Overview Repositories Revisions Requests Users Attributes Meta

SELinux binary policy manipulation library

Edit Package libsepol

Security-enhanced Linux is a feature of the Linux(R) kernel and a
number of utilities with enhanced security functionality designed to
add mandatory access controls to Linux. The Security-enhanced Linux
kernel contains new architectural components originally developed to
improve the security of the Flask operating system. These architectural
components provide general support for the enforcement of many kinds of
mandatory access control policies, including those based on the
concepts of Type Enforcement(R), Role-based Access Control, and
Multi-level Security.

libsepol provides an API for the manipulation of SELinux binary
policies. It is used by checkpolicy (the policy compiler) and similar
tools, as well as by programs like load_policy that need to perform
specific transformations on binary policies such as customizing policy
boolean settings.

  • Download package
  • osc -A https://api.opensuse.org checkout SUSE:SLE-12-SP2:GA/libsepol && cd $_
  • Create Badge
Refresh
Refresh
Source Files
Filename Size Changed
baselibs.conf 0000000010 10 Bytes
libsepol-2.5.tar.gz 0000438730 428 KB
libsepol.changes 0000008440 8.24 KB
libsepol.spec 0000004938 4.82 KB
Revision 2 (latest revision is 3)
Stefan Behlert's avatar Stefan Behlert (sbehlert) committed (revision 2) 
- Without bug number no submit to SLE 12 SP2 is possible, so to make
  sle-changelog-checker happy: bsc#988977

- Adjusted source link

- update version 2.5
  * Fix unused variable annotations
  * Fix uninitialized variable in CIL
  * Validate extended avrules and permissionxs in CIL
  * Add support in CIL for neverallowx
  * Fully expand neverallowxperm rules
  * Add support for unordered classes to CIL
  * Add neverallow support for ioctl extended permissions
  * Improve CIL block and macro call recursion detection
  * Fix CIL uninitialized false positive in cil_binary
  * Provide error in CIL if classperms are empty
  * Add userattribute{set} functionality to CIL
  * fix CIL blockinherit copying segfault and add macro restrictions
  * fix CIL NULL pointer dereference when copying classpermission/set
  * Add CIL support for ioctl whitelists
  * Fix memory leak when destroying avtab
  * Replace sscanf in module_to_cil
  * Improve CIL resolution error messages
  * Fix policydb_read for policy versions < 24
  * Added CIL bounds checking and refactored CIL Neverallow checking
  * Refactored libsepol Neverallow and bounds (hierarchy) checking
  * Treat types like an attribute in the attr_type_map
  * Add new ebitmap function named ebitmap_match_any()
  * switch operations to extended perms
  * Write auditadm_r and secadm_r roles to base module when writing CIL
Comments 0
openSUSE Build Service is sponsored by
Places