rpms/policycoreutils
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

put back in old handling of -T in sandbox command

Browse Source 
Put back setsid in seunshare
Fix rsync to maintain times
This commit is contained in:
Dan Walsh 2011-03-08 18:02:10 -05:00
parent 93a6f1fc9d
commit 312470de44
2 changed files with 55 additions and 117 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

165
policycoreutils-rhat.patch
View File

@ -1624,7 +1624,7 @@ index ff0ee7c..0c8a085 100644
test:
@python test_sandbox.py -v
diff --git a/policycoreutils/sandbox/sandbox b/policycoreutils/sandbox/sandbox
index 48a26c2..79cbb2d 100644
index 48a26c2..d1037bd 100644
--- a/policycoreutils/sandbox/sandbox
+++ b/policycoreutils/sandbox/sandbox
@@ -1,5 +1,6 @@
@ -1697,14 +1697,9 @@ index 48a26c2..79cbb2d 100644
SAVE_FILES[file] = (dest, os.path.getmtime(dest))
@@ -158,13 +164,13 @@ class Sandbox:
def __validate_mount(self):
if self.__options.level:
- if not self.__options.homedir or not self.__options.tmpdir:
- self.usage(_("Homedir and tempdir required for level mounts"))
+ if not self.__options.homedir:
+ self.usage(_("Homedir required for level mounts"))
@@ -161,10 +167,10 @@ class Sandbox:
if not self.__options.homedir or not self.__options.tmpdir:
self.usage(_("Homedir and tempdir required for level mounts"))
- if not os.path.exists("/usr/sbin/seunshare"):
+ if not os.path.exists(SEUNSHARE):
@ -1778,9 +1773,9 @@ index 48a26c2..79cbb2d 100644
+
usage = _("""
-sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [[-i file ] ...] [ -t type ] command
+sandbox [-h] [-l level ] [-[X|M] [-H homedir] ] [-I includefile ] [-W windowmanager ] [ -w windowsize ] [[-i file ] ...] [ -t type ] command
+sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [ -w windowsize ] [[-i file ] ...] [ -t type ] command
+
+sandbox [-h] [-l level ] [-[X|M] [-H homedir] ] [-I includefile ] [-W windowmanager ] [ -w windowsize ] [[-i file ] ...] [ -t type ] -S
+sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [ -w windowsize ] [[-i file ] ...] [ -t type ] -S
+%s
+""") % types
@ -1789,21 +1784,18 @@ index 48a26c2..79cbb2d 100644
parser = OptionParser(version=self.VERSION, usage=usage)
parser.disable_interspersed_args()
@@ -263,10 +293,9 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
dest="homedir",
help=_("alternate home directory to use for mounting"))
@@ -268,6 +298,10 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
action="callback", callback=self.__validdir,
help=_("alternate /tmp directory to use for mounting"))
- parser.add_option("-T", "--tmpdir", dest="tmpdir",
- type="string",
- action="callback", callback=self.__validdir,
- help=_("alternate /tmp directory to use for mounting"))
+ parser.add_option("-w", "--windowsize", dest="windowsize",
+ type="string", default=DEFAULT_WINDOWSIZE,
+ help="size of the sandbox window")
+
parser.add_option("-W", "--windowmanager", dest="wm",
type="string",
@@ -276,13 +305,17 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
default="/usr/bin/matchbox-window-manager -use_titlebar no",
@@ -276,13 +310,17 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
parser.add_option("-l", "--level", dest="level",
help=_("MCS/MLS level for the sandbox"))
@ -1822,52 +1814,17 @@ index 48a26c2..79cbb2d 100644
if self.__options.setype:
self.setype = self.__options.setype
@@ -292,13 +325,14 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
if self.__options.session:
if not self.__options.setype:
self.setype = selinux.getcon()[1].split(":")[2]
- if not self.__options.homedir or not self.__options.tmpdir:
- self.usage(_("You must specify a Homedir and tempdir when setting up a session sandbox"))
+ if not self.__options.homedir:
+ self.usage(_("You must specify a Homedir when setting up a session sandbox"))
if len(cmds) > 0:
self.usage(_("Commands are not allowed in a session sandbox"))
@@ -299,6 +337,9 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
self.__options.X_ind = True
self.__homedir = self.__options.homedir
- self.__tmpdir = self.__options.tmpdir
self.__tmpdir = self.__options.tmpdir
+ elif self.__options.level:
+ self.__homedir = self.__options.homedir
+ self.__tmpdir = self.__options.tmpdir
else:
if len(cmds) == 0:
self.usage(_("Command required"))
@@ -323,9 +357,8 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
con = selinux.getcon()[1].split(":")
self.__execcon = "%s:%s:%s:%s" % (con[0], con[1], self.setype, level)
- self.__filecon = "%s:%s:%s:%s" % (con[0], "object_r",
- "%s_file_t" % self.setype[:-2],
- level)
+ self.__filecon = "%s:object_r:sandbox_file_t:%s" % (con[0],level)
+
def __setup_dir(self):
if self.__options.level or self.__options.session:
return
@@ -339,34 +372,33 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
else:
selinux.setfscreatecon(self.__filecon)
self.__homedir = mkdtemp(dir=sandboxdir, prefix=".sandbox")
+ self.__tmpdir = self.__homedir + "/.sandboxtmp";
+ if not os.path.exists(self.__tmpdir):
+ os.makedirs(self.__tmpdir)
- if self.__options.tmpdir:
- selinux.chcon(self.__options.tmpdir, self.__filecon, recursive=True)
- self.__tmpdir = self.__options.tmpdir
- else:
- selinux.setfscreatecon(self.__filecon)
- self.__tmpdir = mkdtemp(dir="/tmp", prefix=".sandbox")
selinux.setfscreatecon(None)
self.__copyfiles()
@@ -351,22 +392,24 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
def __execute(self):
try:
@ -1890,7 +1847,7 @@ index 48a26c2..79cbb2d 100644
- cmds = [ '/usr/sbin/seunshare', "-t", self.__tmpdir, "-h", self.__homedir, "--", self.__execcon ] + self.__paths
- rc = subprocess.Popen(cmds).wait()
- return rc
+ cmds += [ "-h", self.__homedir ]
+ cmds += [ "-t", self.__tmpdir, "-h", self.__homedir ]
+
+ if self.__options.X_ind:
+ xmodmapfile = self.__homedir + "/.xmodmap"
@ -1907,17 +1864,7 @@ index 48a26c2..79cbb2d 100644
selinux.setexeccon(self.__execcon)
rc = subprocess.Popen(self.__cmds).wait()
@@ -383,8 +415,7 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
if self.__homedir and not self.__options.homedir:
shutil.rmtree(self.__homedir)
- if self.__tmpdir and not self.__options.tmpdir:
- shutil.rmtree(self.__tmpdir)
+
def main(self):
try:
self.__parse_options()
@@ -404,7 +435,7 @@ if __name__ == '__main__':
@@ -404,7 +447,7 @@ if __name__ == '__main__':
sandbox = Sandbox()
rc = sandbox.main()
except OSError, error:
@ -1927,7 +1874,7 @@ index 48a26c2..79cbb2d 100644
error_exit(error.args[0])
except KeyError, error:
diff --git a/policycoreutils/sandbox/sandbox.8 b/policycoreutils/sandbox/sandbox.8
index 1479364..7b4318a 100644
index 1479364..73d33b3 100644
--- a/policycoreutils/sandbox/sandbox.8
+++ b/policycoreutils/sandbox/sandbox.8
@@ -1,10 +1,13 @@
@ -1939,43 +1886,28 @@ index 1479364..7b4318a 100644
.B sandbox
-[-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [[-i file ]...] [ -t type ] cmd
-[-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [[-i file ]...] [ -t type ] -S
+[-l level ] [[-M | -X] -H homedir ] [-I includefile ] [ -W windowmanager ] [ -w windowsize ] [[-i file ]...] [ -t type ] cmd
+[-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [ -w windowsize ] [[-i file ]...] [ -t type ] cmd
+
+.br
+.B sandbox
+[-l level ] [[-M | -X] -H homedir ] [-I includefile ] [ -W windowmanager ] [ -w windowsize ] [[-i file ]...] [ -t type ] -S
+[-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [ -w windowsize ] [[-i file ]...] [ -t type ] -S
.br
.SH DESCRIPTION
.PP
@@ -18,11 +21,11 @@ package installed, you can use the -X option and the -M option.
.B sandbox -X
allows you to run X applications within a sandbox. These applications will start up their own X Server and create a temporary home directory and /tmp. The default SELinux policy does not allow any capabilities or network access. It also prevents all access to the users other processes and files. Files specified on the command that are in the home directory or /tmp will be copied into the sandbox directories.
-If directories are specified with -H or -T the directory will have its context modified with chcon(1) unless a level is specified with -l. If the MLS/MCS security level is specified, the user is responsible to set the correct labels.
+If directories are specified with -H option the directory will have its context modified with chcon(1) unless a level is specified with -l. If the MLS/MCS security level is specified, the user is responsible to set the correct labels.
.PP
@@ -42,6 +45,12 @@ Use alternate sandbox type, defaults to sandbox_t or sandbox_x_t for -X.
\fB\-T\ tmpdir
Use alternate tempory directory to mount on /tmp. Defaults to tmpfs. Requires -X or -M.
.TP
\fB\-H\ homedir
-Use alternate homedir to mount over your home directory. Defaults to temporary. Requires -X or -M.
+Use alternate homedir to mount over your home directory. The /tmp dir will be prepopulated from homedir/.sandboxtmp directory if it exists. Defaults to temporary. Requires -X or -M.
.TP
\fB\-i file\fR
Copy this file into the appropriate temporary sandbox directory. Command can be repeated.
@@ -39,8 +42,11 @@ Create a Sandbox with temporary files for $HOME and /tmp.
\fB\-t type\fR
Use alternate sandbox type, defaults to sandbox_t or sandbox_x_t for -X.
.TP
-\fB\-T\ tmpdir
-Use alternate tempory directory to mount on /tmp. Defaults to tmpfs. Requires -X or -M.
+\fB\-S
+Run a full desktop session, Requires level, and home and tmpdir.
+.TP
+\fB\-w windowsize\fR
+Specifies the windowsize when creating an X based Sandbox. The default windowsize is 1000x700.
.TP
+.TP
\fB\-W windowmanager\fR
Select alternative window manager to run within
@@ -50,8 +56,17 @@ Default to /usr/bin/matchbox-window-manager.
.B sandbox -X.
@@ -50,8 +59,17 @@ Default to /usr/bin/matchbox-window-manager.
\fB\-X\fR
Create an X based Sandbox for gui apps, temporary files for
$HOME and /tmp, secondary Xserver, defaults to sandbox_x_t
@ -2147,7 +2079,7 @@ index 0000000..6063d6a
+and
+.I Thomas Liu <tliu@fedoraproject.org>
diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c
index ec692e7..490c914 100644
index ec692e7..b79e781 100644
--- a/policycoreutils/sandbox/seunshare.c
+++ b/policycoreutils/sandbox/seunshare.c
@@ -1,28 +1,34 @@
@ -2275,10 +2207,14 @@ index ec692e7..490c914 100644
+ retval = -1; \
+ } while(0)
+
+/**
/**
- * This function makes sure the mounted directory is owned by the user executing
- * seunshare.
- * If so, it returns 0. If it can not figure this out or they are different, it returns -1.
+ * Spawn external command using system() with dropped privileges.
+ * TODO: avoid system() and use exec*() instead
+ */
*/
-static int verify_mount(const char *mntdir, struct passwd *pwd) {
+static int spawn_command(const char *cmd, uid_t uid){
+ int child;
+ int status = -1;
@ -2305,14 +2241,10 @@ index ec692e7..490c914 100644
+ return status;
+}
+
/**
- * This function makes sure the mounted directory is owned by the user executing
- * seunshare.
- * If so, it returns 0. If it can not figure this out or they are different, it returns -1.
+/**
+ * Check file/directory ownership, struct stat * must be passed to the
+ * functions.
*/
-static int verify_mount(const char *mntdir, struct passwd *pwd) {
+ */
+#define check_owner_common(f,st) do { \
+ if (lstat(f, st) == -1) { \
+ fprintf(stderr, _("Failed to stat %s: %s\n"), f, strerror(errno)); \
@ -2447,8 +2379,9 @@ index ec692e7..490c914 100644
+
+ return 0;
+
+}
+
}
-#define USAGE_STRING _("USAGE: seunshare [ -v ] [ -t tmpdir ] [ -h homedir ] -- CONTEXT executable [args] ")
+/**
+ * Error logging used by cgroups code.
+ */
@ -2648,9 +2581,8 @@ index ec692e7..490c914 100644
+ free(cgroupname);
+ free(cpus);
+ return rc;
}
-#define USAGE_STRING _("USAGE: seunshare [ -v ] [ -t tmpdir ] [ -h homedir ] -- CONTEXT executable [args] ")
+}
+
+/**
+ * Clean up runtime temporary directory. Returns 0 if no problem was detected,
+ * >0 if some error was detected, but errors here are treated as non-fatal and
@ -2787,7 +2719,7 @@ index ec692e7..490c914 100644
+ /* copy files to the new temporary directory */
+ /* XXX: when using -aHAXq args here, rsync tries to chmod/chown/...
+ * /tmp/.sandbox-$USER-XXXXXX, --ignore-existing does not help */
+ if (asprintf(&cmdbuf, "/usr/bin/rsync -rlHDq '%s/' '%s/'", src, tmpdir) == -1) {
+ if (asprintf(&cmdbuf, "/usr/bin/rsync -trlHDq '%s/' '%s/'", src, tmpdir) == -1) {
+ fprintf(stderr, _("Out of memory\n"));
+ cmdbuf = NULL;
+ goto err;
@ -2943,7 +2875,9 @@ index ec692e7..490c914 100644
+ if (set_signal_handles()) return -1;
+
+ if (usecgroups && setup_cgroups() < 0) return -1;
+
- if (drop_capabilities(uid)) {
- perror(_("Failed to drop all capabilities"));
+ /* On NFS machines you need to setfsuid to be able to access files
+ on homedir, if this fails on a non NFS machine, we don't care,
+ if it fails on an NFS machine, the code below will fail. */
@ -2956,9 +2890,7 @@ index ec692e7..490c914 100644
+ if (tmpdir_s && (
+ verify_directory(tmpdir_s, NULL, &st_tmpdir_s) < 0 ||
+ check_owner_uid(uid, tmpdir_s, &st_tmpdir_s))) return -1;
- if (drop_capabilities(uid)) {
- perror(_("Failed to drop all capabilities"));
+
+ /* create runtime tmpdir */
+ if (tmpdir_s && (tmpdir_r = create_tmpdir(tmpdir_s, &st_tmpdir_s,
+ &st_tmpdir_r, pwd, execcon)) == NULL) {
@ -3028,7 +2960,7 @@ index ec692e7..490c914 100644
if (display)
rc |= setenv("DISPLAY", display, 1);
rc |= setenv("HOME", pwd->pw_dir, 1);
@@ -300,22 +804,39 @@ int main(int argc, char **argv) {
@@ -300,22 +804,41 @@ int main(int argc, char **argv) {
rc |= setenv("USER", pwd->pw_name, 1);
rc |= setenv("LOGNAME", pwd->pw_name, 1);
rc |= setenv("PATH", DEFAULT_PATH, 1);
@ -3048,7 +2980,8 @@ index ec692e7..490c914 100644
- exit(-1);
+ goto childerr;
}
- setsid();
+
setsid();
+
execv(argv[optind], argv + optind);
+ fprintf(stderr, _("Failed to execute command %s: %s\n"), argv[optind], strerror(errno));

7
policycoreutils.spec
View File

@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.85
Release: 17%{?dist}
Release: 18%{?dist}
License: GPLv2
Group: System Environment/Base
# Based on git repository with tag 20101221
@ -331,6 +331,11 @@ fi
exit 0
%changelog
* Tue Mar 8 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-18
- put back in old handling of -T in sandbox command
- Put back setsid in seunshare
- Fix rsync to maintain times
* Tue Mar 8 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-17
- Use rewritten seunshare from thoger