Go to file
James Carter 3e4a902010 libsepol/cil: Add CIL bounds checking and reporting.
Use the libsepol bounds checking to check for and report user and
role bounds violations.

For type bounds checking, use libsepol bounds checking to determine
if there is a violation for a given type. For each violation display
an error message that includes the CIL AST from the root node to the
node of the rule causing the violation.

Example error report:
Child type b_t3_c exceeds bounds of parent b_t3
  (allow b_t3_c b_tc (file (write)))
    <root>
    booleanif at line 148633 of cil.conf.bounds
    true at line 148634 of cil.conf.bounds
    allow at line 148636 of cil.conf.bounds
      (allow b_t3_c b_tc (file (read write)))

Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2015-06-22 10:03:16 -04:00
checkpolicy Update checkpolicy and libsepol ChangeLogs. 2015-06-15 09:23:20 -04:00
libselinux libselinux: Correctly handle an empty file_contexts file. 2015-06-22 09:11:33 -04:00
libsemanage Update libsemanage ChangeLog 2015-04-23 08:35:39 -04:00
libsepol libsepol/cil: Add CIL bounds checking and reporting. 2015-06-22 10:03:16 -04:00
policycoreutils Updated policycoreutils ChangeLog. 2015-06-12 08:59:11 -04:00
scripts Add secilc to release script. 2015-03-31 12:41:28 -04:00
secilc Update checkpolicy and secilc ChangeLogs. 2015-06-15 09:17:16 -04:00
sepolgen Update ChangeLogs. 2015-03-18 08:37:10 -04:00
.gitignore global: gitignore: add a couple of more editor backup filetypes 2013-02-01 12:14:57 -05:00
Android.mk Add empty top level Android.mk / CleanSpec.mk files 2015-04-16 07:54:09 -04:00
CleanSpec.mk Add empty top level Android.mk / CleanSpec.mk files 2015-04-16 07:54:09 -04:00
Makefile libsepol: Move secilc out of libsepol 2015-03-31 12:31:38 -04:00
README Add further build dependencies. 2015-02-23 09:08:13 -05:00

README

Please submit all bug reports and patches to selinux@tycho.nsa.gov.
Subscribe via selinux-join@tycho.nsa.gov.

Build dependencies on Fedora:
yum install audit-libs-devel bison bzip2-devel dbus-devel dbus-glib-devel flex flex-devel flex-static glib2-devel libcap-devel libcap-ng-devel pam-devel pcre-devel python-devel setools-devel swig ustr-devel

To build and install everything under a private directory, run:
make DESTDIR=~/obj install install-pywrap

To install as the default system libraries and binaries
(overwriting any previously installed ones - dangerous!),
on x86_64, run:
make LIBDIR=/usr/lib64 SHLIBDIR=/lib64 install install-pywrap relabel
or on x86 (32-bit), run:
make install install-pywrap relabel

This may render your system unusable if the upstream SELinux userspace
lacks library functions or other dependencies relied upon by your
distribution.  If it breaks, you get to keep both pieces.