No description
031ee84821
This updates the semodule tool with the ability to set the priority for
commands, to enable/disable modules, and extended module listing options
for displaying extra module information (e.g., priority, enabled status,
and language extension).
[semodule priority]
-X --priority set the priority for following operations
Notes:
* This sets the priority for the following operations.
* It can be used any number of times with its effect continuing until
the next priority is specified.
* The default priority is used if no priority has yet been specified.
Impact on current operations:
* Install module
* Without priority - Install at default priority.
* With priority - Install at specified priority.
* New warning when overriding (issued by libsemanage).
* Upgrade module
* Without priority - Upgrade at default priority (current upgrade
semantics apply).
* With priority - Upgrade at specified priority (current upgrade
semantics apply).
* New warning when overriding (issued by libsemanage).
* Remove module
* Without priority - Remove a module at the default if exists.
* With priority - Remove at that priority.
* New info messages (issued by libsemanage):
* If no modules exist at the given priority but do exist at other
priorities, give an info message listing the modules and priority.
* If a new module at a lower priority will become active print a
message.
* If the last module with this name is being removed print a
message.
* Base
* The name of base module on install is fixed to "_base" (performed by
libsemanage).
* Without priority - Install at default priority.
* With priority - Install at specified priority.
* New warning when overriding (issued by libsemanage).
* List modules
* See listing changes below.
Examples:
semodule -i foo.pp
semodule -X 500 -i foo.pp
[semodule enable/disable]
Add enable/disable status:
-e --enable enable the module (at all priorities)
-d --disable disable the module (at all priorities)
Notes:
* Base modules are always enabled and cannot have their enabled/disabled
status changed.
* New error when disabling a base module (from libsemanage).
* New warning when enabling a base module (from libsemanage).
Impact on current operations:
* Install module
* If a module with that name is already installed, then the enabled
status will remain the same after installing the new module.
* New warning when installing a module which will be disabled by
existing enabled status (from libsemanage).
* Upgrade module
* If a module with that name is already installed, then the enabled
status will remain the same after installing the new module.
* New warning when installing a module which will be disabled by
existing enabled status (from libsemanage).
* Remove module
* When the last module with a given name is removed (no more exist at
other priorities) then the enabled status is forgotten.
* Base
* Base modules are always installed enabled and remain so (can't be
disabled).
* List modules
* See listing changes below.
Examples:
semodule -e foo
semodule -d foo
[semodule list]
-l --list list modules as if by -lstandard
-lstandard --list=standard list name and version of highest priority,
enabled, non-base modules sorted alphabetical
by name
-lfull --list=full list all fields of all modules columnated
sorted high priority to low, within priority
alphabetical by name
Impact on current operations:
* List modules
* Default listing stays the same.
* New long options for 'standard' and 'full'.
Examples:
semodule -l
semodule -lstandard
semodule --list=standard
alsa 1.7.1
apm 1.9.1
apt 1.5.2
authlogin 2.0.0
avahi 1.10.3
bluetooth 3.1.3
...
semodule -lfull
semodule --list=full
600 alsa 1.7.1 disabled pp
400 _base 1.0.0 pp
400 alsa 1.7.1 disabled pp
400 apm 1.9.1 pp
400 apt 1.5.2 pp
400 authlogin 2.0.0 pp
...
100 alsa 1.7.1 disabled pp
Signed-off-by: Chad Sellers <csellers@tresys.com>
|
||
|---|---|---|
| checkpolicy | ||
| libselinux | ||
| libsemanage | ||
| libsepol | ||
| policycoreutils | ||
| scripts | ||
| sepolgen | ||
| .gitignore | ||
| Makefile | ||
| README | ||
To build and install everything under a private directory, run: make DESTDIR=~/obj install install-pywrap To install as the default system libraries and binaries (overwriting any previously installed ones - dangerous!), on x86_64, run: make LIBDIR=/usr/lib64 SHLIBDIR=/lib64 install install-pywrap relabel or on x86 (32-bit), run: make install install-pywrap relabel This may render your system unusable if the upstream SELinux userspace lacks library functions or other dependencies relied upon by your distribution. If it breaks, you get to keep both pieces.