Commit Graph

744 Commits

Author SHA1 Message Date
Jason Zaman
b87db86f79 sepolicy: C Module init for python3
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-08-05 12:57:08 -04:00
Jason Zaman
356a6e2566 sepolicy: Add python3 PyInt and PyString defs
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-08-05 12:57:08 -04:00
Jason Zaman
925bb39ba2 semanage: misc style issues
Unused imports
== None should be is None

Signed-off-by: Jason Zaman <jason@perfinion.com>
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-08-05 12:57:08 -04:00
Jason Zaman
35d44f17af seobject: use sorted() instead of .sort()
2to3 wanted to wrap all the .keys() calls in list() but doing sorted()
directly is better.

Signed-off-by: Jason Zaman <jason@perfinion.com>
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-08-05 12:57:08 -04:00
Jason Zaman
b51c39499b semanage: py3 support for print function and map/filter
map and filter were turned into list comprehensions.
This was done using python's 2to3 utility.

Signed-off-by: Jason Zaman <jason@perfinion.com>
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-08-05 12:57:08 -04:00
Steve Lawrence
af7aa0b9ad Update policycoreutils ChangeLog.
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2016-08-04 08:43:39 -04:00
Petr Lautrbach
62a2a94419 policycoreutils: semodule - remove 'q' from getopt string
Users are confused that this option is not documented or that
'semodule -q' doesn't show:

semodule: invalid option -- 'q'

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2016-08-04 08:42:15 -04:00
Stephen Smalley
c17727e54f Updated policycoreutils ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-07-25 13:57:21 -04:00
Petr Lautrbach
859c82d8e6 policycoreutils: Remove unused autoconf files from po/
None of *.in and POTFILES* files is used in current build process.

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2016-07-25 13:54:49 -04:00
Piotr Drąg
bc69158385 policycoreutils: Remove duplicate, empty translation files
policycoreutils carries many duplicate, empty translation files.
They are a remnant of broken Transifex's system for managing
translation codes. This commit removes them.

Signed-off-by: Piotr Drąg <piotrdrag@gmail.com>
2016-07-25 13:54:43 -04:00
Stephen Smalley
c983674138 Updated policycoreutils ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-07-12 15:36:44 -04:00
Jason Zaman
0576ba5268 open_init_pty: Do not error on EINTR
There is a signal handler so that the select returns EINTR when the
child exits. EINTR is used to then clean up and flush the remaining
buffers. It should not error.

Signed-off-by: Jason Zaman <jason@perfinion.com>
2016-07-12 15:35:23 -04:00
Stephen Smalley
74e25b1e81 Updated ChangeLogs.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-07-01 12:58:23 -04:00
Petr Lautrbach
03e87ff2a9 policycoreutils: fix [-s STORE] typos in semanage
semanage and semanage man pages used wrong usage of
[-S STORE] in synopsis

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2016-07-01 12:54:17 -04:00
Stephen Smalley
1814207f68 Updated policycoreutils ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-06-23 12:45:52 -04:00
Michael De La Rue
4134b61630 Update sandbox types in sandbox manual to match actual usage as I understand it (based on Fedora 23) 2016-06-17 18:24:35 +01:00
James Carter
999747aa57 Updated libselinux, libsemanage, libsepol, and policycoreutils ChangeLogs.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-06-06 13:08:17 -04:00
Philipp Gesang
c187f0ba43 policycoreutils: fix typos in semanage manpages
Signed-off-by: Philipp Gesang <philipp.gesang@intra2net.com>
2016-06-06 12:52:46 -04:00
Petr Lautrbach
9676142888 policycoreutils/semodule: Fix the documentation of -l,--list
It wasn't clear how to use -l option with full/standard KIND and the
example in semodule.8 man page was wrong.

Based on a patch by Laurent Bigonville <bigon@bigon.be>
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2016-06-06 12:52:36 -04:00
Stephen Smalley
3749315847 Updated ChangeLogs.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-05-19 14:22:55 -04:00
Laurent Bigonville
7f12c32039 policycoreutils: Minor fix in a French translation 2016-05-19 14:16:21 -04:00
Stephen Smalley
44e92a6959 Updated ChangeLogs.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-05-16 16:44:05 -04:00
Petr Lautrbach
15beaf8dac policycoreutils: fix the extract example in semodule.8
The man page's example suggested to use -g instead of -E and used --cil
and --hll options on the wrong positions.

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2016-05-16 16:30:37 -04:00
Petr Lautrbach
4f2b362ff7 policycoreutils: update sandbox.8 man page
- Handling of cgroups was remove in de0795a12e but
  -c option was still documented in sandbox.8

- Minor formatting fix

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2016-05-16 16:30:24 -04:00
Petr Lautrbach
44d8b89a08 policycoreutils: remove typos from chcat --help
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2016-05-16 16:30:01 -04:00
Stephen Smalley
6ad28de149 Updated libselinux, libsemanage, libsepol, and policycoreutils ChangeLogs.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-05-02 08:45:45 -04:00
Laurent Bigonville
8586ee56be Fix multiple spelling errors
Thanks to the lintian utility from Debian
2016-05-02 08:45:45 -04:00
James Carter
8b3d0ed43c Updated checkpolicy and policycoreutils ChangeLogs.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-04-12 10:44:29 -04:00
James Carter
8fb088a33d policycoreutils/hll/pp: Warn if module name different than output filename
Since CIL treats files as modules and does not have a separate
module statement it can cause confusion when a Refpolicy module
has a name that is not the same as its base filename because older
SELinux userspaces will refer to the module by its module name while
a CIL-based userspace will refer to it by its filename.

Because of this, provide a warning message when converting a policy
package to CIL and the output filename is different than the module
name.

Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-04-12 10:41:04 -04:00
Steve Lawrence
2b69984b0c Update ChangeLog and VERSION for final release
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2016-02-23 11:31:41 -05:00
Steve Lawrence
9d76b62fa7 Update libsepol, libsemanage, and policycoreutils ChangeLogs
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2016-02-17 08:52:11 -05:00
Nicolas Iooss
061c4fcbd4 policycoreutils: sepolicy: do not overwrite CFLAGS
sepolicy Makefile overwrites CFLAGS value, which prevents compiling its
Python module with custom compilation flags.  Modify it to append flags
to CFLAGS instead, like other policycoreutils programs do.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-02-11 08:42:45 -05:00
Nicolas Iooss
168f653d28 policycoreutils: sepolicy: rename policy global variable
Variable policy is both a global variable and a parameter to some
functions in policycoreutils/sepolicy/search.c.  This makes the building
fail when using -Wshadow -Werror compilation flags.

Fix this by renaming the global variable global_policy.  This does not
change the API of the Python module.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-02-11 08:36:27 -05:00
Steve Lawrence
e97d3eca99 Update libsepol, libsemanage, policycoreutils, and sepolgen ChangeLogs
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2016-02-01 09:05:47 -05:00
Nicolas Iooss
d1b49d833e policycoreutils: newrole: add missing defined in #if
When building newrole with gcc 5.3.0 and some warning flags, the
compiler reports:

  newrole.c:77:33: error: "NAMESPACE_PRIV" is not defined [-Werror=undef]
  #if defined(AUDIT_LOG_PRIV) || (NAMESPACE_PRIV)
                                  ^

Indeed, "defined" is missing here.  This nevertheless worked so far
because when NAMESPACE_PRIV was selected in the Makefile, newrole.c was
compiled with "-DNAMESPACE_PRIV", which defined NAMESPACE_PRIV to 1.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-02-01 08:54:30 -05:00
Steve Lawrence
f7088b70af Update policycoreutils ChangeLog
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2016-01-12 08:48:12 -05:00
Lukas Vrabec
0fc39ca4f7 Added missing descriptions for --*-key params in secon man page.
Fixed secon help, merged descriptions for --current-* and --self-*
params.

Signed-off-by: Lukas Vrabec <lvrabec@redhat.com>
2016-01-12 08:39:14 -05:00
Lukas Vrabec
dd7a9363d9 Add description of missing newrole parameter -p in newrole man page.
Signed-off-by: Lukas Vrabec <lvrabec@redhat.com>
2016-01-12 08:39:14 -05:00
Steve Lawrence
b3b5ede9ca Update ChangeLog and VERSION for release candidate
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2016-01-07 10:01:31 -05:00
Steve Lawrence
7526d1ad93 Update policycoreutils ChangeLog
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2016-01-07 10:01:01 -05:00
Petr Lautrbach
f590d37704 policycoreutils: semanage: list reserver_port_t
reserver_port_t was omitted in 'semanage port -l'. There seems to be no
reason for that nowadays therefore we can list it.

Resolves https://bugzilla.redhat.com/show_bug.cgi?id=1225806

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2016-01-04 08:55:14 -05:00
Steve Lawrence
b3c1d4e425 Update libselinux and policycoreutils ChangeLogs
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2015-12-17 09:14:05 -05:00
Laurent Bigonville
7d8f5ce9b8 policycoreutils/chcat: Add a fallback in case os.getlogin() returns nothing
Some teminal emulators (like the latest version of gnome-terminal) are
not setting entries in the utmp file, this leads getlogin() to return an
empty string.

Fallback to the name of the user running the chcat process.
2015-12-17 08:56:01 -05:00
Stephen Smalley
36d164ca56 Update policycoreutils ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-12-01 15:36:19 -05:00
Petr Lautrbach
fa438ddf50 policycoreutils: replace string.join() with str.join()
Fixes Python 3 error:
  AttributeError: module 'string' has no attribute 'join'

Based on a patch by Tomas Radej <tradej@redhat.com>
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2015-12-01 15:33:36 -05:00
Petr Lautrbach
b300d3d43a policycoreutils: fix 'semanage permissive -l' subcommand
This reverts the commit 97d06737 which introduced a regression on '-l'
which started to require at least one argument and fixes the original
problem other way. A args.parser value is set now and handlePermissive
function uses it to print an usage message when args.type is not set.

Fixes: semanage permissive -l
  usage: semanage permissive [-h] (-a | -d | -l) [-n] [-N] [-S STORE]
                             type [type ...]
  semanage permissive: error: the following arguments are required: type

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2015-12-01 15:33:11 -05:00
Stephen Smalley
4a1169a367 Update libselinux and policycoreutils ChangeLogs.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-11-24 16:34:56 -05:00
Ville Skyttä
572fcef2ba libselinux, policycoreutils: Man page warning fixes
Signed-off-by: Ville Skyttä <ville.skytta@iki.fi>
2015-11-24 16:32:13 -05:00
James Carter
e29d606f62 Updated policycoreutils ChangeLog.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2015-11-20 13:29:30 -05:00
Miroslav Grepl
0f4620d611 policycoreutils/sandbox: Fix sandbox to propagate specified MCS/MLS Security Level.
If "level" option is used to start sandbox commands, this level is not propagated
to specified  homedir and tmpdir directories. See rhbz #1279006.

Signed-off-by: Miroslav Grepl <mgrepl@redhat.com>
2015-11-20 13:14:10 -05:00
James Carter
50c349df8f Updated policycoreutils ChangeLog.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2015-11-19 16:19:33 -05:00
Petr Lautrbach
97d067376a policycoreutils: Require at least one argument for 'semanage permissive -d'
Fixes: python ./semanage permissive -d
Traceback (most recent call last):
  File "./semanage", line 925, in <module>
    do_parser()
  File "./semanage", line 904, in do_parser
    args.func(args)
  File "./semanage", line 708, in handlePermissive
    OBJECT.delete(args.type)
  File "/selinux.git/policycoreutils/semanage/seobject.py", line 479, in delete
    for n in name.split():
AttributeError: 'NoneType' object has no attribute 'split'

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2015-11-19 16:17:59 -05:00
Petr Lautrbach
8922ff887f policycoreutils: improve sepolicy command line interface
Previously, when sepolicy was run without any argument, the usage message
with the error "too few arguments" was shown. Using Python 3 it threw a traceback.
This patch unifies behavior on Py2 and Py3 so that sepolicy shows the help
message in this case.

Fixes:
Traceback (most recent call last):
  File "/usr/bin/sepolicy", line 647, in <module>
    args.func(args)
AttributeError: 'Namespace' object has no attribute 'func'

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2015-11-19 16:17:51 -05:00
Sven Vermeulen
8243069211 Open stdin as read/write
As per the discussion on the selinux development mailinglist, the tmux
application expects the stdin to be writeable. Although perhaps not the most
proper way, having newrole opening the descriptor in read/write keeps the
behaviour in line with what applications expect.

See also http://marc.info/?l=selinux&m=136518126930710&w=2

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2015-10-01 15:49:00 -04:00
Stephen Smalley
92eec06ca6 policycoreutils/newrole: Set keepcaps around setresuid calls.
Set the "keep capabilities" flag around the setresuid() calls in
drop_capabilities() so that we do not simultaneously drop all
capabilities (when newrole is setuid).

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-10-01 15:47:08 -04:00
Dan Walsh
572f899267 Fix newrole to not drop capabilities from the bounding set.
Stop dropping capabilities from its children.
Add better error messages.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2015-10-01 15:44:11 -04:00
Stephen Smalley
e93f755bf7 Updated policycoreutils ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-08-25 15:07:52 -04:00
Petr Lautrbach
663d76dbb6 policycoreutils: audit2* - ignore setlocale errors
When a user has invalid locales set, audit2allow and audit2why fail with
a traceback. This could be safely ignored as it will stay with 'C'
locale.

Fixes:
Traceback (most recent call last):
  File "policycoreutils/audit2allow/audit2allow", line 35, in <module>
    locale.setlocale(locale.LC_ALL, '')
  File "/usr/lib64/python2.7/locale.py", line 579, in setlocale
    return _setlocale(category, locale)
locale.Error: unsupported locale setting

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2015-08-25 15:06:37 -04:00
James Carter
774f859bce Updated libsemanage and policycoreutils ChangeLogs.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2015-08-06 11:01:03 -04:00
Yuli Khodorkovskiy
65c6325271 policycoreutils/semodule: update semodule to allow extracting modules
Add --extract/-E, --cil/-c, and --hll/-H to extract modules. If -c/-H
are not provided, the module will be output as HLL by default. Only
--cil or --hll (which will use the lang_ext in the semodule store) are valid
options to use with -E. The module is written to the current working directory
as <module_name>.<lang_ext>.

If a module exists as HLL and is exported as CIL, it will first compile into
CIL and cache to the module store. Once compiled, exporting will
continue.

If no priority is provided when extracting a module, then extraction at
the default priority, 400, will be attempted. If the module does not
exist at the default priority, then it will be exported at the highest
existing priority.

Examples:

Extract the wireshark module in a .cil format. If the module only exists
as HLL on the system, the module will be compiled into CIL and placed
into the module store. This command will then write wireshark.cil to the CWD.

    semodule --cil --extract wireshark

Extract the wireshark module in HLL format. Since the original HLL file
was a policy package, a wireshark.pp will be written to the CWD.

    semodule -E wireshark

Extract the wireshark module as CIL and HLL and extract the puppet
module as CIL at priority 400.

    semodule --hll -E wireshark --cil -E wireshark -X 400 --cil -E puppet

Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2015-08-06 10:59:44 -04:00
Stephen Smalley
23f6db52a5 Updated policycoreutils and sepolgen ChangeLogs.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-07-31 11:18:39 -04:00
Petr Lautrbach
7bd95d71f1 policycoreutils: Comment constraint rules in audit2allow and sepolgen output
Constraint rules in output need to be commented in order to make a policy
compilable.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1155974

Patch-by: Miroslav Grepl <mgrepl@redhat.com>
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2015-07-31 11:16:00 -04:00
Stephen Smalley
38feeaddf7 Updated policycoreutils ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-07-24 09:05:33 -04:00
Jason Zaman
789d0ebbf9 policycoreutils: Fix PEP8 issues
When trying to get policycoreutils working in python3, I kept running
into TabErrors:

    Traceback (most recent call last):
      File "/usr/lib/python-exec/python3.3/semanage", line 27, in <module>
        import seobject
      File "/usr/lib64/python3.3/site-packages/seobject.py", line 154
        context = "%s%s" % (filler, raw)
                                       ^
    TabError: inconsistent use of tabs and spaces in indentation

Python3 is a lot stricter than python2 regarding whitespace and looks like
previous commits mixed the two.  When fixing this, I took the chance to fix
other PEP8 style issues at the same time.

This commit was made using:
$ file $(find . -type f) | grep -i python | sed 's/:.*$//' > pyfiles
$ autopep8 --in-place --ignore=E501,E265 $(cat pyfiles)

The ignore E501 is long lines since there are many that would be wrapped
otherwise, and E265 is block comments that start with ## instead of just #.

Signed-off-by: Jason Zaman <jason@perfinion.com>
2015-07-24 16:07:13 +08:00
Stephen Smalley
92cc7b0112 Updated policycoreutils ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-07-22 10:08:05 -04:00
Stephen Smalley
4031618396 policycoreutils: semanage: fix moduleRecords deleteall method
commit 2ff279e21e ("policycoreutils:
 semanage: update to new source policy infrastructure") introduced
new methods for enabling/disabling modules but failed to update
the deleteall method of class moduleRecords to use the new method.
The deleteall method was introduced by commit
3dafb1046d ("Add deleteall customizations
field for modules.") as a way to re-enable all locally disabled modules.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-07-22 09:59:35 -04:00
Stephen Smalley
5ee1befee4 policycoreutils: semanage: kwarg -> kwargs
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-07-22 09:33:12 -04:00
Stephen Smalley
d7b1bf3ff2 Updated policycoreutils ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-07-22 09:21:23 -04:00
Michal Srb
7574a50f18 policycoreutils/scripts: improve compatibility with Python 3
- __builtin__ module has been renamed to "builtins" in Python 3
- use reserved word `as` in try-except
- replace print statement with print function
- migrate from commands to subprocess
- fix formatting

Signed-off-by: Michal Srb <msrb@redhat.com>
2015-07-22 09:20:44 -04:00
Michal Srb
349239e677 policycoreutils/semanage: improve compatibility with Python 3
- gettext.install() only takes "unicode" keyword argument in Python 2
- __builtin__ module has been renamed to "builtins" in Python 3
- use reserved word `as` in try-except
- replace print statement with print function

Signed-off-by: Michal Srb <msrb@redhat.com>
2015-07-22 09:20:44 -04:00
Michal Srb
a9ce2e7358 policycoreutils/sandbox: improve compatibility with Python 3
- gettext.install() only takes optional "unicode" keyword argument in
  Python 2, and its default value is "False". This keyword argument
  doesn't exist in Python 3
- __builtin__ module has been renamed to "builtins" in Python 3
- raw_input() has been renamed to input() in Python 3
- specify octal literals in form compatible with both Python 2 and 3
- migrate from commands to subprocess
- replace print statement with print function
- use reserved word `as` in try-except
- replace deprecated assert_() method with assertTrue() in unit tests

Signed-off-by: Michal Srb <msrb@redhat.com>
2015-07-22 09:20:44 -04:00
Michal Srb
d135951152 policycoreutils/audit2allow: improve compatibility with Python 3
- replace print statement with print function
- use reserved word `as` in try-except
- replace deprecated assert_() method with assertTrue() in unit tests

Signed-off-by: Michal Srb <msrb@redhat.com>
2015-07-22 09:20:44 -04:00
Stephen Smalley
1eebc7748f Updated policycoreutils ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-07-16 13:11:01 -04:00
Stephen Smalley
696c498c46 Updated policycoreutils ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-07-16 12:29:44 -04:00
Laurent Bigonville
4fbc6623eb Set self.sename to sename after calling semanage_seuser_set_sename()
This fixes audit information that are being logged and a crash when the
python-audit binding is not installed.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734806
2015-07-16 12:27:03 -04:00
Stephen Smalley
fd60703766 Updated policycoreutils ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-07-09 09:04:10 -04:00
Petr Lautrbach
6fd8e08606 Fix typo in semanage args for minimum policy store 2015-07-09 09:03:27 -04:00
Stephen Smalley
31f7239219 Updated policycoreutils ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-06-12 08:59:11 -04:00
Sven Vermeulen
73b7ff410c Only invoke RPM on RPM-enabled Linux distributions
When calling "sepolgen generate" to automatically generate a SELinux
policy template, the command fails when it cannot invoke RPM related
commands on Linux distributions that do not support RPM by default:

Failed to retrieve rpm info for selinux-policy
Traceback (most recent call last):
  File "/usr/lib/python-exec/python2.7/sepolicy", line 643, in <module>
    args.func(args)
  File "/usr/lib/python-exec/python2.7/sepolicy", line 517, in generate
    print mypolicy.generate(args.path)
  File "/usr/lib64/python2.7/site-packages/sepolicy/generate.py", line 1370, in generate
    out += "%s # %s\n" % (self.write_spec(out_dir), _("Spec file"))
  File "/usr/lib64/python2.7/site-packages/sepolicy/generate.py", line 1219, in write_spec
    fd.write(self.generate_spec())
  File "/usr/lib64/python2.7/site-packages/sepolicy/generate.py", line 1181, in generate_spec
    selinux_policyver = get_rpm_nvr_list("selinux-policy")[1]
TypeError: 'NoneType' object has no attribute '__getitem__'

As the RPM related steps are only needed on RPM-enabled distributions,
we should ignore these steps on other Linux distribution platforms.

In this patch, we use the Python platform module to get the Linux
distribution, and only start the RPM-related activities on Linux
distributions that use RPM as their native package manager.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2015-06-12 08:57:40 -04:00
Stephen Smalley
f0a3dc22e5 Update policycoreutils ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-05-14 13:04:06 -04:00
Stephen Smalley
dcc55dba56 mcstransd: don't reinvent getpeercon, badly.
libselinux provides a proper getpeercon() implementation that uses
getsockopt with SO_PEERSEC to reliably obtain the peer's security
context from the kernel.  mcstransd for reasons unknown rolled its
own get_peer_con() function that uses getsockopt SO_PEERCRED
to obtain the peer PID and then calls getpidcon_raw().  That's
less efficient and less secure (subject to races; peer context
may have changed since connect).  Don't do that.

The peer context doesn't appear to be used for anything currently,
although there is a comment suggesting adding a permission check to
see if the requester dominates the label to be translated to control
what labels can be translated by what peers.  Could likely dispense
with it altogether.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-05-14 13:03:29 -04:00
Stephen Smalley
220151c0ef Update policycoreutils ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-04-16 11:41:46 -04:00
Petr Lautrbach
219eea83ce policycoreutils: setfiles/restorecon: fix -r/-R option
A spec file was incorrectly stored as rootpath when -r option was used

Fixes:
/sbin/setfiles:  /tmp/install_root is not located in /etc/selinux/targeted/contexts/files/file_contexts

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2015-04-16 11:40:55 -04:00
Stephen Smalley
b03543cdc0 Update policycoreutils ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-04-16 09:52:05 -04:00
Stephen Smalley
549912d229 org.selinux.policy: Require auth_admin_keep for all actions.
Fedora permits obtaining local policy customizations and the list
of policy modules without admin authentication, but we would prefer
more conservative defaults upstream.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-04-16 09:40:31 -04:00
James Carter
c0064fb732 Update ChangeLogs.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2015-04-02 10:52:25 -04:00
James Carter
758a7fe501 libsepol, policycoreutils: Move functions to convert a module package to CIL
Move code to convert a policy module to CIL from the policy package to
CIL conversion tool, pp, in policycoreutils to libsepol. The only changes
to the code are the additions of the prefix "sepol_" to the functions
sepol_module_package_to_cil() and sepol_ppfile_to_module_package(). This
code is being changed from GPL to LGPL with permission from Tresys.

Convert pp to use the renamed functions in libsepol.

Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2015-04-01 13:09:17 -04:00
Stephen Smalley
d05b06298b Update policycoreutils ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-03-30 10:56:33 -04:00
Jason Zaman
055cc407fc run_init: Use a ring buffer in open_init_pty
open_init_pty uses select() to handle all the file descriptors. There is
a very high CPU usage due to select() always returning immediately with
the fd is available for write. This uses a ring buffer and only calls
select on the read/write fds that have data that needs to be
read/written which eliminates the high CPU usage.

This also correctly returns the exit code from the child process.

This was originally from debian where they have been carrying it as a
patch for a long time. Then we got a bug report in gentoo which this
also happens to fix. The original debian patch had the ring buffer
written in C++ so I modified the class into a struct and some static
methods so it is C-only at the request of Steve Lawrence.

Debian bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=474956
Gentoo bug: https://bugs.gentoo.org/show_bug.cgi?id=532616

Signed-off-by: Jason Zaman <jason@perfinion.com>
Tested-by: Laurent Bigonville <bigon@bigon.be>
2015-03-30 10:53:41 -04:00
Nicolas Iooss
4be2fd4576 run_init: fix open_init_pty avaibility check
If /usr/sbin/open_init_pty is not found or is not executable,
access("/usr/sbin/open_init_pty", X_OK) returns -1, not zero.

Use "!= 0" like in other places in SELinux userland libraries and tools.
2015-03-30 10:51:58 -04:00
Stephen Smalley
3057bcf6a0 Update ChangeLogs.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-03-18 08:37:10 -04:00
Daniel De Graaf
82030de5dc libsepol, checkpolicy: widen Xen IOMEM ocontext entries
This expands IOMEMCON device context entries to 64 bits.  This change is
required to support static I/O memory range labeling for systems with
over 16TB of physical address space.  The policy version number change
is shared with the next patch.

While this makes no changes to SELinux policy, a new SELinux policy
compatibility entry was added in order to avoid breaking compilation of
an SELinux policy without explicitly specifying the policy version.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
2015-03-18 08:16:18 -04:00
Stephen Smalley
50788b155d Update libselinux and policycoreutils ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-03-13 14:18:34 -04:00
Petr Lautrbach
417cb8d076 Fix -Wformat errors
Fixes two types of errors which appear when building with gcc-5.0.0

- format ‘%d’ expects argument of type ‘int’, but argument X has type ‘unsigned int’
- format ‘%a’ expects argument of type ‘float *’, but argument X has type ‘char **’

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2015-03-13 14:14:23 -04:00
Steve Lawrence
9aa60660a5 Update policycoreutils changelog 2015-02-25 08:31:05 -05:00
Andrew Spiers
7fc51977a5 typo in semanage-port.8
Acked-by: Steve Lawrence <slawrence@tresys.com>
2015-02-25 08:29:08 -05:00
Stephen Smalley
d8b2a0ab50 Update libselinux and policycoreutils ChangeLogs.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-02-13 10:46:45 -05:00
Christopher
6d198c0031 Fixed typo/grammatical error 2015-02-08 01:34:55 -05:00
Steve Lawrence
f0c9966f88 Bump to final release 2015-02-02 09:38:10 -05:00
dcashman
ed7a6ba24a Allow libsepol C++ static library on device.
Change-Id: I7da601767c3a4ebed7274e33304d8b589a9115fe
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-01-20 10:31:15 -05:00
Steve Lawrence
823ebc8c6b Bump to release candidate 7 2014-12-03 10:06:26 -05:00
Laurent Bigonville
b9abc5c6e7 Add "RuntimeDirectory=setrans" to the mcstrans.service
Add "RuntimeDirectory=setrans" to the mcstrans.service, this will make
systemd automatically create the /run/setrans directory before starting
the service.

This directory contains the ".setrans-unix" socket created by the
daemon.

Acked-by: Steve Lawrence <slawrence@tresys.com>
2014-12-03 10:05:25 -05:00
Steve Lawrence
7a09af2123 policycoreutils: pp: add roletype statements for both declared and required type/typeattributes
Currently, roletype statements are only added for types when they are
declared (not required). This means that in policy like:

  require {
    type foo_t;
  }
  type bar_t;
  role staff_r types foo_t, bar_t;

only bar_t is associated with staff_r. This patch moves the code that
generates roletype statements for types to outside the SCOPE_DECL check
so that roletype statements are generated for all types, regardless of
the required/declared scope. It further moves the code outside of the
type/typeattribute flavor check so that roletype statements are also
generated for typeattributes.

Reported-by: Sven Vermeulen <sven.vermeulen@siphos.be>
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
Reviewed-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
Tested-by: Jason Zaman <jason@perfinion.com>
2014-11-19 14:25:33 -05:00
Steve Lawrence
07e75a9cc7 Bump to release candidate 6 2014-11-12 08:30:15 -05:00
Steve Lawrence
81d8cea807 policycoreutils: pp: define type aliases in the correct scope
Previously, type aliases were converted to CIL in the global namespace,
regardless of which scope they were actually defined in. So essentially
type aliases could never be in optionals. For the most part this worked,
however, in some small number of cases, a type alias could reference a
type defined inside an optional. If that optional was disabled, the type
would be disabled and so the type alias would fail to resolve, causing
policy to fail to build.

Unfortunately, type alises are stored in pp modules different than other
symbols (e.g. types/roles/etc) so they must be added to scopes
differently. So this patch gathers up all type aliases in a list and
keeps track of which scope each type alias is defined in. When we enter
a new scope, use that list to determine which type alias are defined
there and print the appropriate CIL statements.

Signed-off-by: Steve Lawrence <slawrence@tresys.com>
Reviewed-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2014-11-12 08:06:41 -05:00
Steve Lawrence
3904db5ac9 policycoreutils: pp: mimic require block support in CIL
CIL does not have any concept of require blocks. Instead, CIL relies on
whether or not all statements inside an optional block resolve to
determine if an optional block should be enabled/disabled. However, a
small number of optional statements require a type that is not actually
used in the optional block. In old style policy, this would cause the
optional block to be disabled. However, in CIL, because the type is never
used, the optional block will remain enabled.

To maintain compatibility, we modify pp2cil to create a new attribute,
cil_gen_require, and all types/roles/attributes that are required in a
pp module/optional block are associated with this attribute. Thus, if a
type is required but not used, it will still fail to resolve in the
typeattributeset statement, causing the optional to correctly be
disabled.

Note that when compiling the CIL this generated from compiling refpolicy
pp modules with pp2cil, the extra CIL statements cause ~12.6MB increase
in maximum memory usage (129.7 MB to 142.3 MB). Though, compilation time
decreases by ~35% (26 seconds to 17 seconds).

Signed-off-by: Steve Lawrence <slawrence@tresys.com>
Reviewed-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
Reported-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2014-11-12 08:06:41 -05:00
Steve Lawrence
d1db56c52b Bump to release candidate 5 2014-10-29 11:01:03 -04:00
Steve Lawrence
6280387034 Bump to release candidate 4 2014-10-06 15:03:24 -04:00
Steve Lawrence
84d9486eb2 policycoreutils/hll/pp: fix typo in error messages
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2014-10-06 14:51:23 -04:00
Steve Lawrence
7f16505a31 policycoreutils/hll/pp: only print certain roles when declared in base modules
Some roles (i.e. user_r, staff_r, sysadm_r, system_r, unconfined_r) are
declared in the base module, and sometimes in non-base modules. This
could result in duplicate declarations of roles, which isn't allowed in
CIL. So for these roles, only generate their declarations if they appear
in a base module, otherwise ignore their declarations. All other roles
are printed regardlss of their declaration location.

Note that this means that if a policy author does not include one of the
roles in the base module then they will not be included in the resulting
policy, likely causing a compliation error in CIL.

Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2014-10-02 12:10:22 -04:00
Steve Lawrence
ff5bbe6dcf Bump VERSION/ChangeLog for release candidate 3
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2014-10-02 10:16:34 -04:00
Yuli Khodorkovskiy
0a71540723 policycoreutils/hll/pp: change printing behavior of typeattribute/sets
Avrules that have the negation, star, or complement flag set for types
need typeattributes and typeattributesets that are generated. This caused
issues when these generated statements were inserted into conditionals, since
typeattributes/sets are not allowed in conditionals.

This change always prints typeattributes and typeattributesets
immediately unless the types appear inside of an avrule in conditionals or blocks.
For this special case, we print the typeattributes after the end
of each conditional/block.

Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
Acked-by: Steve Lawrence <slawrence@tresys.com>
2014-10-02 09:57:08 -04:00
Yuli Khodorkovskiy
836ffd988e policycoreutils/hll/pp: fix '\n' parsing in filecon statements
Some module fc files do not contain a trailing new line. This
caused contexts to have their last character to be deleted. When
parsing each line from a fc file, we only strip off the last character
if it is a new line.

Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
Acked-by: Steve Lawrence <slawrence@tresys.com>
2014-10-02 09:57:03 -04:00
Yuli Khodorkovskiy
f42d013eec policycoreutils/hll/pp: Fix role/roletype scoping
- Create role declarations no matter if the declaration is in base or
  a module. Since CIL does not permit role re-declarations, this change
  will break existing policies that have the same role declared in multiple
  modules. To fix this, the policies will need to change the role to be
  defined in a single place.
- Pass around the avrule_decl stack rather than just the most recent
  decl. The full stack is needed to determine if identifiers are in
  scope
- Only create roletype statements for a role and a type in two cases:
   1) The role is declared/required and the type is declared/required in
      the same scope or an ancestor scope of the role
   2) The type is declared/required and the role is declared/required in
      an ancestor scope of the type

Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
Acked-by: Steve Lawrence <slawrence@tresys.com>
2014-10-02 09:56:58 -04:00
Nicolas Iooss
e4d693ae87 Use $(PYTHON) instead of "python" in every Makefile
This fixes the build with "make PYTHON=python2" on systems where python
is python3.

For PYLIBVER and PYTHONLIBDIR definitions, I tested Python 2.5, 2.6, 2.7,
3.3 and 3.4.  For each of them, these commands print the expected result:

    python -c 'import sys;print("python%d.%d" % sys.version_info[0:2])'"
    python -c "from distutils.sysconfig import *;print(get_python_lib(1))"

Acked-by: Steve Lawrence <slawrence@tresys.com>
2014-10-02 09:56:49 -04:00
Nicolas Iooss
c4a4a1a7ed Fix gcc -Wstrict-prototypes warnings
In C, defining a function with () means "any number of parameters", not
"no parameter".  Use (void) instead where applicable and add unused
parameters when needed.

Acked-by: Steve Lawrence <slawrence@tresys.com>
2014-10-02 09:56:38 -04:00
Nicolas Iooss
188a028f74 policycoreutils: fix most gcc -Wwrite-strings warnings
Acked-by: Steve Lawrence <slawrence@tresys.com>
2014-10-02 09:56:34 -04:00
Nicolas Iooss
aad0962be2 policycoreutils/hll/pp: fix gcc -Wwrite-strings warnings
Acked-by: Steve Lawrence <slawrence@tresys.com>
2014-10-02 09:56:31 -04:00
Nicolas Iooss
3642a57cd0 policycoreutils/hll/pp: add printf format attribute to relevant functions
log_err, cil_printf and cil_println use printf formats to process their
arguments.  Use __attribute__((format(printf,...))) to make "gcc
-Wformat -Wformat-security" detect issues.

This detected this issue several times on a x86_64 system:

  format '%lx' expects argument of type 'long unsigned int', but
  argument has type 'uint32_t'

Fix this by introducing an explicit cast to unsigned long.

While at it, constify the format string argument of each function.

Acked-by: Steve Lawrence <slawrence@tresys.com>
2014-10-02 09:56:00 -04:00
Nicolas Iooss
e198427fe5 policycoreutils/semodule_package: fix debug build
Building from the root directory with "make DEBUG=1" enables -Wshadow
option.  This makes the compilation fail with the following error:

  semodule_unpackage.c: In function 'usage':
  semodule_unpackage.c:17:25: error: declaration of 'progname' shadows a global declaration [-Werror=shadow]
   static void usage(char *progname)
                         ^
  semodule_unpackage.c:14:7: error: shadowed declaration is here [-Werror=shadow]
   char *progname = NULL;
         ^

Fix this error by no longer passing a global variable as a parameter to
usage function.

Acked-by: Steve Lawrence <slawrence@tresys.com>
2014-10-02 09:55:57 -04:00
Nicolas Iooss
f978b1b071 policycoreutils/sandbox: fix debug build
Building from the root directory with "make DEBUG=1" enables -Wshadow
option.  This makes the compilation fails with the following error:

  cc -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow -Werror -g
  -I/usr/include -DPACKAGE="\"policycoreutils\"" -Wall -Werror -Wextra
  -W   -c -o seunshare.o seunshare.c

  seunshare.c: In function 'spawn_command':
  seunshare.c:141:6: error: declaration of 'child' shadows a global declaration [-Werror=shadow]
    int child;
        ^
  seunshare.c:58:12: error: shadowed declaration is here [-Werror=shadow]
   static int child = 0;
              ^

Fix this error by renaming the "child" variable in spawn_command.

Acked-by: Steve Lawrence <slawrence@tresys.com>
2014-10-02 09:55:53 -04:00
Nicolas Iooss
855bfdf0ce policycoreutils/hll/pp: fix potential use of uninitialized variable
"gcc -O2 -Wall -Werror" failed with two errors when building pp due to
the use of unitialized variables.

Acked-by: Steve Lawrence <slawrence@tresys.com>
2014-10-02 09:55:49 -04:00
Steve Lawrence
86dffdd28f policycoreutils: mcstrans: use string_to_av_perm() to calculate permission access vector
mcstrans still uses CONTEXT__CONTAINS from av_permissions.h to calculate
a permission access vector. However, av_permissions.h was deprecated, so
it does not have access to the constant. This updates mcstrans to use
string_to_av_perm() to get the value for context contains.

Reported-by: Sven Vermeulen <sven.vermeulen@siphos.be>
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-08-29 09:19:50 -04:00
Steve Lawrence
213c3189d0 Bump versions for r2
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2014-08-27 11:47:04 -04:00
Steve Lawrence
8f9d3a7c95 Fix typos in ChangeLog and Versions 2014-08-26 14:20:48 -04:00
Steve Lawrence
79fd2d06ab Bump versions and update ChangeLog
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2014-08-26 09:48:54 -04:00
Yuli Khodorkovskiy
28efbfd4ed policycoreutils: add semodule option to set store root path
Add a new -S option to semodule. This option overrides store_root
in semanage.conf and sets the SELinux store's root path. If neither -S,
nor store_root are specified in semanage.conf, then the default
location is used.

Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2014-08-26 08:03:31 -04:00
Yuli Khodorkovskiy
241f9d2d03 policycoreutils: add semodule flag for ignoring cached CIL
Providing --ignore-module-cache will cause the recompilating of all HLL
modules, and recaching of the resulting CIL files.

Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2014-08-26 08:03:31 -04:00
Steve Lawrence
893851c0a1 policycoreutils: add a HLL compiler to convert policy packages (.pp) to CIL
Reads in a policy package file via stdin or via filename, and writes out
the equivilent CIL to stdout or to an output file, depending on the
parameters passed in.

Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2014-08-26 08:03:31 -04:00
Jason Dana
2ff279e21e policycoreutils: semanage: update to new source policy infrastructure
- Remove version references
- Use new methods for enabling/disabling modules
- Add support to set priority when adding/removing modules
- Modify module --list output to include priority and language extension
- Update permissiveRecords call to support cil policy

Signed-off-by: Steve Lawrence <slawrence@tresys.com>
Signed-off-by: Jason Dana <jdana@tresys.com>
2014-08-26 08:03:31 -04:00
Yuli Khodorkovskiy
e599a43184 policycoreutils: deprecate base/upgrade/version in semodule
Providing --upgrade or --base will now just call --install, and display
a deprecation message to the user. Additionally, because CIL has no
concept of version numbers, this removes the version output from --list.

Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2014-08-26 08:02:16 -04:00
Steve Lawrence
6e085368f1 policycoreutils: semodule: add back support for alternative root paths
Removed in commits:
- Revert "policycoreutils: semodule: support for alternative root paths"

Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2014-08-26 08:02:16 -04:00
Caleb Case
031ee84821 semodule: add priority, enabled, and extended listing
This updates the semodule tool with the ability to set the priority for
commands, to enable/disable modules, and extended module listing options
for displaying extra module information (e.g., priority, enabled status,
and language extension).

[semodule priority]

-X --priority set the priority for following operations

Notes:

* This sets the priority for the following operations.

* It can be used any number of times with its effect continuing until
  the next priority is specified.

* The default priority is used if no priority has yet been specified.

Impact on current operations:

* Install module

  * Without priority - Install at default priority.

  * With priority - Install at specified priority.

  * New warning when overriding (issued by libsemanage).

* Upgrade module

  * Without priority - Upgrade at default priority (current upgrade
    semantics apply).

  * With priority - Upgrade at specified priority (current upgrade
    semantics apply).

  * New warning when overriding (issued by libsemanage).

* Remove module

  * Without priority - Remove a module at the default if exists.

  * With priority - Remove at that priority.

  * New info messages (issued by libsemanage):

    * If no modules exist at the given priority but do exist at other
      priorities, give an info message listing the modules and priority.

    * If a new module at a lower priority will become active print a
      message.

    * If the last module with this name is being removed print a
      message.

* Base

  * The name of base module on install is fixed to "_base" (performed by
    libsemanage).

  * Without priority - Install at default priority.

  * With priority - Install at specified priority.

  * New warning when overriding (issued by libsemanage).

* List modules

  * See listing changes below.

Examples:

semodule -i foo.pp

semodule -X 500 -i foo.pp

[semodule enable/disable]

Add enable/disable status:

-e   --enable   enable the module (at all priorities)
-d   --disable  disable the module (at all priorities)

Notes:

* Base modules are always enabled and cannot have their enabled/disabled
  status changed.

* New error when disabling a base module (from libsemanage).

* New warning when enabling a base module (from libsemanage).

Impact on current operations:

* Install module

  * If a module with that name is already installed, then the enabled
    status will remain the same after installing the new module.

  * New warning when installing a module which will be disabled by
    existing enabled status (from libsemanage).

* Upgrade module

  * If a module with that name is already installed, then the enabled
    status will remain the same after installing the new module.

  * New warning when installing a module which will be disabled by
    existing enabled status (from libsemanage).

* Remove module

  * When the last module with a given name is removed (no more exist at
    other priorities) then the enabled status is forgotten.

* Base

  * Base modules are always installed enabled and remain so (can't be
    disabled).

* List modules

  * See listing changes below.

Examples:

semodule -e foo

semodule -d foo

[semodule list]

-l		--list		list modules as if by -lstandard

-lstandard	--list=standard	list name and version of highest priority,
				enabled, non-base modules sorted alphabetical
				by name

-lfull		--list=full	list all fields of all modules columnated
				sorted high priority to low, within priority
				alphabetical by name

Impact on current operations:

* List modules

  * Default listing stays the same.

  * New long options for 'standard' and 'full'.

Examples:

semodule -l
semodule -lstandard
semodule --list=standard

alsa 1.7.1
apm 1.9.1
apt 1.5.2
authlogin 2.0.0
avahi 1.10.3
bluetooth 3.1.3
...

semodule -lfull
semodule --list=full

600 alsa      1.7.1 disabled pp
400 _base     1.0.0          pp
400 alsa      1.7.1 disabled pp
400 apm       1.9.1          pp
400 apt       1.5.2          pp
400 authlogin 2.0.0          pp
...
100 alsa      1.7.1 disabled pp

Signed-off-by: Chad Sellers <csellers@tresys.com>
2014-08-26 08:02:16 -04:00
Caleb Case
565ea9832e semanage: move permissive module creation to /tmp
semanage currently uses /var/lib/selinux/tmp to create permissive
modules. However, with the move to /var, the same tmp directory is used
for building policy binaries, causing a conflict. This patch creates a
random temporary directory in /tmp and moves permissive module creation
to that directory, avoiding the directory conflict.

This patch also imports shutil for rmtree to easily delete all created
temporary files.

Signed-off-by: Chad Sellers <csellers@tresys.com>
2014-08-26 08:02:16 -04:00
Steve Lawrence
5ac1e98ab2 Revert "policycoreutils: semodule: support for alternative root paths"
This reverts commit 5e096d9ceb.

Conflicts:

	policycoreutils/semodule/semodule.c
2014-08-26 08:02:16 -04:00
Steve Lawrence
30a2df81eb Revert "Last attempt at upstreaming semodule_disable patch."
This reverts commit 654dcb897e.

Conflicts:

	policycoreutils/semodule/semodule.c
2014-08-26 08:02:16 -04:00
Stephen Smalley
76913d8adb Deprecate use of flask.h and av_permissions.h.
Also remove all internal uses by libselinux.
This requires deleting the old class/perm string lookup tables
and compatibility code for kernels that predate the /sys/fs/selinux/class
tree, i.e. Linux < 2.6.23.

This also fixes a longstanding bug in the stringrep code; it was allocating
NVECTORS (number of vectors in the legacy av_perm_to_string table, i.e.
the total number of legacy permissions) entries in the per-class perms array
rather than MAXVECTORS (the maximum number of permissions in any
access vector).  Ho hum.  I already fixed this in Android but forgot it
here.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-07-09 13:49:18 -04:00
Andy Lutomirski
74d27a9733 seunshare: Try to use setcurrent before setexec
If seunshare uses PR_SET_NO_NEW_PRIVS, which certain versions of
libcap-ng set, setexeccon will cause execve to fail.  This also
makes setting selinux context the very last action taken by
seunshare prior to exec, as it may otherwise cause things to fail.

Note that this won't work without adjusting the system policy to
allow this use of setcurrent.  This rule appears to work:

    allow unconfined_t sandbox_t:process dyntransition;

although a better rule would probably relax the unconfined_t
restriction.

Signed-off-by: Andy Lutomirski <luto@amacapital.net>
2014-05-12 14:14:45 -04:00
Dan Walsh
de0795a12e Remove handling of cgroups from sandbox
It never worked correctly and this should be handled with an
API to systemd going forward.
2014-05-12 14:14:42 -04:00
Dan Walsh
6ee0299ab7 Update XDG_RUNTIME_DIR directory 2014-05-12 14:14:39 -04:00
Stephen Smalley
1e6482134b Bump version and update ChangeLog for release.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-05-06 13:30:27 -04:00
Stephen Smalley
35b3c259a7 2.3-rc1 (release candidate 1).
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-03-25 13:24:44 -04:00
Stephen Smalley
5ba8c79721 Merge branch 'master' into next
Conflicts:
	policycoreutils/ChangeLog
2013-12-09 16:10:24 -05:00
Stephen Smalley
582c2d0199 policycoreutils 2.2.5 - yet another bug fix for non-MLS systems.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-12-09 16:06:27 -05:00
Sven Vermeulen
7d921ed797 Ignore selevel/serange if MLS is disabled
Currently, the selevel/serange values (which are often set on a default
's0' value) are used for ports, users, contexts and logins. This breaks
non-MLS setups.

This patch will only call the necessary mls functions if mls is actually
enabled.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2013-12-09 16:04:44 -05:00
Stephen Smalley
f89377f243 Merge branch 'master' into next
Conflicts:
	policycoreutils/ChangeLog
2013-11-26 14:07:49 -05:00
Stephen Smalley
1bca9b5964 policycoreutils 2.2.4 - bug fix for non-MLS systems.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-11-26 14:04:09 -05:00
Stephen Smalley
5d2b8d49ec Revert "If users of seobject set serange or seuser to "", we need to override."
This reverts commit 5102ed4cb8.
This breaks non-MLS systems.

Reported-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2013-11-26 14:01:18 -05:00
Stephen Smalley
8d2dc72445 Updated policycoreutils ChangeLog for next.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-11-13 11:09:41 -05:00
Dan Walsh
f03dc51262 Add -P semodule option to man page 2013-11-13 11:07:23 -05:00
Dan Walsh
5fe159bfdd selinux_current_policy_path will return none on a disabled SELinux system 2013-11-13 11:07:21 -05:00
Dan Walsh
7315245750 Add new icons for sepolicy gui 2013-11-13 11:07:17 -05:00
Stephen Smalley
11fa7dfc01 Merge branch 'master' into next
Conflicts:
	policycoreutils/ChangeLog
2013-11-13 11:06:54 -05:00
Stephen Smalley
feb6f9ffdd Bump policycoreutils version to 2.2.3.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-11-13 11:06:05 -05:00
Dan Walsh
e8718ef514 Make sure we do the polkit check on all dbus interfaces.
Change policy kit to only allow access on the console.
2013-11-13 11:00:29 -05:00
Dan Walsh
ef102bf81a Call proper dbus function
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2013-11-13 11:00:18 -05:00
Stephen Smalley
7eb719b383 Update policycoreutils ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-11-08 15:56:18 -05:00
Dan Walsh
e6c6dc3464 Add message to tell user to install sandbox policy package.
Sandbox policy is huge do to macro expansion.  We do not install this by default
but sandbox command can fail without it installed.  This patch prints a message to the
user to install the package.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2013-11-08 15:52:50 -05:00
Dan Walsh
84bffc43a7 Cleanup whitespace
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2013-11-08 15:52:11 -05:00
Dan Walsh
d5116bd45b Add support to return sesitivities and cats for python bindings.
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2013-11-08 15:51:52 -05:00
Dan Walsh
d3b4dbf299 Fix up desktop files to match current standards
Encoding is depracated
Keywords is depracated

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2013-11-08 15:50:59 -05:00
Dan Walsh
261a8a8385 Add domain to short list of domains, when -t and -d used together
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2013-11-08 15:50:38 -05:00
Dan Walsh
dc866db4dc Only return writeable files that are enabled
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2013-11-08 15:49:33 -05:00
Dan Walsh
635e803e1c Call proper dbus function
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2013-11-08 15:49:03 -05:00
Stephen Smalley
9ff98faa91 Update policycoreutils ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-11-06 09:38:03 -05:00
Laurent Bigonville
2e93833b1b Minor manpages improvements 2013-11-06 09:36:33 -05:00
Laurent Bigonville
1524e15303 Improve restorecond systemd unit file
Use Type=forking and pass PIDFile option, this allows better tracking of
the livecycle of the daemon.

Only attempt to start the daemon if selinux is enabled.

Drop After=syslog.target, syslog is socket activated anyway
2013-11-06 09:36:28 -05:00
Laurent Bigonville
28d63799d0 Add systemd unit file for mcstrans daemon 2013-11-06 09:36:24 -05:00
Stephen Smalley
f0f1ff4470 Bump policycoreutils version for semanage import default encoding bug fix.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-11-06 09:29:05 -05:00
Daniel J Walsh
a2b443b214 Patch to remove default encoding patch.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The default encoding patch, was never upstreamed.  default_encoding module
switched python2 to always use unicode.  Potentially in some languages
semanage will blow up when errors are reported.

The need for this patch is going away in python3, which should be the default
in Fedora 21/22.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlJ5DT4ACgkQrlYvE4MpobMvrgCfcEvZY4q7F17q9dbYJrHJXpae
Ut8AoM2TP99Ca0/lJAjoMTGsqr50P35/
=BHTe
-----END PGP SIGNATURE-----
2013-11-06 09:27:17 -05:00
Stephen Smalley
ac74dde4ae Bump policycoreutils version for sepolicy generate bug fix.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-10-31 12:16:30 -04:00
Dan Walsh
b33b4f42d5 Make yum/extract_rpms optional so that apt based systems can use tool 2013-10-31 12:11:04 -04:00
Dan Walsh
e27d51b17e Add test suite for audit2allow and sepolgen_ifgen 2013-10-31 11:05:28 -04:00
Stephen Smalley
7c4bb77999 Version bump for release.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-10-30 12:45:19 -04:00
Stephen Smalley
8e5d465335 Update ChangeLog files.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-10-30 12:42:05 -04:00
Stephen Smalley
4b41f10db9 Merge branch 'constraintnames' 2013-10-30 11:56:36 -04:00
Stephen Smalley
e40b6ede5f Drop semodule_path; obsoleted by elimination of genhomedircon script.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-10-29 12:21:02 -04:00
Dan Walsh
3ddff86b8f Have audit2allow output additional constraint information 2013-10-29 08:49:52 -04:00
Dan Walsh
e3b1bb1ab7 Make sure userdel cleans up after itself in test 2013-10-28 17:04:45 -04:00
Dan Walsh
959a4e3177 Catch IOError errors within audit2allow 2013-10-28 17:04:36 -04:00
Dan Walsh
e3048525ad Michal Trunecka patch to allow restorecon to accept paths with {}
The restorecon is unable to resolve paths using braced expressions like this: /sbin/

./restorecon:  lstat(/sbin/ip{6,}tables*) failed:  No such file or directory

The problem is that restorecon calls glob function without GLOB_BRACE flag, which en
2013-10-25 16:12:40 -04:00
Stephen Smalley
a08010023b Update ChangeLogs and bump VERSIONs to an intermediate value.
2.1.99 is just a placeholder to distinguish it from the prior release.
2.2 will be the released version.  Switching to 2-component versions.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-10-25 15:14:23 -04:00
Stephen Smalley
56258807ea Revert "Richard Haines patch that allows us discover constraint violation information"
This reverts commit 56b49ab711.

Conflicts:
	libselinux/src/audit2why.c
2013-10-25 13:53:03 -04:00
Stephen Smalley
99b070d5fc Merge branch 'fedora' into master-merge 2013-10-25 09:26:32 -04:00
Dan Walsh
cc131892c7 Need to delete all managed objects before readding them 2013-10-25 09:26:21 -04:00
Dan Walsh
4f63201788 semanage user customized should use -L not -l
Fixes semanage extract/import problem.
2013-10-25 09:26:18 -04:00
Stephen Smalley
f458b76076 Merge branch 'fedora' into master-merge
Conflicts:
	libselinux/src/Makefile
	libselinux/src/selinux_config.c
	policycoreutils/audit2allow/audit2allow.1
	policycoreutils/scripts/fixfiles.8
	policycoreutils/semanage/semanage.8
	policycoreutils/sepolicy/Makefile
	policycoreutils/sepolicy/sepolicy/transition.py
	policycoreutils/setsebool/setsebool.8
2013-10-24 15:24:17 -04:00
Stephen Smalley
50eedb1e1f Ignore genhomedircon link. 2013-10-24 15:11:01 -04:00
Dan Walsh
fc965a99c6 Remove test_booleans_l from test, it is bogus 2013-10-24 15:10:55 -04:00
Dan Walsh
6020fb0b1e Use power of 2 for STAR_COUNT 2013-10-24 13:58:41 -04:00
Dan Walsh
48663d5ca3 Need to document -o filename in usage statement 2013-10-24 13:58:41 -04:00
Dan Walsh
ca030ec85b setfiles should always return -1 on failures.
Scripts that are looking for -1 failures were getting confused by 1 and > 1 erros.
We should be consistant on the error status.
2013-10-24 13:58:41 -04:00
Dan Walsh
62c0cd6194 setsebool does not do a good job of reporting missing booleans.
This patch will clearly tell the user that he tried to set a boolean that does not exist.
2013-10-24 13:58:41 -04:00
Dan Walsh
1fd22fc498 Make setsebool be less verbose. 2013-10-24 13:58:41 -04:00
Dan Walsh
e6a1298e54 These are massive changes involved in building new GUI.
Too difficult to break out into seperate patches at this point.
Since almost no other groups are using sepolicy yet, I will push together.
2013-10-24 13:58:41 -04:00
Dan Walsh
43c9e8c7e2 Fix error when policy does not match the system. 2013-10-24 13:58:40 -04:00
Dan Walsh
d0b1e420e7 seinfo needs to work if mls is disabled.
This patch stops seinfo from failing when MLS disabled.
2013-10-24 13:58:40 -04:00
Dan Walsh
cc3df76279 Return the type aliases.
We wanted this information in sepolicy.
2013-10-24 13:58:40 -04:00
Dan Walsh
85d76c1671 Add new test suite for sepolicy tool set.
This test should be run before we do any builds to make sure there are
no regressions
2013-10-24 13:58:40 -04:00
Dan Walsh
0ebf819eb9 Add org.selinux.config.selinux.policy for use with policykit and pk_exec 2013-10-24 13:58:40 -04:00