Maintain the LANG environment Variable into the sandbox

Change restorecon/setfiles to only change type part of the context unless f qualifier is given
2011-09-07 14:23:19 -04:00 · 2011-09-07 14:23:19 -04:00 · 78175de296
commit 78175de296
parent fb1cfc265c
2 changed files with 231 additions and 15 deletions
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@ -1705,7 +1705,7 @@ index a9b846b..06610c0 100644
 Use alternate SELinux context while runing the executable.
 .TP
 diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c
-index f9bf12c..671d97c 100644
+index f9bf12c..594aff4 100644
 --- a/policycoreutils/sandbox/seunshare.c
 +++ b/policycoreutils/sandbox/seunshare.c
@@ -1,27 +1,35 @@
@ -2510,7 +2510,7 @@ index f9bf12c..671d97c 100644
 			break;
 		default:
 			fprintf(stderr, "%s\n", USAGE_STRING);
-@@ -342,97 +908,131 @@ int main(int argc, char **argv) {
+@@ -342,97 +908,144 @@ int main(int argc, char **argv) {
 	}
 
 	if (! homedir_s && ! tmpdir_s) {
@ -2598,6 +2598,7 @@ index f9bf12c..671d97c 100644
 -		}
 +	if (child == 0) {
 +		char *display = NULL;
+		char *LANG = NULL;
 +		int rc = -1;
 
 -		if ((rc = clearenv())) {
@ -2635,12 +2636,23 @@ index f9bf12c..671d97c 100644
 		}
 -
 -		if (display) 
+		
+		/* construct a new environment */
+		if ((LANG = getenv("LANG")) != NULL) {
+			if ((LANG = strdup(LANG)) == NULL) {
+				perror(_("Out of memory"));
+				goto childerr;
+			}
+		}
+		
 +		if ((rc = clearenv()) != 0) {
 +			perror(_("Failed to clear environment"));
 +			goto childerr;
 +		}
 +		if (display)
 			rc |= setenv("DISPLAY", display, 1);
+		if (LANG) 
+			rc |= setenv("LANG", LANG, 1);
 		rc |= setenv("HOME", pwd->pw_dir, 1);
 		rc |= setenv("SHELL", pwd->pw_shell, 1);
 		rc |= setenv("USER", pwd->pw_name, 1);
@ -2669,6 +2681,7 @@ index f9bf12c..671d97c 100644
 +childerr:
 		free(display);
 -		perror("execv");
+		free(LANG);
 		exit(-1);
 -	} else {
 -		waitpid(child, &status, 0);
@ -3603,9 +3616,18 @@ index 0000000..1ce37b0
 +	return 0;
 +}
 diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c
-index 48ffcad..15f2bf0 100644
+index 48ffcad..c1e6e24 100644
 --- a/policycoreutils/setfiles/restore.c
 +++ b/policycoreutils/setfiles/restore.c
+@@ -33,7 +33,7 @@ struct edir {
+ 
+ static file_spec_t *fl_head;
+ static int filespec_add(ino_t ino, const security_context_t con, const char *file);
+-static int only_changed_user(const char *a, const char *b);
+static int match_type(const security_context_t oldcon, security_context_t *newcon);
+ struct restore_opts *r_opts = NULL;
+ static void filespec_destroy(void);
+ static void filespec_eval(void);
@@ -60,9 +60,10 @@ void restore_init(struct restore_opts *opts)
 	r_opts = opts;
 	struct selinux_opt selinux_opts[] = {
@ -3619,7 +3641,128 @@ index 48ffcad..15f2bf0 100644
 	if (!r_opts->hnd) {
 		perror(r_opts->selabel_opt_path);
 		exit(1);
-@@ -318,11 +319,16 @@ static int process_one(char *name, int recurse_this_path)
+@@ -104,8 +105,7 @@ static int restore(FTSENT *ftsent)
+ {
+ 	char *my_file = strdupa(ftsent->fts_path);
+ 	int ret;
+-	char *context, *newcon;
+-	int user_only_changed = 0;
+	security_context_t curcon, newcon;
+ 
+ 	if (match(my_file, ftsent->fts_statp, &newcon) < 0)
+ 		/* Check for no matching specification. */
+@@ -143,74 +143,82 @@ static int restore(FTSENT *ftsent)
+ 		printf("%s:  %s matched by %s\n", r_opts->progname, my_file, newcon);
+ 	}
+ 
+	/* 
+	 * Do not relabel if their is no default specification for this file 
+	 */
+
+	if (strcmp(newcon, "<<none>>") == 0) {
+		goto out;
+	}
+
+ 	/* Get the current context of the file. */
+-	ret = lgetfilecon_raw(ftsent->fts_accpath, &context);
+	ret = lgetfilecon_raw(ftsent->fts_accpath, &curcon);
+ 	if (ret < 0) {
+ 		if (errno == ENODATA) {
+-			context = NULL;
+			curcon = NULL;
+ 		} else {
+ 			fprintf(stderr, "%s get context on %s failed: '%s'\n",
+ 				r_opts->progname, my_file, strerror(errno));
+ 			goto err;
+ 		}
+-		user_only_changed = 0;
+-	} else
+-		user_only_changed = only_changed_user(context, newcon);
+	}
+
+ 	/* lgetfilecon returns number of characters and ret needs to be reset
+ 	 * to 0.
+ 	 */
+ 	ret = 0;
+ 
+ 	/*
+-	 * Do not relabel the file if the matching specification is 
+-	 * <<none>> or the file is already labeled according to the 
+-	 * specification.
+	 * Do not relabel the file if the file is already labeled according to 
+	 * the specification.
+ 	 */
+-	if ((strcmp(newcon, "<<none>>") == 0) ||
+-	    (context && (strcmp(context, newcon) == 0))) {
+-		freecon(context);
+	if (curcon && (strcmp(curcon, newcon) == 0)) {
+		freecon(curcon);
+ 		goto out;
+ 	}
+ 
+-	if (!r_opts->force && context && (is_context_customizable(context) > 0)) {
+	if (!r_opts->force && curcon && (is_context_customizable(curcon) > 0)) {
+ 		if (r_opts->verbose > 1) {
+ 			fprintf(stderr,
+ 				"%s: %s not reset customized by admin to %s\n",
+-				r_opts->progname, my_file, context);
+				r_opts->progname, my_file, curcon);
+ 		}
+-		freecon(context);
+		freecon(curcon);
+		goto out;
+	}
+
+	/* 
+	 *  Do not change label unless this is a force or the type is different 
+	 */
+	if (!r_opts->force && match_type(curcon, &newcon)) {
+		freecon(curcon);
+ 		goto out;
+ 	}
+ 
+ 	if (r_opts->verbose) {
+-		/* If we're just doing "-v", trim out any relabels where
+-		 * the user has r_opts->changed but the role and type are the
+-		 * same.  For "-vv", emit everything. */
+-		if (r_opts->verbose > 1 || !user_only_changed) {
+-			printf("%s reset %s context %s->%s\n",
+-			       r_opts->progname, my_file, context ?: "", newcon);
+-		}
+		printf("%s reset %s context %s->%s\n",
+		       r_opts->progname, my_file, curcon ?: "", newcon);
+ 	}
+ 
+-	if (r_opts->logging && !user_only_changed) {
+-		if (context)
+	if (r_opts->logging) {
+		if (curcon)
+ 			syslog(LOG_INFO, "relabeling %s from %s to %s\n",
+-			       my_file, context, newcon);
+			       my_file, curcon, newcon);
+ 		else
+ 			syslog(LOG_INFO, "labeling %s to %s\n",
+ 			       my_file, newcon);
+ 	}
+ 
+-	if (r_opts->outfile && !user_only_changed)
+	if (r_opts->outfile)
+ 		fprintf(r_opts->outfile, "%s\n", my_file);
+ 
+-	if (context)
+-		freecon(context);
+	if (curcon)
+		freecon(curcon);
+ 
+ 	/*
+ 	 * Do not relabel the file if -n was used.
+ 	 */
+-	if (!r_opts->change || user_only_changed)
+	if (!r_opts->change)
+ 		goto out;
+ 
+ 	/*
+@@ -318,11 +326,16 @@ static int process_one(char *name, int recurse_this_path)
 
 
 	ftsent = fts_read(fts_handle);
@ -3639,7 +3782,7 @@ index 48ffcad..15f2bf0 100644
 	do {
 		rc = 0;
 		/* Skip the post order nodes. */
-@@ -390,7 +396,7 @@ int process_one_realpath(char *name, int recurse)
+@@ -390,7 +403,7 @@ int process_one_realpath(char *name, int recurse)
 {
 	int rc = 0;
 	char *p;
@ -3648,7 +3791,7 @@ index 48ffcad..15f2bf0 100644
 
 	if (r_opts == NULL){
 		fprintf(stderr,
-@@ -401,7 +407,7 @@ int process_one_realpath(char *name, int recurse)
+@@ -401,7 +414,7 @@ int process_one_realpath(char *name, int recurse)
 	if (!r_opts->expand_realpath) {
 		return process_one(name, recurse);
 	} else {
@ -3657,7 +3800,67 @@ index 48ffcad..15f2bf0 100644
 		if (rc < 0) {
 			if (r_opts->ignore_enoent && errno == ENOENT)
 				return 0;
-@@ -568,7 +574,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
+@@ -486,20 +499,46 @@ int add_exclude(const char *directory)
+ 	return 0;
+ }
+ 
+-/* Compare two contexts to see if their differences are "significant",
+- * or whether the only difference is in the user. */
+-static int only_changed_user(const char *a, const char *b)
+#include <selinux/context.h>
+
+/* Compare two contexts to see if their types differ; if they do, return 1 
+ * and replace the the new context with the the current context user, role 
+ * and range 
+ */
+
+static int match_type(const security_context_t oldcon, security_context_t *newcon)
+ {
+-	char *rest_a, *rest_b;	/* Rest of the context after the user */
+-	if (r_opts->force)
+-		return 0;
+-	if (!a || !b)
+-		return 0;
+-	rest_a = strchr(a, ':');
+-	rest_b = strchr(b, ':');
+-	if (!rest_a || !rest_b)
+-		return 0;
+-	return (strcmp(rest_a, rest_b) == 0);
+	int match = 0;
+	context_t cona;
+	context_t conb;
+	if (!oldcon || !*newcon)
+		return match;
+	cona = context_new(oldcon);
+	if (! cona) {
+		return match;
+	}
+	conb = context_new(*newcon);
+	if (! conb) {
+		context_free(cona);
+		return match;
+	}
+
+	match = strcmp(context_type_get(cona), context_type_get(conb)) == 0;
+	if (! match) {
+		if (context_user_set(conb, context_user_get(cona)) < 0)
+			goto out;
+		if (context_role_set(conb, context_role_get(cona)) < 0)
+			goto out;
+		if (context_range_set(conb, context_range_get(cona)) < 0)
+			goto out;
+		free(*newcon);
+		*newcon = strdup(context_str(conb));
+	}
+
+out:
+	context_free(cona);
+	context_free(conb);
+	return match;
+ }
+ 
+ /*
+@@ -568,7 +607,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
 {
 	file_spec_t *prevfl, *fl;
 	int h, ret;
@ -3666,7 +3869,7 @@ index 48ffcad..15f2bf0 100644
 
 	if (!fl_head) {
 		fl_head = malloc(sizeof(file_spec_t) * HASH_BUCKETS);
-@@ -581,7 +587,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
+@@ -581,7 +620,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
 	for (prevfl = &fl_head[h], fl = fl_head[h].next; fl;
 	     prevfl = fl, fl = fl->next) {
 		if (ino == fl->ino) {
@ -3676,14 +3879,14 @@ index 48ffcad..15f2bf0 100644
 				freecon(fl->con);
 				free(fl->file);
 diff --git a/policycoreutils/setfiles/restore.h b/policycoreutils/setfiles/restore.h
-index ac27222..fb8eaf9 100644
+index ac27222..3909d15 100644
 --- a/policycoreutils/setfiles/restore.h
 +++ b/policycoreutils/setfiles/restore.h
@@ -40,6 +40,7 @@ struct restore_opts {
 	int fts_flags; /* Flags to fts, e.g. follow links, follow mounts */
 	const char *selabel_opt_validate;
 	const char *selabel_opt_path;
-+	const char *selabel_opt_subset;
+	char *selabel_opt_subset;
 };
 
 void restore_init(struct restore_opts *opts);
@ -3741,7 +3944,7 @@ index 7f700ca..c77431a 100644
 save list of files with incorrect context in filename.
 .TP 
 diff --git a/policycoreutils/setfiles/setfiles.c b/policycoreutils/setfiles/setfiles.c
-index fa0cd6a..eb8a7aa 100644
+index fa0cd6a..590a4e0 100644
 --- a/policycoreutils/setfiles/setfiles.c
 +++ b/policycoreutils/setfiles/setfiles.c
@@ -39,7 +39,7 @@ void usage(const char *const name)
@ -3753,7 +3956,15 @@ index fa0cd6a..eb8a7aa 100644
 			name);
 	} else {
 		fprintf(stderr,
-@@ -217,7 +217,7 @@ int main(int argc, char **argv)
+@@ -160,6 +160,7 @@ int main(int argc, char **argv)
+ 	r_opts.outfile = NULL;
+ 	r_opts.force = 0;
+ 	r_opts.hard_links = 1;
+	r_opts.selabel_opt_subset = 0;
+ 
+ 	altpath = NULL;
+ 
+@@ -217,7 +218,7 @@ int main(int argc, char **argv)
 	exclude_non_seclabel_mounts();
 
 	/* Process any options. */
@ -3762,7 +3973,7 @@ index fa0cd6a..eb8a7aa 100644
 		switch (opt) {
 		case 'c':
 			{
-@@ -280,6 +280,23 @@ int main(int argc, char **argv)
+@@ -280,6 +281,23 @@ int main(int argc, char **argv)
 		case 'n':
 			r_opts.change = 0;
 			break;
@ -3786,7 +3997,7 @@ index fa0cd6a..eb8a7aa 100644
 		case 'o':
 			if (strcmp(optarg, "-") == 0) {
 				r_opts.outfile = stdout;
-@@ -433,7 +450,11 @@ int main(int argc, char **argv)
+@@ -433,7 +451,11 @@ int main(int argc, char **argv)
 	if (r_opts.outfile)
 		fclose(r_opts.outfile);
 
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@ -7,7 +7,7 @@
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.1.5
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: GPLv2
 Group:	 System Environment/Base
 # Based on git repository with tag 20101221
@ -352,6 +352,11 @@ fi
 /bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :

 %changelog
+* Wed Sep 7 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-4
+- Maintain the LANG environment Variable into the sandbox
+- Change restorecon/setfiles to only change type part of the context unless 
+  -f qualifier is given
+
 * Tue Sep 6 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-3
 - Remove lockdown wizard, since gtkhtml2 is no longer supported.