A number of packages have a systemd subpackage. Look for those when
doing the file list of a package to generate its policy.
Signed-off-by: Eric Paris <eparis@redhat.com>
These are the tools that the Fedora team uses to build new policy. sepolgen is a
console app that will take an executable and generate policy based on the RPM
specification and using nm -D to analyze the application.
We have found it very useful for generating quick policy to get the policy writer
working quickly.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
In order for lxc to look up its process and file labels we add new
libselinux support. This is what we do for everything else, like
libvirt, seposgresql, etc.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Stop printing stuff on stderr when building the po translations. (I'd
leave it alone if I knew how to put it on stdout)
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
The Fedora community has been working to translate a number of messages.
Commit those to the tree so all SELinux users can enjoy.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
.tx is the transifex configuration directory which is used to pull the
latest translations from the transifex web site.
Signed-off-by: Eric Paris <eparis@redhat.com>
Fix --enable and --disable for modules to only work under -m options.
Without this patch you couldn't do -m and --enable. We want that to
work.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
process_one_realpath returns 1 if it changed the context of the file but
process_glob treats all non-zero values as errors. This results in
setfiles exiting with non-zero status even though it was successful.
Fix process_glob to only treat negative return values of
process_one_realpath as errors.
cf. http://bugs.debian.org/662990
Signed-off-by: Martin Orr <martin@martinorr.name>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
restorecon should return 0 when a file has changed context with no
error. With the last version it's returning 1.
Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662990
Signed-off-by: Laurent Bigonville <bigon@debian.org>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
file_name trans should be good enough to handle this now, so why launch
it for every user?
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Basically this change stops sysloging if the change did not actually
happen.
By default we do not modify a label if the type of the SELinug context
was unchanged, but we were sending a syslog message as if something had
changed.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Fixfiles restore is called by auditrelabel, and was happening early in
the boot process, before the syslog system was up and running. A bug
in systemd was causing relabels to take forever, while it waited for
the syslog's to complete. This was fixed, but I still see no reason
to write thousands/millions of lines to syslog on a badly mislabled
machine and wanted this featured turned off.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
This patch allows us to use restorecon on MCS Separated File Systems or MLS
Environments, Basically allows a user to check his type enforcement.
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
If you run newrole as root and it drops capabilities, the next shell
script does not have any capabilities and can not function.
newrole -L TopSecret
Would end up with a root shell and no capabilities.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Sometimes using open_init_pty isn't possible. So just call exec() if
that is the case. We no longer ship open_init_pty in Fedora or RHEL6
since it was causing more problems then it was worth. This fix makes
it optional to use the open_init_pty.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Ole Kliemann reported that allow rules written using type attributes were
not being detected by neverallow assertions in the policy. I think that
this was broken in policy.24 and later due to changes in the type datum.
Fix the expand logic to correctly distinguish type attributes from types.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Eric Paris <eparis@redhat.com>
- improves the manual page for both setfiles and restorecon (formatting
including alphabetical re-ordering of options, undocumented options,
references and a few cosmetic changes);
- de-hardcodes a couple of constants in the source files and makes a
dynamic use of them to create the manual pages after the compilation
and prior to the installation: more specifically the constants are the
number of errors for the setfiles' validation process abort condition
and the sensitivity of the progress meter for both programs (uses
external programs grep and awk);
- improves the usage message for both programs and introduces a -h
(aliased with currently existing -?) option where not already
available;
- print out the usage message for restorecon when it is called without
arguments;
- white-space/tab conversion to get proper indentation towards the end
of the main source file.
[eparis add .gitignore]
Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
The following patch aims to improve the manual page (section 8) for the
"genhomedircon" script (policycoreutils).
- remove probably redundant GNU licence notice;
- try to further clarify the functionality made available by the
"genhomedircon" script as well as all the configurable options that
control its execution and affect its behavior;
- extend the references section (SEE ALSO).
Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Android/MacOS X build support for checkpolicy.
Create a Android.mk file for Android build integration.
Introduce DARWIN ifdefs for building on MacOS X.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Filenames can have a +, so we should be able to parse and handle those
files.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
We still want to be able to use sepolgen even if setools isn't
installed. Degrade functionality, but still work if it can't be found.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwlash@redhat.com>
The locallist option was specified as --locallist= but it does not take
an option. We also had --localist (notice the 'l' is missing) which
wasn't doing anything, so drop those.
Signed-off-by: Eric Paris <eparis@redhat.com>
The OBJECT was not being set early enough and thus would miss the checks
for things like deleteall and extract. Move the setting of OBJECT where
it happens for everything else.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
semanage fcontext -e man page update to make it easier to understand
what it does.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
The range and level user options default to s0. State that in the man
page.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Add an -f option to run mcstransd in the foreground. This will allow better
integration into systemd.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
We open and take a flock on the .restorecond file. But we could leak
this file across exec. Open O_CLOEXEC.
Signed-off-by: Eric Paris <eparis@redhat.com>
Instead of all calls to the usage output resulting in a 0 return code we
should show the usage menu when something is wrong but we should return
non-zero.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
In python 3.2 we hit a problem where the fconext was garbage. We didn't
see this in python 2.7. The reason is because python3.2 would free and
reuse the memory and python 2.7 just happened to leave it alone.
Instead of using memory that python might use for something else, use
strdup() to get a local copy which we can free when we are finished with
it.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
If the private semanage.conf file is unreadable for some reason (usually
ENOENT) fallback to the default file.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
We calculated a length, allocated a space for the string, then used
snprintf to fill the array giving it a different length. Rather than
doing all that math ourselves, just use asprintf and let libraries get
it right.
Signed-off-by: Eric Paris <eparis@redhat.com>
SELinux ruby bindings didn't build from the top level
the swig generated .c file wasn't gitignored
use pkg-config for ruby info like we do for python
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
This is already in the android repo. This is here to prevent potential
conflicts of the selabel indices, and possibly with an eye toward an eventual
reunification of the two libselinuxes down the road.
Reviewed-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
getseuser() would unconditionally check strlen on the service variable
even though it could be NULL. Whoops. If service is NULL we should
only match on *: entries.
Signed-off-by: Eric Paris <eparis@redhat.com>
The realpath_not_final() function did not properly handle symlinks in
the / directory. The reason is because when it determined the symlink
was in the root directory it would set the resolved portion of the path
to /, it would then add a / to the end of the resolved portion, and then
append the symlink name. The fix is to instead set the resolved portion
to "". Thus when the '/' at the end of the resolved portion is added it
will be correct.
While I am at it, strip extraneous leading / so that //tmp returns /tmp.
Signed-off-by: Eric Paris <eparis@redhat.com>
swig creates C files with warnings. Turn off the warnings so the build
is clean. We can't help the code it produces anyway...
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
The init functions are non-static but did not have a prototype
declaration. They are called magically from python, so just declare the
prototype to silence the warning.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
should continue to poll if it receinves an EINTR rather then exiting with an error.
This was a major bug within dbus that was causing dbus to crash it was
discussed at the time whether this is a dbus bug or an libselinux bug,
it was decided that we should fix it within libselinux.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Android/MacOS X build support for libsepol.
Create a Android.mk file for Android build integration.
Introduce DARWIN ifdefs for building on MacOS X.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Currently expand_filename_trans() function use much CPU time to find
end of the state->out->filename_trans list. This is not needed because
data can be prepended instead of appended to the list.
This ends with 10% speed-up of various se* commands (semodule, setsebool).
Signed-off-by: Adam Tkac <atkac@redhat.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
strict adherense to 80 characters means that we split stuff in stupid
places. Screw 80 characters. Buy a bigger monitor.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
