Commit Graph

561 Commits

Author SHA1 Message Date
Dan Walsh d4064c954f policycoreutils: sandbox: Removing sandbox init script, should no longer be necessary
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-03-28 08:39:08 -04:00
Dan Walsh 18e3a8d396 checkpolicy: libselinux: Fix dead links to www.nsa.gov/selinux
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-03-28 08:39:07 -04:00
Dan Walsh 66dd98b83a libsemanage: Alternate path for semanage.conf
Currently the semanage.conf file is hard coded to /etc/selinux/semanage.conf
even when an alternate root path is specified.  Use the semanage.conf
found inside the altername root instead of the system global version.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-03-28 08:39:07 -04:00
Dan Walsh 70c582f4e0 policycoreutils: sandbox: do not propogate inside mounts outside
Fix the handling of namespaces in seunshare/sandbox.
Currently mounting of directories within sandbox is propogating to the
parent namesspace.  This fix will basically isolate any mounting that
happens after the unshare from the parent namespace.

Signed-off-by: Eric Paris <eparis@redhat.com
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-03-28 08:39:07 -04:00
Eric Paris 09c783c9a3 libsepol: checkpolicy: implement new default labeling behaviors
We would like to be able to say that the user, role, or range of a newly
created object should be based on the user, role, or range of either the
source or the target of the creation operation.  aka, for a new file
this could be the user of the creating process or the user or the parent
directory.  This patch implements the new language and the policydb
support to give this information to the kernel.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-03-27 16:49:31 -04:00
Eric Paris 339f8079d7 update VERSION and Changelog for public push 2011-12-21 12:46:04 -05:00
Eric Paris 297d2bee23 libselinux: merge freecon with getcon man page
The getcon man page already includes setcon() and other non-"get"
entries.  Why send people somewhere else just for freecon?  Put it here.

Signed-off-by: Eric Paris <eparis@redhat.com>
2011-12-21 12:35:06 -05:00
Dan Walsh cb71d68aa1 libselinux: Cleanup Man pages
Typos, indenting, nothing fancy.

Signed-off-by: Eric Paris <eparis@redhat.com>
2011-12-21 12:35:05 -05:00
Eric Paris bd26462036 policycoreutils: semanage: drop unused translation getopt
Remove handling for T: in getopt, this should have been
removed when we removed manage of translation

Signed-off-by: Eric Paris <eparis@redhat.com>
2011-12-21 12:35:05 -05:00
Dan Walsh 27915ec2aa libselinux: Fix setenforce man page to refer to selinux man page
Do not talk about disabling selinux in the setenforce man page.  Point
people in the right direction instead.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-21 12:35:05 -05:00
Richard Haines 16a37c9f94 libselinux - correct selabel invalid context logging
When selabel_lookup found an invalid context with validation enabled, it
always stated it was 'file_contexts' whether media, x, db or file.
The fix is to store the spec file name in the selabel_lookup_rec on
selabel_open and use this as output for logs. Also a minor fix if key is
NULL to stop seg faults.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-21 12:35:05 -05:00
Dan Walsh c4c0748091 policycoreutils: Fix Makefile to match other policycoreutils Makefiles
Include -W
Set LDLIBS consistently (include -L$(LIBDIR))
Don't explicitly call $(CC) let make do it.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-21 12:35:05 -05:00
Dan Walsh 5e46bb8647 libsemanage: Fallback_user_level can be NULL if you are not using MLS
If you build a distribution without MLS turned on, libsemanage will
crash if given a user without a level.  This patch allows users
without levels to be passed in.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-21 12:25:28 -05:00
Eric Paris b39e8cab3c checkpolicy: add new helper to translate class sets into bitmaps
We use the exact same logic a bunch of places in policy_define.c to
translate a class set into a bitmap.  Make this into a helper function.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-21 12:25:28 -05:00
Eric Paris 915b5f885f libsemanage: add ignoredirs config for genhomedircon
For a long time /root has been treated differently in Red Hat
Distributions then upstream policy.

We do not want to label /root the same as a users homedir.  Because of
this we have carried a patch in libsemanage/genhomedircon.c to ignore
/root.

This patch adds a flag to semanage.conf, ignoredirs.  That will allow
distributions or users to specify directories that genhomedircon
should ignore when setting up users homedir labeling.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-21 12:25:28 -05:00
Dan Walsh 17fc79a5f6 policycoreutils: sandbox: Add back in . functions to sandbox.init script
In order to handle properly the display on boot the sandbox init
script has to source the functions file.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-21 12:25:28 -05:00
Eric Paris efdcd1e981 policycoreutils: Remove excess whitespace
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-21 12:25:28 -05:00
Eric Paris 5c3211bcca sepolgen: better analysis of why things broke
combine analysys of audit2why into audit2allow, so users can see if a
boolean would solve an AVC or if it is a constrain violation.  Rather
then blindly adding allow rules to modules.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-21 12:22:05 -05:00
Eric Paris d65c02f066 bump version and changelog 2011-12-05 16:20:45 -05:00
Eric Paris 85cfd2fe2e libselinux: use -W and -Werror in utils
Add the flags and fix the one build break.

Signed-off-by: Eric Paris <eparis@redhat.com>
2011-12-05 16:14:17 -05:00
Richard Haines 426d624723 libselinux: Add man/man5 man pages
Add service_seusers(5) - those in the ./logins directory, seusers(5),
user_contexts(5) - those in the ./contexts/users directory,
virtual_domain_context(5) and virtual_image_context(5) man pages.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
2011-12-05 16:11:22 -05:00
Richard Haines accf6a433f libselinux: Add man/man5 man pages
Add failsafe_context(5), local.users(5), removable_contexts(5) and
securetty_types(5) man pages.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
2011-12-05 16:11:22 -05:00
Richard Haines cc9e7e5865 libselinux: Add man/man5 man pages
Add booleans(5), customizable_types(5), default_contexts(5) and
default_type(5) man pages.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
2011-12-05 16:11:22 -05:00
Richard Haines af9608245a libselinux: Updated selabel_x(5) man page
Updated selabel_x(5) with X-Windows context configuration file format and
added x_contexts(5) man page that links to it.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-05 16:11:22 -05:00
Richard Haines a566af7974 libselinux: Updated selabel_media(5) man page
Updated selabel_media(5) with media context configuration file format and
added media(5) man page that links to it.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-05 16:11:22 -05:00
Richard Haines 30bd4567cf libselinux: Updated selabel_db(5) man page
Updated selabel_db(5) with RDBMS context configuration file format and added sepgsql_contexts(5) man page that links to it.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-05 16:11:21 -05:00
Richard Haines 5f2e362d25 libselinux: Updated selabel_file(5) man page
Updated selabel_file(5) with file context configuration file format and
added file_contexts(5) man page that links to it. selabel_file(5) also
describes the .local, .homedirs, .subs and .subs_dist configuration file
formats.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-05 16:11:21 -05:00
Eric Paris beb7dedf7b policycoreutils: add clean target to man Makefile
Empty clean target just so you can run make clean

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-05 16:11:21 -05:00
Richard Haines 6aec573f80 policycoreutils: Added SELinux config file man page.
Added new man page selinux_config(5) detailing the SELinux config file
format to new man/man5 directory plus Makefile.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-05 16:11:20 -05:00
Richard Haines 3e870d7c9b policycoreutils: sestatus: Updated sestatus and man pages.
sestatus has been modified to present additional information: SELinux root
directory, MLS flag and the deny_unknow flag. The man page has been updated
to reflect these changes and an sestatus.conf(5) man page has also been added.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-05 16:10:38 -05:00
Richard Haines aed37210a3 libselinux: return EINVAL if invalid role selected
For get_default_context_with_role(3) and get_default_context_with_rolelevel(3),
return errno = EINVAL if invalid role.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-05 16:10:38 -05:00
Richard Haines 83161f73ea libselinux: get_default_type now sets EINVAL if no entry.
get_default_type(3) now returns with errno set to EINVAL if the entry does not
exist.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-05 16:10:38 -05:00
Richard Haines d0a8d81882 libselinux: Mapped compute functions now obey deny_unknown flag
If selinux_set_mapping(3) is used to map classes, and an invalid class is used
to compute a decision (tclass = 0), the result did not obey the status of the
deny_unknown flag.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-05 16:10:38 -05:00
Richard Haines 98234cf543 libselinux: Remove assert in security_get_boolean_names(3)
Remove assert in security_get_boolean_names(3) if the len invalid and stop seg
fault if names is null. Set EINVAL instead and return error.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-05 16:10:38 -05:00
Dan Walsh c705f0f4d8 policycoreutils: semanage: change src,dst to target,substitute for equivalency
No real code change.  Just to make it clear what a src and dst means.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-05 16:10:38 -05:00
Dan Walsh b96d0fac86 policycoreutils: semanage: Make sure semanage fcontext -l -C prints even if local keys are not defined
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-05 16:10:38 -05:00
Dan Walsh 7e81db0eb8 libselinux: selinuxswig_python.i: don't make syscall if it won't change anything
Add a check to restorecon, to not change a context if the context on disk matches

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-05 16:10:38 -05:00
Eric Paris 79bcfa7286 policycoreutils: semanage: check file equivalence rules for conflict
Check for conflict on equivalence when adding a file context.
If a user adds a file context that begins with an equivalence string, we
throw an exception.

/usr/sbin/semanage: File spec /usr/lib64/dan conflicts with equivalency rule '/usr/lib64 /usr/lib'; Try adding '/usr/lib/dan' instead

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-05 16:10:37 -05:00
Dan Walsh 7dd4e1eee1 policycoreutils: semanage: print local and dristo equiv rules
Print out the list of local and distribution file context equivalencies
rather than just local rules.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-05 16:10:37 -05:00
Dan Walsh a0af38a531 sepolgen: Allow ~ as a file identifier
We already allow this in policy, so allow it in sepolgen as well.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-05 16:10:37 -05:00
Dan Walsh c00affcc3e policycoreutils: sandbox: init script run twice is still successful
If sandbox init script is run multiple times to start it should still
return 0 rather than an error.  Things should still be set up.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-05 16:10:37 -05:00
Eric Paris 6c2ad1ce52 policycoreutils: sandbox: only complain if sandbox unable to launch
Instead of force an arbitrary 100 category requirement, only bomb if
there is a problem.  Error out if there are 0 categories or if we cannot
find a free category in a reasonable number of attempts.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-05 16:10:37 -05:00
Dan Walsh d9376680bd policycoreutils: sandbox: do not try forever to find available category set
We calculate the number of available legit category sets for a given
user and then try to find one that many times.  If we don't find one,
bail out.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-05 16:10:37 -05:00
Dan Walsh 78b077cd09 policycoreutils: sandbox: make sure the domain launching sandbox has at least 100 categories
100 is very high, but at least we know the chances of finding a valid
combination is high.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-05 16:10:37 -05:00
Dan Walsh 7ece124c51 policycoreutils: sandbox: Allow user to specify the DPI value for X in a sandbox
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-05 16:10:37 -05:00
Dan Walsh a6065e5ab7 policycoreutils: po: Makefile use -p to preserve times to allow multilib simultatious installs of po files
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-05 16:10:37 -05:00
Eric Paris cfb2a06e39 policycoreutils: sandbox: move sandbox.conf.5 to just sandbox.5
Since this file lives in /etc/sysconfig/ it does not include a .conf
extention.  Thus the man page should not include a .conf in the
filename.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-05 16:10:35 -05:00
Eric Paris b6ccfd7c91 checkpolicy: allow ~ in filename transition rules
We found that we wanted a filename transition rule for ld.so.cache~
however ~ was not a valid character in a filename.

Fix-from: Miroslav Grepl <mgrepl@redhat.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-05 16:09:30 -05:00
Eric Paris f00d415747 checkpolicy: test: Makefile: include -W and -Werror
Include the same error type options we build everything else with.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-05 16:09:30 -05:00
Eric Paris 58179a9988 checkpolicy: dismod: fix unused parameter errors
Either by dropping the parameter or marking it as unused depending on
what works.  We can't redefine hashtab_map callbacks as they must take all
three options, so just mark those unused.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-05 16:09:30 -05:00