Commit Graph

2146 Commits

Author SHA1 Message Date
Alan Jenkins
3db61481ad policycoreutils: fixfiles: use a consistent order for options to restorecon
It helps see the differences (hopefully there are only intended differences
now!).

Signed-off-by: Alan Jenkins <alan.christopher.jenkins@gmail.com>
2017-05-09 14:47:57 -04:00
Alan Jenkins
c51b99acbc policycoreutils: fixfiles: don't ignore -F when run in -C mode
This was supposedly fixed in 2009.
http://selinux.fedoraproject.narkive.com/ZskMsNrx/fixfiles-f-option

`-F` was mentioned again in 2013 (commit 2910ca21).

It doesn't look like `-F -C` was fixed though.

Signed-off-by: Alan Jenkins <alan.christopher.jenkins@gmail.com>
2017-05-09 14:47:50 -04:00
Alan Jenkins
6e289bb7bf policycoreutils: fixfiles: remove bad modes of "relabel" command
* `fixfiles -B relabel` or `fixfiles -C previouscontext relabel` would
  skip the code that handles e.g. `/var/tmp`, which would be run by
  `fixfiles relabel`.  It would still remove all files in /tmp (subject to
  user confirmation).  This is confusing, undocumented, and unlikely to
  be intentional.

* `fixfiles relabel path1 path2` is the same, except it would only relabel
  the first path.

* `fixfiles -R ... relabel` was equivalent to `fixfiles -R ... restore`,
  again contradicting the man page.

Also `fixfiles onboot` would ignore paths, -C, or -R.

fixfiles is mostly for users, where it should be acceptable to remove these
non-sensical combinations.

`fixfiles -C` is used in selinux-policy rpm install scripts.  However I
believe the rpms used `fixfiles -C previouscontext restore`, and did not
either require user interaction or blow away /tmp without prompting.  So
they should still work fine.

With these combinations removed, we can remove the `exit` calls which were
seen in some of the (non-error) code paths in `restore()`.

Signed-off-by: Alan Jenkins <alan.christopher.jenkins@gmail.com>
2017-05-09 14:47:39 -04:00
Alan Jenkins
96d11a281e policycoreutils: fixfiles: un-document -R -a option
`fixfiles -R -a` is much less useful than it was made to sound, because -R
now works recursively.  Therefore `fixfiles -R -a` relabels every file on
the system, multiple times.  On my system it took over 5 times as long as
plain `fixfiles` (which takes about a minute).

Signed-off-by: Alan Jenkins <alan.christopher.jenkins@gmail.com>
2017-05-09 14:47:31 -04:00
Alan Jenkins
3475893b6f policycoreutils: fixfiles: refactor into the set -u dialect
This commit allows the use of `set -u` to detect reads of unset variables.
But what I really liked was making the code more explicit about these
modes.  I hope that this is easier for a new reader to reason about.

`fixfiles restore` has accumulated five different modes it can run in.
Now use a single variable to indicate the mode, out-of-band of the
variables used for the individual modes.

Apparently `set -u` / `set -o nounset` doesn't work correctly with arrays.
If we ever need bash arrays, we can simply remove `set -u`.  The `set -u`
dialect is a strict subset.  See http://mywiki.wooledge.org/BashFAQ/112

Extra notes:

RESTORE_MODE was created because I couldn't bring myself to use an empty
FILEPATH, as a special case to indicate the default mode.  Arguments
to the script (paths) could be empty already, so it would mean I had to
work out how we behaved in that case and decide whether it was reasonable.

It turns out the `-B | -N time` mode is distinct and does not respect
paths.  So we can tell the user we're not going to do anything with the
paths they passed.  Make sure this distinction is shown in the usage error
message.

We already rejected the combination of `-R rpmpackage,... dir/file...`.
Being aware of the different modes just causes more bogus combinations
to be rejected.

Signed-off-by: Alan Jenkins <alan.christopher.jenkins@gmail.com>
2017-05-09 14:47:21 -04:00
Alan Jenkins
f499b02feb policycoreutils: fixfiles: if restorecon aborts, we should too
New users may try something like `fixfiles restore -v /dir/file` -
not realizing they are required to use `fixfiles -v restore /dir/file`.

Detect that `restorecon` aborts due to being run on the non-existent file
`-v`, and stop immediately.  This will show the error much more clearly,
instead of continuing to restore `/dir/file` *without* verbose messages.

Signed-off-by: Alan Jenkins <alan.christopher.jenkins@gmail.com>
2017-05-09 14:47:11 -04:00
Alan Jenkins
2aa88f7201 policycoreutils: fixfiles: usage errors are fatal
The idea is to print a usage error, then terminate with EXIT_FAILURE.

Don't print the usage error twice when run with no command.

Don't try to check for bogus extra arguments _after_
performing a long-running operation... particularly
if that operation terminates the script with EXIT_SUCCESS first.

Signed-off-by: Alan Jenkins <alan.christopher.jenkins@gmail.com>
2017-05-09 14:46:51 -04:00
Alan Jenkins
658800ef3d policycoreutils: fixfiles: syntax error
$ shellcheck fixfiles
...
In fixfiles line 94:
	  [[ "${i}" =~ "^[[:blank:]]*#" ]] && continue
                       ^-- SC2076: Don't quote rhs of =~, it'll match
                                   literally rather than as a regex.

Signed-off-by: Alan Jenkins <alan.christopher.jenkins@gmail.com>
2017-05-09 14:46:35 -04:00
Alan Jenkins
42f91ba291 policycoreutils: fixfiles: remove two unused variables
DIRS was suspicious because you can't store file names in a normal variable,
and it's not that common to use arrays in bash.  It's not actually used.

While we're here, there's another variable which is never used
and should just be removed.  (Pointed out by `shellcheck`.
It makes a couple of other points too, but I have more specific
patches I want to put those in).

Signed-off-by: Alan Jenkins <alan.christopher.jenkins@gmail.com>
2017-05-09 14:46:23 -04:00
Alan Jenkins
ce2a7fb143 policycoreutils: fixfiles: tidy up usage(), manpage synopsis
Make sure usage() in fixfiles shows all the current options.
It's printed when there's a user error, so it needs to be
helpful!  (Excluding the deprecated option - see below).

manpage:

Remove the deprecated option `-l logfile`.

Add missing space in `restore|[-f] relabel`.

It's not clear why `-R rpmpackagename` was considered optional in the
second invocation.  (If the user omits it, they are just performing the
first invocation).  It desn't match usage() in fixfiles either.

Clean up bolding for `fixfiles onboot`.

Disable justification (troff "adjustment") in the synopsis.  We want the
common options in the different invocations to line up consistently.

Signed-off-by: Alan Jenkins <alan.christopher.jenkins@gmail.com>
2017-05-09 14:45:40 -04:00
Jeff Vander Stoep
1089665e31 Add attribute expansion options
This commit adds attribute expansion statements to the policy
language allowing compiler defaults to be overridden.

Always expands an attribute example:
expandattribute { foo } true;
CIL example:
(expandtypeattribute (foo) true)

Never expand an attribute example:
expandattribute { bar } false;
CIL example:
(expandtypeattribute (bar) false)

Adding the annotations directly to policy was chosen over other
methods as it is consistent with how targeted runtime optimizations
are specified in other languages. For example, in C the "inline"
command.

Motivation

expandattribute true:
Android has been moving away from a monolithic policy binary to
a two part split policy representing the Android platform and the
underlying vendor-provided hardware interface. The goal is a stable
API allowing these two parts to be updated independently of each
other. Attributes provide an important mechanism for compatibility.
For example, when the vendor provides a HAL for the platform,
permissions needed by clients of the HAL can be granted to an
attribute. Clients need only be assigned the attribute and do not
need to be aware of the underlying types and permissions being
granted.

Inheriting permissions via attribute creates a convenient mechanism
for independence between vendor and platform policy, but results
in the creation of many attributes, and the potential for performance
issues when processes are clients of many HALs. [1] Annotating these
attributes for expansion at compile time allows us to retain the
compatibility benefits of using attributes without the performance
costs. [2]

expandattribute false:
Commit 0be23c3f15 added the capability to aggresively remove unused
attributes. This is generally useful as too many attributes assigned
to a type results in lengthy policy look up times when there is a
cache miss. However, removing attributes can also result in loss of
information used in external tests. On Android, we're considering
stripping neverallow rules from on-device policy. This is consistent
with the kernel policy binary which also did not contain neverallows.
Removing neverallow rules results in a 5-10% decrease in on-device
policy build and load and a policy size decrease of ~250k. Neverallow
rules are still asserted at build time and during device
certification (CTS). If neverallow rules are absent when secilc is
run, some attributes are being stripped from policy and neverallow
tests in CTS may be violated. [3] This change retains the aggressive
attribute stripping behavior but adds an override mechanism to
preserve attributes marked as necessary.

[1] https://github.com/SELinuxProject/cil/issues/9
[2] Annotating all HAL client attributes for expansion resulted in
    system_server's dropping from 19 attributes to 8. Because these
    attributes were not widely applied to other types, the final
    policy size change was negligible.
[3] data_file_type and service_manager_type are stripped from AOSP
    policy when using secilc's -G option. This impacts 11 neverallow
    tests in CTS.

Test: Build and boot Marlin with all hal_*_client attributes marked
    for expansion. Verify (using seinfo and sesearch) that permissions
    are correctly expanded from attributes to types.
Test: Mark types being stripped by secilc with "preserve" and verify
    that they are retained in policy and applied to the same types.

Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
2017-05-09 12:09:46 -04:00
Stephen Smalley
63aa7fc036 libselinux: Fix CFLAGS definition
commit 16c123f4b1 ("libselinux:
support ANDROID_HOST=1 on Mac") split up warning flags in
CFLAGS based on compiler support in a manner that could lead to
including a subset that is invalid, e.g. upon
make DESTDIR=/path/to/dest install.  Fix it.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2017-05-09 10:47:39 -04:00
Christian Göttsche
3376ac498e sestatus: show checkreqprot status
Show the current active checkreqprot state in sestatus
2017-05-08 12:44:12 -04:00
Christian Göttsche
d1ff68ffee libselinux: add security_get_checkreqprot
Add security_get_checkreqprot() function, returning the current active
checkreqprot value
2017-05-08 12:44:07 -04:00
Petr Lautrbach
4d7dee28f4 libsepol/utils: Fix build without system sepol.h
fcb5d5c removed ../include from CFLAGS from libsepol/utils/Makefile so
that a build tool can't find sepol/sepol.h when only libsepol is built
and a system is without sepol.h in standard paths. It should use its own
sepol.h file during build. `oveeride` needs to be used in order not to
be overridden by values provided on a command line. Same problem applies
to LDFLAGS.

Fixes:
$ make CFLAGS="" LDFLAGS=""
make[1]: Entering directory '/root/selinux/libsepol/utils'
cc     chkcon.c  -lsepol -o chkcon
chkcon.c:1:25: fatal error: sepol/sepol.h: No such file or directory
 #include <sepol/sepol.h>

$ make CFLAGS="" LDFLAGS=""
...
make -C utils
make[1]: Entering directory '/root/selinux/libsepol/utils'
cc  -I../include    chkcon.c  -lsepol -o chkcon
/usr/bin/ld: cannot find -lsepol
collect2: error: ld returned 1 exit status

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2017-05-05 15:48:22 -04:00
Alan Jenkins
8e9c9a20cb policycoreutils: fixfiles: deprecate -l option
...and write log messages to standard output.

Some versions of fixfiles in 2004 created a logfile by default.
Apparently they also used `tee` to log to standard output at the same time.
We're also told that the logfile was implemented because there was too
much output generated for use on a tty, and it scrolled out of reach.

https://bugzilla.redhat.com/show_bug.cgi?id=131707

In the current version, none of these original reasons for `-l` remain.

The logfile is not created by default.  If no log file is specified,
messages are written to stdin [sic]... if and only stdin is a tty.  If
stdin is not a tty, the log defaults to /dev/null.

When a user runs fixfiles on a tty and finds there is too much output, she
is likely to try redirecting standard output and/or standard error using
the shell.  She will find this doesn't help, because fixfiles is writing
the verbose log messages to standard input.

I tried to fix the problem non-intrusively, by changing the default log
file to `/dev/stdout`.  Sadly, this breaks down where you have
`echo >>$LOGFILE "Log message"` inside a specific function, which is run
with output redirected in order to "return" a string value (captured
into a variable).  exclude_dirs_from_relabelling() was such a function.

I was trying to abstract over writing to both normal files and stdout, but
my abstraction "leaks" in a non-obvious way.

There is a simple solution.  We can write the log messages to standard
output.  When we are passed `-l` by a legacy script, we can redirect
standard output to the logfile.

This removes any distinctions between the logfile and "non-log" messages.
Some calls to restorecon were missing redirections to the log file.
"Cleaning out /tmp" was written to the log file, but "Cleaning out labels
on /tmp" was not.  There were no comments to explain these distinctions.
2017-05-05 13:27:18 -04:00
Alan Jenkins
48d425e7c6 policycoreutils: fixfiles: move logit call outside of redirected function
Move call to logit() outside a function which has its output redirected.
See next commit for explanation.

The logit calls are moved into a new function LogExcluded(), similar to
LogReadOnly().  I don't see a pretty way to resolve this, so I just went
for the most explicit approach I could think of.

Behaviour change: diff_filecontext will now log *all* excluded paths.
I think that approach is an improvement, because e.g. the fact that `-C`
mode excludes `/home` was not previouslly documented anywhere.
2017-05-05 13:27:13 -04:00
Alan Jenkins
55f220122f policycoreutils: fixfiles: fix logging about R/O filesystems
The LogReadOnly() call which warns the user about R/O filesystems, applies
to the `-B` mode (newer() function), and the `fixfiles check` mode
(no paths).

Make sure to print it for these modes, and these modes only.
2017-05-05 13:27:10 -04:00
Alan Jenkins
08df753962 policycoreutils: fixfiles: clarify exclude_dirs()
The usage of exclude_dirs() is non-obvious.

It turns out it is only used by the `-C` mode of fixfiles.  The other four
modes use the narrower list generated by exclude_dirs_from_relabelling().
Let's make this distinction more obvious.

(The purpose of the extra exclusions is not clear.  E.g. there's an
exclusion for /dev.  Whereas the `fixfiles check` mode explicitly tells you
that it's going to relabel /dev, without causing any problem.  Maybe that
part is out of date?  But without some explanation of the list, I don't
want to change anything!)
2017-05-05 13:27:05 -04:00
Alan Jenkins
aa62e3665c policycoreutils: fixfiles: remove (broken) redundant code
setfiles is now run with $exclude_dirs.
We shouldn't need to patch the file contexts as well.

This is fortunate, since the file context patching code was broken
(by the same commit which introduced the redundancy).  It takes the
list of directories to exclude from $tempdirs, but $tempdirs is
never set.

Also messages about skipping directories were printed twice.  Firstly when
exclude_dirs is generated, and secondly in the file context patching code.

Also TEMPFCFILE was only removed in one path out of several.
2017-05-05 13:27:02 -04:00
Alan Jenkins
b5610b0c6e Revert "policycoreutils: let output of fixfiles be redirected (as normal)"
This reverts commit ac7899fc3a,
which is not yet part of an officially tagged release
(or release candidate).

`LOGFILE=/proc/self/fd/1` was wrong.

`LOGFILE=$(tty)` was being relied on in one case (exclude_dirs),
to log messages from a function run specifically with stdout redirected
(captured into a variable).

Having `logit "message"` break inside redirected functions
is a nasty leaky abstraction.

This caused e.g. `fixfiles restore` to terminate early with the error

    skipping: No such file or directory

if the user had configured any excluded paths in
/etc/selinux/fixfiles_exclude_dirs
2017-05-05 13:26:57 -04:00
Nicolas Iooss
1dc95dd558 libsepol: silence false-positive -Wwrite-strings warning
When compiling with -Wwrite-strings, the compiler complains about
calling strs_add with a const char* value for a char* parameter
(DEFAULT_OBJECT is defined to "object_r"). Silence this warning by
casting the literal string to char*.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2017-05-05 13:09:36 -04:00
Nicolas Iooss
232ff757d4 libselinux/utils: add noreturn attribute to selinux_check_access's usage
When building libselinux, clang reports the following warning:

    selinux_check_access.c:8:1: error: function 'usage' could be
    declared with attribute 'noreturn' [-Werror,-Wmissing-noreturn]

While at it, make progname const.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2017-05-05 13:07:04 -04:00
Petr Lautrbach
a9b6ef426d sepolicy/gui: Update text strings to use better gettext templates
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2017-05-05 11:52:19 -04:00
Petr Lautrbach
11e9676ce1 sepolicy: info() should provide attributes for a TYPE
"attributes" used to be there when sepolicy.info() used setools3

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2017-05-05 11:52:19 -04:00
Petr Lautrbach
89399a9c8e sepolicy: Fix several issues in 'sepolicy manpage -a'
Fixes:
$ sepolicy manpage -a
Traceback (most recent call last):
  File "/usr/bin/sepolicy", line 699, in <module>
    args.func(args)
  File "/usr/bin/sepolicy", line 359, in manpage
    m = ManPage(domain, path, args.root, args.source_files, args.web)
  File "/usr/lib/python3.6/site-packages/sepolicy/manpage.py", line 408, in __init__
    self.__gen_man_page()
  File "/usr/lib/python3.6/site-packages/sepolicy/manpage.py", line 495, in __gen_man_page
    self._entrypoints()
  File "/usr/lib/python3.6/site-packages/sepolicy/manpage.py", line 903, in _entrypoints
    if len(entrypoints) > 1:
TypeError: object of type 'map' has no len()

$ sepolicy manpage -a
Traceback (most recent call last):
  File "/usr/bin/sepolicy", line 699, in <module>
    args.func(args)
  File "/usr/bin/sepolicy", line 359, in manpage
    m = ManPage(domain, path, args.root, args.source_files, args.web)
  File "/usr/lib/python3.6/site-packages/sepolicy/manpage.py", line 408, in __init__
    self.__gen_man_page()
  File "/usr/lib/python3.6/site-packages/sepolicy/manpage.py", line 497, in __gen_man_page
    self._mcs_types()
  File "/usr/lib/python3.6/site-packages/sepolicy/manpage.py", line 927, in _mcs_types
    attributes = sepolicy.info(sepolicy.TYPE, (self.type))[0]["attributes"]
TypeError: 'generator' object is not subscriptable

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2017-05-05 11:52:19 -04:00
Petr Lautrbach
471e6b0fc9 sepolicy: setools.*Query wants a list in ruletype
This fixes a problem introduced in 18410c86 where ruletype is specified
as a string not a list.

Fixes:
>>> sepolicy.get_all_role_allows()
Traceback (most recent call last):
  File "/usr/lib64/python3.6/site-packages/setools/policyrep/util.py", line 60, in lookup
    return cls(value)
  File "/usr/lib64/python3.6/enum.py", line 291, in __call__
    return cls.__new__(cls, value)
  File "/usr/lib64/python3.6/enum.py", line 533, in __new__
    return cls._missing_(value)
  File "/usr/lib64/python3.6/enum.py", line 546, in _missing_
    raise ValueError("%r is not a valid %s" % (value, cls.__name__))
ValueError: 'a' is not a valid RBACRuletype

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2017-05-05 11:52:19 -04:00
Petr Lautrbach
be0acfb491 dbus: Use text streams in selinux_server.py
subprocess.Popen called without universal_newlines=True opens stdin,
stout and stderr as binary stream which cause problems with Python 3.

Fixes:
Traceback (most recent call last):
  File "/usr/lib64/python3.4/site-packages/sepolicy/gui.py", line 2773, in unconfined_toggle
    self.dbus.semanage("module -e unconfined")
  File "<string>", line 2, in semanage
  File "/usr/lib/python3.4/site-packages/slip/dbus/polkit.py", line 121, in _enable_proxy
    return func(*p, **k)
  File "/usr/lib64/python3.4/site-packages/sepolicy/sedbus.py", line 14, in semanage
    ret = self.dbus_object.semanage(buf, dbus_interface = "org.selinux")
  File "/usr/lib64/python3.4/site-packages/dbus/proxies.py", line 145, in __call__
    **keywords)
  File "/usr/lib64/python3.4/site-packages/dbus/connection.py", line 651, in call_blocking
    message, timeout)
dbus.exceptions.DBusException: org.freedesktop.DBus.Python.TypeError: TypeError: 'dbus.String' does not support the buffer interface

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2017-05-05 11:52:19 -04:00
Petr Lautrbach
4a7de9ffdc policycoreutils/sepolicy: Define our own cmp()
Fixes:
Traceback (most recent call last):
  File "/usr/lib/python3.5/site-packages/sepolicy/gui.py", line 1447, in stripsort
    return cmp(val1, val2)
NameError: name 'cmp' is not defined

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2017-05-05 11:52:19 -04:00
Petr Lautrbach
d9c2a15831 sepolicy/generate.py: Fix string formatting
Fixes python3 problem:

>>> print("Failed to retrieve rpm info for %s") % package
Failed to retrieve rpm info for %s
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
TypeError: unsupported operand type(s) for %: 'NoneType' and 'str'

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2017-05-05 11:52:19 -04:00
Petr Lautrbach
6dabab268c sepolicy: Simplify policy types detection
map() and filter() changed their return values from list to iterators in
Python 3. This change drops filter() and map() from gui.py to make it
work on Python 2 and 3

Fixes:
Traceback (most recent call last):
  File "/bin/sepolicy", line 700, in <module>
    args.func(args)
  File "/bin/sepolicy", line 326, in gui_run
    sepolicy.gui.SELinuxGui(args.domain, args.test)
  File "/usr/lib/python3.5/site-packages/sepolicy/gui.py", line 238, in __init__
    if self.populate_system_policy() < 2:
  File "/usr/lib/python3.5/site-packages/sepolicy/gui.py", line 835, in populate_system_policy
    types = map(lambda x: x[1], filter(lambda x: x[0] == selinux_path, os.walk(selinux_path)))[0]
TypeError: 'map' object is not subscriptable

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2017-05-05 11:52:19 -04:00
Petr Lautrbach
54eb348c0c sepolicy: Don't return filter(), use [ ] notation instead
filter() changed it's behavior among python 2 and python 3

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2017-05-05 11:52:19 -04:00
Petr Lautrbach
2a0102a270 sepolicy: Adapt to new the semodule list output
semodule in policycoreutils-2.4 changed the list format. With this
patch, org.selinux.semodule_list uses 'semodule --list=full' and the
code using this was adapted to the new format.

Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1281309

Fixes:
File "/usr/lib64/python3.4/site-packages/sepolicy/gui.py", line 670, in lockdown_init
  self.enable_unconfined_button.set_active(not self.module_dict["unconfined"]["Disabled"])
KeyError: 'unconfined'

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2017-05-05 11:52:19 -04:00
Miroslav Grepl
f82771c105 Fix typo in executable.py template.
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2017-05-05 11:52:19 -04:00
Dan Walsh
1353988d58 sepolicy: We should be creating _exec interfaces when we create the domtrans interface
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2017-05-05 11:52:19 -04:00
Miroslav Grepl
8dfdb38db9 sepolicy: ptrace should be a part of deny_ptrace boolean in TEMPLATETYPE_admin
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2017-05-05 11:52:19 -04:00
Dan Walsh
c0ec882bfa Fix up generation of application policy
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2017-05-05 11:52:19 -04:00
Petr Lautrbach
1db83be583 policycoreutils/sepolicy: boolean.png is in help/
Fixes:
(sepolicy:2183): Gtk-WARNING **: Could not load image 'images/booleans.png': Failed to open file '/usr/lib64/python3.4/site-packages/sepolicy/images/booleans.png': No such file or directory

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2017-05-05 11:52:19 -04:00
Dan Walsh
590e765dce sepolicy: Move svirt man page out of libvirt into its own
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2017-05-05 11:52:19 -04:00
Dan Walsh
63283b81bb sepolicy: Add manpages for typealiased types
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2017-05-05 11:52:19 -04:00
Petr Lautrbach
cfbb79736d sepolicy: Fix spelling mistakes in commands in generated manpages
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2017-05-05 11:52:19 -04:00
Dan Walsh
443b84e4df policycoreutils/sepolicy: Add documentation for MCS separated domains
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2017-05-05 11:52:19 -04:00
Richard Haines
ef95c6ddf9 libselinux: Remove util/selinux_restorecon.c
Remove util/selinux_restorecon.c and tidy up. This is removed as
the functionality is now in policycoreutils/setfiles.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
2017-05-02 11:03:06 -04:00
Richard Haines
a63858b52f libselinux: Add selinux_check_access utility
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
2017-05-02 10:58:22 -04:00
Richard Haines
9cba8f6151 libselinux: Add permissive= entry to avc audit log
Add audit log entry to specify whether the decision was made in
permissive mode/permissive domain or enforcing mode.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
2017-04-28 09:42:37 -04:00
Colin Walters
f3a264c2e1 config: Don't finalize mount state in selinux_set_policy_root()
This breaks every further call to e.g. `is_selinux_enabled()` after a policy
root has been set.  This tripped up some code landed in libostree:
https://github.com/ostreedev/ostree/pull/797
Since in some cases we initialize a policy twice in process, and we'd
call `is_selinux_enabled()` each time.

More info in: http://marc.info/?l=selinux&m=149323809332417&w=2

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2017-04-27 08:38:58 -04:00
Jason Zaman
89ce96cac6 policycoreutils: make audit and pam support configurable
Signed-off-by: Jason Zaman <jason@perfinion.com>
2017-04-25 08:32:11 -04:00
Jason Zaman
9a7763e186 Add includes for DESTDIR only in root Makefile
Signed-off-by: Jason Zaman <jason@perfinion.com>
2017-04-25 08:31:10 -04:00
Jason Zaman
74093beab0 restorecond: get pcre cflags/libs from pkg-config
Signed-off-by: Jason Zaman <jason@perfinion.com>
2017-04-25 08:27:44 -04:00
Jason Zaman
fcb5d5cc72 Makefiles: drop -L/-I to system paths
The toolchain automatically handles them and they break cross compiling.

LDFLAGS should also come before object files, some flags (eg,
-Wl,as-needed) can break things if they are in the wrong place)

Gentoo-Bug: https://bugs.gentoo.org/500674

Signed-off-by: Jason Zaman <jason@perfinion.com>
2017-04-25 08:27:05 -04:00