selinux

mirror of https://github.com/SELinuxProject/selinux synced 2024-12-19 12:44:32 +00:00

Go to file

Nicolas Iooss 6675e12cc1 libsepol: do not crash when a symbol does not exist When hll/pp reads an invalid policy module where some scopes use required symbols which are not defined, the program crashes with a segmentation fault in required_scopes_to_cil(): Program received signal SIGSEGV, Segmentation fault. required_scopes_to_cil (decl_stack=0x6040b0, block=0x607780, pdb=0x6042e0, indent=0) at module_to_cil.c:3479 3479 for (j = 0; j < scope_datum->decl_ids_len; j++) { => 0x00007ffff7a7b1a8 <block_to_cil+5224>: 44 8b 58 10 mov 0x10(%rax),%r11d (gdb) bt #0 required_scopes_to_cil (decl_stack=0x6040b0, block=0x607780, pdb=0x6042e0, indent=0) at module_to_cil.c:3479 #1 block_to_cil (pdb=pdb@entry=0x6042e0, block=block@entry=0x607780, stack=stack@entry=0x6040b0, indent=indent@entry=0) at module_to_cil.c:3622 #2 0x00007ffff7a85a18 in global_block_to_cil (stack=0x6040b0, block=0x607780, pdb=0x6042e0) at module_to_cil.c:3738 #3 blocks_to_cil (pdb=0x6042e0) at module_to_cil.c:3764 #4 sepol_module_policydb_to_cil (fp=fp@entry=0x7ffff79d05e0 <_IO_2_1_stdout_>, pdb=0x6042e0, linked=linked@entry=0) at module_to_cil.c:4051 #5 0x00007ffff7a86b55 in sepol_module_package_to_cil (fp=fp@entry=0x7ffff79d05e0 <_IO_2_1_stdout_>, mod_pkg=0x604280) at module_to_cil.c:4080 #6 0x0000000000401acc in main (argc=<optimized out>, argv=<optimized out>) at pp.c:150 (gdb) p scope_datum $1 = (struct scope_datum *) 0x0 Detect such errors and exit with an error return value. Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>		2016-11-23 12:31:55 -05:00
checkpolicy	checkpolicy: treat -self as an error	2016-11-18 11:09:38 -05:00
dbus	Add stub make test targets to new subdirs	2016-11-16 11:20:05 -05:00
gui	Add stub make test targets to new subdirs	2016-11-16 11:20:05 -05:00
libselinux	label_file.h: actually use the results of compat_validate	2016-11-21 09:24:31 -05:00
libsemanage	libselinux, libsemanage: use Python-specific .so extension	2016-11-18 08:52:38 -05:00
libsepol	libsepol: do not crash when a symbol does not exist	2016-11-23 12:31:55 -05:00
mcstrans	mcstrans: fix global "make install"	2016-11-17 16:49:24 -05:00
policycoreutils	Drop ChangeLog files	2016-11-16 12:10:58 -05:00
python	Drop ChangeLog files	2016-11-16 12:10:58 -05:00
restorecond	restorecond: Add gitignore	2016-11-16 11:20:05 -05:00
sandbox	sandbox: make test not fail on systems without SELinux	2016-11-17 16:44:57 -05:00
scripts	Fix release script	2016-11-16 11:19:51 -05:00
secilc	Drop ChangeLog files	2016-11-16 12:10:58 -05:00
semodule-utils	semodule-utils: Drop -lselinux from Makefiles.	2016-11-16 11:19:51 -05:00
.gitignore	restorecond: Add gitignore	2016-11-16 11:20:05 -05:00
CleanSpec.mk	Add empty top level Android.mk / CleanSpec.mk files	2015-04-16 07:54:09 -04:00
Makefile	Build mcstrans.	2016-11-16 11:19:50 -05:00
README	Add redhat-rpm-config as a build dependency on Fedora.	2016-05-04 15:54:27 -04:00

README

Please submit all bug reports and patches to selinux@tycho.nsa.gov.
Subscribe via selinux-join@tycho.nsa.gov.

Build dependencies on Fedora:
yum install audit-libs-devel bison bzip2-devel dbus-devel dbus-glib-devel flex flex-devel flex-static glib2-devel libcap-devel libcap-ng-devel pam-devel pcre-devel python-devel setools-devel swig ustr-devel xmlto redhat-rpm-config

To build and install everything under a private directory, run:
make DESTDIR=~/obj install install-pywrap

To install as the default system libraries and binaries
(overwriting any previously installed ones - dangerous!),
on x86_64, run:
make LIBDIR=/usr/lib64 SHLIBDIR=/lib64 install install-pywrap relabel
or on x86 (32-bit), run:
make install install-pywrap relabel

This may render your system unusable if the upstream SELinux userspace
lacks library functions or other dependencies relied upon by your
distribution.  If it breaks, you get to keep both pieces.