Commit Graph

3109 Commits

Author SHA1 Message Date
Tomas Mraz
a842c9dae8 Author: Tomas Mraz
Email: tmraz@redhat.com
Subject: Problems with freeing thread local storage in libselinux
Date: Wed, 06 May 2009 12:38:35 +0200

On Wed, 2009-05-06 at 01:32 -0500, Manoj Srivastava wrote:
> Hi folks,
>
>         There have been numerous reports in Debian and derivatives of
>  programs linked with libselinux intermittently getting segfaults.
>  There is, for instance, the Debian report 505920[0], and Ubuntu
>  reports[1], [3] and [5], and Gnome [2]. I have not been able to
>  reproduce the error myself, though I have run the test cases a number
>  of times.
>
>         The common thread in unclutter, libavg, gst-inspect et al. is a
>  segmentation fault in libselinux1, in the 'fini' destructor functions,
>  referencing the thread local variables.
>
>         The Ubuntu bug log reference my old patch for libselinux from
>  1.X days, where I replaced the thread local storage with regular
>  variables and mutexes, and people report success with that.  I suspect
>  that something is corrupting the thread local storage. From the ubuntu
>  report:
> --8<---------------cut here---------------start------------->8---
> Valgrind reports:
> =29183== Invalid read of size 8
> ==29183== at 0xE29B9DD: fini_context_translations (setrans_client.c:211)
> ==29183== by 0xE28F1F1: (within /lib/libselinux.so.1)
> ==29183== by 0xE29D040: (within /lib/libselinux.so.1)
> ==29183== by 0x570010F: exit (exit.c:75)
> 505920==29183== by 0x56E91CA: (below main) (libc-start.c:252)
> ==29183== Address 0x80 is not stack'd, malloc'd or (recently) free'd
> ==29183==
> ==29183== Process terminating with default action of signal 11 (SIGSEGV): dumping core
> ==29183== Access not within mapped region at address 0x80
> ==29183== at 0xE29B9DD: fini_context_translations (setrans_client.c:211)
> ==29183== by 0xE28F1F1: (within /lib/libselinux.so.1)
> ==29183== by 0xE29D040: (within /lib/libselinux.so.1)==29183== by 0x570010F: exit (exit.c:75)
> ==29183== by 0x56E91CA: (below main) (libc-start.c:252)
>
>
> (gdb) bt
> #0 0x00007f3ae812a9dd in fini_context_translations () at setrans_client.c:211
> #1 0x00007f3ae811e1f2 in __do_global_dtors_aux () from /lib/libselinux.so.1
> #2 0x00007ffff9097700 in ?? ()
> #3 0x00007f3ae812c041 in _fini () from /lib/libselinux.so.1
> #4 0x00007ffff9097700 in ?? ()
> #5 0x00007f3af0e88796 in _dl_fini () from /lib64/ld-linux-x86-64.so.2
> Backtrace stopped: previous frame inner to this frame (corrupt stack?)
> --8<---------------cut here---------------end--------------->8---
>
>         There have been two sets of patches proposed for this; first one
>  merely initializes the variables in the init function, and this works
>  for a number of people, but at least one person has reported a second
>  segfault even with the patch installed[6]
>
>         The second patch below converts a thread local cache to a
>  process wide cache, with mutex guards, which makes the cache slower,
>  and non-thread local caches means that cache misses are more likely.
>
>         I'll try and follow up with people who can reproduce the
>  problems to see if either one of the patches solve their problems
>  without triggering other segmentation faults, but I'd appreciate
>  comments if anyone has insight into the issue.

The problem is with freeing storage referenced by TLS variables in
destructors. The destructor is called only in one of the threads and the
variables might not be even properly initialized in that thread. One
possibility is to not free the storage at all but that will leak memory
if the libselinux is loaded/unloaded multiple times in a process.

The only proper way is to use TSD (pthread_key_create,
pthread_setspecific etc.) to store the pointers to the cached contexts.

The attached patch implements this. I did not test it thoroughly though.

--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb

Signed-off-by: Chad Sellers <csellers@tresys.com>
2009-06-10 08:05:07 -04:00
Daniel J Walsh
20271d94ed Author: Daniel J Walsh
Email: dwalsh@redhat.com
Subject: SELinux context patch
Date: Mon, 18 May 2009 14:16:12 -0400

This patch adds context files for virtual_domain and virtual_image,
these are both being used to locat the default context to be executed by
svirt.

I also included the subs patch which I submitted before.  This patch
allows us to substitute prefixes to matchpathcon.

So we can say /export/home == /home

and

/web == /var/www

Author: Chad Sellers
Email: csellers@tresys.com

Flipped free()'s in original patch when strdup'd fail to proper order.

Signed-off-by: Chad Sellers <csellers@tresys.com>
2009-06-04 17:15:31 -04:00
Stephen Smalley
0b659be9a5 bump libsemanage to 2.0.32 2009-05-28 10:55:27 -04:00
David P. Quigley
d7dfd88158 libsemanage: Add Ruby Bindings
This patch adds a SWIG specification file for ruby bindings for libsemanage.
The spec file is almost identical to the python SWIG file with the exception
that all list generating typemaps have been removed and the python related
functions have been replaced with the corresponding ruby ones. Finally the
Makefile is modified to be able to build the new bindings. Something to note is
that on 64-bit systems ruby.h might be found somewhere under /usr/lib64 instead
of /usr/lib so LIBDIR=/usr/lib64 will be needed to build the ruby bindings from
source.

Below is an example using the ruby bindings and produces the similar output
to semodule -l

#!/usr/bin/ruby
require "semanage"

handle = Semanage.semanage_handle_create

Semanage.semanage_select_store(handle, "targeted", Semanage::SEMANAGE_CON_DIRECT)
Semanage.semanage_connect(handle)
module_info = Semanage.semanage_module_list(handle)

modules = Array.new()
module_info[2].times do |n|
        temp_module = Semanage.semanage_module_list_nth(module_info[1], n)
        mod_string = Semanage.semanage_module_get_name(temp_module).to_s + " " \
                        + Semanage.semanage_module_get_version(temp_module).to_s
        modules.push(mod_string)
end

        puts "List of Installed Modules"
modules.each do |str|
        puts str
end

Signed-off-by: David P. Quigley <dpquigl@tycho.nsa.gov>
2009-05-28 10:53:11 -04:00
Joshua Brindle
4fabd7d0d1 bump sepolgen to 1.0.17 2009-05-05 20:20:36 -04:00
Joshua Brindle
99afa3cb77 bump libselinux to 2.0.81 2009-05-05 20:19:43 -04:00
Joshua Brindle
7fc77104fa bump policycoreutils to 2.0.63 2009-05-05 20:16:31 -04:00
Daniel J Walsh
20eff2b9a5 Author: Daniel J Walsh
Email: dwalsh@redhat.com
Subject: Patch to getdefaultcon to print just the correct match and add verbose option
Date: Wed, 04 Mar 2009 15:41:37 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I really want to rename this to selinuxdefaultcon, which is what we ship
in Fedora.

Also exit with proper error on failure.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkmu54AACgkQrlYvE4MpobNoZACdHgQDP2Hp/KDBpGCD7G08HjOX
p68An25Uu83SlOqjKyy9EG8ZgdIcuTCB
=L6UU
-----END PGP SIGNATURE-----

Signed-off-by: Chad Sellers <csellers@tresys.com>
2009-05-14 15:43:18 -04:00
Chad Sellers
72d535fdb8 Author: Daniel J Walsh
Email: dwalsh@redhat.com
Subject: We have moved matchpathcon to /sbin from /usr/sbin
Date: Wed, 01 Apr 2009 10:21:53 -0400

Some init scripts wanted to use matchpathcon before /usr is mounted.

Author: Chad Sellers
Email: csellers@tresys.com

Added matchpathcon to clean target

Signed-off-by: Chad Sellers <csellers@tresys.com>
2009-05-07 16:05:05 -04:00
Hiroshi Shinji
a4af847dc6 Author: Hiroshi Shinji
Email: hiroshi.shinji@gmail.com
Subject: Memory leak in libselinux/src/label_file.c
Date: Fri, 3 Apr 2009 13:58:01 +0900

Hi,

I found memory leak in libselinux/src/label_file.c.
Please fix it.

Regards,

--
Hiroshi Shinji

Signed-off-by: Chad Sellers <csellers@tresys.com>
2009-04-11 14:41:51 -04:00
Chad Sellers
5f1746a17e Merge branch 'master' of http://oss.tresys.com/git/selinux 2009-04-11 11:45:17 -04:00
Stephen Smalley
7610baa968 Trivial: Wrap the #define MNT_DETACH with #ifndef MNT_DETACH...#endif so that it does not break with the latest glibc headers, as in F11/rawhide. 2009-05-06 08:19:17 -04:00
Daniel J Walsh
b6a1a954f5 Author: Daniel J Walsh
Email: dwalsh@redhat.com
Subject: patch to policycoreutils
Date: Wed, 01 Apr 2009 10:10:43 -0400

Multiple patches to policycoreutils.

First added /root/.ssh and /root/.ssh/*  to allow people to place keys
in /root directory and have them labeled by restorcond

<snipdue to previously ack'd patch>

Clean up permissive domains creation in semanage so it does not leave
crap in /var/lib/selinux

---
Also have fixfiles operate recursively when in RPM mode, per:

Author: Daniel J Walsh
Email: dwalsh@redhat.com
Subject: Re: patch to policycoreutils
Date: Wed, 22 Apr 2009 21:50:48 -0400

If a package owned a directory like /var/lib/libvirt/images, when it is
relabeling we would want it to relabel not only the directory but the
contents of the directory

Signed-off-by: Chad Sellers <csellers@tresys.com>
2009-04-10 19:17:47 -04:00
Marshall Miller
7e3311a9a7 sepolgen typo fix
Commit b3b3f8186e attempted to fix a bug,
but didn't.  The following patch should do it.

Marshall Miller

Signed-off-by: Chad Sellers <csellers@tresys.com>
2009-04-10 17:26:55 -04:00
Daniel J Walsh
35490f2fa5 Author: Daniel J Walsh
Email: dwalsh@redhat.com
Subject: Help with python seobject.loginRecords
Date: Thu, 12 Mar 2009 09:29:17 -0400

On 03/11/2009 05:00 PM, Stephen Smalley wrote:
> On Wed, 2009-03-11 at 16:49 -0400, Daniel J Walsh wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Joe Nall wrote:
>>> On Mar 11, 2009, at 2:35 PM, Daniel J Walsh wrote:
>>>
>>>> On 03/11/2009 12:15 PM, Joe Nall wrote:
>>>>> I need to add login mappings in python firstboot modules during system
>>>>> configuration. In my first module a simple:
>>>>>
>>>>> seobject.loginRecords().add(username, "siterep_u",
>>>>> "SystemLow-SystemHigh")
>>>>>
>>>>> works. In subsequent modules, I get an exception:
>>>>>
>>>>> libsemanage.enter_rw: this operation requires a transaction
>>>>> libsemanage.enter_rw: could not enter read-write section
>>>>> Traceback (most recent call last):
>>>>> File "./t", line 6, in<module>
>>>>> seobject.loginRecords().add("test3", "sysadm_u", "SystemLow-SystemHigh")
>>>>> File "/usr/lib64/python2.5/site-packages/seobject.py", line 442, in add
>>>>> raise error
>>>>> ValueError: Could not add login mapping for test3
>>>>>
>>>>> What is the right way to do this?
>>>>>
>>>>> joe
>>>>>
>>>>>
>>>>> --
>>>>> This message was distributed to subscribers of the selinux mailing list.
>>>>> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov
>>>>> with
>>>>> the words "unsubscribe selinux" without quotes as the message.
>>>> Probably an MLS issue.  firtstboot is running in a context that is not
>>>> allowed to lock/manage selinux.
>>> I'm installing in permissive and switching to enforcing after firstboot.
>>> You are correct that firstboot_t doesn't have the policy for all the
>>> stuff I'm trying to do yet.
>>>
>>>> You probably should exec semanage rather then calling seobject so you
>>>> could do a transition and not have to give a huge app like first boot
>>>> the ability to manage security policy.
>>> That is what is installing right now. I would still like an
>>> explanation/code snippet of correct usage for future use
>>>
>>> joe
>>>
>>>
>> This works on F10 Targeted policy
>>
>> # python -c "import seobject; seobject.loginRecords().add("pwalsh",
>> "staff_u", "s0")
>> # python -c 'import seobject; seobject.loginRecords().delete("pwalsh")'
>>
>> Could it be a translation problem?
>
> Try running multiple calls within the same python interpreter.
> I think seobject.py isn't using libsemanage correctly.  For example, in
> add(), you do:
>                         self.begin()
>                          self.__add(name, sename, serange)
>                          self.commit()
> but begin() only ever invokes semanage_begin_transaction() the very
> first time:
>         def begin(self):
>                 if self.transaction:
>                        return
>                 rc = semanage_begin_transaction(self.sh)
>
> So after the first commit(), you'll start failing.
>
I think this patch fixes the transaction patch in semanage.

Signed-off-by: Chad Sellers <csellers@tresys.com>
2009-04-10 17:14:47 -04:00
Daniel J Walsh
93a680280f Author: Daniel J Walsh
Email: dwalsh@redhat.com
Subject: Patch matchpathcon to eliminate file "/"
Date: Wed, 04 Mar 2009 15:39:31 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

So

matchpathcon /etc/
Will work the same as
matchpathcon /etc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkmu5wMACgkQrlYvE4MpobNK4gCgiVeXXEZcCMsJKXM7jqh6r1u3
OScAoLcmXBIR63gpvA8RS3g07pcPC6IF
=e+Re
-----END PGP SIGNATURE-----

Signed-off-by: Chad Sellers <csellers@tresys.com>
2009-04-10 11:33:23 -04:00
Eamon Walsh
a07493d1a1 bump libselinux to 2.0.80. 2009-04-07 22:53:50 -04:00
KaiGai Kohei
433a99d403 It is useful for userspace object manager, if libselinux has an
interface something like: int security_deny_unknown(void);

This interface can suggest applications preferable behavior when
string_to_security_class() or string_to_av_perm() returns invalid
value which means the security policy does not define required
ones.

Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com>
2009-04-07 22:48:01 -04:00
KaiGai Kohei
55ed6e7fa6 This patch enables applications to handle permissive domain correctly.
Since the v2.6.26 kernel, SELinux has supported an idea of permissive
domain which allows certain processes to work as if permissive mode,
even if the global setting is enforcing mode.
However, we don't have an application program interface to inform
what domains are permissive one, and what domains are not.
It means applications focuses on SELinux (XACE/SELinux, SE-PostgreSQL
and so on) cannot handle permissive domain correctly.

This patch add the sixth field (flags) on the reply of the /selinux/access
interface which is used to make an access control decision from userspace.
If the first bit of the flags field is positive, it means the required
access control decision is on permissive domain, so application should
allow any required actions, as the kernel doing.

This patch also has a side benefit. The av_decision.flags is set at
context_struct_compute_av(). It enables to check required permissions
without read_lock(&policy_rwlock).

Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com>
2009-04-07 22:10:30 -04:00
KaiGai Kohei
318748d659 The attached patch enables userspace object managers to handle notification
messages via netlink socket from SELinux.

* Two new callbacks were added to selinux_set_callback(3)
  - SELINUX_CB_SETENFORCE
     is invoked when it got SELNL_MSG_SETENFORCE message in the
     avc_netlink_process().
  - SELINUX_CB_POLICYLOAD
     is invoked when it got SELNL_MSG_POLICYLOAD message in the
     avc_netlink_process().

* Three functions were exposed to applications.
  - int avc_netlink_open(int blocking);
  - void avc_netlink_loop(void);
  - void avc_netlink_close(void);

Due to a few reasons, SE-PostgreSQL implements its own userspace
avc, so it needs to copy and paste some of avc_internal.c.
This update enables to share common part from such kind of application.

Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com>
2009-04-07 22:08:48 -04:00
Joshua Brindle
4d98bd7e52 Merge branch 'master' of jbrindle@oss.tresys.com:/home/git/selinux 2009-03-21 11:38:25 -04:00
Joshua Brindle
94dd6859c1 bump libsepol to 2.0.36 2009-03-21 11:13:59 -04:00
Joshua Brindle
3df79fc5eb Author: Joshua Brindle
Email: method@manicmethod.com
Subject: libsepol: fix boolean state smashing
Date: Wed, 18 Mar 2009 10:47:34 -0400

If a boolean is encountered in a require block before the place where it is
declared it currently gets created with the state set to false no matter what
the declared state was. This only affects booleans in modules where the boolean
was also required in another module. Patch below:

Signed-off-by: Joshua Brindle <method@manicmethod.com>
2009-03-21 11:11:52 -04:00
Joshua Brindle
ff317eb616 release script 2009-03-12 01:23:32 -04:00
Eamon Walsh
3028bc3c58 bump libselinux to 2.0.79. 2009-03-11 19:06:12 -04:00
Eamon Walsh
7239480c70 In one benchmark the X server was found to be extremely slow creating
windows with selinux running.  Part of the reason for this was because
libselinux called into the kernel /selinux/create interface for every
object.  This patch caches the results of /selinux/create in the
userspace avc to significantly increase the speed of these types of
operations.

Revised to correct locking, interface issues.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
2009-03-11 19:04:44 -04:00
Eamon Walsh
7ab6b29011 Netlink socket handoff functions from Adam Jackson. 2009-03-10 20:31:38 -04:00
Eamon Walsh
5032faa984 bump libselinux to 2.0.78 2009-02-27 18:08:55 -05:00
Eamon Walsh
b27ff3397d Fix an incorrect conversion specifier in the discover_class code.
Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
2009-02-27 18:07:15 -05:00
Joshua Brindle
46d0b2c939 bump libsepol to 2.0.35 2009-02-17 12:23:41 -05:00
Joshua Brindle
4e23951fe6 bump checkpolicy to 2.0.19 2009-02-17 12:22:40 -05:00
Joshua Brindle
6ed00ee094 bump sepolgen to 1.0.16 2009-02-17 12:19:32 -05:00
Joshua Brindle
c7e13bfea3 bump policycoreutils to 2.0.62 2009-02-17 12:18:05 -05:00
Joshua Brindle
f77e475fd8 Author: Daniel J Walsh
Email: dwalsh@redhat.com
Subject: Add btrfs to fixfiles
Date: Tue, 17 Feb 2009 11:42:11 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hopefully will convert to seclabel when it is available.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkma6OMACgkQrlYvE4MpobNegwCfSBpm7O9wIKK+O89gC+Lwx+PV
rmsAn12IADGzhFu4thYK5qakacviWwfZ
=PtIL
-----END PGP SIGNATURE-----

Signed-off-by: Joshua Brindle <method@manicmethod.com>
2009-02-17 11:43:11 -05:00
Joshua Brindle
be583ce332 Author: Daniel J Walsh
Email: dwalsh@redhat.com
Subject: Several fixes to restorecond
Date: Tue, 17 Feb 2009 11:40:54 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Init script should be 755

libflashplayer.so has moved in the homedir and is now correct so no
longer needs to have labeling checked.

restorecond supports glob matching and should not complain on multiple
hard links if they match a glob.

So if a file has > 1 link and is an exact match complain, otherwise do not.

Also fix a couple of error messages.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkma6JYACgkQrlYvE4MpobOoIACfUgUfpCuhvVTWyHgsq7/8hY0z
9WcAmgPK2KktAlY84HhtRmdu/Hy+9eE/
=zcCj
-----END PGP SIGNATURE-----

Signed-off-by: Joshua Brindle <method@manicmethod.com>
2009-02-17 11:42:15 -05:00
Caleb Case
f7917ea9cf aliases for the boundry format
The boundry format mapped the primary field to a boolean in the
properties bitmap. This is appropriate for the kernel policy, but in
modular policy the primary field may be an integer that indicates the
primary type that is being aliased. In this case, the primary value cannot
be assumed to be boolean.

This patch creates a new module format that writes out the primary value
as was done before the boundry format.

Signed-off-by: Caleb Case <ccase@tresys.com>
Signed-off-by: Joshua Brindle <method@manicmethod.com>
2009-02-16 11:52:03 -05:00
Joshua Brindle
fb50c7b4ef Author: Daniel J Walsh
Email: dwalsh@redhat.com
Subject: sepolgen patch
Date: Tue, 13 Jan 2009 08:59:51 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

md5 semodule packages is being retired.  Supposed to use hashlib now.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAklsnlcACgkQrlYvE4MpobMEHQCgiRH3w/m4vTnPSdKfYCJtPHKF
ncEAn2WdQb9l5uiUsmIvp+92mTBAcmCR
=RVRr
-----END PGP SIGNATURE-----

Signed-off-by: Joshua Brindle <method@manicmethod.com>
2009-02-16 11:50:33 -05:00
Joshua Brindle
f5a700d107 Author: Daniel J Walsh
Email: dwalsh@redhat.com
Subject: policycoreutils_restorecond.patch
Date: Tue, 13 Jan 2009 08:53:50 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Add more error checking.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAklsnO4ACgkQrlYvE4MpobOqdgCgvkzLK6bi1m9oTv217A7CYIvZ
BRcAn005E3lop2wmkaH5DcfVwVv3kCYD
=Xjf4
-----END PGP SIGNATURE-----

Signed-off-by: Joshua Brindle <method@manicmethod.com>
2009-02-16 11:48:37 -05:00
Joshua Brindle
244fd583d8 Author: Daniel J Walsh
Email: dwalsh@redhat.com
Subject: policycoreutils_semanage.patch
Date: Tue, 13 Jan 2009 08:55:56 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Add missing locallist option
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAklsnWwACgkQrlYvE4MpobPZJwCguhEXCkkeS+4QPeBIDMD/sMTv
yMoAoLz7d20UABT1La/JcUaMrXr/XLF7
=L7QI
-----END PGP SIGNATURE-----

Signed-off-by: Joshua Brindle <method@manicmethod.com>
2009-02-16 11:46:40 -05:00
Joshua Brindle
d8b1ea603b Author: Daniel J Walsh
Email: dwalsh@redhat.com
Subject: Make removing of a module a warning rather then an error.
Date: Tue, 13 Jan 2009 08:57:17 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This way if I say a command line

semodule -r mypol -i newmypol

and mypol was not there the semodule command does not error out.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAklsnb0ACgkQrlYvE4MpobNwFACfTqc17wREKC2aAhLOIkfbqgeg
GxgAn2/ZBz5ljtyK1aiVkqoCBj98y9Ey
=I4uX
-----END PGP SIGNATURE-----

Signed-off-by: Joshua Brindle <method@manicmethod.com>
2009-02-16 11:41:02 -05:00
Joshua Brindle
498861044a Author: Daniel J Walsh
Email: dwalsh@redhat.com
Subject: audit2allow patch
Date: Tue, 13 Jan 2009 08:52:51 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Remove --tefile from manpage, option does not exist.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAklsnLIACgkQrlYvE4MpobOrGQCgs76GOeXnSKrLCX69GpCAiIZN
f4AAn312U9ill0sLCKWP1bsL661mctEH
=D9bQ
-----END PGP SIGNATURE-----

Signed-off-by: Joshua Brindle <method@manicmethod.com>
2009-02-16 11:39:00 -05:00
Joshua Brindle
c8a18807d5 Merge branch 'master' of jbrindle@oss.tresys.com:/home/git/selinux
Conflicts:
	libselinux/ChangeLog
2009-01-12 10:53:11 -05:00
Joshua Brindle
a5dfb3abe0 bump sepolgen to 1.0.15 2009-01-12 10:49:36 -05:00
Joshua Brindle
10760735e9 bump libsemanage to 2.0.31 2009-01-12 10:45:26 -05:00
Joshua Brindle
a9e6fbdeae bump libselinux to 2.0.76 2009-01-12 10:44:08 -05:00
Joshua Brindle
36df93ed82 bump policycoreutils to 2.0.61 2009-01-12 10:42:48 -05:00
Joshua Brindle
3726a7783e regerate swig wrappers for commit 09836bf0c1 2009-01-12 10:39:15 -05:00
Joshua Brindle
09836bf0c1 Author: Daniel J Walsh
Email: dwalsh@redhat.com
Subject: Add restorecon and install methods for libselinux python bindings.
Date: Tue, 06 Jan 2009 10:31:04 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Daniel J Walsh wrote:
> Joshua Brindle wrote:
>> Daniel J Walsh wrote:
>> Luke Macken wrote restorecon and install functions used in Fedora
>> Infrastructure which can be used to install files with the proper
>> context and to fix the labels of files/directories without having to
>> exec restorecon.
>
>> diff --exclude-from=exclude -N -u -r
>> nsalibselinux/src/selinuxswig_python.i
>> libselinux-2.0.75/src/selinuxswig_python.i
>> --- nsalibselinux/src/selinuxswig_python.i    2008-08-28
>> 09:34:24.000000000 -0400
>> +++ libselinux-2.0.75/src/selinuxswig_python.i    2008-11-14
>> 17:09:50.000000000 -0500
>> @@ -6,6 +6,32 @@
>>     #include "selinux/selinux.h"
>> %}
>
>> +%pythoncode %{
>> +
>> +import shutil, os
>> +
>> +def restorecon(path, recursive=False):
>> +    """ Restore SELinux context on a given path """
>> +    mode = os.stat(path)[stat.ST_MODE]
>
>> stat doesn't exist here, perhaps he meant mode?
>
>> +    status, context = matchpathcon(path, mode)
>> +    if status == 0:
>> +        lsetfilecon(path, context)
>> +        if recursive:
>> +            os.path.walk(path, lambda arg, dirname, fnames:
>> +                             map(restorecon, [os.path.join(dirname, fname)
>> +                              s                for fname in fnames]),
>> None)
>
>> typo, the s causes a syntax error
>
>> +
>> +def copytree(src, dest):
>> +    """ An SELinux-friendly shutil.copytree method """
>> +    shutil.copytree(src, dest)
>> +    restorecon(dest, recursive=True)
>> +
>> +def install(src, dest):
>> +    """ An SELinux-friendly shutil.move method """
>> +    shutil.move(src, dest)
>> +    restorecon(dest, recursive=True)
>> +%}
>> +
>> /* security_get_boolean_names() typemap */
>> %typemap(argout) (char ***names, int *len) {
>>     PyObject* list = PyList_New(*$2);
>
>> This patch doesn't appear correct, I'll fix the things above, have you
>> been testing this at all?
>
> Must have sent you a bad patch.
>
>
> This is what the current patch looks like.
>
And this is still broken.

One more fix.

+    mode = os.stat(path)[stat.ST_MODE]
should be
+    mode = os.lstat(path)[stat.ST_MODE]

Modified to remove copytree and install functions

Signed-off-by: Joshua Brindle <method@manicmethod.com>
2009-01-12 10:34:01 -05:00
Joshua Brindle
8b092bade5 Author: Daniel J Walsh
Email: dwalsh@redhat.com
Subject: chcat patch.
Date: Fri, 07 Nov 2008 09:39:32 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Prevent chcat from expanding number of categories above max size of
command line.  Arbitrarily picked 25.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkkUUyQACgkQrlYvE4MpobMDDwCg0DMLERlnHZyVmORa9de9f5tf
fQsAoJZpO646H5CFuXZuW6htHpPfHz/z
=4OcI
-----END PGP SIGNATURE-----

Signed-off-by: Joshua Brindle <method@manicmethod.com>
2009-01-12 10:19:59 -05:00
Joshua Brindle
5cbb573fa5 Author: Daniel J Walsh
Email: dwalsh@redhat.com
Subject: Small fixes for audit2allow
Date: Mon, 01 Dec 2008 15:19:09 -0500

Signed-off-by: Joshua Brindle <method@manicmethod.com>
2009-01-12 10:19:59 -05:00