- Tighten down seunshare to create /tmp dir with sticky bit and MS_NODEV | MS_NOSUID | MS_NOEXEC;
- Remove setsid on seunshare so ^c on sandbox will cause apps to exit - Add dbus-launch --exit-with-session so all processes launched within the sandbox exit with the sandbox - Clean up error handling so error will get sent back to sandbox tool
This commit is contained in:
Dan Walsh
parent
fc15cdf18c
commit
b1b6c5eb24
|
|
@ -1589,7 +1589,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
@python test_sandbox.py -v
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox policycoreutils-2.0.83/sandbox/sandbox
|
||||
--- nsapolicycoreutils/sandbox/sandbox 2010-06-16 08:03:38.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/sandbox/sandbox 2010-08-13 15:05:03.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/sandbox/sandbox 2010-08-24 22:50:26.000000000 -0400
|
||||
@@ -1,5 +1,6 @@
|
||||
-#! /usr/bin/python -E
|
||||
+#! /usr/bin/python -Es
|
||||
|
|
@ -1682,7 +1682,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
%s &
|
||||
WM_PID=$!
|
||||
-%s
|
||||
+dbus-launch %s
|
||||
+dbus-launch --exit-with-session %s
|
||||
kill -TERM $WM_PID 2> /dev/null
|
||||
""" % (command, wm, command))
|
||||
fd.close()
|
||||
|
|
@ -1883,6 +1883,28 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
#
|
||||
|
||||
# Source function library.
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandboxX.sh policycoreutils-2.0.83/sandbox/sandboxX.sh
|
||||
--- nsapolicycoreutils/sandbox/sandboxX.sh 2010-06-16 08:03:38.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/sandbox/sandboxX.sh 2010-08-24 17:04:39.000000000 -0400
|
||||
@@ -7,7 +7,16 @@
|
||||
|
||||
(/usr/bin/Xephyr -title "$TITLE" -terminate -screen $SCREENSIZE -displayfd 5 5>&1 2>/dev/null) | while read D; do
|
||||
export DISPLAY=:$D
|
||||
- python -c 'import gtk, os, commands; commands.getstatusoutput("%s/.sandboxrc" % os.environ["HOME"])'
|
||||
+ python << __EOF
|
||||
+import gtk, os, commands
|
||||
+rc = [-1,'']
|
||||
+try:
|
||||
+ rc=commands.getstatusoutput("%s/.sandboxrc" % os.environ["HOME"])
|
||||
+except:
|
||||
+ pass
|
||||
+if rc[0] == 0:
|
||||
+ print rc[1]
|
||||
+__EOF
|
||||
export EXITCODE=$?
|
||||
kill -HUP 0
|
||||
break
|
||||
Binary files nsapolicycoreutils/sandbox/seunshare and policycoreutils-2.0.83/sandbox/seunshare differ
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/seunshare.8 policycoreutils-2.0.83/sandbox/seunshare.8
|
||||
--- nsapolicycoreutils/sandbox/seunshare.8 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.83/sandbox/seunshare.8 2010-07-30 13:50:40.000000000 -0400
|
||||
|
|
@ -1926,8 +1948,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
+.I Thomas Liu <tliu@fedoraproject.org>
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/seunshare.c policycoreutils-2.0.83/sandbox/seunshare.c
|
||||
--- nsapolicycoreutils/sandbox/seunshare.c 2010-06-16 08:03:38.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/sandbox/seunshare.c 2010-07-30 13:50:40.000000000 -0400
|
||||
@@ -1,13 +1,20 @@
|
||||
+++ policycoreutils-2.0.83/sandbox/seunshare.c 2010-08-24 22:49:42.000000000 -0400
|
||||
@@ -1,13 +1,21 @@
|
||||
+/*
|
||||
+ * Authors: Dan Walsh <dwalsh@redhat.com>
|
||||
+ * Authors: Thomas Liu <tliu@fedoraproject.org>
|
||||
|
|
@ -1936,6 +1958,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
+#define _GNU_SOURCE
|
||||
#include <signal.h>
|
||||
#include <sys/types.h>
|
||||
+#include <sys/stat.h>
|
||||
#include <sys/wait.h>
|
||||
#include <syslog.h>
|
||||
#include <sys/mount.h>
|
||||
|
|
@ -1949,15 +1972,23 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
#include <unistd.h>
|
||||
#include <stdlib.h>
|
||||
#include <cap-ng.h>
|
||||
@@ -21,7 +28,6 @@
|
||||
@@ -15,14 +23,11 @@
|
||||
#include <limits.h>
|
||||
#include <stdlib.h>
|
||||
#include <errno.h>
|
||||
+#include <fcntl.h>
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
#include <selinux/selinux.h>
|
||||
#include <selinux/context.h> /* for context-mangling functions */
|
||||
|
||||
-#include <sys/types.h>
|
||||
-#include <sys/stat.h>
|
||||
-#include <unistd.h>
|
||||
|
||||
-
|
||||
#ifdef USE_NLS
|
||||
#include <locale.h> /* for setlocale() */
|
||||
@@ -39,6 +45,12 @@
|
||||
#include <libintl.h> /* for gettext() */
|
||||
@@ -39,6 +44,12 @@
|
||||
#define MS_PRIVATE 1<<18
|
||||
#endif
|
||||
|
||||
|
|
@ -1970,12 +2001,56 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
/**
|
||||
* This function will drop all capabilities
|
||||
* Returns zero on success, non-zero otherwise
|
||||
@@ -151,25 +163,57 @@
|
||||
@@ -134,42 +145,98 @@
|
||||
static int seunshare_mount(const char *src, const char *dst, struct passwd *pwd) {
|
||||
if (verbose)
|
||||
printf("Mount %s on %s\n", src, dst);
|
||||
- if (mount(dst, dst, NULL, MS_BIND | MS_REC, NULL) < 0) {
|
||||
+
|
||||
+ int flags = MS_REC;
|
||||
+ if (strcmp("/tmp", dst) == 0) {
|
||||
+ flags = flags | MS_NODEV | MS_NOSUID | MS_NOEXEC;
|
||||
+ }
|
||||
+
|
||||
+ if (mount(dst, dst, NULL, MS_BIND | flags, NULL) < 0) {
|
||||
fprintf(stderr, _("Failed to mount %s on %s: %s\n"), dst, dst, strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
|
||||
- if (mount(dst, dst, NULL, MS_PRIVATE | MS_REC, NULL) < 0) {
|
||||
+ if (mount(dst, dst, NULL, MS_PRIVATE | flags, NULL) < 0) {
|
||||
fprintf(stderr, _("Failed to make %s private: %s\n"), dst, strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
|
||||
- if (mount(src, dst, NULL, MS_BIND | MS_REC, NULL) < 0) {
|
||||
+ if (mount(src, dst, NULL, MS_BIND | flags, NULL) < 0) {
|
||||
fprintf(stderr, _("Failed to mount %s on %s: %s\n"), src, dst, strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (verify_mount(dst, pwd) < 0)
|
||||
return -1;
|
||||
+
|
||||
+ if (strcmp("/tmp", dst) == 0) {
|
||||
+ struct stat sb;
|
||||
+ int fd = open(dst,O_RDONLY);
|
||||
+ if ( fd == -1 ) goto err;
|
||||
+ if (fstat(fd, &sb) == -1) {
|
||||
+ close(fd);
|
||||
+ goto err;
|
||||
+ }
|
||||
+ if (fchmod(fd, sb.st_mode | S_ISVTX) < 0) {
|
||||
+ close(fd);
|
||||
+ goto err;
|
||||
+ }
|
||||
+ close(fd);
|
||||
+ }
|
||||
+
|
||||
+ return 0;
|
||||
+err:
|
||||
+ fprintf(stderr, _("Invalid mount point %s: %s\n"), src, strerror(errno));
|
||||
+ return -1;
|
||||
+}
|
||||
+
|
||||
+#define USAGE_STRING _("USAGE: seunshare [ -v ] [ -t tmpdir ] [ -h homedir ] [-Z CONTEXT] -- executable [args] ")
|
||||
|
|
@ -2030,7 +2105,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
{NULL, 0, 0, 0}
|
||||
};
|
||||
|
||||
@@ -180,6 +224,12 @@
|
||||
@@ -180,6 +247,12 @@
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
|
@ -2043,7 +2118,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
struct passwd *pwd=getpwuid(uid);
|
||||
if (!pwd) {
|
||||
perror(_("getpwduid failed"));
|
||||
@@ -192,30 +242,30 @@
|
||||
@@ -192,30 +265,30 @@
|
||||
}
|
||||
|
||||
while (1) {
|
||||
|
|
@ -2083,7 +2158,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
default:
|
||||
fprintf(stderr, "%s\n", USAGE_STRING);
|
||||
return -1;
|
||||
@@ -223,21 +273,179 @@
|
||||
@@ -223,21 +296,179 @@
|
||||
}
|
||||
|
||||
if (! homedir_s && ! tmpdir_s) {
|
||||
|
|
@ -2269,7 +2344,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
|
||||
if (unshare(CLONE_NEWNS) < 0) {
|
||||
perror(_("Failed to unshare"));
|
||||
@@ -286,11 +494,13 @@
|
||||
@@ -286,11 +517,13 @@
|
||||
exit(-1);
|
||||
}
|
||||
|
||||
|
|
@ -2288,8 +2363,11 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
}
|
||||
|
||||
if (display)
|
||||
@@ -308,14 +518,12 @@
|
||||
setsid();
|
||||
@@ -305,17 +538,14 @@
|
||||
perror(_("Failed to change dir to homedir"));
|
||||
exit(-1);
|
||||
}
|
||||
- setsid();
|
||||
execv(argv[optind], argv + optind);
|
||||
free(display);
|
||||
+ freecon(scontext);
|
||||
|
|
@ -2304,6 +2382,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
-
|
||||
return status;
|
||||
}
|
||||
Binary files nsapolicycoreutils/sandbox/seunshare.o and policycoreutils-2.0.83/sandbox/seunshare.o differ
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.83/scripts/chcat
|
||||
--- nsapolicycoreutils/scripts/chcat 2010-05-19 14:45:51.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/scripts/chcat 2010-07-30 13:50:40.000000000 -0400
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@
|
|||
Summary: SELinux policy core utilities
|
||||
Name: policycoreutils
|
||||
Version: 2.0.83
|
||||
Release: 19%{?dist}
|
||||
Release: 20%{?dist}
|
||||
License: GPLv2
|
||||
Group: System Environment/Base
|
||||
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
||||
|
|
@ -315,6 +315,12 @@ fi
|
|||
exit 0
|
||||
|
||||
%changelog
|
||||
* Tue Aug 24 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-20
|
||||
- Tighten down seunshare to create /tmp dir with sticky bit and MS_NODEV | MS_NOSUID | MS_NOEXEC;
|
||||
- Remove setsid on seunshare so ^c on sandbox will cause apps to exit
|
||||
- Add dbus-launch --exit-with-session so all processes launched within the sandbox exit with the sandbox
|
||||
- Clean up error handling so error will get sent back to sandbox tool
|
||||
|
||||
* Mon Aug 23 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-19
|
||||
- Fix translation handling in file context page of system-config-selinux
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue