[policycoreutils] Maintain the LANG environment Variable into the sandbox Change restorecon/setfiles to only change ty
Daniel J Walsh
dwalsh at fedoraproject.org
Wed Sep 7 18:26:58 UTC 2011
commit 78175de296dde338caa09aa7d39c3161d9a3829c
Author: Dan Walsh <dwalsh at redhat.com>
Date: Wed Sep 7 14:23:19 2011 -0400
Maintain the LANG environment Variable into the sandbox
Change restorecon/setfiles to only change type part of the context unless
f qualifier is given
policycoreutils-rhat.patch | 239 +++++++++++++++++++++++++++++++++++++++++---
policycoreutils.spec | 7 +-
2 files changed, 231 insertions(+), 15 deletions(-)
---
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index 0b2ed9f..c1b3b60 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -1705,7 +1705,7 @@ index a9b846b..06610c0 100644
Use alternate SELinux context while runing the executable.
.TP
diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c
-index f9bf12c..671d97c 100644
+index f9bf12c..594aff4 100644
--- a/policycoreutils/sandbox/seunshare.c
+++ b/policycoreutils/sandbox/seunshare.c
@@ -1,27 +1,35 @@
@@ -2510,7 +2510,7 @@ index f9bf12c..671d97c 100644
break;
default:
fprintf(stderr, "%s\n", USAGE_STRING);
-@@ -342,97 +908,131 @@ int main(int argc, char **argv) {
+@@ -342,97 +908,144 @@ int main(int argc, char **argv) {
}
if (! homedir_s && ! tmpdir_s) {
@@ -2598,6 +2598,7 @@ index f9bf12c..671d97c 100644
- }
+ if (child == 0) {
+ char *display = NULL;
++ char *LANG = NULL;
+ int rc = -1;
- if ((rc = clearenv())) {
@@ -2635,12 +2636,23 @@ index f9bf12c..671d97c 100644
}
-
- if (display)
++
++ /* construct a new environment */
++ if ((LANG = getenv("LANG")) != NULL) {
++ if ((LANG = strdup(LANG)) == NULL) {
++ perror(_("Out of memory"));
++ goto childerr;
++ }
++ }
++
+ if ((rc = clearenv()) != 0) {
+ perror(_("Failed to clear environment"));
+ goto childerr;
+ }
+ if (display)
rc |= setenv("DISPLAY", display, 1);
++ if (LANG)
++ rc |= setenv("LANG", LANG, 1);
rc |= setenv("HOME", pwd->pw_dir, 1);
rc |= setenv("SHELL", pwd->pw_shell, 1);
rc |= setenv("USER", pwd->pw_name, 1);
@@ -2669,6 +2681,7 @@ index f9bf12c..671d97c 100644
+childerr:
free(display);
- perror("execv");
++ free(LANG);
exit(-1);
- } else {
- waitpid(child, &status, 0);
@@ -3603,9 +3616,18 @@ index 0000000..1ce37b0
+ return 0;
+}
diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c
-index 48ffcad..15f2bf0 100644
+index 48ffcad..c1e6e24 100644
--- a/policycoreutils/setfiles/restore.c
+++ b/policycoreutils/setfiles/restore.c
+@@ -33,7 +33,7 @@ struct edir {
+
+ static file_spec_t *fl_head;
+ static int filespec_add(ino_t ino, const security_context_t con, const char *file);
+-static int only_changed_user(const char *a, const char *b);
++static int match_type(const security_context_t oldcon, security_context_t *newcon);
+ struct restore_opts *r_opts = NULL;
+ static void filespec_destroy(void);
+ static void filespec_eval(void);
@@ -60,9 +60,10 @@ void restore_init(struct restore_opts *opts)
r_opts = opts;
struct selinux_opt selinux_opts[] = {
@@ -3619,7 +3641,128 @@ index 48ffcad..15f2bf0 100644
if (!r_opts->hnd) {
perror(r_opts->selabel_opt_path);
exit(1);
-@@ -318,11 +319,16 @@ static int process_one(char *name, int recurse_this_path)
+@@ -104,8 +105,7 @@ static int restore(FTSENT *ftsent)
+ {
+ char *my_file = strdupa(ftsent->fts_path);
+ int ret;
+- char *context, *newcon;
+- int user_only_changed = 0;
++ security_context_t curcon, newcon;
+
+ if (match(my_file, ftsent->fts_statp, &newcon) < 0)
+ /* Check for no matching specification. */
+@@ -143,74 +143,82 @@ static int restore(FTSENT *ftsent)
+ printf("%s: %s matched by %s\n", r_opts->progname, my_file, newcon);
+ }
+
++ /*
++ * Do not relabel if their is no default specification for this file
++ */
++
++ if (strcmp(newcon, "<<none>>") == 0) {
++ goto out;
++ }
++
+ /* Get the current context of the file. */
+- ret = lgetfilecon_raw(ftsent->fts_accpath, &context);
++ ret = lgetfilecon_raw(ftsent->fts_accpath, &curcon);
+ if (ret < 0) {
+ if (errno == ENODATA) {
+- context = NULL;
++ curcon = NULL;
+ } else {
+ fprintf(stderr, "%s get context on %s failed: '%s'\n",
+ r_opts->progname, my_file, strerror(errno));
+ goto err;
+ }
+- user_only_changed = 0;
+- } else
+- user_only_changed = only_changed_user(context, newcon);
++ }
++
+ /* lgetfilecon returns number of characters and ret needs to be reset
+ * to 0.
+ */
+ ret = 0;
+
+ /*
+- * Do not relabel the file if the matching specification is
+- * <<none>> or the file is already labeled according to the
+- * specification.
++ * Do not relabel the file if the file is already labeled according to
++ * the specification.
+ */
+- if ((strcmp(newcon, "<<none>>") == 0) ||
+- (context && (strcmp(context, newcon) == 0))) {
+- freecon(context);
++ if (curcon && (strcmp(curcon, newcon) == 0)) {
++ freecon(curcon);
+ goto out;
+ }
+
+- if (!r_opts->force && context && (is_context_customizable(context) > 0)) {
++ if (!r_opts->force && curcon && (is_context_customizable(curcon) > 0)) {
+ if (r_opts->verbose > 1) {
+ fprintf(stderr,
+ "%s: %s not reset customized by admin to %s\n",
+- r_opts->progname, my_file, context);
++ r_opts->progname, my_file, curcon);
+ }
+- freecon(context);
++ freecon(curcon);
++ goto out;
++ }
++
++ /*
++ * Do not change label unless this is a force or the type is different
++ */
++ if (!r_opts->force && match_type(curcon, &newcon)) {
++ freecon(curcon);
+ goto out;
+ }
+
+ if (r_opts->verbose) {
+- /* If we're just doing "-v", trim out any relabels where
+- * the user has r_opts->changed but the role and type are the
+- * same. For "-vv", emit everything. */
+- if (r_opts->verbose > 1 || !user_only_changed) {
+- printf("%s reset %s context %s->%s\n",
+- r_opts->progname, my_file, context ?: "", newcon);
+- }
++ printf("%s reset %s context %s->%s\n",
++ r_opts->progname, my_file, curcon ?: "", newcon);
+ }
+
+- if (r_opts->logging && !user_only_changed) {
+- if (context)
++ if (r_opts->logging) {
++ if (curcon)
+ syslog(LOG_INFO, "relabeling %s from %s to %s\n",
+- my_file, context, newcon);
++ my_file, curcon, newcon);
+ else
+ syslog(LOG_INFO, "labeling %s to %s\n",
+ my_file, newcon);
+ }
+
+- if (r_opts->outfile && !user_only_changed)
++ if (r_opts->outfile)
+ fprintf(r_opts->outfile, "%s\n", my_file);
+
+- if (context)
+- freecon(context);
++ if (curcon)
++ freecon(curcon);
+
+ /*
+ * Do not relabel the file if -n was used.
+ */
+- if (!r_opts->change || user_only_changed)
++ if (!r_opts->change)
+ goto out;
+
+ /*
+@@ -318,11 +326,16 @@ static int process_one(char *name, int recurse_this_path)
ftsent = fts_read(fts_handle);
@@ -3639,7 +3782,7 @@ index 48ffcad..15f2bf0 100644
do {
rc = 0;
/* Skip the post order nodes. */
-@@ -390,7 +396,7 @@ int process_one_realpath(char *name, int recurse)
+@@ -390,7 +403,7 @@ int process_one_realpath(char *name, int recurse)
{
int rc = 0;
char *p;
@@ -3648,7 +3791,7 @@ index 48ffcad..15f2bf0 100644
if (r_opts == NULL){
fprintf(stderr,
-@@ -401,7 +407,7 @@ int process_one_realpath(char *name, int recurse)
+@@ -401,7 +414,7 @@ int process_one_realpath(char *name, int recurse)
if (!r_opts->expand_realpath) {
return process_one(name, recurse);
} else {
@@ -3657,7 +3800,67 @@ index 48ffcad..15f2bf0 100644
if (rc < 0) {
if (r_opts->ignore_enoent && errno == ENOENT)
return 0;
-@@ -568,7 +574,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
+@@ -486,20 +499,46 @@ int add_exclude(const char *directory)
+ return 0;
+ }
+
+-/* Compare two contexts to see if their differences are "significant",
+- * or whether the only difference is in the user. */
+-static int only_changed_user(const char *a, const char *b)
++#include <selinux/context.h>
++
++/* Compare two contexts to see if their types differ; if they do, return 1
++ * and replace the the new context with the the current context user, role
++ * and range
++ */
++
++static int match_type(const security_context_t oldcon, security_context_t *newcon)
+ {
+- char *rest_a, *rest_b; /* Rest of the context after the user */
+- if (r_opts->force)
+- return 0;
+- if (!a || !b)
+- return 0;
+- rest_a = strchr(a, ':');
+- rest_b = strchr(b, ':');
+- if (!rest_a || !rest_b)
+- return 0;
+- return (strcmp(rest_a, rest_b) == 0);
++ int match = 0;
++ context_t cona;
++ context_t conb;
++ if (!oldcon || !*newcon)
++ return match;
++ cona = context_new(oldcon);
++ if (! cona) {
++ return match;
++ }
++ conb = context_new(*newcon);
++ if (! conb) {
++ context_free(cona);
++ return match;
++ }
++
++ match = strcmp(context_type_get(cona), context_type_get(conb)) == 0;
++ if (! match) {
++ if (context_user_set(conb, context_user_get(cona)) < 0)
++ goto out;
++ if (context_role_set(conb, context_role_get(cona)) < 0)
++ goto out;
++ if (context_range_set(conb, context_range_get(cona)) < 0)
++ goto out;
++ free(*newcon);
++ *newcon = strdup(context_str(conb));
++ }
++
++out:
++ context_free(cona);
++ context_free(conb);
++ return match;
+ }
+
+ /*
+@@ -568,7 +607,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
{
file_spec_t *prevfl, *fl;
int h, ret;
@@ -3666,7 +3869,7 @@ index 48ffcad..15f2bf0 100644
if (!fl_head) {
fl_head = malloc(sizeof(file_spec_t) * HASH_BUCKETS);
-@@ -581,7 +587,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
+@@ -581,7 +620,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
for (prevfl = &fl_head[h], fl = fl_head[h].next; fl;
prevfl = fl, fl = fl->next) {
if (ino == fl->ino) {
@@ -3676,14 +3879,14 @@ index 48ffcad..15f2bf0 100644
freecon(fl->con);
free(fl->file);
diff --git a/policycoreutils/setfiles/restore.h b/policycoreutils/setfiles/restore.h
-index ac27222..fb8eaf9 100644
+index ac27222..3909d15 100644
--- a/policycoreutils/setfiles/restore.h
+++ b/policycoreutils/setfiles/restore.h
@@ -40,6 +40,7 @@ struct restore_opts {
int fts_flags; /* Flags to fts, e.g. follow links, follow mounts */
const char *selabel_opt_validate;
const char *selabel_opt_path;
-+ const char *selabel_opt_subset;
++ char *selabel_opt_subset;
};
void restore_init(struct restore_opts *opts);
@@ -3741,7 +3944,7 @@ index 7f700ca..c77431a 100644
save list of files with incorrect context in filename.
.TP
diff --git a/policycoreutils/setfiles/setfiles.c b/policycoreutils/setfiles/setfiles.c
-index fa0cd6a..eb8a7aa 100644
+index fa0cd6a..590a4e0 100644
--- a/policycoreutils/setfiles/setfiles.c
+++ b/policycoreutils/setfiles/setfiles.c
@@ -39,7 +39,7 @@ void usage(const char *const name)
@@ -3753,7 +3956,15 @@ index fa0cd6a..eb8a7aa 100644
name);
} else {
fprintf(stderr,
-@@ -217,7 +217,7 @@ int main(int argc, char **argv)
+@@ -160,6 +160,7 @@ int main(int argc, char **argv)
+ r_opts.outfile = NULL;
+ r_opts.force = 0;
+ r_opts.hard_links = 1;
++ r_opts.selabel_opt_subset = 0;
+
+ altpath = NULL;
+
+@@ -217,7 +218,7 @@ int main(int argc, char **argv)
exclude_non_seclabel_mounts();
/* Process any options. */
@@ -3762,7 +3973,7 @@ index fa0cd6a..eb8a7aa 100644
switch (opt) {
case 'c':
{
-@@ -280,6 +280,23 @@ int main(int argc, char **argv)
+@@ -280,6 +281,23 @@ int main(int argc, char **argv)
case 'n':
r_opts.change = 0;
break;
@@ -3786,7 +3997,7 @@ index fa0cd6a..eb8a7aa 100644
case 'o':
if (strcmp(optarg, "-") == 0) {
r_opts.outfile = stdout;
-@@ -433,7 +450,11 @@ int main(int argc, char **argv)
+@@ -433,7 +451,11 @@ int main(int argc, char **argv)
if (r_opts.outfile)
fclose(r_opts.outfile);
diff --git a/policycoreutils.spec b/policycoreutils.spec
index fa61e0b..605ed37 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.1.5
-Release: 3%{?dist}
+Release: 4%{?dist}
License: GPLv2
Group: System Environment/Base
# Based on git repository with tag 20101221
@@ -352,6 +352,11 @@ fi
/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
%changelog
+* Wed Sep 7 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.5-4
+- Maintain the LANG environment Variable into the sandbox
+- Change restorecon/setfiles to only change type part of the context unless
+ -f qualifier is given
+
* Tue Sep 6 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.5-3
- Remove lockdown wizard, since gtkhtml2 is no longer supported.
More information about the scm-commits
mailing list