* libsemanage: special handling of the identity reserved to system objects
@ 2016-12-28 23:05 Guido Trentalancia
2016-12-29 9:30 ` Dominick Grift
2016-12-29 18:45 ` [PATCH v2] " Guido Trentalancia
0 siblings, 2 replies; 11+ messages in thread
From: Guido Trentalancia @ 2016-12-28 23:05 UTC (permalink / raw)
To: selinux
The following patch makes sure that the SELinux identity
reserved for system processes and objects is skipped
when adding users and that no prefix is associated to it.
A warning is produced when a Unix identity is found to be
equal to the SELinux user identity for system processes
and objects.
Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
---
include/semanage/user_record.h | 2 ++
src/genhomedircon.c | 20 ++++++++++++++++----
src/user_record.c | 15 ++++++++++++---
3 files changed, 30 insertions(+), 7 deletions(-)
diff -pru libsemanage-2.6-orig/include/semanage/user_record.h libsemanage-2.6/include/semanage/user_record.h
--- libsemanage-2.6-orig/include/semanage/user_record.h 2016-10-14 17:31:26.000000000 +0200
+++ libsemanage-2.6/include/semanage/user_record.h 2016-12-28 23:22:50.848589870 +0100
@@ -6,6 +6,8 @@
#include <stddef.h>
#include <semanage/handle.h>
+#define SYS_OBJECTS_USERID "system_u"
+
struct semanage_user;
typedef struct semanage_user semanage_user_t;
diff -pru libsemanage-2.6-orig/src/genhomedircon.c libsemanage-2.6/src/genhomedircon.c
--- libsemanage-2.6-orig/src/genhomedircon.c 2016-10-14 17:31:26.000000000 +0200
+++ libsemanage-2.6/src/genhomedircon.c 2016-12-28 23:34:38.510319855 +0100
@@ -998,14 +998,26 @@ static int add_user(genhomedircon_settin
homedir_role = prefix;
}
+ /* There should be no Unix identity corresponding
+ * to SELinux user reserved for system processes
+ * and objects */
retval = getpwnam_r(name, &pwstorage, rbuf, rbuflen, &pwent);
- if (retval != 0 || pwent == NULL) {
- if (retval != 0 && retval != ENOENT) {
+ if (strcmp(name, SYS_OBJECTS_USERID)) {
+ if (retval != 0 || pwent == NULL) {
+ if (retval != 0 && retval != ENOENT) {
+ goto cleanup;
+ }
+
+ WARN(s->h_semanage,
+ "user %s not in password file", name);
+ retval = STATUS_SUCCESS;
goto cleanup;
}
+ } else {
+ if (retval)
+ WARN(s->h_semanage,
+ "There should be no Unix identity \"%s\" !", SYS_OBJECTS_USERID);
- WARN(s->h_semanage,
- "user %s not in password file", name);
retval = STATUS_SUCCESS;
goto cleanup;
}
diff -pru libsemanage-2.6-orig/src/user_record.c libsemanage-2.6/src/user_record.c
--- libsemanage-2.6-orig/src/user_record.c 2016-10-14 17:31:26.000000000 +0200
+++ libsemanage-2.6/src/user_record.c 2016-12-28 23:30:51.544449423 +0100
@@ -348,9 +348,18 @@ hidden int semanage_user_join(semanage_h
if (semanage_user_extra_set_name(handle, tmp_user->extra, name)
< 0)
goto err;
- if (semanage_user_extra_set_prefix
- (handle, tmp_user->extra, "user") < 0)
- goto err;
+
+ /* The user identity reserved for system processes
+ * and objects shall have no prefix */
+ if (strcmp(name, SYS_OBJECTS_USERID)) {
+ if (semanage_user_extra_set_prefix
+ (handle, tmp_user->extra, "user") < 0)
+ goto err;
+ } else {
+ if (semanage_user_extra_set_prefix
+ (handle, tmp_user->extra, "") < 0)
+ goto err;
+ }
}
if (semanage_user_set_name(handle, tmp_user, name) < 0)
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: libsemanage: special handling of the identity reserved to system objects
2016-12-28 23:05 libsemanage: special handling of the identity reserved to system objects Guido Trentalancia
@ 2016-12-29 9:30 ` Dominick Grift
2016-12-29 18:43 ` Guido Trentalancia
2016-12-29 18:45 ` [PATCH v2] " Guido Trentalancia
1 sibling, 1 reply; 11+ messages in thread
From: Dominick Grift @ 2016-12-29 9:30 UTC (permalink / raw)
To: selinux
[-- Attachment #1.1: Type: text/plain, Size: 3995 bytes --]
On 12/29/2016 12:05 AM, Guido Trentalancia wrote:
> The following patch makes sure that the SELinux identity
> reserved for system processes and objects is skipped
> when adding users and that no prefix is associated to it.
>
> A warning is produced when a Unix identity is found to be
> equal to the SELinux user identity for system processes
> and objects.
>
> Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
> ---
> include/semanage/user_record.h | 2 ++
> src/genhomedircon.c | 20 ++++++++++++++++----
> src/user_record.c | 15 ++++++++++++---
> 3 files changed, 30 insertions(+), 7 deletions(-)
>
> diff -pru libsemanage-2.6-orig/include/semanage/user_record.h libsemanage-2.6/include/semanage/user_record.h
> --- libsemanage-2.6-orig/include/semanage/user_record.h 2016-10-14 17:31:26.000000000 +0200
> +++ libsemanage-2.6/include/semanage/user_record.h 2016-12-28 23:22:50.848589870 +0100
> @@ -6,6 +6,8 @@
> #include <stddef.h>
> #include <semanage/handle.h>
>
> +#define SYS_OBJECTS_USERID "system_u"
SELinux is supposed to be a flexible and customizable framework that
allow for fine-grained mandatory access control.
hard-coding customizable identifiers is frowned upon by some of us
> +
> struct semanage_user;
> typedef struct semanage_user semanage_user_t;
>
> diff -pru libsemanage-2.6-orig/src/genhomedircon.c libsemanage-2.6/src/genhomedircon.c
> --- libsemanage-2.6-orig/src/genhomedircon.c 2016-10-14 17:31:26.000000000 +0200
> +++ libsemanage-2.6/src/genhomedircon.c 2016-12-28 23:34:38.510319855 +0100
> @@ -998,14 +998,26 @@ static int add_user(genhomedircon_settin
> homedir_role = prefix;
> }
>
> + /* There should be no Unix identity corresponding
> + * to SELinux user reserved for system processes
> + * and objects */
> retval = getpwnam_r(name, &pwstorage, rbuf, rbuflen, &pwent);
> - if (retval != 0 || pwent == NULL) {
> - if (retval != 0 && retval != ENOENT) {
> + if (strcmp(name, SYS_OBJECTS_USERID)) {
> + if (retval != 0 || pwent == NULL) {
> + if (retval != 0 && retval != ENOENT) {
> + goto cleanup;
> + }
> +
> + WARN(s->h_semanage,
> + "user %s not in password file", name);
> + retval = STATUS_SUCCESS;
> goto cleanup;
> }
> + } else {
> + if (retval)
> + WARN(s->h_semanage,
> + "There should be no Unix identity \"%s\" !", SYS_OBJECTS_USERID);
>
> - WARN(s->h_semanage,
> - "user %s not in password file", name);
> retval = STATUS_SUCCESS;
> goto cleanup;
> }
> diff -pru libsemanage-2.6-orig/src/user_record.c libsemanage-2.6/src/user_record.c
> --- libsemanage-2.6-orig/src/user_record.c 2016-10-14 17:31:26.000000000 +0200
> +++ libsemanage-2.6/src/user_record.c 2016-12-28 23:30:51.544449423 +0100
> @@ -348,9 +348,18 @@ hidden int semanage_user_join(semanage_h
> if (semanage_user_extra_set_name(handle, tmp_user->extra, name)
> < 0)
> goto err;
> - if (semanage_user_extra_set_prefix
> - (handle, tmp_user->extra, "user") < 0)
> - goto err;
> +
> + /* The user identity reserved for system processes
> + * and objects shall have no prefix */
> + if (strcmp(name, SYS_OBJECTS_USERID)) {
> + if (semanage_user_extra_set_prefix
> + (handle, tmp_user->extra, "user") < 0)
> + goto err;
> + } else {
> + if (semanage_user_extra_set_prefix
> + (handle, tmp_user->extra, "") < 0)
> + goto err;
> + }
> }
>
> if (semanage_user_set_name(handle, tmp_user, name) < 0)
> _______________________________________________
> Selinux mailing list
> Selinux@tycho.nsa.gov
> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
> To get help, send an email containing "help" to Selinux-request@tycho.nsa.gov.
>
--
Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02
https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
Dominick Grift
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 648 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: libsemanage: special handling of the identity reserved to system objects
2016-12-29 9:30 ` Dominick Grift
@ 2016-12-29 18:43 ` Guido Trentalancia
0 siblings, 0 replies; 11+ messages in thread
From: Guido Trentalancia @ 2016-12-29 18:43 UTC (permalink / raw)
To: selinux
On Thu, 29/12/2016 at 10.30 +0100, Dominick Grift wrote:
> On 12/29/2016 12:05 AM, Guido Trentalancia wrote:
> >
> > The following patch makes sure that the SELinux identity
> > reserved for system processes and objects is skipped
> > when adding users and that no prefix is associated to it.
> >
> > A warning is produced when a Unix identity is found to be
> > equal to the SELinux user identity for system processes
> > and objects.
> >
> > Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
> > ---
> > include/semanage/user_record.h | 2 ++
> > src/genhomedircon.c | 20 ++++++++++++++++----
> > src/user_record.c | 15 ++++++++++++---
> > 3 files changed, 30 insertions(+), 7 deletions(-)
> >
> > diff -pru libsemanage-2.6-orig/include/semanage/user_record.h
> > libsemanage-2.6/include/semanage/user_record.h
> > --- libsemanage-2.6-orig/include/semanage/user_record.h 2016
> > -10-14 17:31:26.000000000 +0200
> > +++ libsemanage-2.6/include/semanage/user_record.h 2016-12-
> > 28 23:22:50.848589870 +0100
> > @@ -6,6 +6,8 @@
> > #include <stddef.h>
> > #include <semanage/handle.h>
> >
> > +#define SYS_OBJECTS_USERID "system_u"
>
> SELinux is supposed to be a flexible and customizable framework that
> allow for fine-grained mandatory access control.
>
> hard-coding customizable identifiers is frowned upon by some of us
No one likes hard-coding identifiers but, at the moment, I can't easily
think of a better alternative.
I have created an improved version of this patch that I am going to
post.
If you have a better idea on how to determine the identity reserved for
system objects in libsemanage without hard-coding the identifier,
please let me know and I will eventually improve this patch...
> > +
> > struct semanage_user;
> > typedef struct semanage_user semanage_user_t;
> >
> > diff -pru libsemanage-2.6-orig/src/genhomedircon.c libsemanage-
> > 2.6/src/genhomedircon.c
> > --- libsemanage-2.6-orig/src/genhomedircon.c 2016-10-14
> > 17:31:26.000000000 +0200
> > +++ libsemanage-2.6/src/genhomedircon.c 2016-12-28
> > 23:34:38.510319855 +0100
> > @@ -998,14 +998,26 @@ static int add_user(genhomedircon_settin
> > homedir_role = prefix;
> > }
> >
> > + /* There should be no Unix identity corresponding
> > + * to SELinux user reserved for system processes
> > + * and objects */
> > retval = getpwnam_r(name, &pwstorage, rbuf, rbuflen,
> > &pwent);
> > - if (retval != 0 || pwent == NULL) {
> > - if (retval != 0 && retval != ENOENT) {
> > + if (strcmp(name, SYS_OBJECTS_USERID)) {
> > + if (retval != 0 || pwent == NULL) {
> > + if (retval != 0 && retval != ENOENT) {
> > + goto cleanup;
> > + }
> > +
> > + WARN(s->h_semanage,
> > + "user %s not in password file",
> > name);
> > + retval = STATUS_SUCCESS;
> > goto cleanup;
> > }
> > + } else {
> > + if (retval)
> > + WARN(s->h_semanage,
> > + "There should be no Unix identity
> > \"%s\" !", SYS_OBJECTS_USERID);
> >
> > - WARN(s->h_semanage,
> > - "user %s not in password file", name);
> > retval = STATUS_SUCCESS;
> > goto cleanup;
> > }
> > diff -pru libsemanage-2.6-orig/src/user_record.c libsemanage-
> > 2.6/src/user_record.c
> > --- libsemanage-2.6-orig/src/user_record.c 2016-10-14
> > 17:31:26.000000000 +0200
> > +++ libsemanage-2.6/src/user_record.c 2016-12-28
> > 23:30:51.544449423 +0100
> > @@ -348,9 +348,18 @@ hidden int semanage_user_join(semanage_h
> > if (semanage_user_extra_set_name(handle, tmp_user-
> > >extra, name)
> > < 0)
> > goto err;
> > - if (semanage_user_extra_set_prefix
> > - (handle, tmp_user->extra, "user") < 0)
> > - goto err;
> > +
> > + /* The user identity reserved for system processes
> > + * and objects shall have no prefix */
> > + if (strcmp(name, SYS_OBJECTS_USERID)) {
> > + if (semanage_user_extra_set_prefix
> > + (handle, tmp_user->extra, "user") < 0)
> > + goto err;
> > + } else {
> > + if (semanage_user_extra_set_prefix
> > + (handle, tmp_user->extra, "") < 0)
> > + goto err;
> > + }
> > }
> >
> > if (semanage_user_set_name(handle, tmp_user, name) < 0)
> > _______________________________________________
Regards,
Guido
^ permalink raw reply [flat|nested] 11+ messages in thread
* [PATCH v2] libsemanage: special handling of the identity reserved to system objects
2016-12-28 23:05 libsemanage: special handling of the identity reserved to system objects Guido Trentalancia
2016-12-29 9:30 ` Dominick Grift
@ 2016-12-29 18:45 ` Guido Trentalancia
2017-01-09 18:39 ` Stephen Smalley
1 sibling, 1 reply; 11+ messages in thread
From: Guido Trentalancia @ 2016-12-29 18:45 UTC (permalink / raw)
To: selinux
The following patch makes sure that the SELinux identity
reserved for system processes and objects is skipped
when adding users.
A warning is produced when a Unix identity is found to be
equal to the SELinux user identity for system processes
and objects.
This patch also avoids creating an extra record for a user
if there is no prefix.
Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
---
include/semanage/user_record.h | 2 ++
src/genhomedircon.c | 23 +++++++++++++++++++----
src/user_extra_record.c | 39 ++++++++++++++++++++++++++++++++-------
src/user_record.c | 40 +++++++++++++++++++++++++---------------
4 files changed, 78 insertions(+), 26 deletions(-)
diff -pru a/include/semanage/user_record.h b/include/semanage/user_record.h
--- a/include/semanage/user_record.h 2016-10-14 17:31:26.000000000 +0200
+++ b/include/semanage/user_record.h 2016-12-28 23:22:50.848589870 +0100
@@ -6,6 +6,8 @@
#include <stddef.h>
#include <semanage/handle.h>
+#define SYS_OBJECTS_USERID "system_u"
+
struct semanage_user;
typedef struct semanage_user semanage_user_t;
diff -pru a/src/genhomedircon.c b/src/genhomedircon.c
--- a/src/genhomedircon.c 2016-10-14 17:31:26.000000000 +0200
+++ b/src/genhomedircon.c 2016-12-29 17:50:10.781727455 +0100
@@ -181,6 +181,9 @@ static int ignore(const char *homedir) {
static int prefix_is_homedir_role(const semanage_user_t *user,
const char *prefix)
{
+ if (!prefix)
+ return 0;
+
return strcmp(OBJECT_R, prefix) == 0 ||
semanage_user_has_role(user, prefix);
}
@@ -998,14 +1001,26 @@ static int add_user(genhomedircon_settin
homedir_role = prefix;
}
+ /* There should be no Unix identity corresponding
+ * to SELinux user reserved for system processes
+ * and objects */
retval = getpwnam_r(name, &pwstorage, rbuf, rbuflen, &pwent);
- if (retval != 0 || pwent == NULL) {
- if (retval != 0 && retval != ENOENT) {
+ if (strcmp(name, SYS_OBJECTS_USERID)) {
+ if (retval != 0 || pwent == NULL) {
+ if (retval != 0 && retval != ENOENT) {
+ goto cleanup;
+ }
+
+ WARN(s->h_semanage,
+ "user %s not in password file", name);
+ retval = STATUS_SUCCESS;
goto cleanup;
}
+ } else {
+ if (retval)
+ WARN(s->h_semanage,
+ "There should be no Unix identity \"%s\" !", SYS_OBJECTS_USERID);
- WARN(s->h_semanage,
- "user %s not in password file", name);
retval = STATUS_SUCCESS;
goto cleanup;
}
diff -pru a/src/user_extra_record.c b/src/user_extra_record.c
--- a/src/user_extra_record.c 2016-10-14 17:31:26.000000000 +0200
+++ b/src/user_extra_record.c 2016-12-29 17:17:26.168737139 +0100
@@ -37,8 +37,9 @@ static int semanage_user_extra_key_extra
semanage_user_key_t ** key_ptr)
{
- if (semanage_user_key_create(handle, user_extra->name, key_ptr) < 0)
- goto err;
+ if (user_extra)
+ if (semanage_user_key_create(handle, user_extra->name, key_ptr) < 0)
+ goto err;
return STATUS_SUCCESS;
@@ -54,7 +55,10 @@ static int semanage_user_extra_compare(c
const char *name;
semanage_user_key_unpack(key, &name);
- return strcmp(user_extra->name, name);
+ if (user_extra)
+ return strcmp(user_extra->name, name);
+ else
+ return 1;
}
static int semanage_user_extra_compare2(const semanage_user_extra_t *
@@ -63,7 +67,10 @@ static int semanage_user_extra_compare2(
user_extra2)
{
- return strcmp(user_extra->name, user_extra2->name);
+ if (user_extra && user_extra2)
+ return strcmp(user_extra->name, user_extra2->name);
+ else
+ return 1;
}
static int semanage_user_extra_compare2_qsort(const semanage_user_extra_t **
@@ -72,7 +79,10 @@ static int semanage_user_extra_compare2_
user_extra2)
{
- return strcmp((*user_extra)->name, (*user_extra2)->name);
+ if (*user_extra && *user_extra2)
+ return strcmp((*user_extra)->name, (*user_extra2)->name);
+ else
+ return 1;
}
/* Name */
@@ -80,7 +90,10 @@ hidden const char *semanage_user_extra_g
user_extra)
{
- return user_extra->name;
+ if (user_extra)
+ return user_extra->name;
+ else
+ return NULL;
}
hidden int semanage_user_extra_set_name(semanage_handle_t * handle,
@@ -88,6 +101,9 @@ hidden int semanage_user_extra_set_name(
const char *name)
{
+ if (!user_extra)
+ return STATUS_SUCCESS;
+
char *tmp_name = strdup(name);
if (!tmp_name) {
ERR(handle, "out of memory, could not set name %s "
@@ -104,7 +120,10 @@ hidden const char *semanage_user_extra_g
user_extra)
{
- return user_extra->prefix;
+ if (user_extra)
+ return user_extra->prefix;
+ else
+ return NULL;
}
hidden int semanage_user_extra_set_prefix(semanage_handle_t * handle,
@@ -112,6 +131,9 @@ hidden int semanage_user_extra_set_prefi
const char *prefix)
{
+ if (!user_extra)
+ return STATUS_SUCCESS;
+
char *tmp_prefix = strdup(prefix);
if (!tmp_prefix) {
ERR(handle, "out of memory, could not set prefix %s "
@@ -162,6 +184,9 @@ hidden int semanage_user_extra_clone(sem
semanage_user_extra_t ** user_extra_ptr)
{
+ if (!user_extra)
+ return STATUS_SUCCESS;
+
semanage_user_extra_t *new_user_extra = NULL;
if (semanage_user_extra_create(handle, &new_user_extra) < 0)
diff -pru a/src/user_record.c b/src/user_record.c
--- a/src/user_record.c 2016-10-14 17:31:26.000000000 +0200
+++ b/src/user_record.c 2016-12-29 19:23:11.783720792 +0100
@@ -313,6 +313,7 @@ hidden int semanage_user_join(semanage_h
{
const char *name;
+ const char *prefix = NULL;
semanage_user_t *tmp_user = calloc(1, sizeof(semanage_user_t));
if (!tmp_user)
goto omem;
@@ -324,6 +325,9 @@ hidden int semanage_user_join(semanage_h
else
name = semanage_user_base_get_name(record1);
+ if (record2)
+ prefix = semanage_user_extra_get_prefix(record2);
+
/* Join base record if it exists, create a blank one otherwise */
if (record1) {
if (semanage_user_base_clone(handle, record1, &tmp_user->base) <
@@ -337,21 +341,27 @@ hidden int semanage_user_join(semanage_h
goto err;
}
- /* Join extra record if it exists, create a blank one otherwise */
- if (record2) {
- if (semanage_user_extra_clone(handle, record2, &tmp_user->extra)
- < 0)
- goto err;
- } else {
- if (semanage_user_extra_create(handle, &tmp_user->extra) < 0)
- goto err;
- if (semanage_user_extra_set_name(handle, tmp_user->extra, name)
- < 0)
- goto err;
- if (semanage_user_extra_set_prefix
- (handle, tmp_user->extra, "user") < 0)
- goto err;
- }
+ /* SELinux identities without a prefix shall not have an extra record */
+ if (prefix) {
+ /* Join extra record if it exists, create a blank one otherwise */
+ if (record2) {
+ if (&tmp_user->extra)
+ if (semanage_user_extra_clone(handle, record2, &tmp_user->extra)
+ < 0)
+ goto err;
+ } else {
+ if (semanage_user_extra_create(handle, &tmp_user->extra) < 0)
+ goto err;
+ if (semanage_user_extra_set_name(handle, tmp_user->extra, name)
+ < 0)
+ goto err;
+
+ if (semanage_user_extra_set_prefix
+ (handle, tmp_user->extra, "user") < 0)
+ goto err;
+ }
+ } else
+ tmp_user->extra = NULL;
if (semanage_user_set_name(handle, tmp_user, name) < 0)
goto err;
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH v2] libsemanage: special handling of the identity reserved to system objects
2016-12-29 18:45 ` [PATCH v2] " Guido Trentalancia
@ 2017-01-09 18:39 ` Stephen Smalley
2017-01-09 18:46 ` Guido Trentalancia
0 siblings, 1 reply; 11+ messages in thread
From: Stephen Smalley @ 2017-01-09 18:39 UTC (permalink / raw)
To: Guido Trentalancia, selinux
On Thu, 2016-12-29 at 19:45 +0100, Guido Trentalancia wrote:
> The following patch makes sure that the SELinux identity
> reserved for system processes and objects is skipped
> when adding users.
>
> A warning is produced when a Unix identity is found to be
> equal to the SELinux user identity for system processes
> and objects.
>
> This patch also avoids creating an extra record for a user
> if there is no prefix.
What problem are you encountering that motivated this patch?
What is a test case for this problem?
What is the behavior before and after this patch?
>
> Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
> ---
> include/semanage/user_record.h | 2 ++
> src/genhomedircon.c | 23 +++++++++++++++++++----
> src/user_extra_record.c | 39
> ++++++++++++++++++++++++++++++++-------
> src/user_record.c | 40 +++++++++++++++++++++++++-----
> ----------
> 4 files changed, 78 insertions(+), 26 deletions(-)
>
> diff -pru a/include/semanage/user_record.h
> b/include/semanage/user_record.h
> --- a/include/semanage/user_record.h 2016-10-14
> 17:31:26.000000000 +0200
> +++ b/include/semanage/user_record.h 2016-12-28
> 23:22:50.848589870 +0100
> @@ -6,6 +6,8 @@
> #include <stddef.h>
> #include <semanage/handle.h>
>
> +#define SYS_OBJECTS_USERID "system_u"
> +
> struct semanage_user;
> typedef struct semanage_user semanage_user_t;
>
> diff -pru a/src/genhomedircon.c b/src/genhomedircon.c
> --- a/src/genhomedircon.c 2016-10-14 17:31:26.000000000 +0200
> +++ b/src/genhomedircon.c 2016-12-29 17:50:10.781727455 +0100
> @@ -181,6 +181,9 @@ static int ignore(const char *homedir) {
> static int prefix_is_homedir_role(const semanage_user_t *user,
> const char *prefix)
> {
> + if (!prefix)
> + return 0;
> +
> return strcmp(OBJECT_R, prefix) == 0 ||
> semanage_user_has_role(user, prefix);
> }
> @@ -998,14 +1001,26 @@ static int add_user(genhomedircon_settin
> homedir_role = prefix;
> }
>
> + /* There should be no Unix identity corresponding
> + * to SELinux user reserved for system processes
> + * and objects */
> retval = getpwnam_r(name, &pwstorage, rbuf, rbuflen,
> &pwent);
> - if (retval != 0 || pwent == NULL) {
> - if (retval != 0 && retval != ENOENT) {
> + if (strcmp(name, SYS_OBJECTS_USERID)) {
> + if (retval != 0 || pwent == NULL) {
> + if (retval != 0 && retval != ENOENT) {
> + goto cleanup;
> + }
> +
> + WARN(s->h_semanage,
> + "user %s not in password file", name);
> + retval = STATUS_SUCCESS;
> goto cleanup;
> }
> + } else {
> + if (retval)
> + WARN(s->h_semanage,
> + "There should be no Unix identity
> \"%s\" !", SYS_OBJECTS_USERID);
>
> - WARN(s->h_semanage,
> - "user %s not in password file", name);
> retval = STATUS_SUCCESS;
> goto cleanup;
> }
> diff -pru a/src/user_extra_record.c b/src/user_extra_record.c
> --- a/src/user_extra_record.c 2016-10-14 17:31:26.000000000
> +0200
> +++ b/src/user_extra_record.c 2016-12-29 17:17:26.168737139
> +0100
> @@ -37,8 +37,9 @@ static int semanage_user_extra_key_extra
> semanage_user_key_t **
> key_ptr)
> {
>
> - if (semanage_user_key_create(handle, user_extra->name,
> key_ptr) < 0)
> - goto err;
> + if (user_extra)
> + if (semanage_user_key_create(handle, user_extra-
> >name, key_ptr) < 0)
> + goto err;
>
> return STATUS_SUCCESS;
>
> @@ -54,7 +55,10 @@ static int semanage_user_extra_compare(c
> const char *name;
> semanage_user_key_unpack(key, &name);
>
> - return strcmp(user_extra->name, name);
> + if (user_extra)
> + return strcmp(user_extra->name, name);
> + else
> + return 1;
> }
>
> static int semanage_user_extra_compare2(const semanage_user_extra_t
> *
> @@ -63,7 +67,10 @@ static int semanage_user_extra_compare2(
> user_extra2)
> {
>
> - return strcmp(user_extra->name, user_extra2->name);
> + if (user_extra && user_extra2)
> + return strcmp(user_extra->name, user_extra2->name);
> + else
> + return 1;
> }
>
> static int semanage_user_extra_compare2_qsort(const
> semanage_user_extra_t **
> @@ -72,7 +79,10 @@ static int semanage_user_extra_compare2_
> user_extra2)
> {
>
> - return strcmp((*user_extra)->name, (*user_extra2)->name);
> + if (*user_extra && *user_extra2)
> + return strcmp((*user_extra)->name, (*user_extra2)-
> >name);
> + else
> + return 1;
> }
>
> /* Name */
> @@ -80,7 +90,10 @@ hidden const char *semanage_user_extra_g
> user_extra)
> {
>
> - return user_extra->name;
> + if (user_extra)
> + return user_extra->name;
> + else
> + return NULL;
> }
>
> hidden int semanage_user_extra_set_name(semanage_handle_t * handle,
> @@ -88,6 +101,9 @@ hidden int semanage_user_extra_set_name(
> const char *name)
> {
>
> + if (!user_extra)
> + return STATUS_SUCCESS;
> +
> char *tmp_name = strdup(name);
> if (!tmp_name) {
> ERR(handle, "out of memory, could not set name %s "
> @@ -104,7 +120,10 @@ hidden const char *semanage_user_extra_g
> user_extra)
> {
>
> - return user_extra->prefix;
> + if (user_extra)
> + return user_extra->prefix;
> + else
> + return NULL;
> }
>
> hidden int semanage_user_extra_set_prefix(semanage_handle_t *
> handle,
> @@ -112,6 +131,9 @@ hidden int semanage_user_extra_set_prefi
> const char *prefix)
> {
>
> + if (!user_extra)
> + return STATUS_SUCCESS;
> +
> char *tmp_prefix = strdup(prefix);
> if (!tmp_prefix) {
> ERR(handle, "out of memory, could not set prefix %s
> "
> @@ -162,6 +184,9 @@ hidden int semanage_user_extra_clone(sem
> semanage_user_extra_t **
> user_extra_ptr)
> {
>
> + if (!user_extra)
> + return STATUS_SUCCESS;
> +
> semanage_user_extra_t *new_user_extra = NULL;
>
> if (semanage_user_extra_create(handle, &new_user_extra) < 0)
> diff -pru a/src/user_record.c b/src/user_record.c
> --- a/src/user_record.c 2016-10-14 17:31:26.000000000 +0200
> +++ b/src/user_record.c 2016-12-29 19:23:11.783720792 +0100
> @@ -313,6 +313,7 @@ hidden int semanage_user_join(semanage_h
> {
>
> const char *name;
> + const char *prefix = NULL;
> semanage_user_t *tmp_user = calloc(1,
> sizeof(semanage_user_t));
> if (!tmp_user)
> goto omem;
> @@ -324,6 +325,9 @@ hidden int semanage_user_join(semanage_h
> else
> name = semanage_user_base_get_name(record1);
>
> + if (record2)
> + prefix = semanage_user_extra_get_prefix(record2);
> +
> /* Join base record if it exists, create a blank one
> otherwise */
> if (record1) {
> if (semanage_user_base_clone(handle, record1,
> &tmp_user->base) <
> @@ -337,21 +341,27 @@ hidden int semanage_user_join(semanage_h
> goto err;
> }
>
> - /* Join extra record if it exists, create a blank one
> otherwise */
> - if (record2) {
> - if (semanage_user_extra_clone(handle, record2,
> &tmp_user->extra)
> - < 0)
> - goto err;
> - } else {
> - if (semanage_user_extra_create(handle, &tmp_user-
> >extra) < 0)
> - goto err;
> - if (semanage_user_extra_set_name(handle, tmp_user-
> >extra, name)
> - < 0)
> - goto err;
> - if (semanage_user_extra_set_prefix
> - (handle, tmp_user->extra, "user") < 0)
> - goto err;
> - }
> + /* SELinux identities without a prefix shall not have an
> extra record */
> + if (prefix) {
> + /* Join extra record if it exists, create a blank
> one otherwise */
> + if (record2) {
> + if (&tmp_user->extra)
> + if
> (semanage_user_extra_clone(handle, record2, &tmp_user->extra)
> + < 0)
> + goto err;
> + } else {
> + if (semanage_user_extra_create(handle,
> &tmp_user->extra) < 0)
> + goto err;
> + if (semanage_user_extra_set_name(handle,
> tmp_user->extra, name)
> + < 0)
> + goto err;
> +
> + if (semanage_user_extra_set_prefix
> + (handle, tmp_user->extra, "user") < 0)
> + goto err;
> + }
> + } else
> + tmp_user->extra = NULL;
>
> if (semanage_user_set_name(handle, tmp_user, name) < 0)
> goto err;
> _______________________________________________
> Selinux mailing list
> Selinux@tycho.nsa.gov
> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
> To get help, send an email containing "help" to Selinux-request@tycho
> .nsa.gov.
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH v2] libsemanage: special handling of the identity reserved to system objects
2017-01-09 18:39 ` Stephen Smalley
@ 2017-01-09 18:46 ` Guido Trentalancia
2017-01-09 18:51 ` Stephen Smalley
0 siblings, 1 reply; 11+ messages in thread
From: Guido Trentalancia @ 2017-01-09 18:46 UTC (permalink / raw)
To: Stephen Smalley, selinux
Hello,
the patch has been motivated by the fact that libsemanage currently searches for the user "system_u" in the passwd file and reports "user system_u not in passwd file".
Also, I have considered the notes in the file policy/users from Reference Policy.
Finally, the prefix for system_u is wrongly set to "user_u" (it shouldn't have it).
I have tested the patch and it seems to work fine.
I hope it helps.
Kind regards,
Guido Trentalancia
On the 9th of January 2017 19:39:10 CET, Stephen Smalley <sds@tycho.nsa.gov> wrote:
>On Thu, 2016-12-29 at 19:45 +0100, Guido Trentalancia wrote:
>> The following patch makes sure that the SELinux identity
>> reserved for system processes and objects is skipped
>> when adding users.
>>
>> A warning is produced when a Unix identity is found to be
>> equal to the SELinux user identity for system processes
>> and objects.
>>
>> This patch also avoids creating an extra record for a user
>> if there is no prefix.
>
>What problem are you encountering that motivated this patch?
>What is a test case for this problem?
>What is the behavior before and after this patch?
>
>>
>> Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
>> ---
>> include/semanage/user_record.h | 2 ++
>> src/genhomedircon.c | 23 +++++++++++++++++++----
>> src/user_extra_record.c | 39
>> ++++++++++++++++++++++++++++++++-------
>> src/user_record.c | 40 +++++++++++++++++++++++++-----
>> ----------
>> 4 files changed, 78 insertions(+), 26 deletions(-)
>>
>> diff -pru a/include/semanage/user_record.h
>> b/include/semanage/user_record.h
>> --- a/include/semanage/user_record.h 2016-10-14
>> 17:31:26.000000000 +0200
>> +++ b/include/semanage/user_record.h 2016-12-28
>> 23:22:50.848589870 +0100
>> @@ -6,6 +6,8 @@
>> #include <stddef.h>
>> #include <semanage/handle.h>
>>
>> +#define SYS_OBJECTS_USERID "system_u"
>> +
>> struct semanage_user;
>> typedef struct semanage_user semanage_user_t;
>>
>> diff -pru a/src/genhomedircon.c b/src/genhomedircon.c
>> --- a/src/genhomedircon.c 2016-10-14 17:31:26.000000000 +0200
>> +++ b/src/genhomedircon.c 2016-12-29 17:50:10.781727455 +0100
>> @@ -181,6 +181,9 @@ static int ignore(const char *homedir) {
>> static int prefix_is_homedir_role(const semanage_user_t *user,
>> const char *prefix)
>> {
>> + if (!prefix)
>> + return 0;
>> +
>> return strcmp(OBJECT_R, prefix) == 0 ||
>> semanage_user_has_role(user, prefix);
>> }
>> @@ -998,14 +1001,26 @@ static int add_user(genhomedircon_settin
>> homedir_role = prefix;
>> }
>>
>> + /* There should be no Unix identity corresponding
>> + * to SELinux user reserved for system processes
>> + * and objects */
>> retval = getpwnam_r(name, &pwstorage, rbuf, rbuflen,
>> &pwent);
>> - if (retval != 0 || pwent == NULL) {
>> - if (retval != 0 && retval != ENOENT) {
>> + if (strcmp(name, SYS_OBJECTS_USERID)) {
>> + if (retval != 0 || pwent == NULL) {
>> + if (retval != 0 && retval != ENOENT) {
>> + goto cleanup;
>> + }
>> +
>> + WARN(s->h_semanage,
>> + "user %s not in password file", name);
>> + retval = STATUS_SUCCESS;
>> goto cleanup;
>> }
>> + } else {
>> + if (retval)
>> + WARN(s->h_semanage,
>> + "There should be no Unix identity
>> \"%s\" !", SYS_OBJECTS_USERID);
>>
>> - WARN(s->h_semanage,
>> - "user %s not in password file", name);
>> retval = STATUS_SUCCESS;
>> goto cleanup;
>> }
>> diff -pru a/src/user_extra_record.c b/src/user_extra_record.c
>> --- a/src/user_extra_record.c 2016-10-14 17:31:26.000000000
>> +0200
>> +++ b/src/user_extra_record.c 2016-12-29 17:17:26.168737139
>> +0100
>> @@ -37,8 +37,9 @@ static int semanage_user_extra_key_extra
>> semanage_user_key_t **
>> key_ptr)
>> {
>>
>> - if (semanage_user_key_create(handle, user_extra->name,
>> key_ptr) < 0)
>> - goto err;
>> + if (user_extra)
>> + if (semanage_user_key_create(handle, user_extra-
>> >name, key_ptr) < 0)
>> + goto err;
>>
>> return STATUS_SUCCESS;
>>
>> @@ -54,7 +55,10 @@ static int semanage_user_extra_compare(c
>> const char *name;
>> semanage_user_key_unpack(key, &name);
>>
>> - return strcmp(user_extra->name, name);
>> + if (user_extra)
>> + return strcmp(user_extra->name, name);
>> + else
>> + return 1;
>> }
>>
>> static int semanage_user_extra_compare2(const semanage_user_extra_t
>> *
>> @@ -63,7 +67,10 @@ static int semanage_user_extra_compare2(
>> user_extra2)
>> {
>>
>> - return strcmp(user_extra->name, user_extra2->name);
>> + if (user_extra && user_extra2)
>> + return strcmp(user_extra->name, user_extra2->name);
>> + else
>> + return 1;
>> }
>>
>> static int semanage_user_extra_compare2_qsort(const
>> semanage_user_extra_t **
>> @@ -72,7 +79,10 @@ static int semanage_user_extra_compare2_
>> user_extra2)
>> {
>>
>> - return strcmp((*user_extra)->name, (*user_extra2)->name);
>> + if (*user_extra && *user_extra2)
>> + return strcmp((*user_extra)->name, (*user_extra2)-
>> >name);
>> + else
>> + return 1;
>> }
>>
>> /* Name */
>> @@ -80,7 +90,10 @@ hidden const char *semanage_user_extra_g
>> user_extra)
>> {
>>
>> - return user_extra->name;
>> + if (user_extra)
>> + return user_extra->name;
>> + else
>> + return NULL;
>> }
>>
>> hidden int semanage_user_extra_set_name(semanage_handle_t * handle,
>> @@ -88,6 +101,9 @@ hidden int semanage_user_extra_set_name(
>> const char *name)
>> {
>>
>> + if (!user_extra)
>> + return STATUS_SUCCESS;
>> +
>> char *tmp_name = strdup(name);
>> if (!tmp_name) {
>> ERR(handle, "out of memory, could not set name %s "
>> @@ -104,7 +120,10 @@ hidden const char *semanage_user_extra_g
>> user_extra)
>> {
>>
>> - return user_extra->prefix;
>> + if (user_extra)
>> + return user_extra->prefix;
>> + else
>> + return NULL;
>> }
>>
>> hidden int semanage_user_extra_set_prefix(semanage_handle_t *
>> handle,
>> @@ -112,6 +131,9 @@ hidden int semanage_user_extra_set_prefi
>> const char *prefix)
>> {
>>
>> + if (!user_extra)
>> + return STATUS_SUCCESS;
>> +
>> char *tmp_prefix = strdup(prefix);
>> if (!tmp_prefix) {
>> ERR(handle, "out of memory, could not set prefix %s
>> "
>> @@ -162,6 +184,9 @@ hidden int semanage_user_extra_clone(sem
>> semanage_user_extra_t **
>> user_extra_ptr)
>> {
>>
>> + if (!user_extra)
>> + return STATUS_SUCCESS;
>> +
>> semanage_user_extra_t *new_user_extra = NULL;
>>
>> if (semanage_user_extra_create(handle, &new_user_extra) < 0)
>> diff -pru a/src/user_record.c b/src/user_record.c
>> --- a/src/user_record.c 2016-10-14 17:31:26.000000000 +0200
>> +++ b/src/user_record.c 2016-12-29 19:23:11.783720792 +0100
>> @@ -313,6 +313,7 @@ hidden int semanage_user_join(semanage_h
>> {
>>
>> const char *name;
>> + const char *prefix = NULL;
>> semanage_user_t *tmp_user = calloc(1,
>> sizeof(semanage_user_t));
>> if (!tmp_user)
>> goto omem;
>> @@ -324,6 +325,9 @@ hidden int semanage_user_join(semanage_h
>> else
>> name = semanage_user_base_get_name(record1);
>>
>> + if (record2)
>> + prefix = semanage_user_extra_get_prefix(record2);
>> +
>> /* Join base record if it exists, create a blank one
>> otherwise */
>> if (record1) {
>> if (semanage_user_base_clone(handle, record1,
>> &tmp_user->base) <
>> @@ -337,21 +341,27 @@ hidden int semanage_user_join(semanage_h
>> goto err;
>> }
>>
>> - /* Join extra record if it exists, create a blank one
>> otherwise */
>> - if (record2) {
>> - if (semanage_user_extra_clone(handle, record2,
>> &tmp_user->extra)
>> - < 0)
>> - goto err;
>> - } else {
>> - if (semanage_user_extra_create(handle, &tmp_user-
>> >extra) < 0)
>> - goto err;
>> - if (semanage_user_extra_set_name(handle, tmp_user-
>> >extra, name)
>> - < 0)
>> - goto err;
>> - if (semanage_user_extra_set_prefix
>> - (handle, tmp_user->extra, "user") < 0)
>> - goto err;
>> - }
>> + /* SELinux identities without a prefix shall not have an
>> extra record */
>> + if (prefix) {
>> + /* Join extra record if it exists, create a blank
>> one otherwise */
>> + if (record2) {
>> + if (&tmp_user->extra)
>> + if
>> (semanage_user_extra_clone(handle, record2, &tmp_user->extra)
>> + < 0)
>> + goto err;
>> + } else {
>> + if (semanage_user_extra_create(handle,
>> &tmp_user->extra) < 0)
>> + goto err;
>> + if (semanage_user_extra_set_name(handle,
>> tmp_user->extra, name)
>> + < 0)
>> + goto err;
>> +
>> + if (semanage_user_extra_set_prefix
>> + (handle, tmp_user->extra, "user") < 0)
>> + goto err;
>> + }
>> + } else
>> + tmp_user->extra = NULL;
>>
>> if (semanage_user_set_name(handle, tmp_user, name) < 0)
>> goto err;
>> _______________________________________________
>> Selinux mailing list
>> Selinux@tycho.nsa.gov
>> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
>> To get help, send an email containing "help" to Selinux-request@tycho
>> .nsa.gov.
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH v2] libsemanage: special handling of the identity reserved to system objects
2017-01-09 18:46 ` Guido Trentalancia
@ 2017-01-09 18:51 ` Stephen Smalley
2017-01-10 8:09 ` Petr Lautrbach
0 siblings, 1 reply; 11+ messages in thread
From: Stephen Smalley @ 2017-01-09 18:51 UTC (permalink / raw)
To: Guido Trentalancia, selinux
On Mon, 2017-01-09 at 19:46 +0100, Guido Trentalancia wrote:
> Hello,
>
> the patch has been motivated by the fact that libsemanage currently
> searches for the user "system_u" in the passwd file and reports "user
> system_u not in passwd file".
Don't shoot the messenger. That warning is because the Fedora policy
wrongly has system_u in its seusers/login mapping as a login name. We
should fix it there instead by removing that entry, which should not be
needed.
>
> Also, I have considered the notes in the file policy/users from
> Reference Policy.
>
> Finally, the prefix for system_u is wrongly set to "user_u" (it
> shouldn't have it).
>
> I have tested the patch and it seems to work fine.
>
> I hope it helps.
>
> Kind regards,
>
> Guido Trentalancia
>
> On the 9th of January 2017 19:39:10 CET, Stephen Smalley <sds@tycho.n
> sa.gov> wrote:
> >
> > On Thu, 2016-12-29 at 19:45 +0100, Guido Trentalancia wrote:
> > >
> > > The following patch makes sure that the SELinux identity
> > > reserved for system processes and objects is skipped
> > > when adding users.
> > >
> > > A warning is produced when a Unix identity is found to be
> > > equal to the SELinux user identity for system processes
> > > and objects.
> > >
> > > This patch also avoids creating an extra record for a user
> > > if there is no prefix.
> >
> > What problem are you encountering that motivated this patch?
> > What is a test case for this problem?
> > What is the behavior before and after this patch?
> >
> > >
> > >
> > > Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
> > > ---
> > > include/semanage/user_record.h | 2 ++
> > > src/genhomedircon.c | 23 +++++++++++++++++++----
> > > src/user_extra_record.c | 39
> > > ++++++++++++++++++++++++++++++++-------
> > > src/user_record.c | 40 +++++++++++++++++++++++++-
> > > ----
> > > ----------
> > > 4 files changed, 78 insertions(+), 26 deletions(-)
> > >
> > > diff -pru a/include/semanage/user_record.h
> > > b/include/semanage/user_record.h
> > > --- a/include/semanage/user_record.h 2016-10-14
> > > 17:31:26.000000000 +0200
> > > +++ b/include/semanage/user_record.h 2016-12-28
> > > 23:22:50.848589870 +0100
> > > @@ -6,6 +6,8 @@
> > > #include <stddef.h>
> > > #include <semanage/handle.h>
> > >
> > > +#define SYS_OBJECTS_USERID "system_u"
> > > +
> > > struct semanage_user;
> > > typedef struct semanage_user semanage_user_t;
> > >
> > > diff -pru a/src/genhomedircon.c b/src/genhomedircon.c
> > > --- a/src/genhomedircon.c 2016-10-14 17:31:26.000000000
> > > +0200
> > > +++ b/src/genhomedircon.c 2016-12-29 17:50:10.781727455
> > > +0100
> > > @@ -181,6 +181,9 @@ static int ignore(const char *homedir) {
> > > static int prefix_is_homedir_role(const semanage_user_t *user,
> > > const char *prefix)
> > > {
> > > + if (!prefix)
> > > + return 0;
> > > +
> > > return strcmp(OBJECT_R, prefix) == 0 ||
> > > semanage_user_has_role(user, prefix);
> > > }
> > > @@ -998,14 +1001,26 @@ static int add_user(genhomedircon_settin
> > > homedir_role = prefix;
> > > }
> > >
> > > + /* There should be no Unix identity corresponding
> > > + * to SELinux user reserved for system processes
> > > + * and objects */
> > > retval = getpwnam_r(name, &pwstorage, rbuf, rbuflen,
> > > &pwent);
> > > - if (retval != 0 || pwent == NULL) {
> > > - if (retval != 0 && retval != ENOENT) {
> > > + if (strcmp(name, SYS_OBJECTS_USERID)) {
> > > + if (retval != 0 || pwent == NULL) {
> > > + if (retval != 0 && retval != ENOENT) {
> > > + goto cleanup;
> > > + }
> > > +
> > > + WARN(s->h_semanage,
> > > + "user %s not in password file",
> > > name);
> > > + retval = STATUS_SUCCESS;
> > > goto cleanup;
> > > }
> > > + } else {
> > > + if (retval)
> > > + WARN(s->h_semanage,
> > > + "There should be no Unix identity
> > > \"%s\" !", SYS_OBJECTS_USERID);
> > >
> > > - WARN(s->h_semanage,
> > > - "user %s not in password file", name);
> > > retval = STATUS_SUCCESS;
> > > goto cleanup;
> > > }
> > > diff -pru a/src/user_extra_record.c b/src/user_extra_record.c
> > > --- a/src/user_extra_record.c 2016-10-14
> > > 17:31:26.000000000
> > > +0200
> > > +++ b/src/user_extra_record.c 2016-12-29
> > > 17:17:26.168737139
> > > +0100
> > > @@ -37,8 +37,9 @@ static int semanage_user_extra_key_extra
> > > semanage_user_key_t
> > > **
> > > key_ptr)
> > > {
> > >
> > > - if (semanage_user_key_create(handle, user_extra->name,
> > > key_ptr) < 0)
> > > - goto err;
> > > + if (user_extra)
> > > + if (semanage_user_key_create(handle, user_extra-
> > > >
> > > > name, key_ptr) < 0)
> > > + goto err;
> > >
> > > return STATUS_SUCCESS;
> > >
> > > @@ -54,7 +55,10 @@ static int semanage_user_extra_compare(c
> > > const char *name;
> > > semanage_user_key_unpack(key, &name);
> > >
> > > - return strcmp(user_extra->name, name);
> > > + if (user_extra)
> > > + return strcmp(user_extra->name, name);
> > > + else
> > > + return 1;
> > > }
> > >
> > > static int semanage_user_extra_compare2(const
> > > semanage_user_extra_t
> > > *
> > > @@ -63,7 +67,10 @@ static int semanage_user_extra_compare2(
> > > user_extra2)
> > > {
> > >
> > > - return strcmp(user_extra->name, user_extra2->name);
> > > + if (user_extra && user_extra2)
> > > + return strcmp(user_extra->name, user_extra2-
> > > >name);
> > > + else
> > > + return 1;
> > > }
> > >
> > > static int semanage_user_extra_compare2_qsort(const
> > > semanage_user_extra_t **
> > > @@ -72,7 +79,10 @@ static int semanage_user_extra_compare2_
> > > user_extra2)
> > > {
> > >
> > > - return strcmp((*user_extra)->name, (*user_extra2)-
> > > >name);
> > > + if (*user_extra && *user_extra2)
> > > + return strcmp((*user_extra)->name,
> > > (*user_extra2)-
> > > >
> > > > name);
> > > + else
> > > + return 1;
> > > }
> > >
> > > /* Name */
> > > @@ -80,7 +90,10 @@ hidden const char *semanage_user_extra_g
> > > user_extra)
> > > {
> > >
> > > - return user_extra->name;
> > > + if (user_extra)
> > > + return user_extra->name;
> > > + else
> > > + return NULL;
> > > }
> > >
> > > hidden int semanage_user_extra_set_name(semanage_handle_t *
> > > handle,
> > > @@ -88,6 +101,9 @@ hidden int semanage_user_extra_set_name(
> > > const char *name)
> > > {
> > >
> > > + if (!user_extra)
> > > + return STATUS_SUCCESS;
> > > +
> > > char *tmp_name = strdup(name);
> > > if (!tmp_name) {
> > > ERR(handle, "out of memory, could not set name
> > > %s "
> > > @@ -104,7 +120,10 @@ hidden const char *semanage_user_extra_g
> > > user_extra)
> > > {
> > >
> > > - return user_extra->prefix;
> > > + if (user_extra)
> > > + return user_extra->prefix;
> > > + else
> > > + return NULL;
> > > }
> > >
> > > hidden int semanage_user_extra_set_prefix(semanage_handle_t *
> > > handle,
> > > @@ -112,6 +131,9 @@ hidden int semanage_user_extra_set_prefi
> > > const char *prefix)
> > > {
> > >
> > > + if (!user_extra)
> > > + return STATUS_SUCCESS;
> > > +
> > > char *tmp_prefix = strdup(prefix);
> > > if (!tmp_prefix) {
> > > ERR(handle, "out of memory, could not set prefix
> > > %s
> > > "
> > > @@ -162,6 +184,9 @@ hidden int semanage_user_extra_clone(sem
> > > semanage_user_extra_t **
> > > user_extra_ptr)
> > > {
> > >
> > > + if (!user_extra)
> > > + return STATUS_SUCCESS;
> > > +
> > > semanage_user_extra_t *new_user_extra = NULL;
> > >
> > > if (semanage_user_extra_create(handle, &new_user_extra)
> > > < 0)
> > > diff -pru a/src/user_record.c b/src/user_record.c
> > > --- a/src/user_record.c 2016-10-14 17:31:26.000000000
> > > +0200
> > > +++ b/src/user_record.c 2016-12-29 19:23:11.783720792
> > > +0100
> > > @@ -313,6 +313,7 @@ hidden int semanage_user_join(semanage_h
> > > {
> > >
> > > const char *name;
> > > + const char *prefix = NULL;
> > > semanage_user_t *tmp_user = calloc(1,
> > > sizeof(semanage_user_t));
> > > if (!tmp_user)
> > > goto omem;
> > > @@ -324,6 +325,9 @@ hidden int semanage_user_join(semanage_h
> > > else
> > > name = semanage_user_base_get_name(record1);
> > >
> > > + if (record2)
> > > + prefix =
> > > semanage_user_extra_get_prefix(record2);
> > > +
> > > /* Join base record if it exists, create a blank one
> > > otherwise */
> > > if (record1) {
> > > if (semanage_user_base_clone(handle, record1,
> > > &tmp_user->base) <
> > > @@ -337,21 +341,27 @@ hidden int semanage_user_join(semanage_h
> > > goto err;
> > > }
> > >
> > > - /* Join extra record if it exists, create a blank one
> > > otherwise */
> > > - if (record2) {
> > > - if (semanage_user_extra_clone(handle, record2,
> > > &tmp_user->extra)
> > > - < 0)
> > > - goto err;
> > > - } else {
> > > - if (semanage_user_extra_create(handle,
> > > &tmp_user-
> > > >
> > > > extra) < 0)
> > > - goto err;
> > > - if (semanage_user_extra_set_name(handle,
> > > tmp_user-
> > > >
> > > > extra, name)
> > > - < 0)
> > > - goto err;
> > > - if (semanage_user_extra_set_prefix
> > > - (handle, tmp_user->extra, "user") < 0)
> > > - goto err;
> > > - }
> > > + /* SELinux identities without a prefix shall not have an
> > > extra record */
> > > + if (prefix) {
> > > + /* Join extra record if it exists, create a
> > > blank
> > > one otherwise */
> > > + if (record2) {
> > > + if (&tmp_user->extra)
> > > + if
> > > (semanage_user_extra_clone(handle, record2, &tmp_user->extra)
> > > + < 0)
> > > + goto err;
> > > + } else {
> > > + if (semanage_user_extra_create(handle,
> > > &tmp_user->extra) < 0)
> > > + goto err;
> > > + if (semanage_user_extra_set_name(handle,
> > > tmp_user->extra, name)
> > > + < 0)
> > > + goto err;
> > > +
> > > + if (semanage_user_extra_set_prefix
> > > + (handle, tmp_user->extra, "user") <
> > > 0)
> > > + goto err;
> > > + }
> > > + } else
> > > + tmp_user->extra = NULL;
> > >
> > > if (semanage_user_set_name(handle, tmp_user, name) < 0)
> > > goto err;
> > > _______________________________________________
> > > Selinux mailing list
> > > Selinux@tycho.nsa.gov
> > > To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
> > > To get help, send an email containing "help" to Selinux-request@t
> > > ycho
> > > .nsa.gov.
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH v2] libsemanage: special handling of the identity reserved to system objects
2017-01-09 18:51 ` Stephen Smalley
@ 2017-01-10 8:09 ` Petr Lautrbach
2017-01-10 13:11 ` Guido Trentalancia
0 siblings, 1 reply; 11+ messages in thread
From: Petr Lautrbach @ 2017-01-10 8:09 UTC (permalink / raw)
To: Guido Trentalancia, selinux
On 01/09/2017 07:51 PM, Stephen Smalley wrote:
> On Mon, 2017-01-09 at 19:46 +0100, Guido Trentalancia wrote:
>> Hello,
>>
>> the patch has been motivated by the fact that libsemanage currently
>> searches for the user "system_u" in the passwd file and reports "user
>> system_u not in passwd file".
>
> Don't shoot the messenger. That warning is because the Fedora policy
> wrongly has system_u in its seusers/login mapping as a login name. We
> should fix it there instead by removing that entry, which should not be
> needed.
This is supposed to be fixed in selinux-policy-3.13.1-219.fc25
Currently there's no plan to backport it to Fedora 24 as genhomedircon
in Fedora 24 still uses hardcoded system_u.
>>
>> Also, I have considered the notes in the file policy/users from
>> Reference Policy.
>>
>> Finally, the prefix for system_u is wrongly set to "user_u" (it
>> shouldn't have it).
>>
>> I have tested the patch and it seems to work fine.
>>
>> I hope it helps.
>>
>> Kind regards,
>>
>> Guido Trentalancia
>>
>> On the 9th of January 2017 19:39:10 CET, Stephen Smalley <sds@tycho.n
>> sa.gov> wrote:
>>>
>>> On Thu, 2016-12-29 at 19:45 +0100, Guido Trentalancia wrote:
>>>>
>>>> The following patch makes sure that the SELinux identity
>>>> reserved for system processes and objects is skipped
>>>> when adding users.
>>>>
>>>> A warning is produced when a Unix identity is found to be
>>>> equal to the SELinux user identity for system processes
>>>> and objects.
>>>>
>>>> This patch also avoids creating an extra record for a user
>>>> if there is no prefix.
>>>
>>> What problem are you encountering that motivated this patch?
>>> What is a test case for this problem?
>>> What is the behavior before and after this patch?
>>>
>>>>
>>>>
>>>> Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
>>>> ---
>>>> include/semanage/user_record.h | 2 ++
>>>> src/genhomedircon.c | 23 +++++++++++++++++++----
>>>> src/user_extra_record.c | 39
>>>> ++++++++++++++++++++++++++++++++-------
>>>> src/user_record.c | 40 +++++++++++++++++++++++++-
>>>> ----
>>>> ----------
>>>> 4 files changed, 78 insertions(+), 26 deletions(-)
>>>>
>>>> diff -pru a/include/semanage/user_record.h
>>>> b/include/semanage/user_record.h
>>>> --- a/include/semanage/user_record.h 2016-10-14
>>>> 17:31:26.000000000 +0200
>>>> +++ b/include/semanage/user_record.h 2016-12-28
>>>> 23:22:50.848589870 +0100
>>>> @@ -6,6 +6,8 @@
>>>> #include <stddef.h>
>>>> #include <semanage/handle.h>
>>>>
>>>> +#define SYS_OBJECTS_USERID "system_u"
>>>> +
>>>> struct semanage_user;
>>>> typedef struct semanage_user semanage_user_t;
>>>>
>>>> diff -pru a/src/genhomedircon.c b/src/genhomedircon.c
>>>> --- a/src/genhomedircon.c 2016-10-14 17:31:26.000000000
>>>> +0200
>>>> +++ b/src/genhomedircon.c 2016-12-29 17:50:10.781727455
>>>> +0100
>>>> @@ -181,6 +181,9 @@ static int ignore(const char *homedir) {
>>>> static int prefix_is_homedir_role(const semanage_user_t *user,
>>>> const char *prefix)
>>>> {
>>>> + if (!prefix)
>>>> + return 0;
>>>> +
>>>> return strcmp(OBJECT_R, prefix) == 0 ||
>>>> semanage_user_has_role(user, prefix);
>>>> }
>>>> @@ -998,14 +1001,26 @@ static int add_user(genhomedircon_settin
>>>> homedir_role = prefix;
>>>> }
>>>>
>>>> + /* There should be no Unix identity corresponding
>>>> + * to SELinux user reserved for system processes
>>>> + * and objects */
>>>> retval = getpwnam_r(name, &pwstorage, rbuf, rbuflen,
>>>> &pwent);
>>>> - if (retval != 0 || pwent == NULL) {
>>>> - if (retval != 0 && retval != ENOENT) {
>>>> + if (strcmp(name, SYS_OBJECTS_USERID)) {
>>>> + if (retval != 0 || pwent == NULL) {
>>>> + if (retval != 0 && retval != ENOENT) {
>>>> + goto cleanup;
>>>> + }
>>>> +
>>>> + WARN(s->h_semanage,
>>>> + "user %s not in password file",
>>>> name);
>>>> + retval = STATUS_SUCCESS;
>>>> goto cleanup;
>>>> }
>>>> + } else {
>>>> + if (retval)
>>>> + WARN(s->h_semanage,
>>>> + "There should be no Unix identity
>>>> \"%s\" !", SYS_OBJECTS_USERID);
>>>>
>>>> - WARN(s->h_semanage,
>>>> - "user %s not in password file", name);
>>>> retval = STATUS_SUCCESS;
>>>> goto cleanup;
>>>> }
>>>> diff -pru a/src/user_extra_record.c b/src/user_extra_record.c
>>>> --- a/src/user_extra_record.c 2016-10-14
>>>> 17:31:26.000000000
>>>> +0200
>>>> +++ b/src/user_extra_record.c 2016-12-29
>>>> 17:17:26.168737139
>>>> +0100
>>>> @@ -37,8 +37,9 @@ static int semanage_user_extra_key_extra
>>>> semanage_user_key_t
>>>> **
>>>> key_ptr)
>>>> {
>>>>
>>>> - if (semanage_user_key_create(handle, user_extra->name,
>>>> key_ptr) < 0)
>>>> - goto err;
>>>> + if (user_extra)
>>>> + if (semanage_user_key_create(handle, user_extra-
>>>>>
>>>>> name, key_ptr) < 0)
>>>> + goto err;
>>>>
>>>> return STATUS_SUCCESS;
>>>>
>>>> @@ -54,7 +55,10 @@ static int semanage_user_extra_compare(c
>>>> const char *name;
>>>> semanage_user_key_unpack(key, &name);
>>>>
>>>> - return strcmp(user_extra->name, name);
>>>> + if (user_extra)
>>>> + return strcmp(user_extra->name, name);
>>>> + else
>>>> + return 1;
>>>> }
>>>>
>>>> static int semanage_user_extra_compare2(const
>>>> semanage_user_extra_t
>>>> *
>>>> @@ -63,7 +67,10 @@ static int semanage_user_extra_compare2(
>>>> user_extra2)
>>>> {
>>>>
>>>> - return strcmp(user_extra->name, user_extra2->name);
>>>> + if (user_extra && user_extra2)
>>>> + return strcmp(user_extra->name, user_extra2-
>>>>> name);
>>>> + else
>>>> + return 1;
>>>> }
>>>>
>>>> static int semanage_user_extra_compare2_qsort(const
>>>> semanage_user_extra_t **
>>>> @@ -72,7 +79,10 @@ static int semanage_user_extra_compare2_
>>>> user_extra2)
>>>> {
>>>>
>>>> - return strcmp((*user_extra)->name, (*user_extra2)-
>>>>> name);
>>>> + if (*user_extra && *user_extra2)
>>>> + return strcmp((*user_extra)->name,
>>>> (*user_extra2)-
>>>>>
>>>>> name);
>>>> + else
>>>> + return 1;
>>>> }
>>>>
>>>> /* Name */
>>>> @@ -80,7 +90,10 @@ hidden const char *semanage_user_extra_g
>>>> user_extra)
>>>> {
>>>>
>>>> - return user_extra->name;
>>>> + if (user_extra)
>>>> + return user_extra->name;
>>>> + else
>>>> + return NULL;
>>>> }
>>>>
>>>> hidden int semanage_user_extra_set_name(semanage_handle_t *
>>>> handle,
>>>> @@ -88,6 +101,9 @@ hidden int semanage_user_extra_set_name(
>>>> const char *name)
>>>> {
>>>>
>>>> + if (!user_extra)
>>>> + return STATUS_SUCCESS;
>>>> +
>>>> char *tmp_name = strdup(name);
>>>> if (!tmp_name) {
>>>> ERR(handle, "out of memory, could not set name
>>>> %s "
>>>> @@ -104,7 +120,10 @@ hidden const char *semanage_user_extra_g
>>>> user_extra)
>>>> {
>>>>
>>>> - return user_extra->prefix;
>>>> + if (user_extra)
>>>> + return user_extra->prefix;
>>>> + else
>>>> + return NULL;
>>>> }
>>>>
>>>> hidden int semanage_user_extra_set_prefix(semanage_handle_t *
>>>> handle,
>>>> @@ -112,6 +131,9 @@ hidden int semanage_user_extra_set_prefi
>>>> const char *prefix)
>>>> {
>>>>
>>>> + if (!user_extra)
>>>> + return STATUS_SUCCESS;
>>>> +
>>>> char *tmp_prefix = strdup(prefix);
>>>> if (!tmp_prefix) {
>>>> ERR(handle, "out of memory, could not set prefix
>>>> %s
>>>> "
>>>> @@ -162,6 +184,9 @@ hidden int semanage_user_extra_clone(sem
>>>> semanage_user_extra_t **
>>>> user_extra_ptr)
>>>> {
>>>>
>>>> + if (!user_extra)
>>>> + return STATUS_SUCCESS;
>>>> +
>>>> semanage_user_extra_t *new_user_extra = NULL;
>>>>
>>>> if (semanage_user_extra_create(handle, &new_user_extra)
>>>> < 0)
>>>> diff -pru a/src/user_record.c b/src/user_record.c
>>>> --- a/src/user_record.c 2016-10-14 17:31:26.000000000
>>>> +0200
>>>> +++ b/src/user_record.c 2016-12-29 19:23:11.783720792
>>>> +0100
>>>> @@ -313,6 +313,7 @@ hidden int semanage_user_join(semanage_h
>>>> {
>>>>
>>>> const char *name;
>>>> + const char *prefix = NULL;
>>>> semanage_user_t *tmp_user = calloc(1,
>>>> sizeof(semanage_user_t));
>>>> if (!tmp_user)
>>>> goto omem;
>>>> @@ -324,6 +325,9 @@ hidden int semanage_user_join(semanage_h
>>>> else
>>>> name = semanage_user_base_get_name(record1);
>>>>
>>>> + if (record2)
>>>> + prefix =
>>>> semanage_user_extra_get_prefix(record2);
>>>> +
>>>> /* Join base record if it exists, create a blank one
>>>> otherwise */
>>>> if (record1) {
>>>> if (semanage_user_base_clone(handle, record1,
>>>> &tmp_user->base) <
>>>> @@ -337,21 +341,27 @@ hidden int semanage_user_join(semanage_h
>>>> goto err;
>>>> }
>>>>
>>>> - /* Join extra record if it exists, create a blank one
>>>> otherwise */
>>>> - if (record2) {
>>>> - if (semanage_user_extra_clone(handle, record2,
>>>> &tmp_user->extra)
>>>> - < 0)
>>>> - goto err;
>>>> - } else {
>>>> - if (semanage_user_extra_create(handle,
>>>> &tmp_user-
>>>>>
>>>>> extra) < 0)
>>>> - goto err;
>>>> - if (semanage_user_extra_set_name(handle,
>>>> tmp_user-
>>>>>
>>>>> extra, name)
>>>> - < 0)
>>>> - goto err;
>>>> - if (semanage_user_extra_set_prefix
>>>> - (handle, tmp_user->extra, "user") < 0)
>>>> - goto err;
>>>> - }
>>>> + /* SELinux identities without a prefix shall not have an
>>>> extra record */
>>>> + if (prefix) {
>>>> + /* Join extra record if it exists, create a
>>>> blank
>>>> one otherwise */
>>>> + if (record2) {
>>>> + if (&tmp_user->extra)
>>>> + if
>>>> (semanage_user_extra_clone(handle, record2, &tmp_user->extra)
>>>> + < 0)
>>>> + goto err;
>>>> + } else {
>>>> + if (semanage_user_extra_create(handle,
>>>> &tmp_user->extra) < 0)
>>>> + goto err;
>>>> + if (semanage_user_extra_set_name(handle,
>>>> tmp_user->extra, name)
>>>> + < 0)
>>>> + goto err;
>>>> +
>>>> + if (semanage_user_extra_set_prefix
>>>> + (handle, tmp_user->extra, "user") <
>>>> 0)
>>>> + goto err;
>>>> + }
>>>> + } else
>>>> + tmp_user->extra = NULL;
>>>>
>>>> if (semanage_user_set_name(handle, tmp_user, name) < 0)
>>>> goto err;
>>>> _______________________________________________
>>>> Selinux mailing list
>>>> Selinux@tycho.nsa.gov
>>>> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
>>>> To get help, send an email containing "help" to Selinux-request@t
>>>> ycho
>>>> .nsa.gov.
> _______________________________________________
> Selinux mailing list
> Selinux@tycho.nsa.gov
> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
> To get help, send an email containing "help" to Selinux-request@tycho.nsa.gov.
>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH v2] libsemanage: special handling of the identity reserved to system objects
2017-01-10 8:09 ` Petr Lautrbach
@ 2017-01-10 13:11 ` Guido Trentalancia
2017-01-10 13:14 ` Jason Zaman
0 siblings, 1 reply; 11+ messages in thread
From: Guido Trentalancia @ 2017-01-10 13:11 UTC (permalink / raw)
To: selinux
Hello.
I am not using the Fedora policy, but in Reference Policy, if I comment out the line containing "system_u" in the files config/appconfig-{standard,mcs,mls}/seusers then the problem disappears...
Regards,
Guido
Il 10 gennaio 2017 09:09:57 CET, Petr Lautrbach <plautrba@redhat.com> ha scritto:
>On 01/09/2017 07:51 PM, Stephen Smalley wrote:
>> On Mon, 2017-01-09 at 19:46 +0100, Guido Trentalancia wrote:
>>> Hello,
>>>
>>> the patch has been motivated by the fact that libsemanage currently
>>> searches for the user "system_u" in the passwd file and reports
>"user
>>> system_u not in passwd file".
>>
>> Don't shoot the messenger. That warning is because the Fedora policy
>> wrongly has system_u in its seusers/login mapping as a login name.
>We
>> should fix it there instead by removing that entry, which should not
>be
>> needed.
>
>This is supposed to be fixed in selinux-policy-3.13.1-219.fc25
>
>Currently there's no plan to backport it to Fedora 24 as genhomedircon
>in Fedora 24 still uses hardcoded system_u.
>
>
>>>
>>> Also, I have considered the notes in the file policy/users from
>>> Reference Policy.
>>>
>>> Finally, the prefix for system_u is wrongly set to "user_u" (it
>>> shouldn't have it).
>>>
>>> I have tested the patch and it seems to work fine.
>>>
>>> I hope it helps.
>>>
>>> Kind regards,
>>>
>>> Guido Trentalancia
>>>
>>> On the 9th of January 2017 19:39:10 CET, Stephen Smalley
><sds@tycho.n
>>> sa.gov> wrote:
>>>>
>>>> On Thu, 2016-12-29 at 19:45 +0100, Guido Trentalancia wrote:
>>>>>
>>>>> The following patch makes sure that the SELinux identity
>>>>> reserved for system processes and objects is skipped
>>>>> when adding users.
>>>>>
>>>>> A warning is produced when a Unix identity is found to be
>>>>> equal to the SELinux user identity for system processes
>>>>> and objects.
>>>>>
>>>>> This patch also avoids creating an extra record for a user
>>>>> if there is no prefix.
>>>>
>>>> What problem are you encountering that motivated this patch?
>>>> What is a test case for this problem?
>>>> What is the behavior before and after this patch?
>>>>
>>>>>
>>>>>
>>>>> Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
>>>>> ---
>>>>> include/semanage/user_record.h | 2 ++
>>>>> src/genhomedircon.c | 23 +++++++++++++++++++----
>>>>> src/user_extra_record.c | 39
>>>>> ++++++++++++++++++++++++++++++++-------
>>>>> src/user_record.c | 40 +++++++++++++++++++++++++-
>>>>> ----
>>>>> ----------
>>>>> 4 files changed, 78 insertions(+), 26 deletions(-)
>>>>>
>>>>> diff -pru a/include/semanage/user_record.h
>>>>> b/include/semanage/user_record.h
>>>>> --- a/include/semanage/user_record.h 2016-10-14
>>>>> 17:31:26.000000000 +0200
>>>>> +++ b/include/semanage/user_record.h 2016-12-28
>>>>> 23:22:50.848589870 +0100
>>>>> @@ -6,6 +6,8 @@
>>>>> #include <stddef.h>
>>>>> #include <semanage/handle.h>
>>>>>
>>>>> +#define SYS_OBJECTS_USERID "system_u"
>>>>> +
>>>>> struct semanage_user;
>>>>> typedef struct semanage_user semanage_user_t;
>>>>>
>>>>> diff -pru a/src/genhomedircon.c b/src/genhomedircon.c
>>>>> --- a/src/genhomedircon.c 2016-10-14 17:31:26.000000000
>>>>> +0200
>>>>> +++ b/src/genhomedircon.c 2016-12-29 17:50:10.781727455
>>>>> +0100
>>>>> @@ -181,6 +181,9 @@ static int ignore(const char *homedir) {
>>>>> static int prefix_is_homedir_role(const semanage_user_t *user,
>>>>> const char *prefix)
>>>>> {
>>>>> + if (!prefix)
>>>>> + return 0;
>>>>> +
>>>>> return strcmp(OBJECT_R, prefix) == 0 ||
>>>>> semanage_user_has_role(user, prefix);
>>>>> }
>>>>> @@ -998,14 +1001,26 @@ static int add_user(genhomedircon_settin
>>>>> homedir_role = prefix;
>>>>> }
>>>>>
>>>>> + /* There should be no Unix identity corresponding
>>>>> + * to SELinux user reserved for system processes
>>>>> + * and objects */
>>>>> retval = getpwnam_r(name, &pwstorage, rbuf, rbuflen,
>>>>> &pwent);
>>>>> - if (retval != 0 || pwent == NULL) {
>>>>> - if (retval != 0 && retval != ENOENT) {
>>>>> + if (strcmp(name, SYS_OBJECTS_USERID)) {
>>>>> + if (retval != 0 || pwent == NULL) {
>>>>> + if (retval != 0 && retval != ENOENT) {
>>>>> + goto cleanup;
>>>>> + }
>>>>> +
>>>>> + WARN(s->h_semanage,
>>>>> + "user %s not in password file",
>>>>> name);
>>>>> + retval = STATUS_SUCCESS;
>>>>> goto cleanup;
>>>>> }
>>>>> + } else {
>>>>> + if (retval)
>>>>> + WARN(s->h_semanage,
>>>>> + "There should be no Unix identity
>>>>> \"%s\" !", SYS_OBJECTS_USERID);
>>>>>
>>>>> - WARN(s->h_semanage,
>>>>> - "user %s not in password file", name);
>>>>> retval = STATUS_SUCCESS;
>>>>> goto cleanup;
>>>>> }
>>>>> diff -pru a/src/user_extra_record.c b/src/user_extra_record.c
>>>>> --- a/src/user_extra_record.c 2016-10-14
>>>>> 17:31:26.000000000
>>>>> +0200
>>>>> +++ b/src/user_extra_record.c 2016-12-29
>>>>> 17:17:26.168737139
>>>>> +0100
>>>>> @@ -37,8 +37,9 @@ static int semanage_user_extra_key_extra
>>>>> semanage_user_key_t
>>>>> **
>>>>> key_ptr)
>>>>> {
>>>>>
>>>>> - if (semanage_user_key_create(handle, user_extra->name,
>>>>> key_ptr) < 0)
>>>>> - goto err;
>>>>> + if (user_extra)
>>>>> + if (semanage_user_key_create(handle, user_extra-
>>>>>>
>>>>>> name, key_ptr) < 0)
>>>>> + goto err;
>>>>>
>>>>> return STATUS_SUCCESS;
>>>>>
>>>>> @@ -54,7 +55,10 @@ static int semanage_user_extra_compare(c
>>>>> const char *name;
>>>>> semanage_user_key_unpack(key, &name);
>>>>>
>>>>> - return strcmp(user_extra->name, name);
>>>>> + if (user_extra)
>>>>> + return strcmp(user_extra->name, name);
>>>>> + else
>>>>> + return 1;
>>>>> }
>>>>>
>>>>> static int semanage_user_extra_compare2(const
>>>>> semanage_user_extra_t
>>>>> *
>>>>> @@ -63,7 +67,10 @@ static int semanage_user_extra_compare2(
>>>>> user_extra2)
>>>>> {
>>>>>
>>>>> - return strcmp(user_extra->name, user_extra2->name);
>>>>> + if (user_extra && user_extra2)
>>>>> + return strcmp(user_extra->name, user_extra2-
>>>>>> name);
>>>>> + else
>>>>> + return 1;
>>>>> }
>>>>>
>>>>> static int semanage_user_extra_compare2_qsort(const
>>>>> semanage_user_extra_t **
>>>>> @@ -72,7 +79,10 @@ static int semanage_user_extra_compare2_
>>>>> user_extra2)
>>>>> {
>>>>>
>>>>> - return strcmp((*user_extra)->name, (*user_extra2)-
>>>>>> name);
>>>>> + if (*user_extra && *user_extra2)
>>>>> + return strcmp((*user_extra)->name,
>>>>> (*user_extra2)-
>>>>>>
>>>>>> name);
>>>>> + else
>>>>> + return 1;
>>>>> }
>>>>>
>>>>> /* Name */
>>>>> @@ -80,7 +90,10 @@ hidden const char *semanage_user_extra_g
>>>>> user_extra)
>>>>> {
>>>>>
>>>>> - return user_extra->name;
>>>>> + if (user_extra)
>>>>> + return user_extra->name;
>>>>> + else
>>>>> + return NULL;
>>>>> }
>>>>>
>>>>> hidden int semanage_user_extra_set_name(semanage_handle_t *
>>>>> handle,
>>>>> @@ -88,6 +101,9 @@ hidden int semanage_user_extra_set_name(
>>>>> const char *name)
>>>>> {
>>>>>
>>>>> + if (!user_extra)
>>>>> + return STATUS_SUCCESS;
>>>>> +
>>>>> char *tmp_name = strdup(name);
>>>>> if (!tmp_name) {
>>>>> ERR(handle, "out of memory, could not set name
>>>>> %s "
>>>>> @@ -104,7 +120,10 @@ hidden const char *semanage_user_extra_g
>>>>> user_extra)
>>>>> {
>>>>>
>>>>> - return user_extra->prefix;
>>>>> + if (user_extra)
>>>>> + return user_extra->prefix;
>>>>> + else
>>>>> + return NULL;
>>>>> }
>>>>>
>>>>> hidden int semanage_user_extra_set_prefix(semanage_handle_t *
>>>>> handle,
>>>>> @@ -112,6 +131,9 @@ hidden int semanage_user_extra_set_prefi
>>>>> const char *prefix)
>>>>> {
>>>>>
>>>>> + if (!user_extra)
>>>>> + return STATUS_SUCCESS;
>>>>> +
>>>>> char *tmp_prefix = strdup(prefix);
>>>>> if (!tmp_prefix) {
>>>>> ERR(handle, "out of memory, could not set prefix
>>>>> %s
>>>>> "
>>>>> @@ -162,6 +184,9 @@ hidden int semanage_user_extra_clone(sem
>>>>> semanage_user_extra_t **
>>>>> user_extra_ptr)
>>>>> {
>>>>>
>>>>> + if (!user_extra)
>>>>> + return STATUS_SUCCESS;
>>>>> +
>>>>> semanage_user_extra_t *new_user_extra = NULL;
>>>>>
>>>>> if (semanage_user_extra_create(handle, &new_user_extra)
>>>>> < 0)
>>>>> diff -pru a/src/user_record.c b/src/user_record.c
>>>>> --- a/src/user_record.c 2016-10-14 17:31:26.000000000
>>>>> +0200
>>>>> +++ b/src/user_record.c 2016-12-29 19:23:11.783720792
>>>>> +0100
>>>>> @@ -313,6 +313,7 @@ hidden int semanage_user_join(semanage_h
>>>>> {
>>>>>
>>>>> const char *name;
>>>>> + const char *prefix = NULL;
>>>>> semanage_user_t *tmp_user = calloc(1,
>>>>> sizeof(semanage_user_t));
>>>>> if (!tmp_user)
>>>>> goto omem;
>>>>> @@ -324,6 +325,9 @@ hidden int semanage_user_join(semanage_h
>>>>> else
>>>>> name = semanage_user_base_get_name(record1);
>>>>>
>>>>> + if (record2)
>>>>> + prefix =
>>>>> semanage_user_extra_get_prefix(record2);
>>>>> +
>>>>> /* Join base record if it exists, create a blank one
>>>>> otherwise */
>>>>> if (record1) {
>>>>> if (semanage_user_base_clone(handle, record1,
>>>>> &tmp_user->base) <
>>>>> @@ -337,21 +341,27 @@ hidden int semanage_user_join(semanage_h
>>>>> goto err;
>>>>> }
>>>>>
>>>>> - /* Join extra record if it exists, create a blank one
>>>>> otherwise */
>>>>> - if (record2) {
>>>>> - if (semanage_user_extra_clone(handle, record2,
>>>>> &tmp_user->extra)
>>>>> - < 0)
>>>>> - goto err;
>>>>> - } else {
>>>>> - if (semanage_user_extra_create(handle,
>>>>> &tmp_user-
>>>>>>
>>>>>> extra) < 0)
>>>>> - goto err;
>>>>> - if (semanage_user_extra_set_name(handle,
>>>>> tmp_user-
>>>>>>
>>>>>> extra, name)
>>>>> - < 0)
>>>>> - goto err;
>>>>> - if (semanage_user_extra_set_prefix
>>>>> - (handle, tmp_user->extra, "user") < 0)
>>>>> - goto err;
>>>>> - }
>>>>> + /* SELinux identities without a prefix shall not have an
>>>>> extra record */
>>>>> + if (prefix) {
>>>>> + /* Join extra record if it exists, create a
>>>>> blank
>>>>> one otherwise */
>>>>> + if (record2) {
>>>>> + if (&tmp_user->extra)
>>>>> + if
>>>>> (semanage_user_extra_clone(handle, record2, &tmp_user->extra)
>>>>> + < 0)
>>>>> + goto err;
>>>>> + } else {
>>>>> + if (semanage_user_extra_create(handle,
>>>>> &tmp_user->extra) < 0)
>>>>> + goto err;
>>>>> + if (semanage_user_extra_set_name(handle,
>>>>> tmp_user->extra, name)
>>>>> + < 0)
>>>>> + goto err;
>>>>> +
>>>>> + if (semanage_user_extra_set_prefix
>>>>> + (handle, tmp_user->extra, "user") <
>>>>> 0)
>>>>> + goto err;
>>>>> + }
>>>>> + } else
>>>>> + tmp_user->extra = NULL;
>>>>>
>>>>> if (semanage_user_set_name(handle, tmp_user, name) < 0)
>>>>> goto err;
>>>>> _______________________________________________
>>>>> Selinux mailing list
>>>>> Selinux@tycho.nsa.gov
>>>>> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
>>>>> To get help, send an email containing "help" to Selinux-request@t
>>>>> ycho
>>>>> .nsa.gov.
>> _______________________________________________
>> Selinux mailing list
>> Selinux@tycho.nsa.gov
>> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
>> To get help, send an email containing "help" to
>Selinux-request@tycho.nsa.gov.
>>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH v2] libsemanage: special handling of the identity reserved to system objects
2017-01-10 13:11 ` Guido Trentalancia
@ 2017-01-10 13:14 ` Jason Zaman
2017-01-10 13:42 ` Guido Trentalancia
0 siblings, 1 reply; 11+ messages in thread
From: Jason Zaman @ 2017-01-10 13:14 UTC (permalink / raw)
To: Guido Trentalancia; +Cc: selinux
On Tue, Jan 10, 2017 at 02:11:24PM +0100, Guido Trentalancia wrote:
> Hello.
>
> I am not using the Fedora policy, but in Reference Policy, if I comment out the line containing "system_u" in the files config/appconfig-{standard,mcs,mls}/seusers then the problem disappears...
They were removed from refpolicy months ago:
https://github.com/TresysTechnology/refpolicy/commit/79f31a04739dad7c7369616cd7c666a57c365511
you should git pull or something.
-- Jason
>
> Regards,
>
> Guido
>
> Il 10 gennaio 2017 09:09:57 CET, Petr Lautrbach <plautrba@redhat.com> ha scritto:
> >On 01/09/2017 07:51 PM, Stephen Smalley wrote:
> >> On Mon, 2017-01-09 at 19:46 +0100, Guido Trentalancia wrote:
> >>> Hello,
> >>>
> >>> the patch has been motivated by the fact that libsemanage currently
> >>> searches for the user "system_u" in the passwd file and reports
> >"user
> >>> system_u not in passwd file".
> >>
> >> Don't shoot the messenger. That warning is because the Fedora policy
> >> wrongly has system_u in its seusers/login mapping as a login name.
> >We
> >> should fix it there instead by removing that entry, which should not
> >be
> >> needed.
> >
> >This is supposed to be fixed in selinux-policy-3.13.1-219.fc25
> >
> >Currently there's no plan to backport it to Fedora 24 as genhomedircon
> >in Fedora 24 still uses hardcoded system_u.
> >
> >
> >>>
> >>> Also, I have considered the notes in the file policy/users from
> >>> Reference Policy.
> >>>
> >>> Finally, the prefix for system_u is wrongly set to "user_u" (it
> >>> shouldn't have it).
> >>>
> >>> I have tested the patch and it seems to work fine.
> >>>
> >>> I hope it helps.
> >>>
> >>> Kind regards,
> >>>
> >>> Guido Trentalancia
> >>>
> >>> On the 9th of January 2017 19:39:10 CET, Stephen Smalley
> ><sds@tycho.n
> >>> sa.gov> wrote:
> >>>>
> >>>> On Thu, 2016-12-29 at 19:45 +0100, Guido Trentalancia wrote:
> >>>>>
> >>>>> The following patch makes sure that the SELinux identity
> >>>>> reserved for system processes and objects is skipped
> >>>>> when adding users.
> >>>>>
> >>>>> A warning is produced when a Unix identity is found to be
> >>>>> equal to the SELinux user identity for system processes
> >>>>> and objects.
> >>>>>
> >>>>> This patch also avoids creating an extra record for a user
> >>>>> if there is no prefix.
> >>>>
> >>>> What problem are you encountering that motivated this patch?
> >>>> What is a test case for this problem?
> >>>> What is the behavior before and after this patch?
> >>>>
> >>>>>
> >>>>>
> >>>>> Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
> >>>>> ---
> >>>>> include/semanage/user_record.h | 2 ++
> >>>>> src/genhomedircon.c | 23 +++++++++++++++++++----
> >>>>> src/user_extra_record.c | 39
> >>>>> ++++++++++++++++++++++++++++++++-------
> >>>>> src/user_record.c | 40 +++++++++++++++++++++++++-
> >>>>> ----
> >>>>> ----------
> >>>>> 4 files changed, 78 insertions(+), 26 deletions(-)
> >>>>>
> >>>>> diff -pru a/include/semanage/user_record.h
> >>>>> b/include/semanage/user_record.h
> >>>>> --- a/include/semanage/user_record.h 2016-10-14
> >>>>> 17:31:26.000000000 +0200
> >>>>> +++ b/include/semanage/user_record.h 2016-12-28
> >>>>> 23:22:50.848589870 +0100
> >>>>> @@ -6,6 +6,8 @@
> >>>>> #include <stddef.h>
> >>>>> #include <semanage/handle.h>
> >>>>>
> >>>>> +#define SYS_OBJECTS_USERID "system_u"
> >>>>> +
> >>>>> struct semanage_user;
> >>>>> typedef struct semanage_user semanage_user_t;
> >>>>>
> >>>>> diff -pru a/src/genhomedircon.c b/src/genhomedircon.c
> >>>>> --- a/src/genhomedircon.c 2016-10-14 17:31:26.000000000
> >>>>> +0200
> >>>>> +++ b/src/genhomedircon.c 2016-12-29 17:50:10.781727455
> >>>>> +0100
> >>>>> @@ -181,6 +181,9 @@ static int ignore(const char *homedir) {
> >>>>> static int prefix_is_homedir_role(const semanage_user_t *user,
> >>>>> const char *prefix)
> >>>>> {
> >>>>> + if (!prefix)
> >>>>> + return 0;
> >>>>> +
> >>>>> return strcmp(OBJECT_R, prefix) == 0 ||
> >>>>> semanage_user_has_role(user, prefix);
> >>>>> }
> >>>>> @@ -998,14 +1001,26 @@ static int add_user(genhomedircon_settin
> >>>>> homedir_role = prefix;
> >>>>> }
> >>>>>
> >>>>> + /* There should be no Unix identity corresponding
> >>>>> + * to SELinux user reserved for system processes
> >>>>> + * and objects */
> >>>>> retval = getpwnam_r(name, &pwstorage, rbuf, rbuflen,
> >>>>> &pwent);
> >>>>> - if (retval != 0 || pwent == NULL) {
> >>>>> - if (retval != 0 && retval != ENOENT) {
> >>>>> + if (strcmp(name, SYS_OBJECTS_USERID)) {
> >>>>> + if (retval != 0 || pwent == NULL) {
> >>>>> + if (retval != 0 && retval != ENOENT) {
> >>>>> + goto cleanup;
> >>>>> + }
> >>>>> +
> >>>>> + WARN(s->h_semanage,
> >>>>> + "user %s not in password file",
> >>>>> name);
> >>>>> + retval = STATUS_SUCCESS;
> >>>>> goto cleanup;
> >>>>> }
> >>>>> + } else {
> >>>>> + if (retval)
> >>>>> + WARN(s->h_semanage,
> >>>>> + "There should be no Unix identity
> >>>>> \"%s\" !", SYS_OBJECTS_USERID);
> >>>>>
> >>>>> - WARN(s->h_semanage,
> >>>>> - "user %s not in password file", name);
> >>>>> retval = STATUS_SUCCESS;
> >>>>> goto cleanup;
> >>>>> }
> >>>>> diff -pru a/src/user_extra_record.c b/src/user_extra_record.c
> >>>>> --- a/src/user_extra_record.c 2016-10-14
> >>>>> 17:31:26.000000000
> >>>>> +0200
> >>>>> +++ b/src/user_extra_record.c 2016-12-29
> >>>>> 17:17:26.168737139
> >>>>> +0100
> >>>>> @@ -37,8 +37,9 @@ static int semanage_user_extra_key_extra
> >>>>> semanage_user_key_t
> >>>>> **
> >>>>> key_ptr)
> >>>>> {
> >>>>>
> >>>>> - if (semanage_user_key_create(handle, user_extra->name,
> >>>>> key_ptr) < 0)
> >>>>> - goto err;
> >>>>> + if (user_extra)
> >>>>> + if (semanage_user_key_create(handle, user_extra-
> >>>>>>
> >>>>>> name, key_ptr) < 0)
> >>>>> + goto err;
> >>>>>
> >>>>> return STATUS_SUCCESS;
> >>>>>
> >>>>> @@ -54,7 +55,10 @@ static int semanage_user_extra_compare(c
> >>>>> const char *name;
> >>>>> semanage_user_key_unpack(key, &name);
> >>>>>
> >>>>> - return strcmp(user_extra->name, name);
> >>>>> + if (user_extra)
> >>>>> + return strcmp(user_extra->name, name);
> >>>>> + else
> >>>>> + return 1;
> >>>>> }
> >>>>>
> >>>>> static int semanage_user_extra_compare2(const
> >>>>> semanage_user_extra_t
> >>>>> *
> >>>>> @@ -63,7 +67,10 @@ static int semanage_user_extra_compare2(
> >>>>> user_extra2)
> >>>>> {
> >>>>>
> >>>>> - return strcmp(user_extra->name, user_extra2->name);
> >>>>> + if (user_extra && user_extra2)
> >>>>> + return strcmp(user_extra->name, user_extra2-
> >>>>>> name);
> >>>>> + else
> >>>>> + return 1;
> >>>>> }
> >>>>>
> >>>>> static int semanage_user_extra_compare2_qsort(const
> >>>>> semanage_user_extra_t **
> >>>>> @@ -72,7 +79,10 @@ static int semanage_user_extra_compare2_
> >>>>> user_extra2)
> >>>>> {
> >>>>>
> >>>>> - return strcmp((*user_extra)->name, (*user_extra2)-
> >>>>>> name);
> >>>>> + if (*user_extra && *user_extra2)
> >>>>> + return strcmp((*user_extra)->name,
> >>>>> (*user_extra2)-
> >>>>>>
> >>>>>> name);
> >>>>> + else
> >>>>> + return 1;
> >>>>> }
> >>>>>
> >>>>> /* Name */
> >>>>> @@ -80,7 +90,10 @@ hidden const char *semanage_user_extra_g
> >>>>> user_extra)
> >>>>> {
> >>>>>
> >>>>> - return user_extra->name;
> >>>>> + if (user_extra)
> >>>>> + return user_extra->name;
> >>>>> + else
> >>>>> + return NULL;
> >>>>> }
> >>>>>
> >>>>> hidden int semanage_user_extra_set_name(semanage_handle_t *
> >>>>> handle,
> >>>>> @@ -88,6 +101,9 @@ hidden int semanage_user_extra_set_name(
> >>>>> const char *name)
> >>>>> {
> >>>>>
> >>>>> + if (!user_extra)
> >>>>> + return STATUS_SUCCESS;
> >>>>> +
> >>>>> char *tmp_name = strdup(name);
> >>>>> if (!tmp_name) {
> >>>>> ERR(handle, "out of memory, could not set name
> >>>>> %s "
> >>>>> @@ -104,7 +120,10 @@ hidden const char *semanage_user_extra_g
> >>>>> user_extra)
> >>>>> {
> >>>>>
> >>>>> - return user_extra->prefix;
> >>>>> + if (user_extra)
> >>>>> + return user_extra->prefix;
> >>>>> + else
> >>>>> + return NULL;
> >>>>> }
> >>>>>
> >>>>> hidden int semanage_user_extra_set_prefix(semanage_handle_t *
> >>>>> handle,
> >>>>> @@ -112,6 +131,9 @@ hidden int semanage_user_extra_set_prefi
> >>>>> const char *prefix)
> >>>>> {
> >>>>>
> >>>>> + if (!user_extra)
> >>>>> + return STATUS_SUCCESS;
> >>>>> +
> >>>>> char *tmp_prefix = strdup(prefix);
> >>>>> if (!tmp_prefix) {
> >>>>> ERR(handle, "out of memory, could not set prefix
> >>>>> %s
> >>>>> "
> >>>>> @@ -162,6 +184,9 @@ hidden int semanage_user_extra_clone(sem
> >>>>> semanage_user_extra_t **
> >>>>> user_extra_ptr)
> >>>>> {
> >>>>>
> >>>>> + if (!user_extra)
> >>>>> + return STATUS_SUCCESS;
> >>>>> +
> >>>>> semanage_user_extra_t *new_user_extra = NULL;
> >>>>>
> >>>>> if (semanage_user_extra_create(handle, &new_user_extra)
> >>>>> < 0)
> >>>>> diff -pru a/src/user_record.c b/src/user_record.c
> >>>>> --- a/src/user_record.c 2016-10-14 17:31:26.000000000
> >>>>> +0200
> >>>>> +++ b/src/user_record.c 2016-12-29 19:23:11.783720792
> >>>>> +0100
> >>>>> @@ -313,6 +313,7 @@ hidden int semanage_user_join(semanage_h
> >>>>> {
> >>>>>
> >>>>> const char *name;
> >>>>> + const char *prefix = NULL;
> >>>>> semanage_user_t *tmp_user = calloc(1,
> >>>>> sizeof(semanage_user_t));
> >>>>> if (!tmp_user)
> >>>>> goto omem;
> >>>>> @@ -324,6 +325,9 @@ hidden int semanage_user_join(semanage_h
> >>>>> else
> >>>>> name = semanage_user_base_get_name(record1);
> >>>>>
> >>>>> + if (record2)
> >>>>> + prefix =
> >>>>> semanage_user_extra_get_prefix(record2);
> >>>>> +
> >>>>> /* Join base record if it exists, create a blank one
> >>>>> otherwise */
> >>>>> if (record1) {
> >>>>> if (semanage_user_base_clone(handle, record1,
> >>>>> &tmp_user->base) <
> >>>>> @@ -337,21 +341,27 @@ hidden int semanage_user_join(semanage_h
> >>>>> goto err;
> >>>>> }
> >>>>>
> >>>>> - /* Join extra record if it exists, create a blank one
> >>>>> otherwise */
> >>>>> - if (record2) {
> >>>>> - if (semanage_user_extra_clone(handle, record2,
> >>>>> &tmp_user->extra)
> >>>>> - < 0)
> >>>>> - goto err;
> >>>>> - } else {
> >>>>> - if (semanage_user_extra_create(handle,
> >>>>> &tmp_user-
> >>>>>>
> >>>>>> extra) < 0)
> >>>>> - goto err;
> >>>>> - if (semanage_user_extra_set_name(handle,
> >>>>> tmp_user-
> >>>>>>
> >>>>>> extra, name)
> >>>>> - < 0)
> >>>>> - goto err;
> >>>>> - if (semanage_user_extra_set_prefix
> >>>>> - (handle, tmp_user->extra, "user") < 0)
> >>>>> - goto err;
> >>>>> - }
> >>>>> + /* SELinux identities without a prefix shall not have an
> >>>>> extra record */
> >>>>> + if (prefix) {
> >>>>> + /* Join extra record if it exists, create a
> >>>>> blank
> >>>>> one otherwise */
> >>>>> + if (record2) {
> >>>>> + if (&tmp_user->extra)
> >>>>> + if
> >>>>> (semanage_user_extra_clone(handle, record2, &tmp_user->extra)
> >>>>> + < 0)
> >>>>> + goto err;
> >>>>> + } else {
> >>>>> + if (semanage_user_extra_create(handle,
> >>>>> &tmp_user->extra) < 0)
> >>>>> + goto err;
> >>>>> + if (semanage_user_extra_set_name(handle,
> >>>>> tmp_user->extra, name)
> >>>>> + < 0)
> >>>>> + goto err;
> >>>>> +
> >>>>> + if (semanage_user_extra_set_prefix
> >>>>> + (handle, tmp_user->extra, "user") <
> >>>>> 0)
> >>>>> + goto err;
> >>>>> + }
> >>>>> + } else
> >>>>> + tmp_user->extra = NULL;
> >>>>>
> >>>>> if (semanage_user_set_name(handle, tmp_user, name) < 0)
> >>>>> goto err;
> >>>>> _______________________________________________
> >>>>> Selinux mailing list
> >>>>> Selinux@tycho.nsa.gov
> >>>>> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
> >>>>> To get help, send an email containing "help" to Selinux-request@t
> >>>>> ycho
> >>>>> .nsa.gov.
> >> _______________________________________________
> >> Selinux mailing list
> >> Selinux@tycho.nsa.gov
> >> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
> >> To get help, send an email containing "help" to
> >Selinux-request@tycho.nsa.gov.
> >>
>
> _______________________________________________
> Selinux mailing list
> Selinux@tycho.nsa.gov
> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
> To get help, send an email containing "help" to Selinux-request@tycho.nsa.gov.
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH v2] libsemanage: special handling of the identity reserved to system objects
2017-01-10 13:14 ` Jason Zaman
@ 2017-01-10 13:42 ` Guido Trentalancia
0 siblings, 0 replies; 11+ messages in thread
From: Guido Trentalancia @ 2017-01-10 13:42 UTC (permalink / raw)
Cc: selinux
Hello Jason,
yes, you are right it's an obsolete problem in the Reference Policy.
I was working on an obsolete git tree...
Regards,
Guido
On the 10th of January 2017 14:14:44 CET, Jason Zaman <jason@perfinion.com> wrote:
>On Tue, Jan 10, 2017 at 02:11:24PM +0100, Guido Trentalancia wrote:
>> Hello.
>>
>> I am not using the Fedora policy, but in Reference Policy, if I
>comment out the line containing "system_u" in the files
>config/appconfig-{standard,mcs,mls}/seusers then the problem
>disappears...
>
>They were removed from refpolicy months ago:
>https://github.com/TresysTechnology/refpolicy/commit/79f31a04739dad7c7369616cd7c666a57c365511
>you should git pull or something.
>
>-- Jason
>
>>
>> Regards,
>>
>> Guido
>>
>> Il 10 gennaio 2017 09:09:57 CET, Petr Lautrbach <plautrba@redhat.com>
>ha scritto:
>> >On 01/09/2017 07:51 PM, Stephen Smalley wrote:
>> >> On Mon, 2017-01-09 at 19:46 +0100, Guido Trentalancia wrote:
>> >>> Hello,
>> >>>
>> >>> the patch has been motivated by the fact that libsemanage
>currently
>> >>> searches for the user "system_u" in the passwd file and reports
>> >"user
>> >>> system_u not in passwd file".
>> >>
>> >> Don't shoot the messenger. That warning is because the Fedora
>policy
>> >> wrongly has system_u in its seusers/login mapping as a login name.
>
>> >We
>> >> should fix it there instead by removing that entry, which should
>not
>> >be
>> >> needed.
>> >
>> >This is supposed to be fixed in selinux-policy-3.13.1-219.fc25
>> >
>> >Currently there's no plan to backport it to Fedora 24 as
>genhomedircon
>> >in Fedora 24 still uses hardcoded system_u.
>> >
>> >
>> >>>
>> >>> Also, I have considered the notes in the file policy/users from
>> >>> Reference Policy.
>> >>>
>> >>> Finally, the prefix for system_u is wrongly set to "user_u" (it
>> >>> shouldn't have it).
>> >>>
>> >>> I have tested the patch and it seems to work fine.
>> >>>
>> >>> I hope it helps.
>> >>>
>> >>> Kind regards,
>> >>>
>> >>> Guido Trentalancia
>> >>>
>> >>> On the 9th of January 2017 19:39:10 CET, Stephen Smalley
>> ><sds@tycho.n
>> >>> sa.gov> wrote:
>> >>>>
>> >>>> On Thu, 2016-12-29 at 19:45 +0100, Guido Trentalancia wrote:
>> >>>>>
>> >>>>> The following patch makes sure that the SELinux identity
>> >>>>> reserved for system processes and objects is skipped
>> >>>>> when adding users.
>> >>>>>
>> >>>>> A warning is produced when a Unix identity is found to be
>> >>>>> equal to the SELinux user identity for system processes
>> >>>>> and objects.
>> >>>>>
>> >>>>> This patch also avoids creating an extra record for a user
>> >>>>> if there is no prefix.
>> >>>>
>> >>>> What problem are you encountering that motivated this patch?
>> >>>> What is a test case for this problem?
>> >>>> What is the behavior before and after this patch?
>> >>>>
>> >>>>>
>> >>>>>
>> >>>>> Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
>> >>>>> ---
>> >>>>> include/semanage/user_record.h | 2 ++
>> >>>>> src/genhomedircon.c | 23 +++++++++++++++++++----
>> >>>>> src/user_extra_record.c | 39
>> >>>>> ++++++++++++++++++++++++++++++++-------
>> >>>>> src/user_record.c | 40
>+++++++++++++++++++++++++-
>> >>>>> ----
>> >>>>> ----------
>> >>>>> 4 files changed, 78 insertions(+), 26 deletions(-)
>> >>>>>
>> >>>>> diff -pru a/include/semanage/user_record.h
>> >>>>> b/include/semanage/user_record.h
>> >>>>> --- a/include/semanage/user_record.h 2016-10-14
>> >>>>> 17:31:26.000000000 +0200
>> >>>>> +++ b/include/semanage/user_record.h 2016-12-28
>> >>>>> 23:22:50.848589870 +0100
>> >>>>> @@ -6,6 +6,8 @@
>> >>>>> #include <stddef.h>
>> >>>>> #include <semanage/handle.h>
>> >>>>>
>> >>>>> +#define SYS_OBJECTS_USERID "system_u"
>> >>>>> +
>> >>>>> struct semanage_user;
>> >>>>> typedef struct semanage_user semanage_user_t;
>> >>>>>
>> >>>>> diff -pru a/src/genhomedircon.c b/src/genhomedircon.c
>> >>>>> --- a/src/genhomedircon.c 2016-10-14 17:31:26.000000000
>> >>>>> +0200
>> >>>>> +++ b/src/genhomedircon.c 2016-12-29 17:50:10.781727455
>> >>>>> +0100
>> >>>>> @@ -181,6 +181,9 @@ static int ignore(const char *homedir) {
>> >>>>> static int prefix_is_homedir_role(const semanage_user_t *user,
>> >>>>> const char *prefix)
>> >>>>> {
>> >>>>> + if (!prefix)
>> >>>>> + return 0;
>> >>>>> +
>> >>>>> return strcmp(OBJECT_R, prefix) == 0 ||
>> >>>>> semanage_user_has_role(user, prefix);
>> >>>>> }
>> >>>>> @@ -998,14 +1001,26 @@ static int add_user(genhomedircon_settin
>> >>>>> homedir_role = prefix;
>> >>>>> }
>> >>>>>
>> >>>>> + /* There should be no Unix identity corresponding
>> >>>>> + * to SELinux user reserved for system processes
>> >>>>> + * and objects */
>> >>>>> retval = getpwnam_r(name, &pwstorage, rbuf, rbuflen,
>> >>>>> &pwent);
>> >>>>> - if (retval != 0 || pwent == NULL) {
>> >>>>> - if (retval != 0 && retval != ENOENT) {
>> >>>>> + if (strcmp(name, SYS_OBJECTS_USERID)) {
>> >>>>> + if (retval != 0 || pwent == NULL) {
>> >>>>> + if (retval != 0 && retval != ENOENT) {
>> >>>>> + goto cleanup;
>> >>>>> + }
>> >>>>> +
>> >>>>> + WARN(s->h_semanage,
>> >>>>> + "user %s not in password file",
>> >>>>> name);
>> >>>>> + retval = STATUS_SUCCESS;
>> >>>>> goto cleanup;
>> >>>>> }
>> >>>>> + } else {
>> >>>>> + if (retval)
>> >>>>> + WARN(s->h_semanage,
>> >>>>> + "There should be no Unix identity
>> >>>>> \"%s\" !", SYS_OBJECTS_USERID);
>> >>>>>
>> >>>>> - WARN(s->h_semanage,
>> >>>>> - "user %s not in password file", name);
>> >>>>> retval = STATUS_SUCCESS;
>> >>>>> goto cleanup;
>> >>>>> }
>> >>>>> diff -pru a/src/user_extra_record.c b/src/user_extra_record.c
>> >>>>> --- a/src/user_extra_record.c 2016-10-14
>> >>>>> 17:31:26.000000000
>> >>>>> +0200
>> >>>>> +++ b/src/user_extra_record.c 2016-12-29
>> >>>>> 17:17:26.168737139
>> >>>>> +0100
>> >>>>> @@ -37,8 +37,9 @@ static int semanage_user_extra_key_extra
>> >>>>> semanage_user_key_t
>> >>>>> **
>> >>>>> key_ptr)
>> >>>>> {
>> >>>>>
>> >>>>> - if (semanage_user_key_create(handle, user_extra->name,
>> >>>>> key_ptr) < 0)
>> >>>>> - goto err;
>> >>>>> + if (user_extra)
>> >>>>> + if (semanage_user_key_create(handle, user_extra-
>> >>>>>>
>> >>>>>> name, key_ptr) < 0)
>> >>>>> + goto err;
>> >>>>>
>> >>>>> return STATUS_SUCCESS;
>> >>>>>
>> >>>>> @@ -54,7 +55,10 @@ static int semanage_user_extra_compare(c
>> >>>>> const char *name;
>> >>>>> semanage_user_key_unpack(key, &name);
>> >>>>>
>> >>>>> - return strcmp(user_extra->name, name);
>> >>>>> + if (user_extra)
>> >>>>> + return strcmp(user_extra->name, name);
>> >>>>> + else
>> >>>>> + return 1;
>> >>>>> }
>> >>>>>
>> >>>>> static int semanage_user_extra_compare2(const
>> >>>>> semanage_user_extra_t
>> >>>>> *
>> >>>>> @@ -63,7 +67,10 @@ static int semanage_user_extra_compare2(
>> >>>>> user_extra2)
>> >>>>> {
>> >>>>>
>> >>>>> - return strcmp(user_extra->name, user_extra2->name);
>> >>>>> + if (user_extra && user_extra2)
>> >>>>> + return strcmp(user_extra->name, user_extra2-
>> >>>>>> name);
>> >>>>> + else
>> >>>>> + return 1;
>> >>>>> }
>> >>>>>
>> >>>>> static int semanage_user_extra_compare2_qsort(const
>> >>>>> semanage_user_extra_t **
>> >>>>> @@ -72,7 +79,10 @@ static int semanage_user_extra_compare2_
>> >>>>> user_extra2)
>> >>>>> {
>> >>>>>
>> >>>>> - return strcmp((*user_extra)->name, (*user_extra2)-
>> >>>>>> name);
>> >>>>> + if (*user_extra && *user_extra2)
>> >>>>> + return strcmp((*user_extra)->name,
>> >>>>> (*user_extra2)-
>> >>>>>>
>> >>>>>> name);
>> >>>>> + else
>> >>>>> + return 1;
>> >>>>> }
>> >>>>>
>> >>>>> /* Name */
>> >>>>> @@ -80,7 +90,10 @@ hidden const char *semanage_user_extra_g
>> >>>>> user_extra)
>> >>>>> {
>> >>>>>
>> >>>>> - return user_extra->name;
>> >>>>> + if (user_extra)
>> >>>>> + return user_extra->name;
>> >>>>> + else
>> >>>>> + return NULL;
>> >>>>> }
>> >>>>>
>> >>>>> hidden int semanage_user_extra_set_name(semanage_handle_t *
>> >>>>> handle,
>> >>>>> @@ -88,6 +101,9 @@ hidden int semanage_user_extra_set_name(
>> >>>>> const char *name)
>> >>>>> {
>> >>>>>
>> >>>>> + if (!user_extra)
>> >>>>> + return STATUS_SUCCESS;
>> >>>>> +
>> >>>>> char *tmp_name = strdup(name);
>> >>>>> if (!tmp_name) {
>> >>>>> ERR(handle, "out of memory, could not set name
>> >>>>> %s "
>> >>>>> @@ -104,7 +120,10 @@ hidden const char *semanage_user_extra_g
>> >>>>> user_extra)
>> >>>>> {
>> >>>>>
>> >>>>> - return user_extra->prefix;
>> >>>>> + if (user_extra)
>> >>>>> + return user_extra->prefix;
>> >>>>> + else
>> >>>>> + return NULL;
>> >>>>> }
>> >>>>>
>> >>>>> hidden int semanage_user_extra_set_prefix(semanage_handle_t *
>> >>>>> handle,
>> >>>>> @@ -112,6 +131,9 @@ hidden int semanage_user_extra_set_prefi
>> >>>>> const char *prefix)
>> >>>>> {
>> >>>>>
>> >>>>> + if (!user_extra)
>> >>>>> + return STATUS_SUCCESS;
>> >>>>> +
>> >>>>> char *tmp_prefix = strdup(prefix);
>> >>>>> if (!tmp_prefix) {
>> >>>>> ERR(handle, "out of memory, could not set prefix
>> >>>>> %s
>> >>>>> "
>> >>>>> @@ -162,6 +184,9 @@ hidden int semanage_user_extra_clone(sem
>> >>>>> semanage_user_extra_t **
>> >>>>> user_extra_ptr)
>> >>>>> {
>> >>>>>
>> >>>>> + if (!user_extra)
>> >>>>> + return STATUS_SUCCESS;
>> >>>>> +
>> >>>>> semanage_user_extra_t *new_user_extra = NULL;
>> >>>>>
>> >>>>> if (semanage_user_extra_create(handle, &new_user_extra)
>> >>>>> < 0)
>> >>>>> diff -pru a/src/user_record.c b/src/user_record.c
>> >>>>> --- a/src/user_record.c 2016-10-14 17:31:26.000000000
>> >>>>> +0200
>> >>>>> +++ b/src/user_record.c 2016-12-29 19:23:11.783720792
>> >>>>> +0100
>> >>>>> @@ -313,6 +313,7 @@ hidden int semanage_user_join(semanage_h
>> >>>>> {
>> >>>>>
>> >>>>> const char *name;
>> >>>>> + const char *prefix = NULL;
>> >>>>> semanage_user_t *tmp_user = calloc(1,
>> >>>>> sizeof(semanage_user_t));
>> >>>>> if (!tmp_user)
>> >>>>> goto omem;
>> >>>>> @@ -324,6 +325,9 @@ hidden int semanage_user_join(semanage_h
>> >>>>> else
>> >>>>> name = semanage_user_base_get_name(record1);
>> >>>>>
>> >>>>> + if (record2)
>> >>>>> + prefix =
>> >>>>> semanage_user_extra_get_prefix(record2);
>> >>>>> +
>> >>>>> /* Join base record if it exists, create a blank one
>> >>>>> otherwise */
>> >>>>> if (record1) {
>> >>>>> if (semanage_user_base_clone(handle, record1,
>> >>>>> &tmp_user->base) <
>> >>>>> @@ -337,21 +341,27 @@ hidden int semanage_user_join(semanage_h
>> >>>>> goto err;
>> >>>>> }
>> >>>>>
>> >>>>> - /* Join extra record if it exists, create a blank one
>> >>>>> otherwise */
>> >>>>> - if (record2) {
>> >>>>> - if (semanage_user_extra_clone(handle, record2,
>> >>>>> &tmp_user->extra)
>> >>>>> - < 0)
>> >>>>> - goto err;
>> >>>>> - } else {
>> >>>>> - if (semanage_user_extra_create(handle,
>> >>>>> &tmp_user-
>> >>>>>>
>> >>>>>> extra) < 0)
>> >>>>> - goto err;
>> >>>>> - if (semanage_user_extra_set_name(handle,
>> >>>>> tmp_user-
>> >>>>>>
>> >>>>>> extra, name)
>> >>>>> - < 0)
>> >>>>> - goto err;
>> >>>>> - if (semanage_user_extra_set_prefix
>> >>>>> - (handle, tmp_user->extra, "user") < 0)
>> >>>>> - goto err;
>> >>>>> - }
>> >>>>> + /* SELinux identities without a prefix shall not have an
>> >>>>> extra record */
>> >>>>> + if (prefix) {
>> >>>>> + /* Join extra record if it exists, create a
>> >>>>> blank
>> >>>>> one otherwise */
>> >>>>> + if (record2) {
>> >>>>> + if (&tmp_user->extra)
>> >>>>> + if
>> >>>>> (semanage_user_extra_clone(handle, record2, &tmp_user->extra)
>> >>>>> + < 0)
>> >>>>> + goto err;
>> >>>>> + } else {
>> >>>>> + if (semanage_user_extra_create(handle,
>> >>>>> &tmp_user->extra) < 0)
>> >>>>> + goto err;
>> >>>>> + if (semanage_user_extra_set_name(handle,
>> >>>>> tmp_user->extra, name)
>> >>>>> + < 0)
>> >>>>> + goto err;
>> >>>>> +
>> >>>>> + if (semanage_user_extra_set_prefix
>> >>>>> + (handle, tmp_user->extra, "user") <
>> >>>>> 0)
>> >>>>> + goto err;
>> >>>>> + }
>> >>>>> + } else
>> >>>>> + tmp_user->extra = NULL;
>> >>>>>
>> >>>>> if (semanage_user_set_name(handle, tmp_user, name) < 0)
>> >>>>> goto err;
>> >>>>> _______________________________________________
>> >>>>> Selinux mailing list
>> >>>>> Selinux@tycho.nsa.gov
>> >>>>> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
>> >>>>> To get help, send an email containing "help" to
>Selinux-request@t
>> >>>>> ycho
>> >>>>> .nsa.gov.
>> >> _______________________________________________
>> >> Selinux mailing list
>> >> Selinux@tycho.nsa.gov
>> >> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
>> >> To get help, send an email containing "help" to
>> >Selinux-request@tycho.nsa.gov.
>> >>
>>
>> _______________________________________________
>> Selinux mailing list
>> Selinux@tycho.nsa.gov
>> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
>> To get help, send an email containing "help" to
>Selinux-request@tycho.nsa.gov.
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2017-01-10 13:42 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-12-28 23:05 libsemanage: special handling of the identity reserved to system objects Guido Trentalancia
2016-12-29 9:30 ` Dominick Grift
2016-12-29 18:43 ` Guido Trentalancia
2016-12-29 18:45 ` [PATCH v2] " Guido Trentalancia
2017-01-09 18:39 ` Stephen Smalley
2017-01-09 18:46 ` Guido Trentalancia
2017-01-09 18:51 ` Stephen Smalley
2017-01-10 8:09 ` Petr Lautrbach
2017-01-10 13:11 ` Guido Trentalancia
2017-01-10 13:14 ` Jason Zaman
2017-01-10 13:42 ` Guido Trentalancia
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.