Running valgrind flagged up three "definitely lost" malloc/realloc errors
when checking constraints.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Allow mls/constraint mls/validatetrans constraints to be displayed
in debug mode. If POLICY_KERN version is >=
POLICYDB_VERSION_CONSTRAINT_NAMES then the policy defined
types/attributes will be returned.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
This will return mls/validatetrans constraint information for each
expression in a buffer. If POLICY_KERN version is >=
POLICYDB_VERSION_CONSTRAINT_NAMES then the policy defined types/attributes
will be returned.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The default encoding patch, was never upstreamed. default_encoding module
switched python2 to always use unicode. Potentially in some languages
semanage will blow up when errors are reported.
The need for this patch is going away in python3, which should be the default
in Fedora 21/22.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlJ5DT4ACgkQrlYvE4MpobMvrgCfcEvZY4q7F17q9dbYJrHJXpae
Ut8AoM2TP99Ca0/lJAjoMTGsqr50P35/
=BHTe
-----END PGP SIGNATURE-----
make-update script is for generating an update for an existing release,
e.g. for a bug fix update.
release script is for generating a new release.
Per-package tagging may fail on the release script if the version
has not changed; this is harmless.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Tag the release before generating it, and automatically generate
a template for use in updating the wiki page. Also, make the
output directory unique to each release, delete any prior contents,
and tell the user where to find it.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Help the administrator/policy developer to see what parts of the label are different.
For example if you get a constraint violation and the role of the source and target
differ, audit2allow will suggest this might be the problem.
This patch uses Richard Haines fixes in libsepol to help identify which
constraint is blocking access. The end goal is helping policy writers
and administrators to diagnose issues with their policy.
Adds policy source defined 'type' or 'typeattribute' names to
constraints by adding additional structures (->type_names->types) to a
binary policy.
Before this change all typeattributes were expanded to lists of types
and added to the constraint under ->names. This made it difficult for
system admins to determine from the policy source what attribute
needed to be updated. To facilitate analysis of constraint failures
a new function has also been added, see sepol_compute_av_reason_buffer.
As additional structures have been added to policy, the policy version
is also updated (POLICYDB_VERSION_CONSTRAINT_NAMES). There is also a
corresponding kernel patch to handle the additional structures.
sepol_compute_av_reason_buffer is an extended version of
sepol_compute_av_reason. This will return a buffer with constraint
expression information, containing the constrain type, class, perms,
keywords etc.. It will also contain which constraint expr failed plus
the final outcome. The buffer MUST be free'd with free(3).
The type information output by sepol_compute_av_reason_buffer depends on
the policy version:
If >= POLICYDB_VERSION_CONSTRAINT_NAMES, then the output will be
whatever was in the original policy (type or attribute names).
If < POLICYDB_VERSION_CONSTRAINT_NAMES, then the output will be
the types listed in the constraint (as no attribute information is
available in these versions).
For users and roles whatever policy version, only the names are listed
(as role attributes are not currently held in the constraint).
Also added are two functions that obtain the class and permissions
from a binary policy file that has been loaded for testing:
sepol_string_to_security_class
sepol_string_to_av_perm
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
If we get an EINVAL from security_compute_av* (indicates an invalid
source or target security context, likely due to a policy reload that
removed one or the other) and we are in permissive mode, then handle it
like any other permission denial, i.e. log but do not deny it.
Reported-by: Laurent Bigonville <bigon@debian.org>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
The restorecon is unable to resolve paths using braced expressions like this: /sbin/
./restorecon: lstat(/sbin/ip{6,}tables*) failed: No such file or directory
The problem is that restorecon calls glob function without GLOB_BRACE flag, which en
2.1.99 is just a placeholder to distinguish it from the prior release.
2.2 will be the released version. Switching to 2-component versions.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
If the RANLIB variable is defined by the user, use that value instead of
the /usr/bin/ranlib binary.
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
If /sys is not present, the attempt to mount selinuxfs will of course
fail. So we try to mount /sys first (and only if that fails fall back to
the /selinux mount point) and then try to mount selinuxfs.
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>