Currently the semanage.conf file is hard coded to /etc/selinux/semanage.conf
even when an alternate root path is specified. Use the semanage.conf
found inside the altername root instead of the system global version.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Fix the handling of namespaces in seunshare/sandbox.
Currently mounting of directories within sandbox is propogating to the
parent namesspace. This fix will basically isolate any mounting that
happens after the unshare from the parent namespace.
Signed-off-by: Eric Paris <eparis@redhat.com
Acked-by: Dan Walsh <dwalsh@redhat.com>
We would like to be able to say that the user, role, or range of a newly
created object should be based on the user, role, or range of either the
source or the target of the creation operation. aka, for a new file
this could be the user of the creating process or the user or the parent
directory. This patch implements the new language and the policydb
support to give this information to the kernel.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
The getcon man page already includes setcon() and other non-"get"
entries. Why send people somewhere else just for freecon? Put it here.
Signed-off-by: Eric Paris <eparis@redhat.com>
Do not talk about disabling selinux in the setenforce man page. Point
people in the right direction instead.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
When selabel_lookup found an invalid context with validation enabled, it
always stated it was 'file_contexts' whether media, x, db or file.
The fix is to store the spec file name in the selabel_lookup_rec on
selabel_open and use this as output for logs. Also a minor fix if key is
NULL to stop seg faults.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Include -W
Set LDLIBS consistently (include -L$(LIBDIR))
Don't explicitly call $(CC) let make do it.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
If you build a distribution without MLS turned on, libsemanage will
crash if given a user without a level. This patch allows users
without levels to be passed in.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
We use the exact same logic a bunch of places in policy_define.c to
translate a class set into a bitmap. Make this into a helper function.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
For a long time /root has been treated differently in Red Hat
Distributions then upstream policy.
We do not want to label /root the same as a users homedir. Because of
this we have carried a patch in libsemanage/genhomedircon.c to ignore
/root.
This patch adds a flag to semanage.conf, ignoredirs. That will allow
distributions or users to specify directories that genhomedircon
should ignore when setting up users homedir labeling.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
In order to handle properly the display on boot the sandbox init
script has to source the functions file.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
combine analysys of audit2why into audit2allow, so users can see if a
boolean would solve an AVC or if it is a constrain violation. Rather
then blindly adding allow rules to modules.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Add service_seusers(5) - those in the ./logins directory, seusers(5),
user_contexts(5) - those in the ./contexts/users directory,
virtual_domain_context(5) and virtual_image_context(5) man pages.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Add failsafe_context(5), local.users(5), removable_contexts(5) and
securetty_types(5) man pages.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Add booleans(5), customizable_types(5), default_contexts(5) and
default_type(5) man pages.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Updated selabel_x(5) with X-Windows context configuration file format and
added x_contexts(5) man page that links to it.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Updated selabel_media(5) with media context configuration file format and
added media(5) man page that links to it.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Updated selabel_db(5) with RDBMS context configuration file format and added sepgsql_contexts(5) man page that links to it.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Updated selabel_file(5) with file context configuration file format and
added file_contexts(5) man page that links to it. selabel_file(5) also
describes the .local, .homedirs, .subs and .subs_dist configuration file
formats.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Added new man page selinux_config(5) detailing the SELinux config file
format to new man/man5 directory plus Makefile.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
sestatus has been modified to present additional information: SELinux root
directory, MLS flag and the deny_unknow flag. The man page has been updated
to reflect these changes and an sestatus.conf(5) man page has also been added.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
For get_default_context_with_role(3) and get_default_context_with_rolelevel(3),
return errno = EINVAL if invalid role.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
get_default_type(3) now returns with errno set to EINVAL if the entry does not
exist.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
If selinux_set_mapping(3) is used to map classes, and an invalid class is used
to compute a decision (tclass = 0), the result did not obey the status of the
deny_unknown flag.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Remove assert in security_get_boolean_names(3) if the len invalid and stop seg
fault if names is null. Set EINVAL instead and return error.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
No real code change. Just to make it clear what a src and dst means.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Add a check to restorecon, to not change a context if the context on disk matches
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Check for conflict on equivalence when adding a file context.
If a user adds a file context that begins with an equivalence string, we
throw an exception.
/usr/sbin/semanage: File spec /usr/lib64/dan conflicts with equivalency rule '/usr/lib64 /usr/lib'; Try adding '/usr/lib/dan' instead
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Print out the list of local and distribution file context equivalencies
rather than just local rules.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
We already allow this in policy, so allow it in sepolgen as well.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
If sandbox init script is run multiple times to start it should still
return 0 rather than an error. Things should still be set up.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Instead of force an arbitrary 100 category requirement, only bomb if
there is a problem. Error out if there are 0 categories or if we cannot
find a free category in a reasonable number of attempts.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
We calculate the number of available legit category sets for a given
user and then try to find one that many times. If we don't find one,
bail out.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
100 is very high, but at least we know the chances of finding a valid
combination is high.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Since this file lives in /etc/sysconfig/ it does not include a .conf
extention. Thus the man page should not include a .conf in the
filename.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
We found that we wanted a filename transition rule for ld.so.cache~
however ~ was not a valid character in a filename.
Fix-from: Miroslav Grepl <mgrepl@redhat.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Include the same error type options we build everything else with.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Either by dropping the parameter or marking it as unused depending on
what works. We can't redefine hashtab_map callbacks as they must take all
three options, so just mark those unused.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>