Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/SELinuxProject/selinux
This is the upstream repository for the Security Enhanced Linux (SELinux) userland libraries and tools. The software provided by this project complements the SELinux features integrated into the Linux kernel and is used by Linux distributions. All bugs and patches should be submitted to [email protected]
https://github.com/SELinuxProject/selinux
Last synced: about 2 months ago
JSON representation
This is the upstream repository for the Security Enhanced Linux (SELinux) userland libraries and tools. The software provided by this project complements the SELinux features integrated into the Linux kernel and is used by Linux distributions. All bugs and patches should be submitted to [email protected]
- Host: GitHub
- URL: https://github.com/SELinuxProject/selinux
- Owner: SELinuxProject
- License: other
- Created: 2014-06-09T14:09:57.000Z (over 10 years ago)
- Default Branch: main
- Last Pushed: 2024-05-22T15:51:19.000Z (7 months ago)
- Last Synced: 2024-05-22T16:58:52.357Z (7 months ago)
- Language: C
- Homepage:
- Size: 16.8 MB
- Stars: 1,265
- Watchers: 107
- Forks: 343
- Open Issues: 96
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Security: SECURITY.md
Awesome Lists containing this project
- ansible-guide - SELinux - rwxr-xr-x) are modifiable by the user and the applications which the user runs. Conversely, SELinux access controls are determined by a policy loaded on the system which may not be changed by careless users or misbehaving applications. (Security Tools)
- ansible-guide - SELinux - rwxr-xr-x) are modifiable by the user and the applications which the user runs. Conversely, SELinux access controls are determined by a policy loaded on the system which may not be changed by careless users or misbehaving applications. (Security Tools)
README
SELinux Userspace
=================![SELinux logo](https://github.com/SELinuxProject.png)
[![Run Tests](https://github.com/SELinuxProject/selinux/actions/workflows/run_tests.yml/badge.svg)](https://github.com/SELinuxProject/selinux/actions/workflows/run_tests.yml)
[![Run SELinux testsuite in a virtual machine](https://github.com/SELinuxProject/selinux/actions/workflows/vm_testsuite.yml/badge.svg)](https://github.com/SELinuxProject/selinux/actions/workflows/vm_testsuite.yml)
[![OSS-Fuzz Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/selinux.svg)](https://oss-fuzz-build-logs.storage.googleapis.com/index.html#selinux)
[![CIFuzz Status](https://github.com/SELinuxProject/selinux/actions/workflows/cifuzz.yml/badge.svg)](https://github.com/SELinuxProject/selinux/actions/workflows/cifuzz.yml)SELinux is a flexible Mandatory Access Control (MAC) system built into the
Linux Kernel. SELinux provides administrators with a comprehensive access
control mechanism that enables greater access granularity over the existing
Linux Discretionary Access Controls (DAC) and is present in many major Linux
distributions. This repository contains the sources for the SELinux utilities
and system libraries which allow for the configuration and management of an
SELinux-based system.Please submit all bug reports and patches to the
mailing list. You can subscribe by sending "subscribe selinux" in the body of
an email to . Archives of the mailing list are
available at https://lore.kernel.org/selinux.Installation
------------SELinux libraries and tools are packaged in several Linux distributions:
* Alpine Linux (https://pkgs.alpinelinux.org/package/edge/testing/x86/policycoreutils)
* Arch Linux User Repository (https://aur.archlinux.org/packages/policycoreutils/)
* Buildroot (https://git.buildroot.net/buildroot/tree/package/policycoreutils)
* Debian and Ubuntu (https://packages.debian.org/sid/policycoreutils)
* Gentoo (https://packages.gentoo.org/packages/sys-apps/policycoreutils)
* RHEL and Fedora (https://src.fedoraproject.org/rpms/policycoreutils)
* Yocto Project (http://git.yoctoproject.org/cgit/cgit.cgi/meta-selinux/tree/recipes-security/selinux)
* and many more (https://repology.org/project/policycoreutils/versions)Building and testing
--------------------Build dependencies on Fedora:
```sh
# For C libraries and programs
dnf install \
audit-libs-devel \
bison \
bzip2-devel \
CUnit-devel \
diffutils \
flex \
gcc \
gettext \
glib2-devel \
make \
libcap-devel \
libcap-ng-devel \
pam-devel \
pcre2-devel \
xmlto# For Python and Ruby bindings
dnf install \
python3-devel \
python3-pip \
python3-setuptools \
python3-wheel \
ruby-devel \
swig
```Build dependencies on Debian:
```sh
# For C libraries and programs
apt-get install --no-install-recommends --no-install-suggests \
bison \
flex \
gawk \
gcc \
gettext \
make \
libaudit-dev \
libbz2-dev \
libcap-dev \
libcap-ng-dev \
libcunit1-dev \
libglib2.0-dev \
libpcre2-dev \
pkgconf \
python3 \
systemd \
xmlto# For Python and Ruby bindings
apt-get install --no-install-recommends --no-install-suggests \
python3-dev \
python3-pip \
python3-setuptools \
python3-wheel \
ruby-dev \
swig
```To build and install everything under a private directory, run:
make clean distclean
make DESTDIR=~/obj install install-rubywrap install-pywrap
On Debian the environment variable `DEB_PYTHON_INSTALL_LAYOUT` needs to be set
to `deb` when installing the Python wrappers in order to create the correct
Python directory structure.
On Debian systems older than bookworm set
`PYTHON_SETUP_ARGS='--install-option "--install-layout=deb"'` instead.To run tests with the built libraries and programs, several paths (relative to `$DESTDIR`) need to be added to variables `$LD_LIBRARY_PATH`, `$PATH` and `$PYTHONPATH`.
This can be done using [./scripts/env_use_destdir](./scripts/env_use_destdir):DESTDIR=~/obj ./scripts/env_use_destdir make test
Some tests require the reference policy to be installed (for example in `python/sepolgen`).
To install as the default system libraries and binaries
(overwriting any previously installed ones - dangerous!),
on x86_64, run:make LIBDIR=/usr/lib64 SHLIBDIR=/lib64 install install-pywrap relabel
or on x86 (32-bit), run:
make install install-pywrap relabel
This may render your system unusable if the upstream SELinux userspace
lacks library functions or other dependencies relied upon by your
distribution. If it breaks, you get to keep both pieces.## Setting CFLAGS
Setting CFLAGS during the make process will cause the omission of many defaults. While the project strives
to provide a reasonable set of default flags, custom CFLAGS could break the build, or have other undesired
changes on the build output. Thus, be very careful when setting CFLAGS. CFLAGS that are encouraged to be
set when overriding are:- -fno-semantic-interposition for gcc or compilers that do not do this. clang does this by default. clang-10 and up
will support passing this flag, but ignore it. Previous clang versions fail.macOS
-----To install libsepol on macOS (mainly for policy analysis):
cd libsepol; make PREFIX=/usr/local install
This requires GNU coreutils:
brew install coreutils