@@ -11,7 +11,7 @@ policy. However only the *typebounds* rule is currently implemented by
The CIL language does support *userbounds* and *rolebounds* but these are
resolved at policy compile time, not via the kernel at run-time (i.e. they are
NOT enforced by the SELinux kernel services). The
-[**CIL Reference Guide**](notebook-examples/selinux-policy/cil/CIL_Reference_Guide.pdf)
+[**CIL Reference Guide**](./notebook-examples/selinux-policy/cil/CIL_Reference_Guide.pdf)
gives details.
## *typebounds*
@@ -6,7 +6,7 @@ have been documented within the CIL compiler source, available at:
<https://github.com/SELinuxProject/selinux/tree/master/secilc/docs>
A PDF version is included in this documentation:
-[**CIL Reference Guide**](notebook-examples/selinux-policy/cil/CIL_Reference_Guide.pdf)
+[**CIL Reference Guide**](./notebook-examples/selinux-policy/cil/CIL_Reference_Guide.pdf)
The CIL compiler source can be found at:
<https://github.com/SELinuxProject/selinux.git> within the *secilc* and
@@ -342,7 +342,7 @@ cd refpolicy
For the initial configuration, either replace the current *build.conf*
file with the sample
-[***build.conf***](notebook-examples/embedded-policy/reference-policy/build.conf)
+[***build.conf***](./notebook-examples/embedded-policy/reference-policy/build.conf)
or edit the current *build.conf* file to the requirements (e.g. MONOLITHIC = y)
Install the source policy in the build directory:
@@ -367,7 +367,7 @@ make conf
```
Replace the current *policy/modules.conf* with the sample
-[***modules.conf***](notebook-examples/embedded-policy/reference-policy/modules.conf)
+[***modules.conf***](./notebook-examples/embedded-policy/reference-policy/modules.conf)
and run:
```
@@ -482,7 +482,7 @@ git checkout android-4.1.1_r1
```
- Copy the text below into a
- [*Makefile*](notebook-examples/embedded-policy/android-policy/android-4/Makefile)
+ [*Makefile*](./notebook-examples/embedded-policy/android-policy/android-4/Makefile)
installed in the *sepolicy* directory.
```
@@ -517,9 +517,9 @@ Over time the Android policy locked down more and more processes and then
became more complex as policy version control was required when upgrading.
The **Brillo** release was their first IoT release and can be built using the
instructions in the
-[*brillo/Makefile*](notebook-examples/embedded-policy/android-policy/brillo/Makefile)
+[*brillo/Makefile*](./notebook-examples/embedded-policy/android-policy/brillo/Makefile)
To build a policy containing a device, follow the instructions in the
-[*brillo-device/Makefile*](notebook-examples/embedded-policy/android-policy/brillo-device/Makefile)
+[*brillo-device/Makefile*](./notebook-examples/embedded-policy/android-policy/brillo-device/Makefile)
as a device policy must be obtained from the Android repository.
Later Android split policy into private and public segments, they also used
@@ -527,7 +527,7 @@ CIL for some policy components as described in the
[**Android - The SELinux Policy**](seandroid.md#the-selinux-policy) section.
The **Android 10** release policy is an example where this split policy is used.
This can be built using the instructions in the
-[*android-10/Makefile*](notebook-examples/embedded-policy/android-policy/android-10/Makefile).
+[*android-10/Makefile*](./notebook-examples/embedded-policy/android-policy/android-10/Makefile).
[^fn_em_1]: An example of this integration is setting a new process context as
shown in the Zygote code:
@@ -349,7 +349,7 @@ netlabelctl calipso add pass doi:16
**Figure 16:** - *MLS Systems on different networks communicating via a gateway*
There are CIPSO/CALIPSO examples in the
-[***notebook-examples/network/netlabel***](notebook-examples/network/README.md)
+[***notebook-examples/network/netlabel***](./notebook-examples/network/README.md)
section. The CALIPSO example ***netlabelctl**(8)* commands for loopback are:
```
@@ -518,7 +518,7 @@ firewall-cmd --add-service ipsec
```
There are two simple examples in the
-[***notebook-examples/network/ipsec***](notebook-examples/network/README.md)
+[***notebook-examples/network/ipsec***](./notebook-examples/network/README.md)
section. These use ***setkey**(8)* and commands directly
and therefore do not require the IKE daemons.
@@ -38,7 +38,7 @@ sequences. **Table 1: Database Security Context Information** shows a simple
database with one table and two columns, each with their object class and
associated security context (the [**Internal Tables**](#internal-tables)
section shows these entries from the *testdb* database in the
-[**Notebook sepgsql Example**](notebook-examples/sepgsql/testdb-example.sql).
+[**Notebook sepgsql Example**](./notebook-examples/sepgsql/testdb-example.sql).
The database object classes and permissions are described in
[**Appendix A - Object Classes and Permissions**](object_classes_permissions.md#database-object-classes).
@@ -88,7 +88,7 @@ The [**https://www.postgresql.org/docs/11/sepgsql.html**](https://www.postgresql
page contains all the information required to install the *sepgsql* extension.
There are also instructions in the
-[**Notebook sepgsql Example - README**](notebook-examples/sepgsql/README.md)
+[**Notebook sepgsql Example - README**](./notebook-examples/sepgsql/README.md)
that describes building the example database used in the sections below.
## *SECURITY LABEL* SQL Command
@@ -207,7 +207,7 @@ is shown in the table below and has been taken from
These are entries taken from a '*SELECT * FROM pg_seclabel;*' command
that refers to the example *testdb* database built using the
-[**Notebook - testdb-example.sql**](notebook-examples/sepgsql/testdb-example.sql):
+[**Notebook - testdb-example.sql**](./notebook-examples/sepgsql/testdb-example.sql):
```
objoid | classoid | objsubid | provider | label
@@ -210,7 +210,7 @@ The Android specific object classes are described in the
[**Android Classes & Permissions**](#android-classes-permissions)
section.
-The [**Embedded Systems - Building A Sample Android Policy**](embedded-systems#building-a-sample-android-policy)
+The [**Embedded Systems - Building A Sample Android Policy**](embedded-systems.md#building-a-sample-android-policy)
section explains how to build basic Android policies. These can be explored
without requiring the full AOSP source and build environment.
@@ -939,7 +939,7 @@ Usage:
**insertkeys.py** - A helper script for mapping tags in the signature stanzas
of *mac_permissions.xml* to public keys found in pem files (see the
-[***mac_permissions.xml***](mac_permissions.xml) file section).
+[***mac_permissions.xml***](#mac_permissions.xml) file section).
The resulting *mac_permissions.xml* file will also be stripped of
comments and whitespace.
@@ -32,7 +32,7 @@
- [Policy Configuration Files](policy_config_files.md#policy-configuration-files)
- [SELinux Policy Languages](policy_languages.md#the-selinux-policy-languages)
- [CIL Policy Language](cil_overview.md#cil-overview)
- - [CIL Reference Guide](notebook-examples/selinux-policy/cil/CIL_Reference_Guide.pdf)
+ - [CIL Reference Guide](./notebook-examples/selinux-policy/cil/CIL_Reference_Guide.pdf)
- [Kernel Policy Language](kernel_policy_language.md#kernel-policy-language)
- [Policy Configuration Statements](policy_config_statements.md#policy-configuration-statements)
- [Default Rules](default_rules.md#default-object-rules)
Before building EPUB book the file links to the notebook-examples directory area needs to be consistent. This will allow sed to fix the path during the build (as pandoc insists on defaulting to file:///EPUB/text). Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> --- src/bounds_rules.md | 2 +- src/cil_overview.md | 2 +- src/embedded_systems.md | 12 ++++++------ src/network_support.md | 4 ++-- src/postgresql.md | 6 +++--- src/seandroid.md | 4 ++-- src/toc.md | 2 +- 7 files changed, 16 insertions(+), 16 deletions(-)