Commit graph

583 commits

Author SHA1 Message Date
Richard Haines
6aec573f80 policycoreutils: Added SELinux config file man page.
Added new man page selinux_config(5) detailing the SELinux config file
format to new man/man5 directory plus Makefile.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-05 16:11:20 -05:00
Richard Haines
3e870d7c9b policycoreutils: sestatus: Updated sestatus and man pages.
sestatus has been modified to present additional information: SELinux root
directory, MLS flag and the deny_unknow flag. The man page has been updated
to reflect these changes and an sestatus.conf(5) man page has also been added.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-05 16:10:38 -05:00
Richard Haines
aed37210a3 libselinux: return EINVAL if invalid role selected
For get_default_context_with_role(3) and get_default_context_with_rolelevel(3),
return errno = EINVAL if invalid role.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-05 16:10:38 -05:00
Richard Haines
83161f73ea libselinux: get_default_type now sets EINVAL if no entry.
get_default_type(3) now returns with errno set to EINVAL if the entry does not
exist.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-05 16:10:38 -05:00
Richard Haines
d0a8d81882 libselinux: Mapped compute functions now obey deny_unknown flag
If selinux_set_mapping(3) is used to map classes, and an invalid class is used
to compute a decision (tclass = 0), the result did not obey the status of the
deny_unknown flag.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-05 16:10:38 -05:00
Richard Haines
98234cf543 libselinux: Remove assert in security_get_boolean_names(3)
Remove assert in security_get_boolean_names(3) if the len invalid and stop seg
fault if names is null. Set EINVAL instead and return error.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-05 16:10:38 -05:00
Dan Walsh
c705f0f4d8 policycoreutils: semanage: change src,dst to target,substitute for equivalency
No real code change.  Just to make it clear what a src and dst means.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-05 16:10:38 -05:00
Dan Walsh
b96d0fac86 policycoreutils: semanage: Make sure semanage fcontext -l -C prints even if local keys are not defined
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-05 16:10:38 -05:00
Dan Walsh
7e81db0eb8 libselinux: selinuxswig_python.i: don't make syscall if it won't change anything
Add a check to restorecon, to not change a context if the context on disk matches

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-05 16:10:38 -05:00
Eric Paris
79bcfa7286 policycoreutils: semanage: check file equivalence rules for conflict
Check for conflict on equivalence when adding a file context.
If a user adds a file context that begins with an equivalence string, we
throw an exception.

/usr/sbin/semanage: File spec /usr/lib64/dan conflicts with equivalency rule '/usr/lib64 /usr/lib'; Try adding '/usr/lib/dan' instead

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-05 16:10:37 -05:00
Dan Walsh
7dd4e1eee1 policycoreutils: semanage: print local and dristo equiv rules
Print out the list of local and distribution file context equivalencies
rather than just local rules.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-05 16:10:37 -05:00
Dan Walsh
a0af38a531 sepolgen: Allow ~ as a file identifier
We already allow this in policy, so allow it in sepolgen as well.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-05 16:10:37 -05:00
Dan Walsh
c00affcc3e policycoreutils: sandbox: init script run twice is still successful
If sandbox init script is run multiple times to start it should still
return 0 rather than an error.  Things should still be set up.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-05 16:10:37 -05:00
Eric Paris
6c2ad1ce52 policycoreutils: sandbox: only complain if sandbox unable to launch
Instead of force an arbitrary 100 category requirement, only bomb if
there is a problem.  Error out if there are 0 categories or if we cannot
find a free category in a reasonable number of attempts.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-05 16:10:37 -05:00
Dan Walsh
d9376680bd policycoreutils: sandbox: do not try forever to find available category set
We calculate the number of available legit category sets for a given
user and then try to find one that many times.  If we don't find one,
bail out.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-05 16:10:37 -05:00
Dan Walsh
78b077cd09 policycoreutils: sandbox: make sure the domain launching sandbox has at least 100 categories
100 is very high, but at least we know the chances of finding a valid
combination is high.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-05 16:10:37 -05:00
Dan Walsh
7ece124c51 policycoreutils: sandbox: Allow user to specify the DPI value for X in a sandbox
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-05 16:10:37 -05:00
Dan Walsh
a6065e5ab7 policycoreutils: po: Makefile use -p to preserve times to allow multilib simultatious installs of po files
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-05 16:10:37 -05:00
Eric Paris
cfb2a06e39 policycoreutils: sandbox: move sandbox.conf.5 to just sandbox.5
Since this file lives in /etc/sysconfig/ it does not include a .conf
extention.  Thus the man page should not include a .conf in the
filename.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-05 16:10:35 -05:00
Eric Paris
b6ccfd7c91 checkpolicy: allow ~ in filename transition rules
We found that we wanted a filename transition rule for ld.so.cache~
however ~ was not a valid character in a filename.

Fix-from: Miroslav Grepl <mgrepl@redhat.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-05 16:09:30 -05:00
Eric Paris
f00d415747 checkpolicy: test: Makefile: include -W and -Werror
Include the same error type options we build everything else with.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-05 16:09:30 -05:00
Eric Paris
58179a9988 checkpolicy: dismod: fix unused parameter errors
Either by dropping the parameter or marking it as unused depending on
what works.  We can't redefine hashtab_map callbacks as they must take all
three options, so just mark those unused.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-05 16:09:30 -05:00
Eric Paris
44d8a2fed9 checkpolicy: dis* fixed signed vs unsigned errors
A number of places we used unsigned variables and compared them against
signed variables.  This patch makes everything unsigned.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-05 16:09:30 -05:00
Eric Paris
14e4b70b93 Bump Version and Changelog for commit 2011-11-03 15:26:36 -04:00
Dan Walsh
077e863517 sepolgen: Return name field in avc data
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-11-02 16:22:06 -04:00
Dan Walsh
9cbd404ceb sepolgen: Ignore permissive qualifier if found in an interface
During Rawhide releases we change all "unconfined_domains" to
permissive domains in order to find new AVC messages without breaking
rawhide boxes.  The way we do this is changing the unconfined_domain
interface and putting permissive $1; in it.  sepolgen does not like
this and blows up the build.  This patch tells sepolgen to ignore the
permissive in an interface.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-11-02 16:22:06 -04:00
Dan Walsh
10fb8fdbb1 policycoreutils: restorecond: Add .local/share as a directory to watch
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-11-02 16:22:06 -04:00
Dan Walsh
b9b7bddb28 policycoreutils: setfiles: fix use before initialized
There are code paths where ret can be returned without being initialized

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-11-02 16:22:06 -04:00
Eric Paris
d4a39ca15b policycoreutils: label_file: style changes to make Eric happy.
Sometimes sticking to 80 characters sucks a lot.  I don't care.  Buy a
wider monitor so I can read the code.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-11-02 16:22:06 -04:00
Dan Walsh
24b31a9da5 policycoreutils: semodule: Document semodule -p in man page
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-11-02 16:22:06 -04:00
Eric Paris
e018eec325 policycoreutils: setfiles: close /proc/mounts file when finished
When testing for mount points to exclude we read /proc/mounts.  Close
this file when we are finished reading it.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-11-02 16:22:06 -04:00
Eric Paris
d5475a909a policycoreutils: make use of the new realpath_not_final function
Instead of coding the exact same thing and calling it symlink_realpath
use the function exported by libselinux.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-11-02 16:22:06 -04:00
Dan Walsh
1486820665 policycoreutils: semanage: Add -o description to the semanage man page
Just a bit of documentation.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-11-02 16:22:06 -04:00
Stephen Smalley
5e50b01fa4 policycoreutils: fix sandbox Makefile to support DESTDIR
Fix sandbox Makefile so that make DESTDIR=~/out install works again.

Signed-off-by:  Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-11-02 16:22:06 -04:00
Guido Trentalancia
88234671ed policycoreutils: semodule_package: remove semodule_unpackage on clean
semodule_unpackage was not being removed on clean.  Simple Makefile fix.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-11-02 16:22:05 -04:00
Eric Paris
e134013ab7 policycoreutils: sandbox: introduce package name and language stuff
Add support for translations to the sandbox utility.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-11-02 16:22:05 -04:00
Dan Walsh
4a145b76d0 policycoreutils: restorecond: make restorecond -u exit when terminal closes
Make restorecond -u watch the terminal io channel for and exit indicator
and then exit itself if it is not being run from dbus.  If being run
from dbus, dbus takes care of the session cleanup.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-11-02 16:22:05 -04:00
Dan Walsh
9961ca6499 policycoreutils: restorecon: Always check return code on asprintf
Do not assume it is always a success and error gracefully when it isn't.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-11-02 16:22:05 -04:00
Eric Paris
48681bb49c policycoreutils: restorecond: make restorecond dbuss-able
Basically this patch makes restorecond a dbus session service that can
be run in the users session to watch the creation of files in the
homedir.  Most of the changes are just to get it to run as a dbus
session and then to allow it to read its own config.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-11-02 16:22:05 -04:00
Eric Paris
672eb80648 policycoreutils: semanage: set modified correctly
I think I was trying to allow an admin to set a bunch of booleans
from a file, but I later added -i and -o options, which would seem to
be a better way to handle many changes at once.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-11-02 16:22:05 -04:00
Eric Paris
a67cd948c4 policycoreutils: semanage: missing modify=True
Basically we want to trigger a modify of booleans record if the user
specifies --on or --off on a boolean.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-11-02 16:22:05 -04:00
Eric Paris
9ef48acb37 policycoreutils: semanage: update local boolean settings is dealing with localstore
If someone modifies the boolean settings using semanage, we would
expect them to be reflected on the local system.  This change would
change the active settings IFF you are changing the currently running
system.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-11-02 16:22:05 -04:00
Eric Paris
1c15c8b537 policycoreutils: fixfiles: label /root but not /var/lib/BackupPC
This patch removes /root from the excluded dirs.

This also adds /var/lib/BackupPC to list of directories to ignore
labeling.  Mainly because this directory tends to be Huge and causes a
huge spike in the amount of time it takes to relabel.  Especially if
there is a relabel caused by a policy update.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-11-02 16:22:05 -04:00
Eric Paris
9cc0749a73 policycoreutils: audit2allow: use audit2why internally
Rather than do things ourselves, use audit2why.

Signed-off-by: Eric Paris <eparis@redhat.com>
2011-11-02 16:22:05 -04:00
Dan Walsh
5c2a0d143d policycoreutils: sandbox: Maintain the LANG environment into the sandbox
When running an app within a sandbox, the application currently
switches to no LANG.  This patch will cause the sandboxed app to use
the users LANG.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-11-02 16:22:05 -04:00
Eric Paris
1d274aca2d checkpolicy: drop libsepol dynamic link in checkpolicy
Checkpolicy was using the static link to libsepol, but also defining a
dynamic link (that wasn't needed).  This confuses gdb.  Drop the dynamic
link request.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-11-02 16:22:01 -04:00
Dan Walsh
2c4eca16dd libsemanage: create man5dir if not exist
Make new man page directory if it doesn't exist.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-11-02 15:37:11 -04:00
Guido Trentalancia
06f53004d9 libsemanage: semanage.conf man page
Add a new semanage.conf man page.

Signed-off-by: Eric Paris <eparis@redhat.com>
2011-11-02 15:37:11 -04:00
Eric Paris
0a778ba601 libsepol: expand: do filename_trans type comparison on mapped representation
The filename_trans code had a bug where duplicate detection was being
done between the unmapped type value of a new rule and the type value of
rules already in policy.  This meant that duplicates were not being
silently dropped and were instead outputting a message that there was a
problem.  It made things hard because the message WAS using the mapped
type to convert to the string representation, so it didn't look like a
dup!

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-11-02 15:37:11 -04:00
Steve Lawrence
2f68def633 libsepol: Move ebitmap_* functions from mcstrans to libsepol
This patches moves some ebitmap functions (and, xor, not, etc.) from
mcstrans into libsepol, where they really belong and could be used by
other applications (e.g. CIL)

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-11-02 15:37:11 -04:00