Do not override CFLAGS and LDFLAGS in libsemange Makefile under DEBUG=1,
to make it possible to build the whole tree using the root Makefile with
DEBUG=1.
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Generating selinuxswig_python_exception.i and
semanageswig_python_exception.i requires gcc, which appears to be
unavailable on some platform. Work around this issue by adding the
generated files to the git repository.
While at it, remove a stray space in the generated
selinuxswig_python_exception.i.
Original thread: https://lore.kernel.org/selinux/20191012172357.GB19655@imap.altlinux.org/T/#ma78bd7fe71fb5784387a8c0cebd867d6c02ee6e4
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Cc: Michael Shigorin <mike@altlinux.org>
selinuxswig_python_exception.i and semanageswig_python_exception.i need
to be regenerated when either an input header file changes or
exception.sh changes. Add the missing items to the respective Makefiles.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Files starting with "-" causes issues in commands such as "rm *.o". For
libselinux and libsemanage, when exception.sh fails to remove "-.o",
"make clean" fails with:
rm: invalid option -- '.'
Try 'rm ./-.o' to remove the file '-.o'.
Try 'rm --help' for more information.
Fix this by making exception.sh create "temp.o" instead of "-.o".
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Many functions are already marked "extern" in libsemanage's public
headers and this will help using the content of the headers in order to
automatically generate some glue code for Python bindings.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
This is necessary for "semanage port" to be able to handle DCCP and SCTP
protocols.
Fixes:
"port_parse" only handles TCP and UDP protocols
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
This silences many issues reported by Infer static analyzer about
possible NULL pointer dereferences.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
CU_FAIL() does not stop the execution flow.
This issue has been found using Infer static analyzer.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Several static analyzers (clang's one, Facebook Infer, etc.) warn about
NULL pointer dereferences after a call to CU_ASSERT_PTR_NOT_NULL_FATAL()
in the test code written using CUnit framework. This is because this
CUnit macro is too complex for them to understand that the pointer
cannot be NULL: it is translated to a call to CU_assertImplementation()
with an argument as TRUE in order to mean that the call is fatal if the
asserted condition failed (cf.
http://cunit.sourceforge.net/doxdocs/group__Framework.html).
A possible solution could consist in replacing the
CU_ASSERT_..._FATAL() calls by assert() ones, as most static analyzers
know about assert(). Nevertheless this seems to go against CUnit's API.
An alternative solution consists in overriding CU_ASSERT_..._FATAL()
macros in order to expand to assert() after a call to the matching
CU_ASSERT_...() non-fatal macro. This appears to work fine and to remove
many false-positive warnings from various static analyzers.
As this substitution should only occur when using static analyzer, put
it under #ifdef __CHECKER__, which is the macro used by sparse when
analyzing the Linux kernel.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Other python scripts already use python3 by default. Both files don't have exec
bits so they have to be run using python interpret on command line anyway:
$ python3 ./setup.py ...
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Use codespell (https://github.com/codespell-project/codespell) in order
to find many common misspellings that are present in English texts.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
When functions from libsemanage calls other functions that are exported,
these functions need to be "wrapped" using hidden_proto() macro. This is
done in headers such as "user_internal.h". Several functions in
genhomedircon.c are not doing this, which makes building with -flto
fail with errors such as:
/usr/bin/ld: /tmp/libsemanage.so.1.KebOLC.ltrans1.ltrans.o: in
function `user_sort_func':
/home/tkloczko/rpmbuild/BUILD/libsemanage-2.9-rc1/src/genhomedircon.c:758:
undefined reference to `semanage_user_get_name'
/usr/bin/ld:
/home/tkloczko/rpmbuild/BUILD/libsemanage-2.9-rc1/src/genhomedircon.c:758:
undefined reference to `semanage_user_get_name'
/usr/bin/ld: /tmp/libsemanage.so.1.KebOLC.ltrans1.ltrans.o: in
function `fcontext_matches':
/home/tkloczko/rpmbuild/BUILD/libsemanage-2.9-rc1/src/genhomedircon.c:240:
undefined reference to `semanage_fcontext_get_expr'
/usr/bin/ld:
/home/tkloczko/rpmbuild/BUILD/libsemanage-2.9-rc1/src/genhomedircon.c:248:
undefined reference to `semanage_fcontext_get_type'
/usr/bin/ld: /tmp/libsemanage.so.1.KebOLC.ltrans1.ltrans.o: in
function `add_user.isra.0':
/home/tkloczko/rpmbuild/BUILD/libsemanage-2.9-rc1/src/genhomedircon.c:992:
undefined reference to `semanage_user_get_mlslevel'
/usr/bin/ld: /tmp/libsemanage.so.1.KebOLC.ltrans1.ltrans.o: in
function `write_context_file':
/home/tkloczko/rpmbuild/BUILD/libsemanage-2.9-rc1/src/genhomedircon.c:892:
undefined reference to `semanage_user_key_create'
/usr/bin/ld:
/home/tkloczko/rpmbuild/BUILD/libsemanage-2.9-rc1/src/genhomedircon.c:764:
undefined reference to `semanage_user_get_name'
/usr/bin/ld:
/home/tkloczko/rpmbuild/BUILD/libsemanage-2.9-rc1/src/genhomedircon.c:897:
undefined reference to `semanage_user_query'
/usr/bin/ld:
/home/tkloczko/rpmbuild/BUILD/libsemanage-2.9-rc1/src/genhomedircon.c:905:
undefined reference to `semanage_user_get_mlslevel'
Include the missing headers.
Fixes: https://github.com/SELinuxProject/selinux/issues/169
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
When building binary policy, optionally run it through
sepol_policydb_optimize() just before writing it out.
Add an optimize-policy variable to semanage.conf(5) that controls
whether optimization will be applied during libsemanage operations.
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Add new test suite for semanage_user_* functions. The test suite aims for line
coverage and covers expected usage of functions. The test suite uses custom
semanage store and policy written in CIL, it does not require running on SELinux
enabled system.
Signed-off-by: Jan Zarsky <jzarsky@redhat.com>
Add new test suite for semanage_port_* functions. The test suite aims for line
coverage and covers expected usage of functions. The test suite uses custom
semanage store and policy written in CIL, it does not require running on SELinux
enabled system.
Signed-off-by: Jan Zarsky <jzarsky@redhat.com>
Add new test suite for semanage_node_* functions. The test suite aims for line
coverage and covers expected usage of functions. The test suite uses custom
semanage store and policy written in CIL, it does not require running on SELinux
enabled system.
Signed-off-by: Jan Zarsky <jzarsky@redhat.com>
Add new test suite for semanage_ibendport_* functions. The test suite aims for
line coverage and covers expected usage of functions. The test suite uses custom
semanage store and policy written in CIL, it does not require running on SELinux
enabled system.
Signed-off-by: Jan Zarsky <jzarsky@redhat.com>
Add new test suite for semanage_iface_* functions. The test suite aims for line
coverage and covers expected usage of functions. The test suite uses custom
semanage store and policy written in CIL, it does not require running on SELinux
enabled system.
Signed-off-by: Jan Zarsky <jzarsky@redhat.com>
Add new test suite for semanage_fcontext_* functions. The test suite aims for
line coverage and covers expected usage of functions. The test suite uses custom
semanage store and policy written in CIL, it does not require running on SELinux
enabled system.
Signed-off-by: Jan Zarsky <jzarsky@redhat.com>
Add new test suite for semanage_bool_* functions. The test suite aims for line
coverage and covers expected usage of functions. The test suite uses custom
semanage store and policy written in CIL, it does not require running on SELinux
enabled system.
Signed-off-by: Jan Zarsky <jzarsky@redhat.com>
Add new test suite for semanage_handle_* functions. The test suite aims for line
coverage and covers expected usage of functions. The test suite uses custom
semanage store and policy written in CIL, it does not require running on SELinux
enabled system.
Signed-off-by: Jan Zarsky <jzarsky@redhat.com>
- Add functions for creating and destroying test semanage store.
- Add functions for writing SELinux policy to the test store.
- Add functions for creating semanage handle, connecting to the store and for
beginning a transaction.
- Update Makefile to compile test policies from CIL source.
Signed-off-by: Jan Zarsky <jzarsky@redhat.com>
- Python 2.7 is planned to be the last of the 2.x releases
- It's generally advised to use Python 3
- Majority of python/ scripts are already switched python3
- Users with python 2 only can still use:
$ make PYTHON=/usr/bin/python ....
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
getgrnam_r() uses a preallocated buffer to store a structure containing
the broken-out fields of the record in the group database. The size of
this buffer is usually sysconf(_SC_GETGR_R_SIZE_MAX) == 1024 and it is
not enough for groups with a large number of users. In these cases,
getgrnam_r() returns -1 and sets errno to ERANGE and the caller can
retry with a larger buffer.
Fixes:
$ semanage login -a -s user_u -r s0-s0:c1.c2 '%largegroup'
libsemanage.semanage_direct_commit: semanage_genhomedircon returned error code -1. (Numerical result out of range).
OSError: Numerical result out of range
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
As reported in #109, semodule -p /path/to/policyroot -s minimum -n -B
tries to use /etc/selinux/targeted/booleans.subs_dist. This is because
it invokes the libselinux selinux_boolean_sub() interface, which uses
the active/installed policy files rather than the libsemanage ones.
Switch the selinux policy root around the selinux_boolean_sub() call
to incorporate the semanage root as a prefix and to use the specified
policy store as a suffix so that the correct booleans.subs_dist file
(if any) is used.
The underlying bug is that booleans.subs_dist is not itself managed
via libsemanage. If it was managed and therefore lived within the
policy store, then libsemanage could access the appropriate
booleans.subs_dist file without using the libselinux interface at all,
and thus would not need to modify the selinux policy root. Moving
booleans.subs_dist to a managed file is deferred to a future change.
Test:
dnf install selinux-policy-minimum selinux-policy-targeted
cd / && tar cf - etc/selinux var/lib/selinux | (cd ~/policy-root; tar xvpf -)
strace semodule -p ~/policy-root -s minimum -n -B
Before:
openat(AT_FDCWD, "/etc/selinux/targeted/booleans.subs_dist", O_RDONLY|O_CLOEXEC) = 5
After:
openat(AT_FDCWD, "/home/sds/policy-root/etc/selinux/minimum/booleans.subs_dist", O_RDONLY|O_CLOEXEC) = 5
Fixes https://github.com/SELinuxProject/selinux/issues/109
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
The manpage explicitly states that:
The getpwent() function returns a pointer to a passwd structure, or
NULL if there are no more entries or an error occurred. If an error
occurs, errno is set appropriately. If one wants to check errno after
the call, it should be set to zero before the call.
Without this, genhomedircon can wrongly return the following:
libsemanage.get_home_dirs: Error while fetching users. Returning list so far.
https://github.com/SELinuxProject/selinux/issues/121
Signed-off-by: Laurent Bigonville <bigon@bigon.be>
The script used both tabs and space to indent the code, using a tab
length of 8 (in calls to parser.add_option(...)). Make the code more
readable by using spaces for indentation everywhere.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
flake8 reports many warnings on script semanage_migrate_store:
E225 missing whitespace around operator
E302 expected 2 blank lines, found 1
E701 multiple statements on one line (colon)
E703 statement ends with a semicolon
E722 do not use bare 'except'
...
Fix some of them in order to reduce the noise.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
The selinux/semanage python module import error in semanage_migrate_store
was misleading. Before, it would report that the selinux/semanage modules
were not installed even though they were on the system.
Now the import failure is only reported if the modules are not installed.
Otherwise, a stack trace is printed for all other errors in the selinux/semanage
python modules.
Signed-off-by: Yuli Khodorkovskiy <yuli.khodorkovskiy@crunchydata.com>
I missed this bug in commit 9ec0ea143ab5 ("libsemanage: use previous
seuser when getting the previous name").
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Use "previous" user name when no new user is available in
semanage_seuser_audit. Otherwise "id=0" is logged instead of
"acct=user_name" ("id=0" is hard coded value).
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1622045
Restrictive umask may cause creating directories with with unintended
access mode. Reset umask before creating directories to avoid this
issue.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1186422
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
This program can be useful in order to test the Python API of
libsemanage. Make it usable in Python 3 using 2to3 and some tweaks.
While at it, fix warnings reported by flake8 linter.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Only use spaces to indent Python code. This reduces the number of
warnings reported by Python linters.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
from getpwnam_r(3): "The call sysconf(_SC_GETPW_R_SIZE_MAX) returns
either -1, without changing errno, or an initial suggested size for buf.
(If this size is too small, the call fails with ERANGE, in which case
the caller can retry with a larger buffer.)"
The same can happen for _SC_GETGR_R_SIZE_MAX. 1024 appears to be a good
fallback but may need revisiting in the future.
This triggered an error on musl libc but could happen other places too.
Signed-off-by: Jason Zaman <jason@perfinion.com>
