Name: | libsepol |
---|---|
Version: | 2.5 |
Release: | 10.el7 |
Architecture: | x86_64 |
Group: | System Environment/Libraries |
Size: | 686640 |
License: | LGPLv2+ |
RPM: | libsepol-2.5-10.el7.x86_64.rpm |
Source RPM: | libsepol-2.5-10.el7.src.rpm |
Build Date: | Sat Aug 25 2018 |
Build Host: | x86-ol7-builder-02.us.oracle.com |
Vendor: | Oracle America |
URL: | https://github.com/SELinuxProject/selinux/wiki |
Summary: | SELinux binary policy manipulation library |
Description: | Security-enhanced Linux is a feature of the Linux® kernel and a number of utilities with enhanced security functionality designed to add mandatory access controls to Linux. The Security-enhanced Linux kernel contains new architectural components originally developed to improve the security of the Flask operating system. These architectural components provide general support for the enforcement of many kinds of mandatory access control policies, including those based on the concepts of Type Enforcement®, Role-based Access Control, and Multi-level Security. libsepol provides an API for the manipulation of SELinux binary policies. It is used by checkpolicy (the policy compiler) and similar tools, as well as by programs like load_policy that need to perform specific transformations on binary policies such as customizing policy boolean settings. |
- Add support for the SCTP portcon keyword (rhbz#1603571)
- Define extended_socket_class policy capability (rhbz#1564775)
- Define nnp_nosuid_transition policy capability (rhbz#1480519) - use IN6ADDR_ANY_INIT to initialize IPv6 addresses - Allow runtime labeling of ibendports (rhbz#1464489) - Allow runtime labeling of Infiniband Pkeys (rhbz#1464489) - Add IB end port handling to CIL (rhbz#1464489) - Add ibendport ocontext handling (rhbz#1464489) - Add support for ibendportcon labels (rhbz#1464489) - Add Infiniband Pkey handling to CIL (rhbz#1464489) - Add ibpkey ocontext handling (rhbz#1464489) - Add support for ibpkeycon labels (rhbz#1464489) - Remove unused attribute on a used argument from avrule_read() (rhbz#1464489) - Add binary module support for xperms - Add support for converting extended permissions to CIL
- Define cgroup_seclabel policy capability (rhbz#1493517) - Fix unitialized jmp and invalid dereference
- Fix memory leak in expand.c - Fix invalid read when policy file is corrupt - Fix possible use of uninitialized variables
- Warn instead of fail if permission is not resolved - Ignore object_r when adding userrole mappings to policydb
- Add missing return to sepol_node_query()
- Correctly detect unknown classes in sepol_string_to_security_class - Sort object files for deterministic linking order - Fix neverallowxperm checking on attributes - Remove libsepol.map when cleaning - Add high-level language line marking support to CIL - Change logic of bounds checking to match change in kernel - Fix multiple spelling errors - Only apply bounds checking to source types in rules - Fix CIL and not add an attribute as a type in the attr_type_map - Build policy on systems not supporting DCCP protocol - Fix extended permissions neverallow checking - Fix CIL neverallow and bounds checking - Android.mk: Add -D_GNU_SOURCE to common_cflags
- Fix bug in CIL when resetting classes - Add support for portcon dccp protocol
- Update to upstream release 2016-02-23