If you specified a portion of the module name the code would disable the module rather
then giving you an error. For example.
semodule -d http
Would disable the httpd module.
As a matter of fact
semodule -r h
Would disable the first module file name that began with h.
This patch gets the real file name out of the modules and compares it to the name specified.
It also consolodates a bunch of duplicated code, and fixes a return code bug.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
We only need the sepolgen python module if we are setting up permissive
types. As this has been removed from the core code in Fedora/RHEL we
include a better user error message pointing them how to find the
required module.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
If there are entries in /etc/selinux/[POLICY]/logins they should be
included in the semange login -l output. So do so!
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
If a user requested a label be reset but no default label is specified,
give a useful error message. Do not print the message if this is a
recursive restore, and that is very common.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
The man page shows --role as an option, but the real option is --roles.
Fix the man page.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Add a new sandbox option to run /usr/bin/shred on all files in the temp
directories before they are deleted.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
coreutils needs to be able to take a statbuf and ask permissions
questions. This gives us the interface to translate that statbuf mode_t
into a security class which can be used.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Since /tmp and /var/tmp get mounted over each other in sandbox we should
take the data from both.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
If init() was already called then avc will be set. If avc is set just
return.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
If audit2why.finish is called more than once the global avc variable
will be NULL, and thus dereferencing it will obviously cause problems.
Thus just bail if avc is NULL and we know cleanup is done.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
We were listing a number of service man pages (like httpd_selinux) in
the see also section of selinux.8. As that number of pages explodes it
does not make sense to try to list them all. Instead tell people to use
man -k selinux to find them.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
We should check that a type is a valid before assigning it with
semanage. Aka we should just that a type is a port type before assigning it
to a port, or a valid user type before assigning it to a user.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
update-po is a mechanism for sucking the latest english translations
out of the source code, but it ALWAYS updates all of the po files with things
like the last time the update-po was run even if there are no changes. This
results in having to do git checkins any time you run make at the top level.
Since so few people interact with the Translators I believe this should
be done on demand when they think it is time to get new translations.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
On failure, common if .bin is older than the text version, we will leak
the mmapfd. Don't do that.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
When loading the filecontext database, check to see if there is a newer
binary version. If so, mmap that file, is used to populate the regex db
instead of reading from the text representation and compiling regex's as
needed. If the text file is newer it will use the text version and
ignore the binary version.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
This is a new 'compiler' which tranforms the file context database into
a binary format. This binary format may be mmap'd in later removing the
need to compile the regular expression at run time.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
The expand_filename_trans() function consumed vast majority of time by comparsion
of two lists with dumb algorithm with O(n^2) complexity.
Now it chunks one list by it's filename_trans->stype value to limit length of
elements which needs to be walked when comparing filename_trans_t element with
this chunked list.
This change speeds-up se* commands by 80%.
Signed-off-by: Adam Tkac <atkac@redhat.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
We use strncpy which could leave a non-nul terminated string if the
source is longer than PATH_MAX. Add that nul.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
This patch started with work from John Reiser patch to estimate the
percent progress for restorecon/setfiles.
It has a lot of changes since then, to make it only happen on full
relabel, overwrite itself, shows 10ths of %, and does a lot better and
more useful job of estimation. We get all of the inodes on all mounted
FS. Since the number of inodes is not fixed and only an estimate I added
5% to the inode number, and forced the number to never go over 100.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
selinux.tbl is a Fedora translation file that doesn't make sense in
policycoreutils. Until we figure out how to deal with it, I'm not going
to push it. But I accidentally included it in the update-po make
target. Remove it from the make target.
Signed-off-by: Eric Paris <eparis@redhat.com>
If you are building "standard" policies(not MCS/MLS), libsemanage
will crash, which caused by strdup() to "level" NULL pointers.
For example, semodule -s refpolicy -b base.pp -i a.pp
Signed-off-by: Eric Paris <eparis@redhat.com>
If a role identifier is out of scope it would be skipped over during
expansion, accordingly, be it a role attribute, it should be skipped
over as well when role_fix_callback tries to propagate its capability
to all its sub-roles.
Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
It dynamically creates the policycoreutils "genhomedircon"
script during the build process in order not to hard-code
the full path to the semodule executable, as in general the
latter could reside in non-standard SBINDIR/USRSBINDIR
locations.
It might not be very stylish or it might appear cumbersome,
but at least the script should not break as easily as the
current static one.
The patch also edits the Makefile for the scripts so that
LOCALEDIR correctly uses $(PREFIX) rather than an absolute
path.
Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Manual page improvements for the file_contexts and related policy
configuration files (section 5):
- create links to selabel_file.5 not only for file_contexts.5 but
also for the other optional policy configuration files (including
the so-called file contexts "substitution" files);
- clarify the above mentioned manual page(s), in particular relatively
to the action performed by the so-called file contexts "substitution"
policy configuration files (aliasing/equivalence versus substitution);
- improve the explanation of the form that the "substitution" files
shall have.
Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Ship a restorecond.conf file that relabels all mount runtime files under /etc and
not just /etc/mtab.
Mount also uses /etc/mtab~[0-9]{0,20} lock files (the number corresponds to the
PID) and the /etc/mtab.tmp temporary file.
The above refers to mount from util-linux-2.21.2 from kernel.org. See mount -vvv
for the location of such files.
A patch is also available for the reference policy to fix this issue.
Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Fix fcontextRecords() in policycoreutils/semanage/seobject.py so
that semanage does not produce an error in fcontext mode when
the file_contexts.subs_dist file contains comments (prefixed by #).
Properly skip blank lines.
Treat both white space and tab as valid separators for the above
mentioned policy configuration file (v2). Minimum number of
changes (v2bis).
Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
Reported-by: Sven Vermeulen <sven.vermeulen@siphos.be>
Signed-off-by: Eric Paris <eparis@redhat.com>
audit2allow was generating rules which would not compile. We can only
do one per line, not tons of types at one time.
Signed-off-by: Eric Paris <eparis@redhat.com>
Instead of running the array two times, sorting the 'hasMeta' the first
time and the !hasMeta the second, run the array once putting hasMeta in
the front and !hasMeta in the back. Then ONLY run the !hasMeta section
a second time reversing its order so its sorted as it should be.
Signed-off-by: Eric Paris <eparis@redhat.com>
Right now find_stem_from_spec does a number of things:
- calculate the length of th stem
- look for that stem
- duplicate the stem
- add the stem to the array
break those things up a bit because the mmap version isn't going to need
to do some of those things.
Signed-off-by: Eric Paris <eparis@redhat.com>
