diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 2b1c533..d39c16f 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -1749,7 +1749,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po @python test_sandbox.py -v diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox policycoreutils-2.0.83/sandbox/sandbox --- nsapolicycoreutils/sandbox/sandbox 2010-06-16 08:04:12.000000000 -0400 -+++ policycoreutils-2.0.83/sandbox/sandbox 2011-03-18 17:53:51.106277829 -0400 ++++ policycoreutils-2.0.83/sandbox/sandbox 2011-03-24 17:54:19.483719915 -0400 @@ -1,5 +1,6 @@ -#! /usr/bin/python -E +#! /usr/bin/python -Es @@ -1779,7 +1779,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po import gettext gettext.bindtextdomain(PROGNAME, "/usr/share/locale") gettext.textdomain(PROGNAME) -@@ -41,6 +44,7 @@ +@@ -41,11 +44,20 @@ import __builtin__ __builtin__.__dict__['_'] = unicode @@ -1787,7 +1787,20 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po DEFAULT_TYPE = "sandbox_t" DEFAULT_X_TYPE = "sandbox_x_t" SAVE_FILES = {} -@@ -63,15 +67,15 @@ + + random.seed(None) ++ ++def chcon(path, context, recursive=False): ++ """ Set the SELinux context on a given path """ ++ selinux.lsetfilecon(path, context) ++ if recursive: ++ for root, dirs, files in os.walk(path): ++ for name in files + dirs: ++ selinux.lsetfilecon(os.path.join(root,name), context) + + def sighandler(signum, frame): + signal.signal(signum, signal.SIG_IGN) +@@ -63,15 +75,15 @@ sys.stderr.flush() sys.exit(1) @@ -1807,7 +1820,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po if not os.path.exists(newdir): os.makedirs(newdir) dest = newdir + "/" + bname -@@ -81,9 +85,10 @@ +@@ -81,9 +93,10 @@ shutil.copytree(file, dest) else: shutil.copy2(file, dest) @@ -1820,7 +1833,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po SAVE_FILES[file] = (dest, os.path.getmtime(dest)) -@@ -161,10 +166,10 @@ +@@ -161,10 +174,10 @@ if not self.__options.homedir or not self.__options.tmpdir: self.usage(_("Homedir and tempdir required for level mounts")) @@ -1834,7 +1847,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po def __mount_callback(self, option, opt, value, parser): self.__mount = True -@@ -172,6 +177,15 @@ +@@ -172,6 +185,15 @@ def __x_callback(self, option, opt, value, parser): self.__mount = True setattr(parser.values, option.dest, True) @@ -1850,7 +1863,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po def __validdir(self, option, opt, value, parser): if not os.path.isdir(value): -@@ -194,6 +208,8 @@ +@@ -194,6 +216,8 @@ self.__include(option, opt, i[:-1], parser) except IOError, e: sys.stderr.write(str(e)) @@ -1859,7 +1872,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po fd.close() def __copyfiles(self): -@@ -212,13 +228,15 @@ +@@ -212,13 +236,15 @@ /etc/gdm/Xsession """) else: @@ -1877,7 +1890,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po kill -TERM $WM_PID 2> /dev/null """ % (command, wm, command)) fd.close() -@@ -226,14 +244,25 @@ +@@ -226,14 +252,25 @@ def usage(self, message = ""): error_exit("%s\n%s" % (self.__parser.usage, message)) @@ -1907,7 +1920,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po parser = OptionParser(version=self.VERSION, usage=usage) parser.disable_interspersed_args() -@@ -268,6 +297,10 @@ +@@ -268,6 +305,10 @@ action="callback", callback=self.__validdir, help=_("alternate /tmp directory to use for mounting")) @@ -1918,7 +1931,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po parser.add_option("-W", "--windowmanager", dest="wm", type="string", default="/usr/bin/matchbox-window-manager -use_titlebar no", -@@ -276,13 +309,17 @@ +@@ -276,13 +317,17 @@ parser.add_option("-l", "--level", dest="level", help=_("MCS/MLS level for the sandbox")) @@ -1937,7 +1950,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po if self.__options.setype: self.setype = self.__options.setype -@@ -300,6 +337,10 @@ +@@ -300,6 +345,10 @@ self.__homedir = self.__options.homedir self.__tmpdir = self.__options.tmpdir else: @@ -1948,7 +1961,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po if len(cmds) == 0: self.usage(_("Command required")) cmds[0] = fullpath(cmds[0]) -@@ -329,44 +370,43 @@ +@@ -329,44 +378,43 @@ def __setup_dir(self): if self.__options.level or self.__options.session: return @@ -1957,7 +1970,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po - os.mkdir(sandboxdir) if self.__options.homedir: - selinux.chcon(self.__options.homedir, self.__filecon, recursive=True) +- selinux.chcon(self.__options.homedir, self.__filecon, recursive=True) ++ chcon(self.__options.homedir, self.__filecon, recursive=True) self.__homedir = self.__options.homedir else: selinux.setfscreatecon(self.__filecon) @@ -1965,7 +1979,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po + self.__homedir = mkdtemp(dir="/tmp", prefix=".sandbox_home_") if self.__options.tmpdir: - selinux.chcon(self.__options.tmpdir, self.__filecon, recursive=True) +- selinux.chcon(self.__options.tmpdir, self.__filecon, recursive=True) ++ chcon(self.__options.tmpdir, self.__filecon, recursive=True) self.__tmpdir = self.__options.tmpdir else: selinux.setfscreatecon(self.__filecon) @@ -2012,7 +2027,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po selinux.setexeccon(self.__execcon) rc = subprocess.Popen(self.__cmds).wait() -@@ -404,7 +444,7 @@ +@@ -404,7 +452,7 @@ sandbox = Sandbox() rc = sandbox.main() except OSError, error: @@ -2222,7 +2237,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po +.I Thomas Liu diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/seunshare.c policycoreutils-2.0.83/sandbox/seunshare.c --- nsapolicycoreutils/sandbox/seunshare.c 2010-06-16 08:04:12.000000000 -0400 -+++ policycoreutils-2.0.83/sandbox/seunshare.c 2011-03-18 17:53:42.821186805 -0400 ++++ policycoreutils-2.0.83/sandbox/seunshare.c 2011-03-24 17:53:45.207410252 -0400 @@ -1,28 +1,35 @@ +/* + * Authors: Dan Walsh @@ -2432,20 +2447,20 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po + + if (lstat(dir, st_out) == -1) { + fprintf(stderr, _("Failed to stat %s: %s\n"), dir, strerror(errno)); -+ return -1; -+ } -+ if (! S_ISDIR(st_out->st_mode)) { -+ fprintf(stderr, _("Error: %s is not a directory: %s\n"), dir, strerror(errno)); return -1; } - if (sb.st_uid != pwd->pw_uid) { - errno = EPERM; - syslog(LOG_AUTHPRIV | LOG_ALERT, "%s attempted to mount an invalid directory, %s", pwd->pw_name, mntdir); - perror(_("Invalid mount point, reporting to administrator")); -+ if (st_in && !equal_stats(st_in, st_out)) { -+ fprintf(stderr, _("Error: %s was replaced by a different directory\n"), dir); ++ if (! S_ISDIR(st_out->st_mode)) { ++ fprintf(stderr, _("Error: %s is not a directory: %s\n"), dir, strerror(errno)); return -1; } ++ if (st_in && !equal_stats(st_in, st_out)) { ++ fprintf(stderr, _("Error: %s was replaced by a different directory\n"), dir); ++ return -1; ++ } + return 0; } @@ -2459,7 +2474,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po break; } } -@@ -131,45 +236,509 @@ +@@ -131,45 +236,520 @@ return rc; } @@ -2728,18 +2743,35 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po + return rc; +} + -+/* -+ This function returns 0 on success and -1 on failure. -+ The cmdbuf will contain the rsync command string to copy all files from -+ src dir to tmp. cmdbuf can be NULL if no files need to be compied; -+*/ ++/* ++ If path is empy or ends with "/." or "/.. return -1 else return 0; ++ */ ++static int bad_path(const char *path) { ++ const char *ptr; ++ ptr = path; ++ while (*ptr) ptr++; ++ if (ptr == path) return -1; // ptr null ++ ptr--; ++ if (ptr != path && *ptr == '.') { ++ ptr--; ++ if (*ptr == '/') return -1; // path ends in /. ++ if (*ptr == '.') { ++ if (ptr != path) { ++ ptr--; ++ if (*ptr == '/') return -1; // path ends in /.. ++ } ++ } ++ } ++ return 0; ++} ++ +static int rsynccmd(const char * src, const char *dst, char **cmdbuf) +{ + char *buf = NULL; + char *newbuf = NULL; + glob_t fglob; + fglob.gl_offs = 0; -+ int flags = GLOB_DOOFFS | GLOB_TILDE; ++ int flags = GLOB_PERIOD; + unsigned int i = 0; + int rc = -1; + @@ -2749,43 +2781,36 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po return -1; + } + -+ if (glob(buf, flags, NULL, &fglob) < 0) { ++ if (glob(buf, flags, NULL, &fglob) != 0) { + free(buf); buf = NULL; + return -1; + } + + free(buf); buf = NULL; + -+ /* append match glob for all hidden files in src dir exclude . and .. */ -+ if (asprintf(&buf, "%s/.[^.]*", src) == -1) { -+ fprintf(stderr, "Out of memory\n"); -+ goto err; -+ } -+ -+ if (glob(buf, flags | GLOB_APPEND ,NULL, &fglob) < 0) { -+ goto err; -+ } -+ -+ free(buf); buf = NULL; -+ + for ( i=0; i < fglob.gl_pathc; i++) { ++ const char *path = fglob.gl_pathv[i]; ++ ++ if (bad_path(path)) continue; ++ + if (!buf) { -+ if (asprintf(&newbuf, "%s", fglob.gl_pathv[i]) == -1) { ++ if (asprintf(&newbuf, "\'%s\'", path) == -1) { + fprintf(stderr, "Out of memory\n"); + goto err; + } + } else { -+ if (asprintf(&newbuf, "%s %s", buf, fglob.gl_pathv[i]) == -1) { ++ if (asprintf(&newbuf, "%s \'%s\'", buf, path) == -1) { + fprintf(stderr, "Out of memory\n"); + goto err; + } + } ++ + free(buf); buf = newbuf; + newbuf = NULL; + } + + if (buf) { -+ if (asprintf(&newbuf, "/usr/bin/rsync -trlHDq %s '%s/'", buf, dst) == -1) { ++ if (asprintf(&newbuf, "/usr/bin/rsync -trlHDq %s '%s'", buf, dst) == -1) { + fprintf(stderr, "Out of memory\n"); + goto err; + } @@ -2800,8 +2825,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po + free(buf); buf = NULL; + globfree(&fglob); + return rc; -+} -+ + } + +-#define USAGE_STRING _("USAGE: seunshare [ -v ] [ -t tmpdir ] [ -h homedir ] -- CONTEXT executable [args] ") +/** + * Clean up runtime temporary directory. Returns 0 if no problem was detected, + * >0 if some error was detected, but errors here are treated as non-fatal and @@ -2844,9 +2870,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po + setfsuid(pwd->pw_uid); + + return 0; - } - --#define USAGE_STRING _("USAGE: seunshare [ -v ] [ -t tmpdir ] [ -h homedir ] -- CONTEXT executable [args] ") ++} ++ +/** + * seunshare will create a tmpdir in /tmp, with root ownership. The parent + * process waits for it child to exit to attempt to remove the directory. If @@ -2881,6 +2906,11 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po + fprintf(stderr, _("Failed to get context of the directory %s: %s\n"), src, strerror(errno)); + goto err; + } ++ ++ if (rsynccmd(src, tmpdir, &cmdbuf) < 0) { ++ goto err; ++ } ++ + /* ok to not reach this if there is an error */ + setfsuid(0); + } @@ -2933,10 +2963,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po + } + } + -+ if (rsynccmd(src, tmpdir, &cmdbuf) < 0) { -+ goto err; -+ } -+ + if (cmdbuf && spawn_command(cmdbuf, pwd->pw_uid) != 0) { + fprintf(stderr, _("Failed to populate runtime temporary directory\n")); + cleanup_tmpdir(tmpdir, src, pwd, 0); @@ -2983,7 +3009,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po {NULL, 0, 0, 0} }; -@@ -180,6 +749,12 @@ +@@ -180,6 +760,12 @@ return -1; } @@ -2996,7 +3022,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po struct passwd *pwd=getpwuid(uid); if (!pwd) { perror(_("getpwduid failed")); -@@ -187,34 +762,30 @@ +@@ -187,34 +773,30 @@ } if (verify_shell(pwd->pw_shell) < 0) { @@ -3042,7 +3068,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po break; default: fprintf(stderr, "%s\n", USAGE_STRING); -@@ -223,76 +794,84 @@ +@@ -223,76 +805,84 @@ } if (! homedir_s && ! tmpdir_s) { @@ -3093,7 +3119,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po + * on an NFS mount. It's also desired to avoid leaking info about + * existence of the files not accessible to the user. */ + setfsuid(uid); -+ + +- if (drop_capabilities(uid)) { +- perror(_("Failed to drop all capabilities")); + /* verify homedir and tmpdir */ + if (homedir_s && ( + verify_directory(homedir_s, NULL, &st_homedir) < 0 || @@ -3102,9 +3130,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po + verify_directory(tmpdir_s, NULL, &st_tmpdir_s) < 0 || + check_owner_uid(uid, tmpdir_s, &st_tmpdir_s))) return -1; + setfsuid(0); - -- if (drop_capabilities(uid)) { -- perror(_("Failed to drop all capabilities")); ++ + /* create runtime tmpdir */ + if (tmpdir_s && (tmpdir_r = create_tmpdir(tmpdir_s, &st_tmpdir_s, + &st_tmpdir_r, pwd, execcon)) == NULL) { @@ -3175,7 +3201,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po if (display) rc |= setenv("DISPLAY", display, 1); rc |= setenv("HOME", pwd->pw_dir, 1); -@@ -300,22 +879,41 @@ +@@ -300,22 +890,41 @@ rc |= setenv("USER", pwd->pw_name, 1); rc |= setenv("LOGNAME", pwd->pw_name, 1); rc |= setenv("PATH", DEFAULT_PATH, 1); diff --git a/policycoreutils.spec b/policycoreutils.spec index 71c3042..b9f4fb2 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -7,7 +7,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 2.0.83 -Release: 33.6%{?dist} +Release: 33.7%{?dist} License: GPLv2 Group: System Environment/Base Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz @@ -316,6 +316,9 @@ fi exit 0 %changelog +* Thu Mar 24 2011 Dan Walsh 2.0.83-33.5 +- More fixes for seunshare + * Fri Mar 18 2011 Dan Walsh 2.0.83-33.5 - Fix rsync command to work if the directory is old. - Fix all tests