Commit Graph

824 Commits

Author SHA1 Message Date
Dan Walsh
1fbb15eb11 Add Laurent Bigonville fix to look at MAX_UID as well as MIN_UID in genhomedircon 2013-10-24 13:58:38 -04:00
Dan Walsh
874a976470 Fix handling of temporary file in sefcontext_compile.c
This way if something goes wrong regex file will not be corrupt.
2013-10-24 13:58:38 -04:00
Dan Walsh
c32da69e01 Fixes for procattr calls to handle cache properly.
We were asked not to link to libpthread but to use gcc internals.
We were not handling properly the fact that a cache was UNSET, and this
patch fixes this.
2013-10-24 13:58:38 -04:00
Dan Walsh
9639f5d9a8 Add decent constants for python for return of getenforce call. 2013-10-24 13:58:38 -04:00
Dan Walsh
22671378f1 Fix label substituion to work with the equiv path of "/"
Software collections are setting up equiv directories to the root directory.
2013-10-24 13:58:38 -04:00
Dan Walsh
7eec00a5be Add selinux_current_policy_path, which returns the a pointer to the loaded policy
Also change audit2why to look at the loaded policy rather then searching on disk for
the policy file.  It is more likely that you are examining the running policy.
2013-10-24 13:58:38 -04:00
Dan Walsh
403f2cfeb8 Change get_context_list to return an error rather then guess at a match.
In the past pam_selinux would return a bogus login context if the login program
was running with the wrong context.  If you ran sshd as unconfined_t
you might get the login user loggin in as pam_oddjob_mkhomedir_t or some other bogus
type.  This change fixes the code to return an error if it can not return a good
match.
2013-10-24 13:58:38 -04:00
Dan Walsh
f1598dff7e Support udev-197 and higher
The errno value was not set, causing wrong return notifications and
failing to have udev label things correctly.

See https://bugzilla.redhat.com/show_bug.cgi?id=909826#c24 and
see https://bugs.gentoo.org/show_bug.cgi?id=462626

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2013-10-24 13:58:37 -04:00
Dan Walsh
fd56c5230c Separate out the calling of local subs and dist subs in selabel_sub
We want to allow users to setup their substitions to run fist and then run
the distro subs second.  This fixes the problem where a user defines
a sub like /usr/local/foobar and we ignore it.  We need this for
software collections which is setting up local subs of /opt/src/foobar/root /
2013-10-24 13:58:37 -04:00
Dan Walsh
51d9a078c2 Patch to change *setfilecon to not return ENOSUP if context matches.
Tools like cp -A try to maintain the context of a program and call *setfilecon,
currently if the file system does not support XAttrs we return ENOSUPP.  We have
been requested to check if the context that is being set is the same to not return this
error.  So if I try to set the label on an nfs share to system_u:object_r:nfs_t:s0 and I get
ENOSUPP, it will not return an error.
2013-10-24 13:58:37 -04:00
Dan Walsh
756013edc5 This patch fixes python parsing.
Eliminates a potential memory leaks.
2013-10-24 13:58:37 -04:00
Dan Walsh
851266c180 define SELINUX_TRANS_DIR in selinux.h
I wanted to separate this directory out in order for a new patch to mcstransd to watch
this directory for newly created files, which it could then translate.

The idea is libvirt would write to /var/run/setrans/c0:c1,c2 with the contents of vm1, then
setrans could translate the processes to show system_u:system_r:svirt_t:vm1
2013-10-24 13:58:37 -04:00
Dan Walsh
ce2a8848ad Add selinux_systemd_contexts_path
systemd has some internal contexts like generated systemd unit files
that we want to allow it to check against processes trying to manage them.
2013-10-24 13:58:37 -04:00
Dan Walsh
7fe6036ca5 Add selinux_set_policy_root sets an alternate policy root directory path
This allows us to specify under which the compiled policy file and context configuration
files exist. We can use this with matchpathcon to check the labels under alternate policies,
and we can use it for sepolicy manpage to build manpages during policy build.
2013-10-24 13:58:37 -04:00
Dan Walsh
2af252621b Add missing man page for sefcontext_compile 2013-10-24 13:58:37 -04:00
Dan Walsh
2540b20096 Laurent Bigonville patch to fix various minor manpage issues and correct section numbering. 2013-10-24 13:58:37 -04:00
Dan Walsh
4d2dd33411 Allow " " and ":" in file name transtions
We have added a couple of file name transtitions that required a space and a colon.
2013-10-24 13:58:37 -04:00
Dan Walsh
f44a218e5c handle-unknown should be an optional argument 2013-10-24 13:58:37 -04:00
Dan Walsh
a8b3340288 Laurent Bigonville patch to allow overriding PATH Definitions in Makefiles 2013-10-24 13:58:37 -04:00
Dan Walsh
56b49ab711 Richard Haines patch that allows us discover constraint violation information
Basically we need this information to allow audit2allow/audit2why to better
describe which constraint is being broken.
2013-10-24 13:58:37 -04:00
Eric Paris
3f52a123af libsemanage: semanage_store: fix segfault introduced to fix memory leak
In the patch to fix a minor memory leak, I introduced a garuanteed
segfault.  The point to the stack variable will never be NULL, whereas
the value on the stack will be.

Signed-off-by: Eric Paris <eparis@redhat.com>
2013-02-05 20:43:22 -05:00
Eric Paris
e9410c9b06 VERSION BUMP FOR UPSTREAM PUSH 2013-02-05 20:22:02 -05:00
Eric Paris
ce39302fd0 libselinux: sefcontext_compile: do not leak fd on error
We open the file which is to be used to write the binary format of file
contexts.  If we hit an error actually writing things out, we return,
but never close the fd.  Do not leak.

Signed-off-by: Eric Paris <eparis@redhat.com>
2013-02-05 20:21:52 -05:00
Eric Paris
4e5eaacc59 libselinux: matchmediacon: do not leak fd
Every time matchmediacon is called we open the
selinux_media_context_path().  But we never close the file.  Close the
file when we are finished with it.

Signed-off-by: Eric Paris <eparis@redhat.com>
2013-02-05 20:21:52 -05:00
Eric Paris
1e8f102e8c libselinux: src/label_android_property: do not leak fd on error
We were opening the path, but if the fstat failed or it was not a
regular file we would return without closing the fd.  Fix my using the
common error exit path rather than just returning.

Signed-off-by: Eric Paris <eparis@redhat.com>
2013-02-05 20:21:52 -05:00
Eric Paris
5c0d7113de policycoreutils: sestatus: rewrite to shut up coverity
The code did:

len = strlen(string);
new_string = malloc(len);
strncpy(new_string, string, len - 1)

Which is perfectly legal, but it pissed off coverity because 99/100
times if you do new_string = malloc(strlen(string)) you are doing it
wrong (you didn't leave room for the nul).  I rewrote that area to just
use strdup and then to blank out the last character with a nul.  It's
clear what's going on and nothing looks 'tricky'.  It does cost us 1
byte of heap allocation.  I think we can live with that to have safer
looking string handling code.

Signed-off-by: Eric Paris <eparis@redhat.com>
2013-02-05 20:21:51 -05:00
Eric Paris
295abb370b libsemanage: semanage_store: do not leak memory in semanage_exec_prog
If vork() failed we would leak the arguments created in split_args().
Reorder the function so it will hopefully be easy to read and will not
leak memory.

Signed-off-by: Eric Paris <eparis@redhat.com>
2013-02-05 20:19:05 -05:00
Eric Paris
d1c606ba46 libsemanage: genhomedircon: remove useless conditional in get_home_dirs
We have minuid_set = 0 at the top of the function and then do a test
like:

if (!minuid_set || something)

But since minuid_set is always 0, we always call this code.  Get rid of
the pointless conditional.

Signed-off-by: Eric Paris <eparis@redhat.com>
2013-02-05 20:19:05 -05:00
Eric Paris
e1400f0404 libsemanage: genhomedircon: double free in get_home_dirs
Right before the call to semanage_list_sort() we do some cleanup.
Including endpwent(); free(rbuf); semanage_list_destroy(&shells);  If
the call to the list sort fails we will go to fail: and will do those
cleanups a second time.  Whoops.  Do the list sort before the generic
cleanups so the failure code isn't run after the default cleanup.

Signed-off-by: Eric Paris <eparis@redhat.com>
2013-02-05 20:19:04 -05:00
Eric Paris
d0c7f6ea4f libsemanage: fcontext_record: do not leak on error in semanage_fcontext_key_create
If the strdup failed, we would return without freeing tmp_key.  This is
obviously a memory leak.  So free that if we are finished with it.

Signed-off-by: Eric Paris <eparis@redhat.com>
2013-02-05 20:19:04 -05:00
Eric Paris
7d83d86ba1 libsemanage: genhomedircon: do not leak on failure in write_gen_home_dir_context
We generate a list of users, but we do not free that list on error.
Just keep popping and freeing them on error.

Signed-off-by: Eric Paris <eparis@redhat.com>
2013-02-05 20:19:04 -05:00
Eric Paris
06f2a7c3a9 libsemanage: semanage_store: do not leak fd
We use creat to create the lock file needed later.  But we never close
that fd, so it just sits around until the program exits.  After we
create the file we don't need to hold onto the fd.  close it.

Signed-off-by: Eric Paris <eparis@redhat.com>
2013-02-05 20:19:04 -05:00
Eric Paris
5812ec2fbb libsemanage: genhomedircon: do not leak shells list
If get_home_dirs() was called without usepasswd we would generate the
entire shell list, but would never use that list.  We would then not
free that list when we returned the homedir_list.  Instead, do not
create the list of shells until after we know it will be used.

Signed-off-by: Eric Paris <eparis@redhat.com>
2013-02-05 20:19:04 -05:00
Eric Paris
78d618422b libsemanage: semanage_store: do not leak on strdup failure
Inside split_args we do a = realloc(b) and strdup.  If the realloc
succeeds and then the strdup fails, we return NULL to the caller.  The
caller will then jump to an error code which will do a free(b).  This is
fine if the realloc failed, but is a big problem if realloc worked.  If
it worked b is now meaningless and a needs to be freed.

I change the function interface to return an error and to update "b"
from the caller.

Signed-off-by: Eric Paris <eparis@redhat.com>
2013-02-05 20:19:03 -05:00
Eric Paris
d16ebaace1 libsemanage: semanage_store: rewrite for readability
We did a bunch of:

	if ((blah = function(a0, a1, a2)) == NULL) {
		goto err;
	} else {
		something = blah;
	}

Which takes 5 lines and is a pain to read.  Instead:

	blah = function(a0, a1, a2);
	if (blah == NULL)
		goto err;
	something = blah;

Which takes 4 lines and is easier to read!

Winning!

Signed-off-by: Eric Paris <eparis@redhat.com>
2013-02-05 20:19:03 -05:00
Eric Paris
3a4fc087ee scripts: release: do not complain if release dir exists
I just don't like the error message when building tar files.

Signed-off-by: Eric Paris <eparis@redhat.com>
2013-02-05 20:19:03 -05:00
Eric Paris
221e6d4665 policycoreutils: seunshare: do checking on setfsuid
setfsuid return codes were not being checked.  Add checks to make sure
we are switching from and to what we expect.  Bail (most places) if we
didn't switch successfully.

Signed-off-by: Eric Paris <eparis@redhat.com>
2013-02-05 20:14:51 -05:00
Alice Chu
92788715dc libsepol: Fix memory leak issues found by Klocwork
Signed-off-by: Eric Paris <eparis@redhat.com>
2013-02-05 20:14:50 -05:00
Alice Chu
ab995a59b2 checkpolicy: Free allocated memory when clean up / exit.
Number of error paths and failures do not clean up memory.  Try to make
it better.

Signed-off-by: Eric Paris <eparis@redhat.com>
2013-02-05 20:14:50 -05:00
Eric Paris
0a5dc30456 policycoreutils: sandbox: seunshare: do not reassign realloc value
We were doing x = realloc(x, )  which is a big no no, since it leaks X
on allocation failure.  Found with static analysis tool from David
Malcolm.

Signed-off-by: Eric Paris <eparis@redhat.com>
2013-02-05 20:14:50 -05:00
Eric Paris
709e852aed policycoreutils: po: update translations
Signed-off-by: Eric Paris <eparis@redhat.com>
2013-02-05 20:14:49 -05:00
Dan Walsh
1730f7ca36 policycoreutils: fixfiles: relabel only after specific date
Turn verbose on for full relabel

Add check to see if / has a label, if not then force a full relabel.

Add ability to record OPTIONS into the the /.autorelabel file.

fixfiles -F onboot
writes out /.autorelabel with -F

fixfiles -B onboot
writes on /autorelaebl with -N BOOTDATE recorded.

The goal is to allow boot up sequence that sees /.autorelabel to hand any
options store in it, to fixfiles restore

OPTIONS=`cat /.autorelabel`
fixfiles $OPTIONS restore

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2013-02-05 20:14:49 -05:00
Dan Walsh
6697e4db8b policycoreutils: genhomedircon generation to allow spec file to pass in SEMODULE_PATH
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2013-02-05 20:14:49 -05:00
Dan Walsh
88f2791330 policycoreutils: restorecond: Add /etc/udpatedb.conf to restorecond.conf
vmware is doing some nasty stuff with it

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2013-02-05 20:14:48 -05:00
Eric Paris
3e4ab5e506 policycoreutils: genhomedircon: regenerate genhomedircon more often
The semodule_path file, inside scripts, which is used to tell the
Makefile where genhomedircon should point to find semodule, was not
being updated.  This patch makes sure we update this file every time
something builds, thus genhomedircon doesn't point to some wild out of
data file location.

Signed-off-by: Eric Paris <eparis@redhat.com>
2013-02-05 20:14:48 -05:00
Eric Paris
0834ff3022 libselinux: do not leak file contexts with mmap'd backend
We use strdup to store the intended context when we have an mmap'd
file backend.  We, however, skipped freeing those contexts.

Signed-off-by: Eric Paris <eparis@redhat.com>
2013-02-05 20:14:48 -05:00
Eric Paris
efb6347dd3 libselinux: unmap file contexts on selabel_close()
We were leaking all of the file context db because we didn't unmap them
on selabel_close()

Signed-off-by: Eric Paris <eparis@redhat.com>
2013-02-05 20:14:48 -05:00
Dan Walsh
9c83b206e1 libselinux: pkg-config do not specifc ruby version
pkg-config do not work if you specifiy the version of ruby in Fedora 19

Signed-off-by: Eric Paris <eparis@redhat.com>
2013-02-05 20:14:48 -05:00
Dan Walsh
b2de32675a policycoreutils: gui: If you are not able to read enforcemode set it to False
Signed-off-by: Eric Paris <eparis@redhat.com>
2013-02-05 20:14:47 -05:00
Miroslav Grepl
3dd13f7d08 sepolgen: understand role attributes
Parse and handle role attributes in sepolgen.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2013-02-05 20:14:47 -05:00