Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Preserve file context and ownership in policy store #66

Closed
wants to merge 6 commits into from

Conversation

vmojzis
Copy link
Member

@vmojzis vmojzis commented Aug 9, 2024

No description provided.

bachradsusi and others added 6 commits August 9, 2024 17:26
Fixes segfault in selabel_open() on systems with SELinux disabled and without any
SELinux policy installed introduced by commit 5876aca ("libselinux: free
data on selabel open failure"):

    $ sestatus
    SELinux status:                 disabled

    $ cat /etc/selinux/config
    cat: /etc/selinux/config: No such file or directory

    $ matchpathcon /abc
    [1]    907999 segmentation fault (core dumped)  matchpathcon /abc

Signed-off-by: Petr Lautrbach <[email protected]>
Acked-by: James Carter <[email protected]>
restorecon.h uses types defined in label.h, so it needs to include
label.h (or code using restorecon.h also needs to include label.h,
which is not practical).

Fixes:
  $ make DESTDIR=~/obj install > make.out
In file included from semanage_store.c:39:
/home/sdsmall/obj/usr/include/selinux/restorecon.h:137:52: error:
‘struct selabel_handle’ declared inside parameter list will not be
visible outside of this definition or declaration [-Werror]
  137 | extern void selinux_restorecon_set_sehandle(struct
selabel_handle *hndl);
      |                                                    ^~~~~~~~~~~~~~
cc1: all warnings being treated as errors
make[2]: *** [Makefile:111: semanage_store.o] Error 1
make[1]: *** [Makefile:15: install] Error 2
make: *** [Makefile:40: install] Error 1

Signed-off-by: Vit Mojzis <[email protected]>
Acked-by: Stephen Smalley <[email protected]>
Make sure that file context (all parts) and ownership of
files/directories in policy store does not change no matter which user
and under which context executes policy rebuild.

Fixes:
  # semodule -B
  # ls -lZ  /etc/selinux/targeted/contexts/files

-rw-r--r--. 1 root root unconfined_u:object_r:file_context_t:s0 421397 Jul 11 09:57 file_contexts
-rw-r--r--. 1 root root unconfined_u:object_r:file_context_t:s0 593470 Jul 11 09:57 file_contexts.bin
-rw-r--r--. 1 root root unconfined_u:object_r:file_context_t:s0  14704 Jul 11 09:57 file_contexts.homedirs
-rw-r--r--. 1 root root unconfined_u:object_r:file_context_t:s0  20289 Jul 11 09:57 file_contexts.homedirs.bin

  SELinux user changed from system_u to the user used to execute semodule

  # capsh --user=testuser --caps="cap_dac_override,cap_chown+eip" --addamb=cap_dac_override,cap_chown -- -c "semodule -B"
  # ls -lZ  /etc/selinux/targeted/contexts/files

-rw-r--r--. 1 testuser testuser unconfined_u:object_r:file_context_t:s0 421397 Jul 19 09:10 file_contexts
-rw-r--r--. 1 testuser testuser unconfined_u:object_r:file_context_t:s0 593470 Jul 19 09:10 file_contexts.bin
-rw-r--r--. 1 testuser testuser unconfined_u:object_r:file_context_t:s0  14704 Jul 19 09:10 file_contexts.homedirs
-rw-r--r--. 1 testuser testuser unconfined_u:object_r:file_context_t:s0  20289 Jul 19 09:10 file_contexts.homedirs.bin

  Both file context and ownership changed -- causes remote login
  failures and other issues in some scenarios.

Signed-off-by: Vit Mojzis <[email protected]>
Acked-by: Stephen Smalley <[email protected]>
The lower 64 bits of the subnet prefix for an ibpkeycon rule should
all be 0's. Unfortunately the check uses the s6_addr macro which refers
to the 16 entry array of 8-bit values in the union and does not refer
to the correct bits.

Use the s6_addr32 macro instead which refers to the 4 entry array of
32-bit values in the union and refers to the lower 64 bits.

Signed-off-by: James Carter <[email protected]>
Acked-by: Stephen Smalley <[email protected]>
Trying to compile libselinux for 32-bit produces the following error:

selinux_restorecon.c:1194:31: error: comparison of integer expressions of different signedness: ‘__fsword_t’ {aka ‘int’} and ‘unsigned int’ [-Werror=sign-compare]
 1194 |         if (state.sfsb.f_type == RAMFS_MAGIC || state.sfsb.f_type == TMPFS_MAGIC ||
      |                               ^~

Since RAMFS_MAGIC = 0x858458f6 == 2240043254, which > 2^31, but < 2^32,
cast both as uint32_t for the comparison.

Reported-by: Daniel Schepler
Signed-off-by: James Carter <[email protected]>
Reviewed-by: Christian Göttsche <[email protected]>
Acked-by: Stephen Smalley <[email protected]>
Avoid context_destroy() on "newcontext" before context_init() is called.

Fixes:
  libsepol-3.6/src/services.c:1335: var_decl: Declaring variable "newcontext" without initializer.
  libsepol-3.6/src/services.c:1462: uninit_use_in_call: Using uninitialized value "newcontext.range.level[0].cat.node" when calling "context_destroy".
  \# 1460|   	rc = sepol_sidtab_context_to_sid(sidtab, &newcontext, out_sid);
  \# 1461|         out:
  \# 1462|-> 	context_destroy(&newcontext);
  \# 1463|   	return rc;
  \# 1464|   }

Signed-off-by: Vit Mojzis <[email protected]>
Reviewed-by: Christian Göttsche <[email protected]>
Acked-by: Stephen Smalley <[email protected]>
@vmojzis vmojzis closed this Nov 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants