Do not remove the runtime directory /run/setrans/, which is the parent
for the security context translation socket .setrans-unix, when the
service is stopped, so the path can not be taken over by a foreign
program, which could lead to a compromise of the context translation of
libselinux.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Quoting pcre.org:
There are two major versions of the PCRE library. The current
version, PCRE2, released in 2015, is now at version 10.39.
The older, but still widely deployed PCRE library, originally
released in 1997, is at version 8.45. This version of PCRE is now at
end of life, and is no longer being actively maintained. Version
8.45 is expected to be the final release of the older PCRE library,
and new projects should use PCRE2 instead.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Petr Lautrbach <plautrba@redhat.com>
Mark local functions static.
Export functions of mcscolor.c in mcscolor.h and avoid bare extern
function declarations.
Drop unused function emit_whitespace().
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
On Ubuntu 20.04, when building with clang -Werror -Wextra-semi-stmt
(which is not the default build configuration), the compiler reports:
mcstransd.c:72:35: error: empty expression statement has no effect;
remove unnecessary ';' to silence this warning
[-Werror,-Wextra-semi-stmt]
log_debug("%s\n", "cleanup_exit");
^
Replace the empty log_debug substitution with a do { ... } while (0)
construction to silence this warning.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
The return value of context_new needs to be free with context_free.
Signed-off-by: bauen1 <j2468h@gmail.com>
Acked-by: William Roberts <william.c.roberts@intel.com>
It stopped too early, exposing a bug in sudo selinux_restore_tty():
SELINUX_ERR op=setxattr invalid_context="wheel.id:wheel.role:users.terminals.pty.pty_file:SystemLow"
avc: denied { mac_admin } for pid=859 comm="sudo" capability=33 scontext=wheel.id:wheel.role:sudo.wheel.subj:s0 tcontext=wheel.id:wheel.role:sudo.wheel.subj:s0 tclass=capability2 permissive=0
If we want to be able to reference human readable contexts in SELinuxContext= and nspawn -Z and -L then we need mcstrans ASAP
v2: stop late, but do stop
Signed-off-by: Dominick Grift <dac.override@gmail.com>
Acked-by: Petr Lautrbach <plautrba@redhat.com>
Follow-up of: 9eb9c93275 ("Get rid of security_context_t and fix const declarations.")
Acked-by: William Roberts <william.c.roberts@intel.com>
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Use codespell (https://github.com/codespell-project/codespell) in order
to find many common misspellings that are present in English texts.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
This reverts commit fe17b3d2d9.
MLS ranges should be compared based on dominance.
This fixes mlscolor-test on mcstrans examples.
Eg. mlscolor-test using /usr/share/mcstrans/examples/urcsts when executed on mls
machine fails as follows:
\#pushd /usr/share/mcstrans/examples/urcsts
\#cp -f secolor.conf /etc/selinux/mls/secolor.conf
\#cp -f setrans.conf /etc/selinux/mls/setrans.conf
\#systemctl restart mcstransd
\#python3 /usr/share/mcstrans/util/mlscolor-test urcsts.color
For 'system_u:system_r:inetd_t:SystemLow' got
'#000000#000000#000000#000000#000000#000000#000000#000000' expected
'#000000#000000#000000#000000#000000#000000#000000#008000'
...
mlscolor-test done with 19 errors
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
raw_color() uses color_str as an output argument which is assigned to a new
allocated memory. Therefore it should fail when color_str is null; or
when *color_str is not null in order to avoid a memory leak.
Fixes:
>>> selinux.selinux_raw_context_to_color('system_u:system_r:inetd_t:s0')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
OSError: [Errno 0] Error
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
There is a call to getpeercon_raw() in mcstransd, but nothing is done
with the context. The purpose of process_request() is to translate a
context and we would like that to succeed even if, for some reason,
getpeercon_raw() fails.
Signed-off-by: Yuli Khodorkovskiy <yuli@crunchydata.com>
Signed-off-by: Joshua Brindle <joshua.brindle@crunchydata.com>
There are many memory leaks in mcstrans. Clean them up in order to
reduce the noise in clang's static analyzer report. Some are remaining,
because they are more complex to fix.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
The toolchain automatically handles them and they break cross compiling.
LDFLAGS should also come before object files, some flags (eg,
-Wl,as-needed) can break things if they are in the wrong place)
Gentoo-Bug: https://bugs.gentoo.org/500674
Signed-off-by: Jason Zaman <jason@perfinion.com>
- Sort included header files by their number of path components then
alphabetically.
- Include unistd.h and sys/types.h only once.
- Include sys/uio.h to get readv() and writev() declarations when
compiling with musl libc.
- Include poll.h instead of sys/poll.h as building with musl results in
the following message:
/usr/lib/musl/include/sys/poll.h:1:2: error: #warning redirecting
incorrect #include <sys/poll.h> to <poll.h> [-Werror=cpp]
#warning redirecting incorrect #include <sys/poll.h> to <poll.h>
^~~~~~~
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
When running "make install" in the root directory of the project, with
variable DESTDIR set and while being on a system without SELinux, the
compiler complains while building:
fatal error: selinux/selinux.h: No such file or directory
Other subdirectories add -I$(PREFIX)/include to CFLAGS and -L$(LIBDIR)
to the linking command line, in order to find libselinux headers and .so
file. Do this too in mcstrans.
While at it, mcstrans Makefile uses -I../include but this directory does
not exist. Remove this option.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
All the other makefiles just have LIBDIR optionally set so it can be
overridden. These makefiles were autodetecting incorrectly. uname -i
returns "GenuineIntel" so should have been uname -m.
Signed-off-by: Jason Zaman <jason@perfinion.com>
Fix the following warnings from clang.
mcstrans.c:1309:6: warning: variable 'groups' is used uninitialized whenever 'if' condition is true [-Wsometimes-uninitialized]
if (violates_constraints(l)) {
^~~~~~~~~~~~~~~~~~~~~~~
mcstrans.c:1491:9: note: uninitialized use occurs here
while (groups)
^~~~~~
mcstrans.c:1309:2: note: remove the 'if' if its condition is always false
if (violates_constraints(l)) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
mcstrans.c:1303:6: warning: variable 'groups' is used uninitialized whenever 'if' condition is true [-Wsometimes-uninitialized]
if (!l)
^~
mcstrans.c:1491:9: note: uninitialized use occurs here
while (groups)
^~~~~~
mcstrans.c:1303:2: note: remove the 'if' if its condition is always false
if (!l)
^~~~~~~
mcstrans.c:1299:6: warning: variable 'groups' is used uninitialized whenever 'if' condition is true [-Wsometimes-uninitialized]
if (!level)
^~~~~~
mcstrans.c:1491:9: note: uninitialized use occurs here
while (groups)
^~~~~~
mcstrans.c:1299:2: note: remove the 'if' if its condition is always false
if (!level)
^~~~~~~~~~~
mcstrans.c:1316:2: note: variable 'groups' is declared here
word_group_t *groups = NULL;
^
3 warnings generated.
mcscolor.c:334:24: warning: size argument in 'strncat' call appears to be size of the source [-Wstrncat-size]
strncat(result, buf, sizeof(buf));
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
