Convert all selinux/* applets to "new style" applet definitions
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
parent
15fb91cefb
commit
a8e52da774
@ -73,25 +73,13 @@ s - suid type:
|
||||
|
||||
|
||||
INSERT
|
||||
IF_CHCON(APPLET(chcon, BB_DIR_USR_BIN, BB_SUID_DROP))
|
||||
IF_DHCPRELAY(APPLET(dhcprelay, BB_DIR_USR_SBIN, BB_SUID_DROP))
|
||||
IF_DUMPLEASES(APPLET(dumpleases, BB_DIR_USR_BIN, BB_SUID_DROP))
|
||||
//IF_E2FSCK(APPLET(e2fsck, BB_DIR_SBIN, BB_SUID_DROP))
|
||||
//IF_E2LABEL(APPLET_ODDNAME(e2label, tune2fs, BB_DIR_SBIN, BB_SUID_DROP, e2label))
|
||||
//IF_E2FSCK(APPLET_ODDNAME(fsck.ext2, e2fsck, BB_DIR_SBIN, BB_SUID_DROP, fsck_ext2))
|
||||
//IF_E2FSCK(APPLET_ODDNAME(fsck.ext3, e2fsck, BB_DIR_SBIN, BB_SUID_DROP, fsck_ext3))
|
||||
IF_GETENFORCE(APPLET(getenforce, BB_DIR_USR_SBIN, BB_SUID_DROP))
|
||||
IF_GETSEBOOL(APPLET(getsebool, BB_DIR_USR_SBIN, BB_SUID_DROP))
|
||||
IF_LOAD_POLICY(APPLET(load_policy, BB_DIR_USR_SBIN, BB_SUID_DROP))
|
||||
IF_MATCHPATHCON(APPLET(matchpathcon, BB_DIR_USR_SBIN, BB_SUID_DROP))
|
||||
//IF_PARSE(APPLET(parse, BB_DIR_USR_BIN, BB_SUID_DROP))
|
||||
IF_RESTORECON(APPLET_ODDNAME(restorecon, setfiles, BB_DIR_SBIN, BB_SUID_DROP, restorecon))
|
||||
IF_RUNCON(APPLET(runcon, BB_DIR_USR_BIN, BB_SUID_DROP))
|
||||
IF_SELINUXENABLED(APPLET(selinuxenabled, BB_DIR_USR_SBIN, BB_SUID_DROP))
|
||||
IF_SESTATUS(APPLET(sestatus, BB_DIR_USR_SBIN, BB_SUID_DROP))
|
||||
IF_SETENFORCE(APPLET(setenforce, BB_DIR_USR_SBIN, BB_SUID_DROP))
|
||||
IF_SETFILES(APPLET(setfiles, BB_DIR_SBIN, BB_SUID_DROP))
|
||||
IF_SETSEBOOL(APPLET(setsebool, BB_DIR_USR_SBIN, BB_SUID_DROP))
|
||||
IF_UDHCPC(APPLET(udhcpc, BB_DIR_SBIN, BB_SUID_DROP))
|
||||
IF_UDHCPD(APPLET(udhcpd, BB_DIR_USR_SBIN, BB_SUID_DROP))
|
||||
|
||||
|
@ -8,117 +8,4 @@ menu "SELinux Utilities"
|
||||
|
||||
INSERT
|
||||
|
||||
config CHCON
|
||||
bool "chcon"
|
||||
default n
|
||||
depends on SELINUX
|
||||
help
|
||||
Enable support to change the security context of file.
|
||||
|
||||
config FEATURE_CHCON_LONG_OPTIONS
|
||||
bool "Enable long options"
|
||||
default y
|
||||
depends on CHCON && LONG_OPTS
|
||||
help
|
||||
Support long options for the chcon applet.
|
||||
|
||||
config GETENFORCE
|
||||
bool "getenforce"
|
||||
default n
|
||||
depends on SELINUX
|
||||
help
|
||||
Enable support to get the current mode of SELinux.
|
||||
|
||||
config GETSEBOOL
|
||||
bool "getsebool"
|
||||
default n
|
||||
depends on SELINUX
|
||||
help
|
||||
Enable support to get SELinux boolean values.
|
||||
|
||||
config LOAD_POLICY
|
||||
bool "load_policy"
|
||||
default n
|
||||
depends on SELINUX
|
||||
help
|
||||
Enable support to load SELinux policy.
|
||||
|
||||
config MATCHPATHCON
|
||||
bool "matchpathcon"
|
||||
default n
|
||||
depends on SELINUX
|
||||
help
|
||||
Enable support to get default security context of the
|
||||
specified path from the file contexts configuration.
|
||||
|
||||
config RESTORECON
|
||||
bool "restorecon"
|
||||
default n
|
||||
depends on SELINUX
|
||||
help
|
||||
Enable support to relabel files. The feature is almost
|
||||
the same as setfiles, but usage is a little different.
|
||||
|
||||
config RUNCON
|
||||
bool "runcon"
|
||||
default n
|
||||
depends on SELINUX
|
||||
help
|
||||
Enable support to run command in specified security context.
|
||||
|
||||
config FEATURE_RUNCON_LONG_OPTIONS
|
||||
bool "Enable long options"
|
||||
default y
|
||||
depends on RUNCON && LONG_OPTS
|
||||
help
|
||||
Support long options for the runcon applet.
|
||||
|
||||
config SELINUXENABLED
|
||||
bool "selinuxenabled"
|
||||
default n
|
||||
depends on SELINUX
|
||||
help
|
||||
Enable support for this command to be used within shell scripts
|
||||
to determine if selinux is enabled.
|
||||
|
||||
config SETENFORCE
|
||||
bool "setenforce"
|
||||
default n
|
||||
depends on SELINUX
|
||||
help
|
||||
Enable support to modify the mode SELinux is running in.
|
||||
|
||||
config SETFILES
|
||||
bool "setfiles"
|
||||
default n
|
||||
depends on SELINUX
|
||||
help
|
||||
Enable support to modify to relabel files.
|
||||
Notice: If you built libselinux with -D_FILE_OFFSET_BITS=64,
|
||||
(It is default in libselinux's Makefile), you _must_ enable
|
||||
CONFIG_LFS.
|
||||
|
||||
config FEATURE_SETFILES_CHECK_OPTION
|
||||
bool "Enable check option"
|
||||
default n
|
||||
depends on SETFILES
|
||||
help
|
||||
Support "-c" option (check the validity of the contexts against
|
||||
the specified binary policy) for setfiles. Requires libsepol.
|
||||
|
||||
config SETSEBOOL
|
||||
bool "setsebool"
|
||||
default n
|
||||
depends on SELINUX
|
||||
help
|
||||
Enable support for change boolean.
|
||||
semanage and -P option is not supported yet.
|
||||
|
||||
config SESTATUS
|
||||
bool "sestatus"
|
||||
default n
|
||||
depends on SELINUX
|
||||
help
|
||||
Displays the status of SELinux.
|
||||
|
||||
endmenu
|
||||
|
@ -8,15 +8,3 @@
|
||||
lib-y:=
|
||||
|
||||
INSERT
|
||||
lib-$(CONFIG_CHCON) += chcon.o
|
||||
lib-$(CONFIG_GETENFORCE) += getenforce.o
|
||||
lib-$(CONFIG_GETSEBOOL) += getsebool.o
|
||||
lib-$(CONFIG_LOAD_POLICY) += load_policy.o
|
||||
lib-$(CONFIG_MATCHPATHCON) += matchpathcon.o
|
||||
lib-$(CONFIG_RUNCON) += runcon.o
|
||||
lib-$(CONFIG_SELINUXENABLED) += selinuxenabled.o
|
||||
lib-$(CONFIG_SETENFORCE) += setenforce.o
|
||||
lib-$(CONFIG_SETFILES) += setfiles.o
|
||||
lib-$(CONFIG_RESTORECON) += setfiles.o
|
||||
lib-$(CONFIG_SETSEBOOL) += setsebool.o
|
||||
lib-$(CONFIG_SESTATUS) += sestatus.o
|
||||
|
@ -7,6 +7,23 @@
|
||||
*
|
||||
* Licensed under GPLv2, see file LICENSE in this source tree.
|
||||
*/
|
||||
//config:config CHCON
|
||||
//config: bool "chcon"
|
||||
//config: default n
|
||||
//config: depends on SELINUX
|
||||
//config: help
|
||||
//config: Enable support to change the security context of file.
|
||||
//config:
|
||||
//config:config FEATURE_CHCON_LONG_OPTIONS
|
||||
//config: bool "Enable long options"
|
||||
//config: default y
|
||||
//config: depends on CHCON && LONG_OPTS
|
||||
//config: help
|
||||
//config: Support long options for the chcon applet.
|
||||
|
||||
//applet:IF_CHCON(APPLET(chcon, BB_DIR_USR_BIN, BB_SUID_DROP))
|
||||
|
||||
//kbuild:lib-$(CONFIG_CHCON) += chcon.o
|
||||
|
||||
//usage:#define chcon_trivial_usage
|
||||
//usage: "[OPTIONS] CONTEXT FILE..."
|
||||
|
@ -6,6 +6,16 @@
|
||||
*
|
||||
* Licensed under GPLv2, see file LICENSE in this source tree.
|
||||
*/
|
||||
//config:config GETENFORCE
|
||||
//config: bool "getenforce"
|
||||
//config: default n
|
||||
//config: depends on SELINUX
|
||||
//config: help
|
||||
//config: Enable support to get the current mode of SELinux.
|
||||
|
||||
//applet:IF_GETENFORCE(APPLET(getenforce, BB_DIR_USR_SBIN, BB_SUID_DROP))
|
||||
|
||||
//kbuild:lib-$(CONFIG_GETENFORCE) += getenforce.o
|
||||
|
||||
//usage:#define getenforce_trivial_usage NOUSAGE_STR
|
||||
//usage:#define getenforce_full_usage ""
|
||||
|
@ -6,6 +6,16 @@
|
||||
*
|
||||
* Licensed under GPLv2, see file LICENSE in this source tree.
|
||||
*/
|
||||
//config:config GETSEBOOL
|
||||
//config: bool "getsebool"
|
||||
//config: default n
|
||||
//config: depends on SELINUX
|
||||
//config: help
|
||||
//config: Enable support to get SELinux boolean values.
|
||||
|
||||
//applet:IF_GETSEBOOL(APPLET(getsebool, BB_DIR_USR_SBIN, BB_SUID_DROP))
|
||||
|
||||
//kbuild:lib-$(CONFIG_GETSEBOOL) += getsebool.o
|
||||
|
||||
//usage:#define getsebool_trivial_usage
|
||||
//usage: "-a or getsebool boolean..."
|
||||
|
@ -4,6 +4,16 @@
|
||||
*
|
||||
* Licensed under GPLv2, see file LICENSE in this source tree.
|
||||
*/
|
||||
//config:config LOAD_POLICY
|
||||
//config: bool "load_policy"
|
||||
//config: default n
|
||||
//config: depends on SELINUX
|
||||
//config: help
|
||||
//config: Enable support to load SELinux policy.
|
||||
|
||||
//applet:IF_LOAD_POLICY(APPLET(load_policy, BB_DIR_USR_SBIN, BB_SUID_DROP))
|
||||
|
||||
//kbuild:lib-$(CONFIG_LOAD_POLICY) += load_policy.o
|
||||
|
||||
//usage:#define load_policy_trivial_usage NOUSAGE_STR
|
||||
//usage:#define load_policy_full_usage ""
|
||||
|
@ -5,6 +5,17 @@
|
||||
*
|
||||
* Licensed under GPLv2, see file LICENSE in this source tree.
|
||||
*/
|
||||
//config:config MATCHPATHCON
|
||||
//config: bool "matchpathcon"
|
||||
//config: default n
|
||||
//config: depends on SELINUX
|
||||
//config: help
|
||||
//config: Enable support to get default security context of the
|
||||
//config: specified path from the file contexts configuration.
|
||||
|
||||
//applet:IF_MATCHPATHCON(APPLET(matchpathcon, BB_DIR_USR_SBIN, BB_SUID_DROP))
|
||||
|
||||
//kbuild:lib-$(CONFIG_MATCHPATHCON) += matchpathcon.o
|
||||
|
||||
//usage:#define matchpathcon_trivial_usage
|
||||
//usage: "[-n] [-N] [-f file_contexts_file] [-p prefix] [-V]"
|
||||
|
@ -28,6 +28,23 @@
|
||||
*
|
||||
* Licensed under GPLv2, see file LICENSE in this source tree.
|
||||
*/
|
||||
//config:config RUNCON
|
||||
//config: bool "runcon"
|
||||
//config: default n
|
||||
//config: depends on SELINUX
|
||||
//config: help
|
||||
//config: Enable support to run command in specified security context.
|
||||
//config:
|
||||
//config:config FEATURE_RUNCON_LONG_OPTIONS
|
||||
//config: bool "Enable long options"
|
||||
//config: default y
|
||||
//config: depends on RUNCON && LONG_OPTS
|
||||
//config: help
|
||||
//config: Support long options for the runcon applet.
|
||||
|
||||
//applet:IF_RUNCON(APPLET(runcon, BB_DIR_USR_BIN, BB_SUID_DROP))
|
||||
|
||||
//kbuild:lib-$(CONFIG_RUNCON) += runcon.o
|
||||
|
||||
//usage:#define runcon_trivial_usage
|
||||
//usage: "[-c] [-u USER] [-r ROLE] [-t TYPE] [-l RANGE] PROG ARGS\n"
|
||||
|
@ -6,6 +6,17 @@
|
||||
*
|
||||
* Licensed under GPLv2, see file LICENSE in this source tree.
|
||||
*/
|
||||
//config:config SELINUXENABLED
|
||||
//config: bool "selinuxenabled"
|
||||
//config: default n
|
||||
//config: depends on SELINUX
|
||||
//config: help
|
||||
//config: Enable support for this command to be used within shell scripts
|
||||
//config: to determine if selinux is enabled.
|
||||
|
||||
//applet:IF_SELINUXENABLED(APPLET(selinuxenabled, BB_DIR_USR_SBIN, BB_SUID_DROP))
|
||||
|
||||
//kbuild:lib-$(CONFIG_SELINUXENABLED) += selinuxenabled.o
|
||||
|
||||
//usage:#define selinuxenabled_trivial_usage NOUSAGE_STR
|
||||
//usage:#define selinuxenabled_full_usage ""
|
||||
|
@ -7,6 +7,16 @@
|
||||
*
|
||||
* Licensed under GPLv2, see file LICENSE in this source tree.
|
||||
*/
|
||||
//config:config SESTATUS
|
||||
//config: bool "sestatus"
|
||||
//config: default n
|
||||
//config: depends on SELINUX
|
||||
//config: help
|
||||
//config: Displays the status of SELinux.
|
||||
|
||||
//applet:IF_SESTATUS(APPLET(sestatus, BB_DIR_USR_SBIN, BB_SUID_DROP))
|
||||
|
||||
//kbuild:lib-$(CONFIG_SESTATUS) += sestatus.o
|
||||
|
||||
//usage:#define sestatus_trivial_usage
|
||||
//usage: "[-vb]"
|
||||
|
@ -6,6 +6,16 @@
|
||||
*
|
||||
* Licensed under GPLv2, see file LICENSE in this source tree.
|
||||
*/
|
||||
//config:config SETENFORCE
|
||||
//config: bool "setenforce"
|
||||
//config: default n
|
||||
//config: depends on SELINUX
|
||||
//config: help
|
||||
//config: Enable support to modify the mode SELinux is running in.
|
||||
|
||||
//applet:IF_SETENFORCE(APPLET(setenforce, BB_DIR_USR_SBIN, BB_SUID_DROP))
|
||||
|
||||
//kbuild:lib-$(CONFIG_SETENFORCE) += setenforce.o
|
||||
|
||||
//usage:#define setenforce_trivial_usage
|
||||
//usage: "[Enforcing | Permissive | 1 | 0]"
|
||||
|
@ -3,6 +3,37 @@
|
||||
policycoreutils was released under GPL 2.
|
||||
Port to BusyBox (c) 2007 by Yuichi Nakamura <ynakam@hitachisoft.jp>
|
||||
*/
|
||||
//config:config SETFILES
|
||||
//config: bool "setfiles"
|
||||
//config: default n
|
||||
//config: depends on SELINUX
|
||||
//config: help
|
||||
//config: Enable support to modify to relabel files.
|
||||
//config: Notice: If you built libselinux with -D_FILE_OFFSET_BITS=64,
|
||||
//config: (It is default in libselinux's Makefile), you _must_ enable
|
||||
//config: CONFIG_LFS.
|
||||
//config:
|
||||
//config:config FEATURE_SETFILES_CHECK_OPTION
|
||||
//config: bool "Enable check option"
|
||||
//config: default n
|
||||
//config: depends on SETFILES
|
||||
//config: help
|
||||
//config: Support "-c" option (check the validity of the contexts against
|
||||
//config: the specified binary policy) for setfiles. Requires libsepol.
|
||||
//config:
|
||||
//config:config RESTORECON
|
||||
//config: bool "restorecon"
|
||||
//config: default n
|
||||
//config: depends on SELINUX
|
||||
//config: help
|
||||
//config: Enable support to relabel files. The feature is almost
|
||||
//config: the same as setfiles, but usage is a little different.
|
||||
|
||||
//applet:IF_SETFILES(APPLET(setfiles, BB_DIR_SBIN, BB_SUID_DROP))
|
||||
//applet:IF_RESTORECON(APPLET_ODDNAME(restorecon, setfiles, BB_DIR_SBIN, BB_SUID_DROP, restorecon))
|
||||
|
||||
//kbuild:lib-$(CONFIG_SETFILES) += setfiles.o
|
||||
//kbuild:lib-$(CONFIG_RESTORECON) += setfiles.o
|
||||
|
||||
//usage:#define setfiles_trivial_usage
|
||||
//usage: "[-dnpqsvW] [-e DIR]... [-o FILE] [-r alt_root_path]"
|
||||
|
@ -7,6 +7,17 @@
|
||||
*
|
||||
* Licensed under GPLv2, see file LICENSE in this source tree.
|
||||
*/
|
||||
//config:config SETSEBOOL
|
||||
//config: bool "setsebool"
|
||||
//config: default n
|
||||
//config: depends on SELINUX
|
||||
//config: help
|
||||
//config: Enable support for change boolean.
|
||||
//config: semanage and -P option is not supported yet.
|
||||
|
||||
//applet:IF_SETSEBOOL(APPLET(setsebool, BB_DIR_USR_SBIN, BB_SUID_DROP))
|
||||
|
||||
//kbuild:lib-$(CONFIG_SETSEBOOL) += setsebool.o
|
||||
|
||||
//usage:#define setsebool_trivial_usage
|
||||
//usage: "boolean value"
|
||||
|
Loading…
x
Reference in New Issue
Block a user