Commit Graph

611 Commits

Author SHA1 Message Date
Jason Zaman
fcb5d5cc72 Makefiles: drop -L/-I to system paths
The toolchain automatically handles them and they break cross compiling.

LDFLAGS should also come before object files, some flags (eg,
-Wl,as-needed) can break things if they are in the wrong place)

Gentoo-Bug: https://bugs.gentoo.org/500674

Signed-off-by: Jason Zaman <jason@perfinion.com>
2017-04-25 08:27:05 -04:00
Jason Zaman
b5fe48da20 libselinux: PCRE_LDFLAGS is actually LDLIBS
>From Make's manual:

LDFLAGS
Extra flags to give to compilers when they are supposed to invoke the
linker, ‘ld’, such as -L. Libraries (-lfoo) should be added to the
LDLIBS variable instead.

LDLIBS
Library flags or names given to compilers when they are supposed to
invoke the linker, ‘ld’. Non-library linker flags, such as -L, should go
in the LDFLAGS variable.

https://www.gnu.org/software/make/manual/html_node/Implicit-Variables.html

Signed-off-by: Jason Zaman <jason@perfinion.com>
2017-04-25 08:23:45 -04:00
Jason Zaman
3eebfc2873 libselinux: get pcre CFLAGS/LDFLAGS from pkg-config
Gentoo-Bug: https://bugs.gentoo.org/500674

Signed-off-by: Jason Zaman <jason@perfinion.com>
2017-04-25 08:21:50 -04:00
Nick Kralevich
64afa1aff1 libselinux: add O_CLOEXEC
Makes libselinux safer and less likely to leak file descriptors when
used as part of a multithreaded program.

Signed-off-by: Nick Kralevich <nnk@google.com>
2017-04-12 14:51:41 -04:00
Nicolas Iooss
bb3f428c08 libselinux: getsebool: always free names
When getsebool's main() fails to allocate memory for the boolean names,
it returns without freeing variables first, even though other errors do
this (with label "out").

This silences a warning reported by clang's static analyzer.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2017-04-12 14:46:02 -04:00
Nicolas Iooss
a9094fae2c libselinux: avoid calling strcmp() on a NULL pointer
When curcon is NULL, calling strcmp(curcon, newcon) produces an undefined
behavior. Avoid this by checking whether curcon is NULL beforehand.

This issue has been found using clang's static analyzer.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2017-04-12 14:44:55 -04:00
Nicolas Iooss
9d3091a6d3 libselinux: ensure that 4 columns are read from /proc/mounts
If exclude_non_seclabel_mounts() ever gets run on a kernel where
/proc/mounts only contains three columns, mount_info[3] will be used
"without being initialized in "strtok(mount_info[3], ",")" because
variable index would be 3 at the end of this loop:

    index = 0;
    item = strtok(buf, " ");
    while (item != NULL) {
        mount_info[index] = item;
        if (index == 3)
            break;
        index++;
        item = strtok(NULL, " ");
    }

Swap the condition on index and its increment so that it gets to 4 only
when there are at least four columns.

This issue has been found using clang's static analyzer.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2017-04-11 14:32:16 -04:00
Nicolas Iooss
c09fb32384 libselinux: make process_boolean() fail on invalid lines
When security_load_booleans() calls process_boolean() to parse a boolean
definition, process_boolean() returns a successful value when it fails
to use strtok_r() (e.g. when there is no "=" in the parsed line). This
leads security_load_booleans() to use uninitialized name and/or val when
setting the boolean into the policy.

This issue has been found using clang's static analyzer and is similar
to the one which has been fixed in libsepol with commit 76f8c04c19
("libsepol: make process_boolean() fail on invalid lines"). Fix it in
the same way.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2017-04-11 14:27:01 -04:00
Nicolas Iooss
55b5b7a646 libselinux: do not dereference a NULL pointer when calloc() fails
selabel_is_digest_set() contains the following code:

        digest = calloc(1, sizeof(*digest));
        if (!digest)
            goto err;

    /* ... */

    err:
        free(digest->digest);

If calloc() failed, digest is NULL but is dereferenced when the
execution jumps to label err.

Check that digest is not NULL before freeing its fields.

This issue has been found using clang's static analyzer.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2017-04-11 14:19:52 -04:00
Nicolas Iooss
b6579d262e libsepol: constify sepol_genbools()'s boolpath parameter
This allows removing an unnecessary cast to (char *) in libselinux.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2017-03-29 10:26:44 -04:00
Nicolas Iooss
ded385d377 libselinux: initialize temp value in SWIG wrapper to prevent freeing garbage
Currently this Python program triggers a segmentation fault in
libselinux SWIG wrapper:

    import selinux
    selinux.get_ordered_context_list()

gdb shows that the segmentation fault occurs when freeing some memory:

    Reading symbols from python...(no debugging symbols found)...done.
    Starting program: /usr/bin/python -c import\
    selinux\;selinux.get_ordered_context_list\(\)
    [Thread debugging using libthread_db enabled]
    Using host libthread_db library "/usr/lib/libthread_db.so.1".

    Program received signal SIGSEGV, Segmentation fault.
    0x00007ffff789a304 in free () from /usr/lib/libc.so.6
    (gdb) bt
    #0  0x00007ffff789a304 in free () from /usr/lib/libc.so.6
    #1  0x00007ffff6011499 in freeconary (con=0x7ffff6ac5d00) at
    freeconary.c:14
    #2  0x00007ffff6296899 in _wrap_get_ordered_context_list
    (self=<optimized out>, args=<optimized out>) at
    selinuxswig_wrap.c:6185
    #3  0x00007ffff741891f in _PyCFunction_FastCallDict () from
    /usr/lib/libpython3.6m.so.1.0
    ...

SWIG generated the following code for _wrap_get_ordered_context_list():

    char ***arg3 = (char ***) 0 ;
    char **temp3 ;
    arg3 = &temp3;
    if (!PyArg_ParseTuple(args, "OO:get_ordered_context_list",&obj0,&obj1))
        SWIG_fail;
    /* ... */
  fail:
    if (*arg3) freeconary(*arg3);

If PyArg_ParseTuple fails, freeconary() is called on the value of
"temp3", which has not been initialized. Fix this by initializing temp
to NULL in the SWIG template.

A similar issue exists with security_get_boolean_names(). Fix it too.

This issue has been found using clang's static analyzer, on a system
which uses SWIG 3.0.12.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2017-03-01 10:42:45 -05:00
Nicolas Iooss
1cd3e1a40a libselinux, libsemanage: make PYPREFIX computation more robust
On systems where $PYTHON is python3.5 (instead of python2 or python3),
pkg-config fails to find the Python package because it is named with a
dash (e.g. python-3.5).

Moreover the build system may have been using the pkg-config
configuration files for the wrong Python version when several Python
with the same major version number are installed (e.g. using python-3.5
on a system with both python-3.4 and python-3.5 and where
/usr/lib/pkgconfig/python3.pc is a symlink to python-3.5.pc).

In order to fix these two issues, compute $PYPREFIX from $PYTHON by
using the full major.minor version.

Moreover update Travis-Ci configuration to grab the relevant
configuration files for pkg-config from /opt/python (for example
/opt/python/3.5.2/lib/pkgconfig/python-3.5.pc) instead of using
system-provided files (/usr/lib/x86_64-linux-gnu/pkgconfig/python3.pc
and /usr/lib/x86_64-linux-gnu/pkgconfig/python2.pc).

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2017-02-21 13:42:52 -05:00
Richard Haines
454768f56d setfiles: Fix setfiles progress indicator
This fixes the following bug:
UX regression: setfiles progress indicator is now misleading and
confusing in fixfiles.

The outputting of * is replaced by the number of files in 1k increments
as the previous versions. If "/" is specified on the pathname, then this
will indicate a mass relabel, an example output will be:
restorecon -nRp /etc /tmp /boot /
/etc 100.0%
/tmp 100.0%
/boot 100.0%
3.2%

Also setfiles(8) and restorecon(8) versions that are implemented using
the selinux_restorecon(3) function do not support the [-o filename]
option as this was deprecated. This has now been made clear by displaying
a message to stderr.

The documentation has also been updated to reflect these changes.

Reported-by: Alan Jenkins <alan.christopher.jenkins@gmail.com>
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
2017-01-27 09:39:22 -05:00
Lokesh Mandvekar
b9213c7f1a libselinux: selinux_restorecon.3 man page typo fix
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
2017-01-25 15:51:45 -05:00
Thomas Petazzoni
05abcb1d13 libselinux/src/regex.c: support old compilers for the endian check
libselinux 2.6 has added some code in regex.c that uses __BYTE_ORDER__
to determine the system endianness. Unfortunately, this definition
provided directly by the compiler doesn't exist in older gcc versions
such as gcc 4.4.

In order to address this, this commit extends the logic to use
<endian.h> definitions if __BYTE_ORDER__ is not provided by the
compiler. This allows libselinux to build properly with gcc 4.4.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-01-25 09:18:16 -05:00
Stephen Smalley
b88c4a4707 libselinux: disable filespec hash table stats on non-debug builds
Disable generating filespec hash table stats on non-debug builds,
as they are not useful information for users and cause fixfiles
check to produce noisy output.

Reported-by: Alan Jenkins <alan.christopher.jenkins@gmail.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2017-01-24 14:45:24 -05:00
Nicolas Iooss
6c853f3fb9 libselinux: fix argument order in get_default_context_with_rolelevel() doc
libselinux/src/get_context_list.c defines

    get_default_context_with_rolelevel(user, role, level...

libselinux/utils/getdefaultcon.c uses

    get_default_context_with_rolelevel(seuser, role, level...

but libselinux/include/selinux/get_context_list.h declares

    get_default_context_with_rolelevel(user, level, role...

and libselinux/man/man3/get_ordered_context_list.3 follows this
declaration.

Fix the header and the man page.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2017-01-19 11:52:41 -05:00
Nicolas Iooss
6351fed560 libselinux: always free catalog in db_init()
This variable may be leaked in some error paths.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2017-01-19 08:48:49 -05:00
Nicolas Iooss
dcd135cc06 Re-link programs after libsepol.a is updated
After libsepol is modified (for example while developing new features or
fixing bugs), running "make install" in the top-level directory does not
update the programs which use libsepol.a. Add this static library to the
target dependencies in order to force their updates. This makes "make"
use libsepol.a in the linking command without using LDLIBS.

While at it, copy what commit 14d7064348 ("libselinux: Allow
overriding libsepol.a location during build") introduced in libselinux
Makefile by using a new LIBSEPOLA variable in all Makefiles.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2017-01-18 16:41:34 -05:00
Stephen Smalley
1cd972fc81 libselinux: selinux_restorecon: only log no default label warning for caller-supplied pathname
$ touch /tmp/foo
$ chcon -t etc_t /tmp/foo
$ restorecon /tmp/foo
Warning no default label for /tmp/foo
$ restorecon -R /tmp/foo
Warning no default label for /tmp/foo
$ restorecon -R /tmp

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2017-01-13 15:28:51 -05:00
Sandeep Patil
6a2e352de7 libselinux: replace all malloc + memset by calloc in android label backend.
Signed-off-by: Sandeep Patil <sspatil@google.com>
2017-01-13 10:46:29 -05:00
Stephen Smalley
d66c54e2e2 libselinux: selinux_restorecon: only log no default label warning if recursive
In commit 36f1ccbb57 ("policycoreutils: setfiles: print error if
no default label found"), a warning message was added to setfiles/restorecon
if the user explicitly does a restorecon /path/to/foo and
/path/to/foo does not have any matching label in file_contexts; in the
case of a restorecon -R or setfiles, the warning isn't supposed to be
logged.  The check on the recursive flag got dropped when this logic was
taken into selinux_restorecon(3) in libselinux.  Restore this check so
that we do not generate noisy log messages on restorecon -R or setfiles.

Reported-by: Alan Jenkins <alan.christopher.jenkins@gmail.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2017-01-13 09:57:46 -05:00
Nicolas Iooss
3c85f9f1a0 libselinux: include errno.h instead of sys/errno.h
Building with musl libc leads to some build errors:

    setrans_client.c: In function ‘receive_response’:
    setrans_client.c:147:19: error: implicit declaration of function
    ‘readv’ [-Werror=implicit-function-declaration]
      while (((count = readv(fd, resp_hdr, 3)) < 0) && (errno == EINTR)) ;
                       ^~~~~

and:

    In file included from matchpathcon.c:10:0:
    /usr/include/sys/errno.h:1:2: error: #warning redirecting incorrect
    #include <sys/errno.h> to <errno.h> [-Werror=cpp]
     #warning redirecting incorrect #include <sys/errno.h> to <errno.h>
      ^

Fix the first one by including <sys/uio.h> and the second one by using
<errno.h> instead of <sys/errno.h>.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2017-01-09 16:00:22 -05:00
Petr Lautrbach
14f07097c3 libselinux: Rewrite restorecon() python method
When the restorecon method was added to the libselinux swig python
bindings, there was no libselinux restorecon implementation and it
he had to call matchpathcon() which is deprecated in favor of
selabel_lookup().

The new restorecon method uses selinux_restorecon method from libselinux
and which is exported by the previous commit.

https://github.com/SELinuxProject/selinux/issues/29

Fixes:
>>> selinux.restorecon('/var/lib', recursive=True)
Traceback (most recent call last):
  File "/usr/lib64/python3.5/site-packages/selinux/__init__.py", line 114, in restorecon
    status, context = matchpathcon(path, mode)
FileNotFoundError: [Errno 2] No such file or directory

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2017-01-09 13:23:20 -05:00
Petr Lautrbach
0399ec6438 libselinux: Generate SWIG wrappers for selinux_restorecon()
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2017-01-09 13:23:20 -05:00
Guido Trentalancia
5db4537f64 libselinux: Fix unitialized variable compiler warnings
Fix unitialized variable compiler warnings when using the
"-O3 -Werror" flags on gcc6 by initializing the variables in
question. The variables were never used before being initialized.

Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2017-01-06 12:15:12 -05:00
Nicolas Iooss
055d14a99a libselinux/utils: do not create an empty /sbin directory
When building libselinux package, "make install" creates /sbin directory
without putting anything in it. Remove this from the Makefile.

While at it, rename USRBINDIR variable USRSBINDIR (with an S) as it
refers to /usr/sbin.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-12-21 16:20:47 -05:00
Mike Frysinger
7179fd8738 man: standardize spacing with pointers in prototypes
The majority of prototypes don't put a space between the "*" and the
parameter name.  i.e. this style is incorrect:
	char * foo;
Instead, we want:
	char *foo;

Fix a bunch of references that use this uncommon style.

Signed-off-by: Mike Frysinger <vapier@gentoo.org>
2016-12-12 14:44:26 -05:00
Mike Frysinger
fc3d8ceafc selinux(8): fix display of man page references
The section number shouldn't be bolded.  Fix a few references in
selinux(8) to match all the other man pages.

Signed-off-by: Mike Frysinger <vapier@gentoo.org>
2016-12-12 14:44:22 -05:00
Stephen Smalley
7e09f584e1 libsepol,libselinux,audit2allow: teach audit2why about type bounds failures
Teach audit2why to recognize type bounds failures.  This required
updating libsepol sepol_compute_av_reason() to identify bounds
failures, and updating libsepol context_struct_compute_av() to
include the type bounds logic from the kernel.

This could potentially be further augmented to provide more detailed
reporting via the reason buffer to include information similar to
what security_dump_masked_av() reports in the kernel.  However, it
is unclear if this is needed.  It is already possible to get type
bounds checking at policy build time by enabling expand-check=1
in /etc/selinux/semanage.conf (or by default when compiling
monolithic policy).

Before:
type=AVC msg=audit(1480451925.038:3225): avc:  denied  { getattr } for  pid=7118 comm="chmod" path="/home/sds/selinux-testsuite/tests/bounds/bounds_file_blue" dev="dm-2" ino=23337697 scontext=unconfined_u:unconfined_r:test_bounds_child_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:test_bounds_file_blue_t:s0 tclass=file permissive=0

	Was caused by:
		Unknown - would be allowed by active policy
		Possible mismatch between this policy and the one under which the audit message was generated.

		Possible mismatch between current in-memory boolean settings vs. permanent ones.

After:
type=AVC msg=audit(1480451925.038:3225): avc:  denied  { getattr } for  pid=7118 comm="chmod" path="/home/sds/selinux-testsuite/tests/bounds/bounds_file_blue" dev="dm-2" ino=23337697 scontext=unconfined_u:unconfined_r:test_bounds_child_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:test_bounds_file_blue_t:s0 tclass=file permissive=0
        Was caused by:
                Typebounds violation.

                Add an allow rule for the parent type.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-29 15:53:59 -05:00
Stephen Smalley
dd8d5671e2 libselinux: avcstat: Clean up redundant condition
dcb314 reported this via https://github.com/SELinuxProject/selinux/issues/20

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-29 11:11:26 -05:00
Nick Kralevich
044f6ef104 procattr.c: Use __ANDROID__ instead of ANDROID
When code is compiled within the Android tree, the resulting binaries
are intended to run either on the "host" (the machine doing the
building) or the "target" (the machine running the Android operating
system).

"ANDROID" is defined if the code is being compiled for the host or the
target, whereas "__ANDROID__" is only defined for code being compiled for
the target. (yes, I agree, this is not obvious).

gettid() is only declared in the target environment, not the host
environment, so adjust the #ifdef to properly emit the gettid()
definition for binaries targeting the host.

Signed-off-by: Nick Kralevich <nnk@google.com>
2016-11-28 09:32:21 -05:00
Nick Kralevich
bb96e1305d enabled.c: Remove stdio_ext.h header
This appears to be unused.

Signed-off-by: Nick Kralevich <nnk@google.com>
2016-11-28 09:29:41 -05:00
Nick Kralevich
8f9057c2ea label_file.h: actually use the results of compat_validate
process_line called compat_validate, but never actually looked at the
return value. When an invalid entry is found, a warning is printed, but
since the upper layers of the code don't see the error, validation
appears to succeed.

Steps to reproduce on Android:

1) Edit system/sepolicy/private/file_contexts and create an entry with
an invalid label.
2) Recompile Android, which executes out/host/linux-x86/bin/checkfc to
check if file_contexts is valid.

Expected: Compile failure.
Actual: Compile succeeds with warnings.

Change-Id: I20fa18c7b11b5ffdd243c3274bedc4518431e1fb
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-21 09:24:31 -05:00
Stephen Smalley
a609434b95 libselinux: normalize enforce values from the kernel
Normalize enforce values received from the kernel via
/sys/fs/selinux/enforce or netlink selinux notifications
to ensure that we always return a 0 or 1 to userspace code.
selinux_status_getenforce(), which reads the enforce value
via the SELinux kernel status page (/sys/fs/selinux/status)
already normalizes its result, so we do not need to update it.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-18 09:48:25 -05:00
Nicolas Iooss
9140de74cf libselinux, libsemanage: use Python-specific .so extension
The Makefiles currently install the Python wrapper libraries using .so
suffix (_selinux.so, audit2why.so and _semanage.so). Even though this
works well with CPython 2 and 3, PyPy fails to find these files because
it is looking for files with a specific version token in the suffix (eg.
_selinux.pypy-41.so).

This suffix is advertised by the imp module. Here is the result of
'import imp;print([s for s, m, t in imp.get_suffixes() if t ==
imp.C_EXTENSION])' for several Python versions:

    Python 2.7.12: ['.so', 'module.so']
    Python 3.5.2: ['.cpython-35m-x86_64-linux-gnu.so', '.abi3.so', '.so']
    PyPy 5.4.1 (Python 2.7.10): ['.pypy-41.so']
    PyPy3 5.5.0-alpha0 (Python 3.3.5): ['.pypy3-55.so', '.pypy3-55.so']

Define the name of the installed Python-C extension using the first
extension of these lists, in order to make the Python extensions
compatible with pypy.

When building the Python wrappers for PyPy and PyPy3 on Linux, the
following environment variables need to be set (PyPy does not provide a
pkg-config file nor a platform-agnostic way to build the string
"-lpypy-c"):

    PYTHON=pypy (or PYTHON=pypy3)
    PYINC=-I$($PYTHON -c 'import sys;print(sys.prefix)')/include
    PYLIBS=-lpypy-c (or PYLIBS= if LDFLAGS does not have
        -Wl,-no-undefined)

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-11-18 08:52:38 -05:00
Nicolas Iooss
489dd595d7 libselinux: audit2why: remove unused module_state structure
This structure has been empty since its introduction and makes clang
complain when $(filter-out -Werror, $(CFLAGS)) is removed in the
Makefile target for audit2why.lo:

    audit2why.c:443:1: error: empty struct has size 0 in C, size 1 in
    C++ [-Werror,-Wc++-compat]
      struct module_state {
      ^
      1 error generated.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-11-18 08:52:32 -05:00
Stephen Smalley
7935dee8f6 Drop ChangeLog files
They can be generated as desired via git log.
No need to keep maintaining them by hand.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-16 12:10:58 -05:00
Stephen Smalley
2ceadad8a3 Updated libselinux and libsemanage ChangeLog
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-15 11:14:24 -05:00
Nicolas Iooss
79db6da87f libselinux, libsemanage: swig: use SWIG_fail when an error occurs
Using SWIG_fail in the Python SWIG wrappers makes the wrapping function
destroy/free the memory which could have been dynamically allocated
before calling the wrapped function. This thus prevents possible memory
leaks in the wrappers of set*con(), set*con_raw(), security_compute_*(),
etc.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-11-15 11:11:25 -05:00
Nicolas Iooss
db17f12273 libselinux,libsemanage: fall back to gcc in exception.sh
clang does not support -aux-info option. When exception.sh is run with
CC=clang, use gcc to build selinuxswig_python_exception.i and
semanageswig_python_exception.i.

This does not solve the issue of building libselinux and libsemanage
Python wrappers on a system without gcc. However parsing the result of
"gcc -aux-info" is easier than parsing the header files so stay with
this command at least for now.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-11-15 11:10:57 -05:00
Stephen Smalley
2c1ae0f029 Updated libselinux and libsemanage ChangeLogs
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-15 11:07:20 -05:00
Nicolas Iooss
bb98da0948 libselinux,libsemanage: link Python wrapper with Python
When linking with -Wl,-no-undefined in LDFLAGS (in order to find
possible link-time errors), the Python wrapper module needs to be
linked with the right libpython.so. This library is found using
pkg-config in a new PYLIBS variable.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-11-15 11:04:00 -05:00
Nicolas Iooss
f5b9bc2a06 libselinux,libsemanage: link Ruby wrapper with -lruby
When linking with -Wl,-no-undefined in LDFLAGS (in order to find
possible link-time errors), the Ruby wrapper module needs to be linked
with the libruby.so which is used by $(RUBY). Introduce a new RUBYLIBS
variable to find this library.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-11-15 11:04:00 -05:00
Nicolas Iooss
22e3ad6633 libselinux,libsemanage: use Ruby to define RUBYINC
This makes building libselinux and libsemanage  more robust on systems
with several versions of Ruby installed: when building, only RUBY needs
to be set, without wondering about PKG_CONFIG_PATH or other environment
variables.

Using RbConfig::CONFIG["rubyarchhdrdir"] only works with Ruby >= 2.0 but
since previous Ruby versions are retired since 2015-02-23 this should
not have any impact
(https://www.ruby-lang.org/en/news/2015/02/23/support-for-ruby-1-9-3-has-ended/).

While at it, in libsemanage, use RbConfig::CONFIG["vendorarchdir"] to
install the Ruby extension, like commit 1cd80faa53 ("libselinux:
versioned ruby pkg-config and query vendorarchdir properly") did for
libselinux.

My main motivation with this patch is to make the build configuration
easier to define on Travis-CI or other continuous integration platforms.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-11-15 11:04:00 -05:00
Stephen Smalley
bfe9360ca5 Updated libselinux ChangeLog
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-14 13:11:28 -05:00
Stephen Smalley
bbc930c756 libselinux: fix subdir build and usage of cmdline CFLAGS
commit 16c123f4b1 ("libselinux:
support ANDROID_HOST=1 on Mac") broke the ability to run make
in the src subdirectory of libselinux (because OS and COMPILER
were not defined) and also caused some warning flags that could
be overridden via command-line CFLAGS to be mandatory.  Fix it.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-14 13:10:51 -05:00
Stephen Smalley
b42a293978 Updated libselinux and libsemanage ChangeLogs
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-07 16:02:42 -05:00
Nicolas Iooss
70b986539e libselinux, libsemanage: remove *swig_python_exception.i if its creation failed
When compiling libselinux with CC=clang, "make pywrap" reports the
following message:

    bash exception.sh > selinuxswig_python_exception.i
    clang-3.9: error: no such file or directory: 'temp.aux'
    awk: fatal: cannot open file `temp.aux' for reading (No such file or
    directory)

This does not make the build fail as exception.sh returns an "OK"
status. Use "bash -e" with this script to make it return an error value.

In order not to keep an empty selinuxswig_python_exception.i file after
a build fails (which would make a second run of "make pywrap" incorrectly
succeed), remove the file when exception.sh fails.

As libsemanage uses the same code to build
semanageswig_python_exception.i, modify its Makefile too.

By the way, on Linux clang does not seem to currently support -aux-info
so it cannot be used to craft selinuxswig_python_exception.i.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-11-07 15:58:05 -05:00
Nicolas Iooss
581dde735a libselinux: remove rpm_execcon from SWIG wrappers
The Python wrapper of rpm_execcon() has several flaws:
* An invalid call like selinux.rpm_execcon() triggers a segmentation
  fault.
* The size of the buffer which is allocated to copy argv and envp is
  too small to hold all the values.
* This allocated memory is leaked if one argument of rpm_execon() is not
  a sequence of bytes.

The Ruby wrapper has no such flaws but can not be used as it is because
it misses some glue code to convert argv and envp arguments to char
*const [] values (even though the destructor is present!).

As it is not possible to remove rpm_execcon() without changing
libselinux soname (it would be an ABI break) like b67fefd991
("libselinux: set DISABLE_RPM default to y.") tried to do, disable this
interface locally in the SWIG wrappers.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-11-07 15:55:08 -05:00