Please login to access the resource

SELinux binary policy manipulation library

Edit Package libsepol

Security-enhanced Linux is a feature of the Linux(R) kernel and a
number of utilities with enhanced security functionality designed to
add mandatory access controls to Linux. The Security-enhanced Linux
kernel contains new architectural components originally developed to
improve the security of the Flask operating system. These architectural
components provide general support for the enforcement of many kinds of
mandatory access control policies, including those based on the
concepts of Type Enforcement(R), Role-based Access Control, and
Multi-level Security.

libsepol provides an API for the manipulation of SELinux binary
policies. It is used by checkpolicy (the policy compiler) and similar
tools, as well as by programs like load_policy that need to perform
specific transformations on binary policies such as customizing policy
boolean settings.

Refresh
Refresh
Source Files
Filename Size Changed
baselibs.conf 0000000010 10 Bytes
libsepol-3.7.tar.gz 0000511487 499 KB
libsepol-3.7.tar.gz.asc 0000000833 833 Bytes
libsepol.changes 0000017965 17.5 KB
libsepol.keyring 0000006913 6.75 KB
libsepol.spec 0000004300 4.2 KB
Latest Revision
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1185748 from Cathy Hu's avatar Cathy Hu (cahu) (revision 56)
- Update to version 3.7
  https://github.com/SELinuxProject/selinux/releases/tag/3.7
  * User-visible changes:
    * libsepol: improve policy lookup failure message
    * libsepol: include prefix for module policy versions
    * libsepol: validate type-attribute-map for old policies
    * libsepol: only exempt gaps checking for kernel policies
  * Bugfixes:
    * libsepol/src/Makefile: fix reallocarray detection
    * libsepol/cil: Fix detected RESOURCE_LEAK (CWE-772)
    * libsepol: ensure transitivity in compare functions
  * oss-fuzz fixes:
    * libsepol: check scope permissions refer to valid class
    * libsepol: validate attribute-type maps
    * libsepol: reject self flag in type rules in old policies
    * libsepol: validate class permissions
    * libsepol: validate access vector permissions
    * libsepol: reject MLS support in pre-MLS policies
    * libsepol: Fix buffer overflow when using sepol_av_to_string()
    * libsepol: Use a dynamic buffer in sepol_av_to_string()
Comments 0
openSUSE Build Service is sponsored by