SELinux binary policy manipulation library
Security-enhanced Linux is a feature of the Linux(R) kernel and a
number of utilities with enhanced security functionality designed to
add mandatory access controls to Linux. The Security-enhanced Linux
kernel contains new architectural components originally developed to
improve the security of the Flask operating system. These architectural
components provide general support for the enforcement of many kinds of
mandatory access control policies, including those based on the
concepts of Type Enforcement(R), Role-based Access Control, and
Multi-level Security.
libsepol provides an API for the manipulation of SELinux binary
policies. It is used by checkpolicy (the policy compiler) and similar
tools, as well as by programs like load_policy that need to perform
specific transformations on binary policies such as customizing policy
boolean settings.
- Developed at security:SELinux
- Sources inherited from project openSUSE:Factory
-
7
derived packages
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout openSUSE:Factory:Rebuild/libsepol && cd $_
- Create Badge
Source Files
Filename | Size | Changed |
---|---|---|
baselibs.conf | 0000000010 10 Bytes | |
libsepol-3.7.tar.gz | 0000511487 499 KB | |
libsepol-3.7.tar.gz.asc | 0000000833 833 Bytes | |
libsepol.changes | 0000017965 17.5 KB | |
libsepol.keyring | 0000006913 6.75 KB | |
libsepol.spec | 0000004300 4.2 KB |
Latest Revision
- Update to version 3.7 https://github.com/SELinuxProject/selinux/releases/tag/3.7 * User-visible changes: * libsepol: improve policy lookup failure message * libsepol: include prefix for module policy versions * libsepol: validate type-attribute-map for old policies * libsepol: only exempt gaps checking for kernel policies * Bugfixes: * libsepol/src/Makefile: fix reallocarray detection * libsepol/cil: Fix detected RESOURCE_LEAK (CWE-772) * libsepol: ensure transitivity in compare functions * oss-fuzz fixes: * libsepol: check scope permissions refer to valid class * libsepol: validate attribute-type maps * libsepol: reject self flag in type rules in old policies * libsepol: validate class permissions * libsepol: validate access vector permissions * libsepol: reject MLS support in pre-MLS policies * libsepol: Fix buffer overflow when using sepol_av_to_string() * libsepol: Use a dynamic buffer in sepol_av_to_string()
Comments 0