See https://github.com/koalaman/shellcheck/issues/2769
Fixes:
$ shellcheck -S error fixfiles
In fixfiles line 189:
# These two sorts need to be separate commands \
^-- SC1143 (error): This backslash is part of a comment and does not continue the line.
For more information:
https://www.shellcheck.net/wiki/SC1143 -- This backslash is part of a comme...
Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
Acked-by: James Carter <jwcart2@gmail.com>
While well-defined unsigned integer underflow might signal a logic
mistake or processing of unchecked user input. Please Clang's undefined
behavior sanitizer:
restore.c:91:37: runtime error: unsigned integer overflow: 1 - 2 cannot be represented in type 'unsigned long'
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
This patch adds CPPFLAGS to all of the Makefiles as suggested.
Signed-off-by: Cameron Williams <ckwilliams.work@gmail.com>
Acked-by: James Carter <jwcart2@gmail.com>
The hash table implementation uses `& (h->size - 1)` to truncate
generated hashes to the number of buckets. This operation is equal to
`% h->size` if and only if the size is a power of two (which seems to be
always the case). One property of the binary and with a power of two
(and probably a small one <=2048) is all higher bits are discarded.
Thus a hash function is needed with a good avalanche effect, which the
current one is not.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Do not issue an audit event of type AUDIT_FS_RELABEL in case of a
passive check.
Print the reason for an audit_open(3) failure.
Do not prematurely exit in case audit_open(3) fails, since all important
work is already done, but proceed with cleanup tasks.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Since they are being removed, there will be nothing to install.
Suggested-by: Petr Lautrbach <plautrba@redhat.com>
Signed-off-by: James Carter <jwcart2@gmail.com>
Acked-by: Petr Lautrbach <lautrbach@redhat.com>
The Russian translations have not been maintained and are out of
date, so remove them.
Suggested-by: Petr Lautrbach <plautrba@redhat.com>
Signed-off-by: James Carter <jwcart2@gmail.com>
Acked-by: Petr Lautrbach <lautrbach@redhat.com>
Change "NSA SELinux" to just "SELinux" and remove NSA from the
SELinux manual pages.
Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Acked-by: James Carter <jwcart2@gmail.com>
setsebool does not directly use any symbols from libsepol. Any
transitional ones, via libsemanage, are available by linking against
libsemanage.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Support the usage format of multiple booleans to change, e.g.:
setsebool bool1=on bool2=off
Support the options -N and -V.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Found by codespell(1) and typos[1].
[1]: https://github.com/crate-ci/typos
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
In load_checks(), add return check for malloc() to avoid NULL reference.
Signed-off-by: Jie Lu <lujie54@huawei.com>
Acked-by: James Carter <jwcart2@gmail.com>
`fixfiles -M relabel` temporary bind mounts file systems before
relabeling, but it left the / directory mounted in /tmp/tmp.XXXX when a
user hit CTRL-C. It means that if the user run `fixfiles -M relabel`
again and answered Y to clean out /tmp directory, it would remove all
data from mounted fs.
This patch changes the location where `fixfiles` mounts fs to /run, uses
private mount namespace via unshare and adds a handler for exit signals
which tries to umount fs mounted by `fixfiles`.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2125355
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Tested-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Provide a top level LICENSE file explaining how multiple the SELinux
userspace is released under multiple different licenses. Also ensure
that all the different license files share a consistent file name,
LICENSE, to make it easier for people to identify the license files.
This is to help meet the OpenSSF Best Practices requirements.
Signed-off-by: Paul Moore <paul@paul-moore.com>
After the last commit this option's name and description no longer
matches the semantic, so give it a new one and update the descriptions.
The old name is still recognized and aliased to the new one for
backwards compatibility.
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Do not check for file existence and open afterwards, open with the
exclusive flag (supported in Glibc and musl 0.9.6 and also standardized
in C11).
Found by GitHub CodeQL.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org>
context_str(3) returns a string representation of the given context.
This string is owned by the context and free'd on context_free(3).
Declare it const, as already done in the man page, since it must not be
free'd by the caller.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org>
setfiles(8) exits with status 255 if it encounters any error. Introduce
the "-C" option: if the only errors that setfiles(8) encounters are
labeling errors seen during the file tree walk(s), then let setfiles(8)
exit with status 1.
Cc: "Richard W.M. Jones" <rjones@redhat.com>
Cc: Petr Lautrbach <plautrba@redhat.com>
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1794518
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Commit 219eea83ce ("policycoreutils: setfiles/restorecon: fix -r/-R
option", 2015-04-16) split the option strings between "setfiles" and
"restorecon". Since that commit, an "iamrestorecon" check has only been
necessary for an option that is (a) accepted by both "setfiles" and
"restorecon", but (b) behaves differently between "setfiles" and
"restorecon". Currently, the only such options are "-r" and "-R". Remove
the "iamrestorecon" checks from the "setfiles"-only "-c" and "-d" options,
and from the "restorecon"-only "-x" option.
Cc: "Richard W.M. Jones" <rjones@redhat.com>
Cc: Petr Lautrbach <plautrba@redhat.com>
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1794518
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-By: Daniel Burgener <dburgener@linux.microsoft.com>
Commit 9207823c8f ("setfiles: Do not abort on labeling error",
2021-02-01) hoisted the zeroing of "r_opts.abort_on_error" above the
branching on "setfiles vs. restorecon". Clean up two aspects:
- "r_opts" is altogether zeroed a bit higher up, so remove the explicit
zero-assignment;
- neither "setfiles" nor "restorecon" aborts on errors during the file
tree walk now, so remove the comment "Do not abort on errors during the
file tree walk" from the "restorecon" branch as well.
Cc: "Richard W.M. Jones" <rjones@redhat.com>
Cc: Petr Lautrbach <plautrba@redhat.com>
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1794518
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Commit 7ad84e7c8d ("Add restorecon -x option to not cross FS
boundaries", 2020-06-18) used spaces vs. TABs inconsistently; run
"unexpand" on the affected lines to make the indentation conform to the
rest of the source code.
Cc: "Richard W.M. Jones" <rjones@redhat.com>
Cc: Petr Lautrbach <plautrba@redhat.com>
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1794518
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Found by typos[1].
[1]: https://github.com/crate-ci/typos
Acked-by: James Carter <jwcart2@gmail.com>
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
When policycoreutils was split into policycoreutils/ python/ gui/ and sandbox/
sub-directories, po/ translation files stayed in policycoreutils/.
This commit splits original policycoreutils translations to
policycoreutils, selinux-python, selinux-gui, and selinux-sandbox.
See original Fedora issue https://github.com/fedora-selinux/selinux/issues/43
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Acked-by: James Carter <jwcart2@gmail.com>
Commit 93902fc834 ("setfiles/restorecon: support parallel relabeling")
implemented support for parallel relabeling in setfiles. This is
available for fixfiles now.
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Acked-by: Ondrej Mosnacek <omosnace@redhat.com>
Compiler can optimize calls to memset(3), due to the as-if rule, away if
the object is not accessed later on. Use a wrapper using volatile
pointers to ensure the memory is guaranteed to be erased. Also erase
the encrypted password.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Depending on the implementation crypt(3) can fail either by returning
NULL, or returning a pointer to an invalid hash and setting errno.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
newrole.c:636:12: warning: function declaration isn’t a prototype [-Wstrict-prototypes]
636 | static int transition_to_caller_uid()
| ^~~~~~~~~~~~~~~~~~~~~~~~
newrole.c:103:9: warning: macro is not used [-Wunused-macros]
#define DEFAULT_CONTEXT_SIZE 255 /* first guess at context size */
^
newrole.c:862:4: warning: 'break' will never be executed [-Wunreachable-code-break]
break;
^~~~~
newrole.c:168:13: warning: no previous extern declaration for non-static variable 'service_name' [-Wmissing-variable-declarations]
const char *service_name = "newrole";
^
hashtab.c:53:11: warning: implicit conversion changes signedness: 'unsigned int' to 'int' [-Wsign-conversion]
hvalue = h->hash_value(h, key);
~ ^~~~~~~~~~~~~~~~~~~~~
hashtab.c:92:11: warning: implicit conversion changes signedness: 'unsigned int' to 'int' [-Wsign-conversion]
hvalue = h->hash_value(h, key);
~ ^~~~~~~~~~~~~~~~~~~~~
hashtab.c:124:11: warning: implicit conversion changes signedness: 'unsigned int' to 'int' [-Wsign-conversion]
hvalue = h->hash_value(h, key);
~ ^~~~~~~~~~~~~~~~~~~~~
hashtab.c:172:10: warning: implicit conversion changes signedness: 'int' to 'unsigned int' [-Wsign-conversion]
ret = apply(cur->key, cur->datum, args);
~ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
hashtab.c:174:12: warning: implicit conversion changes signedness: 'unsigned int' to 'int' [-Wsign-conversion]
return ret;
~~~~~~ ^~~
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Petr Lautrbach
Christian Göttsche
Cameron Williams
James Carter
Stephen Smalley
Vit Mojzis
Jason Zaman
Jie Lu
Petr Lautrbach
Paul Moore
Ondrej Mosnacek
Laszlo Ersek