When launching a sandbox x environment we should check up front to make
sure that the seunshare and sandboxsh files exist and bail politely if
they do not exist.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Rather than putting pathnames all throughout the file define them as
variables and reuse these variables where needed.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Just coding style, globals go at the top of .c files, not randomly
throughout.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
We have some useless globals in setfiles that don't need to be. Stop
it.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
move exclude_non_seclabel_mounts from setfiles.c to restore.c so it can
be used by other functions later.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
It's a very minor thing really, but I believe (on the basis of an
off-list question) that the manual page for policycoreutils/run_init can
be improved by the following short patch which aims to further clarify
the intended usage of such tool and mention that it caters for one
(somewhat hidden) compile-time option.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Fix header to not display all of the options and fix Booleans to only list
supported options
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
This patch just removes some blank lines that we don't need. Makes it
all purdy.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
This adds a new -e options to semanage fcontext which allows one to
specify filesystem equivalancies. An example would be if an admin were
to run out of space and to start putting home directories in /home1.
They can use the equivalencies to specify that /home1 is labeled exactly
like /home.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Add tools to store the state of modules and to enable and disable those
modules.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Introduce a new -o option which will output all local modifications in a
method which can be 're-inputted' on another host.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Add a new option -E which will extract the local configuration changes
made for the given record type. This will be used by a further output
option to be able to dump local configuration in a form which can be
imported later.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Before you would get:
$ semanage fcontext toys
/usr/sbin/semanage Invalid command fcontext toys
Now you get:
$ semanage fcontext toys
/usr/sbin/semanage: Invalid command: semanage fcontext toys
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Return quickly instead of tring to parse arguments if there are
no arguments.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Right now we do lots of needless string comparisons even though we know
we are finished doing work immediately after an operation. So return
sooner.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
One of the getopt parsers didn't have a try/except pair to show usage
when a user did it wrong. Fix that.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Right now the validation code has lots of conditionals which check if we
are trying to add and delete or add and modify or something like that.
Instead make a single function which just sets if this operation is
trying to do an action and if it gets called twice will realize this is
invalid and will raise and exception.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Some options like --locallist and --deleteall only effect local changes
not global things. Split these validation options into their own bit of
code.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
The help text, man pages, and stuff didn't include everything about
deleteall rules. Try to update them.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
The entire tool chain does not support file context with a space in the
regex. If one of these gets into the file_context files, all sorts of stuff
goes nuts.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
This just distinguishes between permissive types that were definied in
policy and those that were set by the user using semanage.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Right now we have very little in the way of IP address validation. We
also do not properly support IPv6 netmasks. This patch centralizes IP
address validation and fixes the netmask support.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Use the glob library to handle ~ and . in filenames passed from the
command line.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
We had a number of places where fixfiles would search for or set hard
coded types. If policy used something other than tmp_t var_t file_t or
unlabeled_t we would go wrong. This patch does 2 things. It uses the
kernel provided selinuxfs interfaces to determine the label on unlabeled
and unknown files and it uses the --reference option with chcon to set
new labels.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
The type of a filesystem (ext*, btrfs, etc) really doesn't matter when
it comes to the ability to set labels. Stop trying to be smart and just
call restorecon. It will either work or it won't and out heuristic
isn't helping.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
The kernel now outputs a mount option called 'seclabel' which indicates
if the filesystem supposed security labeling. Use that instead of
having to update some hard coded list of acceptable filesystems (that
may or may not be acceptable depending on if they were compiled with
security xattrs)
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
We do this so we can eliminate foolish avcs about restorecon trying to
write to a random directory. We allow apps to communicate with fds
globably. So this allows the access no AVC's I am happy
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Introduce a new file /etc/selinux/fixfiles_exclude_dirs which contains a
list of directories which should not be relabeled.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Add a -p option to semodule which will allow it to operate on the
specified semanaged root instead of the default.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Update the man page to include -a. Passing -a causes semodule_expand to
not check assertions. Include this in the man info.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
$ semanage fcontext add delete
Traceback (most recent call last):
File "/usr/sbin/semanage", line 565, in <module>
process_args(sys.argv[1:])
File "/usr/sbin/semanage", line 396, in process_args
raise ValueError(_("%s bad option") % o)
UnboundLocalError: local variable 'o' referenced before assignment
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Raise a more sensicle useage rather than value error on help request
from user.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Some semanage objects have a deleteall function, some don't. This adds
them to login seluser node and interface.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
We could currently create a rule with a port number of one million.
This doesn't make sense. Bounds test it.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
In order to allow semanage to perform a transaction on several seobjects
at the same time, the transaction lock has to be at the class level
versus being in each object.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Right now it is needlessly global. Make it a method of semanageRecords.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Rather than blow up in horible ways, error out if we detect
initialization wasn't done properly.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
The error usable displays r_opts.rootpath, but r_opts is supposed to be
an internal code thing, not something users care about. When printing
the error message just call it 'rootpath'
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
restorecon and fixfiles both have the -p option to display a * every
10000 files. Put it in the usage and man pages.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
