This new function allows a process to invoke helper programs with
a new execution context based on the filename, this is initially
intended for package managers so that they can easily execute
package scriptlets or maintainer scripts.
Base rpm_execcon() off this new function.
Signed-off-by: Guillem Jover <guillem@debian.org>
Failure to copy the entire av_decision structure, including the
flags field, would prevent preservation of the SELINUX_AVD_FLAGS_PERMISSIVE
flag and thus cause per-domain permissive to not be honored for userspace
permission checks.
Also ensure that we clear the entire structure.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
libselinux uses weak bindings to pthread functions and will fall
back to non-threaded implementations if the caller is not linked
with libpthread. Avoid requiring all users of libselinux to
link with libpthread.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This patch uses Richard Haines fixes in libsepol to help identify which
constraint is blocking access. The end goal is helping policy writers
and administrators to diagnose issues with their policy.
If we get an EINVAL from security_compute_av* (indicates an invalid
source or target security context, likely due to a policy reload that
removed one or the other) and we are in permissive mode, then handle it
like any other permission denial, i.e. log but do not deny it.
Reported-by: Laurent Bigonville <bigon@debian.org>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2.1.99 is just a placeholder to distinguish it from the prior release.
2.2 will be the released version. Switching to 2-component versions.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
If the RANLIB variable is defined by the user, use that value instead of
the /usr/bin/ranlib binary.
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
If /sys is not present, the attempt to mount selinuxfs will of course
fail. So we try to mount /sys first (and only if that fails fall back to
the /selinux mount point) and then try to mount selinuxfs.
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
We were asked not to link to libpthread but to use gcc internals.
We were not handling properly the fact that a cache was UNSET, and this
patch fixes this.
Also change audit2why to look at the loaded policy rather then searching on disk for
the policy file. It is more likely that you are examining the running policy.
In the past pam_selinux would return a bogus login context if the login program
was running with the wrong context. If you ran sshd as unconfined_t
you might get the login user loggin in as pam_oddjob_mkhomedir_t or some other bogus
type. This change fixes the code to return an error if it can not return a good
match.
We want to allow users to setup their substitions to run fist and then run
the distro subs second. This fixes the problem where a user defines
a sub like /usr/local/foobar and we ignore it. We need this for
software collections which is setting up local subs of /opt/src/foobar/root /
Tools like cp -A try to maintain the context of a program and call *setfilecon,
currently if the file system does not support XAttrs we return ENOSUPP. We have
been requested to check if the context that is being set is the same to not return this
error. So if I try to set the label on an nfs share to system_u:object_r:nfs_t:s0 and I get
ENOSUPP, it will not return an error.
I wanted to separate this directory out in order for a new patch to mcstransd to watch
this directory for newly created files, which it could then translate.
The idea is libvirt would write to /var/run/setrans/c0:c1,c2 with the contents of vm1, then
setrans could translate the processes to show system_u:system_r:svirt_t:vm1
This allows us to specify under which the compiled policy file and context configuration
files exist. We can use this with matchpathcon to check the labels under alternate policies,
and we can use it for sepolicy manpage to build manpages during policy build.
label_file.c: In function ‘load_mmap’:
label_file.c:238:81: error: declaration of ‘stat’ shadows a global declaration [-Werror=shadow]
cc1: all warnings being treated as errors
Signed-off-by: Joe MacDonald <joe@deserted.net>
Versions of PCRE prior to 8.20 did not have pcre_free_study(). In its
absence, use pcre_free() instead.
Signed-off-by: Joe MacDonald <joe@deserted.net>
If the RANLIB variable is defined by the user, use that value instead of
the /usr/bin/ranlib binary.
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
If /sys is not present, the attempt to mount selinuxfs will of course
fail. So we try to mount /sys first (and only if that fails fall back to
the /selinux mount point) and then try to mount selinuxfs.
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
We open the file which is to be used to write the binary format of file
contexts. If we hit an error actually writing things out, we return,
but never close the fd. Do not leak.
Signed-off-by: Eric Paris <eparis@redhat.com>
Every time matchmediacon is called we open the
selinux_media_context_path(). But we never close the file. Close the
file when we are finished with it.
Signed-off-by: Eric Paris <eparis@redhat.com>
