Commit Graph

238 Commits

Author SHA1 Message Date
Daniel J Walsh
20271d94ed Author: Daniel J Walsh
Email: dwalsh@redhat.com
Subject: SELinux context patch
Date: Mon, 18 May 2009 14:16:12 -0400

This patch adds context files for virtual_domain and virtual_image,
these are both being used to locat the default context to be executed by
svirt.

I also included the subs patch which I submitted before.  This patch
allows us to substitute prefixes to matchpathcon.

So we can say /export/home == /home

and

/web == /var/www

Author: Chad Sellers
Email: csellers@tresys.com

Flipped free()'s in original patch when strdup'd fail to proper order.

Signed-off-by: Chad Sellers <csellers@tresys.com>
2009-06-04 17:15:31 -04:00
Joshua Brindle
99afa3cb77 bump libselinux to 2.0.81 2009-05-05 20:19:43 -04:00
Daniel J Walsh
20eff2b9a5 Author: Daniel J Walsh
Email: dwalsh@redhat.com
Subject: Patch to getdefaultcon to print just the correct match and add verbose option
Date: Wed, 04 Mar 2009 15:41:37 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I really want to rename this to selinuxdefaultcon, which is what we ship
in Fedora.

Also exit with proper error on failure.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkmu54AACgkQrlYvE4MpobNoZACdHgQDP2Hp/KDBpGCD7G08HjOX
p68An25Uu83SlOqjKyy9EG8ZgdIcuTCB
=L6UU
-----END PGP SIGNATURE-----

Signed-off-by: Chad Sellers <csellers@tresys.com>
2009-05-14 15:43:18 -04:00
Chad Sellers
72d535fdb8 Author: Daniel J Walsh
Email: dwalsh@redhat.com
Subject: We have moved matchpathcon to /sbin from /usr/sbin
Date: Wed, 01 Apr 2009 10:21:53 -0400

Some init scripts wanted to use matchpathcon before /usr is mounted.

Author: Chad Sellers
Email: csellers@tresys.com

Added matchpathcon to clean target

Signed-off-by: Chad Sellers <csellers@tresys.com>
2009-05-07 16:05:05 -04:00
Hiroshi Shinji
a4af847dc6 Author: Hiroshi Shinji
Email: hiroshi.shinji@gmail.com
Subject: Memory leak in libselinux/src/label_file.c
Date: Fri, 3 Apr 2009 13:58:01 +0900

Hi,

I found memory leak in libselinux/src/label_file.c.
Please fix it.

Regards,

--
Hiroshi Shinji

Signed-off-by: Chad Sellers <csellers@tresys.com>
2009-04-11 14:41:51 -04:00
Chad Sellers
5f1746a17e Merge branch 'master' of http://oss.tresys.com/git/selinux 2009-04-11 11:45:17 -04:00
Stephen Smalley
7610baa968 Trivial: Wrap the #define MNT_DETACH with #ifndef MNT_DETACH...#endif so that it does not break with the latest glibc headers, as in F11/rawhide. 2009-05-06 08:19:17 -04:00
Daniel J Walsh
93a680280f Author: Daniel J Walsh
Email: dwalsh@redhat.com
Subject: Patch matchpathcon to eliminate file "/"
Date: Wed, 04 Mar 2009 15:39:31 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

So

matchpathcon /etc/
Will work the same as
matchpathcon /etc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkmu5wMACgkQrlYvE4MpobNK4gCgiVeXXEZcCMsJKXM7jqh6r1u3
OScAoLcmXBIR63gpvA8RS3g07pcPC6IF
=e+Re
-----END PGP SIGNATURE-----

Signed-off-by: Chad Sellers <csellers@tresys.com>
2009-04-10 11:33:23 -04:00
Eamon Walsh
a07493d1a1 bump libselinux to 2.0.80. 2009-04-07 22:53:50 -04:00
KaiGai Kohei
433a99d403 It is useful for userspace object manager, if libselinux has an
interface something like: int security_deny_unknown(void);

This interface can suggest applications preferable behavior when
string_to_security_class() or string_to_av_perm() returns invalid
value which means the security policy does not define required
ones.

Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com>
2009-04-07 22:48:01 -04:00
KaiGai Kohei
55ed6e7fa6 This patch enables applications to handle permissive domain correctly.
Since the v2.6.26 kernel, SELinux has supported an idea of permissive
domain which allows certain processes to work as if permissive mode,
even if the global setting is enforcing mode.
However, we don't have an application program interface to inform
what domains are permissive one, and what domains are not.
It means applications focuses on SELinux (XACE/SELinux, SE-PostgreSQL
and so on) cannot handle permissive domain correctly.

This patch add the sixth field (flags) on the reply of the /selinux/access
interface which is used to make an access control decision from userspace.
If the first bit of the flags field is positive, it means the required
access control decision is on permissive domain, so application should
allow any required actions, as the kernel doing.

This patch also has a side benefit. The av_decision.flags is set at
context_struct_compute_av(). It enables to check required permissions
without read_lock(&policy_rwlock).

Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com>
2009-04-07 22:10:30 -04:00
KaiGai Kohei
318748d659 The attached patch enables userspace object managers to handle notification
messages via netlink socket from SELinux.

* Two new callbacks were added to selinux_set_callback(3)
  - SELINUX_CB_SETENFORCE
     is invoked when it got SELNL_MSG_SETENFORCE message in the
     avc_netlink_process().
  - SELINUX_CB_POLICYLOAD
     is invoked when it got SELNL_MSG_POLICYLOAD message in the
     avc_netlink_process().

* Three functions were exposed to applications.
  - int avc_netlink_open(int blocking);
  - void avc_netlink_loop(void);
  - void avc_netlink_close(void);

Due to a few reasons, SE-PostgreSQL implements its own userspace
avc, so it needs to copy and paste some of avc_internal.c.
This update enables to share common part from such kind of application.

Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com>
2009-04-07 22:08:48 -04:00
Eamon Walsh
3028bc3c58 bump libselinux to 2.0.79. 2009-03-11 19:06:12 -04:00
Eamon Walsh
7239480c70 In one benchmark the X server was found to be extremely slow creating
windows with selinux running.  Part of the reason for this was because
libselinux called into the kernel /selinux/create interface for every
object.  This patch caches the results of /selinux/create in the
userspace avc to significantly increase the speed of these types of
operations.

Revised to correct locking, interface issues.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
2009-03-11 19:04:44 -04:00
Eamon Walsh
7ab6b29011 Netlink socket handoff functions from Adam Jackson. 2009-03-10 20:31:38 -04:00
Eamon Walsh
5032faa984 bump libselinux to 2.0.78 2009-02-27 18:08:55 -05:00
Eamon Walsh
b27ff3397d Fix an incorrect conversion specifier in the discover_class code.
Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
2009-02-27 18:07:15 -05:00
Joshua Brindle
c8a18807d5 Merge branch 'master' of jbrindle@oss.tresys.com:/home/git/selinux
Conflicts:
	libselinux/ChangeLog
2009-01-12 10:53:11 -05:00
Joshua Brindle
a9e6fbdeae bump libselinux to 2.0.76 2009-01-12 10:44:08 -05:00
Joshua Brindle
3726a7783e regerate swig wrappers for commit 09836bf0c1 2009-01-12 10:39:15 -05:00
Joshua Brindle
09836bf0c1 Author: Daniel J Walsh
Email: dwalsh@redhat.com
Subject: Add restorecon and install methods for libselinux python bindings.
Date: Tue, 06 Jan 2009 10:31:04 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Daniel J Walsh wrote:
> Joshua Brindle wrote:
>> Daniel J Walsh wrote:
>> Luke Macken wrote restorecon and install functions used in Fedora
>> Infrastructure which can be used to install files with the proper
>> context and to fix the labels of files/directories without having to
>> exec restorecon.
>
>> diff --exclude-from=exclude -N -u -r
>> nsalibselinux/src/selinuxswig_python.i
>> libselinux-2.0.75/src/selinuxswig_python.i
>> --- nsalibselinux/src/selinuxswig_python.i    2008-08-28
>> 09:34:24.000000000 -0400
>> +++ libselinux-2.0.75/src/selinuxswig_python.i    2008-11-14
>> 17:09:50.000000000 -0500
>> @@ -6,6 +6,32 @@
>>     #include "selinux/selinux.h"
>> %}
>
>> +%pythoncode %{
>> +
>> +import shutil, os
>> +
>> +def restorecon(path, recursive=False):
>> +    """ Restore SELinux context on a given path """
>> +    mode = os.stat(path)[stat.ST_MODE]
>
>> stat doesn't exist here, perhaps he meant mode?
>
>> +    status, context = matchpathcon(path, mode)
>> +    if status == 0:
>> +        lsetfilecon(path, context)
>> +        if recursive:
>> +            os.path.walk(path, lambda arg, dirname, fnames:
>> +                             map(restorecon, [os.path.join(dirname, fname)
>> +                              s                for fname in fnames]),
>> None)
>
>> typo, the s causes a syntax error
>
>> +
>> +def copytree(src, dest):
>> +    """ An SELinux-friendly shutil.copytree method """
>> +    shutil.copytree(src, dest)
>> +    restorecon(dest, recursive=True)
>> +
>> +def install(src, dest):
>> +    """ An SELinux-friendly shutil.move method """
>> +    shutil.move(src, dest)
>> +    restorecon(dest, recursive=True)
>> +%}
>> +
>> /* security_get_boolean_names() typemap */
>> %typemap(argout) (char ***names, int *len) {
>>     PyObject* list = PyList_New(*$2);
>
>> This patch doesn't appear correct, I'll fix the things above, have you
>> been testing this at all?
>
> Must have sent you a bad patch.
>
>
> This is what the current patch looks like.
>
And this is still broken.

One more fix.

+    mode = os.stat(path)[stat.ST_MODE]
should be
+    mode = os.lstat(path)[stat.ST_MODE]

Modified to remove copytree and install functions

Signed-off-by: Joshua Brindle <method@manicmethod.com>
2009-01-12 10:34:01 -05:00
Joshua Brindle
71cb6604ad regenerate swig bindings for color translation in commit cfa3cb6fa5 2009-01-12 10:19:58 -05:00
Eamon Walsh
7817c92986 Bump libselinux to 2.0.76 2009-01-05 18:31:55 -05:00
Eamon Walsh
f9b1f1a2a1 Add config path function for secolor.conf file.
Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
2009-01-02 16:15:58 -05:00
Eamon Walsh
cfa3cb6fa5 Add client routines for translating raw security contexts into colors.
Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
2008-12-31 18:51:42 -05:00
Eamon Walsh
aa92cfbe74 Bump libselinux to 2.0.75 2008-11-18 18:59:20 -05:00
Eamon Walsh
66b2af371a Allow shell-style wildcard patterns in the X labeling backend.
Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
2008-11-14 16:18:48 -05:00
Eamon Walsh
cc502813e0 Bump libselinux to 2.0.74 2008-11-03 13:45:19 -05:00
Eamon Walsh
eee0f022e4 Put a proper message type into each message logged by the userspace AVC.
Currently, the message types are defined but not used.

This will allow better separation of messages when logging to facilities
such as libaudit.

Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
2008-10-31 10:20:33 -04:00
Joshua Brindle
3d431ae08f bump libselinux and checkpolicy versions 2008-10-14 08:12:59 -04:00
Joshua Brindle
345fb4a99b Author: Daniel J Walsh
Email: dwalsh@redhat.com
Subject: Yet another man page patch
Date: Tue, 30 Sep 2008 08:52:58 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

int selinux_file_context_cmp(const security_context_t a,
+                                    const security_context_t b);"
+
+.BI "int selinux_file_context_verify(const char *path, mode_t mode);"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkjiISoACgkQrlYvE4MpobPV9gCg0KZ+rsxGsIalBS1qvbObK7bA
0H8Anj8FnGzOnSjnOfbk+5R4Bf2OyxW+
=nJ7k
-----END PGP SIGNATURE-----

Signed-off-by: Joshua Brindle <method@manicmethod.com>
2008-10-14 07:34:49 -04:00
Joshua Brindle
86562db50a Author: Daniel J Walsh
Email: dwalsh@redhat.com
Subject: matchpathcon -V does not always work as expected.
Date: Tue, 30 Sep 2008 08:54:18 -0400

matchpathcon -V should be passing the mode when checking whether the
file context on a file is correct.

Signed-off-by: Joshua Brindle <method@manicmethod.com>
2008-10-14 07:33:19 -04:00
Joshua Brindle
922103e7f2 bump libselinux to 2.0.73 2008-09-29 18:20:51 -04:00
Joshua Brindle
06c2dd5d04 Author: Daniel J Walsh
Email: dwalsh@redhat.com
Subject: Some missing man pages from libselinux
Date: Wed, 24 Sep 2008 08:57:44 -0400

We are still missing the following man pages.
Perhaps some of these functions should be removed?
selinux_users_path seems to return a bogus directory?
Also do not have _raw functions defined in man pages.

matchpathcon_checkmatches
matchpathcon_filespec_add
matchpathcon_filespec_destroy
matchpathcon_filespec_eval
matchpathcon_index
matchpathcon_init_prefix
print_access_vector
security_canonicalize_context
security_disable
security_set_boolean_list
selinux_check_passwd_access
selinux_customizable_types_path
selinux_file_context_cmp
selinux_file_context_verify
selinux_get_callback
selinux_init_load_policy
selinux_lsetfilecon_default
selinux_mkload_policy
selinux_raw_to_trans_context
selinux_trans_to_raw_context
selinux_translations_path
selinux_users_path
set_selinuxmnt

Signed-off-by: Joshua Brindle <method@manicmethod.com>
2008-09-29 15:55:18 -04:00
Joshua Brindle
85ea2db4bd Author: Daniel J Walsh
Email: dwalsh@redhat.com
Subject: Man page fixes for libselinux.
Date: Mon, 22 Sep 2008 13:52:13 -0400

Signed-off-by: Joshua Brindle <method@manicmethod.com>
2008-09-29 15:12:38 -04:00
Joshua Brindle
5973c54402 Author: Daniel J Walsh
Email: dwalsh@redhat.com
Subject: Latest flask definitions for libselinux.
Date: Mon, 22 Sep 2008 13:50:26 -0400

Adds open, X Definitions and nlmsg_tty_audit for netlink_audit_socket

Signed-off-by: Joshua Brindle <method@manicmethod.com>
2008-09-29 12:12:04 -04:00
Stephen Smalley
4611c09d6b Fix EMBEDDED=y build. 2008-08-26 09:08:25 -04:00
Joshua Brindle
13cd4c8960 initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00