Commit Graph

199 Commits

Author SHA1 Message Date
Eric Paris
78d618422b libsemanage: semanage_store: do not leak on strdup failure
Inside split_args we do a = realloc(b) and strdup.  If the realloc
succeeds and then the strdup fails, we return NULL to the caller.  The
caller will then jump to an error code which will do a free(b).  This is
fine if the realloc failed, but is a big problem if realloc worked.  If
it worked b is now meaningless and a needs to be freed.

I change the function interface to return an error and to update "b"
from the caller.

Signed-off-by: Eric Paris <eparis@redhat.com>
2013-02-05 20:19:03 -05:00
Eric Paris
d16ebaace1 libsemanage: semanage_store: rewrite for readability
We did a bunch of:

	if ((blah = function(a0, a1, a2)) == NULL) {
		goto err;
	} else {
		something = blah;
	}

Which takes 5 lines and is a pain to read.  Instead:

	blah = function(a0, a1, a2);
	if (blah == NULL)
		goto err;
	something = blah;

Which takes 4 lines and is easier to read!

Winning!

Signed-off-by: Eric Paris <eparis@redhat.com>
2013-02-05 20:19:03 -05:00
Eric Paris
2276a2fa51 libsemanage: fixes from coverity
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2013-02-05 20:14:45 -05:00
Eric Paris
6064f9672c libsemange: redo genhomedircon minuid
Just a little less code.  No real change.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2013-02-05 20:14:44 -05:00
Dan Walsh
c9b09be424 libsemanage: Cleanup/fix enable/disable/remove module.
If you specified a portion of the module name the code would disable the module rather
then giving you an error.  For example.

semodule -d http

Would disable the httpd module.
As a matter of fact

semodule -r h

Would disable the first module file name that began with h.

This patch gets the real file name out of the modules and compares it to the name specified.
It also consolodates a bunch of duplicated code, and fixes a return code bug.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2013-02-05 20:14:42 -05:00
rhatdan
28baa721e0 libsemanage: Add sefcontext_compile to compile regex everytime policy is rebuilt
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2013-02-01 12:08:58 -05:00
Eric Paris
8638197342 Version bumps for upstream push 2012-09-13 10:33:58 -04:00
Xin Ouyang
18649484ee libsemanage: Fix segfault for building standard policies.
If you are building "standard" policies(not MCS/MLS), libsemanage
will crash, which caused by strdup() to "level" NULL pointers.
For example, semodule -s refpolicy -b base.pp -i a.pp

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 21:15:53 -04:00
Eric Paris
b0b22829eb libsemanage: do boolean name substitution
So people can use -P and it will work.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 13:17:30 -04:00
Eric Paris
1024ea34c6 libselinux: libsemanage: remove PYTHONLIBDIR and ruby equivalent
We generate pkg-config --libs and use that to build the libselinux
python so file.  We do not use it to build the libsemanage versions.  We
also never use the ruby equivalent.  So stop calling pkg-config
uselessly.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 12:16:19 -04:00
Eric Paris
b2523dc167 libselinux: libsemanage: do not set soname needlessly
We explicitly set the soname of the python and ruby files.  We don't
need this.  We are using the -o name as the soname, so just let the
toolchain do its thing.  It just makes the Makefile nicer to read.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-09-12 12:16:18 -04:00
Eric Paris
f05a71b92d Version bumps for upstream push 2012-06-28 14:02:29 -04:00
Sven Vermeulen
c4f415c244 libsemanage: use after free in python bindings
In python 3.2 we hit a problem where the fconext was garbage.  We didn't
see this in python 2.7.  The reason is because python3.2 would free and
reuse the memory and python 2.7 just happened to leave it alone.
Instead of using memory that python might use for something else, use
strdup() to get a local copy which we can free when we are finished with
it.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-06-28 13:29:23 -04:00
Dan Walsh
4120df1c6e libsemanage: Use default semanage.conf as a fallback
If the private semanage.conf file is unreadable for some reason (usually
ENOENT) fallback to the default file.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-06-28 13:29:23 -04:00
Eric Paris
fade75f1e2 libsemanage: semanage_store: fix snprintf length argument by using asprintf
We calculated a length, allocated a space for the string, then used
snprintf to fill the array giving it a different length.  Rather than
doing all that math ourselves, just use asprintf and let libraries get
it right.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-06-28 13:29:15 -04:00
Eric Paris
a6c9140cbb libsemanage: ignore 80 column limit for readability
80 columns just suck.  Ignore it when we are only a little bit over.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-06-28 11:21:16 -04:00
Eric Paris
824df4b60b libselinux: additional makefile support for rubywrap
SELinux ruby bindings didn't build from the top level
the swig generated .c file wasn't gitignored
use pkg-config for ruby info like we do for python

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-06-28 11:21:16 -04:00
Eric Paris
5d19b70723 libselinux: libsemanage: remove build warning when build swig c files
swig creates C files with warnings.  Turn off the warnings so the build
is clean.  We can't help the code it produces anyway...

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-06-28 11:21:16 -04:00
Eric Paris
7a86fe1a3d bump version and changelog for upstream push 2012-03-28 15:44:05 -04:00
Russell Coker
38e93bad1f libsemanage: fallback-user-level
Having magic numbers in the code is a bad idea, using a macro is better.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-03-28 14:52:14 -04:00
Laurent Bigonville
e55a295b1d libsemanage: Allow to build for several ruby version
This allow to build the ruby module for both ruby 1.8 and 1.9.1 (the
way it's done for the python module)

Signed-off-by: Laurent Bigonville <bigon@debian.org>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-03-28 14:52:14 -04:00
Laurent Bigonville
a8a766ac9f libsemanage: do not link against libpython, this is considered bad in Debian
Do not link against libpython, the interpreter is already linked to it.
In Debian this is usually considered bad practice.

Signed-off-by: Author: Laurent Bigonville <bigon@debian.org>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-03-28 14:52:13 -04:00
Dan Walsh
66dd98b83a libsemanage: Alternate path for semanage.conf
Currently the semanage.conf file is hard coded to /etc/selinux/semanage.conf
even when an alternate root path is specified.  Use the semanage.conf
found inside the altername root instead of the system global version.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-03-28 08:39:07 -04:00
Eric Paris
339f8079d7 update VERSION and Changelog for public push 2011-12-21 12:46:04 -05:00
Dan Walsh
5e46bb8647 libsemanage: Fallback_user_level can be NULL if you are not using MLS
If you build a distribution without MLS turned on, libsemanage will
crash if given a user without a level.  This patch allows users
without levels to be passed in.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-21 12:25:28 -05:00
Eric Paris
915b5f885f libsemanage: add ignoredirs config for genhomedircon
For a long time /root has been treated differently in Red Hat
Distributions then upstream policy.

We do not want to label /root the same as a users homedir.  Because of
this we have carried a patch in libsemanage/genhomedircon.c to ignore
/root.

This patch adds a flag to semanage.conf, ignoredirs.  That will allow
distributions or users to specify directories that genhomedircon
should ignore when setting up users homedir labeling.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-21 12:25:28 -05:00
Eric Paris
14e4b70b93 Bump Version and Changelog for commit 2011-11-03 15:26:36 -04:00
Dan Walsh
2c4eca16dd libsemanage: create man5dir if not exist
Make new man page directory if it doesn't exist.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-11-02 15:37:11 -04:00
Guido Trentalancia
06f53004d9 libsemanage: semanage.conf man page
Add a new semanage.conf man page.

Signed-off-by: Eric Paris <eparis@redhat.com>
2011-11-02 15:37:11 -04:00
Dan Walsh
86e8daafc3 libselinux: maintain mode even if umask is tighter
When certain programs were run which created new files they would get
default permissions based on the current users umask.  However these
files should get the same permissions as those files which they
replaced.  Do that.

Patch from: Stephen Smalley

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-11-02 15:37:10 -04:00
Eric Paris
c81a43c753 libselinux: libsemanage: libsepol: regenerate .pc on VERSION change
The makefile which generated the package config files did not have the
VERSION file as a dependancy.  Thus if you updated a tree you have
previously build the .pc file wouldn't be rebuilt and the old version
would be reinstalled.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-11-02 15:37:10 -04:00
Eric Paris
418dbc70e8 Bump version and changelog for all components. 2011-09-16 15:34:36 -04:00
Guido Trentalancia
6a53023740 libsemanage: fix semanage_store_access_check calling arguments
A few calls to semanage_store_access_check() in the libsemanage
tests passed an argument even though it is a void function.

Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-09-16 11:54:04 -04:00
Guido Trentalancia
eb695e5a56 whole tree: default make target to all not install
Change the default "make" target for the libraries from "install" to
"all" in the makefiles.

Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-09-16 11:54:04 -04:00
Harry Ciao
e4bc1b223d libsepol: libsemanage: policycoreutils: Create a new preserve_tunables flag in sepol_handle_t.
By default only the effective branch of a tunable conditional would be
expanded and written to raw policy, while all needless unused branches
would be discarded.

Add a new option '-P' or "--preserve_tunables" to the semodule program.
By default it is 0, if set to 1 then the above preserve_tunables flag
in the sepol_handle_t would be set to 1 accordingly.

Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-09-16 11:54:02 -04:00
Eric Paris
60c780ffb6 libsemanage: change module disabled from rename to symlink
Change the way libsemanage handles disabled modules.  In the current
method libsemanage renames the FOO.pp file to FOO.pp.disabled and then
the rebuild process ignores *.disabled modules.

Since we want to start shipping

/etc/selinux/targeted/modules/active/modules/*.pp within the payload of
the rpm.  If we continued this method, a policy update would re-enable a
module.

The new mechanism will just create a symbolic link between FOO.pp and
FOO.pp.disabled.  Then the library will check all modules, and if a
module has a link, it will not be compiled into the policy.  This solves
the rpm update problem. and actually gives us an easier update
capability since if FOO.pp.disabled already exists using the old method,
it will continue to work with the new method.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-09-15 17:17:48 -04:00
Eric Paris
1f8cf403be update changelog and versions for 2011-08-26 2011-08-26 15:11:58 -04:00
Dan Walsh
acb4ecaa01 libsemanage: python wrapper makefile changes
Allow Change libsemanage Makefile to be able to build by default and to build
if you change the version of Python

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-08-26 14:27:54 -04:00
Eric Paris
6b6b475dcf update changelog and VERSION for latest changes 2011-08-17 11:17:28 -04:00
Dan Walsh
4b00b5c6a4 libsemanage: print error debug info for buggy fc files
Currently if you have a bug in a fc file, the store only reports that you have
a problem but not the name of the module, or any hint of what is wrong. This
patch will print out as much as been collected in the file_spec at the time
of the error.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-08-11 23:35:52 -04:00
Eric Paris
9cd587f553 libsemanage: introduce semanage_set_root and friends
Allow applications to specify an alternate root for selinux stores.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-08-11 23:35:52 -04:00
Eric Paris
9406ace82b libsemanage: throw exceptions in python rather than return NULL
Python doesn't really work on the basis of negative error code.  It
throws exceptions.  This patch automatically generates little stub
functions which will catch negative error codes and will throw
exceptions in their place.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-08-11 23:35:52 -04:00
Daniel J Walsh
78d58d73b4 libsemanage: python3 support.
Dave Malcolm has been working on adding python3 support to libsemanage
(and libselinux).

Change to Makefile to:

Support building the Python bindings multiple times, against various Python
runtimes (e.g. Python 2 vs Python 3) by optionally prefixing the build
targets with "PYPREFIX":

Should build python2 version by default, without the user doing any changes.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-08-11 23:35:52 -04:00
Russell Coker
d784fd71b5 libsemanage: patch for MCS/MLS in user files
The attached patch makes the
/etc/selinux/default/contexts/files/file_contexts.homedirs generation process
include the MCS/MLS level.

This means that if you have a user with a MCS/MLS level that isn't SystemLow
then their home directory will be labeled such that they can have read/write
access to it by default.

Unless anyone has any better ideas for how to solve this problem I will upload
this to Debian shortly.

What do the MLS users do in this situation?  Just relabel home directories
manually?

Finally it seems that when you run "semanage user -m" the
file_contexts.homedirs doesn't get updated, it's only when you run
"semanage login -m" that it takes affect.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Russell Coker <russell@coker.com.au>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-08-11 23:35:52 -04:00
Eric Paris
510003b63f Minor version bump for updates as of 2011-08-01
checkpolicy
libselinux
libsemanage
libsepol
policycoreutils

Signed-off-by: Eric Paris <eparis@redhat.com>
2011-08-01 13:49:21 -04:00
Eric Paris
d67b1ea1cb libsemanage: drop the -no-unused-parameter build flag
Annote the couple of places they are needed and drop the flag

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-08-01 13:40:20 -04:00
Eric Paris
dad5f79991 libsemanage: use -Werror
libsemanage should use -Werror just like libselinux

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-08-01 13:40:20 -04:00
Eric Paris
109dc801ec libsemanage: do not store generated files in git
libsemanage/src/semanage.py and libselinux/src/semanageswig_wrap.c
are both generated rather than being real code.  Do not store them
in git.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-08-01 13:40:20 -04:00
Steve Lawrence
44121f6624 Minor version bump for release
Bump checkpolicy to 2.1.0
Bump libselinux to 2.1.0
Bump libsepol to 2.1.0
Bump libsemanage to 2.1.0
Bump policycoreutils to 2.1.0
Bump sepolgen to 1.1.0
2011-07-27 15:32:54 -04:00
Chad Sellers
d17ed0d90d bump checkpolicy to 2.0.23
bump libselinux to 2.0.98
bump libsepol to 2.0.42
bump libsemanage to 2.0.46

Signed-off-by: Chad Sellers <csellers@tresys.com>
2010-12-16 14:11:57 -05:00
Justin P. Mattock
f7dd4ca760 Author: "Justin P. Mattock"
Email: justinmattock@gmail.com
Subject: libsemanage Fix warning: parameter 'key' set but not used(and others)
Date: Tue, 6 Jul 2010 15:23:30 -0700

libsemanage produced no errors with the warnings, Im just noticing
big hunks of sections with warning messages:

database_llist.c: In function 'dbase_llist_add':
database_llist.c:150:28: warning: parameter 'key' set but not used
database_llist.c: In function 'dbase_llist_count':
database_llist.c:221:50: warning: parameter 'handle' set but not used
database_llist.c: In function 'dbase_llist_del':
database_llist.c:278:41: warning: parameter 'handle' set but not used
(and so on...)
so add the GCC attribute to quiet these warnings since most go to
NULL;

Signed-off-by: Justin P. Mattock <justinmattock@gmail.com>
Signed-off-by: Chad Sellers <csellers@tresys.com>
2010-12-08 18:16:42 -05:00
Joshua Brindle
e6bfff4372 bump libsemanage to 2.0.45 and libselinux to 2.0.92 2010-03-06 18:10:51 -05:00
Daniel J Walsh
7420787817 updated libselinux pkgconfig does not work correctly on lib64 machines.
On 02/24/2010 02:24 PM, Daniel J Walsh wrote:
>
Ignore the first patch it was missing pc.in files.

Acked-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
Signed-off-by: Joshua Brindle <method@manicmethod.com>
2010-03-06 18:06:43 -05:00
Joshua Brindle
d03b941136 regenerate swig wrappers 2010-03-06 17:56:25 -05:00
Joshua Brindle
c1323f22c7 fixes to commit 847d27b8385ce77ac71df8aa58a2d298b33d1ea4
- implicit declaration of semanage_module_enabled()
- added nicer error messages when disabling or enabling modules already disabled or enabled
- fix comment

Signed-off-by: Joshua Brindle <method@manicmethod.com>
2010-03-06 17:56:25 -05:00
Daniel J Walsh
654dcb897e Last attempt at upstreaming semodule_disable patch.
This patch allows you to disable/Enable policy modules.

It never seems to get upstreamed.  :^(

Signed-off-by: Joshua Brindle <method@manicmethod.com>
2010-03-06 17:56:24 -05:00
Daniel J Walsh
c8d100bb03 Patch to run genhomedircon without looking at /etc/passwd
I want to change the default of libsemanage to not look for home
directories in getpwent.  This patch allows you to set the flag
usepasswd=false in the semanage.conf file. and genhomedircon will only
setup the labeling of /home, /export/home and any confined users homedirs.

If this patch is not acceptable because libsemanage is being rewritten,
I would like the functionality to be added to the new libsemanage.
2010-03-06 17:56:23 -05:00
Stephen Smalley
9a1814832b libsemanage 2.0.44 2010-02-02 15:34:16 -05:00
Stephen Smalley
0b2f9ef8f3 bzip support in libsemanage and out of memory (userspace ticket 7)
On Sun, 2010-01-24 at 21:29 +0100, Guido Trentalancia wrote:
> Hi !
>
> Has anybody had any time to look at this ticket:
> http://userspace.selinuxproject.org/trac/ticket/7 ?
>
> I have experienced the same issue and verified that the problem is actually triggered by the bzip support (as pointed out by Stephen Smalley back in August). In fact, if I use bzip-blocksize=0 in semanage.conf then the problem disappears...
>
> Otherwise with a default semanage.conf and bzip enabled, I get:
>
> libsepol.module_package_read_offsets: offset greater than file size (at 4, offset 200478 -> 8192 (No such file or directory).
> libsemanage.semanage_load_module: Error while reading from module file /etc/selinux/refpolicy/modules/tmp/base.pp. (No such file or directory).
> semodule:  Failed!
>
> I am using libsepol-2.0.41 and libsemanage-2.0.42.

Looking into this more closely, I believe this is another manifestation
of:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543915#17

which was ultimately traced down to two issues:
1) A missing offset check in libsepol (fixed in libsepol 2.0.38), and
2) A bug / lack of binary mode support in the fmemopen implementation in
glibc that was later fixed, see:
http://sourceware.org/bugzilla/show_bug.cgi?id=6544

Maybe you have the older glibc still?

Looking at the libsemanage code though, I think we could in fact avoid
any dependency on fmemopen by using the native libsepol support for
operating on a memory region via sepol_policy_file_set_mem(), ala:

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2010-02-02 15:31:28 -05:00
Joshua Brindle
7b9904bef3 bump libsemanage to 2.0.43 and policycoreutils to 2.0.78 2009-11-27 13:02:43 -05:00
Manoj Srivastava
a6700ba05f libsemanage: Fix the format of the NAME lines
Each manual page should start with a "NAME" section, which lists the
name and a brief description of the page separated by "\-". These
sections are parsed by "mandb" and stored in a database for the use of
"apropos" and "whatis", so they must be in a certain format. These
manual pages apparently use the wrong format and cannot be parsed by
"mandb". This commit fixes that.

Signed-off-by: Manoj Srivastava <srivasta@debian.org>
Signed-off-by: Joshua Brindle <method@manicmethod.com>
2009-11-27 12:51:57 -05:00
Joshua Brindle
55648ccca9 /lib/libsemanage.so.1 links to /usr/lib/libustr-1.0.so.1
Manoj Srivastava wrote:
> Hi,
>
>          As demonstrated by
>
> $ ldd /lib/libsemanage.so.1
>          linux-gate.so.1 =>   (0xb8092000)
>          libsepol.so.1 =>  /lib/libsepol.so.1 (0xb8015000)
>          libselinux.so.1 =>  /lib/libselinux.so.1 (0xb7ffa000)
>          libbz2.so.1.0 =>  /lib/libbz2.so.1.0 (0xb7fe9000)
>          libustr-1.0.so.1 =>  /usr/lib/libustr-1.0.so.1 (0xb7fbf000)
>          libc.so.6 =>  /lib/i686/cmov/libc.so.6 (0xb7e60000)
>          libdl.so.2 =>  /lib/i686/cmov/libdl.so.2 (0xb7e5c000)
>          /lib/ld-linux.so.2 (0xb8093000)
>
> 	libsemanage1 links to libustr which is located under the,
>   possible separate or external, /usr partition, which would render
>   libsemanage unusable in such setups. (This dependency has been around
>   since 2.0.9).
>
>          Should we move libsemanage1 to /usr/lib? The only reason for it
>   to be in /lib would be for early boot, where /usr might not be
>   available, but at this point, it is likely not usable without /usr
>   anyway.
>
>          manoj

Yes, I'm not sure why you'd need libsemanage during early boot, we
probably should apply this:

Signed-off-by: Joshua Brindle <method@manicmethod.com>
2009-11-27 12:37:43 -05:00
Chad Sellers
88a57ca14b Bump policycoreutils to 2.0.76
Bump libsepol to 2.0.41
Bump libsemanage to 2.0.42
2009-11-18 16:44:55 -05:00
Daniel J Walsh
eb014c79f1 Author: Daniel J Walsh
Email: dwalsh@redhat.com
Subject: Add modules support to semanage
Date: Thu, 12 Nov 2009 11:23:15 -0500

On 11/11/2009 01:52 PM, Chad Sellers wrote:
> On 9/30/09 2:33 PM, "Daniel J Walsh" <dwalsh@redhat.com> wrote:
>
>> Includes enable and disable.
>>
> I presume I should hold off on this patch until you have a chance to
> resubmit the libsemanage support that it relies on. Let me know if that's
> not the case.
>
> Thanks,
> Chad
>
Lets do this patch.

Moves load_policy from /usr/sbin to /sbin

Removed cruft.

Signed-off-by: Chad Sellers <csellers@tresys.com>
2009-11-18 15:33:00 -05:00
Eamon Walsh
7cdfd6e659 Bump libsepol to 2.0.40, libselinux to 2.0.89, libsemanage to 2.0.41. 2009-10-29 15:33:37 -04:00
Eamon Walsh
12777502c6 Add pkgconfig files for libsepol, libselinux, and libsemanage.
Having a pkgconfig files allows the pkg-config tool to be used to
query the presence of the library (or a particular version of it),
and to obtain the C flags and linker arguments to build with it.

Based on Debian patches by Manoj Srivastava <srivasta@debian.org>.

Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
2009-10-22 14:50:07 -04:00
Chad Sellers
6f4660679f Bump libselinux to 2.0.88 and libsemanage to 2.0.40 2009-10-22 14:00:10 -04:00
Chad Sellers
bd74c23c7b libsemanage: Add function to turn off file contexts validation
This patch adds a function to turn off file contexts validation.
We need this for cross-installs in rpm, where we install policy
into a chroot that has binaries of a different architecture which
cannot be executed on the build system. So, we would like to use
this function to disable executing setfiles. This of course means
the file contexts could be invalid, but we're willing to take
that risk.

Signed-off-by:  Chad Sellers <csellers@tresys.com>
2009-10-22 13:53:19 -04:00
Eamon Walsh
0857e3e478 Add subdirectory .gitignore files.
These take care of executables and generated source files.

Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
2009-10-20 21:25:55 -04:00
Joshua Brindle
0e421afd55 bump libselinux to 2.0.87 and libsemanage to 2.0.39 2009-09-28 16:17:30 -04:00
Joshua Brindle
94c51ba3b1 make swigify 2009-09-28 16:17:11 -04:00
Joshua Brindle
6e7e247f6c bump libsemanage to 2.0.38 and policycoreutils to 2.0.74 2009-09-16 16:59:13 -04:00
Daniel J Walsh
faff0a77c6 Author: Daniel J Walsh
Email: dwalsh@redhat.com
Subject: libsemanage patch
Date: Wed, 16 Sep 2009 13:27:25 -0400

Updated patch.  Need check in two places.

Signed-off-by: Joshua Brindle <method@manicmethod.com>
2009-09-16 16:56:54 -04:00
Daniel J Walsh
c282c4024d I think I sent this patch before, it is the upgrade patch.
Basically it makes semodule -u file.pp, install file.pp if it does not exist.  This matches the rpm syntax, and allows us too update/install many packages with a transaction without know whether the package is updated or installed.

Currently we can only do a -i which could hammer a newwer version.

commit 3a5ed0fdf42200d0efd6cb1064eab91d2eb5ca52
Author: Dan Walsh <dwalsh@redhat.com>
Date:   Mon Aug 24 11:36:41 2009 -0400

    i Upgrade patch
2009-09-16 10:50:10 -04:00
Joshua Brindle
eaaafe2151 bump policycoreutils to 2.0.73 and libsemanage to 2.0.37 2009-09-04 13:26:37 -04:00
Chad Sellers
f3d9262568 Fix semanage_direct_commit() to notice disable_dontaudit
Add code to semanage_direct_commit() to notice that the disable_dontaudit
flag has been changed and rebuild the policy if so.

Currently, libsemanage doesn't notice that the disable_dontaudit flag is
set so it does not rebuild the policy. semodule got around this by calling
semanage_set_rebuild() explicitly, but libsemanage should really notice
that this has changed and rebuild appropriately.
2009-09-04 13:20:01 -04:00
Stephen Smalley
e376f725fc libsemanage 2.0.36 2009-08-24 15:28:42 -04:00
Stephen Smalley
c3c7ef9c65 libsemanage issue with bzip-blocksize=0 and compressed modules in store
On Mon, 2009-08-24 at 10:57 -0400, Chris PeBenito wrote:
> On Mon, 2009-08-24 at 10:04 -0400, Stephen Smalley wrote:
> > On Mon, 2009-08-24 at 09:54 -0400, Chris PeBenito wrote:
> > > I took the current release of libsemanage and added the patch to add a
> > > bzip blocksize option[1].  The modules in my store were already
> > > compressed with the stock release.  I put bzip-blocksize=0 in my
> > > semanage.conf and I do semodule -B and get:
> > >
> > > libsepol.module_package_read_offsets: wrong magic number for module
> > > package:  expected 0xf97cff8f, got 0x39685a42 (No such file or
> > > directory).
> > > libsemanage.semanage_load_module: Error while reading from module
> > > file /etc/selinux/strict/modules/tmp/modules/apm.pp. (No such file or
> > > directory).
> > > semodule:  Failed!
> > >
> > > If I do semodule -l, it will also get the magic number error.  If I
> > > remove the blocksize option, it works again.  I was able to reinsert all
> > > of the modules to get it working again with the blocksize 0 option.
> > >
> > > [1] http://userspace.selinuxproject.org/trac/changeset/ee9827000137fed2d3300124115fc1572acafe2f
> >
> > Yes, that's what I would expect.  The expectation is that either one
> > would set that option before installing the policy for the first time,
> > or that one completely re-installs the policy after setting that option.
>
> Can we have a little better handling of this case?  I don't mind
> reinstalling the policy, but the error messages aren't helpful.  In
> addition, with semodule -l being broken, I have to look into the module
> store to see what modules are installed or guess.

Seems like it is just as easy to just support pre-existing compressed
modules, see below.

Explicitly probe for the bzip2 magic string prefix and fall through to
BZ2_bzReadOpen() if the module is bzipped even if bzip-blocksize=0.
Thus bzip-blocksize=0 will prevent any further compression of
subsequently installed/updated modules, but will continue to function
with existing compressed modules.

Signed-off-by:  Stephen Smalley <sds@tycho.nsa.gov>
2009-08-24 15:26:48 -04:00
Stephen Smalley
0fb9c99a4d libsemanage 2.0.35 2009-08-05 14:13:27 -04:00
Stephen Smalley
8edc3f9730 libsemanage: do not hard link files
Remove the support for hard linking files in semanage_copy_file, as it
is unsafe and can leave the active store corrupted if something goes
wrong during the transaction.  It also can leave the installed policy
files with incorrect file modes or security contexts.

To do this safely, we would need to change all functions that write to
the sandbox files to first unlink the destination file.  This was done
in the original patch for the write_file helper but not for other cases.
It would need to be done for all functions that open.*O_CREAT or
fopen.*w on a file in the sandbox.

We also don't want this applied to the installed policy files, as they
need to be created with appropriate file modes and security contexts
that may differ from the sandbox files.  At present, the hard link
support will only affect the installed policy files when they are first
created; afterward the link() call will always fail with EEXIST since
they are not unlinked prior to installation (nor would that be safe as
it could leave the system without a policy - rename would make more
sense in that situation).  If we were to re-introduce hard link support,
we ought to use different helpers or flags for installing the policy
files than for copying the active store to the temporary sandbox to
avoid affecting both.

Signed-off-by:  Stephen Smalley <sds@tycho.nsa.gov>
2009-08-05 14:09:43 -04:00
Stephen Smalley
76412ffad6 libsemanage 2.0.34 2009-08-05 08:40:36 -04:00
Stephen Smalley
ee98270001 libsemanage: Enable configuration of bzip behavior
Allow the administrator to customize the bzip block size and "small"
flag via semanage.conf.  After applying you can add entries like these
to your /etc/selinux/semanage.conf to trade off memory vs disk space
(block size) and to trade off memory vs runtime (small):

bzip-blocksize=4
bzip-small=true

You can also disable bzip compression altogether for your module store
via:
bzip-blocksize=0

The semanage.conf entries are now validated against legal value ranges
at handle creation time.

Signed-off-by:  Stephen Smalley <sds@tycho.nsa.gov>
2009-08-05 08:33:34 -04:00
Joshua Brindle
3ba84a9f7f Merge branch 'master' of jbrindle@oss.tresys.com:/home/git/selinux 2009-07-07 16:22:10 -04:00
Daniel J Walsh
834253d13a Author: Daniel J Walsh
Email: dwalsh@redhat.com
Subject: libsemanage direct_api can return errors < 0.
Date: Mon, 08 Jun 2009 15:07:59 -0400

Signed-off-by: Joshua Brindle <method@manicmethod.com>
2009-07-07 16:22:00 -04:00
Stephen Smalley
4d92b1f8d8 libsemanage 2.0.33 2009-07-07 14:26:15 -04:00
Christopher Pardy
200efad4cb libsemanage: maintain disable dontaudit state between handle commits
Currently any changes made to the policy which require committing a handle cause dontaudit rules to be re-enabled. This is confusing, and frustrating for users who want to edit policy with dontaudit rules turned off. This patch allows semanage to remember the last state of the dontaudit rules and apply them as default whenever a handle is connected. Additionally other functions may check for the file semanage creates to determine if dontaudit rules are turned on. This knowledge can be useful for tools like SETroubleshoot which may want to change their behavior depending on the state of the dontaudit rules. In the event that a the file cannot be created a call to commit will fail.

Signed-off-by: Christopher Pardy <cpardy@redhat.com>

[sds:  Removed duplicate from other patch and cleaned up style.]
[sds:  Changed uses of semanage_fname to semanage_path.]
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2009-07-07 14:21:17 -04:00
Daniel J Walsh
a401a87622 Author: Daniel J Walsh
Email: dwalsh@redhat.com
Subject: libsemanage spelling mistake in error code.
Date: Mon, 08 Jun 2009 15:14:02 -0400

Signed-off-by: Joshua Brindle <method@manicmethod.com>
2009-06-30 11:56:16 -04:00
Stephen Smalley
0b659be9a5 bump libsemanage to 2.0.32 2009-05-28 10:55:27 -04:00
David P. Quigley
d7dfd88158 libsemanage: Add Ruby Bindings
This patch adds a SWIG specification file for ruby bindings for libsemanage.
The spec file is almost identical to the python SWIG file with the exception
that all list generating typemaps have been removed and the python related
functions have been replaced with the corresponding ruby ones. Finally the
Makefile is modified to be able to build the new bindings. Something to note is
that on 64-bit systems ruby.h might be found somewhere under /usr/lib64 instead
of /usr/lib so LIBDIR=/usr/lib64 will be needed to build the ruby bindings from
source.

Below is an example using the ruby bindings and produces the similar output
to semodule -l

#!/usr/bin/ruby
require "semanage"

handle = Semanage.semanage_handle_create

Semanage.semanage_select_store(handle, "targeted", Semanage::SEMANAGE_CON_DIRECT)
Semanage.semanage_connect(handle)
module_info = Semanage.semanage_module_list(handle)

modules = Array.new()
module_info[2].times do |n|
        temp_module = Semanage.semanage_module_list_nth(module_info[1], n)
        mod_string = Semanage.semanage_module_get_name(temp_module).to_s + " " \
                        + Semanage.semanage_module_get_version(temp_module).to_s
        modules.push(mod_string)
end

        puts "List of Installed Modules"
modules.each do |str|
        puts str
end

Signed-off-by: David P. Quigley <dpquigl@tycho.nsa.gov>
2009-05-28 10:53:11 -04:00
Joshua Brindle
10760735e9 bump libsemanage to 2.0.31 2009-01-12 10:45:26 -05:00
Joshua Brindle
844e23c77b regenerate swig bindings for compression support from commit 142bafa24900b5d9480818c9e81670bbeba2b44d 2009-01-12 10:19:58 -05:00
Joshua Brindle
df77db47e5 Author: Daniel J Walsh
Email: dwalsh@redhat.com
Subject: Now that F11 has started, I am putting in the compression support.
Date: Mon, 12 Jan 2009 10:37:23 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Joshua Brindle wrote:
> Daniel J Walsh wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> libsemanage patch to add compression.
>>
>> Uses bzip compression, all pp files in active/previous stored in
>> compressed state.  Added new interfaces to be user by policycoreutils to
>> specify file rather then memory map.
>>
>> Also uses link instead of copy whenever possible to save disk space.
>> Seeing about a 10 fold savings on policy footprint.
>
> resend
>
> Comments inline
>
>> diff --exclude-from=exclude -N -u -r
> nsalibsemanage/include/semanage/modules.h
> libsemanage-2.0.28/include/semanage/modules.h
>> --- nsalibsemanage/include/semanage/modules.h 2008-08-28
> 09:34:24.000000000 -0400
>> +++ libsemanage-2.0.28/include/semanage/modules.h 2008-10-13
> 12:35:22.000000000 -0400
>> @@ -30,10 +30,16 @@
>>
>> int semanage_module_install(semanage_handle_t *,
>> char *module_data, size_t data_len);
>> +int semanage_module_install_file(semanage_handle_t *,
>> + const char *module_name);
>> int semanage_module_upgrade(semanage_handle_t *,
>> char *module_data, size_t data_len);
>> +int semanage_module_upgrade_file(semanage_handle_t *,
>> + const char *module_name);
>> int semanage_module_install_base(semanage_handle_t *,
>> char *module_data, size_t data_len);
>> +int semanage_module_install_base_file(semanage_handle_t *,
>> + const char *module_name);
>> int semanage_module_remove(semanage_handle_t *, char *module_name);
>>
>> /* semanage_module_info is for getting information on installed
>> diff --exclude-from=exclude -N -u -r nsalibsemanage/src/Makefile
> libsemanage-2.0.28/src/Makefile
>> --- nsalibsemanage/src/Makefile 2008-08-28 09:34:24.000000000 -0400
>> +++ libsemanage-2.0.28/src/Makefile 2008-10-13 12:35:22.000000000 -0400
>> @@ -54,7 +54,7 @@
>> ranlib $@
>>
>> $(LIBSO): $(LOBJS)
>> - $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -lselinux -lustr
> -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
>> + $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -lselinux -lbz2
> -lustr -L$(LIBDIR)
> -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
>> ln -sf $@ $(TARGET)
>>
>> conf-scan.c: conf-scan.l conf-parse.h
>> diff --exclude-from=exclude -N -u -r nsalibsemanage/src/direct_api.c
> libsemanage-2.0.28/src/direct_api.c
>> --- nsalibsemanage/src/direct_api.c 2008-09-15 12:20:44.000000000 -0400
>> +++ libsemanage-2.0.28/src/direct_api.c 2008-10-13 16:36:51.000000000
> -0400
>> @@ -50,6 +50,7 @@
>> #include "semanage_store.h"
>> #include "database_policydb.h"
>> #include "policy.h"
>> +#include <sys/mman.h>
>>
>> static void semanage_direct_destroy(semanage_handle_t * sh);
>> static int semanage_direct_disconnect(semanage_handle_t * sh);
>> @@ -57,10 +58,13 @@
>> static int semanage_direct_commit(semanage_handle_t * sh);
>> static int semanage_direct_install(semanage_handle_t * sh, char *data,
>> size_t data_len);
>> +static int semanage_direct_install_file(semanage_handle_t * sh, const
> char *module_name);
>> static int semanage_direct_upgrade(semanage_handle_t * sh, char *data,
>> size_t data_len);
>> +static int semanage_direct_upgrade_file(semanage_handle_t * sh, const
> char *module_name);
>> static int semanage_direct_install_base(semanage_handle_t * sh, char
> *base_data,
>> size_t data_len);
>> +static int semanage_direct_install_base_file(semanage_handle_t * sh,
> const char *module_name);
>> static int semanage_direct_remove(semanage_handle_t * sh, char
> *module_name);
>> static int semanage_direct_list(semanage_handle_t * sh,
>> semanage_module_info_t ** modinfo,
>> @@ -73,8 +77,11 @@
>> .begin_trans = semanage_direct_begintrans,
>> .commit = semanage_direct_commit,
>> .install = semanage_direct_install,
>> + .install_file = semanage_direct_install_file,
>> .upgrade = semanage_direct_upgrade,
>> + .upgrade_file = semanage_direct_upgrade_file,
>> .install_base = semanage_direct_install_base,
>> + .install_base_file = semanage_direct_install_base_file,
>> .remove = semanage_direct_remove,
>> .list = semanage_direct_list
>> };
>> @@ -378,12 +385,157 @@
>> return 0;
>> }
>>
>> +#include <stdlib.h>
>> +#include <bzlib.h>
>> +#include <string.h>
>> +#include <sys/sendfile.h>
>> +
>> +/* bzip() a file to '*data', returning the total number of
> uncompressed bytes
>> + * in the file. Returns 0 if file could not be decompressed. */
>
> Why 0? Can we make this -1?
>
Fixed
>> +static size_t bzip(const char *filename, char *data, size_t num_bytes) {
>> + BZFILE* b;
>> + size_t size = 1<<16;
>> + int bzerror;
>> + size_t total = 0;
>> + size_t len = 0;
>> + FILE *f;
>> +
>> + if ((f = fopen(filename, "wb")) == NULL) {
>> + return 0;
>> + }
>> +
>> + b = BZ2_bzWriteOpen( &bzerror, f, 9, 0, 0);
>> + if (bzerror != BZ_OK) {
>> + BZ2_bzWriteClose ( &bzerror, b, 1, 0, 0 );
>> + return 0;
>> + }
>> +
>> + while ( num_bytes > total ) {
>> + if (num_bytes - total > size) {
>> + len = size;
>> + } else {
>> + len = num_bytes - total;
>> + }
>> + BZ2_bzWrite ( &bzerror, b, &data[total], len );
>> + if (bzerror == BZ_IO_ERROR) {
>> + BZ2_bzWriteClose ( &bzerror, b, 1, 0, 0 );
>> + return 0;
>> + }
>> + total += len;
>> + }
>> +
>> + BZ2_bzWriteClose ( &bzerror, b, 0, 0, 0 );
>> + fclose(f);
>> + if (bzerror == BZ_IO_ERROR) {
>> + return 0;
>> + }
>> + return total;
>> +}
>> +
>> +/* bunzip() a file to '*data', returning the total number of
> uncompressed bytes
>> + * in the file. Returns 0 if file could not be decompressed. */
>
> Same as above.
>
Fixed
>> +size_t bunzip(FILE *f, char **data) {
>> + BZFILE* b;
>> + size_t nBuf;
>> + char buf[1<<18];
>> + size_t size = sizeof(buf);
>> + int bzerror;
>> + size_t total=0;
>> +
>> + b = BZ2_bzReadOpen ( &bzerror, f, 0, 0, NULL, 0 );
>> + if ( bzerror != BZ_OK ) {
>> + BZ2_bzReadClose ( &bzerror, b );
>> + return 0;
>> + }
>> +
>> + char *uncompress = realloc(NULL, size);
>> +
>> + while ( bzerror == BZ_OK) {
>> + nBuf = BZ2_bzRead ( &bzerror, b, buf, sizeof(buf));
>> + if (( bzerror == BZ_OK ) || ( bzerror == BZ_STREAM_END )) {
>> + if (total + nBuf > size) {
>> + size *= 2;
>> + uncompress = realloc(uncompress, size);
>> + }
>> + memcpy(&uncompress[total], buf, nBuf);
>> + total += nBuf;
>> + }
>> + }
>> + if ( bzerror != BZ_STREAM_END ) {
>> + BZ2_bzReadClose ( &bzerror, b );
>> + free(uncompress);
>> + return 0;
>> + }
>> + BZ2_bzReadClose ( &bzerror, b );
>> +
>> + *data = uncompress;
>> + return total;
>> +}
>> +
>> +/* mmap() a file to '*data',
>> + * If the file is bzip compressed map_file will uncompress
>> + * the file into '*data'.
>> + * Returns the total number of bytes in memory .
>> + * Returns 0 if file could not be opened or mapped. */
>
> Same as above
>
Fixed
>> +static size_t map_file(int fd, char **data, int *compressed)
>> +{
>> + int size;
>> + char *uncompress;
>> + if ((size = bunzip(fdopen(fd, "r"), &uncompress)) > 0) {
>> + *data = mmap(0, size, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_ANONYMOUS, 0, 0);
>> + if (*data == MAP_FAILED) {
>> + free(uncompress);
>> + return 0;
>> + } else {
>> + memcpy(*data, uncompress, size);
>> + }
>> + free(uncompress);
>> + *compressed = 1;
>> + } else {
>> + struct stat sb;
>> + if (fstat(fd, &sb) == -1 ||
>> + (*data = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0)) ==
>> + MAP_FAILED) {
>> + size = 0;
>> + } else {
>> + size = sb.st_size;
>> + }
>> + *compressed = 0;
>> + }
>> +
>> + return size;
>> +}
>> +
>> +static int dupfile( const char *dest, int src_fd) {
>> + int dest_fd = -1;
>> + int retval = 0;
>> + int cnt;
>> + char buf[1<<18];
>> +
>> + if (lseek(src_fd, 0, SEEK_SET) == -1 ) return -1;
>> +
>> + if ((dest_fd = open(dest, O_WRONLY | O_CREAT | O_TRUNC,
>> + S_IRUSR | S_IWUSR)) == -1) {
>> + return -1;
>> + }
>> +
>> + while (( retval == 0 ) &&
>> + ( cnt = read(src_fd, buf, sizeof(buf)))> 0 ) {
>> + if (write(dest_fd, buf, cnt) < cnt) retval = -1;
>> + }
>> + close(dest_fd);
>> + return retval;
>> +}
>> +
>> /* Writes a block of data to a file. Returns 0 on success, -1 on
>> * error. */
>> static int write_file(semanage_handle_t * sh,
>> const char *filename, char *data, size_t num_bytes)
>> {
>> int out;
>> +
>> + /* Unlink no matter what, incase this file is a hard link, ignore
> error */
>> + unlink(filename);
>> if ((out =
>> open(filename, O_WRONLY | O_CREAT | O_TRUNC,
>> S_IRUSR | S_IWUSR)) == -1) {
>> @@ -499,7 +651,7 @@
>> sepol_policydb_t *out = NULL;
>>
>> /* Declare some variables */
>> - int modified, fcontexts_modified, ports_modified,
>> + int modified = 0, fcontexts_modified, ports_modified,
>> seusers_modified, users_extra_modified;
>> dbase_config_t *users = semanage_user_dbase_local(sh);
>> dbase_config_t *users_base = semanage_user_base_dbase_local(sh);
>> @@ -815,7 +967,9 @@
>> &filename)) != 0) {
>> goto cleanup;
>> }
>> - if (write_file(sh, filename, data, data_len) == -1) {
>> +
>> + if (bzip(filename, data, data_len) == 0) {
>> + ERR(sh, "Error while writing to %s.", filename);
>> retval = -3;
>> }
>> retval = 0;
>  retval = -3 gets smashed immediately afterward
>
>> @@ -826,19 +980,60 @@
>> return retval;
>> }
>>
>> -/* Similar to semanage_direct_install(), except that it checks that
>> - * there already exists a module with the same name and that the
>> - * module is an older version then the one in 'data'. Returns 0 on
>> - * success, -1 if out of memory, -2 if the data does not represent a
>> - * valid module file, -3 if error while writing file or reading
>> - * modules directory, -4 if there does not exist an older module or if
>> - * the previous module is same or newer than 'data'.
>> - */
>> -static int semanage_direct_upgrade(semanage_handle_t * sh,
>> - char *data, size_t data_len)
>> +/* Attempts to link a module to the sandbox's module directory,
> unlinking any
>> + * previous module stored within. Returns 0 on success, -1 if out of
> memory, -2 if the
>> + * data does not represent a valid module file, -3 if error while
>> + * writing file. */
>> +
>> +static int semanage_direct_install_file(semanage_handle_t * sh,
>> + const char *install_filename)
>> {
>> +
>> + int retval = -1;
>> + char *data = NULL;
>> + size_t data_len = 0;
>> + int compressed = 0;
>> + int in_fd = -1;
>> +
>> + if ((in_fd = open(install_filename, O_RDONLY)) == -1) {
>> + return 0;
>
> returning 0 on failure here
>
Fixed
>> + }
>> +
>> + if ((data_len = map_file(in_fd, &data, &compressed)) == 0) {
>> + goto cleanup;
>> + }
>> +
>> + if (compressed) {
>> + char *module_name = NULL, *version = NULL, *filename = NULL;
>> + if ((retval = parse_module_headers(sh, data, data_len,
>> + &module_name, &version,
>> + &filename)) != 0) {
>> + goto cleanup;
>
> Probably need to free module_name, version, filename here
>
Why these are cleaned up in cleanup and if it gets an error it should
not have allocated memory?
>> + }
>> +
>> + if (data_len > 0) munmap(data, data_len);
>> + data_len = 0;
>> + retval = dupfile(filename, in_fd);
>> + free(version);
>> + free(filename);
>> + free(module_name);
>> +
>> + } else {
>> + retval = semanage_direct_install(sh, data, data_len);
>> + }
>> +
>> + cleanup:
>> + close(in_fd);
>> + if (data_len > 0) munmap(data, data_len);
>> +
>> + return retval;
>> +}
>> +
>> +
>> +static int get_direct_upgrade_filename(semanage_handle_t * sh,
>> + char *data, size_t data_len, char **outfilename) {
>> int i, retval, num_modules = 0;
>> - char *module_name = NULL, *version = NULL, *filename = NULL;
>> + char *filename = NULL, *module_name = NULL, *version = NULL;
>
> ?
Removed
>
>> semanage_module_info_t *modinfo = NULL;
>> if ((retval = parse_module_headers(sh, data, data_len,
>> &module_name, &version,
>> @@ -868,14 +1063,10 @@
>> if (retval == -4) {
>> ERR(sh, "There does not already exist a module named %s.",
>> module_name);
>> - goto cleanup;
>> - }
>> - if (write_file(sh, filename, data, data_len) == -1) {
>> - retval = -3;
>> }
>> +
>> cleanup:
>> free(version);
>> - free(filename);
>> free(module_name);
>> for (i = 0; modinfo != NULL && i < num_modules; i++) {
>> semanage_module_info_t *m =
>> @@ -883,6 +1074,80 @@
>> semanage_module_info_datum_destroy(m);
>> }
>> free(modinfo);
>> + if (retval == 0) {
>> + *outfilename = filename;
>> + } else {
>> + free(filename);
>> + }
>> + return retval;
>> +}
>> +
>> +/* Similar to semanage_direct_install(), except that it checks that
>> + * there already exists a module with the same name and that the
>> + * module is an older version then the one in 'data'. Returns 0 on
>> + * success, -1 if out of memory, -2 if the data does not represent a
>> + * valid module file, -3 if error while writing file or reading
>> + * modules directory, -4 if there does not exist an older module or if
>> + * the previous module is same or newer than 'data'.
>> + */
>> +static int semanage_direct_upgrade(semanage_handle_t * sh,
>> + char *data, size_t data_len)
>> +{
>> + char *filename = NULL;
>> + int retval = get_direct_upgrade_filename(sh,
>> + data, data_len,
>> + &filename);
>> + if (retval == 0) {
>> + if (bzip(filename, data, data_len) == 0) {
>> + ERR(sh, "Error while writing to %s.", filename);
>> + retval = -3;
>> + }
>> + free(filename);
>> + }
>> + return retval;
>> +}
>> +
>> +/* Attempts to link a module to the sandbox's module directory,
> unlinking any
>> + * previous module stored within.
>> + * Returns 0 on success, -1 if out of memory, -2 if the
>> + * data does not represent a valid module file, -3 if error while
>> + * writing file. */
>> +
>> +static int semanage_direct_upgrade_file(semanage_handle_t * sh,
>> + const char *module_filename)
>> +{
>> + int retval = -1;
>> + char *data = NULL;
>> + size_t data_len = 0;
>> + int compressed = 0;
>> + int in_fd = -1;
>> +
>> + if ((in_fd = open(module_filename, O_RDONLY)) == -1) {
>> + return 0;
>
> returning 0 on failure
>
Fixed
>> + }
>> +
>> + if ((data_len = map_file(in_fd, &data, &compressed)) == 0) {
>> + goto cleanup;
>> + }
>> +
>> + if (compressed) {
>> + char *filename = NULL;
>> + retval = get_direct_upgrade_filename(sh,
>> + data, data_len,
>> + &filename);
>> +
>> + if (retval != 0) goto cleanup;
>> +
>> + retval = dupfile(filename, in_fd);
>> + free(filename);
>> + } else {
>> + retval = semanage_direct_upgrade(sh, data, data_len);
>> + }
>> +
>> + cleanup:
>> + close(in_fd);
>> + if (data_len > 0) munmap(data, data_len);
>> +
>> return retval;
>> }
>>
>> @@ -903,7 +1168,8 @@
>> if ((filename = semanage_path(SEMANAGE_TMP, SEMANAGE_BASE)) == NULL) {
>> goto cleanup;
>> }
>> - if (write_file(sh, filename, base_data, data_len) == -1) {
>> + if (bzip(filename, base_data, data_len) == 0) {
>> + ERR(sh, "Error while writing to %s.", filename);
>> retval = -3;
>> }
>> retval = 0;
>
> retval gets smashed
>
Fixed, this was an existing bug, BTW
>> @@ -911,6 +1177,49 @@
>> return retval;
>> }
>>
>> +/* Writes a base module into a sandbox, overwriting any previous base
>> + * module.
>> + * Returns 0 on success, -1 if out of memory, -2 if the data does not
> represent
>> + * a valid base module file, -3 if error while writing file.
>> + */
>> +static int semanage_direct_install_base_file(semanage_handle_t * sh,
>> + const char *install_filename)
>> +{
>> + int retval = -1;
>> + char *data = NULL;
>> + size_t data_len = 0;
>> + int compressed = 0;
>> + int in_fd;
>> +
>> + if ((in_fd = open(install_filename, O_RDONLY)) == -1) {
>> + return 0;
>
> returning 0 on failure
>
Fixed
>> + }
>> +
>> + if ((data_len = map_file(in_fd, &data, &compressed)) == 0) {
>> + goto cleanup;
>> + }
>> +
>> + if (compressed) {
>> + const char *filename = NULL;
>> + if ((retval = parse_base_headers(sh, data, data_len)) != 0) {
>> + goto cleanup;
>> + }
>> + if ((filename = semanage_path(SEMANAGE_TMP, SEMANAGE_BASE)) == NULL) {
>> + goto cleanup;
>> + }
>> +
>> + retval = dupfile(filename, in_fd);
>> + } else {
>> + retval = semanage_direct_install_base(sh, data, data_len);
>> + }
>> +
>> + cleanup:
>> + close(in_fd);
>> + if (data_len > 0) munmap(data, data_len);
>> +
>> + return retval;
>> +}
>> +
>> /* Removes a module from the sandbox. Returns 0 on success, -1 if out
>> * of memory, -2 if module not found or could not be removed. */
>> static int semanage_direct_remove(semanage_handle_t * sh, char
> *module_name)
>> @@ -1005,15 +1314,26 @@
>> * report it */
>> continue;
>> }
>> + size_t size;
>> + char *data = NULL;
>> +
>> + if ((size = bunzip(fp, &data)) != 0) {
>> + fclose(fp);
>> + fp = fmemopen(data, size, "rb");
>
> unhandled error from fclose and fmemopen
>
Fixed fmemopen failure,  we don't check fclose failure anywhere in the code.
>> + }
>> + rewind(fp);
>> +
>> __fsetlocking(fp, FSETLOCKING_BYCALLER);
>> sepol_policy_file_set_fp(pf, fp);
>> if (sepol_module_package_info(pf, &type, &name, &version)) {
>> fclose(fp);
>> + free(data);
>> free(name);
>> free(version);
>> continue;
>> }
>> fclose(fp);
>> + free(data);
>> if (type == SEPOL_POLICY_MOD) {
>> (*modinfo)[*num_modules].name = name;
>> (*modinfo)[*num_modules].version = version;
>> diff --exclude-from=exclude -N -u -r nsalibsemanage/src/direct_api.h
> libsemanage-2.0.28/src/direct_api.h
>> --- nsalibsemanage/src/direct_api.h 2008-08-28 09:34:24.000000000 -0400
>> +++ libsemanage-2.0.28/src/direct_api.h 2008-10-13 12:35:22.000000000
> -0400
>> @@ -37,4 +37,7 @@
>>
>> int semanage_direct_access_check(struct semanage_handle *sh);
>>
>> +#include <stdio.h>
>> +size_t bunzip(FILE *f, char **data);
>> +
>> #endif
>> diff --exclude-from=exclude -N -u -r
> nsalibsemanage/src/libsemanage.map libsemanage-2.0.28/src/libsemanage.map
>> --- nsalibsemanage/src/libsemanage.map 2008-08-28 09:34:24.000000000
> -0400
>> +++ libsemanage-2.0.28/src/libsemanage.map 2008-10-13
> 12:35:22.000000000 -0400
>> @@ -3,8 +3,10 @@
>> semanage_is_managed; semanage_connect; semanage_disconnect;
>> semanage_msg_*;
>> semanage_begin_transaction; semanage_commit;
>> - semanage_module_install; semanage_module_upgrade;
>> - semanage_module_install_base; semanage_module_remove;
>> + semanage_module_install; semanage_module_install_file;
>> + semanage_module_upgrade; semanage_module_upgrade_file;
>> + semanage_module_install_base; semanage_module_install_base_file;
>> + semanage_module_remove;
>> semanage_module_list; semanage_module_info_datum_destroy;
>> semanage_module_list_nth; semanage_module_get_name;
>> semanage_module_get_version; semanage_select_store;
>> diff --exclude-from=exclude -N -u -r nsalibsemanage/src/modules.c
> libsemanage-2.0.28/src/modules.c
>> --- nsalibsemanage/src/modules.c 2008-08-28 09:34:24.000000000 -0400
>> +++ libsemanage-2.0.28/src/modules.c 2008-10-13 12:35:22.000000000 -0400
>> @@ -52,6 +52,25 @@
>> return sh->funcs->install(sh, module_data, data_len);
>> }
>>
>> +int semanage_module_install_file(semanage_handle_t * sh,
>> + const char *module_name) {
>> +
>> + if (sh->funcs->install_file == NULL) {
>> + ERR(sh,
>> + "No install function defined for this connection type.");
>> + return -1;
>> + } else if (!sh->is_connected) {
>> + ERR(sh, "Not connected.");
>> + return -1;
>> + } else if (!sh->is_in_transaction) {
>> + if (semanage_begin_transaction(sh) < 0) {
>> + return -1;
>> + }
>> + }
>> + sh->modules_modified = 1;
>> + return sh->funcs->install_file(sh, module_name);
>> +}
>> +
>> int semanage_module_upgrade(semanage_handle_t * sh,
>> char *module_data, size_t data_len)
>> {
>> @@ -71,6 +90,25 @@
>> return sh->funcs->upgrade(sh, module_data, data_len);
>> }
>>
>> +int semanage_module_upgrade_file(semanage_handle_t * sh,
>> + const char *module_name) {
>> +
>> + if (sh->funcs->upgrade_file == NULL) {
>> + ERR(sh,
>> + "No upgrade function defined for this connection type.");
>> + return -1;
>> + } else if (!sh->is_connected) {
>> + ERR(sh, "Not connected.");
>> + return -1;
>> + } else if (!sh->is_in_transaction) {
>> + if (semanage_begin_transaction(sh) < 0) {
>> + return -1;
>> + }
>> + }
>> + sh->modules_modified = 1;
>> + return sh->funcs->upgrade_file(sh, module_name);
>> +}
>> +
>> int semanage_module_install_base(semanage_handle_t * sh,
>> char *module_data, size_t data_len)
>> {
>> @@ -90,6 +128,25 @@
>> return sh->funcs->install_base(sh, module_data, data_len);
>> }
>>
>> +int semanage_module_install_base_file(semanage_handle_t * sh,
>> + const char *module_name) {
>> +
>> + if (sh->funcs->install_base_file == NULL) {
>> + ERR(sh,
>> + "No install base function defined for this connection type.");
>> + return -1;
>> + } else if (!sh->is_connected) {
>> + ERR(sh, "Not connected.");
>> + return -1;
>> + } else if (!sh->is_in_transaction) {
>> + if (semanage_begin_transaction(sh) < 0) {
>> + return -1;
>> + }
>> + }
>> + sh->modules_modified = 1;
>> + return sh->funcs->install_base_file(sh, module_name);
>> +}
>> +
>> int semanage_module_remove(semanage_handle_t * sh, char *module_name)
>> {
>> if (sh->funcs->remove == NULL) {
>> diff --exclude-from=exclude -N -u -r nsalibsemanage/src/policy.h
> libsemanage-2.0.28/src/policy.h
>> --- nsalibsemanage/src/policy.h 2008-08-28 09:34:24.000000000 -0400
>> +++ libsemanage-2.0.28/src/policy.h 2008-10-13 12:35:22.000000000 -0400
>> @@ -49,8 +49,14 @@
>> /* Install a policy module */
>> int (*install) (struct semanage_handle *, char *, size_t);
>>
>> + /* Install a policy module */
>> + int (*install_file) (struct semanage_handle *, const char *);
>> +
>> /* Upgrade a policy module */
>> int (*upgrade) (struct semanage_handle *, char *, size_t);
>> +
>> + /* Upgrade a policy module */
>> + int (*upgrade_file) (struct semanage_handle *, const char *);
>>
>> /* Remove a policy module */
>> int (*remove) (struct semanage_handle *, char *);
>> @@ -61,6 +67,9 @@
>>
>> /* Install base policy */
>> int (*install_base) (struct semanage_handle *, char *, size_t);
>> +
>> + /* Install a base module */
>> + int (*install_base_file) (struct semanage_handle *, const char *);
>> };
>>
>> /* Should be backend independent */
>> diff --exclude-from=exclude -N -u -r
> nsalibsemanage/src/semanage_store.c libsemanage-2.0.28/src/semanage_store.c
>> --- nsalibsemanage/src/semanage_store.c 2008-09-15 12:20:44.000000000
> -0400
>> +++ libsemanage-2.0.28/src/semanage_store.c 2008-10-13
> 12:57:29.000000000 -0400
>> @@ -440,6 +440,8 @@
>> char tmp[PATH_MAX];
>> char buf[4192];
>>
>> + if (link(src,dst) == 0) return 0;
>> +
>> n = snprintf(tmp, PATH_MAX, "%s.tmp", dst);
>> if (n < 0 || n >= PATH_MAX)
>> return -1;
>> @@ -1522,16 +1524,26 @@
>> ERR(sh, "Could not open module file %s for reading.", filename);
>> goto cleanup;
>> }
>> + size_t size;
>> + char *data = NULL;
>> +
>> + if ((size = bunzip(fp, &data)) != 0) {
>> + fclose(fp);
>> + fp = fmemopen(data, size, "rb");
>> + }
>
> unhandled error from fclose and fmemopen
>
Fixed as above
>
>> + rewind(fp);
>> __fsetlocking(fp, FSETLOCKING_BYCALLER);
>> sepol_policy_file_set_fp(pf, fp);
>> sepol_policy_file_set_handle(pf, sh->sepolh);
>> if (sepol_module_package_read(*package, pf, 0) == -1) {
>> ERR(sh, "Error while reading from module file %s.", filename);
>> fclose(fp);
>> + free(data);
>> goto cleanup;
>> }
>> sepol_policy_file_free(pf);
>> fclose(fp);
>> + free(data);
>> return retval;
>>
>> cleanup:
>
>
2009-01-12 10:19:44 -05:00
Stephen Smalley
46dc67016b Bump libsemanage to 2.0.30. 2008-11-12 09:27:21 -05:00
Stephen Smalley
0a515c4610 libsemanage: Add semanage_mls_enabled interface
Add a semanage_mls_enabled() interface to libsemanage so that
semanage/seobject can be rewritten to use it to test whether MLS is
enabled for a given policy store rather than checking the runtime MLS
enabled status, which can be misleading when using semanage on a
SELinux-disabled host or when using semanage on a store other than the
active one.  Sample usage:
	from semanage import *
	handle = semanage_handle_create()
	rc = semanage_connect(handle)
	rc = semanage_mls_enabled(handle)

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2008-11-12 09:20:30 -05:00
Joshua Brindle
223bb406d8 Bump libsemanage to 2.0.29 and policycoreutils to 2.0.59 2008-11-09 11:20:40 -05:00
Christopher J. PeBenito
9e2c58f924 homedir_template generation skips USER lines
The current libsemanage code does not correctly add lines which include
USER in them into the homedir_template, for example:

/tmp/gconfd-USER -d	system_u:object_r:ROLE_tmp_t

This line was included in the past since it has ROLE.  However, with the
switch to UBAC separations, the line has changed to:

/tmp/gconfd-USER -d	system_u:object_r:user_tmp_t

and is no longer included.  The follwing patch fixes.

Signed-off-by: Joshua Brindle <method@manicmethod.com>
2008-11-09 11:17:42 -05:00
Joshua Brindle
f187d4a56e bump to libsemanage 2.0.28 2008-09-15 11:25:27 -04:00
Joshua Brindle
e319cd8538 Author: Daniel J Walsh
Email: dwalsh@redhat.com
Subject: libsemage patch to not compile modules for seusers and fcontext
Date: Wed, 10 Sep 2008 10:30:08 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ivan Gyurdiev wrote:
>
>>> I'm a little unclear on what this is doing - can you clarify?
>>>
>> This is clearing the existing seusers.final file, otherwise delete was
>> not working.
>>
> I think the previous code was doing more - it was merging the local file
> with the shipped base package file, like this:
>
>    data = extract_file_from_policy_package( )
>    write_file ( "seusers.final", data )
>    if ( data != null ) {
>        seusers.clear_cache()  // thereby forcing reload from
> seusers.final when cache() is called again (in merge_components)
>    } else {
>        seusers.clear()
>    }
>
> It's also doing this three times (once for fcontexts, once for seusers,
> once for seusers_extra).
> The problem is that you're skipping the link_sandbox call, which builds
> the base package, containing this information.
>
> Ivan
>
>
Ok I found some problems with the previous patch and did some code
reuse.  I added a function that only read base.pp in order to handle the
 base user_extra and seusers problem.

Signed-off-by: Joshua Brindle <method@manicmethod.com>
2008-09-15 09:25:33 -04:00
Joshua Brindle
13cd4c8960 initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00