Added new man page selinux_config(5) detailing the SELinux config file
format to new man/man5 directory plus Makefile.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
sestatus has been modified to present additional information: SELinux root
directory, MLS flag and the deny_unknow flag. The man page has been updated
to reflect these changes and an sestatus.conf(5) man page has also been added.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
For get_default_context_with_role(3) and get_default_context_with_rolelevel(3),
return errno = EINVAL if invalid role.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
get_default_type(3) now returns with errno set to EINVAL if the entry does not
exist.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
If selinux_set_mapping(3) is used to map classes, and an invalid class is used
to compute a decision (tclass = 0), the result did not obey the status of the
deny_unknown flag.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Remove assert in security_get_boolean_names(3) if the len invalid and stop seg
fault if names is null. Set EINVAL instead and return error.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
No real code change. Just to make it clear what a src and dst means.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Add a check to restorecon, to not change a context if the context on disk matches
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Check for conflict on equivalence when adding a file context.
If a user adds a file context that begins with an equivalence string, we
throw an exception.
/usr/sbin/semanage: File spec /usr/lib64/dan conflicts with equivalency rule '/usr/lib64 /usr/lib'; Try adding '/usr/lib/dan' instead
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Print out the list of local and distribution file context equivalencies
rather than just local rules.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
We already allow this in policy, so allow it in sepolgen as well.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
If sandbox init script is run multiple times to start it should still
return 0 rather than an error. Things should still be set up.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Instead of force an arbitrary 100 category requirement, only bomb if
there is a problem. Error out if there are 0 categories or if we cannot
find a free category in a reasonable number of attempts.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
We calculate the number of available legit category sets for a given
user and then try to find one that many times. If we don't find one,
bail out.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
100 is very high, but at least we know the chances of finding a valid
combination is high.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Since this file lives in /etc/sysconfig/ it does not include a .conf
extention. Thus the man page should not include a .conf in the
filename.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
We found that we wanted a filename transition rule for ld.so.cache~
however ~ was not a valid character in a filename.
Fix-from: Miroslav Grepl <mgrepl@redhat.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Include the same error type options we build everything else with.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Either by dropping the parameter or marking it as unused depending on
what works. We can't redefine hashtab_map callbacks as they must take all
three options, so just mark those unused.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
A number of places we used unsigned variables and compared them against
signed variables. This patch makes everything unsigned.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
During Rawhide releases we change all "unconfined_domains" to
permissive domains in order to find new AVC messages without breaking
rawhide boxes. The way we do this is changing the unconfined_domain
interface and putting permissive $1; in it. sepolgen does not like
this and blows up the build. This patch tells sepolgen to ignore the
permissive in an interface.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
There are code paths where ret can be returned without being initialized
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Sometimes sticking to 80 characters sucks a lot. I don't care. Buy a
wider monitor so I can read the code.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
When testing for mount points to exclude we read /proc/mounts. Close
this file when we are finished reading it.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Instead of coding the exact same thing and calling it symlink_realpath
use the function exported by libselinux.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Fix sandbox Makefile so that make DESTDIR=~/out install works again.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
semodule_unpackage was not being removed on clean. Simple Makefile fix.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Make restorecond -u watch the terminal io channel for and exit indicator
and then exit itself if it is not being run from dbus. If being run
from dbus, dbus takes care of the session cleanup.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Do not assume it is always a success and error gracefully when it isn't.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Basically this patch makes restorecond a dbus session service that can
be run in the users session to watch the creation of files in the
homedir. Most of the changes are just to get it to run as a dbus
session and then to allow it to read its own config.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
I think I was trying to allow an admin to set a bunch of booleans
from a file, but I later added -i and -o options, which would seem to
be a better way to handle many changes at once.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Basically we want to trigger a modify of booleans record if the user
specifies --on or --off on a boolean.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
If someone modifies the boolean settings using semanage, we would
expect them to be reflected on the local system. This change would
change the active settings IFF you are changing the currently running
system.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
This patch removes /root from the excluded dirs.
This also adds /var/lib/BackupPC to list of directories to ignore
labeling. Mainly because this directory tends to be Huge and causes a
huge spike in the amount of time it takes to relabel. Especially if
there is a relabel caused by a policy update.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
When running an app within a sandbox, the application currently
switches to no LANG. This patch will cause the sandboxed app to use
the users LANG.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Checkpolicy was using the static link to libsepol, but also defining a
dynamic link (that wasn't needed). This confuses gdb. Drop the dynamic
link request.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
The filename_trans code had a bug where duplicate detection was being
done between the unmapped type value of a new rule and the type value of
rules already in policy. This meant that duplicates were not being
silently dropped and were instead outputting a message that there was a
problem. It made things hard because the message WAS using the mapped
type to convert to the string representation, so it didn't look like a
dup!
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
This patches moves some ebitmap functions (and, xor, not, etc.) from
mcstrans into libsepol, where they really belong and could be used by
other applications (e.g. CIL)
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>