Where can i find the source code of Userspace Packages with modifications for SELinux?

Where can i find the source code of Userspace Packages with modifications for SELinux?

[xing li]

[-- Attachment #1: Type: text/plain, Size: 1216 bytes --]

Hello every one,

I known that linux distributions have modify some userspace packages in
order to support selinux,such as:

   - SysVinit - load initial policy
   - pam - set security context for user sessions, preserve security context
   on /etc/shadow, check SELinux permissions
   - util-linux - preserve security contexts on /etc/shadow, check SELinux
   permissions
   - openssh - set security context for user sessions
   - vixie-cron - set security context for cron jobs, check permission
   - at - similar to vixie-cron
   - sudo - set security context
   - shadow-utils - preserve security context on /etc/shadow
   - libuser - preserve security context on /etc/shadow, check permission
   - passwd - preserve security context on /etc/shadow, check permission
   - logrotate - preserve security context on logs
   - coreutils - get and set process and file security contexts
   - findutils - find files with specific security contexts or display them
   - procps - display process contexts
   - psmisc - display process contexts

http://userspace.selinuxproject.org/trac/wiki/Userland
and i am interested how the userspace packages be motified?
and where can i find the relevant the source code of these?

[-- Attachment #2: Type: text/html, Size: 1459 bytes --]

Re: Where can i find the source code of Userspace Packages with modifications for SELinux?

[xing li]

[-- Attachment #1: Type: text/plain, Size: 575 bytes --]

I have download the upstart source code from ubuntu
http://packages.ubuntu.com/,  (hardy)
but i have't found the selinux relevant code in it. I am so  confused that
how the /sbin/init invoke
the "load_policy" function during system initialization?

2008/12/27 domg472 g472 <domg472@gmail.com>

> Most if not everything should be upstream. so if you would want to edit
> "cp" then you would get the source code for coreutils on the project site
> for coreutils.
>
> selinux userland tools source is here:
>
> http://userspace.selinuxproject.org/trac/browser/policycoreutils
>

[-- Attachment #2: Type: text/html, Size: 1034 bytes --]

Re: Where can i find the source code of Userspace Packages with modifications for SELinux?

[Daniel J Walsh]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

xing li wrote:
> I have download the upstart source code from ubuntu
> http://packages.ubuntu.com/,  (hardy)
> but i have't found the selinux relevant code in it. I am so  confused that
> how the /sbin/init invoke
> the "load_policy" function during system initialization?
> 
> 2008/12/27 domg472 g472 <domg472@gmail.com>
> 
>> Most if not everything should be upstream. so if you would want to edit
>> "cp" then you would get the source code for coreutils on the project site
>> for coreutils.
>>
>> selinux userland tools source is here:
>>
>> http://userspace.selinuxproject.org/trac/browser/policycoreutils
>>
> 
It doesn't,  load_policy is being executed in the initrd.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAklY7WcACgkQrlYvE4MpobOglACeIt0QPC5rbcKojYOxcWCsfAoD
888AoIVrOzMiCQelt4cEF16/8o4iXg1A
=J1AA
-----END PGP SIGNATURE-----

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Where can i find the source code of Userspace Packages with modifications for SELinux?

[Russell Coker]

On Monday 29 December 2008 18:12, "xing li" <lixing.1006@gmail.com> wrote:
> I have download the upstart source code from ubuntu
> http://packages.ubuntu.com/,  (hardy)
> but i have't found the selinux relevant code in it. I am so  confused that
> how the /sbin/init invoke
> the "load_policy" function during system initialization?

http://etbe.coker.com.au/2008/07/24/se-linux-policy-loading/

I have described all the issues at the above blog post.

Use SysVInit and the patch is there.  If you want to use Upstart then you 
could patch it yourself (it's just a matter of copying a couple of chunks of 
code from SysVInit).

Another option is to use the wrapper script hack that I used ages ago on 
Cobalt machines.  Just boot the kernel with init=/sbin/init-wrapper and then 
have /sbin/init-wrapper be a shell script like the following:
#!/bin/bash
/usr/sbin/load_policy
exec /sbin/init

Messing with the initrd is just a bad idea, such things are not going to 
happen in Debian.

In fact, why not just use Debian?  I think that overall the result you get 
will be a lot better if you use Debian instead of Ubuntu for running SE 
Linux.

-- 
russell@coker.com.au
http://etbe.coker.com.au/          My Main Blog
http://doc.coker.com.au/           My Documents Blog


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Where can i find the source code of Userspace Packages with modifications for SELinux?

[Daniel J Walsh]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

xing li wrote:
> Hello every one,
> 
> I known that linux distributions have modify some userspace packages in
> order to support selinux,such as:
> 
>    - SysVinit - load initial policy
>    - pam - set security context for user sessions, preserve security context
>    on /etc/shadow, check SELinux permissions
>    - util-linux - preserve security contexts on /etc/shadow, check SELinux
>    permissions
>    - openssh - set security context for user sessions
>    - vixie-cron - set security context for cron jobs, check permission
>    - at - similar to vixie-cron
>    - sudo - set security context
>    - shadow-utils - preserve security context on /etc/shadow
>    - libuser - preserve security context on /etc/shadow, check permission
>    - passwd - preserve security context on /etc/shadow, check permission
>    - logrotate - preserve security context on logs
>    - coreutils - get and set process and file security contexts
>    - findutils - find files with specific security contexts or display them
>    - procps - display process contexts
>    - psmisc - display process contexts
> 
> http://userspace.selinuxproject.org/trac/wiki/Userland
> and i am interested how the userspace packages be motified?
> and where can i find the relevant the source code of these?
> 
They are either in the upstream packages or contained as patches in the
Fedora and other Distro Releases
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAklY7aYACgkQrlYvE4MpobMY3wCg4wyZfRrie1gi6PDEj3BjBNF7
v2kAoIUDv6SmffthhWpZ9WuAGNB4WRyK
=iPOd
-----END PGP SIGNATURE-----

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.