Commit Graph

459 Commits

Author SHA1 Message Date
Laurent Bigonville
fb85e5cc95 Sort object files for deterministic linking order
This patch is part of the Debian effort to make the build reproducible

Thank to Reiner Herrmann <reiner@reiner-h.de> for the patches

Signed-off-by: Laurent Bigonville <bigon@bigon.be>
2016-06-06 12:52:55 -04:00
Stephen Smalley
44e92a6959 Updated ChangeLogs.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-05-16 16:44:05 -04:00
Julien Pivotto
b13c44c367 libselinux, libsemanage: respect CC and PKG_CONFIG environment variable
Compilation tools respects certain environment variables, like CC.
However, in libselinux and libsemanage, they are not respected
everywhere. This command fixes respect for those variables, falling back
to the previous hardcoded values if not specified.
2016-05-16 16:29:07 -04:00
Stephen Smalley
b56c16a6e5 Updated libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-05-13 12:32:16 -04:00
Stephen Smalley
32773a99b1 Avoid mounting /proc outside of selinux_init_load_policy().
Temporarily mounting /proc within selinuxfs_exists() can cause
problems since it can be called by a libselinux constructor and
therefore may be invoked by every program linked with libselinux.
Since this was only motivated originally by a situation where
selinuxfs_exists() was called from selinux_init_load_policy()
before /proc was mounted, fix it in selinux_init_load_policy() instead.

This reverts commit 5a8d8c499b
("libselinux: only mount /proc if necessary") and
commit 9df4988846
("libselinux: Mount procfs before checking /proc/filesystems").

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-05-13 12:05:04 -04:00
Nicolas Iooss
8e30f76c6d Update .gitignore files
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-05-09 08:14:54 -04:00
Stephen Smalley
6ad28de149 Updated libselinux, libsemanage, libsepol, and policycoreutils ChangeLogs.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-05-02 08:45:45 -04:00
Laurent Bigonville
8586ee56be Fix multiple spelling errors
Thanks to the lintian utility from Debian
2016-05-02 08:45:45 -04:00
James Carter
24dbe792ce Updated libselinux ChangeLog.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-04-12 10:51:28 -04:00
Petr Lautrbach
f86707ead7 libselinux: Fix typo in sefcontext_compile.8
The man page contains 'prce' instead of 'pcre'

Reported-by: Milos Malik <mmalik@redhat.com>
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-04-12 10:48:43 -04:00
Stephen Smalley
f5c0b471e9 Updated libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-03-25 14:17:57 -04:00
Dan Walsh
950f3a6294 Fix location of selinuxfs mount point 2016-03-25 09:36:30 -04:00
Stephen Smalley
58dcbcd0db Updated libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-02-29 11:11:21 -05:00
Stephen Smalley
5a8d8c499b libselinux: only mount /proc if necessary
Commit 9df4988846 ("libselinux: Mount procfs before checking
/proc/filesystems") changed selinuxfs_exists() to always try
mounting /proc before reading /proc/filesystems.  However, this is
unnecessary if /proc is already mounted and can produce avc denials
if the process is not allowed to perform the mount.  Check first
to see if /proc is already present and only try the mount if it is not.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-02-29 10:27:48 -05:00
Stephen Smalley
085d7c99fd Updated libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-02-24 16:13:00 -05:00
dcashman
c7cf5d8aa0 libselinux: procattr: return einval for <= 0 pid args.
getpidcon documentation does not specify that a pid of 0 refers to the
current process, and getcon exists specifically to provide this
functionality, and getpidcon(getpid()) would provide it as well.
Disallow pid values <= 0 that may lead to unintended behavior in
userspace object managers.

Signed-off-by: Daniel Cashman <dcashman@android.com>
2016-02-24 10:05:14 -05:00
Stephen Smalley
ece9a6db47 Updated libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-02-24 09:20:11 -05:00
dcashman
f77021d720 libselinux: procattr: return error on invalid pid_t input.
Signed-off-by: Daniel Cashman <dcashman@android.com>
2016-02-24 09:18:59 -05:00
Steve Lawrence
2b69984b0c Update ChangeLog and VERSION for final release
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2016-02-23 11:31:41 -05:00
Stephen Smalley
9c5d36bb2e Updated libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-02-22 10:15:48 -05:00
Richard Haines
945cad865a libselinux: selinux_restorecon.3 man page corrections.
Fix typo's and clarify usage.

Reported-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
2016-02-22 10:14:42 -05:00
Stephen Smalley
6c20534b6f Updated libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-02-17 09:13:27 -05:00
Richard Haines
bdd4e6d2b1 libselinux: Add selinux_restorecon function
The selinux_restorecon(3) man page details this function.

It has been built using the work from Android where an SHA1 hash
of the specfiles is held in an extended attribute to enhance
performance. Also contains components from policycoreutils/setfiles.

The utils/selinux_restorecon.c utility demonstrates the functionality.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
2016-02-17 09:12:50 -05:00
Stephen Smalley
25201277a6 Updated libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-02-17 09:11:34 -05:00
William Roberts
2981e0ba3a read_spec_entry: fail on non-ascii
Inserting non-ascii characters into the following files:
 * file_contexts
 * property_contexts
 * service_contexts
can cause a failure on labeling but still result in a successful
build.

Hard error on non-ascii characters with:
<path>:  line 229 error due to: Non-ASCII characters found

Signed-off-by: William Roberts <william.c.roberts@intel.com>
2016-02-17 09:10:41 -05:00
Steve Lawrence
b3b5ede9ca Update ChangeLog and VERSION for release candidate
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2016-01-07 10:01:31 -05:00
Steve Lawrence
b3c1d4e425 Update libselinux and policycoreutils ChangeLogs
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2015-12-17 09:14:05 -05:00
Dan Walsh
f2a8ae9172 libselinux/man: Add information about thread specific on setfscreatecon
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2015-12-17 08:56:01 -05:00
Petr Lautrbach
554f75b4ee libselinux: Don't wrap rpm_execcon with DISABLE_RPM
a2737333 commit introduced a possibility to build libselinux without
rpm_execcon() when DISABLE_RPM is set. However, it didn't cover SWIG
bindings. With this commit the rpm_execcon() bindings are not created.

Fixes:
ImportError: /usr/lib64/python3.5/site-packages/selinux/_selinux.so: undefined symbol: rpm_execcon
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2015-12-17 08:56:01 -05:00
Stephen Smalley
d257b02dde Updated libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-11-24 16:38:14 -05:00
Richard Haines
46320aefc2 libselinux: Correct line count for property and service contexts files
When a line number is displayed for context errors they are
x2 the correct value, so reset line count for each pass.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Acked-by: Jeff Vander Stoep <jeffv@google.com>
2015-11-24 16:37:57 -05:00
Stephen Smalley
4a1169a367 Update libselinux and policycoreutils ChangeLogs.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-11-24 16:34:56 -05:00
Ville Skyttä
572fcef2ba libselinux, policycoreutils: Man page warning fixes
Signed-off-by: Ville Skyttä <ville.skytta@iki.fi>
2015-11-24 16:32:13 -05:00
Stephen Smalley
8dc4c05b79 Update libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-10-28 08:58:17 -04:00
William Roberts
90c2d42e03 libselinux: label_file: fix memory leaks and uninitialized jump
Some error's were reported by valgrind (below) fix them. The test
cases on which these leaks were detected:

1. properly formed file_contexts file.
2. malformed file_contexts file, unknown type.
3. malformed file_contexts file, type that fails on validate callback.
4. malformed file_contexts file, invalid regex.
5. malformed file_contexts file, invalid mode.

==3819== Conditional jump or move depends on uninitialised value(s)
==3819==    at 0x12A682: closef (label_file.c:577)
==3819==    by 0x12A196: selabel_close (label.c:163)
==3819==    by 0x10A2FD: cleanup (checkfc.c:218)
==3819==    by 0x5089258: __run_exit_handlers (exit.c:82)
==3819==    by 0x50892A4: exit (exit.c:104)
==3819==    by 0x10A231: main (checkfc.c:361)
==3819==  Uninitialised value was created by a heap allocation
==3819==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==3819==    by 0x4C2CF1F: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==3819==    by 0x12BB31: process_file (label_file.h:273)
==3819==    by 0x12A2BA: selabel_file_init (label_file.c:522)
==3819==    by 0x12A0BB: selabel_open (label.c:88)
==3819==    by 0x10A038: main (checkfc.c:292)
==3819==
==3819==
==3819== HEAP SUMMARY:
==3819==     in use at exit: 729 bytes in 19 blocks
==3819==   total heap usage: 21,126 allocs, 21,107 frees, 923,854 bytes allocated
==3819==
==3819== 81 bytes in 1 blocks are definitely lost in loss record 1 of 2
==3819==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==3819==    by 0x50D5839: strdup (strdup.c:42)
==3819==    by 0x12A2A6: selabel_file_init (label_file.c:517)
==3819==    by 0x12A0BB: selabel_open (label.c:88)
==3819==    by 0x10A038: main (checkfc.c:292)
==3819==

==4238== 40 bytes in 1 blocks are definitely lost in loss record 1 of 6
==4238==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4238==    by 0x12A1D2: selabel_file_init (label_file.c:886)
==4238==    by 0x12A0BB: selabel_open (label.c:88)
==4238==    by 0x10A038: main (checkfc.c:292)
==4238==
==4238== 81 bytes in 1 blocks are definitely lost in loss record 2 of 6
==4238==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4238==    by 0x50D5839: strdup (strdup.c:42)
==4238==    by 0x12A2A6: selabel_file_init (label_file.c:517)
==4238==    by 0x12A0BB: selabel_open (label.c:88)
==4238==    by 0x10A038: main (checkfc.c:292)
==4238==
==4238== 386 bytes in 24 blocks are definitely lost in loss record 3 of 6
==4238==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4238==    by 0x50D5889: strndup (strndup.c:45)
==4238==    by 0x12CDDF: read_spec_entries (label_support.c:37)
==4238==    by 0x12B72D: process_file (label_file.h:392)
==4238==    by 0x12A2BA: selabel_file_init (label_file.c:522)
==4238==    by 0x12A0BB: selabel_open (label.c:88)
==4238==    by 0x10A038: main (checkfc.c:292)
==4238==
==4238== 648 bytes in 18 blocks are definitely lost in loss record 4 of 6
==4238==    at 0x4C2CC70: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4238==    by 0x117C9B: avtab_insert_node (avtab.c:105)
==4238==    by 0x117C10: avtab_insert (avtab.c:163)
==4238==    by 0x11880A: avtab_read_item (avtab.c:566)
==4238==    by 0x118BD3: avtab_read (avtab.c:600)
==4238==    by 0x125BDD: policydb_read (policydb.c:3854)
==4238==    by 0x109F87: main (checkfc.c:273)
==4238==
==4238== 1,095 bytes in 12 blocks are definitely lost in loss record 5 of 6
==4238==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4238==    by 0x12D8D1: pcre_compile2 (pcre_compile.c:9217)
==4238==    by 0x12B239: compile_regex (label_file.h:357)
==4238==    by 0x12B9C7: process_file (label_file.h:429)
==4238==    by 0x12A2BA: selabel_file_init (label_file.c:522)
==4238==    by 0x12A0BB: selabel_open (label.c:88)
==4238==    by 0x10A038: main (checkfc.c:292)
==4238==
==4238== 1,296 bytes in 12 blocks are definitely lost in loss record 6 of 6
==4238==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4238==    by 0x13EBE5: pcre_study (pcre_study.c:1565)
==4238==    by 0x12B25D: compile_regex (label_file.h:366)
==4238==    by 0x12B9C7: process_file (label_file.h:429)
==4238==    by 0x12A2BA: selabel_file_init (label_file.c:522)
==4238==    by 0x12A0BB: selabel_open (label.c:88)
==4238==    by 0x10A038: main (checkfc.c:292)

Signed-off-by: William Roberts <william.c.roberts@intel.com>
2015-10-28 08:57:31 -04:00
Stephen Smalley
4de2259a0e Update libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-10-22 12:09:08 -04:00
Richard Haines
c1db824828 libselinux: Replace selabel_digest hash function
This replaces the openssl library with SHA1 hash functions
extracted from [1] as this is a public domain implementation.

util/selabel_digest -v option still compares the result with
the openssl command "openssl dgst -sha1 -hex .." for validation.

[1] https://github.com/WaterJuice/CryptLib

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
2015-10-22 11:55:02 -04:00
Stephen Smalley
bc9bc13c5d Updated libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-10-15 12:15:05 -04:00
Richard Haines
e0456053d0 libselinux: Fix selabel_open(3) services if no digest requested
If selabel_open is called with no request for a digest it will fail
with ENOENT. This fixes all the labeling routines to resolve this
problem. The utils/selabel_digest example has also been updated
to allow calling selabel_open with and without digest requests to
aid testing.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
2015-10-15 12:13:42 -04:00
Stephen Smalley
4d0a9868e1 Updated libselinux ChangeLog
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-10-13 17:14:48 -04:00
Richard Haines
e40bbea95f libselinux: Add selabel_digest function
selabel_digest(3) if enabled by the SELABEL_OPT_DIGEST option during
selabel_open(3) will return an SHA1 digest of the spec files, plus
a list of the specfiles used to calculate the digest. There is a
test utility supplied that will demonstrate the functionality.

The use case for selabel_digest(3) is to implement an selinux_restorecon
function based on the Android version that writes a hash of the
file_contexts files to an extended attribute to enhance performance
(see external/libselinux/src/android.c selinux_android_restorecon()).

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
2015-10-13 17:13:24 -04:00
Stephen Smalley
c9c1f27370 Updated libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-10-13 16:32:29 -04:00
Jason Zaman
985935c318 libselinux: Fix parallel build with swig python
Commit 966855d9a1 added selinux.py as a requirement for pywrap.
This file is generated during the swig step but there is no explicit
rule in the Makefile so parallel build fails. This adds another rule
so the ordering is correct.

jason@meriadoc ~/code/gentoo/selinux/libselinux $ make -j3 pywrap
.... SNIP ....
sed -e 's/@VERSION@/2.4/; s:@prefix@:/usr:; s:@libdir@:lib:; s:@includedir@:/usr/include:' < libselinux.pc.in > libselinux.pc
bash exception.sh > selinuxswig_python_exception.i
make[1]: *** No rule to make target 'selinux.py', needed by 'pywrap'.  Stop.
make[1]: *** Waiting for unfinished jobs....
make[1]: Leaving directory '/home/jason/code/gentoo/selinux/libselinux/src'
Makefile:36: recipe for target 'pywrap' failed
make: *** [pywrap] Error 2

Signed-off-by: Jason Zaman <jason@perfinion.com>
2015-10-13 16:31:56 -04:00
Stephen Smalley
5aeb4c350b Updated libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-09-23 11:12:25 -04:00
Stephen Smalley
b408d72ca9 libselinux: flush the class/perm string mapping cache on policy reload
This improves the robustness of programs using selinux_check_access()
in the face of policy updates that alter the values of the class or
permissions that they are checking.  Otherwise, a policy update can
trigger false permission denials, as in
https://bugzilla.redhat.com/show_bug.cgi?id=1264051

Changes to the userspace class/permission definitions should still be
handled with care, as not all userspace object managers have been converted
to use selinux_check_access() and even those that do use it are still not
entirely safe against an interleaving of a policy reload and a call to
selinux_check_access().  The change does however address the issue in
the above bug and avoids the need to restart systemd.

This change restores the flush_class_cache() function that was removed in
commit 435fae64a9 ("libselinux: Remove unused flush_class_cache method")
because it had no users at the time, but makes it hidden to avoid exposing
it as part of the libselinux ABI.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-09-22 12:16:44 -04:00
Stephen Smalley
c56c2a3b2d Updated libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-09-22 10:56:18 -04:00
Nir Soffer
f2e38b609c libselinux: Fix restorecon when path has no context
When a path has no context, for example, when the file was created when
selinux was disabled, selinux.restorecon(path) will fail:

    >>> selinux.restorecon('/etc/multipath.conf.new')
    Traceback (most recent call last):
      File "<stdin>", line 1, in <module>
      File "/usr/lib64/python2.7/site-packages/selinux/__init__.py", line 88,
      in restorecon
        status, oldcontext = lgetfilecon(path)
    OSError: [Errno 61] No data available

This failure does not seems to be useful, as we can successfully match
the context for this path using selinux.matchpathcon(), and set it
successfully using selinux.chcon(). The failure is caused by trying to
avoid the lsetfilecon() call if the current context is does not need
update.

This patch handles this specific error from lgetfilecon(), preventing
this failure.

Signed-off-by: Nir Soffer <nsoffer@redhat.com>
2015-09-22 10:55:57 -04:00
Stephen Smalley
3302de4625 Updated libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-09-15 10:36:12 -04:00
Richard Haines
c2cb37580a libselinux: Free memory when processing media and x specfiles
Ensure all memory is freed - checked using valgrind

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
2015-09-15 10:35:11 -04:00
Richard Haines
5d19497b5c libselinux: Fix mmap memory release for file labeling
Ensure the mmap start address and length are not modified so the memory
used can be released when selabel_close(3) is called.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
2015-09-15 10:30:37 -04:00