Add --extract/-E, --cil/-c, and --hll/-H to extract modules. If -c/-H
are not provided, the module will be output as HLL by default. Only
--cil or --hll (which will use the lang_ext in the semodule store) are valid
options to use with -E. The module is written to the current working directory
as <module_name>.<lang_ext>.
If a module exists as HLL and is exported as CIL, it will first compile into
CIL and cache to the module store. Once compiled, exporting will
continue.
If no priority is provided when extracting a module, then extraction at
the default priority, 400, will be attempted. If the module does not
exist at the default priority, then it will be exported at the highest
existing priority.
Examples:
Extract the wireshark module in a .cil format. If the module only exists
as HLL on the system, the module will be compiled into CIL and placed
into the module store. This command will then write wireshark.cil to the CWD.
semodule --cil --extract wireshark
Extract the wireshark module in HLL format. Since the original HLL file
was a policy package, a wireshark.pp will be written to the CWD.
semodule -E wireshark
Extract the wireshark module as CIL and HLL and extract the puppet
module as CIL at priority 400.
semodule --hll -E wireshark --cil -E wireshark -X 400 --cil -E puppet
Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
Constraint rules in output need to be commented in order to make a policy
compilable.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1155974
Patch-by: Miroslav Grepl <mgrepl@redhat.com>
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
When trying to get policycoreutils working in python3, I kept running
into TabErrors:
Traceback (most recent call last):
File "/usr/lib/python-exec/python3.3/semanage", line 27, in <module>
import seobject
File "/usr/lib64/python3.3/site-packages/seobject.py", line 154
context = "%s%s" % (filler, raw)
^
TabError: inconsistent use of tabs and spaces in indentation
Python3 is a lot stricter than python2 regarding whitespace and looks like
previous commits mixed the two. When fixing this, I took the chance to fix
other PEP8 style issues at the same time.
This commit was made using:
$ file $(find . -type f) | grep -i python | sed 's/:.*$//' > pyfiles
$ autopep8 --in-place --ignore=E501,E265 $(cat pyfiles)
The ignore E501 is long lines since there are many that would be wrapped
otherwise, and E265 is block comments that start with ## instead of just #.
Signed-off-by: Jason Zaman <jason@perfinion.com>
commit 2ff279e21e ("policycoreutils:
semanage: update to new source policy infrastructure") introduced
new methods for enabling/disabling modules but failed to update
the deleteall method of class moduleRecords to use the new method.
The deleteall method was introduced by commit
3dafb1046d ("Add deleteall customizations
field for modules.") as a way to re-enable all locally disabled modules.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
- __builtin__ module has been renamed to "builtins" in Python 3
- use reserved word `as` in try-except
- replace print statement with print function
- migrate from commands to subprocess
- fix formatting
Signed-off-by: Michal Srb <msrb@redhat.com>
- gettext.install() only takes "unicode" keyword argument in Python 2
- __builtin__ module has been renamed to "builtins" in Python 3
- use reserved word `as` in try-except
- replace print statement with print function
Signed-off-by: Michal Srb <msrb@redhat.com>
- gettext.install() only takes optional "unicode" keyword argument in
Python 2, and its default value is "False". This keyword argument
doesn't exist in Python 3
- __builtin__ module has been renamed to "builtins" in Python 3
- raw_input() has been renamed to input() in Python 3
- specify octal literals in form compatible with both Python 2 and 3
- migrate from commands to subprocess
- replace print statement with print function
- use reserved word `as` in try-except
- replace deprecated assert_() method with assertTrue() in unit tests
Signed-off-by: Michal Srb <msrb@redhat.com>
- replace print statement with print function
- use reserved word `as` in try-except
- replace deprecated assert_() method with assertTrue() in unit tests
Signed-off-by: Michal Srb <msrb@redhat.com>
When calling "sepolgen generate" to automatically generate a SELinux
policy template, the command fails when it cannot invoke RPM related
commands on Linux distributions that do not support RPM by default:
Failed to retrieve rpm info for selinux-policy
Traceback (most recent call last):
File "/usr/lib/python-exec/python2.7/sepolicy", line 643, in <module>
args.func(args)
File "/usr/lib/python-exec/python2.7/sepolicy", line 517, in generate
print mypolicy.generate(args.path)
File "/usr/lib64/python2.7/site-packages/sepolicy/generate.py", line 1370, in generate
out += "%s # %s\n" % (self.write_spec(out_dir), _("Spec file"))
File "/usr/lib64/python2.7/site-packages/sepolicy/generate.py", line 1219, in write_spec
fd.write(self.generate_spec())
File "/usr/lib64/python2.7/site-packages/sepolicy/generate.py", line 1181, in generate_spec
selinux_policyver = get_rpm_nvr_list("selinux-policy")[1]
TypeError: 'NoneType' object has no attribute '__getitem__'
As the RPM related steps are only needed on RPM-enabled distributions,
we should ignore these steps on other Linux distribution platforms.
In this patch, we use the Python platform module to get the Linux
distribution, and only start the RPM-related activities on Linux
distributions that use RPM as their native package manager.
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
libselinux provides a proper getpeercon() implementation that uses
getsockopt with SO_PEERSEC to reliably obtain the peer's security
context from the kernel. mcstransd for reasons unknown rolled its
own get_peer_con() function that uses getsockopt SO_PEERCRED
to obtain the peer PID and then calls getpidcon_raw(). That's
less efficient and less secure (subject to races; peer context
may have changed since connect). Don't do that.
The peer context doesn't appear to be used for anything currently,
although there is a comment suggesting adding a permission check to
see if the requester dominates the label to be translated to control
what labels can be translated by what peers. Could likely dispense
with it altogether.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
A spec file was incorrectly stored as rootpath when -r option was used
Fixes:
/sbin/setfiles: /tmp/install_root is not located in /etc/selinux/targeted/contexts/files/file_contexts
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Fedora permits obtaining local policy customizations and the list
of policy modules without admin authentication, but we would prefer
more conservative defaults upstream.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Move code to convert a policy module to CIL from the policy package to
CIL conversion tool, pp, in policycoreutils to libsepol. The only changes
to the code are the additions of the prefix "sepol_" to the functions
sepol_module_package_to_cil() and sepol_ppfile_to_module_package(). This
code is being changed from GPL to LGPL with permission from Tresys.
Convert pp to use the renamed functions in libsepol.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
open_init_pty uses select() to handle all the file descriptors. There is
a very high CPU usage due to select() always returning immediately with
the fd is available for write. This uses a ring buffer and only calls
select on the read/write fds that have data that needs to be
read/written which eliminates the high CPU usage.
This also correctly returns the exit code from the child process.
This was originally from debian where they have been carrying it as a
patch for a long time. Then we got a bug report in gentoo which this
also happens to fix. The original debian patch had the ring buffer
written in C++ so I modified the class into a struct and some static
methods so it is C-only at the request of Steve Lawrence.
Debian bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=474956
Gentoo bug: https://bugs.gentoo.org/show_bug.cgi?id=532616
Signed-off-by: Jason Zaman <jason@perfinion.com>
Tested-by: Laurent Bigonville <bigon@bigon.be>
If /usr/sbin/open_init_pty is not found or is not executable,
access("/usr/sbin/open_init_pty", X_OK) returns -1, not zero.
Use "!= 0" like in other places in SELinux userland libraries and tools.
This expands IOMEMCON device context entries to 64 bits. This change is
required to support static I/O memory range labeling for systems with
over 16TB of physical address space. The policy version number change
is shared with the next patch.
While this makes no changes to SELinux policy, a new SELinux policy
compatibility entry was added in order to avoid breaking compilation of
an SELinux policy without explicitly specifying the policy version.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Fixes two types of errors which appear when building with gcc-5.0.0
- format ‘%d’ expects argument of type ‘int’, but argument X has type ‘unsigned int’
- format ‘%a’ expects argument of type ‘float *’, but argument X has type ‘char **’
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Add "RuntimeDirectory=setrans" to the mcstrans.service, this will make
systemd automatically create the /run/setrans directory before starting
the service.
This directory contains the ".setrans-unix" socket created by the
daemon.
Acked-by: Steve Lawrence <slawrence@tresys.com>
Currently, roletype statements are only added for types when they are
declared (not required). This means that in policy like:
require {
type foo_t;
}
type bar_t;
role staff_r types foo_t, bar_t;
only bar_t is associated with staff_r. This patch moves the code that
generates roletype statements for types to outside the SCOPE_DECL check
so that roletype statements are generated for all types, regardless of
the required/declared scope. It further moves the code outside of the
type/typeattribute flavor check so that roletype statements are also
generated for typeattributes.
Reported-by: Sven Vermeulen <sven.vermeulen@siphos.be>
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
Reviewed-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
Tested-by: Jason Zaman <jason@perfinion.com>
Previously, type aliases were converted to CIL in the global namespace,
regardless of which scope they were actually defined in. So essentially
type aliases could never be in optionals. For the most part this worked,
however, in some small number of cases, a type alias could reference a
type defined inside an optional. If that optional was disabled, the type
would be disabled and so the type alias would fail to resolve, causing
policy to fail to build.
Unfortunately, type alises are stored in pp modules different than other
symbols (e.g. types/roles/etc) so they must be added to scopes
differently. So this patch gathers up all type aliases in a list and
keeps track of which scope each type alias is defined in. When we enter
a new scope, use that list to determine which type alias are defined
there and print the appropriate CIL statements.
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
Reviewed-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
CIL does not have any concept of require blocks. Instead, CIL relies on
whether or not all statements inside an optional block resolve to
determine if an optional block should be enabled/disabled. However, a
small number of optional statements require a type that is not actually
used in the optional block. In old style policy, this would cause the
optional block to be disabled. However, in CIL, because the type is never
used, the optional block will remain enabled.
To maintain compatibility, we modify pp2cil to create a new attribute,
cil_gen_require, and all types/roles/attributes that are required in a
pp module/optional block are associated with this attribute. Thus, if a
type is required but not used, it will still fail to resolve in the
typeattributeset statement, causing the optional to correctly be
disabled.
Note that when compiling the CIL this generated from compiling refpolicy
pp modules with pp2cil, the extra CIL statements cause ~12.6MB increase
in maximum memory usage (129.7 MB to 142.3 MB). Though, compilation time
decreases by ~35% (26 seconds to 17 seconds).
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
Reviewed-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
Reported-by: Sven Vermeulen <sven.vermeulen@siphos.be>
