From: KaiGai Kohei <kaigai@kaigai.gr.jp>
To: busybox@busybox.net, selinux@tycho.nsa.gov
Cc: rob@landley.net, dwalsh@redhat.com, russell@coker.com.au,
busybox@kaigai.gr.jp
Subject: [PATCH 0/8] busybox -- libselinux utilities applets
Date: Thu, 25 Jan 2007 23:35:37 +0900 [thread overview]
Message-ID: <45B8C039.10907@kaigai.gr.jp> (raw)
Hello,
The following patches provide utilities included in libselinux
package against to the latest busybox repository.
Any of them are fundamental one to use SELinux.
We are welcoming any comment, and hope to merge it into busybox.
NOTE: How to configure
All applets of them depend on CONFIG_SELINUX, so you have to
enable it by the following step on 'menuconfig'.
Busybox Settings --->
General Configuration --->
[*] Support NSA Security Enhanced Linux (CONFIG_SELINUX)
and, enable any checks under 'Selinux Utilities --->'
[1/8] busybox-libselinux-01-common.patch
The common part of libselinux package
- modification of Makefile
- add '-lselinux', if CONFIG_SELINUX enabled
(It was never linked, so we could not build with SELinux
support in busybox-1.4.0)
- add selinux/Config.in and selinux/Kbuild
- add usage.h and applets.h for the series of applets
[2/8] busybox-libselinux-02-getenforce.patch
getenforce - get the current mode of SELinux.
SELinux has two mode. 'Enforcing' is the one, it enables
mandatory access control based on the security policy.
The other is 'Permissive' mode. It enables to evaluate
security policy and output audit messages, if violated.
But mandatory access control was not done. It was used
to debug policy.
[3/8] busybox-libselinux-03-selinuxenabled.patch
selinuxenabled returns 0 as a command exit code,
if SELinux is enabled.
Typically, shell-scripts use it to decide whether
SELinux is working, or not.
[4/8] busybox-libselinux-04-getsebool.patch
getsebool reports the a particular or all SELinux
boolean variable.
SELinux boolean variable is a interface to configure
the condition of security policy. We can enable or
disable the part of the security policy via boolean
variable.
[5/8] busybox-libselinux-05-avcstat.patch
avcstat reports SELinux AVC(Access Vector Cache) statistics.
AVC is a in-kernel data structure to accelerate SELinux's
decision making.
[6/8] busybox-libselinux-06-togglesebool.patch
togglesebool - flip the current value of a SELinux
boolean variable.
[7/8] busybox-libselinux-07-matchpathcon.patch
matchpathcon - get the default security context for
the specified path from the file contexts configuration.
Security context is a identifier for SELinux.
Any files has a own security context, and SELinux use it
to evaluate the attribute of the file.
When we are setting up a system, we have to attach a security
context for each files. so, we can obtain the most appropriate
security context by using matchpathcon.
[8/8] busybox-libselinux-08-setenforce.patch
setenforce - modify the mode SELinux is running in Enforcing
mode or Permissive.
This project is originated from some of JPSEUG(Japan SELinux
User Group). Now, we are preparing to submit patches related
to SELinux like policycoreutils, '-Z' option support.
Please wait for a bit.
Thanks,
--
KaiGai Kohei <kaigai@kaigai.gr.jp>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next reply other threads:[~2007-01-25 14:34 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-01-25 14:35 KaiGai Kohei [this message]
2007-01-25 14:44 ` [PATCH 2/8] busybox -- libselinux utilities applets KaiGai Kohei
[not found] ` <200701270054.34561.vda.linux@googlemail.com>
2007-01-29 13:47 ` KaiGai Kohei
2007-01-25 14:44 ` [PATCH 3/8] " KaiGai Kohei
2007-01-25 14:44 ` [PATCH 4/8] " KaiGai Kohei
[not found] ` <200701270059.34996.vda.linux@googlemail.com>
2007-01-29 14:06 ` KaiGai Kohei
[not found] ` <20070130092817.GA32212@aon.at>
2007-01-31 12:13 ` [busybox:00323] " KaiGai Kohei
2007-01-25 14:44 ` [PATCH 5/8] " KaiGai Kohei
2007-01-26 20:10 ` Christopher J. PeBenito
2007-01-29 12:28 ` Russell Coker
2007-01-29 14:44 ` KaiGai Kohei
2007-01-25 14:44 ` [PATCH 6/8] " KaiGai Kohei
2007-01-25 14:45 ` [PATCH 7/8] " KaiGai Kohei
[not found] ` <200701270050.27149.vda.linux@googlemail.com>
2007-01-29 13:43 ` KaiGai Kohei
2007-01-25 14:45 ` [PATCH 8/8] " KaiGai Kohei
2007-01-26 15:29 ` [PATCH 0/8] " KaiGai Kohei
2007-01-29 17:38 ` James Carter
2007-01-26 19:36 ` Christopher J. PeBenito
2007-01-29 13:31 ` KaiGai Kohei
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=45B8C039.10907@kaigai.gr.jp \
--to=kaigai@kaigai.gr.jp \
--cc=busybox@busybox.net \
--cc=busybox@kaigai.gr.jp \
--cc=dwalsh@redhat.com \
--cc=rob@landley.net \
--cc=russell@coker.com.au \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.