The coveriety scanner is too stupid to realize that the strtok_r()
function initializes the saveptr variable. Since we are passing a
variable location without initializing it coveriety gets angry. Just
shut up the scanner, but nothing was wrong to start with.
Signed-off-by: Eric Paris <eparis@redhat.com>
If we have a malformed seusers entry we may not find the : proceeding
the level and would thus get a NULL. This can blow up. Check for this
error and bail gracefully. Found by coverity
Signed-off-by: Eric Paris <eparis@redhat.com>
We may want to force matchpathcon to respond if the path is question is
a dir, sockfile, chr, blk, etc. Add an option so you can force it to
hit the right rule types.
Signed-off-by: Eric Paris <eparis@redhat.com>
Make selinux_boolean_sub a public method so getsebool can use it, as well as
potentially used within libsemanage.
Signed-off-by: Eric Paris <eparis@redhat.com>
Use selinux_boolean_sub to translate the boolean name handed in by the user.
Report back the correct name of the boolean.
Signed-off-by: Eric Paris <eparis@redhat.com>
Add support for booleans.subs file. Basically this allows us to finally change
badly named booleans to some standard name.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
We generate pkg-config --libs and use that to build the libselinux
python so file. We do not use it to build the libsemanage versions. We
also never use the ruby equivalent. So stop calling pkg-config
uselessly.
Signed-off-by: Eric Paris <eparis@redhat.com>
We explicitly set the soname of the python and ruby files. We don't
need this. We are using the -o name as the soname, so just let the
toolchain do its thing. It just makes the Makefile nicer to read.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Add a -s option to getdefaultcon which allows one to specify the
service in question. This exposes all of the abilities of getseuser
instead of only the abilities of getseuserbyname.
Signed-off-by: Eric Paris <eparis@redhat.com>
In order for lxc to look up its process and file labels we add new
libselinux support. This is what we do for everything else, like
libvirt, seposgresql, etc.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
SELinux ruby bindings didn't build from the top level
the swig generated .c file wasn't gitignored
use pkg-config for ruby info like we do for python
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
This is already in the android repo. This is here to prevent potential
conflicts of the selabel indices, and possibly with an eye toward an eventual
reunification of the two libselinuxes down the road.
Reviewed-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
getseuser() would unconditionally check strlen on the service variable
even though it could be NULL. Whoops. If service is NULL we should
only match on *: entries.
Signed-off-by: Eric Paris <eparis@redhat.com>
The realpath_not_final() function did not properly handle symlinks in
the / directory. The reason is because when it determined the symlink
was in the root directory it would set the resolved portion of the path
to /, it would then add a / to the end of the resolved portion, and then
append the symlink name. The fix is to instead set the resolved portion
to "". Thus when the '/' at the end of the resolved portion is added it
will be correct.
While I am at it, strip extraneous leading / so that //tmp returns /tmp.
Signed-off-by: Eric Paris <eparis@redhat.com>
swig creates C files with warnings. Turn off the warnings so the build
is clean. We can't help the code it produces anyway...
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
The init functions are non-static but did not have a prototype
declaration. They are called magically from python, so just declare the
prototype to silence the warning.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
should continue to poll if it receinves an EINTR rather then exiting with an error.
This was a major bug within dbus that was causing dbus to crash it was
discussed at the time whether this is a dbus bug or an libselinux bug,
it was decided that we should fix it within libselinux.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Description: Hide unnecessarily-exported library destructors
This change was extracted from the old monolithic Debian patch.
Signed-off-by: Laurent Bigonville <bigon@debian.org>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Do not link python module with libpython, the interpreter is already linked against it.
Signed-off-by: Laurent Bigonville <bigon@debian.org>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
I'd like to use this interface to implement special case handling
for the default labeling behavior on temporary database objects. Allow
userspace to use the filename_trans rules added to policy.
Signed-off-by: KaiGai Kohei <kohei.kaigai@emea.nec.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
selinux_check_access() should not error on bad class or perms if the
security_deny_unkown() function return false. If policy tells us to
allow unknown classes and perms we should respect that.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
To simplify finding why programs don't work, assert that avc_init() was
called any time avc functions are called. This means we won't get
'random' segfaults and will instead be able to hopefully quickly
determine what we did wrong as application developers.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
It's not special and doesn't need its own Makefile lines. Just make it
a normal target.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Move everything into /usr/* and just put links from /*. The whole /usr
thing hasn't really worked in all situations for a long long time. Just
accept that fact and move along.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
The earlier patch to avc.c put the struct member annotation at
the end of the line, which works fine for GCC, but upsets SWIG.
Equivalent code in selinux.h demonstrates how to place the
annotation without upsetting SWIG.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
XXX: -Wno-redundant-decls really shouldn't be set, if some way
can be found to deal with warnings generated by dso.h
XXX: the maximum stack size should be much lower, but there
are too many functions using PATH_MAX which need to be rewritten
to use the heap instead.
XXX: probe for whether the user's GCC supports a flag ?
Signed-off-by: Eric Paris <eparis@redhat.com>
Annotating the die method as taking printf format exposes
a bug in error reporting
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
The public avc.h file must use a printf annotation in the struct
callback members, otherwise application code will get compiler
warnings that the method should have an annotation set.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
* include/selinux/selinux.h, src/init.c: set_selinuxmnt should take
a const char *mntpath
* src/get_default_type.c: Avoid bad cast discarding const
* load_policy.c: Fix var decl to avoid discarding const
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Add 'void' parameter to all functions which take no arguments
* selinux_config.c: s/()/(void)/
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
seusers.c: In function ‘getseuser’:
seusers.c:273:3: error: jump skips variable initialization [-Werror=jump-misses-init]
seusers.c:317:2: note: label ‘err’ defined here
seusers.c:274:8: note: ‘fp’ declared here
* seusers.c: Declare FILE *fp at start of getseuser() method
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
