Go to file
Stephen Smalley e37c1877ba scripts/selinux: modernize mdp
Derived in part from a patch by Dominick Grift.

The MDP example no longer works on modern systems.  Fix it.
While we are at it, add MLS support and enable it.

NB This still does not work on systems using dbus-daemon instead of
dbus-broker because dbus-daemon does not yet gracefully handle unknown
classes/permissions.  This appears to be a deficiency in libselinux's
selinux_set_mapping() interface and underlying implementation,
which was never fully updated to deal with unknown classes/permissions
unlike the kernel.  The same problem also occurs with XSELinux.
Programs that instead use selinux_check_access() like dbus-broker
should not have this problem.

Changes to mdp:
Add support for devtmpfs, required by modern Linux distributions.
Add MLS support, with sample sensitivities, categories, and constraints.
Generate fs_use and genfscon rules based on kernel configuration.
Update list of filesystem types for fs_use and genfscon rules.
Use object_r for object contexts.

Changes to install_policy.sh:
Bail immediately on any errors.
Provide more helpful error messages when unable to find userspace tools.
Refuse to run if SELinux is already enabled.
Unconditionally move aside /etc/selinux/config and create a new one.
Build policy with -U allow so that userspace object managers do not break.
Build policy with MLS enabled by default.
Create seusers, failsafe_context, and default_contexts for use by
pam_selinux / libselinux.
Create x_contexts for the SELinux X extension.
Create virtual_domain_context and virtual_image_context for libvirtd.
Set to permissive mode rather than enforcing to permit initial autorelabel.
Update the list of filesystem types to be relabeled.
Write -F to /.autorelabel to cause a forced autorelabel on reboot.
Drop broken attempt to relabel the /dev mountpoint directory.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Dominick Grift <dominick.grift@defensec.nl>
Signed-off-by: Paul Moore <paul@paul-moore.com>
2019-03-18 18:38:28 -04:00
arch Kbuild updates for v5.1 (2nd) 2019-03-17 13:25:26 -07:00
block for-5.1/block-post-20190315 2019-03-16 12:36:39 -07:00
certs kexec, KEYS: Make use of platform keyring for signature verify 2019-02-04 17:34:07 -05:00
crypto lib/lzo: separate lzo-rle from lzo 2019-03-07 18:32:03 -08:00
Documentation Kbuild updates for v5.1 (2nd) 2019-03-17 13:25:26 -07:00
drivers xen: one further fix for v5.1-rc1 2019-03-17 09:16:22 -07:00
fs Pull request for inlusion in 5.1 2019-03-17 09:10:56 -07:00
include Kbuild updates for v5.1 (2nd) 2019-03-17 13:25:26 -07:00
init init/main: add checks for the return value of memblock_alloc*() 2019-03-12 10:04:02 -07:00
ipc Merge branch 'work.mount' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-03-12 14:08:19 -07:00
kernel pidfd patches for v5.1-rc1 2019-03-16 13:47:14 -07:00
lib Kbuild updates for v5.1 (2nd) 2019-03-17 13:25:26 -07:00
LICENSES LICENSES: Add GCC runtime library exception text 2019-01-16 14:54:15 -07:00
mm device-dax for 5.1 2019-03-16 13:05:32 -07:00
net Pull request for inlusion in 5.1 2019-03-17 09:10:56 -07:00
samples Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-03-11 08:54:01 -07:00
scripts scripts/selinux: modernize mdp 2019-03-18 18:38:28 -04:00
security selinux/stable-5.1 PR 20190312 2019-03-13 11:10:42 -07:00
sound sound fixes for 5.1-rc1 2019-03-15 14:05:00 -07:00
tools pidfd patches for v5.1-rc1 2019-03-16 13:47:14 -07:00
usr user/Makefile: Fix typo and capitalization in comment section 2018-12-11 00:18:03 +09:00
virt ARM: some cleanups, direct physical timer assignment, cache sanitization 2019-03-15 15:00:28 -07:00
.clang-format Merge branch 'work.iov_iter' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-03-12 13:43:42 -07:00
.cocciconfig scripts: add Linux .cocciconfig for coccinelle 2016-07-22 12:13:39 +02:00
.get_maintainer.ignore
.gitattributes .gitattributes: set git diff driver for C source code files 2016-10-07 18:46:30 -07:00
.gitignore kbuild: Add support for DT binding schema checks 2018-12-13 09:41:32 -06:00
.mailmap .mailmap: Add Mathieu Othacehe 2019-02-21 11:41:19 +00:00
COPYING COPYING: use the new text with points to the license files 2018-03-23 12:41:45 -06:00
CREDITS Char/Misc driver patches for 5.1-rc1 2019-03-06 14:18:59 -08:00
Kbuild Kbuild updates for v5.1 2019-03-10 17:48:21 -07:00
Kconfig kconfig: move the "Executable file formats" menu to fs/Kconfig.binfmt 2018-08-02 08:06:55 +09:00
MAINTAINERS ARM: some cleanups, direct physical timer assignment, cache sanitization 2019-03-15 15:00:28 -07:00
Makefile Linux 5.1-rc1 2019-03-17 14:22:26 -07:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.