They do not retain the neverallow source information so we must
not assume that source_filename is set. Either need a new binary
module format if we want to propagate this information for modular
builds or get rid of binary modules.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
checkmodule -m and -b are fundamentally incompatible with each other,
so reject attempts to use them together.
Resolves
https://bugzilla.redhat.com/show_bug.cgi?id=1064603
Also fix the error message for -m with -U to use stderr.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
In attempting to enable building various part of Android with -Wall -Werror,
we found that the const security_context_t declarations in libselinux
are incorrect; const char * was intended, but const security_context_t
translates to char * const and triggers warnings on passing
const char * from the caller. Easiest fix is to replace them all with
const char *. And while we are at it, just get rid of all usage of
security_context_t itself as it adds no value - there is no true
encapsulation of the security context strings and callers already
directly use string functions on them. typedef left to permit
building legacy users until such a time as all are updated.
This is a port of Change-Id I2f9df7bb9f575f76024c3e5f5b660345da2931a7
from Android, augmented to deal with all of the other code in upstream
libselinux and updating the man pages too.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Eric Paris <eparis@redhat.com>
This new function allows a process to invoke helper programs with
a new execution context based on the filename, this is initially
intended for package managers so that they can easily execute
package scriptlets or maintainer scripts.
Base rpm_execcon() off this new function.
Signed-off-by: Guillem Jover <guillem@debian.org>
Failure to copy the entire av_decision structure, including the
flags field, would prevent preservation of the SELINUX_AVD_FLAGS_PERMISSIVE
flag and thus cause per-domain permissive to not be honored for userspace
permission checks.
Also ensure that we clear the entire structure.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Currently, the selevel/serange values (which are often set on a default
's0' value) are used for ports, users, contexts and logins. This breaks
non-MLS setups.
This patch will only call the necessary mls functions if mls is actually
enabled.
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
Sandbox policy is huge do to macro expansion. We do not install this by default
but sandbox command can fail without it installed. This patch prints a message to the
user to install the package.
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
libselinux uses weak bindings to pthread functions and will fall
back to non-threaded implementations if the caller is not linked
with libpthread. Avoid requiring all users of libselinux to
link with libpthread.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Use Type=forking and pass PIDFile option, this allows better tracking of
the livecycle of the daemon.
Only attempt to start the daemon if selinux is enabled.
Drop After=syslog.target, syslog is socket activated anyway
Running valgrind flagged up three "definitely lost" malloc/realloc errors
when checking constraints.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Allow mls/constraint mls/validatetrans constraints to be displayed
in debug mode. If POLICY_KERN version is >=
POLICYDB_VERSION_CONSTRAINT_NAMES then the policy defined
types/attributes will be returned.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
This will return mls/validatetrans constraint information for each
expression in a buffer. If POLICY_KERN version is >=
POLICYDB_VERSION_CONSTRAINT_NAMES then the policy defined types/attributes
will be returned.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
