3e4a902010
Use the libsepol bounds checking to check for and report user and role bounds violations. For type bounds checking, use libsepol bounds checking to determine if there is a violation for a given type. For each violation display an error message that includes the CIL AST from the root node to the node of the rule causing the violation. Example error report: Child type b_t3_c exceeds bounds of parent b_t3 (allow b_t3_c b_tc (file (write))) <root> booleanif at line 148633 of cil.conf.bounds true at line 148634 of cil.conf.bounds allow at line 148636 of cil.conf.bounds (allow b_t3_c b_tc (file (read write))) Signed-off-by: James Carter <jwcart2@tycho.nsa.gov> |
||
---|---|---|
checkpolicy | ||
libselinux | ||
libsemanage | ||
libsepol | ||
policycoreutils | ||
scripts | ||
secilc | ||
sepolgen | ||
.gitignore | ||
Android.mk | ||
CleanSpec.mk | ||
Makefile | ||
README |
README
Please submit all bug reports and patches to selinux@tycho.nsa.gov. Subscribe via selinux-join@tycho.nsa.gov. Build dependencies on Fedora: yum install audit-libs-devel bison bzip2-devel dbus-devel dbus-glib-devel flex flex-devel flex-static glib2-devel libcap-devel libcap-ng-devel pam-devel pcre-devel python-devel setools-devel swig ustr-devel To build and install everything under a private directory, run: make DESTDIR=~/obj install install-pywrap To install as the default system libraries and binaries (overwriting any previously installed ones - dangerous!), on x86_64, run: make LIBDIR=/usr/lib64 SHLIBDIR=/lib64 install install-pywrap relabel or on x86 (32-bit), run: make install install-pywrap relabel This may render your system unusable if the upstream SELinux userspace lacks library functions or other dependencies relied upon by your distribution. If it breaks, you get to keep both pieces.