- Change to allow sandbox to run on nfs homedirs, add start python script

This commit is contained in:
Dan Walsh 2010-12-21 16:20:01 -05:00
parent 8937a040d8
commit a548207cc4
5 changed files with 73075 additions and 80245 deletions

1
.gitignore vendored
View File

@ -222,3 +222,4 @@ policycoreutils-2.0.82.tgz
sepolgen-1.0.23.tgz
policycoreutils-2.0.83.tgz
/policycoreutils-2.0.84.tgz
/policycoreutils-2.0.85.tgz

File diff suppressed because it is too large Load Diff

View File

@ -9,7 +9,7 @@ index 86ed03f..67d0ee8 100644
INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
diff --git a/policycoreutils/audit2allow/audit2allow b/policycoreutils/audit2allow/audit2allow
index 5435e9d..fddcdaa 100644
index 5435e9d..c60490b 100644
--- a/policycoreutils/audit2allow/audit2allow
+++ b/policycoreutils/audit2allow/audit2allow
@@ -1,4 +1,4 @@
@ -34,7 +34,7 @@ index 5435e9d..fddcdaa 100644
parser.add_option("-d", "--dmesg", action="store_true", dest="dmesg", default=False,
help="read input from dmesg - conflicts with --all and --input")
parser.add_option("-i", "--input", dest="input",
@@ -231,63 +233,44 @@ class AuditToPolicy:
@@ -231,29 +233,12 @@ class AuditToPolicy:
def __output_audit2why(self):
import selinux
@ -43,8 +43,9 @@ index 5435e9d..fddcdaa 100644
- audit2why.init()
for i in self.__parser.avc_msgs:
- rc, bools = audit2why.analyze(i.scontext.to_string(), i.tcontext.to_string(), i.tclass, i.accesses)
- if rc >= 0:
+ if i.type >= 0:
+ rc = i.type
+ bools = i.bools
if rc >= 0:
print "%s\n\tWas caused by:" % i.message
- if rc == audit2why.NOPOLICY:
- raise RuntimeError("Must call policy_init first")
@ -62,55 +63,10 @@ index 5435e9d..fddcdaa 100644
- continue
- if rc == audit2why. BADCOMPUTE:
- raise RuntimeError("Error during access vector computation")
- if rc == audit2why.ALLOW:
+ if i.type == audit2why.ALLOW:
if rc == audit2why.ALLOW:
print "\t\tUnknown - would be allowed by active policy\n",
print "\t\tPossible mismatch between this policy and the one under which the audit message was generated.\n"
print "\t\tPossible mismatch between current in-memory boolean settings vs. permanent ones.\n"
continue
- if rc == audit2why.DONTAUDIT:
+ if i.type == audit2why.DONTAUDIT:
print "\t\tUnknown - should be dontaudit'd by active policy\n",
print "\t\tPossible mismatch between this policy and the one under which the audit message was generated.\n"
print "\t\tPossible mismatch between current in-memory boolean settings vs. permanent ones.\n"
continue
- if rc == audit2why.BOOLEAN:
- if len(bools) > 1:
+ if i.type == audit2why.BOOLEAN:
+ if len(i.bools) > 1:
print "\tOne of the following booleans was set incorrectly."
- for b in bools:
+ for b in i.bools:
print "\tDescription:\n\t%s\n" % seobject.boolean_desc(b[0])
print "\tAllow access by executing:\n\t# setsebool -P %s %d" % (b[0], b[1])
else:
- print "\tThe boolean %s was set incorrectly. " % (bools[0][0])
- print "\tDescription:\n\t%s\n" % seobject.boolean_desc(bools[0][0])
- print "\tAllow access by executing:\n\t# setsebool -P %s %d" % (bools[0][0], bools[0][1])
+ print "\tThe boolean %s was set incorrectly. " % (i.bools[0][0])
+ print "\tDescription:\n\t%s\n" % seobject.boolean_desc(i.bools[0][0])
+ print "\tAllow access by executing:\n\t# setsebool -P %s %d" % (i.bools[0][0], i.bools[0][1])
continue
- if rc == audit2why.TERULE:
+ if i.type == audit2why.TERULE:
print "\t\tMissing type enforcement (TE) allow rule.\n"
print "\t\tYou can use audit2allow to generate a loadable module to allow this access.\n"
continue
- if rc == audit2why.CONSTRAINT:
+ if i.type == audit2why.CONSTRAINT:
print "\t\tPolicy constraint violation.\n"
print "\t\tMay require adding a type attribute to the domain or type to satisfy the constraint.\n"
print "\t\tConstraints are defined in the policy sources in policy/constraints (general), policy/mcs (MCS), and policy/mls (MLS).\n"
continue
- if rc == audit2why.RBAC:
+ if i.type == audit2why.RBAC:
print "\t\tMissing role allow rule.\n"
print "\t\tAdd an allow rule for the role pair.\n"
continue
@@ -350,11 +333,19 @@ class AuditToPolicy:
@@ -350,11 +335,19 @@ class AuditToPolicy:
def main(self):
try:
self.__parse_options()
@ -332,276 +288,6 @@ index 03f95a1..5986b23 100644
if_set.to_file(f)
f.close()
diff --git a/policycoreutils/load_policy/load_policy.c b/policycoreutils/load_policy/load_policy.c
index 47d9b0f..566565f 100644
--- a/policycoreutils/load_policy/load_policy.c
+++ b/policycoreutils/load_policy/load_policy.c
@@ -1,3 +1,4 @@
+#define _GNU_SOURCE
#include <unistd.h>
#include <stdlib.h>
#include <stdio.h>
@@ -23,6 +24,14 @@ void usage(char *progname)
exit(1);
}
+char *policy_path(void) {
+ char *path=NULL;
+ if (asprintf(&path, "%s.%d", selinux_binary_policy_path(), security_policyvers()) < 0) {
+ return NULL;
+ }
+ return path;
+}
+
int main(int argc, char **argv)
{
int ret, opt, quiet = 0, nargs, init=0, enforce=0;
@@ -64,6 +73,7 @@ int main(int argc, char **argv)
"%s: Warning! Boolean file argument (%s) is no longer supported, installed booleans file is always used. Continuing...\n",
argv[0], argv[optind++]);
}
+ errno = 0;
if (init) {
if (is_selinux_enabled() == 1) {
/* SELinux is already enabled, we should not do an initial load again */
@@ -76,9 +86,11 @@ int main(int argc, char **argv)
if (ret != 0 ) {
if (enforce > 0) {
/* SELinux in enforcing mode but load_policy failed */
+ char *path=policy_path();
fprintf(stderr,
- _("%s: Can't load policy and enforcing mode requested: %s\n"),
- argv[0], strerror(errno));
+ _("%s: Can't load policy file %s and enforcing mode requested: %s\n"),
+ argv[0], path, strerror(errno));
+ free(path);
exit(3);
}
}
@@ -86,9 +98,16 @@ int main(int argc, char **argv)
else {
ret = selinux_mkload_policy(1);
}
- if (ret < 0) {
- fprintf(stderr, _("%s: Can't load policy: %s\n"),
- argv[0], strerror(errno));
+
+ /* selinux_init_load_policy returns -1 if it did not load_policy
+ * On SELinux disabled system it will always return -1
+ * So check errno to see if anything went wrong
+ */
+ if (ret < 0 && errno != 0) {
+ char *path=policy_path();
+ fprintf(stderr, _("%s: Can't load policy file %s: %s\n"),
+ argv[0], path, strerror(errno));
+ free(path);
exit(2);
}
exit(0);
diff --git a/policycoreutils/newrole/Makefile b/policycoreutils/newrole/Makefile
index 6c19bd1..bd8e7a7 100644
--- a/policycoreutils/newrole/Makefile
+++ b/policycoreutils/newrole/Makefile
@@ -50,7 +50,7 @@ ifeq (${NAMESPACE_PRIV},y)
endif
ifeq (${IS_SUID},y)
MODE := 4555
- LDLIBS += -lcap
+ LDLIBS += -lcap-ng
else
MODE := 0555
endif
diff --git a/policycoreutils/newrole/newrole.c b/policycoreutils/newrole/newrole.c
index d191be6..071b393 100644
--- a/policycoreutils/newrole/newrole.c
+++ b/policycoreutils/newrole/newrole.c
@@ -77,7 +77,7 @@
#endif
#if defined(AUDIT_LOG_PRIV) || (NAMESPACE_PRIV)
#include <sys/prctl.h>
-#include <sys/capability.h>
+#include <cap-ng.h>
#endif
#ifdef USE_NLS
#include <locale.h> /* for setlocale() */
@@ -90,6 +90,9 @@
#define PACKAGE "policycoreutils" /* the name of this package lang translation */
#endif
+# define TRUE 1
+# define FALSE 0
+
/* USAGE_STRING describes the command-line args of this program. */
#define USAGE_STRING "USAGE: newrole [ -r role ] [ -t type ] [ -l level ] [ -p ] [ -V ] [ -- args ]"
@@ -538,69 +541,23 @@ static int restore_environment(int preserve_environment,
* Returns zero on success, non-zero otherwise
*/
#if defined(AUDIT_LOG_PRIV) && !defined(NAMESPACE_PRIV)
-static int drop_capabilities(void)
+static int drop_capabilities(int full)
{
- int rc = 0;
- cap_t new_caps, tmp_caps;
- cap_value_t cap_list[] = { CAP_AUDIT_WRITE };
- cap_value_t tmp_cap_list[] = { CAP_AUDIT_WRITE, CAP_SETUID };
- uid_t uid = getuid();
-
- if (!uid)
- return 0;
-
- /* Non-root caller, suid root path */
- new_caps = cap_init();
- tmp_caps = cap_init();
- if (!new_caps || !tmp_caps) {
- fprintf(stderr, _("Error initializing capabilities, aborting.\n"));
+ capng_clear(CAPNG_SELECT_BOTH);
+ if (capng_lock() < 0)
return -1;
- }
- rc |= cap_set_flag(new_caps, CAP_PERMITTED, 1, cap_list, CAP_SET);
- rc |= cap_set_flag(new_caps, CAP_EFFECTIVE, 1, cap_list, CAP_SET);
- rc |= cap_set_flag(tmp_caps, CAP_PERMITTED, 2, tmp_cap_list, CAP_SET);
- rc |= cap_set_flag(tmp_caps, CAP_EFFECTIVE, 2, tmp_cap_list, CAP_SET);
- if (rc) {
- fprintf(stderr, _("Error setting capabilities, aborting\n"));
- goto out;
- }
-
- /* Keep capabilities across uid change */
- if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0)) {
- fprintf(stderr, _("Error setting KEEPCAPS, aborting\n"));
- rc = -1;
- goto out;
- }
- /* Does this temporary change really buy us much? */
- /* We should still have root's caps, so drop most capabilities now */
- if ((rc = cap_set_proc(tmp_caps))) {
- fprintf(stderr, _("Error dropping capabilities, aborting\n"));
- goto out;
- }
+ uid_t uid = getuid();
+ if (!uid) return 0;
/* Change uid */
- if ((rc = setresuid(uid, uid, uid))) {
+ if (setresuid(uid, uid, uid)) {
fprintf(stderr, _("Error changing uid, aborting.\n"));
- goto out;
- }
-
- /* Now get rid of this ability */
- if ((rc = prctl(PR_SET_KEEPCAPS, 0, 0, 0, 0) < 0)) {
- fprintf(stderr, _("Error resetting KEEPCAPS, aborting\n"));
- goto out;
- }
-
- /* Finish dropping capabilities. */
- if ((rc = cap_set_proc(new_caps))) {
- fprintf(stderr,
- _("Error dropping SETUID capability, aborting\n"));
- goto out;
+ return -1;
}
- out:
- if (cap_free(tmp_caps) || cap_free(new_caps))
- fprintf(stderr, _("Error freeing caps\n"));
- return rc;
+ if (! full)
+ capng_update(CAPNG_ADD, CAPNG_EFFECTIVE | CAPNG_PERMITTED, CAP_AUDIT_WRITE);
+ return capng_apply(CAPNG_SELECT_BOTH);
}
#elif defined(NAMESPACE_PRIV)
/**
@@ -616,50 +573,25 @@ static int drop_capabilities(void)
*
* Returns zero on success, non-zero otherwise
*/
-static int drop_capabilities(void)
+static int drop_capabilities(int full)
{
- int rc = 0;
- cap_t new_caps;
- cap_value_t cap_list[] = { CAP_AUDIT_WRITE, CAP_SETUID,
- CAP_SYS_ADMIN, CAP_FOWNER, CAP_CHOWN,
- CAP_DAC_OVERRIDE
- };
-
- if (!getuid())
- return 0;
-
- /* Non-root caller, suid root path */
- new_caps = cap_init();
- if (!new_caps) {
- fprintf(stderr, _("Error initializing capabilities, aborting.\n"));
+ capng_clear(CAPNG_SELECT_BOTH);
+ if (capng_lock() < 0)
return -1;
- }
- rc |= cap_set_flag(new_caps, CAP_PERMITTED, 6, cap_list, CAP_SET);
- rc |= cap_set_flag(new_caps, CAP_EFFECTIVE, 6, cap_list, CAP_SET);
- if (rc) {
- fprintf(stderr, _("Error setting capabilities, aborting\n"));
- goto out;
- }
- /* Ensure that caps are dropped after setuid call */
- if ((rc = prctl(PR_SET_KEEPCAPS, 0, 0, 0, 0) < 0)) {
- fprintf(stderr, _("Error resetting KEEPCAPS, aborting\n"));
- goto out;
- }
-
- /* We should still have root's caps, so drop most capabilities now */
- if ((rc = cap_set_proc(new_caps))) {
- fprintf(stderr, _("Error dropping capabilities, aborting\n"));
- goto out;
+ uid_t uid = getuid();
+ /* Change uid */
+ if (setresuid(uid, uid, uid)) {
+ fprintf(stderr, _("Error changing uid, aborting.\n"));
+ return -1;
}
- out:
- if (cap_free(new_caps))
- fprintf(stderr, _("Error freeing caps\n"));
- return rc;
+ if (! full)
+ capng_update(CAPNG_ADD, CAPNG_EFFECTIVE | CAPNG_PERMITTED, CAP_SYS_ADMIN | CAP_FOWNER | CAP_CHOWN | CAP_DAC_OVERRIDE);
+ return capng_apply(CAPNG_SELECT_BOTH);
}
#else
-static inline int drop_capabilities(void)
+static inline int drop_capabilities(__attribute__ ((__unused__)) int full)
{
return 0;
}
@@ -1098,7 +1030,7 @@ int main(int argc, char *argv[])
* if it makes sense to continue to run newrole, and setting up
* a scrubbed environment.
*/
- if (drop_capabilities())
+ if (drop_capabilities(FALSE))
return -1;
if (set_signal_handles())
return -1;
@@ -1334,11 +1266,15 @@ int main(int argc, char *argv[])
if (send_audit_message(1, old_context, new_context, ttyn))
goto err_close_pam_session;
+ freecon(old_context); old_context=NULL;
+ freecon(new_context); new_context=NULL;
+
#ifdef NAMESPACE_PRIV
if (transition_to_caller_uid())
goto err_close_pam_session;
#endif
+ drop_capabilities(TRUE);
/* Handle environment changes */
if (restore_environment(preserve_environment, old_environ, &pw)) {
fprintf(stderr, _("Unable to restore the environment, "
diff --git a/policycoreutils/restorecond/Makefile b/policycoreutils/restorecond/Makefile
index 3f235e6..7552668 100644
--- a/policycoreutils/restorecond/Makefile

View File

@ -6,11 +6,12 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.84
Release: 5%{?dist}
Version: 2.0.85
Release: 1%{?dist}
License: GPLv2
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
# Based on git repository with tag 20101221
Source: git://oss.tresys.com/git/selinux/policycoreutils-%{version}.tgz
Source1: git://oss.tresys.com/git/selinux/sepolgen-%{sepolgenver}.tgz
URL: http://www.selinuxproject.org
Source2: system-config-selinux.png

View File

@ -1,3 +1,3 @@
49faa2e5f343317bcfcf34d7286f6037 sepolgen-1.0.23.tgz
59d33101d57378ce69889cc078addf90 policycoreutils_man_ru2.tar.bz2
b79060bbc673997e404584959524374d policycoreutils-2.0.84.tgz
92fa615448d443b22c4ad6ecf89fc974 policycoreutils-2.0.85.tgz