Use codespell (https://github.com/codespell-project/codespell) in order
to find many common misspellings that are present in English texts.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
This reverts commit fe17b3d2d9.
MLS ranges should be compared based on dominance.
This fixes mlscolor-test on mcstrans examples.
Eg. mlscolor-test using /usr/share/mcstrans/examples/urcsts when executed on mls
machine fails as follows:
\#pushd /usr/share/mcstrans/examples/urcsts
\#cp -f secolor.conf /etc/selinux/mls/secolor.conf
\#cp -f setrans.conf /etc/selinux/mls/setrans.conf
\#systemctl restart mcstransd
\#python3 /usr/share/mcstrans/util/mlscolor-test urcsts.color
For 'system_u:system_r:inetd_t:SystemLow' got
'#000000#000000#000000#000000#000000#000000#000000#000000' expected
'#000000#000000#000000#000000#000000#000000#000000#008000'
...
mlscolor-test done with 19 errors
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
raw_color() uses color_str as an output argument which is assigned to a new
allocated memory. Therefore it should fail when color_str is null; or
when *color_str is not null in order to avoid a memory leak.
Fixes:
>>> selinux.selinux_raw_context_to_color('system_u:system_r:inetd_t:s0')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
OSError: [Errno 0] Error
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
There is a call to getpeercon_raw() in mcstransd, but nothing is done
with the context. The purpose of process_request() is to translate a
context and we would like that to succeed even if, for some reason,
getpeercon_raw() fails.
Signed-off-by: Yuli Khodorkovskiy <yuli@crunchydata.com>
Signed-off-by: Joshua Brindle <joshua.brindle@crunchydata.com>
There are many memory leaks in mcstrans. Clean them up in order to
reduce the noise in clang's static analyzer report. Some are remaining,
because they are more complex to fix.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
The toolchain automatically handles them and they break cross compiling.
LDFLAGS should also come before object files, some flags (eg,
-Wl,as-needed) can break things if they are in the wrong place)
Gentoo-Bug: https://bugs.gentoo.org/500674
Signed-off-by: Jason Zaman <jason@perfinion.com>
- Sort included header files by their number of path components then
alphabetically.
- Include unistd.h and sys/types.h only once.
- Include sys/uio.h to get readv() and writev() declarations when
compiling with musl libc.
- Include poll.h instead of sys/poll.h as building with musl results in
the following message:
/usr/lib/musl/include/sys/poll.h:1:2: error: #warning redirecting
incorrect #include <sys/poll.h> to <poll.h> [-Werror=cpp]
#warning redirecting incorrect #include <sys/poll.h> to <poll.h>
^~~~~~~
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
When running "make install" in the root directory of the project, with
variable DESTDIR set and while being on a system without SELinux, the
compiler complains while building:
fatal error: selinux/selinux.h: No such file or directory
Other subdirectories add -I$(PREFIX)/include to CFLAGS and -L$(LIBDIR)
to the linking command line, in order to find libselinux headers and .so
file. Do this too in mcstrans.
While at it, mcstrans Makefile uses -I../include but this directory does
not exist. Remove this option.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
All the other makefiles just have LIBDIR optionally set so it can be
overridden. These makefiles were autodetecting incorrectly. uname -i
returns "GenuineIntel" so should have been uname -m.
Signed-off-by: Jason Zaman <jason@perfinion.com>
Fix the following warnings from clang.
mcstrans.c:1309:6: warning: variable 'groups' is used uninitialized whenever 'if' condition is true [-Wsometimes-uninitialized]
if (violates_constraints(l)) {
^~~~~~~~~~~~~~~~~~~~~~~
mcstrans.c:1491:9: note: uninitialized use occurs here
while (groups)
^~~~~~
mcstrans.c:1309:2: note: remove the 'if' if its condition is always false
if (violates_constraints(l)) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
mcstrans.c:1303:6: warning: variable 'groups' is used uninitialized whenever 'if' condition is true [-Wsometimes-uninitialized]
if (!l)
^~
mcstrans.c:1491:9: note: uninitialized use occurs here
while (groups)
^~~~~~
mcstrans.c:1303:2: note: remove the 'if' if its condition is always false
if (!l)
^~~~~~~
mcstrans.c:1299:6: warning: variable 'groups' is used uninitialized whenever 'if' condition is true [-Wsometimes-uninitialized]
if (!level)
^~~~~~
mcstrans.c:1491:9: note: uninitialized use occurs here
while (groups)
^~~~~~
mcstrans.c:1299:2: note: remove the 'if' if its condition is always false
if (!level)
^~~~~~~~~~~
mcstrans.c:1316:2: note: variable 'groups' is declared here
word_group_t *groups = NULL;
^
3 warnings generated.
mcscolor.c:334:24: warning: size argument in 'strncat' call appears to be size of the source [-Wstrncat-size]
strncat(result, buf, sizeof(buf));
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Nicolas Iooss
Vit Mojzis
Laurent Bigonville
Petr Lautrbach
Yuli Khodorkovskiy
Marcus Folkesson
Jason Zaman
Stephen Smalley