Set-up environment variables in order to use DESTDIR in Python, Ruby,
etc. This makes testing Python scripts easier.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
audit2why.so used to export libsepol.a symbols. We only need Python related
symbols:
- initaudit2why for python 2
- PyInit_audit2why for python3
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
When selinux_restorecon() is used to relabel symlinks, it performs the
following syscalls (as seen by running strace on restorecond):
lstat("/root/symlink", {st_mode=S_IFLNK|0777, st_size=6, ...}) = 0
statfs("/root/symlink", 0x7ffd6bb4d090) = -1 ENOENT (No such file or directory)
lstat("/root/symlink", {st_mode=S_IFLNK|0777, st_size=6, ...}) = 0
lgetxattr("/root/symlink", "security.selinux", "sysadm_u:object_r:user_home_t", 255) = 30
The second one triggers a SELinux check for lnk_file:read, as statfs()
dereferences symbolic links. This call to statfs() is only used to find
out whether "restoreconlast" xattr can be ignored, which is always the
case for non-directory files (the first syscall, lstat(), is actually
used to perform this check).
Skip the call to statfs() when setrestoreconlast is already false.
This silences an AVC denial that would otherwise be reported to
audit.log (cf. https://github.com/SELinuxProject/refpolicy/pull/22).
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
As reported in #123, setsebool immediately exits with an error if
SELinux is disabled, preventing its use for setting boolean persistent
values. In contrast, semanage boolean -m works on SELinux-disabled
hosts. Change setsebool so that it can be used with the -P option
(persistent changes) even if SELinux is disabled. In the SELinux-disabled
case, skip setting of active boolean values, but set the persistent value
in the policy store. Policy reload is automatically disabled by libsemanage
when SELinux is disabled, so we only need to call semanage_set_reload()
if -N was used.
Fixes: https://github.com/SELinuxProject/selinux/issues/123
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Using "sepolicy gui" sometimes leads to an exception when entering the
Files tab:
Traceback (most recent call last):
File "python/sepolicy/sepolicy/gui.py", line 1345, in tab_change
self.show_mislabeled_files_only.set_visible(self.mislabeled_files)
AttributeError: 'SELinuxGui' object has no attribute 'mislabeled_files'
Indeed, when application_selected() calls show_applications_page(), this
function calls tab_change(), which can use mislabeled_files in this
line:
self.show_mislabeled_files_only.set_visible(self.mislabeled_files)
Make sure that mislabeled_files is initialized by defining it in
__init__(), in order to fix this error. Its value will be properly set
later, by calling several initializers, which is why the original
assignment to False is kept in:
self.mislabeled_files = False
self.executable_files_initialize(app)
self.network_initialize(app)
self.writable_files_initialize(app)
self.transitions_into_initialize(app)
self.transitions_from_initialize(app)
self.application_files_initialize(app)
self.transitions_files_initialize(app)
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
As reported in #109, semodule -p /path/to/policyroot -s minimum -n -B
tries to use /etc/selinux/targeted/booleans.subs_dist. This is because
it invokes the libselinux selinux_boolean_sub() interface, which uses
the active/installed policy files rather than the libsemanage ones.
Switch the selinux policy root around the selinux_boolean_sub() call
to incorporate the semanage root as a prefix and to use the specified
policy store as a suffix so that the correct booleans.subs_dist file
(if any) is used.
The underlying bug is that booleans.subs_dist is not itself managed
via libsemanage. If it was managed and therefore lived within the
policy store, then libsemanage could access the appropriate
booleans.subs_dist file without using the libselinux interface at all,
and thus would not need to modify the selinux policy root. Moving
booleans.subs_dist to a managed file is deferred to a future change.
Test:
dnf install selinux-policy-minimum selinux-policy-targeted
cd / && tar cf - etc/selinux var/lib/selinux | (cd ~/policy-root; tar xvpf -)
strace semodule -p ~/policy-root -s minimum -n -B
Before:
openat(AT_FDCWD, "/etc/selinux/targeted/booleans.subs_dist", O_RDONLY|O_CLOEXEC) = 5
After:
openat(AT_FDCWD, "/home/sds/policy-root/etc/selinux/minimum/booleans.subs_dist", O_RDONLY|O_CLOEXEC) = 5
Fixes https://github.com/SELinuxProject/selinux/issues/109
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
When running flake8 on a directory, it does not analyze files without an
extension, like semanage_migrate_store, mlscolor-test, etc. Use grep to
find files with a Python shebang and build a list which is then given to
flake8.
This commit is possible now that some clean-up patches have been
applied, such as commit 69c56bd2f6 ("python/chcat: improve the code
readability") and b7227aaec1 ("mcstrans: fix Python linter warnings on
test scripts") and 3cb974d2d2 ("semanage_migrate_store: fix many
Python linter warnings").
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
When running "make install-headers" on refpolicy,
/usr/share/selinux/refpolicy/Makefile does not exist but
/usr/share/selinux/refpolicy/include/Makefile does. Use it when
available.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Introduce option --attr-helper to sepolgen-ifgen to make it possible to
override /usr/bin/sepolgen-ifgen-attr-helper and use it in the testuite
in order to test the helper which has been compiled from the project
instead of the one installed on the system.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
audit2allow testsuite requires a system which uses SELinux with a MLS
policy. This is a lot to ask for a continuous integretation system.
Thankfully this can be worked around by using option -p to run the tools
with a specific configuration. Doing this, the testsuite can even be run
on a system without SELinux.
This approach requires building a custom policy for parsing test.log.
Add a minimal policy written in CIL for this need.
While at it:
* Do not invoke "sudo sepolgen-ifgen" but produce a file in a writable
directory (instead of /var/lib/sepolgen/interface_info)
* Use sys.executable instead of 'python', in order to really test
python3 and python2 when calling the test script with one of these
interpreters.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Importing modules inside functions is quite uncommon in Python. This is
nevertheless required with sepolicy because it loads the current SELinux
policy when it is imported (and raises ValueError when this fails).
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Importing sepolicy as non-root on a system with SELinux causes the
following exception to be raised:
ValueError: No SELinux Policy installed
Ignore this when using audit2why, which allows using it with option
--policy as a non-root user.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
sepolgen testsuite reports the following warning on a system with
/etc/selinux/sepolgen.conf:
.../src/./sepolgen/defaults.py:35: ResourceWarning: unclosed file
<_io.TextIOWrapper name='/etc/selinux/sepolgen.conf' mode='r'
encoding='UTF-8'>
Fix this by properly closing the file in PathChooser.__init__().
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
The manpage explicitly states that:
The getpwent() function returns a pointer to a passwd structure, or
NULL if there are no more entries or an error occurred. If an error
occurs, errno is set appropriately. If one wants to check errno after
the call, it should be set to zero before the call.
Without this, genhomedircon can wrongly return the following:
libsemanage.get_home_dirs: Error while fetching users. Returning list so far.
https://github.com/SELinuxProject/selinux/issues/121
Signed-off-by: Laurent Bigonville <bigon@bigon.be>
The sorting order seems to be fragile because '100' < '99', so the policy
filename needs to be parsed in order to extract the version as an integer and
sort according to it.
Based on idea from Nicolas Iooss <nicolas.iooss@m4x.org>
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
When "store" is set, sepolicy needs to load a new policy file and selinux module
needs to set the new store root path.
With this patch, semanage is able to work correctly with non-default -S <store>
even when the default policy is not installed yet.
Fixes:
$ sudo semanage login -S minimum -m -s unconfined_u -r s0-s0:c0.c1023 __default__
libsemanage.dbase_llist_query: could not query record value
OSError: [Errno 0] Error
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1558861
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
load_store_policy() allows to (re)load SELinux policy based on a store name. It
is useful when SELinux is disabled and default policy is not installed; or when
a user wants to query or manipulate another policy.
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1558861
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Based on idea from Nicolas Iooss <nicolas.iooss@m4x.org>
Fixes:
$ sudo semanage
Traceback (most recent call last):
File "/usr/sbin/semanage", line 28, in <module>
import seobject
File "/usr/lib/python3.7/site-packages/seobject.py", line 1045, in <module>
class portRecords(semanageRecords):
File "/usr/lib/python3.7/site-packages/seobject.py", line 1047, in portRecords
valid_types = list(list(sepolicy.info(sepolicy.ATTRIBUTE, "port_type"))[0]["types"])
File "/usr/lib/python3.7/site-packages/sepolicy/__init__.py", line 203, in <genexpr>
return ({
File "/usr/lib64/python3.7/site-packages/setools/typeattrquery.py", line 65, in results
for attr in self.policy.typeattributes():
AttributeError: 'NoneType' object has no attribute 'typeattributes'
https://github.com/SELinuxProject/selinux/issues/81
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
PLY (Python Lex-Yacc) 3.11 has been released in February 2018:
- http://www.dabeaz.com/ply/index.html
- https://github.com/dabeaz/ply/releases/tag/3.11
Copy lex.py and yacc.py from this new release.
This fixes the following warning from "make test":
python run-tests.py
../src/./sepolgen/lex.py:634: DeprecationWarning: Using or importing
the ABCs from 'collections' instead of from 'collections.abc' is
deprecated, and in 3.8 it will stop working
if isinstance(t, collections.Callable):
(Python 3.3 moved collections.Callable to collections.abc.Callable)
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
The script used both tabs and space to indent the code, using a tab
length of 8 (in calls to parser.add_option(...)). Make the code more
readable by using spaces for indentation everywhere.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
flake8 reports many warnings on script semanage_migrate_store:
E225 missing whitespace around operator
E302 expected 2 blank lines, found 1
E701 multiple statements on one line (colon)
E703 statement ends with a semicolon
E722 do not use bare 'except'
...
Fix some of them in order to reduce the noise.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Build with strict overflow checking enabled. If the compiler optimizes
code that could be removed due to undefined signed overflow, then the
compiler will issue a warning.
Signed-off-by: William Roberts <william.c.roberts@intel.com>
Use -D_FO0RTIFY_SOURCE=2 when building libselinux and it's util library.
Note that this can be overridden by setting CFLAGS during the build.
Signed-off-by: William Roberts <william.c.roberts@intel.com>
Certain builds of gcc enable _FORTIFY_SOURCE which results in the error:
<command-line>:0:0: warning: "_FORTIFY_SOURCE" redefined
<command-line>:0:0: note: this is the location of the previous definition
Correct this by undefining it first and redefining it. Also, the previous
command line option was using -Wp which is passing the value *AS IS* to the
pre-processor rather than to the compiler driver. The C pre-processor has
an undocumented interface subject to change per man 1 gcc. Just use the
-D option to specify this value.
Signed-off-by: William Roberts <william.c.roberts@intel.com>
raw_color() uses color_str as an output argument which is assigned to a new
allocated memory. Therefore it should fail when color_str is null; or
when *color_str is not null in order to avoid a memory leak.
Fixes:
>>> selinux.selinux_raw_context_to_color('system_u:system_r:inetd_t:s0')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
OSError: [Errno 0] Error
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
dontaudit rules were accidentally dropped during rewrite to SETools 4 API in
97d5f6a2
Fixes:
>>> import sepolicy
>>> sepolicy.search(['dontaudit'])
[]
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
When MLS is disabled, "semanage export" shows records such as:
login -a -s sysadm_u -r 'None' me
Prevent "semanage export" from displaying None or empty strings in level
and categories arguments by checking them in all customized() methods.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Using Vagrant with fedora/28-cloud-base image, SELinux logins are
configured this way:
# semanage login -l
Login Name SELinux User MLS/MCS Range Service
__default__ unconfined_u s0-s0:c0.c1023 *
root unconfined_u s0-s0:c0.c1023 *
vagrant unconfined_u s0-s0:c0.c1023 *
Using "chcat -l +c42 vagrant" successfully adds the category to user
vagrant, but "chcat -l -- -c42 vagrant" fails to remove it.
semanage login -l returns:
vagrant unconfined_u s0-s0:c0.c1023,c42 *
This issue is caused by expandCats(), which refuses to return a list of
more than 25 categories. This causes chcat_user_remove() to work with
cats=['c0.c1023,c42'] instead of cats=['c0.c102','c42'], which leads to
it not been able to remove 'c42' from the list.
Fix this issue by splitting the list of categories before calling
expandCats().
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
flake8 reports many warnings for chcat:
chcat:7:1: E265 block comment should start with '# '
chcat:29:1: F401 'string' imported but unused
chcat:44:1: E722 do not use bare 'except'
chcat:104:9: F841 local variable 'e' is assigned to but never used
chcat:144:9: F841 local variable 'e' is assigned to but never used
chcat:186:9: F841 local variable 'e' is assigned to but never used
chcat:234:9: F841 local variable 'e' is assigned to but never used
chcat:262:9: F841 local variable 'e' is assigned to but never used
chcat:281:5: F841 local variable 'e' is assigned to but never used
chcat:385:9: E722 do not use bare 'except'
chcat:402:1: E305 expected 2 blank lines after class or function definition, found 1
chcat:436:5: F841 local variable 'e' is assigned to but never used
Fix all of them.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Use "check_call" instead of "getstatusoutput" in order for special
characters and spaces in filenames to be handled correctly.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1013774
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
As described in [0], this likely did not have the intended effect, so
simply remove it. The change in behavior is that up until this patch
it would be possible for any non-system user to potentially gain access
to selinux' dbus interface. Now this is extended to also allow any
system user.
As the comment indicates, PolicyKit is used to enforce access, so this
should be perfectly harmless.
[0]: <https://www.spinics.net/lists/linux-bluetooth/msg75267.html>
Signed-off-by: Tom Gundersen <teg@jklm.no>
CC: David Herrmann <dh.herrmann@gmail.com>
fc_count is defined as uint64_t, which needs to be printed with PRIu64
(it is "llu" on x86 and "lu" on x86-64). Otherwise, building with
'CC="gcc -m32"' fails with:
selinux_restorecon.c: In function ‘restorecon_sb’:
selinux_restorecon.c:633:26: error: format ‘%lu’ expects argument of
type ‘long unsigned int’, but argument 3 has type ‘uint64_t’ {aka
‘long long unsigned int’} [-Werror=format=]
fprintf(stdout, "\r%luk", fc_count / STAR_COUNT);
~~^
%llu
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Aliases are not used in the selinux database. When user enters a type
alias as a parameter it should be converted to the corresponding type
in order to be processed correctly further in the userspace logic.
Fixes e.g.:
\#sepolicy transition -s phpfpm_t
/* where phpfpm_t is a type alias of httpd_t */
Traceback (most recent call last):
File "/usr/bin/sepolicy", line 691, in <module>
args.func(args)
File "/usr/bin/sepolicy", line 458, in transition
mytrans = setrans(args.source, args.target)
File "/usr/lib/python3.6/site-packages/sepolicy/transition.py", line 48, in __init__
self._process(self.source)
File "/usr/lib/python3.6/site-packages/sepolicy/transition.py", line 54, in _process
trans = _get_trans(source)
File "/usr/lib/python3.6/site-packages/sepolicy/transition.py", line 36, in _get_trans
src_list = [src] + list(filter(lambda x: x['name'] == src, sepolicy.get_all_types_info()))[0]['attributes']
IndexError: list index out of range