This patch adds support to actually use the new sepolgen-ifgen attr
helper. We included the helper which generates attribute information
but this patch makes use of it.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Add a --policy option to audit2allow to make it use an
alternate use specified policy instead of the running
policy.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
This program is used by sepolgen-ifgen to get the access for all of the
attributes in the policy so that it can resolve the typeattribute statements
in the interfaces.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Role attributes are redundant for policy.X, their destiny has been
fulfilled in the expand phase when their types.types ebitmap have
been populated to that of their sub regular roles.
When pp is downgraded, role_datum_t's the flavor flag and roles
ebitmap would be discarded, resulting in role attributes useless
at all. So for such case they should also be skipped.
Deduct the number of role attributes from p_roles.table->nel when
they are skipped.
Last, uncount attributes number before converting endianness.
Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Change the way libsemanage handles disabled modules. In the current
method libsemanage renames the FOO.pp file to FOO.pp.disabled and then
the rebuild process ignores *.disabled modules.
Since we want to start shipping
/etc/selinux/targeted/modules/active/modules/*.pp within the payload of
the rpm. If we continued this method, a policy update would re-enable a
module.
The new mechanism will just create a symbolic link between FOO.pp and
FOO.pp.disabled. Then the library will check all modules, and if a
module has a link, it will not be compiled into the policy. This solves
the rpm update problem. and actually gives us an easier update
capability since if FOO.pp.disabled already exists using the old method,
it will continue to work with the new method.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
The parser cannot handle the new format of filename_trans rules. Nor
can it handle the " now used. Add support for both.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Rather than error when a glob does not match return success as this is
not a problem.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Eric Paris <eparis@redhat.com>
Introduce a helper which will spawn children and wait for them to exit
so we don't have to keep writing that code over and over.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
These are just simple new helpers which make it easy to check uid, gid,
if two stat results are the same and things like that.
Signed-off-by: Eric Paris <eparis@redhat.com>
Some sandbox might want to be able to run a suid app. Add the -C option
to allow capabilities to stay in the bounding set, and thus be allowed
inside the sandbox.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Split drop_capabilities into drop_privs, which does the same thing, and
drop_caps, which only drops caps but doesn't affect the uid.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Little things like better error messages, usage text, code duplication
and the like.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
seunshare can be used on non-selinux systems. It can also be used
without transition to a new context. Thus we should not require that a
context be set.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
we have man pages which aren't being instelled with make install. We
also do not include -Werror -Wall -Wextra in the build like we do with
other packages, so include those.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
This allows users to create sandbox windows of a specified size on the
command line.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
When launching a sandbox x environment we should check up front to make
sure that the seunshare and sandboxsh files exist and bail politely if
they do not exist.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Rather than putting pathnames all throughout the file define them as
variables and reuse these variables where needed.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Just coding style, globals go at the top of .c files, not randomly
throughout.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
We have some useless globals in setfiles that don't need to be. Stop
it.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
move exclude_non_seclabel_mounts from setfiles.c to restore.c so it can
be used by other functions later.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
This does 2 things. It does a little cleanup by de-duplicating code.
It also adds a new target 'all' as the default target. Previous the
default target was 'install'. There was no 'all' target. This patch
should allow one to build all of the tree as a non-root user.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
The output formatting had two items crammed together without a space.
Add a space.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Allow Change libsemanage Makefile to be able to build by default and to build
if you change the version of Python
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
selinux_file_context_verify(3) should now return the correct codes and
matchpathcon(8) has been modified to handle them.
The selinux_file_context_verify(3)and selinux_file_context_cmp(3) man pages
have also been updated (re-written really) to correct return codes.
I found that selabel_open left errno set to ENOENT because a
file_contexts.subs file did not exist on my system, but left selabel_open
alone and set errno = 0 before calling selinux_filecontext_cmp.
[fix uninitialize init variable in matchpathcon.c::main - eparis]
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Instead of only doing path simplification and symlink following for the
matchpathcon helper instead do it in the library potion. This was an
issue when in python some called selinux.matchpatchcon("//lib64", 0) and
got the wrong answer (because the // wasn't being dealt with)
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Allow Change libselinux Makefile to be able to build by default and to build
if you change the version of Python
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
It's a very minor thing really, but I believe (on the basis of an
off-list question) that the manual page for policycoreutils/run_init can
be improved by the following short patch which aims to further clarify
the intended usage of such tool and mention that it caters for one
(somewhat hidden) compile-time option.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Fix header to not display all of the options and fix Booleans to only list
supported options
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
This patch just removes some blank lines that we don't need. Makes it
all purdy.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
This adds a new -e options to semanage fcontext which allows one to
specify filesystem equivalancies. An example would be if an admin were
to run out of space and to start putting home directories in /home1.
They can use the equivalencies to specify that /home1 is labeled exactly
like /home.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Add tools to store the state of modules and to enable and disable those
modules.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Introduce a new -o option which will output all local modifications in a
method which can be 're-inputted' on another host.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Add a new option -E which will extract the local configuration changes
made for the given record type. This will be used by a further output
option to be able to dump local configuration in a form which can be
imported later.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Before you would get:
$ semanage fcontext toys
/usr/sbin/semanage Invalid command fcontext toys
Now you get:
$ semanage fcontext toys
/usr/sbin/semanage: Invalid command: semanage fcontext toys
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Return quickly instead of tring to parse arguments if there are
no arguments.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Right now we do lots of needless string comparisons even though we know
we are finished doing work immediately after an operation. So return
sooner.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
One of the getopt parsers didn't have a try/except pair to show usage
when a user did it wrong. Fix that.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
