tequilaOS/platform_external_selinux
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

policycoreutils: semanage: check file equivalence rules for conflict

Browse source 
Check for conflict on equivalence when adding a file context.
If a user adds a file context that begins with an equivalence string, we
throw an exception.

/usr/sbin/semanage: File spec /usr/lib64/dan conflicts with equivalency rule '/usr/lib64 /usr/lib'; Try adding '/usr/lib/dan' instead

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
This commit is contained in:
Eric Paris 2011-12-01 15:50:55 -05:00
parent 7dd4e1eee1
commit 79bcfa7286
1 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
policycoreutils/semanage/seobject.py
View file

@ -1598,11 +1598,20 @@ class fcontextRecords(semanageRecords):
return con
def check_equiv(self, target, fdict):
for i in fdict:
if target.startswith(i+"/"):
t = re.sub(i, fdict[i], target)
raise ValueError(_("File spec %s conflicts with equivalency rule '%s %s'; Try adding '%s' instead") % (target, i, fdict[i], t))
def validate(self, target):
if target == "" or target.find("\n") >= 0:
raise ValueError(_("Invalid file specification"))
if target.find(" ") != -1:
raise ValueError(_("File specification can not include spaces"))
self.check_equiv(target, self.equiv)
self.check_equiv(target, self.equiv_dist)
def __add(self, target, type, ftype = "", serange = "", seuser = "system_u"):
self.validate(target)