Commit Graph

29 Commits

Author SHA1 Message Date
Jason Zaman
fcb5d5cc72 Makefiles: drop -L/-I to system paths
The toolchain automatically handles them and they break cross compiling.

LDFLAGS should also come before object files, some flags (eg,
-Wl,as-needed) can break things if they are in the wrong place)

Gentoo-Bug: https://bugs.gentoo.org/500674

Signed-off-by: Jason Zaman <jason@perfinion.com>
2017-04-25 08:27:05 -04:00
Nicolas Iooss
35af459220 policycoreutils: newrole: always initialize pw fields
In extract_pw_data(), if "getpwuid(uid)" fails, the function returns an
error value without initializing main's pw.pw_name. This leads main() to
call "free(pw.pw_name)" on an uninitialized value.

Use memset() to initialize structure pw in main().

This issue has been found using clang's static analyzer.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2017-04-12 14:48:36 -04:00
Nicolas Iooss
bfe40222e2 policycoreutils: newrole: do not free pw strings twice
In main(), if "extract_pw_data(&pw)" returns a failed value, it has
already freed pw.pw_name, pw.pw_dir and pw.pw_shell. These fields are
freed a second time in main's err_free label, which is incorrect. Work
around this by setting them to NULL after they are freed.

This issue has been found using clang's static analyzer.

While at it, make extract_pw_data() static.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2017-04-12 14:47:45 -04:00
Nicolas Iooss
fd9e5ef7b7 libsepol: use constant keys in hashtab functions
Even though "hashtab_key_t" is an alias for "char *", "const
hashtab_key_t" is not an alias for "(const char) *" but means "(char *)
const".

Introduce const_hashtab_key_t to map "(const char) *" and use it in
hashtab_search() and hashtab key comparison functions.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2017-01-19 08:46:19 -05:00
Alan Jenkins
62f058980e policycoreutils, python: Fix bad manpage formatting in "SEE ALSO"
Fix missing and surplus commas.  Fix the following formatting errors:

    .BR selinux(8)

renders the the "(8)" in bold as well as the "selinux".  This is wrong.

    .B selinux
    (8)

renders with a space between "selinux" and "(8)", this is wrong.

    .B selinux (8)

commits both of the above mistakes.

    .BR selinux (8), apparmor (8)

omits the space separating "selinux(8)," and "apparmor(8)", this is wrong.
Correct all the above using the following markup:

    .BR selinux (8),
    .BR apparmor (8)

Signed-off-by: Alan Jenkins <alan.christopher.jenkins@gmail.com>
2017-01-12 14:59:31 -05:00
Nicolas Iooss
d977330c98 policycoreutils: Remove LDFLAGS from CFLAGS
Mixing LDFLAGS in CFLAGS can lead to compiler errors. For example in
policycoreutils/sandbox:

    $ make CC=clang LDFLAGS='-Wl,-as-needed,-no-undefined'
    clang -Wl,-as-needed,-no-undefined -I/usr/include
    -DPACKAGE="\"policycoreutils\"" -Wall -Werror -Wextra -W   -c -o
    seunshare.o seunshare.c
    clang-3.8: error: -Wl,-as-needed,-no-undefined: 'linker' input
    unused

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-09-26 11:02:40 -04:00
Nicolas Iooss
d1b49d833e policycoreutils: newrole: add missing defined in #if
When building newrole with gcc 5.3.0 and some warning flags, the
compiler reports:

  newrole.c:77:33: error: "NAMESPACE_PRIV" is not defined [-Werror=undef]
  #if defined(AUDIT_LOG_PRIV) || (NAMESPACE_PRIV)
                                  ^

Indeed, "defined" is missing here.  This nevertheless worked so far
because when NAMESPACE_PRIV was selected in the Makefile, newrole.c was
compiled with "-DNAMESPACE_PRIV", which defined NAMESPACE_PRIV to 1.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-02-01 08:54:30 -05:00
Lukas Vrabec
dd7a9363d9 Add description of missing newrole parameter -p in newrole man page.
Signed-off-by: Lukas Vrabec <lvrabec@redhat.com>
2016-01-12 08:39:14 -05:00
Sven Vermeulen
8243069211 Open stdin as read/write
As per the discussion on the selinux development mailinglist, the tmux
application expects the stdin to be writeable. Although perhaps not the most
proper way, having newrole opening the descriptor in read/write keeps the
behaviour in line with what applications expect.

See also http://marc.info/?l=selinux&m=136518126930710&w=2

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2015-10-01 15:49:00 -04:00
Stephen Smalley
92eec06ca6 policycoreutils/newrole: Set keepcaps around setresuid calls.
Set the "keep capabilities" flag around the setresuid() calls in
drop_capabilities() so that we do not simultaneously drop all
capabilities (when newrole is setuid).

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-10-01 15:47:08 -04:00
Dan Walsh
572f899267 Fix newrole to not drop capabilities from the bounding set.
Stop dropping capabilities from its children.
Add better error messages.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2015-10-01 15:44:11 -04:00
Petr Lautrbach
417cb8d076 Fix -Wformat errors
Fixes two types of errors which appear when building with gcc-5.0.0

- format ‘%d’ expects argument of type ‘int’, but argument X has type ‘unsigned int’
- format ‘%a’ expects argument of type ‘float *’, but argument X has type ‘char **’

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2015-03-13 14:14:23 -04:00
Nicolas Iooss
c4a4a1a7ed Fix gcc -Wstrict-prototypes warnings
In C, defining a function with () means "any number of parameters", not
"no parameter".  Use (void) instead where applicable and add unused
parameters when needed.

Acked-by: Steve Lawrence <slawrence@tresys.com>
2014-10-02 09:56:38 -04:00
Nicolas Iooss
188a028f74 policycoreutils: fix most gcc -Wwrite-strings warnings
Acked-by: Steve Lawrence <slawrence@tresys.com>
2014-10-02 09:56:34 -04:00
Stephen Smalley
76913d8adb Deprecate use of flask.h and av_permissions.h.
Also remove all internal uses by libselinux.
This requires deleting the old class/perm string lookup tables
and compatibility code for kernels that predate the /sys/fs/selinux/class
tree, i.e. Linux < 2.6.23.

This also fixes a longstanding bug in the stringrep code; it was allocating
NVECTORS (number of vectors in the legacy av_perm_to_string table, i.e.
the total number of legacy permissions) entries in the per-class perms array
rather than MAXVECTORS (the maximum number of permissions in any
access vector).  Ho hum.  I already fixed this in Android but forgot it
here.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-07-09 13:49:18 -04:00
Stephen Smalley
f458b76076 Merge branch 'fedora' into master-merge
Conflicts:
	libselinux/src/Makefile
	libselinux/src/selinux_config.c
	policycoreutils/audit2allow/audit2allow.1
	policycoreutils/scripts/fixfiles.8
	policycoreutils/semanage/semanage.8
	policycoreutils/sepolicy/Makefile
	policycoreutils/sepolicy/sepolicy/transition.py
	policycoreutils/setsebool/setsebool.8
2013-10-24 15:24:17 -04:00
Dan Walsh
e63a8fa875 Give people who use run_init or newrole an indicator to make it not ask for passwords 2013-10-24 13:58:39 -04:00
Dan Walsh
2540b20096 Laurent Bigonville patch to fix various minor manpage issues and correct section numbering. 2013-10-24 13:58:37 -04:00
Sven Vermeulen
d4209743e9 Open stdin as read/write
As per the discussion on the selinux development mailinglist, the tmux
application expects the stdin to be writeable. Although perhaps not the most
proper way, having newrole opening the descriptor in read/write keeps the
behaviour in line with what applications expect.

See also http://marc.info/?l=selinux&m=136518126930710&w=2

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2013-10-16 15:24:22 -04:00
Laurent Bigonville
84e085847d policycoreutils: Fix cases where hyphen were used as minus sign in manpages
And also other minor formating issues
2013-10-16 15:12:10 -04:00
Dan Walsh
e23c73a167 policycoreutils: newrole: do not drop capabilities when newrole is run as root
If you run newrole as root and it drops capabilities, the next shell
script does not have any capabilities and can not function.

newrole -L TopSecret

Would end up with a root shell and no capabilities.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-09-12 12:16:01 -04:00
Dan Walsh
40b0cea919 policycoreutils: newrole: Use correct capng calls in newrole
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-03-28 14:52:13 -04:00
Eric Paris
468bff0952 tree: Makefiles: syntax, convert all ${VAR} to $(VAR)
This is purely personal preference.  Most of the Makefiles use $() for
Makefile variables, but a couple of places use ${}.  Since this obscured
some later Makefile changes I figured I'd just make them all the same up
front.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-11-02 15:37:08 -04:00
Eric Paris
e3ffa8c31f policycoreutils: newrole retain CAP_SETPCAP
We retain CAP_SETPCAP so that we can drop the additional capabilities
we held onto to set up namespaces.

While we are at it, just add some console whine in case things fail.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-08-03 18:02:36 -04:00
Steve Lawrence
cba027c249 Exit newrole if capabilities can't be dropped
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2010-12-20 15:13:33 -05:00
Daniel J Walsh
16d1c1cbe5 Move newrole to use libcap-ng
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2010-12-20 15:13:28 -05:00
Chad Sellers
3084b9a1f9 Fix double free in newrole when it fails to exec.
Signed-off-by: Chad Sellers <csellers@tresys.com>
2009-12-30 16:59:48 -05:00
Joshua Brindle
bcd43e0bf1 Author: Daniel J Walsh
Email: dwalsh@redhat.com
Subject: newrole error message corrections.
Date: Fri, 07 Nov 2008 09:37:52 -0500

Signed-off-by: Joshua Brindle <method@manicmethod.com>
2008-11-07 16:49:04 -05:00
Joshua Brindle
13cd4c8960 initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00