Commit graph

28 commits

Author SHA1 Message Date
Christian Göttsche
081ac391ad policycoreutils: mark local functions static
setfiles.c:50:6: warning: no previous prototype for ‘set_rootpath’ [-Wmissing-prototypes]
       50 | void set_rootpath(const char *arg)
          |      ^~~~~~~~~~~~
    setfiles.c:67:5: warning: no previous prototype for ‘canoncon’ [-Wmissing-prototypes]
       67 | int canoncon(char **contextp)
          |     ^~~~~~~~

    newrole.c:185:5: warning: no previous prototype for ‘authenticate_via_pam’ [-Wmissing-prototypes]
      185 | int authenticate_via_pam(const char *ttyn, pam_handle_t * pam_handle)
          |     ^~~~~~~~~~~~~~~~~~~~

    run_init.c:241:5: warning: no previous prototype for ‘authenticate_user’ [-Wmissing-prototypes]
      241 | int authenticate_user(void)
          |     ^~~~~~~~~~~~~~~~~
    run_init.c:306:5: warning: no previous prototype for ‘get_init_context’ [-Wmissing-prototypes]
      306 | int get_init_context(char **context)
          |     ^~~~~~~~~~~~~~~~

    sestatus.c:38:5: warning: no previous prototype for ‘cmp_cmdline’ [-Wmissing-prototypes]
       38 | int cmp_cmdline(const char *command, int pid)
          |     ^~~~~~~~~~~
    sestatus.c:62:5: warning: no previous prototype for ‘pidof’ [-Wmissing-prototypes]
       62 | int pidof(const char *command)
          |     ^~~~~
    sestatus.c:95:6: warning: no previous prototype for ‘load_checks’ [-Wmissing-prototypes]
       95 | void load_checks(char *pc[], int *npc, char *fc[], int *nfc)
          |      ^~~~~~~~~~~
    sestatus.c:171:6: warning: no previous prototype for ‘printf_tab’ [-Wmissing-prototypes]
      171 | void printf_tab(const char *outp)
          |      ^~~~~~~~~~

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
2021-11-15 16:00:54 -05:00
Christian Göttsche
f0c354afc0 policycoreutils: free memory of allocated context in run_init
Found by scan-build.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
2021-07-19 10:42:45 -04:00
Christian Göttsche
92e7494f42 tree-wide: replace last occurrences of security_context_t
Follow-up of: 9eb9c93275 ("Get rid of security_context_t and fix const declarations.")

Acked-by: William Roberts <william.c.roberts@intel.com>
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
2020-03-25 09:54:21 -05:00
Ondrej Mosnacek
9adafb6d51 run_init: fix build when crypt() is not in unistd.h
According to [1], crypt() support in POSIX is optional, so include
also <crypt.h> when _XOPEN_CRYPT is not defined or is defined to -1.
Without this I can't build run_init from source out-of-the-box on
Fedora 29.

[1] http://man7.org/linux/man-pages/man3/crypt.3.html#NOTES

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
2019-05-24 12:41:49 -04:00
Aleksei Nikiforov
0445e65d83 Allow installing translated man pages
Signed-off-by: Aleksei Nikiforov <darktemplar@basealt.ru>
2019-01-28 12:03:57 +01:00
Aleksei Nikiforov
e3e3873de7 Add man pages translation by Olesya Gerasimenko
Signed-off-by: Olesya Gerasimenko <gammaray@basealt.ru>
Signed-off-by: Aleksei Nikiforov <darktemplar@basealt.ru>
2019-01-28 12:03:57 +01:00
Marcus Folkesson
6b901a4fb8 policycoreutils: build: follow standard semantics for DESTDIR and PREFIX
Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
2018-02-14 20:02:01 +01:00
Stephen Smalley
ebd695d5f0 open_init_pty: restore stdin/stdout to blocking upon exit
At exit, restore stdin and stdout to blocking.

Test: run_init id && run_init id
Test: open_init_pty bash -c 'echo hello; exec >&- 2>&- <&-; sleep 1;'

Fixes: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863187
Fixes: https://bugs.gentoo.org/show_bug.cgi?id=621062
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2017-07-18 08:59:50 -04:00
Stephen Smalley
bea2c19dd2 Revert "open_init_pty: Do not make stdin and stdout non-blocking"
Making stdin/stdout non-blocking causes open_init_pty to hang if
they are closed, ala
./open_init_pty bash -c 'echo hello; exec >&- 2>&- <&-; sleep 1; '
and per
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=474956#10

This reverts commit fb081eb64b.

Reported-by: Laurent Bigonville <bigon@debian.org>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2017-07-18 08:51:49 -04:00
Stephen Smalley
fb081eb64b open_init_pty: Do not make stdin and stdout non-blocking
It is unclear why this was being done in the first place, and
it has caused multiple bugs with run_init/open_init_pty usage.

Fixes: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863187
Fixes: https://bugs.gentoo.org/show_bug.cgi?id=621062
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2017-07-10 13:03:01 -04:00
Jason Zaman
15f2740733 Makefiles: override *FLAGS and *LIBS
There were several places in the makefiles where LDLIBS or CFLAGS were
supposed to include options to build. They were missing the override
keyword so would be skipped if these vars were set on the make cmdline.
Add the override directive to fix this.

Signed-off-by: Jason Zaman <jason@perfinion.com>
2017-06-20 12:15:04 -04:00
Bernhard M. Wiedemann
c18ea1df62 sort input files
when building packages (e.g. for openSUSE Linux)
(random) filesystem order of input files
influences ordering of functions in the output,
thus without the patch, builds (in disposable VMs) would usually differ.

See https://reproducible-builds.org/ for why this matters.
2017-06-01 14:00:30 -04:00
Jason Zaman
89ce96cac6 policycoreutils: make audit and pam support configurable
Signed-off-by: Jason Zaman <jason@perfinion.com>
2017-04-25 08:32:11 -04:00
Jason Zaman
fcb5d5cc72 Makefiles: drop -L/-I to system paths
The toolchain automatically handles them and they break cross compiling.

LDFLAGS should also come before object files, some flags (eg,
-Wl,as-needed) can break things if they are in the wrong place)

Gentoo-Bug: https://bugs.gentoo.org/500674

Signed-off-by: Jason Zaman <jason@perfinion.com>
2017-04-25 08:27:05 -04:00
Alan Jenkins
62f058980e policycoreutils, python: Fix bad manpage formatting in "SEE ALSO"
Fix missing and surplus commas.  Fix the following formatting errors:

    .BR selinux(8)

renders the the "(8)" in bold as well as the "selinux".  This is wrong.

    .B selinux
    (8)

renders with a space between "selinux" and "(8)", this is wrong.

    .B selinux (8)

commits both of the above mistakes.

    .BR selinux (8), apparmor (8)

omits the space separating "selinux(8)," and "apparmor(8)", this is wrong.
Correct all the above using the following markup:

    .BR selinux (8),
    .BR apparmor (8)

Signed-off-by: Alan Jenkins <alan.christopher.jenkins@gmail.com>
2017-01-12 14:59:31 -05:00
Jason Zaman
0576ba5268 open_init_pty: Do not error on EINTR
There is a signal handler so that the select returns EINTR when the
child exits. EINTR is used to then clean up and flush the remaining
buffers. It should not error.

Signed-off-by: Jason Zaman <jason@perfinion.com>
2016-07-12 15:35:23 -04:00
Jason Zaman
055cc407fc run_init: Use a ring buffer in open_init_pty
open_init_pty uses select() to handle all the file descriptors. There is
a very high CPU usage due to select() always returning immediately with
the fd is available for write. This uses a ring buffer and only calls
select on the read/write fds that have data that needs to be
read/written which eliminates the high CPU usage.

This also correctly returns the exit code from the child process.

This was originally from debian where they have been carrying it as a
patch for a long time. Then we got a bug report in gentoo which this
also happens to fix. The original debian patch had the ring buffer
written in C++ so I modified the class into a struct and some static
methods so it is C-only at the request of Steve Lawrence.

Debian bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=474956
Gentoo bug: https://bugs.gentoo.org/show_bug.cgi?id=532616

Signed-off-by: Jason Zaman <jason@perfinion.com>
Tested-by: Laurent Bigonville <bigon@bigon.be>
2015-03-30 10:53:41 -04:00
Nicolas Iooss
4be2fd4576 run_init: fix open_init_pty avaibility check
If /usr/sbin/open_init_pty is not found or is not executable,
access("/usr/sbin/open_init_pty", X_OK) returns -1, not zero.

Use "!= 0" like in other places in SELinux userland libraries and tools.
2015-03-30 10:51:58 -04:00
Nicolas Iooss
c4a4a1a7ed Fix gcc -Wstrict-prototypes warnings
In C, defining a function with () means "any number of parameters", not
"no parameter".  Use (void) instead where applicable and add unused
parameters when needed.

Acked-by: Steve Lawrence <slawrence@tresys.com>
2014-10-02 09:56:38 -04:00
Stephen Smalley
f458b76076 Merge branch 'fedora' into master-merge
Conflicts:
	libselinux/src/Makefile
	libselinux/src/selinux_config.c
	policycoreutils/audit2allow/audit2allow.1
	policycoreutils/scripts/fixfiles.8
	policycoreutils/semanage/semanage.8
	policycoreutils/sepolicy/Makefile
	policycoreutils/sepolicy/sepolicy/transition.py
	policycoreutils/setsebool/setsebool.8
2013-10-24 15:24:17 -04:00
Dan Walsh
e63a8fa875 Give people who use run_init or newrole an indicator to make it not ask for passwords 2013-10-24 13:58:39 -04:00
Russell Coker
d1c47e7d5a policycoreutils: Create correct man directory for run_init manpages 2013-10-16 15:02:57 -04:00
Eric Paris
d46e88abb6 policycoreutils: run_init: If open_init_pty is not available then just use exec
Sometimes using open_init_pty isn't possible.  So just call exec() if
that is the case.  We no longer ship open_init_pty in Fedora or RHEL6
since it was causing more problems then it was worth.  This fix makes
it optional to use the open_init_pty.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-09-12 12:16:01 -04:00
Eric Paris
468bff0952 tree: Makefiles: syntax, convert all ${VAR} to $(VAR)
This is purely personal preference.  Most of the Makefiles use $() for
Makefile variables, but a couple of places use ${}.  Since this obscured
some later Makefile changes I figured I'd just make them all the same up
front.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-11-02 15:37:08 -04:00
Guido Trentalancia
3ed7221bf7 policycoreutils: run_init: clarification of the usage in the manual page
It's a very minor thing really, but I believe (on the basis of an
off-list question) that the manual page for policycoreutils/run_init can
be improved by the following short patch which aims to further clarify
the intended usage of such tool and mention that it caters for one
(somewhat hidden) compile-time option.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-08-15 11:25:24 -04:00
Eric Paris
10374e5e89 policycoreutils: open_init_tty man page typos
Apparently we can't spelll.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-08-03 18:02:36 -04:00
Manoj Srivastava
96f592422a Author: Manoj Srivastava
Email: srivasta@golden-gryphon.com
Subject: policycoreutils: The error message on forkpty() failure is not clear or useful.
Date: Sun, 23 Aug 2009 09:40:58 -0500

Hi,

        This has been reported against the Debian BTS.

        The current error message when forkpty() fails is not clear or
 useful. (Arguably, the erro message in the child branch cold also be
 improved)  The following patch makes indicate what went wrong.  Probably
 something better than this could be devised, but this is still a lot
 better than the current code.

Signed-off-by: Joshua Brindle <method@manicmethod.com>
2009-09-16 11:16:19 -04:00
Joshua Brindle
13cd4c8960 initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00