Commit Graph

231 Commits

Author SHA1 Message Date
Stephen Smalley
7a72a88019 Updated libsemanage ChangeLog
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-09-22 09:57:44 -04:00
Gary Tierney
d97292639c genhomedircon: remove hardcoded refpolicy strings
Removes the "system_u" and "s0" string literals from refpolicy and
replaces the seuser and range in each homedir, uid, and username context
specification for every user.

Signed-off-by: Gary Tierney <gary.tierney@gmx.com>
2016-09-22 09:47:25 -04:00
Stephen Smalley
36a21c38d1 Updated libsemanage ChangeLog
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-08-23 15:57:33 -04:00
Gary Tierney
67b328a91c genhomedircon: add support for %group syntax
semanage-login supports login mappings using the %group syntax, but
genhomedircon does not expand groups to the users belonging to them.

This commit adds support for generating home directory contexts for login
mappings using the group syntax and adds error reporting for handling cases
where there is ambiguity due to a user belonging to multiple groups mapped by
semanage-login. If a login mapping is added for the user which belongs to
multiple groups it will take precedence and resolve the ambiguity issue.

Signed-off-by: Gary Tierney <gary.tierney@gmx.com>
2016-08-23 15:54:45 -04:00
Gary Tierney
83ab9e258f genhomedircon: generate contexts for logins mapped to the default user
Removes a test in get_users() which excludes any logins that are
explicitly mapped to the default user from file context generation,
which results in logins mapped to the fallback user with home
directories outside of LU_HOMEDIRECTORY (in the absence of
usepasswd=True) having no matching file_contexts.homedirs entries.

Signed-off-by: Gary Tierney <gary.tierney@gmx.com>
2016-08-23 15:51:06 -04:00
Stephen Smalley
b0a9b464ae Updated libsemanage ChangeLog
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-08-17 16:44:38 -04:00
Stephen Smalley
a7334eb0de libsemanage: validate and compile file contexts before installing
libsemanage presently runs setfiles -c to validate the file_contexts
files and sefcontext_compile to compile them to file_contexts.bin
after installing the final files under /etc/selinux.  As a result,
any error that occurs during this processing may leave invalid files
in /etc/selinux.  Move this processing before installing the files
to their final location, and then copy the .bin files that were
generated.

This prevents an error like:
semanage fcontext -a -t httpd_exec_t "/foo["
from reaching the /etc/selinux directory at all, e.g.

$ sudo semanage fcontext -a -t httpd_exec_t "/foo["
[sudo] password for sds:
/var/lib/selinux/final/targeted/contexts/files/file_contexts.local:  line 4 has invalid regex /foo[:  missing terminating ] for character class
/var/lib/selinux/final/targeted/contexts/files/file_contexts: Invalid argument
libsemanage.semanage_validate_and_compile_fcontexts: setfiles returned error code 1.
OSError: Error

Reported-by: Vit Mojzis <vmojzis@redhat.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-08-17 16:36:59 -04:00
James Carter
3f524c60fe Updated libsemanage ChangeLog.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-08-10 10:29:16 -04:00
James Carter
999747aa57 Updated libselinux, libsemanage, libsepol, and policycoreutils ChangeLogs.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-06-06 13:08:17 -04:00
Laurent Bigonville
fb85e5cc95 Sort object files for deterministic linking order
This patch is part of the Debian effort to make the build reproducible

Thank to Reiner Herrmann <reiner@reiner-h.de> for the patches

Signed-off-by: Laurent Bigonville <bigon@bigon.be>
2016-06-06 12:52:55 -04:00
Stephen Smalley
44e92a6959 Updated ChangeLogs.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-05-16 16:44:05 -04:00
Julien Pivotto
3fcda02a93 libsemanage: Support overriding Makefile RANLIB 2016-05-16 16:32:41 -04:00
Julien Pivotto
b13c44c367 libselinux, libsemanage: respect CC and PKG_CONFIG environment variable
Compilation tools respects certain environment variables, like CC.
However, in libselinux and libsemanage, they are not respected
everywhere. This command fixes respect for those variables, falling back
to the previous hardcoded values if not specified.
2016-05-16 16:29:07 -04:00
Nicolas Iooss
8e30f76c6d Update .gitignore files
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-05-09 08:14:54 -04:00
Stephen Smalley
6ad28de149 Updated libselinux, libsemanage, libsepol, and policycoreutils ChangeLogs.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-05-02 08:45:45 -04:00
Laurent Bigonville
8586ee56be Fix multiple spelling errors
Thanks to the lintian utility from Debian
2016-05-02 08:45:45 -04:00
Stephen Smalley
fa5ca393cf Updated libsemanage ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-05-02 08:45:45 -04:00
Jason Zaman
5ebc83b1d3 genhomedircon: fix FALLBACK_NAME regex
Originally the fallback regex for the username was either ".*" or
"[^/]*". The second is more correct but still can match nothing.
changing the * to + means that it must match at least one character.

Signed-off-by: Jason Zaman <jason@perfinion.com>
2016-05-02 08:35:40 -04:00
Jason Zaman
4bbec88baa genhomedircon: write contexts for username and userid
Signed-off-by: Jason Zaman <jason@perfinion.com>
2016-05-02 08:35:26 -04:00
Jason Zaman
08cde98b60 genhomedircon: make USERID, USERNAME context lists
Signed-off-by: Jason Zaman <jason@perfinion.com>
2016-05-02 08:34:53 -04:00
Jason Zaman
3b23f12eb9 genhomedircon: Add uid and gid to struct user_entry
Signed-off-by: Jason Zaman <jason@perfinion.com>
2016-05-02 08:34:38 -04:00
Jason Zaman
c90780aaf7 genhomedircon: move fallback user to genhomedircon_user_entry_t
The fallback user is used in all the write functions, making all the
functions take the struct directly allows us to have everything
consistent between normal and fallback users.

Signed-off-by: Jason Zaman <jason@perfinion.com>
2016-05-02 08:34:25 -04:00
Jason Zaman
925914acea genhomedircon: rename FALLBACK #defines consistent with user struct
Signed-off-by: Jason Zaman <jason@perfinion.com>
2016-05-02 08:34:12 -04:00
Jason Zaman
a63b96b7e2 genhomedircon: factor out common replacement code
All the write_*_contexts() methods use exactly the same code.
This splits it off into a common helper function.

Signed-off-by: Jason Zaman <jason@perfinion.com>
2016-05-02 08:33:19 -04:00
Steve Lawrence
2b69984b0c Update ChangeLog and VERSION for final release
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2016-02-23 11:31:41 -05:00
Steve Lawrence
9d76b62fa7 Update libsepol, libsemanage, and policycoreutils ChangeLogs
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2016-02-17 08:52:11 -05:00
Nicolas Iooss
1e979a7a36 libsemanage: tests: do not overwrite CFLAGS and LDFLAGS
libsemanage/tests/Makefile currently overwrites CFLAGS and LDFLAGS
contents.  This makes building with custom flags (e.g. with address
sanitizer) harder.  Append flags to these variables instead.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-02-11 08:43:20 -05:00
Nicolas Iooss
5b6287fafc libsemanage: no longer use variables with unused attribute
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-02-11 08:34:51 -05:00
Steve Lawrence
e97d3eca99 Update libsepol, libsemanage, policycoreutils, and sepolgen ChangeLogs
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2016-02-01 09:05:47 -05:00
Nicolas Iooss
033ea27c09 libsemanage: move modinfo_tmp definition before goto cleanup
In semanage_direct_set_module_info() and semanage_direct_list_all()
functions, when modinfo_tmp variable gets initialized, a branch to
"cleanup" label may have already been taken.  This leads to this
variable being possibly used uninitialized in these functions.

This is reported by clang:

    direct_api.c:2491:41: error: variable 'modinfo_tmp' may be
    uninitialized when used here [-Werror,-Wconditional-uninitialized]
            ret = semanage_module_info_destroy(sh, modinfo_tmp);
                                                   ^~~~~~~~~~~
    direct_api.c:2334:2: note: variable 'modinfo_tmp' is declared here
            semanage_module_info_t *modinfo_tmp = NULL;
            ^

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-02-01 08:25:13 -05:00
Nicolas Iooss
a11ce9dae5 libsemanage: initialize bools_modified variable.
In semanage_direct_commit() error path, bools_modified can be used in a
if statement without being initialized (when a "goto cleanup" is taken
early).  clang warns about this bug:

    direct_api.c:1441:18: error: variable 'bools_modified' may be
    uninitialized when used here [-Werror,-Wconditional-uninitialized]
            if (modified || bools_modified) {
                            ^~~~~~~~~~~~~~
    direct_api.c:1087:48: note: initialize the variable 'bools_modified'
    to silence this warning
                preserve_tunables_modified, bools_modified,
                                                          ^
                                                           = 0

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-02-01 08:25:13 -05:00
Steve Lawrence
b3b5ede9ca Update ChangeLog and VERSION for release candidate
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2016-01-07 10:01:31 -05:00
Stephen Smalley
33fb501474 Update libsemanage ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-10-28 08:55:16 -04:00
Laurent Bigonville
d92388a8b0 Load libsepol.so.1 instead of libsepol.so
libsepol.so symlink is usually part of the development package, try to
load the library directly instead.
2015-10-28 08:54:27 -04:00
Steve Lawrence
8f13ce624d Update libsemanage ChangeLog.
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2015-09-03 15:41:39 -04:00
Steve Lawrence
dbc639a35a libsemanage: store users_extra in the policy store
users_extra is needed by genhomedircon and when listing seusers, so it
must be kept in the policy store. Also move the FC_TMPL unlink() closer
to where the FC_TMPL is created; not a functional change, but eaiser to
follow.

Signed-off-by: Steve Lawrence <slawrence@tresys.com>
Acked-by:  Stephen Smalley <sds@tycho.nsa.gov>
2015-09-03 15:41:38 -04:00
Steve Lawrence
75dd8c062d libsemanage: save homedir_template in the policy store for genhomedircon
We don't currently store homedir_template in the policy store, which
means genhomedircon only has a template file to use if the
homedir_template was generated from the file contexts in the same
transaction.  But homedir_template isn't always generated, as in the
case with setsebool -P. In this and other cases, genhomedircon will not
have a template file resulting in an empty file_contexts.homedir file.

This commit changes this so that homedir_template is always stored in
the policy store so it can be used by genhomedircon regardless of how
policy was built. Also add the homedir_template file to the migration
script.

Signed-off by: Steve Lawrence <slawrence@tresys.com>
Acked-by:  Stephen Smalley <sds@tycho.nsa.gov>
2015-09-03 15:41:36 -04:00
James Carter
774f859bce Updated libsemanage and policycoreutils ChangeLogs.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2015-08-06 11:01:03 -04:00
Yuli Khodorkovskiy
d4f3ba7c50 libsemanage: Fix null pointer dereference in semanage_module_key_destroy
If modkey is NULL, semanage_module_key_destroy() would still try to
initialize a modkey after freeing it.

Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2015-08-06 10:59:28 -04:00
Yuli Khodorkovskiy
228261a51a libsemanage: Add ability to extract modules
Add semanage_module_extract() to extract a module as CIL or HLL. The
function takes a module name and whether to extract as CIL or HLL.

If a CIL file is requested, but does not exist, semanage_module_extract()
will compile the HLL to CIL and cache the CIL in the store as well as
extract the module. A module that was installed from a CIL file will export
as CIL when the HLL version of the file is requested.

Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2015-08-06 10:59:22 -04:00
Stephen Smalley
509e60775d Update libsemanage ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-08-04 11:12:47 -04:00
Petr Lautrbach
3c3006f791 semanage_migrate_store: add -r <root> option for migrating inside chroots
-r, --root
  Set an alternative root for the migration (default: /)

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2015-08-04 11:11:46 -04:00
Stephen Smalley
bcdb745f87 Updated libsemanage ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-07-22 09:24:19 -04:00
Yuli Khodorkovskiy
d56c2b434e libsemanage: Add file_contexts and seusers to the store
This patch writes file_contexts and seusers to the policy store as well as
/etc/selinux/. Additionally, file_contexts and seusers are now parsed from the
store rather than the final directory which was the old behavior. This allows
all policy related files to be kept in the policy store.

Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2015-07-22 09:23:38 -04:00
Stephen Smalley
de41db98e4 Updated libsemanage ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-07-06 11:08:33 -04:00
Yuli Khodorkovskiy
9638af24a1 libsemanage: Add policy binary and file_contexts.local to the store
This patch writes policy.kern and file_contexts.local to the policy store as
well as /etc/selinux/. Additionally, policy.kern and file_contexts.local
are now parsed from the store rather than the final directory which was
the old behavior. This allows all policy related files to be kept in the
policy store.

This patch also renames /var/lib/selinux/tmp to 'final' and changes
policy.kern in the store to longer be a symlink.

Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2015-07-06 11:05:22 -04:00
Steve Lawrence
eda59e2777 Update libsemanage ChangeLog 2015-06-24 12:35:07 -04:00
Petr Lautrbach
b9124ecddb Allow to use compressed modules without a compression extension
When a compressed module doesn't have two extensions with lang and
compression, 'semodule -i <module>.<lang>' fails. This changes the
language detection to allow to use modules only with .<lang>
extension.

Fixes:
libsemanage.semanage_direct_install_file: Module does not have a valid
extension. (No such file or directory).

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Acked-by: Steve Lawrence <slawrence@tresys.com>
2015-06-24 12:26:52 -04:00
Steve Lawrence
ef1637b55c Update libsemanage ChangeLog 2015-04-23 08:35:39 -04:00
Jason Zaman
f5c226810d libsemanage: do not copy contexts in semanage_migrate_store
The modules from the old store were previously copied to the new one
using setfscreatecon and shutil.copy2(). Now that refpolicy has rules
about the new policy location[1], copying the contexts is redundant.

More importantly, the setcreatefscon caused a constraint violation[2]
which made the migration fail. In python3, shutil.copy2() copies xattrs
as well which again causes problems. shutil.copy() is enough for our
needs here as it will copy the file and permissions in both py2 and 3.
We do not need the extra things that copy2() does (mtime, xattr, etc).

[1] http://oss.tresys.com/pipermail/refpolicy/2014-December/007511.html

[2]
type=AVC msg=audit(1429438272.872:1869): avc:  denied  { create } for  pid=28739 comm="semanage_migrat" name="strict" scontext=staff_u:sysadm_r:semanage_t tcontext=system_u:object_r:semanage_store_t tclass=dir permissive=0
	constrain dir { create relabelfrom relabelto } ((u1 == u2 -Fail-)  or (t1 == can_change_object_identity -Fail-) ); Constraint DENIED
allow semanage_t semanage_store_t:dir create;

Signed-off-by: Jason Zaman <jason@perfinion.com>
Acked-by: Steve Lawrence <slawrence@tresys.com>

Changes from v1:
 - Changed some methods to not take a src param anymore.
2015-04-23 08:35:39 -04:00