Preserve file context and ownership in policy store #66
Commits on Aug 9, 2024
-
libselinux: set free'd data to NULL
Fixes segfault in selabel_open() on systems with SELinux disabled and without any SELinux policy installed introduced by commit 5876aca ("libselinux: free data on selabel open failure"): $ sestatus SELinux status: disabled $ cat /etc/selinux/config cat: /etc/selinux/config: No such file or directory $ matchpathcon /abc [1] 907999 segmentation fault (core dumped) matchpathcon /abc Signed-off-by: Petr Lautrbach <lautrbach@redhat.com> Acked-by: James Carter <jwcart2@gmail.com>
-
libselinux/restorecon: Include <selinux/label.h>
restorecon.h uses types defined in label.h, so it needs to include label.h (or code using restorecon.h also needs to include label.h, which is not practical). Fixes: $ make DESTDIR=~/obj install > make.out In file included from semanage_store.c:39: /home/sdsmall/obj/usr/include/selinux/restorecon.h:137:52: error: ‘struct selabel_handle’ declared inside parameter list will not be visible outside of this definition or declaration [-Werror] 137 | extern void selinux_restorecon_set_sehandle(struct selabel_handle *hndl); | ^~~~~~~~~~~~~~ cc1: all warnings being treated as errors make[2]: *** [Makefile:111: semanage_store.o] Error 1 make[1]: *** [Makefile:15: install] Error 2 make: *** [Makefile:40: install] Error 1 Signed-off-by: Vit Mojzis <vmojzis@redhat.com> Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com> -
libsemanage: Preserve file context and ownership in policy store
Make sure that file context (all parts) and ownership of files/directories in policy store does not change no matter which user and under which context executes policy rebuild. Fixes: # semodule -B # ls -lZ /etc/selinux/targeted/contexts/files -rw-r--r--. 1 root root unconfined_u:object_r:file_context_t:s0 421397 Jul 11 09:57 file_contexts -rw-r--r--. 1 root root unconfined_u:object_r:file_context_t:s0 593470 Jul 11 09:57 file_contexts.bin -rw-r--r--. 1 root root unconfined_u:object_r:file_context_t:s0 14704 Jul 11 09:57 file_contexts.homedirs -rw-r--r--. 1 root root unconfined_u:object_r:file_context_t:s0 20289 Jul 11 09:57 file_contexts.homedirs.bin SELinux user changed from system_u to the user used to execute semodule # capsh --user=testuser --caps="cap_dac_override,cap_chown+eip" --addamb=cap_dac_override,cap_chown -- -c "semodule -B" # ls -lZ /etc/selinux/targeted/contexts/files -rw-r--r--. 1 testuser testuser unconfined_u:object_r:file_context_t:s0 421397 Jul 19 09:10 file_contexts -rw-r--r--. 1 testuser testuser unconfined_u:object_r:file_context_t:s0 593470 Jul 19 09:10 file_contexts.bin -rw-r--r--. 1 testuser testuser unconfined_u:object_r:file_context_t:s0 14704 Jul 19 09:10 file_contexts.homedirs -rw-r--r--. 1 testuser testuser unconfined_u:object_r:file_context_t:s0 20289 Jul 19 09:10 file_contexts.homedirs.bin Both file context and ownership changed -- causes remote login failures and other issues in some scenarios. Signed-off-by: Vit Mojzis <vmojzis@redhat.com> Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
-
checkpolicy: Check the right bits of an ibpkeycon rule subnet prefix
The lower 64 bits of the subnet prefix for an ibpkeycon rule should all be 0's. Unfortunately the check uses the s6_addr macro which refers to the 16 entry array of 8-bit values in the union and does not refer to the correct bits. Use the s6_addr32 macro instead which refers to the 4 entry array of 32-bit values in the union and refers to the lower 64 bits. Signed-off-by: James Carter <jwcart2@gmail.com> Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
-
libselinux: Fix integer comparison issues when compiling for 32-bit
Trying to compile libselinux for 32-bit produces the following error: selinux_restorecon.c:1194:31: error: comparison of integer expressions of different signedness: ‘__fsword_t’ {aka ‘int’} and ‘unsigned int’ [-Werror=sign-compare] 1194 | if (state.sfsb.f_type == RAMFS_MAGIC || state.sfsb.f_type == TMPFS_MAGIC || | ^~ Since RAMFS_MAGIC = 0x858458f6 == 2240043254, which > 2^31, but < 2^32, cast both as uint32_t for the comparison. Reported-by: Daniel Schepler Signed-off-by: James Carter <jwcart2@gmail.com> Reviewed-by: Christian Göttsche <cgzones@googlemail.com> Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com> -
libsepol/sepol_compute_sid: Do not destroy uninitialized context
Avoid context_destroy() on "newcontext" before context_init() is called. Fixes: libsepol-3.6/src/services.c:1335: var_decl: Declaring variable "newcontext" without initializer. libsepol-3.6/src/services.c:1462: uninit_use_in_call: Using uninitialized value "newcontext.range.level[0].cat.node" when calling "context_destroy". \# 1460| rc = sepol_sidtab_context_to_sid(sidtab, &newcontext, out_sid); \# 1461| out: \# 1462|-> context_destroy(&newcontext); \# 1463| return rc; \# 1464| } Signed-off-by: Vit Mojzis <vmojzis@redhat.com> Reviewed-by: Christian Göttsche <cgzones@googlemail.com> Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.