhomedircon: remove useless conditional in get_home_dirs
  * genhomedircon: double free in get_home_dirs
  * fcontext_record: do not leak on error in semanage_fcontext_key_create
  * genhomedircon: do not leak on failure in write_gen_home_dir_context
  * semanage_store: do not leak fd
  * genhomedircon: do not leak shells list
  * semanage_store: do not leak on strdup failure
  * semanage_store: rewrite for readability

OBS-URL: https://build.opensuse.org/request/show/161740
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsemanage?expand=0&rev=42
2013-04-02 11:49:38 +00:00

52 lines
2.3 KiB
Plaintext

# Authors: Jason Tang <jtang@tresys.com>
#
# Copyright (C) 2004-2005 Tresys Technology, LLC
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
#
# Specify how libsemanage will interact with a SELinux policy manager.
# The four options are:
#
# "source" - libsemanage manipulates a source SELinux policy
# "direct" - libsemanage will write directly to a module store.
# /foo/bar - Write by way of a policy management server, whose
# named socket is at /foo/bar. The path must begin
# with a '/'.
# foo.com:4242 - Establish a TCP connection to a remote policy
# management server at foo.com. If there is a colon
# then the remainder is interpreted as a port number;
# otherwise default to port 4242.
module-store = direct
# When generating the final linked and expanded policy, by default
# semanage will set the policy version to POLICYDB_VERSION_MAX, as
# given in <sepol/policydb.h>. Change this setting if a different
# version is necessary.
#policy-version = 19
# expand-check check neverallow rules when executing all semanage commands.
# Large penalty in time if you turn this on.
expand-check=0
# usepasswd check tells semanage to scan all pass word records for home directories
# and setup the labeling correctly. If this is turned off, SELinux will label /home
# correctly only. You will need to use semanage fcontext command.
# For example, if you had home dirs in /althome directory you would have to execute
# semanage fcontext -a -e /home /althome
usepasswd=False
bzip-small=true
bzip-blocksize=5
ignoredirs=/root