[policycoreutils] Add -C option to sandbox and seunshare to maintain capabilities, otherwise the bounding set will be
Daniel J Walsh
dwalsh at fedoraproject.org
Tue Jul 5 20:51:30 UTC 2011
commit 759501823ba88c1fc52434a93f735ad080e20f5e
Author: Dan Walsh <dwalsh at redhat.com>
Date: Tue Jul 5 16:51:18 2011 -0400
Add -C option to sandbox and seunshare to maintain capabilities, otherwise
the bounding set will be dropped.
Change --cgroups short name -c rather then -C for consistancy
Fix memory and fd leaks in seunshare
policycoreutils-rhat.patch | 128 +++++++++++++++++++++++++++++++------------
policycoreutils.spec | 8 ++-
semanage-bash-completion.sh | 2 +-
3 files changed, 100 insertions(+), 38 deletions(-)
---
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index 153e0a3..71c8c3f 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -1664,7 +1664,7 @@ index ff0ee7c..0c8a085 100644
test:
@python test_sandbox.py -v
diff --git a/policycoreutils/sandbox/sandbox b/policycoreutils/sandbox/sandbox
-index 48a26c2..b1e683b 100644
+index 48a26c2..41a3204 100644
--- a/policycoreutils/sandbox/sandbox
+++ b/policycoreutils/sandbox/sandbox
@@ -1,5 +1,6 @@
@@ -1835,14 +1835,18 @@ index 48a26c2..b1e683b 100644
parser.add_option("-W", "--windowmanager", dest="wm",
type="string",
default="/usr/bin/matchbox-window-manager -use_titlebar no",
-@@ -276,13 +309,17 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
+@@ -276,13 +309,21 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
parser.add_option("-l", "--level", dest="level",
help=_("MCS/MLS level for the sandbox"))
-+ parser.add_option("-C", "--cgroups",
++ parser.add_option("-c", "--cgroups",
+ action="store_true", dest="usecgroup", default=False,
+ help="Use cgroups to limit this sandbox.")
+
++ parser.add_option("-C", "--capabilities",
++ action="store_true", dest="usecaps", default=False,
++ help="Allow apps requiring capabilities to run within the sandbox.")
++
self.__parser=parser
self.__options, cmds = parser.parse_args()
@@ -1854,7 +1858,7 @@ index 48a26c2..b1e683b 100644
if self.__options.setype:
self.setype = self.__options.setype
-@@ -300,6 +337,10 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
+@@ -300,6 +341,10 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
self.__homedir = self.__options.homedir
self.__tmpdir = self.__options.tmpdir
else:
@@ -1865,7 +1869,7 @@ index 48a26c2..b1e683b 100644
if len(cmds) == 0:
self.usage(_("Command required"))
cmds[0] = fullpath(cmds[0])
-@@ -329,44 +370,43 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
+@@ -329,44 +374,45 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
def __setup_dir(self):
if self.__options.level or self.__options.session:
return
@@ -1908,6 +1912,8 @@ index 48a26c2..b1e683b 100644
+ cmds = [ SEUNSHARE, "-Z", self.__execcon ]
+ if self.__options.usecgroup == True:
+ cmds.append('-c')
++ if self.__options.usecaps == True:
++ cmds.append('-C')
if self.__mount:
- cmds = [ '/usr/sbin/seunshare', "-t", self.__tmpdir, "-h", self.__homedir, "--", self.__execcon ] + self.__paths
- rc = subprocess.Popen(cmds).wait()
@@ -1929,7 +1935,7 @@ index 48a26c2..b1e683b 100644
selinux.setexeccon(self.__execcon)
rc = subprocess.Popen(self.__cmds).wait()
-@@ -404,7 +444,7 @@ if __name__ == '__main__':
+@@ -404,7 +450,7 @@ if __name__ == '__main__':
sandbox = Sandbox()
rc = sandbox.main()
except OSError, error:
@@ -1939,7 +1945,7 @@ index 48a26c2..b1e683b 100644
error_exit(error.args[0])
except KeyError, error:
diff --git a/policycoreutils/sandbox/sandbox.8 b/policycoreutils/sandbox/sandbox.8
-index 1479364..73d33b3 100644
+index 1479364..3deb4b2 100644
--- a/policycoreutils/sandbox/sandbox.8
+++ b/policycoreutils/sandbox/sandbox.8
@@ -1,10 +1,13 @@
@@ -1951,11 +1957,11 @@ index 1479364..73d33b3 100644
.B sandbox
-[-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [[-i file ]...] [ -t type ] cmd
-[-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [[-i file ]...] [ -t type ] -S
-+[-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [ -w windowsize ] [[-i file ]...] [ -t type ] cmd
++[-C] [-c] [-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [ -w windowsize ] [[-i file ]...] [ -t type ] cmd
+
+.br
+.B sandbox
-+[-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [ -w windowsize ] [[-i file ]...] [ -t type ] -S
++[-C] [-c] [-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [ -w windowsize ] [[-i file ]...] [ -t type ] -S
.br
.SH DESCRIPTION
.PP
@@ -1972,13 +1978,16 @@ index 1479364..73d33b3 100644
\fB\-W windowmanager\fR
Select alternative window manager to run within
.B sandbox -X.
-@@ -50,8 +59,17 @@ Default to /usr/bin/matchbox-window-manager.
+@@ -50,8 +59,20 @@ Default to /usr/bin/matchbox-window-manager.
\fB\-X\fR
Create an X based Sandbox for gui apps, temporary files for
$HOME and /tmp, secondary Xserver, defaults to sandbox_x_t
+.TP
-+\fB\-C\fR
++\fB\-c\fR
+Use control groups to control this copy of sandbox. Specify parameters in /etc/sysconfig/sandbox. Max memory usage and cpu usage are to be specified in percent. You can specify which CPUs to use by numbering them 0,1,2... etc.
++.TP
++\fB\-C\fR
++Use capabilities within the sandbox. By default applications executed within the sandbox will not be allowed to use capabilities (setuid apps), with the -C flag, you can use programs requiring capabilities.
.PP
.SH "SEE ALSO"
.TP
@@ -2123,16 +2132,16 @@ index 8338203..9648100 100644
break
diff --git a/policycoreutils/sandbox/seunshare.8 b/policycoreutils/sandbox/seunshare.8
new file mode 100644
-index 0000000..e7b8991
+index 0000000..eeb2218
--- /dev/null
+++ b/policycoreutils/sandbox/seunshare.8
-@@ -0,0 +1,37 @@
+@@ -0,0 +1,40 @@
+.TH SEUNSHARE "8" "May 2010" "seunshare" "User Commands"
+.SH NAME
+seunshare \- Run cmd with alternate homedir, tmpdir and/or SELinux context
+.SH SYNOPSIS
+.B seunshare
-+[ -v ] [ -t tmpdir ] [ -h homedir ] [ -Z context ] -- executable [args]
++[ -v ] [-c] [-C] [ -t tmpdir ] [ -h homedir ] [ -Z context ] -- executable [args]
+.br
+.SH DESCRIPTION
+.PP
@@ -2147,9 +2156,12 @@ index 0000000..e7b8991
+\fB\-t\ tmpdir
+Use alternate tempory directory to mount on /tmp. tmpdir must be owned by the user.
+.TP
-+\fB\-c cgroups\fR
++\fB\-c --cgroups\fR
+Use cgroups to control this copy of seunshare. Specify parameters in /etc/sysconfig/sandbox. Max memory usage and cpu usage are to be specified in percent. You can specify which CPUs to use by numbering them 0,1,2... etc.
+.TP
++\fB\-C --capabilities\fR
++Allow apps executed within the namespace to use capabilities. Default is no capabilities.
++.TP
+\fB\-Z\ context
+Use alternate SELinux context while runing the executable.
+.TP
@@ -2165,7 +2177,7 @@ index 0000000..e7b8991
+and
+.I Thomas Liu <tliu at fedoraproject.org>
diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c
-index ec692e7..52362e0 100644
+index ec692e7..ff61262 100644
--- a/policycoreutils/sandbox/seunshare.c
+++ b/policycoreutils/sandbox/seunshare.c
@@ -1,28 +1,35 @@
@@ -2209,7 +2221,7 @@ index ec692e7..52362e0 100644
#ifdef USE_NLS
#include <locale.h> /* for setlocale() */
#include <libintl.h> /* for gettext() */
-@@ -39,29 +46,47 @@
+@@ -39,29 +46,48 @@
#define MS_PRIVATE 1<<18
#endif
@@ -2220,10 +2232,11 @@ index ec692e7..52362e0 100644
+#define BUF_SIZE 1024
+#define DEFAULT_PATH "/usr/bin:/bin"
+
-+#define USAGE_STRING _("USAGE: seunshare [ -v ] [ -c ] -t tmpdir -h homedir [-Z context] -- executable [args]")
++#define USAGE_STRING _("USAGE: seunshare [ -v ] [ -c ] -C -t tmpdir -h homedir [-Z context] -- executable [args]")
+
+static int verbose = 0;
+
++static capng_select_t cap_set = CAPNG_SELECT_BOTH;
+
/**
- * This function will drop all capabilities
@@ -2240,10 +2253,10 @@ index ec692e7..52362e0 100644
- /* Change uid */
- if (setresuid(uid, uid, uid)) {
- fprintf(stderr, _("Error changing uid, aborting.\n"));
-+ if (capng_have_capabilities(CAPNG_SELECT_CAPS) == CAPNG_NONE)
++ if (capng_have_capabilities(cap_set) == CAPNG_NONE)
+ return 0;
-+ capng_clear(CAPNG_SELECT_CAPS);
-+ if (capng_lock() == -1 || capng_apply(CAPNG_SELECT_CAPS) == -1) {
++ capng_clear(cap_set);
++ if (capng_lock() == -1 || capng_apply(cap_set) == -1) {
+ fprintf(stderr, _("Failed to drop all capabilities\n"));
return -1;
}
@@ -2271,7 +2284,7 @@ index ec692e7..52362e0 100644
*/
static int set_signal_handles(void)
{
-@@ -75,8 +100,8 @@ static int set_signal_handles(void)
+@@ -75,8 +101,8 @@ static int set_signal_handles(void)
(void)sigprocmask(SIG_SETMASK, &empty, NULL);
@@ -2282,7 +2295,7 @@ index ec692e7..52362e0 100644
perror("Unable to set SIGHUP handler");
return -1;
}
-@@ -84,23 +109,103 @@ static int set_signal_handles(void)
+@@ -84,23 +110,103 @@ static int set_signal_handles(void)
return 0;
}
@@ -2396,7 +2409,7 @@ index ec692e7..52362e0 100644
return 0;
}
-@@ -123,7 +228,7 @@ static int verify_shell(const char *shell_name)
+@@ -123,7 +229,7 @@ static int verify_shell(const char *shell_name)
/* check the shell skipping newline char */
if (!strcmp(shell_name, buf)) {
@@ -2405,7 +2418,7 @@ index ec692e7..52362e0 100644
break;
}
}
-@@ -131,45 +236,525 @@ static int verify_shell(const char *shell_name)
+@@ -131,45 +237,530 @@ static int verify_shell(const char *shell_name)
return rc;
}
@@ -2515,6 +2528,7 @@ index ec692e7..52362e0 100644
+ char buf[BUF_SIZE];
+ char *tok = NULL;
+ int rc = -1;
++ char *str = NULL;
+ const char* fname = "/etc/sysconfig/sandbox";
+
+ if ((fp = fopen(fname, "rt")) == NULL) {
@@ -2527,7 +2541,8 @@ index ec692e7..52362e0 100644
+
+ /* Copy the string, ignoring whitespace */
+ int len = strlen(buf);
-+ char *str = malloc((len + 1) * sizeof(char));
++ free(str);
++ str = malloc((len + 1) * sizeof(char));
+
+ int ind = 0;
+ int i;
@@ -2668,6 +2683,8 @@ index ec692e7..52362e0 100644
+
+ rc = 0;
+err:
++ fclose(fp)
++ free(str);
+ free(mem);
+ free(cgroupname);
+ free(cpus);
@@ -2756,9 +2773,8 @@ index ec692e7..52362e0 100644
+ free(buf); buf = NULL;
+ globfree(&fglob);
+ return rc;
- }
-
--#define USAGE_STRING _("USAGE: seunshare [ -v ] [ -t tmpdir ] [ -h homedir ] -- CONTEXT executable [args] ")
++}
++
+/**
+ * Clean up runtime temporary directory. Returns 0 if no problem was detected,
+ * >0 if some error was detected, but errors here are treated as non-fatal and
@@ -2801,8 +2817,9 @@ index ec692e7..52362e0 100644
+ setfsuid(pwd->pw_uid);
+
+ return 0;
-+}
-+
+ }
+
+-#define USAGE_STRING _("USAGE: seunshare [ -v ] [ -t tmpdir ] [ -h homedir ] -- CONTEXT executable [args] ")
+/**
+ * seunshare will create a tmpdir in /tmp, with root ownership. The parent
+ * process waits for it child to exit to attempt to remove the directory. If
@@ -2942,10 +2959,11 @@ index ec692e7..52362e0 100644
{"verbose", 1, 0, 'v'},
+ {"cgroups", 1, 0, 'c'},
+ {"context", 1, 0, 'Z'},
++ {"capabilities", 1, 0, 'C'},
{NULL, 0, 0, 0}
};
-@@ -180,6 +765,12 @@ int main(int argc, char **argv) {
+@@ -180,6 +771,12 @@ int main(int argc, char **argv) {
return -1;
}
@@ -2958,7 +2976,7 @@ index ec692e7..52362e0 100644
struct passwd *pwd=getpwuid(uid);
if (!pwd) {
perror(_("getpwduid failed"));
-@@ -187,34 +778,30 @@ int main(int argc, char **argv) {
+@@ -187,34 +784,33 @@ int main(int argc, char **argv) {
}
if (verify_shell(pwd->pw_shell) < 0) {
@@ -2970,7 +2988,7 @@ index ec692e7..52362e0 100644
while (1) {
- clflag = getopt_long(argc, argv, "h:t:", long_options,
- &flag_index);
-+ clflag = getopt_long(argc, argv, "cvh:t:Z:", long_options, NULL);
++ clflag = getopt_long(argc, argv, "Ccvh:t:Z:", long_options, NULL);
if (clflag == -1)
break;
@@ -2999,12 +3017,15 @@ index ec692e7..52362e0 100644
+ case 'c':
+ usecgroups = 1;
+ break;
++ case 'C':
++ cap_set = CAPNG_SELECT_CAPS;
++ break;
+ case 'Z':
+ execcon = optarg;
break;
default:
fprintf(stderr, "%s\n", USAGE_STRING);
-@@ -223,76 +810,84 @@ int main(int argc, char **argv) {
+@@ -223,76 +819,84 @@ int main(int argc, char **argv) {
}
if (! homedir_s && ! tmpdir_s) {
@@ -3138,7 +3159,7 @@ index ec692e7..52362e0 100644
if (display)
rc |= setenv("DISPLAY", display, 1);
rc |= setenv("HOME", pwd->pw_dir, 1);
-@@ -300,22 +895,41 @@ int main(int argc, char **argv) {
+@@ -300,22 +904,41 @@ int main(int argc, char **argv) {
rc |= setenv("USER", pwd->pw_name, 1);
rc |= setenv("LOGNAME", pwd->pw_name, 1);
rc |= setenv("PATH", DEFAULT_PATH, 1);
@@ -5123,6 +5144,41 @@ index 059f629..81d6a3c 100644
case 'u':
set_mode(UPGRADE_M, optarg);
break;
+diff --git a/policycoreutils/semodule_expand/semodule_expand.8 b/policycoreutils/semodule_expand/semodule_expand.8
+index 22ad3be..35df2ed 100644
+--- a/policycoreutils/semodule_expand/semodule_expand.8
++++ b/policycoreutils/semodule_expand/semodule_expand.8
+@@ -3,7 +3,7 @@
+ semodule_expand \- Expand a SELinux policy module package.
+
+ .SH SYNOPSIS
+-.B semodule_expand [-V -c [version]] basemodpkg outputfile
++.B semodule_expand [-V ] [ -a ] [ -c [version]] basemodpkg outputfile
+ .br
+ .SH DESCRIPTION
+ .PP
+@@ -22,6 +22,9 @@ show version
+ .TP
+ .B \-c [version]
+ policy version to create
++.TP
++.B \-a
++Check assertions. This will cause the policy to check all neverallow rules.
+
+ .SH SEE ALSO
+ .B checkmodule(8), semodule_package(8), semodule(8), semodule_link(8)
+diff --git a/policycoreutils/semodule_package/semodule_package.8 b/policycoreutils/semodule_package/semodule_package.8
+index fb41480..29c9eb2 100644
+--- a/policycoreutils/semodule_package/semodule_package.8
++++ b/policycoreutils/semodule_package/semodule_package.8
+@@ -45,7 +45,6 @@ netfilter context file to be included in the package.
+
+ .SH SEE ALSO
+ .B checkmodule(8), semodule(8)
+-(8),
+ .SH AUTHORS
+ .nf
+ This manual page was written by Dan Walsh <dwalsh at redhat.com>.
diff --git a/policycoreutils/sepolgen-ifgen/Makefile b/policycoreutils/sepolgen-ifgen/Makefile
new file mode 100644
index 0000000..211580d
diff --git a/policycoreutils.spec b/policycoreutils.spec
index b0d58f9..1293c5d 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.86
-Release: 14%{?dist}
+Release: 15%{?dist}
License: GPLv2
Group: System Environment/Base
# Based on git repository with tag 20101221
@@ -336,6 +336,12 @@ fi
exit 0
%changelog
+* Mon Jul 5 2011 Dan Walsh <dwalsh at redhat.com> 2.0.86-15
+- Add -C option to sandbox and seunshare to maintain capabilities, otherwise
+the bounding set will be dropped.
+- Change --cgroups short name -c rather then -C for consistancy
+- Fix memory and fd leaks in seunshare
+
* Mon Jun 13 2011 Dan Walsh <dwalsh at redhat.com> 2.0.86-14
- Do not drop capability bounding set in seunshare, this allows sandbox to
- run setuid apps.
diff --git a/semanage-bash-completion.sh b/semanage-bash-completion.sh
index 221eae2..ff1285a 100644
--- a/semanage-bash-completion.sh
+++ b/semanage-bash-completion.sh
@@ -59,7 +59,7 @@ __get_user_opts () { echo '$ALL_OPTS $MANAGED_OPTS -L -r -R --role '; }
__get_login_opts () { echo '$ALL_OPTS $MANAGED_OPTS -s -r '; }
__get_port_opts () { echo '$ALL_OPTS $MANAGED_OPTS -t -type -r --range -p --proto'; }
__get_interface_opts () { echo '$ALL_OPTS $MANAGED_OPTS -t --type '; }
-__get_node_opts () { echo '$ALL_OPTS $MANAGED_OPTS -t --type '; }
+__get_node_opts () { echo '$ALL_OPTS $MANAGED_OPTS -t --type -M --mask -p --proto'; }
__get_fcontext_opts () { echo '$ALL_OPTS $MANAGED_OPTS -t --type -e --equal -f --ftype '; }
__get_module_opts () { echo '$ALL_OPTS --enable --disable '; }
__get_dontaudit_opts () { echo '-S on off' ; }
More information about the scm-commits
mailing list