This patch adds a new selinux_restorecon_xattr(3) function to find
and/or remove security.restorecon_last entries added by setfiles(8)
or restorecon(8).
Also review and update the man pages.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Add -D option to setfiles and restorecon - Do not set or update
directory SHA1 digests when relabeling files. This will allow
users the option of not using the "security.restorecon_last"
extended attribute feature.
Also review and update the man pages.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
When a user installs a module, the filename is used as the module name.
This change was introduced with CIL language where a module name is not
stored in the module itself. It means that when a pp module has
different filename and stored module name, the filename is used instead
of the stored module name. It brings problems with compatibility for
scripts and modules which were built and used on older system and were
migrated to the new userspace.
This patch changes the behavior of semanage_direct_install_file() which
is used by 'semodule -i' so that when a module with pp language
extension is installed, it tries to get and use a stored module name
instead of a filename. A warning message is provided.
The warning message in policycoreutils/hll/pp is updated to reflect this
change:
$ semodule -X 400 -i /root/testfile.pp
Warning: SELinux userspace will refer to the module from /root/testfile.pp as testmod rather than testfile
$ /usr/libexec/selinux/hll/pp /root/testfile.pp testfile.cil
Warning: SELinux userspace will refer to the module from /root/testfile.pp as testmod rather than testfile
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Mixing LDFLAGS in CFLAGS can lead to compiler errors. For example in
policycoreutils/sandbox:
$ make CC=clang LDFLAGS='-Wl,-as-needed,-no-undefined'
clang -Wl,-as-needed,-no-undefined -I/usr/include
-DPACKAGE="\"policycoreutils\"" -Wall -Werror -Wextra -W -c -o
seunshare.o seunshare.c
clang-3.8: error: -Wl,-as-needed,-no-undefined: 'linker' input
unused
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Allow using other compilers such as clang. Without this, the build fails
when $(CFLAGS) contains clang-specific flags:
gcc: error: unrecognized command line option '-Weverything'
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
When building libselinux with gcc and many warning flags, the build
fails with the following errors:
selinux_restorecon.c: In function ‘selinux_restorecon’:
selinux_restorecon.c:784:36: error: comparison between signed and
unsigned integer expressions [-Werror=sign-compare]
if (!flags.ignore_digest && size == fc_digest_len &&
^~
selabel_digest.c: In function ‘main’:
selabel_digest.c:162:16: error: comparison between signed and
unsigned integer expressions [-Werror=sign-compare]
for (i = 0; i < digest_len; i++)
^
selabel_digest.c:173:17: error: comparison between signed and
unsigned integer expressions [-Werror=sign-compare]
for (i = 0; i < num_specfiles; i++) {
^
clang reports the precise type information of the variables:
selinux_restorecon.c:784:36: error: comparison of integers of
different signs: 'ssize_t' (aka 'long') and 'size_t' (aka 'unsigned
long') [-Werror,-Wsign-compare]
if (!flags.ignore_digest && size == fc_digest_len &&
~~~~ ^ ~~~~~~~~~~~~~
selabel_digest.c:162:16: error: comparison of integers of different
signs: 'int' and 'size_t' (aka 'unsigned long')
[-Werror,-Wsign-compare]
for (i = 0; i < digest_len; i++)
~ ^ ~~~~~~~~~~
selabel_digest.c:173:17: error: comparison of integers of different
signs: 'int' and 'size_t' (aka 'unsigned long')
[-Werror,-Wsign-compare]
for (i = 0; i < num_specfiles; i++) {
~ ^ ~~~~~~~~~~~~~
Silent the warnings by using size_t where appropriate.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Nothing was being used from the stdio_ext.h header file, so
remove it. Additionally, Mac builds, required for the
Android build, do not have this header.
Change-Id: Ic61c87fcda79ffebeef93a20a2b3802f048bb0b0
Signed-off-by: William Roberts <william.c.roberts@intel.com>
Fix this:
genusers.c:63:14: warning: variable 'nread' is uninitialized when used here [-Wuninitialized]
if (buffer[nread - 1] == '\n')
^~~~~
genusers.c:40:15: note: initialize the variable 'nread' to silence this warning
ssize_t nread;
^
= 0
Signed-off-by: William Roberts <william.c.roberts@intel.com>
Fix this on Mac build:
genbools.c:71:9: warning: unused variable 'size' [-Wunused-variable]
size_t size = 0;
^
Signed-off-by: William Roberts <william.c.roberts@intel.com>
The next patch will update info() and search() to use the setools4 api.
setools4 makes heavy use of generators so info() and search() will as
well. Pre-emptively update users to cast to a list where required.
Signed-off-by: Jason Zaman <jason@perfinion.com>
search() is an overly complex wrapper around setools, several users are
simplified by just directly using setools.
Signed-off-by: Jason Zaman <jason@perfinion.com>
Drop the check for selinux_enabled() on logging. The
caller can silence the logs by setting the logging
callback and discarding the messages.
Change-Id: Ia6769ef7ad8cc2144ad2bb73e5bf7c76ebfe487b
Signed-off-by: William Roberts <william.c.roberts@intel.com>
sandbox tried to copy all affected files to the new home
or tmp even though -M or -X was not specified and there was no new
directory.
Fixes:
$ sandbox ls ~
/usr/bin/sandbox: [Errno 17] File exists: '/root'
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
_D_ALLOC_NAMLEN is not very portable. Currently, the code
mallocs based on _D_ALLOC_NAMLEN() and then strcpy's dirent
d_name into the buffer. Instead, just use strdup.
Change-Id: I5c8ca47da2c593ea2726caba5781f5e9d9d910ae
Signed-off-by: William Roberts <william.c.roberts@intel.com>
The file will initially contain:
run_init=run_init_t
There can not be any spaces around the = since OpenRC's existing config
files and the methods it uses require it.
Signed-off-by: Jason Zaman <jason@perfinion.com>
When the Kernel UAPI header is present, this error occurs:
external/selinux/libselinux/src/policy.h:7:9: warning: 'XATTR_NAME_SELINUX' macro redefined [-Wmacro-redefined]
\#define XATTR_NAME_SELINUX "security.selinux"
^
bionic/libc/kernel/uapi/linux/xattr.h:52:9: note: previous definition is here
\#define XATTR_NAME_SELINUX XATTR_SECURITY_PREFIX XATTR_SELINUX_SUFFIX
Just use the kernel UAPI version on that case.
Change-Id: I1b2d34e463477adaec227ac8c3364f1b9d49e997
Signed-off-by: William Roberts <william.c.roberts@intel.com>
Removes the "system_u" and "s0" string literals from refpolicy and
replaces the seuser and range in each homedir, uid, and username context
specification for every user.
Signed-off-by: Gary Tierney <gary.tierney@gmx.com>
xmodmap causes Xephyr X server to reset itself when it's run before wm
and even right after wm. It causes termination of the server as we use
-terminate. The -terminate option seems be important enough in order not
to left running the server when the last client connection is closed.
This patch drops the execution of xmodmap from .sandboxrc until there's
a better solution.
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Hide or remove symbols that should not be public.
All uses of obj_class_compat were removed by
commit 76913d8adb
("Deprecate use of flask.h and av_permissions.h")
and it never should have been public regardless,
so remove it.
myprintf is used by matchpathcon internally but should
not be public, so hide it.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
patch 5e15a52aaa cleans up the process_file() routine,
but introduced a bug. If the binary file cannot be
opened, always attempt to fall back to the textual file,
this was not occurring.
The logic should be:
1. Open the newest file between base path + suffix and
base_path + suffix + ".bin"
2. If anything fails, attempt to load the oldest file.
The result, with a concrete example, would be:
If file_contexts is the newest file, and it cannot be
processed, the code will fall back to file_contexts.bin
and vice versa.
Signed-off-by: William Roberts <william.c.roberts@intel.com>
This patch moves all pcre1/2 dependencies into the new files regex.h
and regex.c implementing the common denominator of features needed
by libselinux. The compiler flag -DUSE_PCRE2 toggles between the
used implementations.
As of this patch libselinux supports either pcre or pcre2 but not
both at the same time. The persistently stored file contexts
information differs. This means libselinux can only load file
context files generated by sefcontext_compile build with the
same pcre variant.
Also, for pcre2 the persistent format is architecture dependent.
Stored precompiled regular expressions can only be used on the
same architecture they were generated on. If pcre2 is used,
sefcontext_compile now respects the "-r". This flag makes
sefcontext_compile include the precompiled regular expressions
in the output file. The default is to omit them, so that the
output remains portable at the cost of having to recompile
the regular expressions at load time, or rather on first use.
Signed-off-by: Janis Danisevskis <jdanis@google.com>
Richard Haines
James Carter
Petr Lautrbach
Stephen Smalley
Nicolas Iooss
William Roberts
Jason Zaman
Gary Tierney
Janis Danisevskis