From 78175de296dde338caa09aa7d39c3161d9a3829c Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Wed, 7 Sep 2011 14:23:19 -0400 Subject: [PATCH] Maintain the LANG environment Variable into the sandbox Change restorecon/setfiles to only change type part of the context unless f qualifier is given --- policycoreutils-rhat.patch | 239 ++++++++++++++++++++++++++++++++++--- policycoreutils.spec | 7 +- 2 files changed, 231 insertions(+), 15 deletions(-) diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 0b2ed9f..c1b3b60 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -1705,7 +1705,7 @@ index a9b846b..06610c0 100644 Use alternate SELinux context while runing the executable. .TP diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c -index f9bf12c..671d97c 100644 +index f9bf12c..594aff4 100644 --- a/policycoreutils/sandbox/seunshare.c +++ b/policycoreutils/sandbox/seunshare.c @@ -1,27 +1,35 @@ @@ -2510,7 +2510,7 @@ index f9bf12c..671d97c 100644 break; default: fprintf(stderr, "%s\n", USAGE_STRING); -@@ -342,97 +908,131 @@ int main(int argc, char **argv) { +@@ -342,97 +908,144 @@ int main(int argc, char **argv) { } if (! homedir_s && ! tmpdir_s) { @@ -2598,6 +2598,7 @@ index f9bf12c..671d97c 100644 - } + if (child == 0) { + char *display = NULL; ++ char *LANG = NULL; + int rc = -1; - if ((rc = clearenv())) { @@ -2635,12 +2636,23 @@ index f9bf12c..671d97c 100644 } - - if (display) ++ ++ /* construct a new environment */ ++ if ((LANG = getenv("LANG")) != NULL) { ++ if ((LANG = strdup(LANG)) == NULL) { ++ perror(_("Out of memory")); ++ goto childerr; ++ } ++ } ++ + if ((rc = clearenv()) != 0) { + perror(_("Failed to clear environment")); + goto childerr; + } + if (display) rc |= setenv("DISPLAY", display, 1); ++ if (LANG) ++ rc |= setenv("LANG", LANG, 1); rc |= setenv("HOME", pwd->pw_dir, 1); rc |= setenv("SHELL", pwd->pw_shell, 1); rc |= setenv("USER", pwd->pw_name, 1); @@ -2669,6 +2681,7 @@ index f9bf12c..671d97c 100644 +childerr: free(display); - perror("execv"); ++ free(LANG); exit(-1); - } else { - waitpid(child, &status, 0); @@ -3603,9 +3616,18 @@ index 0000000..1ce37b0 + return 0; +} diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c -index 48ffcad..15f2bf0 100644 +index 48ffcad..c1e6e24 100644 --- a/policycoreutils/setfiles/restore.c +++ b/policycoreutils/setfiles/restore.c +@@ -33,7 +33,7 @@ struct edir { + + static file_spec_t *fl_head; + static int filespec_add(ino_t ino, const security_context_t con, const char *file); +-static int only_changed_user(const char *a, const char *b); ++static int match_type(const security_context_t oldcon, security_context_t *newcon); + struct restore_opts *r_opts = NULL; + static void filespec_destroy(void); + static void filespec_eval(void); @@ -60,9 +60,10 @@ void restore_init(struct restore_opts *opts) r_opts = opts; struct selinux_opt selinux_opts[] = { @@ -3619,7 +3641,128 @@ index 48ffcad..15f2bf0 100644 if (!r_opts->hnd) { perror(r_opts->selabel_opt_path); exit(1); -@@ -318,11 +319,16 @@ static int process_one(char *name, int recurse_this_path) +@@ -104,8 +105,7 @@ static int restore(FTSENT *ftsent) + { + char *my_file = strdupa(ftsent->fts_path); + int ret; +- char *context, *newcon; +- int user_only_changed = 0; ++ security_context_t curcon, newcon; + + if (match(my_file, ftsent->fts_statp, &newcon) < 0) + /* Check for no matching specification. */ +@@ -143,74 +143,82 @@ static int restore(FTSENT *ftsent) + printf("%s: %s matched by %s\n", r_opts->progname, my_file, newcon); + } + ++ /* ++ * Do not relabel if their is no default specification for this file ++ */ ++ ++ if (strcmp(newcon, "<>") == 0) { ++ goto out; ++ } ++ + /* Get the current context of the file. */ +- ret = lgetfilecon_raw(ftsent->fts_accpath, &context); ++ ret = lgetfilecon_raw(ftsent->fts_accpath, &curcon); + if (ret < 0) { + if (errno == ENODATA) { +- context = NULL; ++ curcon = NULL; + } else { + fprintf(stderr, "%s get context on %s failed: '%s'\n", + r_opts->progname, my_file, strerror(errno)); + goto err; + } +- user_only_changed = 0; +- } else +- user_only_changed = only_changed_user(context, newcon); ++ } ++ + /* lgetfilecon returns number of characters and ret needs to be reset + * to 0. + */ + ret = 0; + + /* +- * Do not relabel the file if the matching specification is +- * <> or the file is already labeled according to the +- * specification. ++ * Do not relabel the file if the file is already labeled according to ++ * the specification. + */ +- if ((strcmp(newcon, "<>") == 0) || +- (context && (strcmp(context, newcon) == 0))) { +- freecon(context); ++ if (curcon && (strcmp(curcon, newcon) == 0)) { ++ freecon(curcon); + goto out; + } + +- if (!r_opts->force && context && (is_context_customizable(context) > 0)) { ++ if (!r_opts->force && curcon && (is_context_customizable(curcon) > 0)) { + if (r_opts->verbose > 1) { + fprintf(stderr, + "%s: %s not reset customized by admin to %s\n", +- r_opts->progname, my_file, context); ++ r_opts->progname, my_file, curcon); + } +- freecon(context); ++ freecon(curcon); ++ goto out; ++ } ++ ++ /* ++ * Do not change label unless this is a force or the type is different ++ */ ++ if (!r_opts->force && match_type(curcon, &newcon)) { ++ freecon(curcon); + goto out; + } + + if (r_opts->verbose) { +- /* If we're just doing "-v", trim out any relabels where +- * the user has r_opts->changed but the role and type are the +- * same. For "-vv", emit everything. */ +- if (r_opts->verbose > 1 || !user_only_changed) { +- printf("%s reset %s context %s->%s\n", +- r_opts->progname, my_file, context ?: "", newcon); +- } ++ printf("%s reset %s context %s->%s\n", ++ r_opts->progname, my_file, curcon ?: "", newcon); + } + +- if (r_opts->logging && !user_only_changed) { +- if (context) ++ if (r_opts->logging) { ++ if (curcon) + syslog(LOG_INFO, "relabeling %s from %s to %s\n", +- my_file, context, newcon); ++ my_file, curcon, newcon); + else + syslog(LOG_INFO, "labeling %s to %s\n", + my_file, newcon); + } + +- if (r_opts->outfile && !user_only_changed) ++ if (r_opts->outfile) + fprintf(r_opts->outfile, "%s\n", my_file); + +- if (context) +- freecon(context); ++ if (curcon) ++ freecon(curcon); + + /* + * Do not relabel the file if -n was used. + */ +- if (!r_opts->change || user_only_changed) ++ if (!r_opts->change) + goto out; + + /* +@@ -318,11 +326,16 @@ static int process_one(char *name, int recurse_this_path) ftsent = fts_read(fts_handle); @@ -3639,7 +3782,7 @@ index 48ffcad..15f2bf0 100644 do { rc = 0; /* Skip the post order nodes. */ -@@ -390,7 +396,7 @@ int process_one_realpath(char *name, int recurse) +@@ -390,7 +403,7 @@ int process_one_realpath(char *name, int recurse) { int rc = 0; char *p; @@ -3648,7 +3791,7 @@ index 48ffcad..15f2bf0 100644 if (r_opts == NULL){ fprintf(stderr, -@@ -401,7 +407,7 @@ int process_one_realpath(char *name, int recurse) +@@ -401,7 +414,7 @@ int process_one_realpath(char *name, int recurse) if (!r_opts->expand_realpath) { return process_one(name, recurse); } else { @@ -3657,7 +3800,67 @@ index 48ffcad..15f2bf0 100644 if (rc < 0) { if (r_opts->ignore_enoent && errno == ENOENT) return 0; -@@ -568,7 +574,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil +@@ -486,20 +499,46 @@ int add_exclude(const char *directory) + return 0; + } + +-/* Compare two contexts to see if their differences are "significant", +- * or whether the only difference is in the user. */ +-static int only_changed_user(const char *a, const char *b) ++#include ++ ++/* Compare two contexts to see if their types differ; if they do, return 1 ++ * and replace the the new context with the the current context user, role ++ * and range ++ */ ++ ++static int match_type(const security_context_t oldcon, security_context_t *newcon) + { +- char *rest_a, *rest_b; /* Rest of the context after the user */ +- if (r_opts->force) +- return 0; +- if (!a || !b) +- return 0; +- rest_a = strchr(a, ':'); +- rest_b = strchr(b, ':'); +- if (!rest_a || !rest_b) +- return 0; +- return (strcmp(rest_a, rest_b) == 0); ++ int match = 0; ++ context_t cona; ++ context_t conb; ++ if (!oldcon || !*newcon) ++ return match; ++ cona = context_new(oldcon); ++ if (! cona) { ++ return match; ++ } ++ conb = context_new(*newcon); ++ if (! conb) { ++ context_free(cona); ++ return match; ++ } ++ ++ match = strcmp(context_type_get(cona), context_type_get(conb)) == 0; ++ if (! match) { ++ if (context_user_set(conb, context_user_get(cona)) < 0) ++ goto out; ++ if (context_role_set(conb, context_role_get(cona)) < 0) ++ goto out; ++ if (context_range_set(conb, context_range_get(cona)) < 0) ++ goto out; ++ free(*newcon); ++ *newcon = strdup(context_str(conb)); ++ } ++ ++out: ++ context_free(cona); ++ context_free(conb); ++ return match; + } + + /* +@@ -568,7 +607,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil { file_spec_t *prevfl, *fl; int h, ret; @@ -3666,7 +3869,7 @@ index 48ffcad..15f2bf0 100644 if (!fl_head) { fl_head = malloc(sizeof(file_spec_t) * HASH_BUCKETS); -@@ -581,7 +587,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil +@@ -581,7 +620,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil for (prevfl = &fl_head[h], fl = fl_head[h].next; fl; prevfl = fl, fl = fl->next) { if (ino == fl->ino) { @@ -3676,14 +3879,14 @@ index 48ffcad..15f2bf0 100644 freecon(fl->con); free(fl->file); diff --git a/policycoreutils/setfiles/restore.h b/policycoreutils/setfiles/restore.h -index ac27222..fb8eaf9 100644 +index ac27222..3909d15 100644 --- a/policycoreutils/setfiles/restore.h +++ b/policycoreutils/setfiles/restore.h @@ -40,6 +40,7 @@ struct restore_opts { int fts_flags; /* Flags to fts, e.g. follow links, follow mounts */ const char *selabel_opt_validate; const char *selabel_opt_path; -+ const char *selabel_opt_subset; ++ char *selabel_opt_subset; }; void restore_init(struct restore_opts *opts); @@ -3741,7 +3944,7 @@ index 7f700ca..c77431a 100644 save list of files with incorrect context in filename. .TP diff --git a/policycoreutils/setfiles/setfiles.c b/policycoreutils/setfiles/setfiles.c -index fa0cd6a..eb8a7aa 100644 +index fa0cd6a..590a4e0 100644 --- a/policycoreutils/setfiles/setfiles.c +++ b/policycoreutils/setfiles/setfiles.c @@ -39,7 +39,7 @@ void usage(const char *const name) @@ -3753,7 +3956,15 @@ index fa0cd6a..eb8a7aa 100644 name); } else { fprintf(stderr, -@@ -217,7 +217,7 @@ int main(int argc, char **argv) +@@ -160,6 +160,7 @@ int main(int argc, char **argv) + r_opts.outfile = NULL; + r_opts.force = 0; + r_opts.hard_links = 1; ++ r_opts.selabel_opt_subset = 0; + + altpath = NULL; + +@@ -217,7 +218,7 @@ int main(int argc, char **argv) exclude_non_seclabel_mounts(); /* Process any options. */ @@ -3762,7 +3973,7 @@ index fa0cd6a..eb8a7aa 100644 switch (opt) { case 'c': { -@@ -280,6 +280,23 @@ int main(int argc, char **argv) +@@ -280,6 +281,23 @@ int main(int argc, char **argv) case 'n': r_opts.change = 0; break; @@ -3786,7 +3997,7 @@ index fa0cd6a..eb8a7aa 100644 case 'o': if (strcmp(optarg, "-") == 0) { r_opts.outfile = stdout; -@@ -433,7 +450,11 @@ int main(int argc, char **argv) +@@ -433,7 +451,11 @@ int main(int argc, char **argv) if (r_opts.outfile) fclose(r_opts.outfile); diff --git a/policycoreutils.spec b/policycoreutils.spec index fa61e0b..605ed37 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -7,7 +7,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 2.1.5 -Release: 3%{?dist} +Release: 4%{?dist} License: GPLv2 Group: System Environment/Base # Based on git repository with tag 20101221 @@ -352,6 +352,11 @@ fi /bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || : %changelog +* Wed Sep 7 2011 Dan Walsh - 2.1.5-4 +- Maintain the LANG environment Variable into the sandbox +- Change restorecon/setfiles to only change type part of the context unless + -f qualifier is given + * Tue Sep 6 2011 Dan Walsh - 2.1.5-3 - Remove lockdown wizard, since gtkhtml2 is no longer supported.