More fixes for seunshare
This commit is contained in:
parent
121d321149
commit
d04e8562ad
@ -1749,7 +1749,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
||||
@python test_sandbox.py -v
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox policycoreutils-2.0.83/sandbox/sandbox
|
||||
--- nsapolicycoreutils/sandbox/sandbox 2010-06-16 08:04:12.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/sandbox/sandbox 2011-03-18 17:53:51.106277829 -0400
|
||||
+++ policycoreutils-2.0.83/sandbox/sandbox 2011-03-24 17:54:19.483719915 -0400
|
||||
@@ -1,5 +1,6 @@
|
||||
-#! /usr/bin/python -E
|
||||
+#! /usr/bin/python -Es
|
||||
@ -1779,7 +1779,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
||||
import gettext
|
||||
gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
|
||||
gettext.textdomain(PROGNAME)
|
||||
@@ -41,6 +44,7 @@
|
||||
@@ -41,11 +44,20 @@
|
||||
import __builtin__
|
||||
__builtin__.__dict__['_'] = unicode
|
||||
|
||||
@ -1787,7 +1787,20 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
||||
DEFAULT_TYPE = "sandbox_t"
|
||||
DEFAULT_X_TYPE = "sandbox_x_t"
|
||||
SAVE_FILES = {}
|
||||
@@ -63,15 +67,15 @@
|
||||
|
||||
random.seed(None)
|
||||
+
|
||||
+def chcon(path, context, recursive=False):
|
||||
+ """ Set the SELinux context on a given path """
|
||||
+ selinux.lsetfilecon(path, context)
|
||||
+ if recursive:
|
||||
+ for root, dirs, files in os.walk(path):
|
||||
+ for name in files + dirs:
|
||||
+ selinux.lsetfilecon(os.path.join(root,name), context)
|
||||
|
||||
def sighandler(signum, frame):
|
||||
signal.signal(signum, signal.SIG_IGN)
|
||||
@@ -63,15 +75,15 @@
|
||||
sys.stderr.flush()
|
||||
sys.exit(1)
|
||||
|
||||
@ -1807,7 +1820,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
||||
if not os.path.exists(newdir):
|
||||
os.makedirs(newdir)
|
||||
dest = newdir + "/" + bname
|
||||
@@ -81,9 +85,10 @@
|
||||
@@ -81,9 +93,10 @@
|
||||
shutil.copytree(file, dest)
|
||||
else:
|
||||
shutil.copy2(file, dest)
|
||||
@ -1820,7 +1833,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
||||
|
||||
SAVE_FILES[file] = (dest, os.path.getmtime(dest))
|
||||
|
||||
@@ -161,10 +166,10 @@
|
||||
@@ -161,10 +174,10 @@
|
||||
if not self.__options.homedir or not self.__options.tmpdir:
|
||||
self.usage(_("Homedir and tempdir required for level mounts"))
|
||||
|
||||
@ -1834,7 +1847,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
||||
|
||||
def __mount_callback(self, option, opt, value, parser):
|
||||
self.__mount = True
|
||||
@@ -172,6 +177,15 @@
|
||||
@@ -172,6 +185,15 @@
|
||||
def __x_callback(self, option, opt, value, parser):
|
||||
self.__mount = True
|
||||
setattr(parser.values, option.dest, True)
|
||||
@ -1850,7 +1863,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
||||
|
||||
def __validdir(self, option, opt, value, parser):
|
||||
if not os.path.isdir(value):
|
||||
@@ -194,6 +208,8 @@
|
||||
@@ -194,6 +216,8 @@
|
||||
self.__include(option, opt, i[:-1], parser)
|
||||
except IOError, e:
|
||||
sys.stderr.write(str(e))
|
||||
@ -1859,7 +1872,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
||||
fd.close()
|
||||
|
||||
def __copyfiles(self):
|
||||
@@ -212,13 +228,15 @@
|
||||
@@ -212,13 +236,15 @@
|
||||
/etc/gdm/Xsession
|
||||
""")
|
||||
else:
|
||||
@ -1877,7 +1890,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
||||
kill -TERM $WM_PID 2> /dev/null
|
||||
""" % (command, wm, command))
|
||||
fd.close()
|
||||
@@ -226,14 +244,25 @@
|
||||
@@ -226,14 +252,25 @@
|
||||
|
||||
def usage(self, message = ""):
|
||||
error_exit("%s\n%s" % (self.__parser.usage, message))
|
||||
@ -1907,7 +1920,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
||||
|
||||
parser = OptionParser(version=self.VERSION, usage=usage)
|
||||
parser.disable_interspersed_args()
|
||||
@@ -268,6 +297,10 @@
|
||||
@@ -268,6 +305,10 @@
|
||||
action="callback", callback=self.__validdir,
|
||||
help=_("alternate /tmp directory to use for mounting"))
|
||||
|
||||
@ -1918,7 +1931,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
||||
parser.add_option("-W", "--windowmanager", dest="wm",
|
||||
type="string",
|
||||
default="/usr/bin/matchbox-window-manager -use_titlebar no",
|
||||
@@ -276,13 +309,17 @@
|
||||
@@ -276,13 +317,17 @@
|
||||
parser.add_option("-l", "--level", dest="level",
|
||||
help=_("MCS/MLS level for the sandbox"))
|
||||
|
||||
@ -1937,7 +1950,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
||||
if self.__options.setype:
|
||||
self.setype = self.__options.setype
|
||||
|
||||
@@ -300,6 +337,10 @@
|
||||
@@ -300,6 +345,10 @@
|
||||
self.__homedir = self.__options.homedir
|
||||
self.__tmpdir = self.__options.tmpdir
|
||||
else:
|
||||
@ -1948,7 +1961,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
||||
if len(cmds) == 0:
|
||||
self.usage(_("Command required"))
|
||||
cmds[0] = fullpath(cmds[0])
|
||||
@@ -329,44 +370,43 @@
|
||||
@@ -329,44 +378,43 @@
|
||||
def __setup_dir(self):
|
||||
if self.__options.level or self.__options.session:
|
||||
return
|
||||
@ -1957,7 +1970,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
||||
- os.mkdir(sandboxdir)
|
||||
|
||||
if self.__options.homedir:
|
||||
selinux.chcon(self.__options.homedir, self.__filecon, recursive=True)
|
||||
- selinux.chcon(self.__options.homedir, self.__filecon, recursive=True)
|
||||
+ chcon(self.__options.homedir, self.__filecon, recursive=True)
|
||||
self.__homedir = self.__options.homedir
|
||||
else:
|
||||
selinux.setfscreatecon(self.__filecon)
|
||||
@ -1965,7 +1979,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
||||
+ self.__homedir = mkdtemp(dir="/tmp", prefix=".sandbox_home_")
|
||||
|
||||
if self.__options.tmpdir:
|
||||
selinux.chcon(self.__options.tmpdir, self.__filecon, recursive=True)
|
||||
- selinux.chcon(self.__options.tmpdir, self.__filecon, recursive=True)
|
||||
+ chcon(self.__options.tmpdir, self.__filecon, recursive=True)
|
||||
self.__tmpdir = self.__options.tmpdir
|
||||
else:
|
||||
selinux.setfscreatecon(self.__filecon)
|
||||
@ -2012,7 +2027,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
||||
|
||||
selinux.setexeccon(self.__execcon)
|
||||
rc = subprocess.Popen(self.__cmds).wait()
|
||||
@@ -404,7 +444,7 @@
|
||||
@@ -404,7 +452,7 @@
|
||||
sandbox = Sandbox()
|
||||
rc = sandbox.main()
|
||||
except OSError, error:
|
||||
@ -2222,7 +2237,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
||||
+.I Thomas Liu <tliu@fedoraproject.org>
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/seunshare.c policycoreutils-2.0.83/sandbox/seunshare.c
|
||||
--- nsapolicycoreutils/sandbox/seunshare.c 2010-06-16 08:04:12.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/sandbox/seunshare.c 2011-03-18 17:53:42.821186805 -0400
|
||||
+++ policycoreutils-2.0.83/sandbox/seunshare.c 2011-03-24 17:53:45.207410252 -0400
|
||||
@@ -1,28 +1,35 @@
|
||||
+/*
|
||||
+ * Authors: Dan Walsh <dwalsh@redhat.com>
|
||||
@ -2432,20 +2447,20 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
||||
+
|
||||
+ if (lstat(dir, st_out) == -1) {
|
||||
+ fprintf(stderr, _("Failed to stat %s: %s\n"), dir, strerror(errno));
|
||||
+ return -1;
|
||||
+ }
|
||||
+ if (! S_ISDIR(st_out->st_mode)) {
|
||||
+ fprintf(stderr, _("Error: %s is not a directory: %s\n"), dir, strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
- if (sb.st_uid != pwd->pw_uid) {
|
||||
- errno = EPERM;
|
||||
- syslog(LOG_AUTHPRIV | LOG_ALERT, "%s attempted to mount an invalid directory, %s", pwd->pw_name, mntdir);
|
||||
- perror(_("Invalid mount point, reporting to administrator"));
|
||||
+ if (st_in && !equal_stats(st_in, st_out)) {
|
||||
+ fprintf(stderr, _("Error: %s was replaced by a different directory\n"), dir);
|
||||
+ if (! S_ISDIR(st_out->st_mode)) {
|
||||
+ fprintf(stderr, _("Error: %s is not a directory: %s\n"), dir, strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
+ if (st_in && !equal_stats(st_in, st_out)) {
|
||||
+ fprintf(stderr, _("Error: %s was replaced by a different directory\n"), dir);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
return 0;
|
||||
}
|
||||
@ -2459,7 +2474,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
||||
break;
|
||||
}
|
||||
}
|
||||
@@ -131,45 +236,509 @@
|
||||
@@ -131,45 +236,520 @@
|
||||
return rc;
|
||||
}
|
||||
|
||||
@ -2728,18 +2743,35 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
||||
+ return rc;
|
||||
+}
|
||||
+
|
||||
+/*
|
||||
+ This function returns 0 on success and -1 on failure.
|
||||
+ The cmdbuf will contain the rsync command string to copy all files from
|
||||
+ src dir to tmp. cmdbuf can be NULL if no files need to be compied;
|
||||
+*/
|
||||
+/*
|
||||
+ If path is empy or ends with "/." or "/.. return -1 else return 0;
|
||||
+ */
|
||||
+static int bad_path(const char *path) {
|
||||
+ const char *ptr;
|
||||
+ ptr = path;
|
||||
+ while (*ptr) ptr++;
|
||||
+ if (ptr == path) return -1; // ptr null
|
||||
+ ptr--;
|
||||
+ if (ptr != path && *ptr == '.') {
|
||||
+ ptr--;
|
||||
+ if (*ptr == '/') return -1; // path ends in /.
|
||||
+ if (*ptr == '.') {
|
||||
+ if (ptr != path) {
|
||||
+ ptr--;
|
||||
+ if (*ptr == '/') return -1; // path ends in /..
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+static int rsynccmd(const char * src, const char *dst, char **cmdbuf)
|
||||
+{
|
||||
+ char *buf = NULL;
|
||||
+ char *newbuf = NULL;
|
||||
+ glob_t fglob;
|
||||
+ fglob.gl_offs = 0;
|
||||
+ int flags = GLOB_DOOFFS | GLOB_TILDE;
|
||||
+ int flags = GLOB_PERIOD;
|
||||
+ unsigned int i = 0;
|
||||
+ int rc = -1;
|
||||
+
|
||||
@ -2749,43 +2781,36 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
||||
return -1;
|
||||
+ }
|
||||
+
|
||||
+ if (glob(buf, flags, NULL, &fglob) < 0) {
|
||||
+ if (glob(buf, flags, NULL, &fglob) != 0) {
|
||||
+ free(buf); buf = NULL;
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ free(buf); buf = NULL;
|
||||
+
|
||||
+ /* append match glob for all hidden files in src dir exclude . and .. */
|
||||
+ if (asprintf(&buf, "%s/.[^.]*", src) == -1) {
|
||||
+ fprintf(stderr, "Out of memory\n");
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
+ if (glob(buf, flags | GLOB_APPEND ,NULL, &fglob) < 0) {
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
+ free(buf); buf = NULL;
|
||||
+
|
||||
+ for ( i=0; i < fglob.gl_pathc; i++) {
|
||||
+ const char *path = fglob.gl_pathv[i];
|
||||
+
|
||||
+ if (bad_path(path)) continue;
|
||||
+
|
||||
+ if (!buf) {
|
||||
+ if (asprintf(&newbuf, "%s", fglob.gl_pathv[i]) == -1) {
|
||||
+ if (asprintf(&newbuf, "\'%s\'", path) == -1) {
|
||||
+ fprintf(stderr, "Out of memory\n");
|
||||
+ goto err;
|
||||
+ }
|
||||
+ } else {
|
||||
+ if (asprintf(&newbuf, "%s %s", buf, fglob.gl_pathv[i]) == -1) {
|
||||
+ if (asprintf(&newbuf, "%s \'%s\'", buf, path) == -1) {
|
||||
+ fprintf(stderr, "Out of memory\n");
|
||||
+ goto err;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ free(buf); buf = newbuf;
|
||||
+ newbuf = NULL;
|
||||
+ }
|
||||
+
|
||||
+ if (buf) {
|
||||
+ if (asprintf(&newbuf, "/usr/bin/rsync -trlHDq %s '%s/'", buf, dst) == -1) {
|
||||
+ if (asprintf(&newbuf, "/usr/bin/rsync -trlHDq %s '%s'", buf, dst) == -1) {
|
||||
+ fprintf(stderr, "Out of memory\n");
|
||||
+ goto err;
|
||||
+ }
|
||||
@ -2800,8 +2825,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
||||
+ free(buf); buf = NULL;
|
||||
+ globfree(&fglob);
|
||||
+ return rc;
|
||||
+}
|
||||
+
|
||||
}
|
||||
|
||||
-#define USAGE_STRING _("USAGE: seunshare [ -v ] [ -t tmpdir ] [ -h homedir ] -- CONTEXT executable [args] ")
|
||||
+/**
|
||||
+ * Clean up runtime temporary directory. Returns 0 if no problem was detected,
|
||||
+ * >0 if some error was detected, but errors here are treated as non-fatal and
|
||||
@ -2844,9 +2870,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
||||
+ setfsuid(pwd->pw_uid);
|
||||
+
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
-#define USAGE_STRING _("USAGE: seunshare [ -v ] [ -t tmpdir ] [ -h homedir ] -- CONTEXT executable [args] ")
|
||||
+}
|
||||
+
|
||||
+/**
|
||||
+ * seunshare will create a tmpdir in /tmp, with root ownership. The parent
|
||||
+ * process waits for it child to exit to attempt to remove the directory. If
|
||||
@ -2881,6 +2906,11 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
||||
+ fprintf(stderr, _("Failed to get context of the directory %s: %s\n"), src, strerror(errno));
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
+ if (rsynccmd(src, tmpdir, &cmdbuf) < 0) {
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
+ /* ok to not reach this if there is an error */
|
||||
+ setfsuid(0);
|
||||
+ }
|
||||
@ -2933,10 +2963,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ if (rsynccmd(src, tmpdir, &cmdbuf) < 0) {
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
+ if (cmdbuf && spawn_command(cmdbuf, pwd->pw_uid) != 0) {
|
||||
+ fprintf(stderr, _("Failed to populate runtime temporary directory\n"));
|
||||
+ cleanup_tmpdir(tmpdir, src, pwd, 0);
|
||||
@ -2983,7 +3009,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
||||
{NULL, 0, 0, 0}
|
||||
};
|
||||
|
||||
@@ -180,6 +749,12 @@
|
||||
@@ -180,6 +760,12 @@
|
||||
return -1;
|
||||
}
|
||||
|
||||
@ -2996,7 +3022,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
||||
struct passwd *pwd=getpwuid(uid);
|
||||
if (!pwd) {
|
||||
perror(_("getpwduid failed"));
|
||||
@@ -187,34 +762,30 @@
|
||||
@@ -187,34 +773,30 @@
|
||||
}
|
||||
|
||||
if (verify_shell(pwd->pw_shell) < 0) {
|
||||
@ -3042,7 +3068,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
||||
break;
|
||||
default:
|
||||
fprintf(stderr, "%s\n", USAGE_STRING);
|
||||
@@ -223,76 +794,84 @@
|
||||
@@ -223,76 +805,84 @@
|
||||
}
|
||||
|
||||
if (! homedir_s && ! tmpdir_s) {
|
||||
@ -3093,7 +3119,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
||||
+ * on an NFS mount. It's also desired to avoid leaking info about
|
||||
+ * existence of the files not accessible to the user. */
|
||||
+ setfsuid(uid);
|
||||
+
|
||||
|
||||
- if (drop_capabilities(uid)) {
|
||||
- perror(_("Failed to drop all capabilities"));
|
||||
+ /* verify homedir and tmpdir */
|
||||
+ if (homedir_s && (
|
||||
+ verify_directory(homedir_s, NULL, &st_homedir) < 0 ||
|
||||
@ -3102,9 +3130,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
||||
+ verify_directory(tmpdir_s, NULL, &st_tmpdir_s) < 0 ||
|
||||
+ check_owner_uid(uid, tmpdir_s, &st_tmpdir_s))) return -1;
|
||||
+ setfsuid(0);
|
||||
|
||||
- if (drop_capabilities(uid)) {
|
||||
- perror(_("Failed to drop all capabilities"));
|
||||
+
|
||||
+ /* create runtime tmpdir */
|
||||
+ if (tmpdir_s && (tmpdir_r = create_tmpdir(tmpdir_s, &st_tmpdir_s,
|
||||
+ &st_tmpdir_r, pwd, execcon)) == NULL) {
|
||||
@ -3175,7 +3201,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
||||
if (display)
|
||||
rc |= setenv("DISPLAY", display, 1);
|
||||
rc |= setenv("HOME", pwd->pw_dir, 1);
|
||||
@@ -300,22 +879,41 @@
|
||||
@@ -300,22 +890,41 @@
|
||||
rc |= setenv("USER", pwd->pw_name, 1);
|
||||
rc |= setenv("LOGNAME", pwd->pw_name, 1);
|
||||
rc |= setenv("PATH", DEFAULT_PATH, 1);
|
||||
|
@ -7,7 +7,7 @@
|
||||
Summary: SELinux policy core utilities
|
||||
Name: policycoreutils
|
||||
Version: 2.0.83
|
||||
Release: 33.6%{?dist}
|
||||
Release: 33.7%{?dist}
|
||||
License: GPLv2
|
||||
Group: System Environment/Base
|
||||
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
||||
@ -316,6 +316,9 @@ fi
|
||||
exit 0
|
||||
|
||||
%changelog
|
||||
* Thu Mar 24 2011 Dan Walsh <dwalsh@redhat.com> 2.0.83-33.5
|
||||
- More fixes for seunshare
|
||||
|
||||
* Fri Mar 18 2011 Dan Walsh <dwalsh@redhat.com> 2.0.83-33.5
|
||||
- Fix rsync command to work if the directory is old.
|
||||
- Fix all tests
|
||||
|
Loading…
Reference in New Issue
Block a user