Commit Graph

837 Commits

Author SHA1 Message Date
Dan Walsh
e4488ecd87 Allow users to have homedir as a symbolic link but mount on the homedir
Also do not error out on setfsuid if errno == success.  This breaks on systems
that use file capabilities rather then on setuid apps.
2013-10-24 13:58:39 -04:00
Dan Walsh
a387e158f5 Xephry now supports resizable flag 2013-10-24 13:58:39 -04:00
Dan Walsh
9e0c737307 Swith to using openbox for window manager rather then matchbox
openbox has an upstream where matchbox is dead.

Also remove VERSION string since not used.
sandbox_file_t is only file type allowed.
2013-10-24 13:58:39 -04:00
Dan Walsh
ae1cedbac8 Handle audit2allow and audit2why with the same executable Remove audit2why directory and combine this into audit2allow directory 2013-10-24 13:58:39 -04:00
Dan Walsh
f7d40d920c We were asked to open output file for append rather then write. 2013-10-24 13:58:39 -04:00
Dan Walsh
69129b4983 Need to set the locale to current locale
Without this call the audit2allow -b command was failing in certain countries.
2013-10-24 13:58:39 -04:00
Dan Walsh
f8a46ac9b3 Update Translations 2013-10-24 13:58:39 -04:00
Dan Walsh
8137b9392c Fix test matching to use proper constants 2013-10-24 13:58:38 -04:00
Dan Walsh
17cc87e56b sepolgen did not work with filename transitions.
This patch adds support for it.
2013-10-24 13:58:38 -04:00
Dan Walsh
3223746ba8 fix bug in calls to attributes 2013-10-24 13:58:38 -04:00
Dan Walsh
6f84cfd00c If you are pushing data onto the list that already exists, then return success.
Do not push the data in a second time.
2013-10-24 13:58:38 -04:00
Dan Walsh
56d9d20a64 Pull auditing into libsemanage.
In the past we wrote audit into the semanage tool chain.  But if a tool like useradd
called dirreclty into libsemanage we did not get auditing.  Now useradd calls directly,
so we need this patch.

Another fix in this patch is to default the login mappings MLS to the selected SELinux User.
If a caller just specified the name staff_u, then the code will look up the range of staff_u
and apply it to the mapping.
2013-10-24 13:58:38 -04:00
Dan Walsh
b14294c01f Remove the policy.kern after policy is build and replace with symbolic link.
We want to shink the space required by selinux-policy for small cloud images.
This file has no purpose after policy is built.
2013-10-24 13:58:38 -04:00
Dan Walsh
1fbb15eb11 Add Laurent Bigonville fix to look at MAX_UID as well as MIN_UID in genhomedircon 2013-10-24 13:58:38 -04:00
Dan Walsh
874a976470 Fix handling of temporary file in sefcontext_compile.c
This way if something goes wrong regex file will not be corrupt.
2013-10-24 13:58:38 -04:00
Dan Walsh
c32da69e01 Fixes for procattr calls to handle cache properly.
We were asked not to link to libpthread but to use gcc internals.
We were not handling properly the fact that a cache was UNSET, and this
patch fixes this.
2013-10-24 13:58:38 -04:00
Dan Walsh
9639f5d9a8 Add decent constants for python for return of getenforce call. 2013-10-24 13:58:38 -04:00
Dan Walsh
22671378f1 Fix label substituion to work with the equiv path of "/"
Software collections are setting up equiv directories to the root directory.
2013-10-24 13:58:38 -04:00
Dan Walsh
7eec00a5be Add selinux_current_policy_path, which returns the a pointer to the loaded policy
Also change audit2why to look at the loaded policy rather then searching on disk for
the policy file.  It is more likely that you are examining the running policy.
2013-10-24 13:58:38 -04:00
Dan Walsh
403f2cfeb8 Change get_context_list to return an error rather then guess at a match.
In the past pam_selinux would return a bogus login context if the login program
was running with the wrong context.  If you ran sshd as unconfined_t
you might get the login user loggin in as pam_oddjob_mkhomedir_t or some other bogus
type.  This change fixes the code to return an error if it can not return a good
match.
2013-10-24 13:58:38 -04:00
Dan Walsh
f1598dff7e Support udev-197 and higher
The errno value was not set, causing wrong return notifications and
failing to have udev label things correctly.

See https://bugzilla.redhat.com/show_bug.cgi?id=909826#c24 and
see https://bugs.gentoo.org/show_bug.cgi?id=462626

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2013-10-24 13:58:37 -04:00
Dan Walsh
fd56c5230c Separate out the calling of local subs and dist subs in selabel_sub
We want to allow users to setup their substitions to run fist and then run
the distro subs second.  This fixes the problem where a user defines
a sub like /usr/local/foobar and we ignore it.  We need this for
software collections which is setting up local subs of /opt/src/foobar/root /
2013-10-24 13:58:37 -04:00
Dan Walsh
51d9a078c2 Patch to change *setfilecon to not return ENOSUP if context matches.
Tools like cp -A try to maintain the context of a program and call *setfilecon,
currently if the file system does not support XAttrs we return ENOSUPP.  We have
been requested to check if the context that is being set is the same to not return this
error.  So if I try to set the label on an nfs share to system_u:object_r:nfs_t:s0 and I get
ENOSUPP, it will not return an error.
2013-10-24 13:58:37 -04:00
Dan Walsh
756013edc5 This patch fixes python parsing.
Eliminates a potential memory leaks.
2013-10-24 13:58:37 -04:00
Dan Walsh
851266c180 define SELINUX_TRANS_DIR in selinux.h
I wanted to separate this directory out in order for a new patch to mcstransd to watch
this directory for newly created files, which it could then translate.

The idea is libvirt would write to /var/run/setrans/c0:c1,c2 with the contents of vm1, then
setrans could translate the processes to show system_u:system_r:svirt_t:vm1
2013-10-24 13:58:37 -04:00
Dan Walsh
ce2a8848ad Add selinux_systemd_contexts_path
systemd has some internal contexts like generated systemd unit files
that we want to allow it to check against processes trying to manage them.
2013-10-24 13:58:37 -04:00
Dan Walsh
7fe6036ca5 Add selinux_set_policy_root sets an alternate policy root directory path
This allows us to specify under which the compiled policy file and context configuration
files exist. We can use this with matchpathcon to check the labels under alternate policies,
and we can use it for sepolicy manpage to build manpages during policy build.
2013-10-24 13:58:37 -04:00
Dan Walsh
2af252621b Add missing man page for sefcontext_compile 2013-10-24 13:58:37 -04:00
Dan Walsh
2540b20096 Laurent Bigonville patch to fix various minor manpage issues and correct section numbering. 2013-10-24 13:58:37 -04:00
Dan Walsh
4d2dd33411 Allow " " and ":" in file name transtions
We have added a couple of file name transtitions that required a space and a colon.
2013-10-24 13:58:37 -04:00
Dan Walsh
f44a218e5c handle-unknown should be an optional argument 2013-10-24 13:58:37 -04:00
Dan Walsh
a8b3340288 Laurent Bigonville patch to allow overriding PATH Definitions in Makefiles 2013-10-24 13:58:37 -04:00
Dan Walsh
56b49ab711 Richard Haines patch that allows us discover constraint violation information
Basically we need this information to allow audit2allow/audit2why to better
describe which constraint is being broken.
2013-10-24 13:58:37 -04:00
Eric Paris
3f52a123af libsemanage: semanage_store: fix segfault introduced to fix memory leak
In the patch to fix a minor memory leak, I introduced a garuanteed
segfault.  The point to the stack variable will never be NULL, whereas
the value on the stack will be.

Signed-off-by: Eric Paris <eparis@redhat.com>
2013-02-05 20:43:22 -05:00
Eric Paris
e9410c9b06 VERSION BUMP FOR UPSTREAM PUSH 2013-02-05 20:22:02 -05:00
Eric Paris
ce39302fd0 libselinux: sefcontext_compile: do not leak fd on error
We open the file which is to be used to write the binary format of file
contexts.  If we hit an error actually writing things out, we return,
but never close the fd.  Do not leak.

Signed-off-by: Eric Paris <eparis@redhat.com>
2013-02-05 20:21:52 -05:00
Eric Paris
4e5eaacc59 libselinux: matchmediacon: do not leak fd
Every time matchmediacon is called we open the
selinux_media_context_path().  But we never close the file.  Close the
file when we are finished with it.

Signed-off-by: Eric Paris <eparis@redhat.com>
2013-02-05 20:21:52 -05:00
Eric Paris
1e8f102e8c libselinux: src/label_android_property: do not leak fd on error
We were opening the path, but if the fstat failed or it was not a
regular file we would return without closing the fd.  Fix my using the
common error exit path rather than just returning.

Signed-off-by: Eric Paris <eparis@redhat.com>
2013-02-05 20:21:52 -05:00
Eric Paris
5c0d7113de policycoreutils: sestatus: rewrite to shut up coverity
The code did:

len = strlen(string);
new_string = malloc(len);
strncpy(new_string, string, len - 1)

Which is perfectly legal, but it pissed off coverity because 99/100
times if you do new_string = malloc(strlen(string)) you are doing it
wrong (you didn't leave room for the nul).  I rewrote that area to just
use strdup and then to blank out the last character with a nul.  It's
clear what's going on and nothing looks 'tricky'.  It does cost us 1
byte of heap allocation.  I think we can live with that to have safer
looking string handling code.

Signed-off-by: Eric Paris <eparis@redhat.com>
2013-02-05 20:21:51 -05:00
Eric Paris
295abb370b libsemanage: semanage_store: do not leak memory in semanage_exec_prog
If vork() failed we would leak the arguments created in split_args().
Reorder the function so it will hopefully be easy to read and will not
leak memory.

Signed-off-by: Eric Paris <eparis@redhat.com>
2013-02-05 20:19:05 -05:00
Eric Paris
d1c606ba46 libsemanage: genhomedircon: remove useless conditional in get_home_dirs
We have minuid_set = 0 at the top of the function and then do a test
like:

if (!minuid_set || something)

But since minuid_set is always 0, we always call this code.  Get rid of
the pointless conditional.

Signed-off-by: Eric Paris <eparis@redhat.com>
2013-02-05 20:19:05 -05:00
Eric Paris
e1400f0404 libsemanage: genhomedircon: double free in get_home_dirs
Right before the call to semanage_list_sort() we do some cleanup.
Including endpwent(); free(rbuf); semanage_list_destroy(&shells);  If
the call to the list sort fails we will go to fail: and will do those
cleanups a second time.  Whoops.  Do the list sort before the generic
cleanups so the failure code isn't run after the default cleanup.

Signed-off-by: Eric Paris <eparis@redhat.com>
2013-02-05 20:19:04 -05:00
Eric Paris
d0c7f6ea4f libsemanage: fcontext_record: do not leak on error in semanage_fcontext_key_create
If the strdup failed, we would return without freeing tmp_key.  This is
obviously a memory leak.  So free that if we are finished with it.

Signed-off-by: Eric Paris <eparis@redhat.com>
2013-02-05 20:19:04 -05:00
Eric Paris
7d83d86ba1 libsemanage: genhomedircon: do not leak on failure in write_gen_home_dir_context
We generate a list of users, but we do not free that list on error.
Just keep popping and freeing them on error.

Signed-off-by: Eric Paris <eparis@redhat.com>
2013-02-05 20:19:04 -05:00
Eric Paris
06f2a7c3a9 libsemanage: semanage_store: do not leak fd
We use creat to create the lock file needed later.  But we never close
that fd, so it just sits around until the program exits.  After we
create the file we don't need to hold onto the fd.  close it.

Signed-off-by: Eric Paris <eparis@redhat.com>
2013-02-05 20:19:04 -05:00
Eric Paris
5812ec2fbb libsemanage: genhomedircon: do not leak shells list
If get_home_dirs() was called without usepasswd we would generate the
entire shell list, but would never use that list.  We would then not
free that list when we returned the homedir_list.  Instead, do not
create the list of shells until after we know it will be used.

Signed-off-by: Eric Paris <eparis@redhat.com>
2013-02-05 20:19:04 -05:00
Eric Paris
78d618422b libsemanage: semanage_store: do not leak on strdup failure
Inside split_args we do a = realloc(b) and strdup.  If the realloc
succeeds and then the strdup fails, we return NULL to the caller.  The
caller will then jump to an error code which will do a free(b).  This is
fine if the realloc failed, but is a big problem if realloc worked.  If
it worked b is now meaningless and a needs to be freed.

I change the function interface to return an error and to update "b"
from the caller.

Signed-off-by: Eric Paris <eparis@redhat.com>
2013-02-05 20:19:03 -05:00
Eric Paris
d16ebaace1 libsemanage: semanage_store: rewrite for readability
We did a bunch of:

	if ((blah = function(a0, a1, a2)) == NULL) {
		goto err;
	} else {
		something = blah;
	}

Which takes 5 lines and is a pain to read.  Instead:

	blah = function(a0, a1, a2);
	if (blah == NULL)
		goto err;
	something = blah;

Which takes 4 lines and is easier to read!

Winning!

Signed-off-by: Eric Paris <eparis@redhat.com>
2013-02-05 20:19:03 -05:00
Eric Paris
3a4fc087ee scripts: release: do not complain if release dir exists
I just don't like the error message when building tar files.

Signed-off-by: Eric Paris <eparis@redhat.com>
2013-02-05 20:19:03 -05:00
Eric Paris
221e6d4665 policycoreutils: seunshare: do checking on setfsuid
setfsuid return codes were not being checked.  Add checks to make sure
we are switching from and to what we expect.  Bail (most places) if we
didn't switch successfully.

Signed-off-by: Eric Paris <eparis@redhat.com>
2013-02-05 20:14:51 -05:00