Commit Graph

687 Commits

Author SHA1 Message Date
Joshua Brindle
25ce102907 Add security_validatetrans support
It seems validatetrans support was never added to libselinux, despite being added to
selinuxfs in kernel version 4.5

There is a utility to test, however the targeted policy has no validatetrans rules so some must be added:

$ cat validatetrans.cil
(mlsvalidatetrans db_table (and (or (or (or (eq l1 l2) (and (eq t3 unconfined_t) (domby l1 l2))) (and (eq t3 unconfined_t) (dom l1 l2))) (and (eq t3 unconfined_t) (incomp l1 l2))) (or (or (or (eq l1 h2) (and (eq t3 unconfined_t) (domby h1 h2))) (and (eq t3 unconfined_t) (dom h1 h2))) (and (eq t3 unconfined_t) (incomp h1 h2)))))

$ sudo semodule -i validatetrans.cil

$ ./validatetrans system_u:system_r:kernel_t:s0 system_u:system_r:init_t:s0:c0 db_table system_u:system_r: # invalid context here
opening /sys/fs/selinux/validatetrans
security_validatetrans returned -1 errno: Invalid argument

$ ./validatetrans system_u:system_r:kernel_t:s0 system_u:system_r:init_t:s0:c0 db_table system_u:system_r:init_t:s0
opening /sys/fs/selinux/validatetrans
security_validatetrans returned -1 errno: Operation not permitted

$ ./validatetrans system_u:system_r:kernel_t:s0 system_u:system_r:init_t:s0:c0 db_table system_u:system_r:unconfined_t:s0
opening /sys/fs/selinux/validatetrans
security_validatetrans returned 0 errno: Success

Signed-off-by: Joshua Brindle <joshua.brindle@crunchydata.com>
2019-04-09 06:51:02 -07:00
Petr Lautrbach
891cfee44f Update VERSIONs to 2.9 for release.
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2019-03-15 11:32:30 +01:00
Petr Lautrbach
707e4b8610 libselinux: Do not define gettid() if glibc >= 2.30 is used
Since version 2.30 glibc implements gettid() system call wrapper, see
https://sourceware.org/bugzilla/show_bug.cgi?id=6399

Fixes:
cc -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -I../include -D_GNU_SOURCE  -DNO_ANDROID_BACKEND   -c -o procattr.o procattr.c
procattr.c:28:14: error: static declaration of ‘gettid’ follows non-static declaration
   28 | static pid_t gettid(void)
      |              ^~~~~~
In file included from /usr/include/unistd.h:1170,
                 from procattr.c:2:
/usr/include/bits/unistd_ext.h:34:16: note: previous declaration of ‘gettid’ was here
   34 | extern __pid_t gettid (void) __THROW;
      |                ^~~~~~

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2019-03-13 13:23:50 -04:00
Petr Lautrbach
486aa7d991 libselinux: Add security_reject_unknown(3) man page
Commit c19395d722 ("libselinux: selinux_set_mapping: fix handling of unknown
classes/perms") added a new interface security_reject_unknown() which needs to
be documented.

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2019-03-11 11:47:36 -04:00
Petr Lautrbach
ee1809f453 Update VERSIONs to 2.9-rc2 for release.
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2019-03-01 13:58:20 +01:00
Stephen Smalley
c19395d722 libselinux: selinux_set_mapping: fix handling of unknown classes/perms
The libselinux selinux_set_mapping() implementation was never updated
to handle unknown classes/permissions based on the policy handle_unknown
flag.  Update it and the internal mapping functions to gracefully
handle unknown classes/permissions.  Add a security_reject_unknown()
interface to expose the corresponding selinuxfs node and use it when
creating a mapping to decide whether to fail immediately or proceed.

This enables dbus-daemon and XSELinux, which use selinux_set_mapping(),
to continue working with the dummy policy or other policies that lack
their userspace class/permission definitions as long as the policy
was built with -U allow.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2019-03-01 12:51:31 +01:00
Petr Lautrbach
1952be65dc Switch to python3 by default
- Python 2.7 is planned to be the last of the 2.x releases
- It's generally advised to use Python 3
- Majority of python/ scripts are already switched python3
- Users with python 2 only can still use:

$ make PYTHON=/usr/bin/python ....

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2019-02-20 16:43:27 +01:00
Stephen Smalley
6b89b1f9c1 libselinux: fix selinux_restorecon() on non-SELinux hosts
The kernel only supports seclabel if it is >= 2.6.30 _and_
SELinux is enabled, since seclabel is generated by SELinux
based partly on policy (e.g. is the filesystem type configured in policy
with a labeling behavior that supports userspace labeling). For some
reason, when this logic was moved from setfiles to libselinux,
the test of whether SELinux was enabled was dropped.  Restore it.

This is necessary to enable use of setfiles on non-SELinux hosts
without requiring explicit use of the -m option.

Fixes: 602347c742 ("policycoreutils: setfiles - Modify to use selinux_restorecon")
Reported-by: sajjad ahmed <sajjad_ahmed782@yahoo.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Richard Haines <richard_c_haines@btinternet.com>
Reported-by: sajjad ahmed &lt;<a href="mailto:sajjad_ahmed782@yahoo.com" target="_blank">sajjad_ahmed782@yahoo.com</a>&gt;<br>
Signed-off-by: Stephen Smalley &lt;<a href="mailto:sds@tycho.nsa.gov" target="_blank">sds@tycho.nsa.gov</a>&gt;<br>
2019-02-20 11:21:33 +01:00
Petr Lautrbach
5d59284381
libselinux: Fix RESOURCE_LEAK defects reported by coverity scan
Fixes:

libselinux/src/checkAccess.c:93: leaked_storage: Variable "user_context" going out of scope leaks the storage it points to.
libselinux/src/label_db.c:286: leaked_storage: Variable "filp" going out of scope leaks the storage it points to.
libselinux/src/label_db.c:291: leaked_storage: Variable "filp" going out of scope leaks the storage it points to.
libselinux/src/label_file.c:405: leaked_storage: Variable "str_buf" going out of scope leaks the storage it points to.
libselinux/src/load_policy.c:266: leaked_storage: Variable "names" going out of scope leaks the storage it points to.
libselinux/src/selinux_config.c:183: leaked_storage: Variable "end" going out of scope leaks the storage it points to.
libselinux/src/selinux_config.c:184: overwrite_var: Overwriting "end" in "end = type + strlen(type) - 1" leaks the storage that "end" points to.
libselinux/src/selinux_restorecon.c:376: leaked_storage: Variable "new_entry" going out of scope leaks the storage it points to.
libselinux/src/selinux_restorecon.c:855: leaked_storage: Variable "xattr_value" going out of scope leaks the storage it points to.

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2019-02-10 17:52:09 +01:00
Petr Lautrbach
347719d15f
libselinux/selinux_restorecon: Skip customized files also without -v
In the original code, customizable file contexts were not changed only if -v was
used. It lead to different behavior when selinux_restorecon was run with -v and
without it.

Based on an initial patch by Jan Zarsky <jzarsky@redhat.com>

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2019-02-10 17:06:00 +01:00
Petr Lautrbach
fdb242ef1b
libselinux: Change matchpathcon usage to match with matchpathcon manpage
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2019-02-04 22:11:22 +01:00
Petr Lautrbach
5689d82a44
libselinux: set an appropriate errno in booleans.c
Fixes:
$ mkdir booleans
$ sudo mount --bind ./booleans /sys/fs/selinux/booleans
$ sudo getsebool -a
getsebool:  Unable to get boolean names:  Success

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2019-02-04 22:11:13 +01:00
Viktor Ashirov
474a09233c
python/restorecon: add force option
This adds 'force' keyword argument to selinux.restorecon() function
using SELINUX_RESTORECON_SET_SPECFILE_CTX flag.

Signed-off-by: Viktor Ashirov <vashirov@redhat.com>
2019-02-04 20:23:32 +01:00
Aleksei Nikiforov
0445e65d83 Allow installing translated man pages
Signed-off-by: Aleksei Nikiforov <darktemplar@basealt.ru>
2019-01-28 12:03:57 +01:00
Aleksei Nikiforov
e3e3873de7 Add man pages translation by Olesya Gerasimenko
Signed-off-by: Olesya Gerasimenko <gammaray@basealt.ru>
Signed-off-by: Aleksei Nikiforov <darktemplar@basealt.ru>
2019-01-28 12:03:57 +01:00
Petr Lautrbach
53312c7d61 Update VERSIONs to 2.9-rc1 for release.
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2019-01-25 11:48:54 +01:00
Petr Lautrbach
de5d5ede60 libselinux/audit2why.so: Filter out non-python related symbols
audit2why.so used to export libsepol.a symbols. We only need Python related
symbols:

- initaudit2why for python 2
- PyInit_audit2why for python3

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2019-01-21 12:13:41 +01:00
Nicolas Iooss
689a6eb576 libselinux: do not dereference symlink with statfs in selinux_restorecon
When selinux_restorecon() is used to relabel symlinks, it performs the
following syscalls (as seen by running strace on restorecond):

    lstat("/root/symlink", {st_mode=S_IFLNK|0777, st_size=6, ...}) = 0
    statfs("/root/symlink", 0x7ffd6bb4d090) = -1 ENOENT (No such file or directory)
    lstat("/root/symlink", {st_mode=S_IFLNK|0777, st_size=6, ...}) = 0
    lgetxattr("/root/symlink", "security.selinux", "sysadm_u:object_r:user_home_t", 255) = 30

The second one triggers a SELinux check for lnk_file:read, as statfs()
dereferences symbolic links. This call to statfs() is only used to find
out whether "restoreconlast" xattr can be ignored, which is always the
case for non-directory files (the first syscall, lstat(), is actually
used to perform this check).

Skip the call to statfs() when setrestoreconlast is already false.

This silences an AVC denial that would otherwise be reported to
audit.log (cf. https://github.com/SELinuxProject/refpolicy/pull/22).

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2019-01-18 11:13:19 -05:00
William Roberts
9fe430345a Makefile: add -Wstrict-overflow=5 to CFLAGS
Build with strict overflow checking enabled. If the compiler optimizes
code that could be removed due to undefined signed overflow, then the
compiler will issue a warning.

Signed-off-by: William Roberts <william.c.roberts@intel.com>
2018-12-31 08:06:29 -08:00
William Roberts
97edcebd1e build: set _FORTIFY_SOURCE=2 in libselinux
Use -D_FO0RTIFY_SOURCE=2 when building libselinux and it's util library.
Note that this can be overridden by setting CFLAGS during the build.

Signed-off-by: William Roberts <william.c.roberts@intel.com>
2018-12-31 08:06:29 -08:00
William Roberts
4f96b323b0 Makefile: fix _FORTIFY_SOURCE redefined build error
Certain builds of gcc enable _FORTIFY_SOURCE which results in the error:
<command-line>:0:0: warning: "_FORTIFY_SOURCE" redefined
<command-line>:0:0: note: this is the location of the previous definition

Correct this by undefining it first and redefining it. Also, the previous
command line option was using -Wp which is passing the value *AS IS* to the
pre-processor rather than to the compiler driver. The C pre-processor has
an undocumented interface subject to change per man 1 gcc. Just use the
-D option to specify this value.

Signed-off-by: William Roberts <william.c.roberts@intel.com>
2018-12-31 08:06:29 -08:00
Nicolas Iooss
b4b0074294
libselinux: selinux_restorecon: fix printf format string specifier for uint64_t
fc_count is defined as uint64_t, which needs to be printed with PRIu64
(it is "llu" on x86 and "lu" on x86-64). Otherwise, building with
'CC="gcc -m32"' fails with:

    selinux_restorecon.c: In function ‘restorecon_sb’:
    selinux_restorecon.c:633:26: error: format ‘%lu’ expects argument of
    type ‘long unsigned int’, but argument 3 has type ‘uint64_t’ {aka
    ‘long long unsigned int’} [-Werror=format=]
         fprintf(stdout, "\r%luk", fc_count / STAR_COUNT);
                            ~~^
                            %llu

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-11-10 17:32:06 +01:00
Stephen Smalley
3f99b14939 libselinux: fix overly strict validation of file_contexts.bin
load_mmap and regex_load_mmap (in the !USE_PCRE2 case) were
incorrectly treating the absence of any fixed stems or study data
as an error, rejecting valid file_contexts.bin files.  Remove
the extraneous validation checks.

Test:
$ cat > file_contexts <<EOF
(/.*)?                u:object_r:system_file:s0
/lib                   u:object_r:system_dir:s0
EOF
$ sefcontext_compile file_contexts
$ selabel_lookup -b file -k /lib -f file_contexts.bin

Before:
ERROR: selabel_open - Could not obtain handle.

After:
Default context: u:object_r:system_dir:s0

Reported-by: Jiyong Park <jiyong@google.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2018-11-05 09:31:45 -05:00
Hollis Blanchard
70b9658d8c
Fix build break around __atomic_*() with GCC<4.7
The __atomic_* GCC primitives were introduced in GCC 4.7, but Red Hat
Enterprise Linux 6.x (for example) provides GCC 4.4. Tweak the current code to
use the (most conservative) __sync_synchronize() primitive provided by those
older GCC versions.

Fixes https://github.com/SELinuxProject/selinux/issues/97

(Really, no __atomic or __sync operations are needed here at all, since POSIX
4.12 "Memory Synchronization" says pthread_mutex_lock() and
pthread_mutex_unlock() "synchronize memory with respect to other threads"...)
2018-08-22 22:56:08 +02:00
Nicolas Iooss
70c06e38be
libselinux: add a const to suppress a build warning with Python 3.7
On systems using Python 3.7, when compiling libselinux Python wrappers
(with "make install-pywrap"), the following warning is reported by gcc:

    audit2why.c: In function ‘analyze’:
    audit2why.c:364:11: warning: assignment discards ‘const’ qualifier
    from pointer target type [-Wdiscarded-qualifiers]
       permstr = _PyUnicode_AsString( strObj );
               ^

Make permstr "const char *" in order to suppress this warning.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-08-19 17:55:13 +02:00
Nicolas Iooss
646bdeb939
libselinux: fix flake8 warnings in SWIG-generated code
flake8, a Python linter, complains:

    libselinux/src/selinux.py💯1: F401 'errno' imported but unused
    libselinux/src/selinux.py💯1: F401 'stat' imported but unused
    libselinux/src/selinux.py💯14: E401 multiple imports on one line
    libselinux/src/selinux.py:130:16: E111 indentation is not a multiple of four
    libselinux/src/selinux.py:130:45: E231 missing whitespace after ','

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-08-15 22:12:07 +02:00
Yuri Chornoivan
f032946cf9 Fix minor typos
Signed-off-by: Yuri Chornoivan <yurchor@ukr.net>
2018-06-30 20:28:25 +02:00
Laurent Bigonville
ad83ab51c0 libselinux: fix the whatis line for the selinux_boolean_sub.3 manpage
Signed-off-by: Laurent Bigonville <bigon@bigon.be>
2018-05-30 22:07:49 +02:00
Laurent Bigonville
c6629b0db8 libselinux: Fix line wrapping in selabel_file.5
Fix line wrapping with limited to 80 columns

Fix lintian error:
W: selinux-utils: manpage-has-errors-from-man usr/share/man/man5/selabel_file.5.gz 104: warning [p 2, 10.0i]: cannot adjust line

Signed-off-by: Laurent Bigonville <bigon@bigon.be>
2018-05-30 22:07:49 +02:00
Laurent Bigonville
f42c3d4564 libselinux: Fix spelling errors in manpages
Signed-off-by: Laurent Bigonville <bigon@bigon.be>
2018-05-30 22:07:48 +02:00
Stephen Smalley
a9f8a101fd Update VERSIONs to 2.8 for release.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2018-05-24 14:21:09 -04:00
Jason Zaman
ab0e27003e libselinux: enable linking to musl-fts
Musl libc does not include the fts(3) functions so need to link to the
musl-fts library
https://github.com/pullmoll/musl-fts

Signed-off-by: Jason Zaman <jason@perfinion.com>
2018-05-17 13:07:33 +08:00
Stephen Smalley
20c9b4971e Update VERSION files to 2.8-rc3
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2018-05-10 11:08:22 -04:00
Stephen Smalley
c41633b90e libselinux: audit2why: fix build warnings
Fix the following build warnings.

audit2why.c: In function ‘__policy_init’:
audit2why.c:207:22: warning: ‘%s’ directive output may be truncated writing up to 4095 bytes into a region of size 4081 [-Wformat-truncation=]
      "unable to open %s:  %s\n",
                      ^~
      path, strerror(errno));
      ~~~~
audit2why.c:206:4: note: ‘snprintf’ output 20 or more bytes (assuming 4115) into a destination of size 4096
    snprintf(errormsg, sizeof(errormsg),
    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      "unable to open %s:  %s\n",
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~
      path, strerror(errno));
      ~~~~~~~~~~~~~~~~~~~~~~
audit2why.c:253:28: warning: ‘%s’ directive output may be truncated writing up to 4095 bytes into a region of size 4074 [-Wformat-truncation=]
     "invalid binary policy %s\n", path);
                            ^~     ~~~~
audit2why.c:252:3: note: ‘snprintf’ output between 24 and 4119 bytes into a destination of size 4096
   snprintf(errormsg, sizeof(errormsg),
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     "invalid binary policy %s\n", path);
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2018-05-08 08:11:58 -04:00
Stephen Smalley
e76569f863 libselinux: avcstat: fix build warning
Fix the following build warning.

avcstat.c: In function ‘main’:
avcstat.c:113:4: error: ‘strncpy’ specified bound 4096 equals destination size [-Werror=stringop-truncation]
    strncpy(avcstatfile, optarg, sizeof avcstatfile);
    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2018-05-08 08:11:58 -04:00
Stephen Smalley
8467979d41 libselinux: fix build warning in save_booleans()
Fix the following warning in save_booleans().  We could likely drop
the function altogether, either ignoring or returning EINVAL if
a non-zero permanent argument is passed to security_set_boolean_list(),
since setting persistent booleans is now handled via libsemanage.  This
code and the corresponding security_load_booleans() code is legacy from
RHEL4 days and could be removed although we would need to keep the ABI
for compatibility.

booleans.c: In function ‘save_booleans’:
booleans.c:441:13: error: ‘%d’ directive output may be truncated writing between 1 and 11 bytes into a region of size between 0 and 8191 [-Werror=format-truncation=]
         "%s=%d\n", boolname,
             ^~
booleans.c:440:7: note: ‘snprintf’ output between 4 and 8205 bytes into a destination of size 8192
       snprintf(outbuf, sizeof(outbuf),
       ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         "%s=%d\n", boolname,
         ~~~~~~~~~~~~~~~~~~~~
         boollist[i].value);
         ~~~~~~~~~~~~~~~~~~
booleans.c:454:12: error: ‘%d’ directive output may be truncated writing between 1 and 11 bytes into a region of size between 0 and 8191 [-Werror=format-truncation=]
        "%s=%d\n", boolname, val);
            ^~
booleans.c:453:6: note: ‘snprintf’ output between 4 and 8205 bytes into a destination of size 8192
      snprintf(outbuf, sizeof(outbuf),
      ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        "%s=%d\n", boolname, val);
        ~~~~~~~~~~~~~~~~~~~~~~~~~

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2018-05-08 08:11:58 -04:00
Stephen Smalley
dc03bae194 Update VERSION files to 2.8-rc2.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2018-04-26 13:20:40 -04:00
Stephen Smalley
87a58b6b4e Revert "libselinux: verify file_contexts when using restorecon"
This reverts commit 814631d3ae.
As reported by Petr Lautrbach, this commit changed the behavior
of selabel_open() when SELABEL_OPT_VALIDATE is 0, and this would
be an API change.

Reported-by: Petr Lautrbach <plautrba@redhat.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2018-04-20 10:12:57 -04:00
Stephen Smalley
f04d64012a Update VERSION files to 2.8-rc1
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2018-04-19 10:40:16 -04:00
Nicolas Iooss
efc77aa209 libselinux: remove unused variable usercon
In getconlist.c, main() does not use usercon. Remove this variable.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-04-17 13:55:57 -07:00
Nicolas Iooss
5f76f6b8fb libselinux: fix memory leak in getconlist
In getconlist.c's main(), "level" is duplicated from an optional
argument without being ever freed. clang's static analyzer warns about
this memory leak.

Free the allocated memory properly in order to remove a warning reported
by clang's static analyzer.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-04-17 13:55:57 -07:00
Nicolas Iooss
c56bb631c4 libselinux: label_file: fix memory management in store_stem()
If store_stem() fails to expand the memory allocated on data->stem_arr,
some things go wrong:
* the memory referenced by "buf" is leaked,
* data->alloc_stems has been increased without data->stem_arr having
  been expanded. So the next time store_stem() is called, the function
  will behave as if the buffer holds enough space, and will write data
  after the end of data->stem_arr.

The first issue is being spotted by clang's static analyzer, which warns
about leaking variable "stem" in find_stem_from_spec() (this function
calls store_stem()).

This both issues by freeing buf when realloc(data->stem_arr) fails, and
by not increasing data->alloc_stems when this happens.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-04-17 13:55:57 -07:00
Yuli Khodorkovskiy
3e47c239ec libselinux: echo line number of bad label in selabel_fini()
Keep track of line numbers for each file context in
selabel_handle. If an error occurs in selabel_fini(), the
line number of an invalid file context is echoed to the user.

Signed-off-by: Yuli Khodorkovskiy <ykhodo@gmail.com>
2018-04-04 11:09:11 -05:00
Yuli Khodorkovskiy
814631d3ae libselinux: verify file_contexts when using restorecon
In permissive mode, calling restorecon with a bad label in file_contexts
does not verify the label's existence in the loaded policy. This
results in any label successfully applying to a file, as long as the
file exists.

This issue has two assumptions:

1) file_contexts must be manually updated with the invalid label.
Running `semanage fcontext` will error when attempting to add
an invalid label to file_contexts.
2) the system must be in permissive. Although applying an invalid label
in enforcing gives an error and fails, successfully labeling a file with a
bad label could cause issues during policy development in permissive.

Instead, as each context is used, verify it is valid before blindly
applying the label. If an error with validation occurs in restorecon,
application of remaining valid labels will be uninterrupted as before.

Signed-off-by: Yuli Khodorkovskiy <ykhodo@gmail.com>
2018-04-04 11:09:11 -05:00
Nicolas Iooss
07629c0a9f
libselinux,libsemanage: Replace PYSITEDIR with PYTHONLIBDIR
libselinux and libsemanage Makefiles invoke site.getsitepackages() in
order to get the path to the directory /usr/lib/pythonX.Y/site-packages
that matches the Python interpreter chosen with $(PYTHON). This method
is incompatible with Python virtual environments, as described in
https://github.com/pypa/virtualenv/issues/355#issuecomment-10250452 .
This issue has been opened for more than 5 years.

On the contrary python/semanage/ and python/sepolgen/ Makefiles use
distutils.sysconfig.get_python_lib() in order to get the site-packages
path into a variable named PYTHONLIBDIR. This way of computing
PYTHONLIBDIR is compatible with virtual environments and gives the same
result as PYSITEDIR.

As PYTHONLIBDIR works in more cases than PYSITEDIR, make libselinux and
libsemanage Makefiles use it. And as native code is installed (as part
of the SWIG wrapper), use "plat_specific=1" in order to use /usr/lib64
on systems which distinguish /usr/lib64 from /usr/lib.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Acked-by: Petr Lautrbach <plautrba@redhat.com>
2018-03-17 09:03:33 +01:00
Marcus Folkesson
b24980ec07 libselinux: build: follow standard semantics for DESTDIR and PREFIX
This patch solves the following issues:
- The pkg-config files generates odd paths when using DESTDIR without PREFIX
- DESTDIR is needed during compile time to compute library and header paths which it should not.
- Installing with both DESTDIR and PREFIX set gives us odd paths
- Make usage of DESTDIR and PREFIX more standard

Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
2018-02-14 15:59:36 +01:00
Richard Haines
8bcee84421 libselinux: Correct manpages regarding removable_context
The selabel_media(5) man page incorrectly stated that the
removable_context(5) would be read if an selabel_lookup(3)
failed. Correct the man pages that fixes [1].

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1395621

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
2018-01-13 10:49:13 -08:00
Petr Lautrbach
80d6927b69 libselinux: Add support for pcre2 to pkgconfig definition
When libselinux is built using USE_PCRE2 libselinux.pc needs to require
libpcre2-8 instead of libpcre.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1487521

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2017-10-13 15:24:23 -04:00
Stephen Smalley
53bb2a11c2 checkpolicy,libselinux,libsepol,policycoreutils: Update my email address
Update my email address since epoch.ncsc.mil no longer exists.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2017-08-17 14:17:12 -04:00
Stephen Smalley
1bac758bf6 Update VERSION files for 2.7 release.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2017-08-04 09:31:00 -04:00