[policycoreutils] Fix the handling of namespaces in seunshare/sandbox. Currently mounting of directories within sandbo

[Daniel J Walsh]

commit 42e269dd3c4a7e9b2b3182c2691acbadef7e1d86
Author: Dan Walsh <dwalsh at redhat.com>
Date:   Fri Dec 23 10:08:38 2011 +0000

    Fix the handling of namespaces in seunshare/sandbox.
    Currently mounting of directories within sandbox is propogating to the
    parent namesspace.

 policycoreutils-rhat.patch |   91 ++++++++++++++++++++++++++++----------------
 policycoreutils.spec       |    7 +++-
 2 files changed, 64 insertions(+), 34 deletions(-)
---
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index f73410d..19ffd0b 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -81,47 +81,72 @@ index 9db766c..92034be 100644
  	 * Do not execvp the command directly from run_init; since it would run
  	 * under with a pty under sysadm_devpts_t. Instead, we call open_init_tty,
 diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c
-index c493e98..0bc35f3 100644
+index c493e98..902792e 100644
 --- a/policycoreutils/sandbox/seunshare.c
 +++ b/policycoreutils/sandbox/seunshare.c
-@@ -59,7 +59,7 @@ static int verbose = 0;
- static int child = 0;
- 
- static capng_select_t cap_set = CAPNG_SELECT_BOTH;
--
-+static int var_tmp_mounted = 0;
- /**
-  * This function will drop all capabilities.
+@@ -43,8 +43,8 @@
+ #define MS_REC 1<<14
+ #endif
+ 
+-#ifndef MS_PRIVATE
+-#define MS_PRIVATE 1<<18
++#ifndef MS_SLAVE
++#define MS_SLAVE 1<<19
+ #endif
+ 
+ #ifndef PACKAGE
+@@ -255,7 +255,7 @@ static int verify_shell(const char *shell_name)
   */
-@@ -292,6 +292,8 @@ static int seunshare_mount(const char *src, const char *dst, struct stat *src_st
- 			fprintf(stderr, _("Failed to mount /var/tmp on /var/tmp: %s\n"), strerror(errno));
+ static int seunshare_mount(const char *src, const char *dst, struct stat *src_st)
+ {
+-	int flags = MS_REC;
++	int flags = 0;
+ 	int is_tmp = 0;
+ 
+ 	if (verbose)
+@@ -267,14 +267,6 @@ static int seunshare_mount(const char *src, const char *dst, struct stat *src_st
+ 	}
+ 
+ 	/* mount directory */
+-	if (mount(dst, dst,  NULL, MS_BIND | flags, NULL) < 0) {
+-		fprintf(stderr, _("Failed to mount %s on %s: %s\n"), dst, dst, strerror(errno));
+-		return -1;
+-	}
+-	if (mount(dst, dst, NULL, MS_PRIVATE | flags, NULL) < 0) {
+-		fprintf(stderr, _("Failed to make %s private: %s\n"), dst, strerror(errno));
+-		return -1;
+-	}
+ 	if (mount(src, dst, NULL, MS_BIND | flags, NULL) < 0) {
+ 		fprintf(stderr, _("Failed to mount %s on %s: %s\n"), src, dst, strerror(errno));
+ 		return -1;
+@@ -288,14 +280,6 @@ static int seunshare_mount(const char *src, const char *dst, struct stat *src_st
+ 		if (verbose)
+ 			printf(_("Mounting /tmp on /var/tmp\n"));
+ 
+-		if (mount("/var/tmp", "/var/tmp",  NULL, MS_BIND | flags, NULL) < 0) {
+-			fprintf(stderr, _("Failed to mount /var/tmp on /var/tmp: %s\n"), strerror(errno));
+-			return -1;
+-		}
+-		if (mount("/var/tmp", "/var/tmp", NULL, MS_PRIVATE | flags, NULL) < 0) {
+-			fprintf(stderr, _("Failed to make /var/tmp private: %s\n"), strerror(errno));
+-			return -1;
+-		}
+ 		if (mount("/tmp", "/var/tmp",  NULL, MS_BIND | flags, NULL) < 0) {
+ 			fprintf(stderr, _("Failed to mount /tmp on /var/tmp: %s\n"), strerror(errno));
  			return -1;
+@@ -967,6 +951,13 @@ int main(int argc, char **argv) {
+ 			goto childerr;
  		}
-+		var_tmp_mounted = 1;
-+
- 		if (mount("/var/tmp", "/var/tmp", NULL, MS_PRIVATE | flags, NULL) < 0) {
- 			fprintf(stderr, _("Failed to make /var/tmp private: %s\n"), strerror(errno));
- 			return -1;
-@@ -1031,12 +1033,18 @@ childerr:
- 		exit(-1);
- 	}
  
--	drop_caps();
--
- 	/* parent waits for child exit to do the cleanup */
- 	waitpid(child, &status, 0);
- 	status_to_retval(status, status);
- 
-+	if (var_tmp_mounted) {
-+		/* attempt to umount /var/tmp twice on exit */
-+		if (umount("/var/tmp") < 0) perror("umount /var/tmp");
-+		if (umount("/var/tmp") < 0) perror("umount /var/tmp");
-+	}
-+
-+	drop_caps();
++		/* Remount / as SLAVE so that nothing mounted in the namespace 
++		   shows up in the parent */
++		if (mount("/", "/", NULL, MS_SLAVE | MS_REC , NULL) < 0) {
++			fprintf(stderr, _("Failed to make / a SLAVE mountpoint\n"));
++			goto childerr;
++		}
 +
- 	/* Make sure all child processes exit */
- 	kill(-child,SIGTERM);
+ 		/* assume fsuid==ruid after this point */
+ 		setfsuid(uid);
  
 diff --git a/policycoreutils/scripts/genhomedircon b/policycoreutils/scripts/genhomedircon
 index ab696a7..58b19cd 100644
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 4cd2c09..a89dbf8 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.1.10
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: GPLv2
 Group:	 System Environment/Base
 # Based on git repository with tag 20101221
@@ -356,6 +356,11 @@ fi
 /bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
 
 %changelog
+* Fri Dec 23 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.10-4
+- Fix the handling of namespaces in seunshare/sandbox.
+- Currently mounting of directories within sandbox is propogating to the 
+- parent namesspace.
+
 * Thu Dec 22 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.10-3
 - Add umount code to seunshare to cleanup left over mounts of /var/tmp