selinux

mirror of https://github.com/SELinuxProject/selinux synced 2025-01-13 08:50:53 +00:00

Go to file

Petr Lautrbach 1f89c4e787 libselinux: Eliminate use of security_compute_user() get_ordered_context_list() code used to ask the kernel to compute the complete set of reachable contexts using /sys/fs/selinux/user aka security_compute_user(). This set can be so huge so that it doesn't fit into a kernel page and security_compute_user() fails. Even if it doesn't fail, get_ordered_context_list() throws away the vast majority of the returned contexts because they don't match anything in /etc/selinux/targeted/contexts/default_contexts or /etc/selinux/targeted/contexts/users/ get_ordered_context_list() is rewritten to compute set of contexts based on /etc/selinux/targeted/contexts/users/ and /etc/selinux/targeted/contexts/default_contexts files and to return only valid contexts, using security_check_context(), from this set. Fixes: https://github.com/SELinuxProject/selinux/issues/28 Signed-off-by: Petr Lautrbach <plautrba@redhat.com>		2020-02-20 09:47:23 -05:00
.circleci	CircleCI: run scan-build and publish its results automatically	2019-09-26 09:45:47 -04:00
checkpolicy	libsepol,checkpolicy: support omitting unused initial sid contexts	2020-01-29 10:17:02 -05:00
dbus	Update VERSIONs to 3.0 for release.	2019-11-28 13:46:48 +01:00
gui	Update VERSIONs to 3.0 for release.	2019-11-28 13:46:48 +01:00
libselinux	libselinux: Eliminate use of security_compute_user()	2020-02-20 09:47:23 -05:00
libsemanage	libsemanage: preserve parent Makefile's flags in debug mode	2020-02-07 16:29:04 -05:00
libsepol	libsepol: cache ebitmap cardinality value	2020-02-18 10:36:21 -05:00
mcstrans	Update VERSIONs to 3.0 for release.	2019-11-28 13:46:48 +01:00
policycoreutils	Update VERSIONs to 3.0 for release.	2019-11-28 13:46:48 +01:00
python	python/semanage: check variable type of port before trying to split	2019-12-10 15:21:16 -05:00
restorecond	Update VERSIONs to 3.0 for release.	2019-11-28 13:46:48 +01:00
sandbox	Update VERSIONs to 3.0 for release.	2019-11-28 13:46:48 +01:00
scripts	libsepol, libsemanage: add a macro to silence static analyzer warnings in tests	2019-09-30 08:43:41 -04:00
secilc	Update VERSIONs to 3.0 for release.	2019-11-28 13:46:48 +01:00
semodule-utils	Update VERSIONs to 3.0 for release.	2019-11-28 13:46:48 +01:00
.gitignore
.travis.yml	Travis-CI: test that DEBUG build works	2020-02-07 16:29:04 -05:00
CleanSpec.mk
CONTRIBUTING.md	Fix many misspellings	2019-09-18 22:47:35 +02:00
lgtm.yml	Add configuration file for lgtm.com	2019-09-18 08:24:11 -04:00
Makefile	Makefile: always build with -fno-common	2020-01-27 10:51:23 -05:00
README	README: Update Fedora python 3 dependencies	2019-02-20 16:43:27 +01:00

README

Please submit all bug reports and patches to selinux@vger.kernel.org.
Subscribe by sending "subscribe selinux" in the body of an email
to majordomo@vger.kernel.org.

Build dependencies on Fedora:
yum install audit-libs-devel bison bzip2-devel dbus-devel dbus-glib-devel flex flex-devel flex-static glib2-devel libcap-devel libcap-ng-devel pam-devel pcre-devel python3-devel python3-setools swig xmlto redhat-rpm-config

To build and install everything under a private directory, run:
make DESTDIR=~/obj install install-pywrap

To install as the default system libraries and binaries
(overwriting any previously installed ones - dangerous!),
on x86_64, run:
make LIBDIR=/usr/lib64 SHLIBDIR=/lib64 install install-pywrap relabel
or on x86 (32-bit), run:
make install install-pywrap relabel

This may render your system unusable if the upstream SELinux userspace
lacks library functions or other dependencies relied upon by your
distribution.  If it breaks, you get to keep both pieces.

To install libsepol on macOS (mainly for policy analysis):
cd libsepol; make PREFIX=/usr/local install

This requires GNU coreutils (brew install coreutils).