danwalsh


Dan Walsh's Blog

Got SELinux?


Previous Entry Share Next Entry
SELinux Halloween Release
danwalsh
Red Hat had the famous Halloween Release.

Coincidentally a major release of SELinux tool chain went out yesterday.  It should be showing up in the Rawhide mirrors now.  Most of these code was already in Fedora, and RHEL7,  but we were able to upstream some very large patches, and I just thought I would point out the changes that went into this release.  The last release of the tool chain April 4, 2013.  We still have some small patches in Fedora but most of our code is now upstream.    The change logs below give you some idea of what changes have been made.

libsepol
2.2 2013-10-30
    * Allow constraint denial cause to be determined from Richard Haines.
      - Add kernel policy version 29.
      - Add modular policy version 17.
      - Add sepol_compute_av_reason_buffer(), sepol_string_to_security_class(), sepol_string_to_av_perm().
    * Support overriding Makefile RANLIB from Sven Vermeulen.
    * Fix man pages from Laurent Bigonville.

Checkpolicy
2.2 2013-10-30
    * Fix hyphen usage in man pages from Laurent Bigonville.
    * handle-unknown / -U required argument fix from Laurent Bigonville.
    * Support overriding Makefile PATH and LIBDIR from Laurent Bigonville.
    * Support space and : in filenames from Red Hat.

sepolgen
    * Return additional constraint information.
    * Fix bug in calls to attributes from Red Hat.
    * Add support for filename transitions from Red Hat.
    * Fix sepolgen tests from Red Hat.

libselinux
2.2 2013-10-30
    * Fix avc_has_perm() returns -1 even when SELinux is in permissive mode.
    * Support overriding Makefile RANLIB from Sven Vermeulen.
    * Update pkgconfig definition from Sven Vermeulen.
    * Mount sysfs before trying to mount selinuxfs from Sven Vermeulen.
    * Fix man pages from Laurent Bigonville.
    * Support overriding PATH  and LIBBASE in Makefiles from Laurent Bigonville.
    * Fix LDFLAGS usage from Laurent Bigonville
    * Avoid shadowing stat in load_mmap from Joe MacDonald.
    * Support building on older PCRE libraries from Joe MacDonald.
    * Fix handling of temporary file in sefcontext_compile from Red Hat.
    * Fix procattr cache from Red Hat.
    * Define python constants for getenforce result from Red Hat.
    * Fix label substitution handling of / from Red Hat.
    * Add selinux_current_policy_path from Red Hat.
    * Change get_context_list to only return good matches from Red Hat.
    * Support udev-197 and higher from Sven Vermeulen and Red Hat.
    * Add support for local substitutions from Red Hat.
    * Change setfilecon to not return ENOSUP if context is already correct from Red Hat.
    * Python wrapper leak fixes from Red Hat.
    * Export SELINUX_TRANS_DIR definition in selinux.h from Red Hat.
    * Add selinux_systemd_contexts_path from Red Hat.
    * Add selinux_set_policy_root from Red Hat.
    * Add man page for sefcontext_compile from Red Hat.

libsemanage

2.2 2013-10-30
    * Avoid duplicate list entries from Red Hat.
    * Add audit support to libsemanage from Red Hat.
    * Remove policy.kern and replace with symlink from Red Hat.
    * Apply a MAX_UID check for genhomedircon from Laurent Bigonville.
    * Fix man pages from Laurent Bigonville.

policycoreutils
2.2 2013-10-30
    * Properly build the swig exception file from Laurent Bigonville.
    * Fix man pages from Laurent Bigonville.
    * Support overriding PATH and INITDIR in Makefile from Laurent Bigonville.
    * Fix LDFLAGS usage from Laurent Bigonville.
    * Fix init_policy warning from Laurent Bigonville.
    * Fix semanage logging from Laurent Bigonville.
    * Open newrole stdin as read/write from Sven Vermeulen.
    * Fix sepolicy transition from Sven Vermeulen.
    * Support overriding CFLAGS from Simon Ruderich.
    * Create correct man directory for run_init from Russell Coker.
    * restorecon GLOB_BRACE change from Michal Trunecka.
    * Extend audit2why to report additional constraint information.
    * Catch IOError errors within audit2allow from Red Hat.
    * semanage export/import fixes from Red Hat.
    * Improve setfiles progress reporting from Red Hat.
    * Document setfiles -o option in usage from Red Hat.
    * Change setfiles to always return -1 on failure from Red Hat.
    * Improve setsebool error r eporting from Red Hat.
    * Major overhaul of gui from Red Hat.
    * Fix sepolicy handling of non-MLS policy from Red Hat.
    * Support returning type aliases from Red Hat.
    * Add sepolicy tests from Red Hat.
    * Add org.selinux.config.policy from Red Hat.
    * Improve range and user input checking by semanage from Red Hat.
    * Prevent source or target arguments that end with / for substitutions from Red Hat.
    * Allow use of <<none>> for semanage fcontext from Red Hat.
    * Report customized user levels from Red Hat.
    * Support deleteall for restoring disabled modules from Red Hat.
    * Improve semanage error reporting from Red Hat.
    * Only list disabled modules for module locallist from Red Hat.
    * Fix logging from Red Hat.
    * Define new constants for file type character codes from Red Hat.
    * Improve bash completions from Red Hat.
    * Convert semanage to argparse from Red Hat (originally by Dave Quigley).
    * Add semanage tests from Red Hat.
    * Split semanage man pages from Red Hat.
    * Move bash completion scripts from Red Hat.
    * Replace genhomedircon script with a link to semodule from Red Hat.
    * Fix fixfiles from Red Hat.
    * Add support for systemd service for restorecon from Red Hat.
    * Spelling corrections from Red Hat.
    * Improve sandbox support for home dir symlinks and file caps from Red Hat.
    * Switch sandbox to openbox window manager from Red Hat.
    * Coalesce audit2why and audit2allow from Red Hat.
    * Change audit2allow to append to output file from Red Hat.
    * Update translations from Red Hat.
    * Change audit2why to use selinux_current_policy_path from Red Hat.

SELinux add object type

Cam McKenzie

2013-12-03 11:52 pm (UTC)

Hi Dan,

A little off topic but how do create a object type. I want to create a new object type so I can start developing SELinux modules for other pieces of software but I can't seem to find any doco about howto.

Cheers
Cam

Re: SELinux add object type

danwalsh

2013-12-04 01:19 pm (UTC)

Good question, and I am not sure you can, outside of the base policy package.

Could you ask this question on the SELinux developers mailing list.

<selinux@tycho.nsa.gov>

You are viewing danwalsh