RepoMirrors
/
selinux
mirror of https://github.com/SELinuxProject/selinux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

policycoreutils: sandbox: make sure the domain launching sandbox has at least 100 categories 

100 is very high, but at least we know the chances of finding a valid
combination is high.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
This commit is contained in:
Dan Walsh 2011-11-09 16:26:02 -05:00 committed by Eric Paris
parent 7ece124c51
commit 78b077cd09
1 changed files with 17 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
policycoreutils/sandbox/sandbox
View File

@ -118,10 +118,25 @@ def reserve(level):
sock.bind("\0%s" % level) sock.bind("\0%s" % level)
fcntl.fcntl(sock.fileno(), fcntl.F_SETFD, fcntl.FD_CLOEXEC) fcntl.fcntl(sock.fileno(), fcntl.F_SETFD, fcntl.FD_CLOEXEC)
def get_range():
try:
level =selinux.getcon_raw()[1].split(":")[4]
lowc,highc = level.split(".")
low = int(lowc[1:])
high = int(highc[1:])+1
if high - low < 100:
raise IndexError
return low,high
except IndexError:
raise ValueError(_("User account must be setup with an MCS Range with more then 100 categories"))
def gen_mcs(): def gen_mcs():
low, high = get_range()
while True: while True:
i1 = random.randrange(0, 1024) i1 = random.randrange(low, high)
i2 = random.randrange(0, 1024) i2 = random.randrange(low, high)
if i1 == i2: if i1 == i2:
continue continue
if i1 > i2: if i1 > i2: