Commit Graph

61 Commits

Author SHA1 Message Date
Jason Zaman 89ce96cac6 policycoreutils: make audit and pam support configurable
Signed-off-by: Jason Zaman <jason@perfinion.com>
2017-04-25 08:32:11 -04:00
Jason Zaman fcb5d5cc72 Makefiles: drop -L/-I to system paths
The toolchain automatically handles them and they break cross compiling.

LDFLAGS should also come before object files, some flags (eg,
-Wl,as-needed) can break things if they are in the wrong place)

Gentoo-Bug: https://bugs.gentoo.org/500674

Signed-off-by: Jason Zaman <jason@perfinion.com>
2017-04-25 08:27:05 -04:00
Alan Jenkins 1ac883f1bf policycoreutils/setfiles: don't scramble stdout and stderr together
https://bugzilla.redhat.com/show_bug.cgi?id=1435894

When output to a non-tty (as caused by the implementation of fixfiles),
stdout is fully buffered.  stdout should be flushed before writes to
stderr.

See e.g. https://news.ycombinator.com/item?id=1271015

Signed-off-by: Alan Jenkins <alan.christopher.jenkins@gmail.com>
2017-03-28 13:41:18 -04:00
Alan Jenkins 1da6fb0610 policycoreutils/setfiles: stdout messages don't need program prefix
I suggested that if you run a command for its informational output (by
passing  `-v`), you don't expect it to be prefixed with the program name.
Prefixing is used for error messages, so you can tell where your shell
script blew up :).  If a script is running a command for its informational
output, it's usually the script's responsibility to make sure it's in
context, e.g. providing headers if there are multiple sections of output.

Removing the program name from setfiles/restorecon output is particularly
useful because it generates very long lines.  But also, it actually helps
highlight where there are error messages - the prefix will make them
stand out visually.

Signed-off-by: Alan Jenkins <alan.christopher.jenkins@gmail.com>
2017-03-28 13:41:14 -04:00
Nicolas Iooss cd20f9c257 policycoreutils: add noreturn attribute to usage()
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2017-03-07 14:00:43 -05:00
Richard Haines 454768f56d setfiles: Fix setfiles progress indicator
This fixes the following bug:
UX regression: setfiles progress indicator is now misleading and
confusing in fixfiles.

The outputting of * is replaced by the number of files in 1k increments
as the previous versions. If "/" is specified on the pathname, then this
will indicate a mass relabel, an example output will be:
restorecon -nRp /etc /tmp /boot /
/etc 100.0%
/tmp 100.0%
/boot 100.0%
3.2%

Also setfiles(8) and restorecon(8) versions that are implemented using
the selinux_restorecon(3) function do not support the [-o filename]
option as this was deprecated. This has now been made clear by displaying
a message to stderr.

The documentation has also been updated to reflect these changes.

Reported-by: Alan Jenkins <alan.christopher.jenkins@gmail.com>
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
2017-01-27 09:39:22 -05:00
Stephen Smalley bd4ffeb435 policycoreutils/setfiles: set up a logging callback for libselinux
Define a logging callback for libselinux so that any informational
or error messages generated by libselinux functions are properly
prefixed with the program name and routed to the proper output stream.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2017-01-24 14:38:40 -05:00
Alan Jenkins 0e67689d52 restorecon manpage: link back to fixfiles
fixfiles links to restorecon.  However if you start with restorecon
"restore file(s) default SELinux security contexts", you can easily
miss the fixfiles script.  fixfiles is more generally useful than
`restorecon -R`.   For example `restorecon -R /` is not as good as
`fixfiles restore`, because the restorecon command will try to relabel
`/sys` and fail noisily.

Signed-off-by: Alan Jenkins <alan.christopher.jenkins@gmail.com>
2017-01-12 14:59:36 -05:00
Vit Mojzis bec41c4ff6 policycoreutils/setfiles: Mention customizable types in restorecon man page
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
2016-12-21 09:36:22 -05:00
Stephen Smalley 87c174fe09 policycoreutils: setfiles: make -I imply -D
-I only makes sense if we are also enabling digests.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-09-30 12:12:28 -04:00
Stephen Smalley 49883982f6 policycoreutils: setfiles: reverse the sense of -D
Reverse the sense of the -D option, from disabling setting/use of
security.restorecon_last to enabling it, making disabled the default state.

Rationale:
1) Users often use restorecon to fix labels on files whose labels are
wrong even through nothing has changed in file_contexts, e.g. after
copying/moving files to a different location.  They won't expect
restorecon to suddenly stop relabeling by default because the hash of
file_contexts hasn't changed.

2) Only processes running with CAP_SYS_ADMIN can set
security.restorecon_last, so this will fail for non-root users anyway.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-09-30 11:03:06 -04:00
Richard Haines f1352e7399 policycoreutils: setfiles - Utility to find security.restorecon_last entries
This patch adds restorecon_xattr(8) to find and/or remove
security.restorecon_last entries added by setfiles(8) or
restorecon(8). Uses the services of selinux_restorecon_xattr(3).

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
2016-09-26 14:05:58 -04:00
Richard Haines 2496c85734 policycoreutils: setfiles - Add option to stop setting the digest
Add -D option to setfiles and restorecon - Do not set or update
directory SHA1 digests when relabeling files. This will allow
users the option of not using the "security.restorecon_last"
extended attribute feature.

Also review and update the man pages.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
2016-09-26 14:05:49 -04:00
Richard Haines 602347c742 policycoreutils: setfiles - Modify to use selinux_restorecon
Modify setfiles and restorecon to make use of the libselinux
selinux_restorecon* set of functions.

The output from these commands should be much the same as before
with some minor wording changes, the only exceptions being that for
setfiles(8) and restorecon(8) the following options have been added:
1) -I to ignore checking the directory digests.
2) -m to ignore reading /proc/mounts.
These additional options are described in the updated man pages.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
2016-08-11 14:33:58 -04:00
Petr Lautrbach 219eea83ce policycoreutils: setfiles/restorecon: fix -r/-R option
A spec file was incorrectly stored as rootpath when -r option was used

Fixes:
/sbin/setfiles:  /tmp/install_root is not located in /etc/selinux/targeted/contexts/files/file_contexts

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2015-04-16 11:40:55 -04:00
Christopher 6d198c0031 Fixed typo/grammatical error 2015-02-08 01:34:55 -05:00
Nicolas Iooss c4a4a1a7ed Fix gcc -Wstrict-prototypes warnings
In C, defining a function with () means "any number of parameters", not
"no parameter".  Use (void) instead where applicable and add unused
parameters when needed.

Acked-by: Steve Lawrence <slawrence@tresys.com>
2014-10-02 09:56:38 -04:00
Nicolas Iooss 188a028f74 policycoreutils: fix most gcc -Wwrite-strings warnings
Acked-by: Steve Lawrence <slawrence@tresys.com>
2014-10-02 09:56:34 -04:00
Laurent Bigonville 2e93833b1b Minor manpages improvements 2013-11-06 09:36:33 -05:00
Dan Walsh e3048525ad Michal Trunecka patch to allow restorecon to accept paths with {}
The restorecon is unable to resolve paths using braced expressions like this: /sbin/

./restorecon:  lstat(/sbin/ip{6,}tables*) failed:  No such file or directory

The problem is that restorecon calls glob function without GLOB_BRACE flag, which en
2013-10-25 16:12:40 -04:00
Dan Walsh 6020fb0b1e Use power of 2 for STAR_COUNT 2013-10-24 13:58:41 -04:00
Dan Walsh 48663d5ca3 Need to document -o filename in usage statement 2013-10-24 13:58:41 -04:00
Dan Walsh ca030ec85b setfiles should always return -1 on failures.
Scripts that are looking for -1 failures were getting confused by 1 and > 1 erros.
We should be consistant on the error status.
2013-10-24 13:58:41 -04:00
Dan Walsh 2540b20096 Laurent Bigonville patch to fix various minor manpage issues and correct section numbering. 2013-10-24 13:58:37 -04:00
Dan Walsh a8b3340288 Laurent Bigonville patch to allow overriding PATH Definitions in Makefiles 2013-10-24 13:58:37 -04:00
Dan Walsh 36f1ccbb57 policycoreutils: setfiles: print error if no default label found
If a user requested a label be reset but no default label is specified,
give a useful error message.  Do not print the message if this is a
recursive restore, and that is very common.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2013-02-05 20:14:41 -05:00
John Reiser 960d6ee879 policycoreutils: setfiles: estimate percent progress
This patch started with work from John Reiser patch to estimate the
percent progress for restorecon/setfiles.

It has a lot of changes since then, to make it only happen on full
relabel, overwrite itself, shows 10ths of %, and does a lot better and
more useful job of estimation.  We get all of the inodes on all mounted
FS.  Since the number of inodes is not fixed and only an estimate I added
5% to the inode number, and forced the number to never go over 100.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2013-02-01 12:08:51 -05:00
Dan Walsh f6595e357f policycoreutils: setfiles: return errors when bad paths are given
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-09-12 12:16:16 -04:00
Martin Orr af1c9091e3 policycoreutils: setfiles: Fix process_glob error handling
process_one_realpath returns 1 if it changed the context of the file but
process_glob treats all non-zero values as errors.  This results in
setfiles exiting with non-zero status even though it was successful.

Fix process_glob to only treat negative return values of
process_one_realpath as errors.

cf. http://bugs.debian.org/662990

Signed-off-by: Martin Orr <martin@martinorr.name>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-09-12 12:16:04 -04:00
Russell Coker 30ef7451bc policycoreutils: Make restorecon return 0 when a file has changed context with no error
restorecon should return 0 when a file has changed context with no
error. With the last version it's returning 1.

Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662990

Signed-off-by: Laurent Bigonville <bigon@debian.org>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-09-12 12:16:04 -04:00
Dan Walsh 687ff489e6 policycoreutils: setfiles: do not syslog if no changes
Basically this change stops sysloging if the change did not actually
happen.

By default we do not modify a label if the type of the SELinug context
was unchanged, but we were sending a syslog message as if something had
changed.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-09-12 12:16:03 -04:00
Dan Walsh 96cedba3e5 policycoreutils: restorecon: only update type by default
This patch allows us to use restorecon on MCS Separated File Systems or MLS
Environments,  Basically allows a user to check his type enforcement.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-09-12 12:16:02 -04:00
Guido Trentalancia f6b82ec701 policycoreutils: setfiles/restorecon minor improvements
- improves the manual page for both setfiles and restorecon (formatting
  including alphabetical re-ordering of options, undocumented options,
  references and a few cosmetic changes);
- de-hardcodes a couple of constants in the source files and makes a
  dynamic use of them to create the manual pages after the compilation
  and prior to the installation: more specifically the constants are the
  number of errors for the setfiles' validation process abort condition
  and the sensitivity of the progress meter for both programs (uses
  external programs grep and awk);
- improves the usage message for both programs and introduces a -h
  (aliased with currently existing -?) option where not already
  available;
- print out the usage message for restorecon when it is called without
  arguments;
- white-space/tab conversion to get proper indentation towards the end
  of the main source file.

[eparis add .gitignore]

Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 12:16:00 -04:00
Dan Walsh b9b7bddb28 policycoreutils: setfiles: fix use before initialized
There are code paths where ret can be returned without being initialized

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-11-02 16:22:06 -04:00
Eric Paris e018eec325 policycoreutils: setfiles: close /proc/mounts file when finished
When testing for mount points to exclude we read /proc/mounts.  Close
this file when we are finished reading it.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-11-02 16:22:06 -04:00
Eric Paris d5475a909a policycoreutils: make use of the new realpath_not_final function
Instead of coding the exact same thing and calling it symlink_realpath
use the function exported by libselinux.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-11-02 16:22:06 -04:00
Eric Paris 468bff0952 tree: Makefiles: syntax, convert all ${VAR} to $(VAR)
This is purely personal preference.  Most of the Makefiles use $() for
Makefile variables, but a couple of places use ${}.  Since this obscured
some later Makefile changes I figured I'd just make them all the same up
front.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-11-02 15:37:08 -04:00
Dan Walsh 1d54976d73 policycoreutils: setfiles: do not wrap * output at 80 characters
Russell Coker pointed out most displays are no 80 chars so we should just
put out * and let the terminal wrap itself.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
Acked-by: Eric Paris <eparis@redhat.com>
2011-09-15 19:20:43 -04:00
Dan Walsh f23e078018 policycoreutils: setfiles: Fix potential crash using dereferenced ftsent
If fts_read() fails for any reason ftsent will be NULL.  Previously we
would have reported the error and then continued processing.  Now we
report the error and stop using the NULL pointer.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-09-15 19:20:43 -04:00
Eric Paris a2db3f2df8 policycoreutils: setfiles: switch from stat to stat64
When we converted from nftw to fts we had to remove the automatic large
file support had to be removed.  Thus we switch from stat to stat64 on
all archs.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-09-15 19:20:42 -04:00
Dan Walsh ddc5063c16 policycoreutils: setfiles: Fix process_glob to handle error situations properly
Rather than error when a glob does not match return success as this is
not a problem.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Eric Paris <eparis@redhat.com>
2011-08-26 14:31:57 -04:00
Eric Paris 242a98cd21 policycoreutils: setfiles: get rid of some stupid globals
We have some useless globals in setfiles that don't need to be.  Stop
it.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-08-26 14:28:00 -04:00
Eric Paris 5ffa296798 policycoreutils: setfiles: move exclude_non_seclabel_mounts to a generic location
move exclude_non_seclabel_mounts from setfiles.c to restore.c so it can
be used by other functions later.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-08-26 14:27:59 -04:00
Eric Paris 66564a67cf policycoreutils: setfiles: make the restore function exclude() non-static
Stuff wants to use it later.  Make it non-static.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-08-15 11:25:22 -04:00
Eric Paris 17c577ace7 policycoreutils: setfiles: use glob to handle ~ and . in filenames
Use the glob library to handle ~ and . in filenames passed from the
command line.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-08-15 11:25:22 -04:00
Eric Paris 7e00948bdb policycoreutils: remove a needless blank line
Yeah, that's really it.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-08-03 18:02:37 -04:00
Eric Paris 5763e720d8 policycoreutils: make process_one error if not initialized correctly
Rather than blow up in horible ways, error out if we detect
initialization wasn't done properly.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-08-03 18:02:37 -04:00
Eric Paris 2b4d32dc4b policycoreutils: fixfiles: correct usage for r_opts.rootpath
The error usable displays r_opts.rootpath, but r_opts is supposed to be
an internal code thing, not something users care about.  When printing
the error message just call it 'rootpath'

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-08-03 18:02:37 -04:00
Eric Paris 89ca0c2e29 policycoreutils: put -p in help for restorecon and fixfiles
restorecon and fixfiles both have the -p option to display a * every
10000 files.  Put it in the usage and man pages.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-08-03 18:02:37 -04:00
Eric Paris a57385c578 policycoreutils: setfiles fix typo
Apparently we cannot spelll.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-08-03 18:02:36 -04:00