* Enable listing fcontexts.homedirs
@ 2017-09-27 8:16 Vit Mojzis
2017-09-27 8:16 ` [PATCH 1/2] libsemanage: Add support for listing fcontext.homedirs file Vit Mojzis
2017-09-27 8:16 ` [PATCH 2/2] python/semanage: Enable listing fcontexts.homedirs Vit Mojzis
0 siblings, 2 replies; 21+ messages in thread
From: Vit Mojzis @ 2017-09-27 8:16 UTC (permalink / raw)
To: selinux
"semanage fcontext -l" so far ignored content of file_contexts.homedirs
file which is confusing to users (more specific rules may be ignored in
favor of rules unseen to the user since file_contexts.homedirs has
higher priority than file_contexts).
These patches introduce the content of file_contexts.homedirs into
the listing.
I am still unsure if it would not be better to list each file
separately (ideally in the order in which they are evaluated by
"restorecon").
libsemanage/include/semanage/fcontexts_policy.h | 4 ++++
libsemanage/src/direct_api.c | 6 ++++++
libsemanage/src/fcontexts_policy.c | 8 ++++++++
libsemanage/src/handle.h | 19 +++++++++++++------
python/semanage/seobject.py | 5 +++++
5 files changed, 36 insertions(+), 6 deletions(-)
^ permalink raw reply [flat|nested] 21+ messages in thread
* [PATCH 1/2] libsemanage: Add support for listing fcontext.homedirs file
2017-09-27 8:16 Enable listing fcontexts.homedirs Vit Mojzis
@ 2017-09-27 8:16 ` Vit Mojzis
2017-09-27 17:04 ` William Roberts
2017-09-27 17:42 ` Stephen Smalley
2017-09-27 8:16 ` [PATCH 2/2] python/semanage: Enable listing fcontexts.homedirs Vit Mojzis
1 sibling, 2 replies; 21+ messages in thread
From: Vit Mojzis @ 2017-09-27 8:16 UTC (permalink / raw)
To: selinux
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813
---
libsemanage/include/semanage/fcontexts_policy.h | 4 ++++
libsemanage/src/direct_api.c | 6 ++++++
libsemanage/src/fcontexts_policy.c | 8 ++++++++
libsemanage/src/handle.h | 19 +++++++++++++------
4 files changed, 31 insertions(+), 6 deletions(-)
diff --git a/libsemanage/include/semanage/fcontexts_policy.h b/libsemanage/include/semanage/fcontexts_policy.h
index a50db2b..199a1e1 100644
--- a/libsemanage/include/semanage/fcontexts_policy.h
+++ b/libsemanage/include/semanage/fcontexts_policy.h
@@ -26,4 +26,8 @@ extern int semanage_fcontext_list(semanage_handle_t * handle,
semanage_fcontext_t *** records,
unsigned int *count);
+extern int semanage_fcontext_list_homedirs(semanage_handle_t * handle,
+ semanage_fcontext_t *** records,
+ unsigned int *count);
+
#endif
diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
index 65842df..886a228 100644
--- a/libsemanage/src/direct_api.c
+++ b/libsemanage/src/direct_api.c
@@ -210,6 +210,12 @@ int semanage_direct_connect(semanage_handle_t * sh)
semanage_fcontext_dbase_local(sh)) < 0)
goto err;
+ if (fcontext_file_dbase_init(sh,
+ selinux_file_context_homedir_path(),
+ selinux_file_context_homedir_path(),
+ semanage_fcontext_dbase_homedirs(sh)) < 0)
+ goto err;
+
if (seuser_file_dbase_init(sh,
semanage_path(SEMANAGE_ACTIVE,
SEMANAGE_SEUSERS_LOCAL),
diff --git a/libsemanage/src/fcontexts_policy.c b/libsemanage/src/fcontexts_policy.c
index 0b063b1..98490ab 100644
--- a/libsemanage/src/fcontexts_policy.c
+++ b/libsemanage/src/fcontexts_policy.c
@@ -51,3 +51,11 @@ int semanage_fcontext_list(semanage_handle_t * handle,
dbase_config_t *dconfig = semanage_fcontext_dbase_policy(handle);
return dbase_list(handle, dconfig, records, count);
}
+
+int semanage_fcontext_list_homedirs(semanage_handle_t * handle,
+ semanage_fcontext_t *** records, unsigned int *count)
+{
+
+ dbase_config_t *dconfig = semanage_fcontext_dbase_homedirs(handle);
+ return dbase_list(handle, dconfig, records, count);
+}
diff --git a/libsemanage/src/handle.h b/libsemanage/src/handle.h
index 889871d..1780ac8 100644
--- a/libsemanage/src/handle.h
+++ b/libsemanage/src/handle.h
@@ -79,7 +79,7 @@ struct semanage_handle {
struct semanage_policy_table *funcs;
/* Object databases */
-#define DBASE_COUNT 23
+#define DBASE_COUNT 24
/* Local modifications */
#define DBASE_LOCAL_USERS_BASE 0
@@ -102,13 +102,14 @@ struct semanage_handle {
#define DBASE_POLICY_INTERFACES 15
#define DBASE_POLICY_BOOLEANS 16
#define DBASE_POLICY_FCONTEXTS 17
-#define DBASE_POLICY_SEUSERS 18
-#define DBASE_POLICY_NODES 19
-#define DBASE_POLICY_IBPKEYS 20
-#define DBASE_POLICY_IBENDPORTS 21
+#define DBASE_POLICY_FCONTEXTS_H 18
+#define DBASE_POLICY_SEUSERS 19
+#define DBASE_POLICY_NODES 20
+#define DBASE_POLICY_IBPKEYS 21
+#define DBASE_POLICY_IBENDPORTS 22
/* Active kernel policy */
-#define DBASE_ACTIVE_BOOLEANS 22
+#define DBASE_ACTIVE_BOOLEANS 23
dbase_config_t dbase[DBASE_COUNT];
};
@@ -236,6 +237,12 @@ static inline
}
static inline
+ dbase_config_t * semanage_fcontext_dbase_homedirs(semanage_handle_t * handle)
+{
+ return &handle->dbase[DBASE_POLICY_FCONTEXTS_H];
+}
+
+static inline
dbase_config_t * semanage_seuser_dbase_policy(semanage_handle_t * handle)
{
return &handle->dbase[DBASE_POLICY_SEUSERS];
--
2.9.4
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [PATCH 2/2] python/semanage: Enable listing fcontexts.homedirs
2017-09-27 8:16 Enable listing fcontexts.homedirs Vit Mojzis
2017-09-27 8:16 ` [PATCH 1/2] libsemanage: Add support for listing fcontext.homedirs file Vit Mojzis
@ 2017-09-27 8:16 ` Vit Mojzis
2017-09-27 17:42 ` Stephen Smalley
1 sibling, 1 reply; 21+ messages in thread
From: Vit Mojzis @ 2017-09-27 8:16 UTC (permalink / raw)
To: selinux
Include entries from fcontexts.homedirs when listing file contexts
via "semanage fcontext -l"
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813
---
python/semanage/seobject.py | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
index 70fd192..cf64e25 100644
--- a/python/semanage/seobject.py
+++ b/python/semanage/seobject.py
@@ -2566,10 +2566,15 @@ class fcontextRecords(semanageRecords):
if rc < 0:
raise ValueError(_("Could not list file contexts"))
+ (rc, fchomedirs) = semanage_fcontext_list_homedirs(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not list local file contexts"))
+
(rc, fclocal) = semanage_fcontext_list_local(self.sh)
if rc < 0:
raise ValueError(_("Could not list local file contexts"))
+ self.flist += fchomedirs
self.flist += fclocal
ddict = {}
--
2.9.4
^ permalink raw reply related [flat|nested] 21+ messages in thread
* Re: [PATCH 1/2] libsemanage: Add support for listing fcontext.homedirs file
2017-09-27 8:16 ` [PATCH 1/2] libsemanage: Add support for listing fcontext.homedirs file Vit Mojzis
@ 2017-09-27 17:04 ` William Roberts
2017-10-01 15:43 ` Vit Mojzis
2017-09-27 17:42 ` Stephen Smalley
1 sibling, 1 reply; 21+ messages in thread
From: William Roberts @ 2017-09-27 17:04 UTC (permalink / raw)
To: Vit Mojzis; +Cc: selinux
2017-09-27 1:16 GMT-07:00 Vit Mojzis <vmojzis@redhat.com>:
> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813
> ---
> libsemanage/include/semanage/fcontexts_policy.h | 4 ++++
> libsemanage/src/direct_api.c | 6 ++++++
> libsemanage/src/fcontexts_policy.c | 8 ++++++++
> libsemanage/src/handle.h | 19 +++++++++++++------
> 4 files changed, 31 insertions(+), 6 deletions(-)
>
> diff --git a/libsemanage/include/semanage/fcontexts_policy.h b/libsemanage/include/semanage/fcontexts_policy.h
> index a50db2b..199a1e1 100644
> --- a/libsemanage/include/semanage/fcontexts_policy.h
> +++ b/libsemanage/include/semanage/fcontexts_policy.h
> @@ -26,4 +26,8 @@ extern int semanage_fcontext_list(semanage_handle_t * handle,
> semanage_fcontext_t *** records,
> unsigned int *count);
>
> +extern int semanage_fcontext_list_homedirs(semanage_handle_t * handle,
> + semanage_fcontext_t *** records,
> + unsigned int *count);
> +
> #endif
> diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
> index 65842df..886a228 100644
> --- a/libsemanage/src/direct_api.c
> +++ b/libsemanage/src/direct_api.c
> @@ -210,6 +210,12 @@ int semanage_direct_connect(semanage_handle_t * sh)
> semanage_fcontext_dbase_local(sh)) < 0)
> goto err;
>
> + if (fcontext_file_dbase_init(sh,
> + selinux_file_context_homedir_path(),
> + selinux_file_context_homedir_path(),
> + semanage_fcontext_dbase_homedirs(sh)) < 0)
> + goto err;
> +
> if (seuser_file_dbase_init(sh,
> semanage_path(SEMANAGE_ACTIVE,
> SEMANAGE_SEUSERS_LOCAL),
> diff --git a/libsemanage/src/fcontexts_policy.c b/libsemanage/src/fcontexts_policy.c
> index 0b063b1..98490ab 100644
> --- a/libsemanage/src/fcontexts_policy.c
> +++ b/libsemanage/src/fcontexts_policy.c
> @@ -51,3 +51,11 @@ int semanage_fcontext_list(semanage_handle_t * handle,
> dbase_config_t *dconfig = semanage_fcontext_dbase_policy(handle);
> return dbase_list(handle, dconfig, records, count);
> }
> +
> +int semanage_fcontext_list_homedirs(semanage_handle_t * handle,
> + semanage_fcontext_t *** records, unsigned int *count)
> +{
> +
> + dbase_config_t *dconfig = semanage_fcontext_dbase_homedirs(handle);
> + return dbase_list(handle, dconfig, records, count);
> +}
> diff --git a/libsemanage/src/handle.h b/libsemanage/src/handle.h
> index 889871d..1780ac8 100644
> --- a/libsemanage/src/handle.h
> +++ b/libsemanage/src/handle.h
> @@ -79,7 +79,7 @@ struct semanage_handle {
> struct semanage_policy_table *funcs;
>
> /* Object databases */
> -#define DBASE_COUNT 23
> +#define DBASE_COUNT 24
>
> /* Local modifications */
> #define DBASE_LOCAL_USERS_BASE 0
> @@ -102,13 +102,14 @@ struct semanage_handle {
> #define DBASE_POLICY_INTERFACES 15
> #define DBASE_POLICY_BOOLEANS 16
> #define DBASE_POLICY_FCONTEXTS 17
> -#define DBASE_POLICY_SEUSERS 18
> -#define DBASE_POLICY_NODES 19
> -#define DBASE_POLICY_IBPKEYS 20
> -#define DBASE_POLICY_IBENDPORTS 21
> +#define DBASE_POLICY_FCONTEXTS_H 18
> +#define DBASE_POLICY_SEUSERS 19
> +#define DBASE_POLICY_NODES 20
> +#define DBASE_POLICY_IBPKEYS 21
> +#define DBASE_POLICY_IBENDPORTS 22
>
> /* Active kernel policy */
> -#define DBASE_ACTIVE_BOOLEANS 22
> +#define DBASE_ACTIVE_BOOLEANS 23
Any particular reason to reassign all these defines instead
of just setting DBASE_POLICY_FCONTEXTS_H to 22 and
setting DBASE_ACTIVE_BOOLEANS to 23 other than just
to have DBASE_POLICY_FCONTEXTS_H follow
DBASE_POLICY_FCONTEXTS?
I'm also assuming, after looking at the code, that the database
itself is built every time so versioning mismatches are not a worry.
> dbase_config_t dbase[DBASE_COUNT];
> };
>
> @@ -236,6 +237,12 @@ static inline
> }
>
> static inline
> + dbase_config_t * semanage_fcontext_dbase_homedirs(semanage_handle_t * handle)
> +{
> + return &handle->dbase[DBASE_POLICY_FCONTEXTS_H];
> +}
> +
> +static inline
> dbase_config_t * semanage_seuser_dbase_policy(semanage_handle_t * handle)
> {
> return &handle->dbase[DBASE_POLICY_SEUSERS];
> --
> 2.9.4
>
>
--
Respectfully,
William C Roberts
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [PATCH 1/2] libsemanage: Add support for listing fcontext.homedirs file
2017-09-27 8:16 ` [PATCH 1/2] libsemanage: Add support for listing fcontext.homedirs file Vit Mojzis
2017-09-27 17:04 ` William Roberts
@ 2017-09-27 17:42 ` Stephen Smalley
2017-09-27 18:17 ` Stephen Smalley
1 sibling, 1 reply; 21+ messages in thread
From: Stephen Smalley @ 2017-09-27 17:42 UTC (permalink / raw)
To: Vit Mojzis, selinux
On Wed, 2017-09-27 at 10:16 +0200, Vit Mojzis wrote:
> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813
> ---
> libsemanage/include/semanage/fcontexts_policy.h | 4 ++++
> libsemanage/src/direct_api.c | 6 ++++++
> libsemanage/src/fcontexts_policy.c | 8 ++++++++
> libsemanage/src/handle.h | 19 +++++++++++++
> ------
> 4 files changed, 31 insertions(+), 6 deletions(-)
>
> diff --git a/libsemanage/include/semanage/fcontexts_policy.h
> b/libsemanage/include/semanage/fcontexts_policy.h
> index a50db2b..199a1e1 100644
> --- a/libsemanage/include/semanage/fcontexts_policy.h
> +++ b/libsemanage/include/semanage/fcontexts_policy.h
> @@ -26,4 +26,8 @@ extern int semanage_fcontext_list(semanage_handle_t
> * handle,
> semanage_fcontext_t *** records,
> unsigned int *count);
>
> +extern int semanage_fcontext_list_homedirs(semanage_handle_t *
> handle,
> + semanage_fcontext_t *** records,
> + unsigned int *count);
> +
> #endif
> diff --git a/libsemanage/src/direct_api.c
> b/libsemanage/src/direct_api.c
> index 65842df..886a228 100644
> --- a/libsemanage/src/direct_api.c
> +++ b/libsemanage/src/direct_api.c
> @@ -210,6 +210,12 @@ int semanage_direct_connect(semanage_handle_t *
> sh)
> semanage_fcontext_dbase_local(s
> h)) < 0)
> goto err;
>
> + if (fcontext_file_dbase_init(sh,
> + selinux_file_context_homedir_pa
> th(),
> + selinux_file_context_homedir_pa
> th(),
This will return the wrong results if one specifies a policy store
other than the active one to semodule (via -s) or semanage (via -S),
e.g. semanage fcontext -S mls -l. You shouldn't be using the path of
the active, installed file_contexts.homedirs file but rather one from
the per-policy-store sandbox. The libsemanage functions always act on
the sandbox. Also, you shouldn't be passing the same path as the ro and
rw paths here, as you don't want a dbase flush to suddenly overwrite
the installed file_contexts.homedirs file.
I guess the problem you currently have is we aren't keeping around a
copy of the generated file_contexts.homedirs in the sandbox; it is only
created in the final tmp location and that entire directory tree is
deleted once we complete the transaction. You'd need to regenerate it
on demand or keep it around if you want to do this.
> + semanage_fcontext_dbase_homedir
> s(sh)) < 0)
> + goto err;
> +
> if (seuser_file_dbase_init(sh,
> semanage_path(SEMANAGE_ACTIVE,
> SEMANAGE_SEUSERS_LO
> CAL),
> diff --git a/libsemanage/src/fcontexts_policy.c
> b/libsemanage/src/fcontexts_policy.c
> index 0b063b1..98490ab 100644
> --- a/libsemanage/src/fcontexts_policy.c
> +++ b/libsemanage/src/fcontexts_policy.c
> @@ -51,3 +51,11 @@ int semanage_fcontext_list(semanage_handle_t *
> handle,
> dbase_config_t *dconfig =
> semanage_fcontext_dbase_policy(handle);
> return dbase_list(handle, dconfig, records, count);
> }
> +
> +int semanage_fcontext_list_homedirs(semanage_handle_t * handle,
> + semanage_fcontext_t *** records, unsigned
> int *count)
> +{
> +
> + dbase_config_t *dconfig =
> semanage_fcontext_dbase_homedirs(handle);
> + return dbase_list(handle, dconfig, records, count);
> +}
> diff --git a/libsemanage/src/handle.h b/libsemanage/src/handle.h
> index 889871d..1780ac8 100644
> --- a/libsemanage/src/handle.h
> +++ b/libsemanage/src/handle.h
> @@ -79,7 +79,7 @@ struct semanage_handle {
> struct semanage_policy_table *funcs;
>
> /* Object databases */
> -#define DBASE_COUNT 23
> +#define DBASE_COUNT 24
>
> /* Local modifications */
> #define DBASE_LOCAL_USERS_BASE 0
> @@ -102,13 +102,14 @@ struct semanage_handle {
> #define DBASE_POLICY_INTERFACES 15
> #define DBASE_POLICY_BOOLEANS 16
> #define DBASE_POLICY_FCONTEXTS 17
> -#define DBASE_POLICY_SEUSERS 18
> -#define DBASE_POLICY_NODES 19
> -#define DBASE_POLICY_IBPKEYS 20
> -#define DBASE_POLICY_IBENDPORTS 21
> +#define DBASE_POLICY_FCONTEXTS_H 18
> +#define DBASE_POLICY_SEUSERS 19
> +#define DBASE_POLICY_NODES 20
> +#define DBASE_POLICY_IBPKEYS 21
> +#define DBASE_POLICY_IBENDPORTS 22
>
> /* Active kernel policy */
> -#define DBASE_ACTIVE_BOOLEANS 22
> +#define DBASE_ACTIVE_BOOLEANS 23
> dbase_config_t dbase[DBASE_COUNT];
> };
>
> @@ -236,6 +237,12 @@ static inline
> }
>
> static inline
> + dbase_config_t *
> semanage_fcontext_dbase_homedirs(semanage_handle_t * handle)
> +{
> + return &handle->dbase[DBASE_POLICY_FCONTEXTS_H];
> +}
> +
> +static inline
> dbase_config_t * semanage_seuser_dbase_policy(semanage_handle_t
> * handle)
> {
> return &handle->dbase[DBASE_POLICY_SEUSERS];
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [PATCH 2/2] python/semanage: Enable listing fcontexts.homedirs
2017-09-27 8:16 ` [PATCH 2/2] python/semanage: Enable listing fcontexts.homedirs Vit Mojzis
@ 2017-09-27 17:42 ` Stephen Smalley
0 siblings, 0 replies; 21+ messages in thread
From: Stephen Smalley @ 2017-09-27 17:42 UTC (permalink / raw)
To: Vit Mojzis, selinux
On Wed, 2017-09-27 at 10:16 +0200, Vit Mojzis wrote:
> Include entries from fcontexts.homedirs when listing file contexts
> via "semanage fcontext -l"
>
> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813
> ---
> python/semanage/seobject.py | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/python/semanage/seobject.py
> b/python/semanage/seobject.py
> index 70fd192..cf64e25 100644
> --- a/python/semanage/seobject.py
> +++ b/python/semanage/seobject.py
> @@ -2566,10 +2566,15 @@ class fcontextRecords(semanageRecords):
> if rc < 0:
> raise ValueError(_("Could not list file contexts"))
>
> + (rc, fchomedirs) =
> semanage_fcontext_list_homedirs(self.sh)
> + if rc < 0:
> + raise ValueError(_("Could not list local file
> contexts"))
> +
The error message needs to match the actual failure (local vs
homedirs).
> (rc, fclocal) = semanage_fcontext_list_local(self.sh)
> if rc < 0:
> raise ValueError(_("Could not list local file
> contexts"))
>
> + self.flist += fchomedirs
> self.flist += fclocal
>
> ddict = {}
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [PATCH 1/2] libsemanage: Add support for listing fcontext.homedirs file
2017-09-27 17:42 ` Stephen Smalley
@ 2017-09-27 18:17 ` Stephen Smalley
2017-10-01 18:01 ` [PATCH 1/3] libsemanage: Keep copy of file_contexts.homedirs in policy store Vit Mojzis
0 siblings, 1 reply; 21+ messages in thread
From: Stephen Smalley @ 2017-09-27 18:17 UTC (permalink / raw)
To: Vit Mojzis, selinux
On Wed, 2017-09-27 at 13:42 -0400, Stephen Smalley wrote:
> On Wed, 2017-09-27 at 10:16 +0200, Vit Mojzis wrote:
> > Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813
> > ---
> > libsemanage/include/semanage/fcontexts_policy.h | 4 ++++
> > libsemanage/src/direct_api.c | 6 ++++++
> > libsemanage/src/fcontexts_policy.c | 8 ++++++++
> > libsemanage/src/handle.h | 19 +++++++++++++
> > ------
> > 4 files changed, 31 insertions(+), 6 deletions(-)
> >
> > diff --git a/libsemanage/include/semanage/fcontexts_policy.h
> > b/libsemanage/include/semanage/fcontexts_policy.h
> > index a50db2b..199a1e1 100644
> > --- a/libsemanage/include/semanage/fcontexts_policy.h
> > +++ b/libsemanage/include/semanage/fcontexts_policy.h
> > @@ -26,4 +26,8 @@ extern int
> > semanage_fcontext_list(semanage_handle_t
> > * handle,
> > semanage_fcontext_t *** records,
> > unsigned int *count);
> >
> > +extern int semanage_fcontext_list_homedirs(semanage_handle_t *
> > handle,
> > + semanage_fcontext_t *** records,
> > + unsigned int *count);
> > +
> > #endif
> > diff --git a/libsemanage/src/direct_api.c
> > b/libsemanage/src/direct_api.c
> > index 65842df..886a228 100644
> > --- a/libsemanage/src/direct_api.c
> > +++ b/libsemanage/src/direct_api.c
> > @@ -210,6 +210,12 @@ int semanage_direct_connect(semanage_handle_t
> > *
> > sh)
> > semanage_fcontext_dbase_local
> > (s
> > h)) < 0)
> > goto err;
> >
> > + if (fcontext_file_dbase_init(sh,
> > + selinux_file_context_homedir_
> > pa
> > th(),
> > + selinux_file_context_homedir_
> > pa
> > th(),
>
> This will return the wrong results if one specifies a policy store
> other than the active one to semodule (via -s) or semanage (via -S),
> e.g. semanage fcontext -S mls -l. You shouldn't be using the path of
> the active, installed file_contexts.homedirs file but rather one from
> the per-policy-store sandbox. The libsemanage functions always act
> on
> the sandbox. Also, you shouldn't be passing the same path as the ro
> and
> rw paths here, as you don't want a dbase flush to suddenly overwrite
> the installed file_contexts.homedirs file.
>
> I guess the problem you currently have is we aren't keeping around a
> copy of the generated file_contexts.homedirs in the sandbox; it is
> only
> created in the final tmp location and that entire directory tree is
> deleted once we complete the transaction. You'd need to regenerate
> it
> on demand or keep it around if you want to do this.
The easiest way to do this would likely be to add a
SEMANAGE_STORE_FC_HOMEDIRS definition to semanage_sandbox_defs, add
"/file_contexts.homedirs" to semanage_sandbox_paths[] at the
corresponding index, and change semanage_genhomedircon() to set
s.fcfilepath to semanage_path(SEMANAGE_TMP,
SEMANAGE_STORE_FC_HOMEDIRS), and then semanage_copy_file() it to
semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC_HOMEDIRS). Then
you can call dbase_init on semanage_path(SEMANAGE_ACTIVE,
SEMANAGE_STORE_FC_HOMEDIRS) as the ro path and
semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_HOMEDIRS) as the rw path.
Requires an extra copy of file_contexts.homedirs to stay around, but
that's not significant.
>
> > + semanage_fcontext_dbase_homed
> > ir
> > s(sh)) < 0)
> > + goto err;
> > +
> > if (seuser_file_dbase_init(sh,
> > semanage_path(SEMANAGE_ACTIVE,
> > SEMANAGE_SEUSERS_
> > LO
> > CAL),
> > diff --git a/libsemanage/src/fcontexts_policy.c
> > b/libsemanage/src/fcontexts_policy.c
> > index 0b063b1..98490ab 100644
> > --- a/libsemanage/src/fcontexts_policy.c
> > +++ b/libsemanage/src/fcontexts_policy.c
> > @@ -51,3 +51,11 @@ int semanage_fcontext_list(semanage_handle_t *
> > handle,
> > dbase_config_t *dconfig =
> > semanage_fcontext_dbase_policy(handle);
> > return dbase_list(handle, dconfig, records, count);
> > }
> > +
> > +int semanage_fcontext_list_homedirs(semanage_handle_t * handle,
> > + semanage_fcontext_t *** records,
> > unsigned
> > int *count)
> > +{
> > +
> > + dbase_config_t *dconfig =
> > semanage_fcontext_dbase_homedirs(handle);
> > + return dbase_list(handle, dconfig, records, count);
> > +}
> > diff --git a/libsemanage/src/handle.h b/libsemanage/src/handle.h
> > index 889871d..1780ac8 100644
> > --- a/libsemanage/src/handle.h
> > +++ b/libsemanage/src/handle.h
> > @@ -79,7 +79,7 @@ struct semanage_handle {
> > struct semanage_policy_table *funcs;
> >
> > /* Object databases */
> > -#define DBASE_COUNT 23
> > +#define DBASE_COUNT 24
> >
> > /* Local modifications */
> > #define DBASE_LOCAL_USERS_BASE 0
> > @@ -102,13 +102,14 @@ struct semanage_handle {
> > #define DBASE_POLICY_INTERFACES 15
> > #define DBASE_POLICY_BOOLEANS 16
> > #define DBASE_POLICY_FCONTEXTS 17
> > -#define DBASE_POLICY_SEUSERS 18
> > -#define DBASE_POLICY_NODES 19
> > -#define DBASE_POLICY_IBPKEYS 20
> > -#define DBASE_POLICY_IBENDPORTS 21
> > +#define DBASE_POLICY_FCONTEXTS_H 18
> > +#define DBASE_POLICY_SEUSERS 19
> > +#define DBASE_POLICY_NODES 20
> > +#define DBASE_POLICY_IBPKEYS 21
> > +#define DBASE_POLICY_IBENDPORTS 22
> >
> > /* Active kernel policy */
> > -#define DBASE_ACTIVE_BOOLEANS 22
> > +#define DBASE_ACTIVE_BOOLEANS 23
> > dbase_config_t dbase[DBASE_COUNT];
> > };
> >
> > @@ -236,6 +237,12 @@ static inline
> > }
> >
> > static inline
> > + dbase_config_t *
> > semanage_fcontext_dbase_homedirs(semanage_handle_t * handle)
> > +{
> > + return &handle->dbase[DBASE_POLICY_FCONTEXTS_H];
> > +}
> > +
> > +static inline
> > dbase_config_t *
> > semanage_seuser_dbase_policy(semanage_handle_t
> > * handle)
> > {
> > return &handle->dbase[DBASE_POLICY_SEUSERS];
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [PATCH 1/2] libsemanage: Add support for listing fcontext.homedirs file
2017-09-27 17:04 ` William Roberts
@ 2017-10-01 15:43 ` Vit Mojzis
2017-10-01 18:15 ` William Roberts
0 siblings, 1 reply; 21+ messages in thread
From: Vit Mojzis @ 2017-10-01 15:43 UTC (permalink / raw)
To: William Roberts; +Cc: selinux
On 27.9.2017 19:04, William Roberts wrote:
> 2017-09-27 1:16 GMT-07:00 Vit Mojzis <vmojzis@redhat.com>:
>> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813
>> ---
>> libsemanage/include/semanage/fcontexts_policy.h | 4 ++++
>> libsemanage/src/direct_api.c | 6 ++++++
>> libsemanage/src/fcontexts_policy.c | 8 ++++++++
>> libsemanage/src/handle.h | 19 +++++++++++++------
>> 4 files changed, 31 insertions(+), 6 deletions(-)
>>
>> diff --git a/libsemanage/include/semanage/fcontexts_policy.h b/libsemanage/include/semanage/fcontexts_policy.h
>> index a50db2b..199a1e1 100644
>> --- a/libsemanage/include/semanage/fcontexts_policy.h
>> +++ b/libsemanage/include/semanage/fcontexts_policy.h
>> @@ -26,4 +26,8 @@ extern int semanage_fcontext_list(semanage_handle_t * handle,
>> semanage_fcontext_t *** records,
>> unsigned int *count);
>>
>> +extern int semanage_fcontext_list_homedirs(semanage_handle_t * handle,
>> + semanage_fcontext_t *** records,
>> + unsigned int *count);
>> +
>> #endif
>> diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
>> index 65842df..886a228 100644
>> --- a/libsemanage/src/direct_api.c
>> +++ b/libsemanage/src/direct_api.c
>> @@ -210,6 +210,12 @@ int semanage_direct_connect(semanage_handle_t * sh)
>> semanage_fcontext_dbase_local(sh)) < 0)
>> goto err;
>>
>> + if (fcontext_file_dbase_init(sh,
>> + selinux_file_context_homedir_path(),
>> + selinux_file_context_homedir_path(),
>> + semanage_fcontext_dbase_homedirs(sh)) < 0)
>> + goto err;
>> +
>> if (seuser_file_dbase_init(sh,
>> semanage_path(SEMANAGE_ACTIVE,
>> SEMANAGE_SEUSERS_LOCAL),
>> diff --git a/libsemanage/src/fcontexts_policy.c b/libsemanage/src/fcontexts_policy.c
>> index 0b063b1..98490ab 100644
>> --- a/libsemanage/src/fcontexts_policy.c
>> +++ b/libsemanage/src/fcontexts_policy.c
>> @@ -51,3 +51,11 @@ int semanage_fcontext_list(semanage_handle_t * handle,
>> dbase_config_t *dconfig = semanage_fcontext_dbase_policy(handle);
>> return dbase_list(handle, dconfig, records, count);
>> }
>> +
>> +int semanage_fcontext_list_homedirs(semanage_handle_t * handle,
>> + semanage_fcontext_t *** records, unsigned int *count)
>> +{
>> +
>> + dbase_config_t *dconfig = semanage_fcontext_dbase_homedirs(handle);
>> + return dbase_list(handle, dconfig, records, count);
>> +}
>> diff --git a/libsemanage/src/handle.h b/libsemanage/src/handle.h
>> index 889871d..1780ac8 100644
>> --- a/libsemanage/src/handle.h
>> +++ b/libsemanage/src/handle.h
>> @@ -79,7 +79,7 @@ struct semanage_handle {
>> struct semanage_policy_table *funcs;
>>
>> /* Object databases */
>> -#define DBASE_COUNT 23
>> +#define DBASE_COUNT 24
>>
>> /* Local modifications */
>> #define DBASE_LOCAL_USERS_BASE 0
>> @@ -102,13 +102,14 @@ struct semanage_handle {
>> #define DBASE_POLICY_INTERFACES 15
>> #define DBASE_POLICY_BOOLEANS 16
>> #define DBASE_POLICY_FCONTEXTS 17
>> -#define DBASE_POLICY_SEUSERS 18
>> -#define DBASE_POLICY_NODES 19
>> -#define DBASE_POLICY_IBPKEYS 20
>> -#define DBASE_POLICY_IBENDPORTS 21
>> +#define DBASE_POLICY_FCONTEXTS_H 18
>> +#define DBASE_POLICY_SEUSERS 19
>> +#define DBASE_POLICY_NODES 20
>> +#define DBASE_POLICY_IBPKEYS 21
>> +#define DBASE_POLICY_IBENDPORTS 22
>>
>> /* Active kernel policy */
>> -#define DBASE_ACTIVE_BOOLEANS 22
>> +#define DBASE_ACTIVE_BOOLEANS 23
> Any particular reason to reassign all these defines instead
> of just setting DBASE_POLICY_FCONTEXTS_H to 22 and
> setting DBASE_ACTIVE_BOOLEANS to 23 other than just
> to have DBASE_POLICY_FCONTEXTS_H follow
> DBASE_POLICY_FCONTEXTS?
Nope, just to keep organized .
Should I set it to 22 instead?
>
> I'm also assuming, after looking at the code, that the database
> itself is built every time so versioning mismatches are not a worry.
>
>> dbase_config_t dbase[DBASE_COUNT];
>> };
>>
>> @@ -236,6 +237,12 @@ static inline
>> }
>>
>> static inline
>> + dbase_config_t * semanage_fcontext_dbase_homedirs(semanage_handle_t * handle)
>> +{
>> + return &handle->dbase[DBASE_POLICY_FCONTEXTS_H];
>> +}
>> +
>> +static inline
>> dbase_config_t * semanage_seuser_dbase_policy(semanage_handle_t * handle)
>> {
>> return &handle->dbase[DBASE_POLICY_SEUSERS];
>> --
>> 2.9.4
>>
>>
>
>
^ permalink raw reply [flat|nested] 21+ messages in thread
* [PATCH 1/3] libsemanage: Keep copy of file_contexts.homedirs in policy store
2017-09-27 18:17 ` Stephen Smalley
@ 2017-10-01 18:01 ` Vit Mojzis
2017-10-01 18:01 ` [PATCH 2/3] libsemanage: Add support for listing fcontext.homedirs file Vit Mojzis
2017-10-01 18:01 ` Vit Mojzis
0 siblings, 2 replies; 21+ messages in thread
From: Vit Mojzis @ 2017-10-01 18:01 UTC (permalink / raw)
To: selinux
This will allow listing the correct file_contexts.homedirs
using libsemanage regardless of selected policy store.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813
---
libsemanage/src/direct_api.c | 19 ++++++++++++++-----
libsemanage/src/genhomedircon.c | 4 ++--
libsemanage/src/semanage_store.c | 1 +
libsemanage/src/semanage_store.h | 1 +
4 files changed, 18 insertions(+), 7 deletions(-)
diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
index 65842df..971a08f 100644
--- a/libsemanage/src/direct_api.c
+++ b/libsemanage/src/direct_api.c
@@ -1577,11 +1577,20 @@ rebuild:
/* run genhomedircon if its enabled, this should be the last operation
* which requires the out policydb */
if (!sh->conf->disable_genhomedircon) {
- if (out && (retval =
- semanage_genhomedircon(sh, out, sh->conf->usepasswd, sh->conf->ignoredirs)) != 0) {
- ERR(sh, "semanage_genhomedircon returned error code %d.",
- retval);
- goto cleanup;
+ if (out){
+ if ((retval = semanage_genhomedircon(sh, out, sh->conf->usepasswd,
+ sh->conf->ignoredirs)) != 0) {
+ ERR(sh, "semanage_genhomedircon returned error code %d.", retval);
+ goto cleanup;
+ }
+ /* file_contexts.homedirs was created in SEMANAGE_TMP store */
+ retval = semanage_copy_file(
+ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_HOMEDIRS),
+ semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC_HOMEDIRS),
+ sh->conf->file_mode);
+ if (retval < 0) {
+ goto cleanup;
+ }
}
} else {
WARN(sh, "WARNING: genhomedircon is disabled. \
diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c
index b9a74b7..27a269e 100644
--- a/libsemanage/src/genhomedircon.c
+++ b/libsemanage/src/genhomedircon.c
@@ -1345,8 +1345,8 @@ int semanage_genhomedircon(semanage_handle_t * sh,
s.homedir_template_path =
semanage_path(SEMANAGE_TMP, SEMANAGE_HOMEDIR_TMPL);
- s.fcfilepath = semanage_final_path(SEMANAGE_FINAL_TMP,
- SEMANAGE_FC_HOMEDIRS);
+ s.fcfilepath =
+ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_HOMEDIRS);
s.fallback = calloc(1, sizeof(genhomedircon_user_entry_t));
if (s.fallback == NULL) {
diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c
index 6158d08..63c80b0 100644
--- a/libsemanage/src/semanage_store.c
+++ b/libsemanage/src/semanage_store.c
@@ -116,6 +116,7 @@ static const char *semanage_sandbox_paths[SEMANAGE_STORE_NUM_PATHS] = {
"/modules/disabled",
"/policy.kern",
"/file_contexts.local",
+ "/file_contexts.homedirs",
"/file_contexts",
"/seusers"
};
diff --git a/libsemanage/src/semanage_store.h b/libsemanage/src/semanage_store.h
index fcaa505..34bf852 100644
--- a/libsemanage/src/semanage_store.h
+++ b/libsemanage/src/semanage_store.h
@@ -61,6 +61,7 @@ enum semanage_sandbox_defs {
SEMANAGE_MODULES_DISABLED,
SEMANAGE_STORE_KERNEL,
SEMANAGE_STORE_FC_LOCAL,
+ SEMANAGE_STORE_FC_HOMEDIRS,
SEMANAGE_STORE_FC,
SEMANAGE_STORE_SEUSERS,
SEMANAGE_STORE_NUM_PATHS
--
2.9.4
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [PATCH 2/3] libsemanage: Add support for listing fcontext.homedirs file
2017-10-01 18:01 ` [PATCH 1/3] libsemanage: Keep copy of file_contexts.homedirs in policy store Vit Mojzis
@ 2017-10-01 18:01 ` Vit Mojzis
2017-10-02 19:07 ` Stephen Smalley
2017-10-01 18:01 ` Vit Mojzis
1 sibling, 1 reply; 21+ messages in thread
From: Vit Mojzis @ 2017-10-01 18:01 UTC (permalink / raw)
To: selinux
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813
---
libsemanage/include/semanage/fcontexts_policy.h | 4 ++++
libsemanage/src/direct_api.c | 6 ++++++
libsemanage/src/fcontexts_policy.c | 8 ++++++++
libsemanage/src/handle.h | 19 +++++++++++++------
4 files changed, 31 insertions(+), 6 deletions(-)
diff --git a/libsemanage/include/semanage/fcontexts_policy.h b/libsemanage/include/semanage/fcontexts_policy.h
index a50db2b..199a1e1 100644
--- a/libsemanage/include/semanage/fcontexts_policy.h
+++ b/libsemanage/include/semanage/fcontexts_policy.h
@@ -26,4 +26,8 @@ extern int semanage_fcontext_list(semanage_handle_t * handle,
semanage_fcontext_t *** records,
unsigned int *count);
+extern int semanage_fcontext_list_homedirs(semanage_handle_t * handle,
+ semanage_fcontext_t *** records,
+ unsigned int *count);
+
#endif
diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
index 971a08f..334267d 100644
--- a/libsemanage/src/direct_api.c
+++ b/libsemanage/src/direct_api.c
@@ -210,6 +210,12 @@ int semanage_direct_connect(semanage_handle_t * sh)
semanage_fcontext_dbase_local(sh)) < 0)
goto err;
+ if (fcontext_file_dbase_init(sh,
+ semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_FC_HOMEDIRS),
+ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_HOMEDIRS),
+ semanage_fcontext_dbase_homedirs(sh)) < 0)
+ goto err;
+
if (seuser_file_dbase_init(sh,
semanage_path(SEMANAGE_ACTIVE,
SEMANAGE_SEUSERS_LOCAL),
diff --git a/libsemanage/src/fcontexts_policy.c b/libsemanage/src/fcontexts_policy.c
index 0b063b1..98490ab 100644
--- a/libsemanage/src/fcontexts_policy.c
+++ b/libsemanage/src/fcontexts_policy.c
@@ -51,3 +51,11 @@ int semanage_fcontext_list(semanage_handle_t * handle,
dbase_config_t *dconfig = semanage_fcontext_dbase_policy(handle);
return dbase_list(handle, dconfig, records, count);
}
+
+int semanage_fcontext_list_homedirs(semanage_handle_t * handle,
+ semanage_fcontext_t *** records, unsigned int *count)
+{
+
+ dbase_config_t *dconfig = semanage_fcontext_dbase_homedirs(handle);
+ return dbase_list(handle, dconfig, records, count);
+}
diff --git a/libsemanage/src/handle.h b/libsemanage/src/handle.h
index 889871d..1780ac8 100644
--- a/libsemanage/src/handle.h
+++ b/libsemanage/src/handle.h
@@ -79,7 +79,7 @@ struct semanage_handle {
struct semanage_policy_table *funcs;
/* Object databases */
-#define DBASE_COUNT 23
+#define DBASE_COUNT 24
/* Local modifications */
#define DBASE_LOCAL_USERS_BASE 0
@@ -102,13 +102,14 @@ struct semanage_handle {
#define DBASE_POLICY_INTERFACES 15
#define DBASE_POLICY_BOOLEANS 16
#define DBASE_POLICY_FCONTEXTS 17
-#define DBASE_POLICY_SEUSERS 18
-#define DBASE_POLICY_NODES 19
-#define DBASE_POLICY_IBPKEYS 20
-#define DBASE_POLICY_IBENDPORTS 21
+#define DBASE_POLICY_FCONTEXTS_H 18
+#define DBASE_POLICY_SEUSERS 19
+#define DBASE_POLICY_NODES 20
+#define DBASE_POLICY_IBPKEYS 21
+#define DBASE_POLICY_IBENDPORTS 22
/* Active kernel policy */
-#define DBASE_ACTIVE_BOOLEANS 22
+#define DBASE_ACTIVE_BOOLEANS 23
dbase_config_t dbase[DBASE_COUNT];
};
@@ -236,6 +237,12 @@ static inline
}
static inline
+ dbase_config_t * semanage_fcontext_dbase_homedirs(semanage_handle_t * handle)
+{
+ return &handle->dbase[DBASE_POLICY_FCONTEXTS_H];
+}
+
+static inline
dbase_config_t * semanage_seuser_dbase_policy(semanage_handle_t * handle)
{
return &handle->dbase[DBASE_POLICY_SEUSERS];
--
2.9.4
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [PATCH 3/3] python/semanage: Enable listing file_contexts.homedirs
2017-10-01 18:01 ` [PATCH 1/3] libsemanage: Keep copy of file_contexts.homedirs in policy store Vit Mojzis
2017-10-01 18:01 ` [PATCH 2/3] libsemanage: Add support for listing fcontext.homedirs file Vit Mojzis
@ 2017-10-01 18:01 ` Vit Mojzis
1 sibling, 0 replies; 21+ messages in thread
From: Vit Mojzis @ 2017-10-01 18:01 UTC (permalink / raw)
To: selinux
Include entries from file_contexts.homedirs when listing file contexts
via "semanage fcontext -l"
"semanage fcontext -l" so far ignored content of file_contexts.homedirs
file, which is confusing for users (more specific rules may be ignored in
favor of rules unseen to the user since file_contexts.homedirs has
higher priority than file_contexts).
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813
---
python/semanage/seobject.py | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
index 70fd192..1385315 100644
--- a/python/semanage/seobject.py
+++ b/python/semanage/seobject.py
@@ -2566,10 +2566,15 @@ class fcontextRecords(semanageRecords):
if rc < 0:
raise ValueError(_("Could not list file contexts"))
+ (rc, fchomedirs) = semanage_fcontext_list_homedirs(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not list file contexts for home directories"))
+
(rc, fclocal) = semanage_fcontext_list_local(self.sh)
if rc < 0:
raise ValueError(_("Could not list local file contexts"))
+ self.flist += fchomedirs
self.flist += fclocal
ddict = {}
--
2.9.4
^ permalink raw reply related [flat|nested] 21+ messages in thread
* Re: [PATCH 1/2] libsemanage: Add support for listing fcontext.homedirs file
2017-10-01 15:43 ` Vit Mojzis
@ 2017-10-01 18:15 ` William Roberts
0 siblings, 0 replies; 21+ messages in thread
From: William Roberts @ 2017-10-01 18:15 UTC (permalink / raw)
To: Vit Mojzis; +Cc: selinux
On Sun, Oct 1, 2017 at 8:43 AM, Vit Mojzis <vmojzis@redhat.com> wrote:
>
>
> On 27.9.2017 19:04, William Roberts wrote:
>>
>> 2017-09-27 1:16 GMT-07:00 Vit Mojzis <vmojzis@redhat.com>:
>>>
>>> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813
>>> ---
>>> libsemanage/include/semanage/fcontexts_policy.h | 4 ++++
>>> libsemanage/src/direct_api.c | 6 ++++++
>>> libsemanage/src/fcontexts_policy.c | 8 ++++++++
>>> libsemanage/src/handle.h | 19
>>> +++++++++++++------
>>> 4 files changed, 31 insertions(+), 6 deletions(-)
>>>
>>> diff --git a/libsemanage/include/semanage/fcontexts_policy.h
>>> b/libsemanage/include/semanage/fcontexts_policy.h
>>> index a50db2b..199a1e1 100644
>>> --- a/libsemanage/include/semanage/fcontexts_policy.h
>>> +++ b/libsemanage/include/semanage/fcontexts_policy.h
>>> @@ -26,4 +26,8 @@ extern int semanage_fcontext_list(semanage_handle_t *
>>> handle,
>>> semanage_fcontext_t *** records,
>>> unsigned int *count);
>>>
>>> +extern int semanage_fcontext_list_homedirs(semanage_handle_t * handle,
>>> + semanage_fcontext_t *** records,
>>> + unsigned int *count);
>>> +
>>> #endif
>>> diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
>>> index 65842df..886a228 100644
>>> --- a/libsemanage/src/direct_api.c
>>> +++ b/libsemanage/src/direct_api.c
>>> @@ -210,6 +210,12 @@ int semanage_direct_connect(semanage_handle_t * sh)
>>> semanage_fcontext_dbase_local(sh))
>>> < 0)
>>> goto err;
>>>
>>> + if (fcontext_file_dbase_init(sh,
>>> + selinux_file_context_homedir_path(),
>>> + selinux_file_context_homedir_path(),
>>> +
>>> semanage_fcontext_dbase_homedirs(sh)) < 0)
>>> + goto err;
>>> +
>>> if (seuser_file_dbase_init(sh,
>>> semanage_path(SEMANAGE_ACTIVE,
>>>
>>> SEMANAGE_SEUSERS_LOCAL),
>>> diff --git a/libsemanage/src/fcontexts_policy.c
>>> b/libsemanage/src/fcontexts_policy.c
>>> index 0b063b1..98490ab 100644
>>> --- a/libsemanage/src/fcontexts_policy.c
>>> +++ b/libsemanage/src/fcontexts_policy.c
>>> @@ -51,3 +51,11 @@ int semanage_fcontext_list(semanage_handle_t * handle,
>>> dbase_config_t *dconfig =
>>> semanage_fcontext_dbase_policy(handle);
>>> return dbase_list(handle, dconfig, records, count);
>>> }
>>> +
>>> +int semanage_fcontext_list_homedirs(semanage_handle_t * handle,
>>> + semanage_fcontext_t *** records, unsigned int
>>> *count)
>>> +{
>>> +
>>> + dbase_config_t *dconfig =
>>> semanage_fcontext_dbase_homedirs(handle);
>>> + return dbase_list(handle, dconfig, records, count);
>>> +}
>>> diff --git a/libsemanage/src/handle.h b/libsemanage/src/handle.h
>>> index 889871d..1780ac8 100644
>>> --- a/libsemanage/src/handle.h
>>> +++ b/libsemanage/src/handle.h
>>> @@ -79,7 +79,7 @@ struct semanage_handle {
>>> struct semanage_policy_table *funcs;
>>>
>>> /* Object databases */
>>> -#define DBASE_COUNT 23
>>> +#define DBASE_COUNT 24
>>>
>>> /* Local modifications */
>>> #define DBASE_LOCAL_USERS_BASE 0
>>> @@ -102,13 +102,14 @@ struct semanage_handle {
>>> #define DBASE_POLICY_INTERFACES 15
>>> #define DBASE_POLICY_BOOLEANS 16
>>> #define DBASE_POLICY_FCONTEXTS 17
>>> -#define DBASE_POLICY_SEUSERS 18
>>> -#define DBASE_POLICY_NODES 19
>>> -#define DBASE_POLICY_IBPKEYS 20
>>> -#define DBASE_POLICY_IBENDPORTS 21
>>> +#define DBASE_POLICY_FCONTEXTS_H 18
>>> +#define DBASE_POLICY_SEUSERS 19
>>> +#define DBASE_POLICY_NODES 20
>>> +#define DBASE_POLICY_IBPKEYS 21
>>> +#define DBASE_POLICY_IBENDPORTS 22
>>>
>>> /* Active kernel policy */
>>> -#define DBASE_ACTIVE_BOOLEANS 22
>>> +#define DBASE_ACTIVE_BOOLEANS 23
>>
>> Any particular reason to reassign all these defines instead
>> of just setting DBASE_POLICY_FCONTEXTS_H to 22 and
>> setting DBASE_ACTIVE_BOOLEANS to 23 other than just
>> to have DBASE_POLICY_FCONTEXTS_H follow
>> DBASE_POLICY_FCONTEXTS?
>
> Nope, just to keep organized .
> Should I set it to 22 instead?
>
I don't have a major gripe with that other than it makes the patch larger
than needed.
>>
>> I'm also assuming, after looking at the code, that the database
>> itself is built every time so versioning mismatches are not a worry.
>>
>>> dbase_config_t dbase[DBASE_COUNT];
>>> };
>>>
>>> @@ -236,6 +237,12 @@ static inline
>>> }
>>>
>>> static inline
>>> + dbase_config_t * semanage_fcontext_dbase_homedirs(semanage_handle_t
>>> * handle)
>>> +{
>>> + return &handle->dbase[DBASE_POLICY_FCONTEXTS_H];
>>> +}
>>> +
>>> +static inline
>>> dbase_config_t * semanage_seuser_dbase_policy(semanage_handle_t *
>>> handle)
>>> {
>>> return &handle->dbase[DBASE_POLICY_SEUSERS];
>>> --
>>> 2.9.4
>>>
>>>
>>
>>
>
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [PATCH 2/3] libsemanage: Add support for listing fcontext.homedirs file
2017-10-01 18:01 ` [PATCH 2/3] libsemanage: Add support for listing fcontext.homedirs file Vit Mojzis
@ 2017-10-02 19:07 ` Stephen Smalley
2017-10-03 9:57 ` [PATCH] " Vit Mojzis
0 siblings, 1 reply; 21+ messages in thread
From: Stephen Smalley @ 2017-10-02 19:07 UTC (permalink / raw)
To: Vit Mojzis, selinux
On Sun, 2017-10-01 at 20:01 +0200, Vit Mojzis wrote:
> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813
> ---
> libsemanage/include/semanage/fcontexts_policy.h | 4 ++++
> libsemanage/src/direct_api.c | 6 ++++++
> libsemanage/src/fcontexts_policy.c | 8 ++++++++
> libsemanage/src/handle.h | 19 +++++++++++++
> ------
> 4 files changed, 31 insertions(+), 6 deletions(-)
>
> diff --git a/libsemanage/include/semanage/fcontexts_policy.h
> b/libsemanage/include/semanage/fcontexts_policy.h
> index a50db2b..199a1e1 100644
> --- a/libsemanage/include/semanage/fcontexts_policy.h
> +++ b/libsemanage/include/semanage/fcontexts_policy.h
> @@ -26,4 +26,8 @@ extern int semanage_fcontext_list(semanage_handle_t
> * handle,
> semanage_fcontext_t *** records,
> unsigned int *count);
>
> +extern int semanage_fcontext_list_homedirs(semanage_handle_t *
> handle,
> + semanage_fcontext_t *** records,
> + unsigned int *count);
> +
> #endif
> diff --git a/libsemanage/src/direct_api.c
> b/libsemanage/src/direct_api.c
> index 971a08f..334267d 100644
> --- a/libsemanage/src/direct_api.c
> +++ b/libsemanage/src/direct_api.c
> @@ -210,6 +210,12 @@ int semanage_direct_connect(semanage_handle_t *
> sh)
> semanage_fcontext_dbase_local(s
> h)) < 0)
> goto err;
>
> + if (fcontext_file_dbase_init(sh,
> + semanage_path(SEMANAGE_ACTIVE,
> SEMANAGE_STORE_FC_HOMEDIRS),
> + semanage_path(SEMANAGE_TMP,
> SEMANAGE_STORE_FC_HOMEDIRS),
> + semanage_fcontext_dbase_homedir
> s(sh)) < 0)
> + goto err;
> +
Don't we also need to do a
fcontext_file_dbase_release(semanage_fcontext_dbase_homedir(sh)); from
semanage_direct_disconnect()?
> if (seuser_file_dbase_init(sh,
> semanage_path(SEMANAGE_ACTIVE,
> SEMANAGE_SEUSERS_LO
> CAL),
> diff --git a/libsemanage/src/fcontexts_policy.c
> b/libsemanage/src/fcontexts_policy.c
> index 0b063b1..98490ab 100644
> --- a/libsemanage/src/fcontexts_policy.c
> +++ b/libsemanage/src/fcontexts_policy.c
> @@ -51,3 +51,11 @@ int semanage_fcontext_list(semanage_handle_t *
> handle,
> dbase_config_t *dconfig =
> semanage_fcontext_dbase_policy(handle);
> return dbase_list(handle, dconfig, records, count);
> }
> +
> +int semanage_fcontext_list_homedirs(semanage_handle_t * handle,
> + semanage_fcontext_t *** records, unsigned
> int *count)
> +{
> +
> + dbase_config_t *dconfig =
> semanage_fcontext_dbase_homedirs(handle);
> + return dbase_list(handle, dconfig, records, count);
> +}
> diff --git a/libsemanage/src/handle.h b/libsemanage/src/handle.h
> index 889871d..1780ac8 100644
> --- a/libsemanage/src/handle.h
> +++ b/libsemanage/src/handle.h
> @@ -79,7 +79,7 @@ struct semanage_handle {
> struct semanage_policy_table *funcs;
>
> /* Object databases */
> -#define DBASE_COUNT 23
> +#define DBASE_COUNT 24
>
> /* Local modifications */
> #define DBASE_LOCAL_USERS_BASE 0
> @@ -102,13 +102,14 @@ struct semanage_handle {
> #define DBASE_POLICY_INTERFACES 15
> #define DBASE_POLICY_BOOLEANS 16
> #define DBASE_POLICY_FCONTEXTS 17
> -#define DBASE_POLICY_SEUSERS 18
> -#define DBASE_POLICY_NODES 19
> -#define DBASE_POLICY_IBPKEYS 20
> -#define DBASE_POLICY_IBENDPORTS 21
> +#define DBASE_POLICY_FCONTEXTS_H 18
> +#define DBASE_POLICY_SEUSERS 19
> +#define DBASE_POLICY_NODES 20
> +#define DBASE_POLICY_IBPKEYS 21
> +#define DBASE_POLICY_IBENDPORTS 22
>
> /* Active kernel policy */
> -#define DBASE_ACTIVE_BOOLEANS 22
> +#define DBASE_ACTIVE_BOOLEANS 23
> dbase_config_t dbase[DBASE_COUNT];
> };
>
> @@ -236,6 +237,12 @@ static inline
> }
>
> static inline
> + dbase_config_t *
> semanage_fcontext_dbase_homedirs(semanage_handle_t * handle)
> +{
> + return &handle->dbase[DBASE_POLICY_FCONTEXTS_H];
> +}
> +
> +static inline
> dbase_config_t * semanage_seuser_dbase_policy(semanage_handle_t
> * handle)
> {
> return &handle->dbase[DBASE_POLICY_SEUSERS];
^ permalink raw reply [flat|nested] 21+ messages in thread
* [PATCH] libsemanage: Add support for listing fcontext.homedirs file
2017-10-02 19:07 ` Stephen Smalley
@ 2017-10-03 9:57 ` Vit Mojzis
2017-10-04 14:07 ` Stephen Smalley
0 siblings, 1 reply; 21+ messages in thread
From: Vit Mojzis @ 2017-10-03 9:57 UTC (permalink / raw)
To: selinux
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813
---
libsemanage/include/semanage/fcontexts_policy.h | 4 ++++
libsemanage/src/direct_api.c | 7 +++++++
libsemanage/src/fcontexts_policy.c | 8 ++++++++
libsemanage/src/handle.h | 19 +++++++++++++------
4 files changed, 32 insertions(+), 6 deletions(-)
diff --git a/libsemanage/include/semanage/fcontexts_policy.h b/libsemanage/include/semanage/fcontexts_policy.h
index a50db2b..199a1e1 100644
--- a/libsemanage/include/semanage/fcontexts_policy.h
+++ b/libsemanage/include/semanage/fcontexts_policy.h
@@ -26,4 +26,8 @@ extern int semanage_fcontext_list(semanage_handle_t * handle,
semanage_fcontext_t *** records,
unsigned int *count);
+extern int semanage_fcontext_list_homedirs(semanage_handle_t * handle,
+ semanage_fcontext_t *** records,
+ unsigned int *count);
+
#endif
diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
index 971a08f..00ad820 100644
--- a/libsemanage/src/direct_api.c
+++ b/libsemanage/src/direct_api.c
@@ -210,6 +210,12 @@ int semanage_direct_connect(semanage_handle_t * sh)
semanage_fcontext_dbase_local(sh)) < 0)
goto err;
+ if (fcontext_file_dbase_init(sh,
+ semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_FC_HOMEDIRS),
+ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_HOMEDIRS),
+ semanage_fcontext_dbase_homedirs(sh)) < 0)
+ goto err;
+
if (seuser_file_dbase_init(sh,
semanage_path(SEMANAGE_ACTIVE,
SEMANAGE_SEUSERS_LOCAL),
@@ -349,6 +355,7 @@ static int semanage_direct_disconnect(semanage_handle_t * sh)
iface_file_dbase_release(semanage_iface_dbase_local(sh));
bool_file_dbase_release(semanage_bool_dbase_local(sh));
fcontext_file_dbase_release(semanage_fcontext_dbase_local(sh));
+ fcontext_file_dbase_release(semanage_fcontext_dbase_homedirs(sh));
seuser_file_dbase_release(semanage_seuser_dbase_local(sh));
node_file_dbase_release(semanage_node_dbase_local(sh));
diff --git a/libsemanage/src/fcontexts_policy.c b/libsemanage/src/fcontexts_policy.c
index 0b063b1..98490ab 100644
--- a/libsemanage/src/fcontexts_policy.c
+++ b/libsemanage/src/fcontexts_policy.c
@@ -51,3 +51,11 @@ int semanage_fcontext_list(semanage_handle_t * handle,
dbase_config_t *dconfig = semanage_fcontext_dbase_policy(handle);
return dbase_list(handle, dconfig, records, count);
}
+
+int semanage_fcontext_list_homedirs(semanage_handle_t * handle,
+ semanage_fcontext_t *** records, unsigned int *count)
+{
+
+ dbase_config_t *dconfig = semanage_fcontext_dbase_homedirs(handle);
+ return dbase_list(handle, dconfig, records, count);
+}
diff --git a/libsemanage/src/handle.h b/libsemanage/src/handle.h
index 889871d..1780ac8 100644
--- a/libsemanage/src/handle.h
+++ b/libsemanage/src/handle.h
@@ -79,7 +79,7 @@ struct semanage_handle {
struct semanage_policy_table *funcs;
/* Object databases */
-#define DBASE_COUNT 23
+#define DBASE_COUNT 24
/* Local modifications */
#define DBASE_LOCAL_USERS_BASE 0
@@ -102,13 +102,14 @@ struct semanage_handle {
#define DBASE_POLICY_INTERFACES 15
#define DBASE_POLICY_BOOLEANS 16
#define DBASE_POLICY_FCONTEXTS 17
-#define DBASE_POLICY_SEUSERS 18
-#define DBASE_POLICY_NODES 19
-#define DBASE_POLICY_IBPKEYS 20
-#define DBASE_POLICY_IBENDPORTS 21
+#define DBASE_POLICY_FCONTEXTS_H 18
+#define DBASE_POLICY_SEUSERS 19
+#define DBASE_POLICY_NODES 20
+#define DBASE_POLICY_IBPKEYS 21
+#define DBASE_POLICY_IBENDPORTS 22
/* Active kernel policy */
-#define DBASE_ACTIVE_BOOLEANS 22
+#define DBASE_ACTIVE_BOOLEANS 23
dbase_config_t dbase[DBASE_COUNT];
};
@@ -236,6 +237,12 @@ static inline
}
static inline
+ dbase_config_t * semanage_fcontext_dbase_homedirs(semanage_handle_t * handle)
+{
+ return &handle->dbase[DBASE_POLICY_FCONTEXTS_H];
+}
+
+static inline
dbase_config_t * semanage_seuser_dbase_policy(semanage_handle_t * handle)
{
return &handle->dbase[DBASE_POLICY_SEUSERS];
--
2.9.4
^ permalink raw reply related [flat|nested] 21+ messages in thread
* Re: [PATCH] libsemanage: Add support for listing fcontext.homedirs file
2017-10-03 9:57 ` [PATCH] " Vit Mojzis
@ 2017-10-04 14:07 ` Stephen Smalley
2017-10-04 14:54 ` Vit Mojzis
0 siblings, 1 reply; 21+ messages in thread
From: Stephen Smalley @ 2017-10-04 14:07 UTC (permalink / raw)
To: Vit Mojzis, selinux
On Tue, 2017-10-03 at 11:57 +0200, Vit Mojzis wrote:
> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813
These all look good to me now. Could you please re-post them all with
Signed-off-by: lines, and then we'll merge them in a couple of days
barring any other concerns?
> ---
> libsemanage/include/semanage/fcontexts_policy.h | 4 ++++
> libsemanage/src/direct_api.c | 7 +++++++
> libsemanage/src/fcontexts_policy.c | 8 ++++++++
> libsemanage/src/handle.h | 19 +++++++++++++
> ------
> 4 files changed, 32 insertions(+), 6 deletions(-)
>
> diff --git a/libsemanage/include/semanage/fcontexts_policy.h
> b/libsemanage/include/semanage/fcontexts_policy.h
> index a50db2b..199a1e1 100644
> --- a/libsemanage/include/semanage/fcontexts_policy.h
> +++ b/libsemanage/include/semanage/fcontexts_policy.h
> @@ -26,4 +26,8 @@ extern int semanage_fcontext_list(semanage_handle_t
> * handle,
> semanage_fcontext_t *** records,
> unsigned int *count);
>
> +extern int semanage_fcontext_list_homedirs(semanage_handle_t *
> handle,
> + semanage_fcontext_t *** records,
> + unsigned int *count);
> +
> #endif
> diff --git a/libsemanage/src/direct_api.c
> b/libsemanage/src/direct_api.c
> index 971a08f..00ad820 100644
> --- a/libsemanage/src/direct_api.c
> +++ b/libsemanage/src/direct_api.c
> @@ -210,6 +210,12 @@ int semanage_direct_connect(semanage_handle_t *
> sh)
> semanage_fcontext_dbase_local(s
> h)) < 0)
> goto err;
>
> + if (fcontext_file_dbase_init(sh,
> + semanage_path(SEMANAGE_ACTIVE,
> SEMANAGE_STORE_FC_HOMEDIRS),
> + semanage_path(SEMANAGE_TMP,
> SEMANAGE_STORE_FC_HOMEDIRS),
> + semanage_fcontext_dbase_homedir
> s(sh)) < 0)
> + goto err;
> +
> if (seuser_file_dbase_init(sh,
> semanage_path(SEMANAGE_ACTIVE,
> SEMANAGE_SEUSERS_LO
> CAL),
> @@ -349,6 +355,7 @@ static int
> semanage_direct_disconnect(semanage_handle_t * sh)
> iface_file_dbase_release(semanage_iface_dbase_local(sh));
> bool_file_dbase_release(semanage_bool_dbase_local(sh));
> fcontext_file_dbase_release(semanage_fcontext_dbase_local(sh
> ));
> + fcontext_file_dbase_release(semanage_fcontext_dbase_homedirs
> (sh));
> seuser_file_dbase_release(semanage_seuser_dbase_local(sh));
> node_file_dbase_release(semanage_node_dbase_local(sh));
>
> diff --git a/libsemanage/src/fcontexts_policy.c
> b/libsemanage/src/fcontexts_policy.c
> index 0b063b1..98490ab 100644
> --- a/libsemanage/src/fcontexts_policy.c
> +++ b/libsemanage/src/fcontexts_policy.c
> @@ -51,3 +51,11 @@ int semanage_fcontext_list(semanage_handle_t *
> handle,
> dbase_config_t *dconfig =
> semanage_fcontext_dbase_policy(handle);
> return dbase_list(handle, dconfig, records, count);
> }
> +
> +int semanage_fcontext_list_homedirs(semanage_handle_t * handle,
> + semanage_fcontext_t *** records, unsigned
> int *count)
> +{
> +
> + dbase_config_t *dconfig =
> semanage_fcontext_dbase_homedirs(handle);
> + return dbase_list(handle, dconfig, records, count);
> +}
> diff --git a/libsemanage/src/handle.h b/libsemanage/src/handle.h
> index 889871d..1780ac8 100644
> --- a/libsemanage/src/handle.h
> +++ b/libsemanage/src/handle.h
> @@ -79,7 +79,7 @@ struct semanage_handle {
> struct semanage_policy_table *funcs;
>
> /* Object databases */
> -#define DBASE_COUNT 23
> +#define DBASE_COUNT 24
>
> /* Local modifications */
> #define DBASE_LOCAL_USERS_BASE 0
> @@ -102,13 +102,14 @@ struct semanage_handle {
> #define DBASE_POLICY_INTERFACES 15
> #define DBASE_POLICY_BOOLEANS 16
> #define DBASE_POLICY_FCONTEXTS 17
> -#define DBASE_POLICY_SEUSERS 18
> -#define DBASE_POLICY_NODES 19
> -#define DBASE_POLICY_IBPKEYS 20
> -#define DBASE_POLICY_IBENDPORTS 21
> +#define DBASE_POLICY_FCONTEXTS_H 18
> +#define DBASE_POLICY_SEUSERS 19
> +#define DBASE_POLICY_NODES 20
> +#define DBASE_POLICY_IBPKEYS 21
> +#define DBASE_POLICY_IBENDPORTS 22
>
> /* Active kernel policy */
> -#define DBASE_ACTIVE_BOOLEANS 22
> +#define DBASE_ACTIVE_BOOLEANS 23
> dbase_config_t dbase[DBASE_COUNT];
> };
>
> @@ -236,6 +237,12 @@ static inline
> }
>
> static inline
> + dbase_config_t *
> semanage_fcontext_dbase_homedirs(semanage_handle_t * handle)
> +{
> + return &handle->dbase[DBASE_POLICY_FCONTEXTS_H];
> +}
> +
> +static inline
> dbase_config_t * semanage_seuser_dbase_policy(semanage_handle_t
> * handle)
> {
> return &handle->dbase[DBASE_POLICY_SEUSERS];
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [PATCH] libsemanage: Add support for listing fcontext.homedirs file
2017-10-04 14:07 ` Stephen Smalley
@ 2017-10-04 14:54 ` Vit Mojzis
2017-10-04 15:36 ` [PATCH 1/3] libsemanage: Keep copy of file_contexts.homedirs in policy store Vit Mojzis
0 siblings, 1 reply; 21+ messages in thread
From: Vit Mojzis @ 2017-10-04 14:54 UTC (permalink / raw)
To: selinux
On 4.10.2017 16:07, Stephen Smalley wrote:
> On Tue, 2017-10-03 at 11:57 +0200, Vit Mojzis wrote:
>> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813
> These all look good to me now. Could you please re-post them all with
> Signed-off-by: lines, and then we'll merge them in a couple of days
> barring any other concerns?
Sure. Thank you, I appreciate your help.
>
>> ---
>> libsemanage/include/semanage/fcontexts_policy.h | 4 ++++
>> libsemanage/src/direct_api.c | 7 +++++++
>> libsemanage/src/fcontexts_policy.c | 8 ++++++++
>> libsemanage/src/handle.h | 19 +++++++++++++
>> ------
>> 4 files changed, 32 insertions(+), 6 deletions(-)
>>
>> diff --git a/libsemanage/include/semanage/fcontexts_policy.h
>> b/libsemanage/include/semanage/fcontexts_policy.h
>> index a50db2b..199a1e1 100644
>> --- a/libsemanage/include/semanage/fcontexts_policy.h
>> +++ b/libsemanage/include/semanage/fcontexts_policy.h
>> @@ -26,4 +26,8 @@ extern int semanage_fcontext_list(semanage_handle_t
>> * handle,
>> semanage_fcontext_t *** records,
>> unsigned int *count);
>>
>> +extern int semanage_fcontext_list_homedirs(semanage_handle_t *
>> handle,
>> + semanage_fcontext_t *** records,
>> + unsigned int *count);
>> +
>> #endif
>> diff --git a/libsemanage/src/direct_api.c
>> b/libsemanage/src/direct_api.c
>> index 971a08f..00ad820 100644
>> --- a/libsemanage/src/direct_api.c
>> +++ b/libsemanage/src/direct_api.c
>> @@ -210,6 +210,12 @@ int semanage_direct_connect(semanage_handle_t *
>> sh)
>> semanage_fcontext_dbase_local(s
>> h)) < 0)
>> goto err;
>>
>> + if (fcontext_file_dbase_init(sh,
>> + semanage_path(SEMANAGE_ACTIVE,
>> SEMANAGE_STORE_FC_HOMEDIRS),
>> + semanage_path(SEMANAGE_TMP,
>> SEMANAGE_STORE_FC_HOMEDIRS),
>> + semanage_fcontext_dbase_homedir
>> s(sh)) < 0)
>> + goto err;
>> +
>> if (seuser_file_dbase_init(sh,
>> semanage_path(SEMANAGE_ACTIVE,
>> SEMANAGE_SEUSERS_LO
>> CAL),
>> @@ -349,6 +355,7 @@ static int
>> semanage_direct_disconnect(semanage_handle_t * sh)
>> iface_file_dbase_release(semanage_iface_dbase_local(sh));
>> bool_file_dbase_release(semanage_bool_dbase_local(sh));
>> fcontext_file_dbase_release(semanage_fcontext_dbase_local(sh
>> ));
>> + fcontext_file_dbase_release(semanage_fcontext_dbase_homedirs
>> (sh));
>> seuser_file_dbase_release(semanage_seuser_dbase_local(sh));
>> node_file_dbase_release(semanage_node_dbase_local(sh));
>>
>> diff --git a/libsemanage/src/fcontexts_policy.c
>> b/libsemanage/src/fcontexts_policy.c
>> index 0b063b1..98490ab 100644
>> --- a/libsemanage/src/fcontexts_policy.c
>> +++ b/libsemanage/src/fcontexts_policy.c
>> @@ -51,3 +51,11 @@ int semanage_fcontext_list(semanage_handle_t *
>> handle,
>> dbase_config_t *dconfig =
>> semanage_fcontext_dbase_policy(handle);
>> return dbase_list(handle, dconfig, records, count);
>> }
>> +
>> +int semanage_fcontext_list_homedirs(semanage_handle_t * handle,
>> + semanage_fcontext_t *** records, unsigned
>> int *count)
>> +{
>> +
>> + dbase_config_t *dconfig =
>> semanage_fcontext_dbase_homedirs(handle);
>> + return dbase_list(handle, dconfig, records, count);
>> +}
>> diff --git a/libsemanage/src/handle.h b/libsemanage/src/handle.h
>> index 889871d..1780ac8 100644
>> --- a/libsemanage/src/handle.h
>> +++ b/libsemanage/src/handle.h
>> @@ -79,7 +79,7 @@ struct semanage_handle {
>> struct semanage_policy_table *funcs;
>>
>> /* Object databases */
>> -#define DBASE_COUNT 23
>> +#define DBASE_COUNT 24
>>
>> /* Local modifications */
>> #define DBASE_LOCAL_USERS_BASE 0
>> @@ -102,13 +102,14 @@ struct semanage_handle {
>> #define DBASE_POLICY_INTERFACES 15
>> #define DBASE_POLICY_BOOLEANS 16
>> #define DBASE_POLICY_FCONTEXTS 17
>> -#define DBASE_POLICY_SEUSERS 18
>> -#define DBASE_POLICY_NODES 19
>> -#define DBASE_POLICY_IBPKEYS 20
>> -#define DBASE_POLICY_IBENDPORTS 21
>> +#define DBASE_POLICY_FCONTEXTS_H 18
>> +#define DBASE_POLICY_SEUSERS 19
>> +#define DBASE_POLICY_NODES 20
>> +#define DBASE_POLICY_IBPKEYS 21
>> +#define DBASE_POLICY_IBENDPORTS 22
>>
>> /* Active kernel policy */
>> -#define DBASE_ACTIVE_BOOLEANS 22
>> +#define DBASE_ACTIVE_BOOLEANS 23
>> dbase_config_t dbase[DBASE_COUNT];
>> };
>>
>> @@ -236,6 +237,12 @@ static inline
>> }
>>
>> static inline
>> + dbase_config_t *
>> semanage_fcontext_dbase_homedirs(semanage_handle_t * handle)
>> +{
>> + return &handle->dbase[DBASE_POLICY_FCONTEXTS_H];
>> +}
>> +
>> +static inline
>> dbase_config_t * semanage_seuser_dbase_policy(semanage_handle_t
>> * handle)
>> {
>> return &handle->dbase[DBASE_POLICY_SEUSERS];
^ permalink raw reply [flat|nested] 21+ messages in thread
* [PATCH 1/3] libsemanage: Keep copy of file_contexts.homedirs in policy store
2017-10-04 14:54 ` Vit Mojzis
@ 2017-10-04 15:36 ` Vit Mojzis
2017-10-04 15:36 ` [PATCH 2/3] libsemanage: Add support for listing fcontext.homedirs file Vit Mojzis
2017-10-04 15:36 ` [PATCH 3/3] python/semanage: Enable listing file_contexts.homedirs Vit Mojzis
0 siblings, 2 replies; 21+ messages in thread
From: Vit Mojzis @ 2017-10-04 15:36 UTC (permalink / raw)
To: selinux
This will allow listing the correct file_contexts.homedirs
using libsemanage regardless of selected policy store.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
---
libsemanage/src/direct_api.c | 19 ++++++++++++++-----
libsemanage/src/genhomedircon.c | 4 ++--
libsemanage/src/semanage_store.c | 1 +
libsemanage/src/semanage_store.h | 1 +
4 files changed, 18 insertions(+), 7 deletions(-)
diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
index 65842df..971a08f 100644
--- a/libsemanage/src/direct_api.c
+++ b/libsemanage/src/direct_api.c
@@ -1577,11 +1577,20 @@ rebuild:
/* run genhomedircon if its enabled, this should be the last operation
* which requires the out policydb */
if (!sh->conf->disable_genhomedircon) {
- if (out && (retval =
- semanage_genhomedircon(sh, out, sh->conf->usepasswd, sh->conf->ignoredirs)) != 0) {
- ERR(sh, "semanage_genhomedircon returned error code %d.",
- retval);
- goto cleanup;
+ if (out){
+ if ((retval = semanage_genhomedircon(sh, out, sh->conf->usepasswd,
+ sh->conf->ignoredirs)) != 0) {
+ ERR(sh, "semanage_genhomedircon returned error code %d.", retval);
+ goto cleanup;
+ }
+ /* file_contexts.homedirs was created in SEMANAGE_TMP store */
+ retval = semanage_copy_file(
+ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_HOMEDIRS),
+ semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC_HOMEDIRS),
+ sh->conf->file_mode);
+ if (retval < 0) {
+ goto cleanup;
+ }
}
} else {
WARN(sh, "WARNING: genhomedircon is disabled. \
diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c
index b9a74b7..27a269e 100644
--- a/libsemanage/src/genhomedircon.c
+++ b/libsemanage/src/genhomedircon.c
@@ -1345,8 +1345,8 @@ int semanage_genhomedircon(semanage_handle_t * sh,
s.homedir_template_path =
semanage_path(SEMANAGE_TMP, SEMANAGE_HOMEDIR_TMPL);
- s.fcfilepath = semanage_final_path(SEMANAGE_FINAL_TMP,
- SEMANAGE_FC_HOMEDIRS);
+ s.fcfilepath =
+ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_HOMEDIRS);
s.fallback = calloc(1, sizeof(genhomedircon_user_entry_t));
if (s.fallback == NULL) {
diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c
index 6158d08..63c80b0 100644
--- a/libsemanage/src/semanage_store.c
+++ b/libsemanage/src/semanage_store.c
@@ -116,6 +116,7 @@ static const char *semanage_sandbox_paths[SEMANAGE_STORE_NUM_PATHS] = {
"/modules/disabled",
"/policy.kern",
"/file_contexts.local",
+ "/file_contexts.homedirs",
"/file_contexts",
"/seusers"
};
diff --git a/libsemanage/src/semanage_store.h b/libsemanage/src/semanage_store.h
index fcaa505..34bf852 100644
--- a/libsemanage/src/semanage_store.h
+++ b/libsemanage/src/semanage_store.h
@@ -61,6 +61,7 @@ enum semanage_sandbox_defs {
SEMANAGE_MODULES_DISABLED,
SEMANAGE_STORE_KERNEL,
SEMANAGE_STORE_FC_LOCAL,
+ SEMANAGE_STORE_FC_HOMEDIRS,
SEMANAGE_STORE_FC,
SEMANAGE_STORE_SEUSERS,
SEMANAGE_STORE_NUM_PATHS
--
2.9.4
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [PATCH 2/3] libsemanage: Add support for listing fcontext.homedirs file
2017-10-04 15:36 ` [PATCH 1/3] libsemanage: Keep copy of file_contexts.homedirs in policy store Vit Mojzis
@ 2017-10-04 15:36 ` Vit Mojzis
2017-10-04 15:36 ` [PATCH 3/3] python/semanage: Enable listing file_contexts.homedirs Vit Mojzis
1 sibling, 0 replies; 21+ messages in thread
From: Vit Mojzis @ 2017-10-04 15:36 UTC (permalink / raw)
To: selinux
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
---
libsemanage/include/semanage/fcontexts_policy.h | 4 ++++
libsemanage/src/direct_api.c | 7 +++++++
libsemanage/src/fcontexts_policy.c | 8 ++++++++
libsemanage/src/handle.h | 19 +++++++++++++------
4 files changed, 32 insertions(+), 6 deletions(-)
diff --git a/libsemanage/include/semanage/fcontexts_policy.h b/libsemanage/include/semanage/fcontexts_policy.h
index a50db2b..199a1e1 100644
--- a/libsemanage/include/semanage/fcontexts_policy.h
+++ b/libsemanage/include/semanage/fcontexts_policy.h
@@ -26,4 +26,8 @@ extern int semanage_fcontext_list(semanage_handle_t * handle,
semanage_fcontext_t *** records,
unsigned int *count);
+extern int semanage_fcontext_list_homedirs(semanage_handle_t * handle,
+ semanage_fcontext_t *** records,
+ unsigned int *count);
+
#endif
diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
index 971a08f..00ad820 100644
--- a/libsemanage/src/direct_api.c
+++ b/libsemanage/src/direct_api.c
@@ -210,6 +210,12 @@ int semanage_direct_connect(semanage_handle_t * sh)
semanage_fcontext_dbase_local(sh)) < 0)
goto err;
+ if (fcontext_file_dbase_init(sh,
+ semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_FC_HOMEDIRS),
+ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_HOMEDIRS),
+ semanage_fcontext_dbase_homedirs(sh)) < 0)
+ goto err;
+
if (seuser_file_dbase_init(sh,
semanage_path(SEMANAGE_ACTIVE,
SEMANAGE_SEUSERS_LOCAL),
@@ -349,6 +355,7 @@ static int semanage_direct_disconnect(semanage_handle_t * sh)
iface_file_dbase_release(semanage_iface_dbase_local(sh));
bool_file_dbase_release(semanage_bool_dbase_local(sh));
fcontext_file_dbase_release(semanage_fcontext_dbase_local(sh));
+ fcontext_file_dbase_release(semanage_fcontext_dbase_homedirs(sh));
seuser_file_dbase_release(semanage_seuser_dbase_local(sh));
node_file_dbase_release(semanage_node_dbase_local(sh));
diff --git a/libsemanage/src/fcontexts_policy.c b/libsemanage/src/fcontexts_policy.c
index 0b063b1..98490ab 100644
--- a/libsemanage/src/fcontexts_policy.c
+++ b/libsemanage/src/fcontexts_policy.c
@@ -51,3 +51,11 @@ int semanage_fcontext_list(semanage_handle_t * handle,
dbase_config_t *dconfig = semanage_fcontext_dbase_policy(handle);
return dbase_list(handle, dconfig, records, count);
}
+
+int semanage_fcontext_list_homedirs(semanage_handle_t * handle,
+ semanage_fcontext_t *** records, unsigned int *count)
+{
+
+ dbase_config_t *dconfig = semanage_fcontext_dbase_homedirs(handle);
+ return dbase_list(handle, dconfig, records, count);
+}
diff --git a/libsemanage/src/handle.h b/libsemanage/src/handle.h
index 889871d..1780ac8 100644
--- a/libsemanage/src/handle.h
+++ b/libsemanage/src/handle.h
@@ -79,7 +79,7 @@ struct semanage_handle {
struct semanage_policy_table *funcs;
/* Object databases */
-#define DBASE_COUNT 23
+#define DBASE_COUNT 24
/* Local modifications */
#define DBASE_LOCAL_USERS_BASE 0
@@ -102,13 +102,14 @@ struct semanage_handle {
#define DBASE_POLICY_INTERFACES 15
#define DBASE_POLICY_BOOLEANS 16
#define DBASE_POLICY_FCONTEXTS 17
-#define DBASE_POLICY_SEUSERS 18
-#define DBASE_POLICY_NODES 19
-#define DBASE_POLICY_IBPKEYS 20
-#define DBASE_POLICY_IBENDPORTS 21
+#define DBASE_POLICY_FCONTEXTS_H 18
+#define DBASE_POLICY_SEUSERS 19
+#define DBASE_POLICY_NODES 20
+#define DBASE_POLICY_IBPKEYS 21
+#define DBASE_POLICY_IBENDPORTS 22
/* Active kernel policy */
-#define DBASE_ACTIVE_BOOLEANS 22
+#define DBASE_ACTIVE_BOOLEANS 23
dbase_config_t dbase[DBASE_COUNT];
};
@@ -236,6 +237,12 @@ static inline
}
static inline
+ dbase_config_t * semanage_fcontext_dbase_homedirs(semanage_handle_t * handle)
+{
+ return &handle->dbase[DBASE_POLICY_FCONTEXTS_H];
+}
+
+static inline
dbase_config_t * semanage_seuser_dbase_policy(semanage_handle_t * handle)
{
return &handle->dbase[DBASE_POLICY_SEUSERS];
--
2.9.4
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [PATCH 3/3] python/semanage: Enable listing file_contexts.homedirs
2017-10-04 15:36 ` [PATCH 1/3] libsemanage: Keep copy of file_contexts.homedirs in policy store Vit Mojzis
2017-10-04 15:36 ` [PATCH 2/3] libsemanage: Add support for listing fcontext.homedirs file Vit Mojzis
@ 2017-10-04 15:36 ` Vit Mojzis
2017-10-04 20:24 ` Stephen Smalley
2017-10-06 15:32 ` Stephen Smalley
1 sibling, 2 replies; 21+ messages in thread
From: Vit Mojzis @ 2017-10-04 15:36 UTC (permalink / raw)
To: selinux
Include entries from file_contexts.homedirs when listing file contexts
via "semanage fcontext -l"
"semanage fcontext -l" so far ignored content of file_contexts.homedirs
file, which is confusing for users (more specific rules may be ignored in
favor of rules unseen to the user since file_contexts.homedirs has
higher priority than file_contexts).
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
---
python/semanage/seobject.py | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
index 70fd192..1385315 100644
--- a/python/semanage/seobject.py
+++ b/python/semanage/seobject.py
@@ -2566,10 +2566,15 @@ class fcontextRecords(semanageRecords):
if rc < 0:
raise ValueError(_("Could not list file contexts"))
+ (rc, fchomedirs) = semanage_fcontext_list_homedirs(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not list file contexts for home directories"))
+
(rc, fclocal) = semanage_fcontext_list_local(self.sh)
if rc < 0:
raise ValueError(_("Could not list local file contexts"))
+ self.flist += fchomedirs
self.flist += fclocal
ddict = {}
--
2.9.4
^ permalink raw reply related [flat|nested] 21+ messages in thread
* Re: [PATCH 3/3] python/semanage: Enable listing file_contexts.homedirs
2017-10-04 15:36 ` [PATCH 3/3] python/semanage: Enable listing file_contexts.homedirs Vit Mojzis
@ 2017-10-04 20:24 ` Stephen Smalley
2017-10-06 15:32 ` Stephen Smalley
1 sibling, 0 replies; 21+ messages in thread
From: Stephen Smalley @ 2017-10-04 20:24 UTC (permalink / raw)
To: Vit Mojzis, selinux
On Wed, 2017-10-04 at 17:36 +0200, Vit Mojzis wrote:
> Include entries from file_contexts.homedirs when listing file
> contexts
> via "semanage fcontext -l"
>
> "semanage fcontext -l" so far ignored content of
> file_contexts.homedirs
> file, which is confusing for users (more specific rules may be
> ignored in
> favor of rules unseen to the user since file_contexts.homedirs has
> higher priority than file_contexts).
>
> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813
>
> Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
For all three patches:
Reviewed-by: Stephen Smalley <sds@tycho.nsa.gov>
Queued for merging in a couple of days.
> ---
> python/semanage/seobject.py | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/python/semanage/seobject.py
> b/python/semanage/seobject.py
> index 70fd192..1385315 100644
> --- a/python/semanage/seobject.py
> +++ b/python/semanage/seobject.py
> @@ -2566,10 +2566,15 @@ class fcontextRecords(semanageRecords):
> if rc < 0:
> raise ValueError(_("Could not list file contexts"))
>
> + (rc, fchomedirs) =
> semanage_fcontext_list_homedirs(self.sh)
> + if rc < 0:
> + raise ValueError(_("Could not list file contexts for
> home directories"))
> +
> (rc, fclocal) = semanage_fcontext_list_local(self.sh)
> if rc < 0:
> raise ValueError(_("Could not list local file
> contexts"))
>
> + self.flist += fchomedirs
> self.flist += fclocal
>
> ddict = {}
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [PATCH 3/3] python/semanage: Enable listing file_contexts.homedirs
2017-10-04 15:36 ` [PATCH 3/3] python/semanage: Enable listing file_contexts.homedirs Vit Mojzis
2017-10-04 20:24 ` Stephen Smalley
@ 2017-10-06 15:32 ` Stephen Smalley
1 sibling, 0 replies; 21+ messages in thread
From: Stephen Smalley @ 2017-10-06 15:32 UTC (permalink / raw)
To: Vit Mojzis, selinux
On Wed, 2017-10-04 at 17:36 +0200, Vit Mojzis wrote:
> Include entries from file_contexts.homedirs when listing file
> contexts
> via "semanage fcontext -l"
>
> "semanage fcontext -l" so far ignored content of
> file_contexts.homedirs
> file, which is confusing for users (more specific rules may be
> ignored in
> favor of rules unseen to the user since file_contexts.homedirs has
> higher priority than file_contexts).
>
> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813
>
> Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
Thanks, merged all three patches.
> ---
> python/semanage/seobject.py | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/python/semanage/seobject.py
> b/python/semanage/seobject.py
> index 70fd192..1385315 100644
> --- a/python/semanage/seobject.py
> +++ b/python/semanage/seobject.py
> @@ -2566,10 +2566,15 @@ class fcontextRecords(semanageRecords):
> if rc < 0:
> raise ValueError(_("Could not list file contexts"))
>
> + (rc, fchomedirs) =
> semanage_fcontext_list_homedirs(self.sh)
> + if rc < 0:
> + raise ValueError(_("Could not list file contexts for
> home directories"))
> +
> (rc, fclocal) = semanage_fcontext_list_local(self.sh)
> if rc < 0:
> raise ValueError(_("Could not list local file
> contexts"))
>
> + self.flist += fchomedirs
> self.flist += fclocal
>
> ddict = {}
^ permalink raw reply [flat|nested] 21+ messages in thread
end of thread, other threads:[~2017-10-06 15:32 UTC | newest]
Thread overview: 21+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-09-27 8:16 Enable listing fcontexts.homedirs Vit Mojzis
2017-09-27 8:16 ` [PATCH 1/2] libsemanage: Add support for listing fcontext.homedirs file Vit Mojzis
2017-09-27 17:04 ` William Roberts
2017-10-01 15:43 ` Vit Mojzis
2017-10-01 18:15 ` William Roberts
2017-09-27 17:42 ` Stephen Smalley
2017-09-27 18:17 ` Stephen Smalley
2017-10-01 18:01 ` [PATCH 1/3] libsemanage: Keep copy of file_contexts.homedirs in policy store Vit Mojzis
2017-10-01 18:01 ` [PATCH 2/3] libsemanage: Add support for listing fcontext.homedirs file Vit Mojzis
2017-10-02 19:07 ` Stephen Smalley
2017-10-03 9:57 ` [PATCH] " Vit Mojzis
2017-10-04 14:07 ` Stephen Smalley
2017-10-04 14:54 ` Vit Mojzis
2017-10-04 15:36 ` [PATCH 1/3] libsemanage: Keep copy of file_contexts.homedirs in policy store Vit Mojzis
2017-10-04 15:36 ` [PATCH 2/3] libsemanage: Add support for listing fcontext.homedirs file Vit Mojzis
2017-10-04 15:36 ` [PATCH 3/3] python/semanage: Enable listing file_contexts.homedirs Vit Mojzis
2017-10-04 20:24 ` Stephen Smalley
2017-10-06 15:32 ` Stephen Smalley
2017-10-01 18:01 ` Vit Mojzis
2017-09-27 8:16 ` [PATCH 2/2] python/semanage: Enable listing fcontexts.homedirs Vit Mojzis
2017-09-27 17:42 ` Stephen Smalley
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.