Commit Graph

392 Commits

Author SHA1 Message Date
Christian Göttsche
43e1a54b02
libsemanage: clarify handle-unknown configuration setting in man page
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
2020-04-28 09:27:49 +02:00
Nicolas Iooss
417aff7266 libselinux,libsemanage: remove double blank lines
This looks cleaner.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2020-04-22 16:40:34 -05:00
Christian Göttsche
21f50e94b9
tree-wide: use python module importlib instead of the deprecated imp
Replace

python3 -c 'import imp;print([s for s,m,t in imp.get_suffixes() if t == imp.C_EXTENSION][0])'
<string>:1: DeprecationWarning: the imp module is deprecated in favour of importlib; see the module's documentation for alternative uses
.cpython-38-x86_64-linux-gnu.so

with

python3 -c 'import importlib.machinery;print(importlib.machinery.EXTENSION_SUFFIXES[0])'
.cpython-38-x86_64-linux-gnu.so

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
2020-04-16 18:50:43 +02:00
William Roberts
5eee91221b libsemanage: rm semanage_module_upgrade_info from map
This routine was never defined, just declared as a prototype.
Thus it never really existed, but remained in the map file.
Remove it.

Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Signed-off-by: William Roberts <william.c.roberts@intel.com>
2020-04-15 10:28:58 -05:00
William Roberts
6d170a7615 libsemanage: fix linker script symbol versions
In previous work to cleanup the exports and linker scripts, I introduced
a regression causing symbols to be named in both the 1.0 and 1.1
sections. This went un-noticed and was reported by
nicolas.iooss@m4x.org.

Previous patches checked for correctness by:
This was checked by generating an old export map (from master):
nm --defined-only -g ./src/libsemanage.so | cut -d' ' -f 3-3 | grep -v '^_' > old.map

Then creating a new one for this library after this patch is applied:
nm --defined-only -g ./src/libsemanage.so | cut -d' ' -f 3-3 | grep -v '^_' > new.map

And diffing them:
diff old.map new.map

However, this discards the version information. Nicolas points out a
better way, by using objdump so we can see the version information. A
better sequence of commands for checking is as follows:

git checkout 1967477913
objdump -T ./src/libsemanage.so | grep LIBSEMANAGE | cut -d' ' -f 8- | sed 's/^ //' > map.old

git checkout origin/master
objdump -T ./src/libsemanage.so | grep LIBSEMANAGE | cut -d' ' -f 8- | sed 's/^ //' > map.new

diff map.old map.new

Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Signed-off-by: William Roberts <william.c.roberts@intel.com>
2020-04-15 10:28:58 -05:00
William Roberts
43b905246a libsemanage: cleanup linker map file
The linker map file had inconsistent style in the 1_1 versions.
Drop the mixed tabs and spaces and use the consistent spacing indent
of two spaces.

Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: William Roberts <william.c.roberts@intel.com>
2020-03-25 09:53:39 -05:00
William Roberts
3fc08f8908 libsemanage: update linker script
With the old hidden_def and hidden_proto DSO infrastructure removed,
correctness of the map file becomes paramount, as it is what filters out
public API. Because of this, the wild cards should not be used, as it
lets some functions through that should not be made public API. Thus
remove the wild cards, and sort the list.

Additionally, verify that nothing changed in external symbols as well:

This was checked by generating an old export map (from master):
nm --defined-only -g ./src/libsemanage.so | cut -d' ' -f 3-3 | grep -v '^_' > old.map

Then creating a new one for this library after this patch is applied:
nm --defined-only -g ./src/libsemanage.so | cut -d' ' -f 3-3 | grep -v '^_' > new.map

And diffing them:
diff old.map new.map

Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: William Roberts <william.c.roberts@intel.com>
2020-03-25 09:53:39 -05:00
William Roberts
1de9a257a0 libsemanage/Makefile: add -fno-semantic-interposition
Add -fno-semantic-interposition to CFLAGS. This will restore
the DSO infrastructures protections to insure internal callers
of exported symbols call into libselinux and not something loading first
in the library list.

Clang has this enabled by default.

Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: William Roberts <william.c.roberts@intel.com>
2020-03-25 09:53:39 -05:00
William Roberts
653ee4de68 libsemanage: drop hidden
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: William Roberts <william.c.roberts@intel.com>
2020-03-25 09:53:39 -05:00
Ondrej Mosnacek
1967477913 libsemanage: preserve parent Makefile's flags in debug mode
Do not override CFLAGS and LDFLAGS in libsemange Makefile under DEBUG=1,
to make it possible to build the whole tree using the root Makefile with
DEBUG=1.

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
2020-02-07 16:29:04 -05:00
Petr Lautrbach
dca7ce8195
Update VERSIONs to 3.0 for release.
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2019-11-28 13:46:48 +01:00
Petr Lautrbach
6e187f8a2a Update VERSIONs to 3.0-rc2 for release.
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2019-11-22 13:54:17 +01:00
Nicolas Iooss
91cd4600db
libselinux,libsemanage: check in python_exception.i files
Generating selinuxswig_python_exception.i and
semanageswig_python_exception.i requires gcc, which appears to be
unavailable on some platform. Work around this issue by adding the
generated files to the git repository.

While at it, remove a stray space in the generated
selinuxswig_python_exception.i.

Original thread: https://lore.kernel.org/selinux/20191012172357.GB19655@imap.altlinux.org/T/#ma78bd7fe71fb5784387a8c0cebd867d6c02ee6e4

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Cc: Michael Shigorin <mike@altlinux.org>
2019-11-13 08:34:46 +01:00
Nicolas Iooss
dd9c70e0d7
libselinux,libsemanage: fix python_exception.i dependencies
selinuxswig_python_exception.i and semanageswig_python_exception.i need
to be regenerated when either an input header file changes or
exception.sh changes. Add the missing items to the respective Makefiles.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2019-11-13 08:34:42 +01:00
Nicolas Iooss
5815cc9843
libselinux,libsemanage: never create -.o in exception.sh
Files starting with "-" causes issues in commands such as "rm *.o". For
libselinux and libsemanage, when exception.sh fails to remove "-.o",
"make clean" fails with:

    rm: invalid option -- '.'
    Try 'rm ./-.o' to remove the file '-.o'.
    Try 'rm --help' for more information.

Fix this by making exception.sh create "temp.o" instead of "-.o".

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2019-11-13 08:34:35 +01:00
Petr Lautrbach
b3ed0a7a60 Update VERSIONs to 3.0-rc1 for release.
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2019-10-28 13:06:11 +01:00
Nicolas Iooss
b915c7a9d3 libsemanage: mark all exported function "extern"
Many functions are already marked "extern" in libsemanage's public
headers and this will help using the content of the headers in order to
automatically generate some glue code for Python bindings.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2019-10-18 07:34:46 +13:00
Vit Mojzis
991dd7402f libsemanage: Add support for DCCP and SCTP protocols
This is necessary for "semanage port" to be able to handle DCCP and SCTP
protocols.

Fixes:
    "port_parse" only handles TCP and UDP protocols

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
2019-10-09 09:38:58 -04:00
Nicolas Iooss
74c5e551ca libsemanage/tests: check that string pointers are not NULL before comparing them
This silences many issues reported by Infer static analyzer about
possible NULL pointer dereferences.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2019-10-01 14:33:04 -04:00
Nicolas Iooss
7673b97e45 libsemanage/tests: return when str is NULL
CU_FAIL() does not stop the execution flow.

This issue has been found using Infer static analyzer.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2019-10-01 14:33:04 -04:00
Nicolas Iooss
120681c1a3 libsepol, libsemanage: add a macro to silence static analyzer warnings in tests
Several static analyzers (clang's one, Facebook Infer, etc.) warn about
NULL pointer dereferences after a call to CU_ASSERT_PTR_NOT_NULL_FATAL()
in the test code written using CUnit framework. This is because this
CUnit macro is too complex for them to understand that the pointer
cannot be NULL: it is translated to a call to CU_assertImplementation()
with an argument as TRUE in order to mean that the call is fatal if the
asserted condition failed (cf.
http://cunit.sourceforge.net/doxdocs/group__Framework.html).

A possible solution could consist in replacing the
CU_ASSERT_..._FATAL() calls by assert() ones, as most static analyzers
know about assert(). Nevertheless this seems to go against CUnit's API.

An alternative solution consists in overriding CU_ASSERT_..._FATAL()
macros in order to expand to assert() after a call to the matching
CU_ASSERT_...() non-fatal macro. This appears to work fine and to remove
many false-positive warnings from various static analyzers.

As this substitution should only occur when using static analyzer, put
it under #ifdef __CHECKER__, which is the macro used by sparse when
analyzing the Linux kernel.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2019-09-30 08:43:41 -04:00
Petr Lautrbach
54cb5c674b Switch last 2 files using /usr/bin/env to /usr/bin/python3
Other python scripts already use python3 by default. Both files don't have exec
bits so they have to be run using python interpret on command line anyway:

    $ python3 ./setup.py ...

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2019-09-26 08:32:18 -04:00
Nicolas Iooss
b550c0e202
Fix many misspellings
Use codespell (https://github.com/codespell-project/codespell) in order
to find many common misspellings that are present in English texts.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2019-09-18 22:47:35 +02:00
Nicolas Iooss
6177a6f2c4
libsemanage: include internal header to use the hidden function prototypes
When functions from libsemanage calls other functions that are exported,
these functions need to be "wrapped" using hidden_proto() macro. This is
done in headers such as "user_internal.h". Several functions in
genhomedircon.c are not doing this, which makes building with -flto
fail with errors such as:

    /usr/bin/ld: /tmp/libsemanage.so.1.KebOLC.ltrans1.ltrans.o: in
    function `user_sort_func':
    /home/tkloczko/rpmbuild/BUILD/libsemanage-2.9-rc1/src/genhomedircon.c:758:
    undefined reference to `semanage_user_get_name'
    /usr/bin/ld:
    /home/tkloczko/rpmbuild/BUILD/libsemanage-2.9-rc1/src/genhomedircon.c:758:
    undefined reference to `semanage_user_get_name'
    /usr/bin/ld: /tmp/libsemanage.so.1.KebOLC.ltrans1.ltrans.o: in
    function `fcontext_matches':
    /home/tkloczko/rpmbuild/BUILD/libsemanage-2.9-rc1/src/genhomedircon.c:240:
    undefined reference to `semanage_fcontext_get_expr'
    /usr/bin/ld:
    /home/tkloczko/rpmbuild/BUILD/libsemanage-2.9-rc1/src/genhomedircon.c:248:
    undefined reference to `semanage_fcontext_get_type'
    /usr/bin/ld: /tmp/libsemanage.so.1.KebOLC.ltrans1.ltrans.o: in
    function `add_user.isra.0':
    /home/tkloczko/rpmbuild/BUILD/libsemanage-2.9-rc1/src/genhomedircon.c:992:
    undefined reference to `semanage_user_get_mlslevel'
    /usr/bin/ld: /tmp/libsemanage.so.1.KebOLC.ltrans1.ltrans.o: in
    function `write_context_file':
    /home/tkloczko/rpmbuild/BUILD/libsemanage-2.9-rc1/src/genhomedircon.c:892:
    undefined reference to `semanage_user_key_create'
    /usr/bin/ld:
    /home/tkloczko/rpmbuild/BUILD/libsemanage-2.9-rc1/src/genhomedircon.c:764:
    undefined reference to `semanage_user_get_name'
    /usr/bin/ld:
    /home/tkloczko/rpmbuild/BUILD/libsemanage-2.9-rc1/src/genhomedircon.c:897:
    undefined reference to `semanage_user_query'
    /usr/bin/ld:
    /home/tkloczko/rpmbuild/BUILD/libsemanage-2.9-rc1/src/genhomedircon.c:905:
    undefined reference to `semanage_user_get_mlslevel'

Include the missing headers.

Fixes: https://github.com/SELinuxProject/selinux/issues/169

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2019-09-01 18:44:55 +02:00
Ondrej Mosnacek
3cba4306b9 libsemanage: optionally optimize policy on rebuild
When building binary policy, optionally run it through
sepol_policydb_optimize() just before writing it out.

Add an optimize-policy variable to semanage.conf(5) that controls
whether optimization will be applied during libsemanage operations.

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
2019-06-25 10:11:00 -04:00
Jan Zarsky
c46b8af40a libsemanage: test semanage_msg_default_handler
Add test for semanage_msg_default_handler.

Signed-off-by: Jan Zarsky <jzarsky@redhat.com>
2019-06-19 09:01:48 -07:00
Jan Zarsky
acda541a4d libsemanage: test semanage_context_* functions
Add new test suite for other libsemanage functions. Add tests for
semanage_context_* functions.

Signed-off-by: Jan Zarsky <jzarsky@redhat.com>
2019-06-19 09:01:48 -07:00
Jan Zarsky
6f064e0b30 libsemanage: test semanage_user_* functions
Add new test suite for semanage_user_* functions. The test suite aims for line
coverage and covers expected usage of functions. The test suite uses custom
semanage store and policy written in CIL, it does not require running on SELinux
enabled system.

Signed-off-by: Jan Zarsky <jzarsky@redhat.com>
2019-06-19 09:01:48 -07:00
Jan Zarsky
2b6966d7bc libsemanage: test semanage_port_* functions
Add new test suite for semanage_port_* functions. The test suite aims for line
coverage and covers expected usage of functions. The test suite uses custom
semanage store and policy written in CIL, it does not require running on SELinux
enabled system.

Signed-off-by: Jan Zarsky <jzarsky@redhat.com>
2019-06-19 09:01:48 -07:00
Jan Zarsky
dfc81c13fc libsemanage: test semanage_node_* functions
Add new test suite for semanage_node_* functions. The test suite aims for line
coverage and covers expected usage of functions. The test suite uses custom
semanage store and policy written in CIL, it does not require running on SELinux
enabled system.

Signed-off-by: Jan Zarsky <jzarsky@redhat.com>
2019-06-19 09:01:48 -07:00
Jan Zarsky
1791cb42fc libsemanage: test semanage_ibendport_* functions
Add new test suite for semanage_ibendport_* functions. The test suite aims for
line coverage and covers expected usage of functions. The test suite uses custom
semanage store and policy written in CIL, it does not require running on SELinux
enabled system.

Signed-off-by: Jan Zarsky <jzarsky@redhat.com>
2019-06-19 09:01:48 -07:00
Jan Zarsky
c238906b5b libsemanage: test semanage_iface_* functions
Add new test suite for semanage_iface_* functions. The test suite aims for line
coverage and covers expected usage of functions. The test suite uses custom
semanage store and policy written in CIL, it does not require running on SELinux
enabled system.

Signed-off-by: Jan Zarsky <jzarsky@redhat.com>
2019-06-19 09:01:48 -07:00
Jan Zarsky
5aab527f56 libsemanage: test semanage_fcontext functions
Add new test suite for semanage_fcontext_* functions. The test suite aims for
line coverage and covers expected usage of functions. The test suite uses custom
semanage store and policy written in CIL, it does not require running on SELinux
enabled system.

Signed-off-by: Jan Zarsky <jzarsky@redhat.com>
2019-06-19 09:01:48 -07:00
Jan Zarsky
b1c09dc3f7 libsemanage: test semanage_bool_* functions
Add new test suite for semanage_bool_* functions. The test suite aims for line
coverage and covers expected usage of functions. The test suite uses custom
semanage store and policy written in CIL, it does not require running on SELinux
enabled system.

Signed-off-by: Jan Zarsky <jzarsky@redhat.com>
2019-06-19 09:01:48 -07:00
Jan Zarsky
92bd4ae5ba libsemanage: test semanage_handle_* functions
Add new test suite for semanage_handle_* functions. The test suite aims for line
coverage and covers expected usage of functions. The test suite uses custom
semanage store and policy written in CIL, it does not require running on SELinux
enabled system.

Signed-off-by: Jan Zarsky <jzarsky@redhat.com>
2019-06-19 09:01:48 -07:00
Jan Zarsky
638e2f9df0 libsemanage: add helper functions to tests
- Add functions for creating and destroying test semanage store.
- Add functions for writing SELinux policy to the test store.
- Add functions for creating semanage handle, connecting to the store and for
  beginning a transaction.
- Update Makefile to compile test policies from CIL source.

Signed-off-by: Jan Zarsky <jzarsky@redhat.com>
2019-06-19 09:01:48 -07:00
Unto Sten
c758ac1ddf Trivial style fixes 2019-05-28 07:51:43 -04:00
Petr Lautrbach
891cfee44f Update VERSIONs to 2.9 for release.
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2019-03-15 11:32:30 +01:00
Petr Lautrbach
ee1809f453 Update VERSIONs to 2.9-rc2 for release.
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2019-03-01 13:58:20 +01:00
Petr Lautrbach
1952be65dc Switch to python3 by default
- Python 2.7 is planned to be the last of the 2.x releases
- It's generally advised to use Python 3
- Majority of python/ scripts are already switched python3
- Users with python 2 only can still use:

$ make PYTHON=/usr/bin/python ....

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2019-02-20 16:43:27 +01:00
Petr Lautrbach
3b868abd2e Always use /usr/bin/python3 in Python scripts
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2019-02-20 16:43:27 +01:00
Petr Lautrbach
ffc59f6015 libsemanage: genhomedircon - improve handling large groups
getgrnam_r() uses a preallocated buffer to store a structure containing
the broken-out fields of the record in the group database. The size of
this buffer is usually sysconf(_SC_GETGR_R_SIZE_MAX) == 1024 and it is
not enough for groups with a large number of users.  In these cases,
getgrnam_r() returns -1 and sets errno to ERANGE and the caller can
retry with a larger buffer.

Fixes:
$ semanage login -a -s user_u -r s0-s0:c1.c2 '%largegroup'
libsemanage.semanage_direct_commit: semanage_genhomedircon returned error code -1. (Numerical result out of range).
OSError: Numerical result out of range

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2019-02-13 13:49:05 +01:00
Aleksei Nikiforov
0445e65d83 Allow installing translated man pages
Signed-off-by: Aleksei Nikiforov <darktemplar@basealt.ru>
2019-01-28 12:03:57 +01:00
Aleksei Nikiforov
e3e3873de7 Add man pages translation by Olesya Gerasimenko
Signed-off-by: Olesya Gerasimenko <gammaray@basealt.ru>
Signed-off-by: Aleksei Nikiforov <darktemplar@basealt.ru>
2019-01-28 12:03:57 +01:00
Petr Lautrbach
53312c7d61 Update VERSIONs to 2.9-rc1 for release.
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2019-01-25 11:48:54 +01:00
Stephen Smalley
dc3d9c6d71
libsemanage: set selinux policy root around calls to selinux_boolean_sub
As reported in #109, semodule -p /path/to/policyroot -s minimum -n -B
tries to use /etc/selinux/targeted/booleans.subs_dist.  This is because
it invokes the libselinux selinux_boolean_sub() interface, which uses
the active/installed policy files rather than the libsemanage ones.

Switch the selinux policy root around the selinux_boolean_sub() call
to incorporate the semanage root as a prefix and to use the specified
policy store as a suffix so that the correct booleans.subs_dist file
(if any) is used.

The underlying bug is that booleans.subs_dist is not itself managed
via libsemanage. If it was managed and therefore lived within the
policy store, then libsemanage could access the appropriate
booleans.subs_dist file without using the libselinux interface at all,
and thus would not need to modify the selinux policy root.  Moving
booleans.subs_dist to a managed file is deferred to a future change.

Test:
dnf install selinux-policy-minimum selinux-policy-targeted
cd / && tar cf - etc/selinux var/lib/selinux | (cd ~/policy-root; tar xvpf -)
strace semodule -p ~/policy-root -s minimum -n -B

Before:
openat(AT_FDCWD, "/etc/selinux/targeted/booleans.subs_dist", O_RDONLY|O_CLOEXEC) = 5

After:
openat(AT_FDCWD, "/home/sds/policy-root/etc/selinux/minimum/booleans.subs_dist", O_RDONLY|O_CLOEXEC) = 5

Fixes https://github.com/SELinuxProject/selinux/issues/109

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2019-01-12 19:01:24 +01:00
Laurent Bigonville
9ac345e8d5
libsemanage: Always set errno to 0 before calling getpwent()
The manpage explicitly states that:

  The  getpwent()  function  returns a pointer to a passwd structure, or
  NULL if there are no more entries or an error occurred.  If an error
  occurs, errno is set appropriately.  If one wants to check errno after
  the call, it should be set to zero before the call.

Without this, genhomedircon can wrongly return the following:
  libsemanage.get_home_dirs: Error while fetching users.  Returning list so far.

https://github.com/SELinuxProject/selinux/issues/121

Signed-off-by: Laurent Bigonville <bigon@bigon.be>
2019-01-05 15:47:03 +01:00
Nicolas Iooss
0c02ae1cd8 semanage_migrate_store: switch to space indentation
The script used both tabs and space to indent the code, using a tab
length of 8 (in calls to parser.add_option(...)). Make the code more
readable by using spaces for indentation everywhere.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2019-01-04 12:19:39 +01:00
Nicolas Iooss
cc6d99db4e semanage_migrate_store: remove unused loading of libsepol.so
semanage_migrate_store loads libsepol.so using ctypes but never uses it.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2019-01-04 12:19:33 +01:00
Nicolas Iooss
3cb974d2d2 semanage_migrate_store: fix many Python linter warnings
flake8 reports many warnings on script semanage_migrate_store:

    E225 missing whitespace around operator
    E302 expected 2 blank lines, found 1
    E701 multiple statements on one line (colon)
    E703 statement ends with a semicolon
    E722 do not use bare 'except'
    ...

Fix some of them in order to reduce the noise.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2019-01-04 12:19:24 +01:00