label_file.c: In function ‘load_mmap’:
label_file.c:238:81: error: declaration of ‘stat’ shadows a global declaration [-Werror=shadow]
cc1: all warnings being treated as errors
Signed-off-by: Joe MacDonald <joe@deserted.net>
Versions of PCRE prior to 8.20 did not have pcre_free_study(). In its
absence, use pcre_free() instead.
Signed-off-by: Joe MacDonald <joe@deserted.net>
If the RANLIB variable is defined by the user, use that value instead of
the /usr/bin/ranlib binary.
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
If /sys is not present, the attempt to mount selinuxfs will of course
fail. So we try to mount /sys first (and only if that fails fall back to
the /selinux mount point) and then try to mount selinuxfs.
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
We open the file which is to be used to write the binary format of file
contexts. If we hit an error actually writing things out, we return,
but never close the fd. Do not leak.
Signed-off-by: Eric Paris <eparis@redhat.com>
Every time matchmediacon is called we open the
selinux_media_context_path(). But we never close the file. Close the
file when we are finished with it.
Signed-off-by: Eric Paris <eparis@redhat.com>
We were opening the path, but if the fstat failed or it was not a
regular file we would return without closing the fd. Fix my using the
common error exit path rather than just returning.
Signed-off-by: Eric Paris <eparis@redhat.com>
We use strdup to store the intended context when we have an mmap'd
file backend. We, however, skipped freeing those contexts.
Signed-off-by: Eric Paris <eparis@redhat.com>
Set*con now caches the security context and only re-sets it if it changes.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Currently we ship other subs files with the _dist to indicate they come with
the distribution as opposed to being modified by the user.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
We didn't handle sysconf(_SC_PAGESIZE) returning an error. It should be
very rare, obviously, be we should handle it.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
EOPNOTSUPP means "operation not supoorted on socket", and ENOTSUP means
"not supported", although per POSIX they can be alised to the same
value and on Linux they do, ENOTSUP seems the more correct error code.
In addition these function are documented as returning ENOTSUP, and
given that they are implemented in means of getxattr(2) which does
return ENOTSUP too, this just consolidates their behaviour.
Signed-off-by: Guillem Jover <guillem@debian.org>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
- Add man page sections '(N)' to external references, and '()' on
functions described in the same man page.
- Escape minus signs when those are expected to be used on the command
line or files.
- Mark files and variables in italic; Note headings, function names,
constants, program options and man page references in bold.
- Do not justify and hyphenate SEE ALSO section, and avoid hyphenation
on symbol names by prepending them with \%.
- Remove trailing dot from NAME section description.
- Split sections with a no-op command '.', to visually distinguish them
but to avoid introducing spurious vertical space in the formatted
output.
- Add explicit .sp commands in the SYNOPSIS section between function
prototypes, and fix space placement in function protoypes.
- Split header includes with .br (instead of the explicit or implicit
.sp) so that they are vertically contiguous.
- Add missing {} around SELINUXTYPE and POLICYTYPE variable text in
paths.
- Remove unneeded formatting commands.
- Remove spurious blank lines.
Signed-off-by: Guillem Jover <guillem@debian.org>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Fix typos, or wrong function prototypes.
Signed-off-by: Guillem Jover <guillem@debian.org>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
coreutils needs to be able to take a statbuf and ask permissions
questions. This gives us the interface to translate that statbuf mode_t
into a security class which can be used.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
If init() was already called then avc will be set. If avc is set just
return.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
If audit2why.finish is called more than once the global avc variable
will be NULL, and thus dereferencing it will obviously cause problems.
Thus just bail if avc is NULL and we know cleanup is done.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
We were listing a number of service man pages (like httpd_selinux) in
the see also section of selinux.8. As that number of pages explodes it
does not make sense to try to list them all. Instead tell people to use
man -k selinux to find them.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
On failure, common if .bin is older than the text version, we will leak
the mmapfd. Don't do that.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
When loading the filecontext database, check to see if there is a newer
binary version. If so, mmap that file, is used to populate the regex db
instead of reading from the text representation and compiling regex's as
needed. If the text file is newer it will use the text version and
ignore the binary version.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
This is a new 'compiler' which tranforms the file context database into
a binary format. This binary format may be mmap'd in later removing the
need to compile the regular expression at run time.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
We use strncpy which could leave a non-nul terminated string if the
source is longer than PATH_MAX. Add that nul.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Manual page improvements for the file_contexts and related policy
configuration files (section 5):
- create links to selabel_file.5 not only for file_contexts.5 but
also for the other optional policy configuration files (including
the so-called file contexts "substitution" files);
- clarify the above mentioned manual page(s), in particular relatively
to the action performed by the so-called file contexts "substitution"
policy configuration files (aliasing/equivalence versus substitution);
- improve the explanation of the form that the "substitution" files
shall have.
Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Instead of running the array two times, sorting the 'hasMeta' the first
time and the !hasMeta the second, run the array once putting hasMeta in
the front and !hasMeta in the back. Then ONLY run the !hasMeta section
a second time reversing its order so its sorted as it should be.
Signed-off-by: Eric Paris <eparis@redhat.com>
Right now find_stem_from_spec does a number of things:
- calculate the length of th stem
- look for that stem
- duplicate the stem
- add the stem to the array
break those things up a bit because the mmap version isn't going to need
to do some of those things.
Signed-off-by: Eric Paris <eparis@redhat.com>
We currently duplicate code 3 times for the main file, the homedirs, and
the local file. Just put that stuff in its own function so we don't
have to deal with it multiple times.
Signed-off-by: Eric Paris <eparis@redhat.com>
We currectly run all of the regex files 2 times. The first time counts
the lines and does the simple validatation. We then allocate an array
of exactly the right size to hold the entries and run them a second time
doing stronger validation, regex compile, etc.
This is dumb. Just run them one time and use realloc to grow the size
of the array as needed. At the end the array will get sized perfectly
to fit by the sorting function, so even if we accidentally allocated
entra memory we'll get it back.
Signed-off-by: Eric Paris <eparis@redhat.com>
When we use an mmap backed version of data we need to declare the pcre
extra data since we are only given a point to the data->buffer. Since
sometimes the spec will hold a pointer to the extra data and sometimes
we want to declare it on the stack I introduce and use an accessor for
the extra data instead of using it directly.
Signed-off-by: Eric Paris <eparis@redhat.com>
We want to do the same thing in the compiler and as we do in in the code
which reads regexes in from the text file. Move that sorting into the header.
Signed-off-by: Eric Paris <eparis@redhat.com>
An illegal regex may end with a single \ followed by nul. This could
cause us to search past the end of the character array. The loop
formation looks like so:
c = regex_str;
len = strlen(c);
end = c + len;
while (c != end) {
switch (*c) {
...
case '\\': /* skip the next character */
c++;
break;
...
}
c++;
}
If the \ is the last character then we will increment c and break from
the switch. The while loop will then increment c. So now c == end+1.
This means we will keep running into infinity and beyond! Easy fix.
Make the loop check (c < end). Thus even if we jump past end, we still
exit the loop.
Signed-off-by: Eric Paris <eparis@redhat.com>
