diff -Nru selinux-basics-0.5.8/debian/changelog selinux-basics-0.5.9/debian/changelog --- selinux-basics-0.5.8/debian/changelog 2020-12-31 03:10:48.000000000 +0000 +++ selinux-basics-0.5.9/debian/changelog 2023-08-24 10:52:31.000000000 +0000 @@ -1,3 +1,13 @@ +selinux-basics (0.5.9) unstable; urgency=medium + + * Make selinux-config-enforcing set the mode of /etc/selinux/config + Closes: #1042838 + * For check-selinux-installation put in an explanation for the Postfix sync + chroot error + Made it support the u-boot-config for extlinux on Mobian Closes: #757421 + + -- Russell Coker Thu, 24 Aug 2023 20:52:31 +1000 + selinux-basics (0.5.8) unstable; urgency=medium * Recommend and depend on latest versions of all the packages. diff -Nru selinux-basics-0.5.8/selinux-activate selinux-basics-0.5.9/selinux-activate --- selinux-basics-0.5.8/selinux-activate 2020-01-04 12:02:00.000000000 +0000 +++ selinux-basics-0.5.9/selinux-activate 2023-08-24 10:52:31.000000000 +0000 @@ -3,21 +3,24 @@ GRUB_CONF=/boot/grub/menu.lst GRUB2_CONF=/etc/default/grub +UBOOT_CONF=/etc/u-boot-menu/conf.d/selinux.conf if [ "$1" != "disable" ]; then echo "Activating SE Linux" if [ -e $GRUB_CONF ]; then if ! grep -q selinux $GRUB_CONF ; then - sed -e "s/\(^# kopt=.*$\)/\1 security=selinux/" < $GRUB_CONF > $GRUB_CONF.new - mv $GRUB_CONF.new $GRUB_CONF + sed -i "s/\(^# kopt=.*$\)/\1 security=selinux/" $GRUB_CONF update-grub fi fi if [ -e $GRUB2_CONF ]; then - sed -e "s/ \?selinux=1//g" -e "s/ \?security=selinux//g" -e "s/\(^GRUB_CMDLINE_LINUX=.*\)\"$/\1 security=selinux\"/" < $GRUB2_CONF > $GRUB2_CONF.new - mv $GRUB2_CONF.new $GRUB2_CONF + sed -i -e "s/ \?selinux=1//g" -e "s/ \?security=selinux//g" -e "s/\(^GRUB_CMDLINE_LINUX=.*\)\"$/\1 security=selinux\"/" $GRUB2_CONF update-grub fi + if [ -d $(dirname $UBOOT_CONF) ]; then + echo 'U_BOOT_PARAMETERS="security=selinux $U_BOOT_PARAMETERS"' > $UBOOT_CONF + u-boot-update + fi touch /.autorelabel echo "SE Linux is activated. You may need to reboot now." else @@ -31,16 +34,18 @@ fi if [ -e $GRUB_CONF ]; then - sed -e "s/ selinux=1//" -e "s/ security=selinux//" < $GRUB_CONF > $GRUB_CONF.new - mv $GRUB_CONF.new $GRUB_CONF + sed -i -e "s/ selinux=1//" -e "s/ security=selinux//" $GRUB_CONF fi if [ -e $GRUB2_CONF ]; then if grep -q selinux $GRUB2_CONF 2> /dev/null ; then - sed -e "s/ \?selinux=1//" -e "s/ \?security=selinux//" < $GRUB2_CONF > $GRUB2_CONF.new - mv $GRUB2_CONF.new $GRUB2_CONF + sed -i -e "s/ \?selinux=1//" -e "s/ \?security=selinux//" $GRUB2_CONF update-grub fi fi + if [ -d $(dirname $UBOOT_CONF) ]; then + rm -f $UBOOT_CONF + u-boot-update + fi rm -f /.autorelabel echo "SE Linux is deactivated. You may need to reboot now." fi diff -Nru selinux-basics-0.5.8/selinux-config-enforcing selinux-basics-0.5.9/selinux-config-enforcing --- selinux-basics-0.5.8/selinux-config-enforcing 2020-01-04 12:02:00.000000000 +0000 +++ selinux-basics-0.5.9/selinux-config-enforcing 2023-08-24 10:52:30.000000000 +0000 @@ -15,4 +15,5 @@ echo "Configured enforcing mode in $CONF for the next boot." echo "This can be overridden by \"enforcing=0\" on the kernel command line." fi +chmod 644 $CONF.new mv $CONF.new $CONF diff -Nru selinux-basics-0.5.8/tests/22_postfix.py selinux-basics-0.5.9/tests/22_postfix.py --- selinux-basics-0.5.8/tests/22_postfix.py 2020-01-04 12:02:00.000000000 +0000 +++ selinux-basics-0.5.9/tests/22_postfix.py 2023-08-24 10:52:31.000000000 +0000 @@ -4,7 +4,7 @@ """ class ErrorPostfixChrootSync(ErrorBase): def __str__(self): - return "Postfix init script is syncing the chroots." + return "Postfix init script is syncing the chroots.\nPut SYNC_CHROOT=\"n\" in /etc/default/postfix to fix." def fixable(self): return False def fix(self):