Commit Graph

690 Commits

Author SHA1 Message Date
Stephen Smalley
4a33c78ca5 libsepol: fix neverallow checking on attributes
Ole Kliemann reported that allow rules written using type attributes were
not being detected by neverallow assertions in the policy.  I think that
this was broken in policy.24 and later due to changes in the type datum.
Fix the expand logic to correctly distinguish type attributes from types.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 12:16:01 -04:00
Guido Trentalancia
f6b82ec701 policycoreutils: setfiles/restorecon minor improvements
- improves the manual page for both setfiles and restorecon (formatting
  including alphabetical re-ordering of options, undocumented options,
  references and a few cosmetic changes);
- de-hardcodes a couple of constants in the source files and makes a
  dynamic use of them to create the manual pages after the compilation
  and prior to the installation: more specifically the constants are the
  number of errors for the setfiles' validation process abort condition
  and the sensitivity of the progress meter for both programs (uses
  external programs grep and awk);
- improves the usage message for both programs and introduces a -h
  (aliased with currently existing -?) option where not already
  available;
- print out the usage message for restorecon when it is called without
  arguments;
- white-space/tab conversion to get proper indentation towards the end
  of the main source file.

[eparis add .gitignore]

Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 12:16:00 -04:00
Guido Trentalancia
876f5faede policycoreutils: genhomedircon: manual page improvements
The following patch aims to improve the manual page (section 8) for the
"genhomedircon" script (policycoreutils).

- remove probably redundant GNU licence notice;
- try to further clarify the functionality made available by the
  "genhomedircon" script as well as all the configurable options that
  control its execution and affect its behavior;
- extend the references section (SEE ALSO).

Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 12:16:00 -04:00
Eric Paris
f05a71b92d Version bumps for upstream push 2012-06-28 14:02:29 -04:00
Stephen Smalley
da752cabb5 checkpolicy: Android/MacOS X build support
Android/MacOS X build support for checkpolicy.
Create a Android.mk file for Android build integration.
Introduce DARWIN ifdefs for building on MacOS X.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-06-28 13:29:24 -04:00
Dan Walsh
0eed03e756 checkpolicy: sepolgen: We need to support files that have a + in them
Filenames can have a +, so we should be able to parse and handle those
files.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-06-28 13:29:24 -04:00
Dan Walsh
0ea11e7315 sepolgen: Make use of setools optional within sepolgen
We still want to be able to use sepolgen even if setools isn't
installed.  Degrade functionality, but still work if it can't be found.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwlash@redhat.com>
2012-06-28 13:29:23 -04:00
Eric Paris
d36ba198ba policycoreutils: semanage: locallist option does not take an argument
The locallist option was specified as --locallist= but it does not take
an option.  We also had --localist (notice the 'l' is missing) which
wasn't doing anything, so drop those.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-06-28 13:29:23 -04:00
Dan Walsh
14f81c15a5 policycoreutils: semanage: dontaudit off should work
The OBJECT was not being set early enough and thus would miss the checks
for things like deleteall and extract.  Move the setting of OBJECT where
it happens for everything else.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-06-28 13:29:23 -04:00
Dan Walsh
7753c11341 policycoreutils: semanage: manpage update for -e
semanage fcontext -e man page update to make it easier to understand
what it does.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-06-28 13:29:23 -04:00
Dan Walsh
b68435fbea policycoreutils: semanage: bash completion for modules should include -a,-m, -d
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-06-28 13:29:23 -04:00
Dan Walsh
15f65f2e09 policycoreutils: semanage: fix man page range and level defaults
The range and level user options default to s0.  State that in the man
page.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-06-28 13:29:23 -04:00
Dan Walsh
8ca93d6b9d policycoreutils: mcstrans: add -f to run in foreground
Add an -f option to run mcstransd in the foreground.  This will allow better
integration into systemd.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-06-28 13:29:23 -04:00
Eric Paris
9eac5305c6 policycoreutils: resorecond: user: fix fd leak
We open and take a flock on the .restorecond file.  But we could leak
this file across exec.  Open O_CLOEXEC.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-06-28 13:29:23 -04:00
Dan Walsh
2f9fdc2781 policycoreutils: restorecond: Add -h option to get usage command
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-06-28 13:29:23 -04:00
Eric Paris
e8888a7f16 polciycoreutils: restorecond: wrong options should exit with non-zero error code
Instead of all calls to the usage output resulting in a 0 return code we
should show the usage menu when something is wrong but we should return
non-zero.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-06-28 13:29:23 -04:00
Sven Vermeulen
c4f415c244 libsemanage: use after free in python bindings
In python 3.2 we hit a problem where the fconext was garbage.  We didn't
see this in python 2.7.  The reason is because python3.2 would free and
reuse the memory and python 2.7 just happened to leave it alone.
Instead of using memory that python might use for something else, use
strdup() to get a local copy which we can free when we are finished with
it.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-06-28 13:29:23 -04:00
Dan Walsh
4120df1c6e libsemanage: Use default semanage.conf as a fallback
If the private semanage.conf file is unreadable for some reason (usually
ENOENT) fallback to the default file.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-06-28 13:29:23 -04:00
Eric Paris
fade75f1e2 libsemanage: semanage_store: fix snprintf length argument by using asprintf
We calculated a length, allocated a space for the string, then used
snprintf to fill the array giving it a different length.  Rather than
doing all that math ourselves, just use asprintf and let libraries get
it right.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-06-28 13:29:15 -04:00
Eric Paris
a6c9140cbb libsemanage: ignore 80 column limit for readability
80 columns just suck.  Ignore it when we are only a little bit over.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-06-28 11:21:16 -04:00
Eric Paris
824df4b60b libselinux: additional makefile support for rubywrap
SELinux ruby bindings didn't build from the top level
the swig generated .c file wasn't gitignored
use pkg-config for ruby info like we do for python

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-06-28 11:21:16 -04:00
Eric Paris
30900902b1 libselinux: label_android_property whitespace cleanups
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-06-28 11:21:16 -04:00
rpcraig
cfc492cf11 libselinux: New Android property labeling backend
This is already in the android repo.  This is here to prevent potential
conflicts of the selabel indices, and possibly with an eye toward an eventual
reunification of the two libselinuxes down the road.

Reviewed-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-06-28 11:21:16 -04:00
Eric Paris
5e3171f658 libselinux: seusers: getseuser: gracefully handle NULL service
getseuser() would unconditionally check strlen on the service variable
even though it could be NULL.  Whoops.  If service is NULL we should
only match on *: entries.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-06-28 11:21:16 -04:00
Eric Paris
5b344c112a libselinux: seusers: remove unused lineno
The lineno variable was being incremented, but nothing was being done
with it.  Remove it.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-06-28 11:21:16 -04:00
Eric Paris
12e2a0f9fc libselinux: matchpathcon: bad handling of symlinks in /
The realpath_not_final() function did not properly handle symlinks in
the / directory.  The reason is because when it determined the symlink
was in the root directory it would set the resolved portion of the path
to /, it would then add a / to the end of the resolved portion, and then
append the symlink name.  The fix is to instead set the resolved portion
to "".  Thus when the '/' at the end of the resolved portion is added it
will be correct.

While I am at it, strip extraneous leading / so that //tmp returns /tmp.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-06-28 11:21:16 -04:00
Eric Paris
5d19b70723 libselinux: libsemanage: remove build warning when build swig c files
swig creates C files with warnings.  Turn off the warnings so the build
is clean.  We can't help the code it produces anyway...

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-06-28 11:21:16 -04:00
Eric Paris
9b3055ada5 libselinux: audit2why: silence -Wmissing-prototypes warning
The init functions are non-static but did not have a prototype
declaration.  They are called magically from python, so just declare the
prototype to silence the warning.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-06-28 11:21:16 -04:00
Dan Walsh
378dfe4d6a libselinux: avc_netlink_recieve handle EINTR
should continue to poll if it receinves an EINTR rather then exiting with an error.

This was a major bug within dbus that was causing dbus to crash it was
discussed at the time whether this is a dbus bug or an libselinux bug,
it was decided that we should fix it within libselinux.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-06-28 11:21:16 -04:00
Dan Walsh
2ca19f3f67 libselinux: asprintf return code must be checked
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-06-28 11:21:16 -04:00
Dan Walsh
ac6ab3afc0 libselinux: Fortify source now requires all code to be compiled with -O flag
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-06-28 11:21:16 -04:00
Stephen Smalley
84f6ac246f libsepol: Android/MacOS X build support
Android/MacOS X build support for libsepol.
Create a Android.mk file for Android build integration.
Introduce DARWIN ifdefs for building on MacOS X.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-06-28 11:21:15 -04:00
Adam Tkac
d21ec5a560 libsepol: prepend instead of append to filename_trans list
Currently expand_filename_trans() function use much CPU time to find
end of the state->out->filename_trans list. This is not needed because
data can be prepended instead of appended to the list.

This ends with 10% speed-up of various se* commands (semodule, setsebool).

Signed-off-by: Adam Tkac <atkac@redhat.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-06-28 11:21:15 -04:00
Eric Paris
c43f5b1d34 libsepol: cosmetic changes to make the source easier to read
strict adherense to 80 characters means that we split stuff in stupid
places.  Screw 80 characters.  Buy a bigger monitor.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-06-28 11:21:15 -04:00
Eric Paris
7a1e3e1fef libsepol: reserve policycapability for redhat testing of ptrace child
Red Hat is testing ptrace_child in the wild.  reserve this policy
capability so we don't have conflicts.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-06-28 11:21:15 -04:00
Eric Paris
f508a29446 update version of libsepol 2012-04-23 16:58:01 -04:00
Eric Paris
8720c8e576 libsepol: allocate enough space to hold filename in trans rules
There is an off by one bug in which the filename length stored with
filename_trans_rules is stored as strlen (aka, no nul) however the
code to allocate space and read the name back in from policy only
allocates len, and not the len + 1 needed to hold the nul.  Allocate
enough space for the nul.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-04-23 16:57:52 -04:00
Eric Paris
7a86fe1a3d bump version and changelog for upstream push 2012-03-28 15:44:05 -04:00
Eric Paris
aa34f19543 policycoreutils: do not fail to install if unable to make load_policy lnk file
With the switch in Fedora to unify /bin to /usr/bin the link file
created for load_policy points back at itself.  This patch causes make
to continue even if the link fails.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-03-28 15:08:52 -04:00
Eric Paris
cb9a5c40af policycoreutils: remove empty po files
et, gl, and id .po files contained no translations.  This can cause
build errors.  Delete those puppies.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-03-28 14:54:50 -04:00
Eric Paris
54a83e18e2 policycoreutils: update .po files
update policycoreutils po files.  This should hopefully make the debian
build system a little happier.

Requested-by: Laurent Bigonville <bigon@debian.org>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-03-28 14:52:14 -04:00
Laurent Bigonville
a4f84109b5 libselinux: Hide unnecessarily-exported library destructors
Description: Hide unnecessarily-exported library destructors
This change was extracted from the old monolithic Debian patch.

Signed-off-by: Laurent Bigonville <bigon@debian.org>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-03-28 14:52:14 -04:00
Laurent Bigonville
f7a75f1761 libselinux: Do not link against python library, this is considered bad practice in debian
Do not link python module with libpython, the interpreter is already linked against it.

Signed-off-by: Laurent Bigonville <bigon@debian.org>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-03-28 14:52:14 -04:00
Manoj Srivastava
c124df61ae policycoreutils: Only run setfiles if we found read-write filesystems to run it on
Only run setfiles if we have a R/W filesystem

Signed-off-by: Laurent Bigonville <bigon@debian.org>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-03-28 14:52:14 -04:00
Laurent Bigonville
2ad5471bd3 policycoreutils: fix ftbfs with hardening flags
We are now building our packages with -Werror=format-security enabled.
The attached patch fix the FTBFS. More patch related to this could
follow.

Signed-off-by: Laurent Bigonville <bigon@debian.org>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-03-28 14:52:14 -04:00
Kohei KaiGai
2b5a0530e7 libselinux: security_compute_create_name(3)
I'd like to use this interface to implement special case handling
for the default labeling behavior on temporary database objects.  Allow
userspace to use the filename_trans rules added to policy.

Signed-off-by: KaiGai Kohei <kohei.kaigai@emea.nec.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
2012-03-28 14:52:14 -04:00
Martin Orr
72ea5dec7c policycoreutils: Fix infinite loop with inotify on 2.6.31 kernels
With kernel 2.6.31, restorecond uses 99% of my CPU.

This is because removing and readding the watch on utmp triggers inotify to
return an IN_IGNORED event for the old watch descriptor.  If the watch gets
allocated the same wd when it is readded, then restorecond thinks that utmp
has changed, so removes and readds the watch again, potentially looping.

With kernel <= 2.6.30, this never happened, because the kernel didn't reuse
watch descriptors.  So the IN_IGNORED event comes with a wd that is no
longer in use, and gets ignored.  But kernel 2.6.31 reuses the same watch
descriptor.  The kernel has been fixed to not reuse watch descriptors.
However as some kernels do reuse them, and its possible they may again,
this patch fixes that by ignoring inotify events whose only bit set is
IN_IGNORED.

Signed-off-by: Martin Orr <martin@martinorr.name>
Signed-off-by: Manoj Srivastava <srivasta@debian.org>
Signed-off-by: Laurent Bigonville <bigon@debian.org>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-03-28 14:52:14 -04:00
Russell Coker
38e93bad1f libsemanage: fallback-user-level
Having magic numbers in the code is a bad idea, using a macro is better.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-03-28 14:52:14 -04:00
Laurent Bigonville
e55a295b1d libsemanage: Allow to build for several ruby version
This allow to build the ruby module for both ruby 1.8 and 1.9.1 (the
way it's done for the python module)

Signed-off-by: Laurent Bigonville <bigon@debian.org>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-03-28 14:52:14 -04:00
Laurent Bigonville
a8a766ac9f libsemanage: do not link against libpython, this is considered bad in Debian
Do not link against libpython, the interpreter is already linked to it.
In Debian this is usually considered bad practice.

Signed-off-by: Author: Laurent Bigonville <bigon@debian.org>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-03-28 14:52:13 -04:00