* Enable listing fcontexts.homedirs @ 2017-09-27 8:16 Vit Mojzis 2017-09-27 8:16 ` [PATCH 1/2] libsemanage: Add support for listing fcontext.homedirs file Vit Mojzis 2017-09-27 8:16 ` [PATCH 2/2] python/semanage: Enable listing fcontexts.homedirs Vit Mojzis 0 siblings, 2 replies; 21+ messages in thread From: Vit Mojzis @ 2017-09-27 8:16 UTC (permalink / raw) To: selinux "semanage fcontext -l" so far ignored content of file_contexts.homedirs file which is confusing to users (more specific rules may be ignored in favor of rules unseen to the user since file_contexts.homedirs has higher priority than file_contexts). These patches introduce the content of file_contexts.homedirs into the listing. I am still unsure if it would not be better to list each file separately (ideally in the order in which they are evaluated by "restorecon"). libsemanage/include/semanage/fcontexts_policy.h | 4 ++++ libsemanage/src/direct_api.c | 6 ++++++ libsemanage/src/fcontexts_policy.c | 8 ++++++++ libsemanage/src/handle.h | 19 +++++++++++++------ python/semanage/seobject.py | 5 +++++ 5 files changed, 36 insertions(+), 6 deletions(-) ^ permalink raw reply [flat|nested] 21+ messages in thread
* [PATCH 1/2] libsemanage: Add support for listing fcontext.homedirs file 2017-09-27 8:16 Enable listing fcontexts.homedirs Vit Mojzis @ 2017-09-27 8:16 ` Vit Mojzis 2017-09-27 17:04 ` William Roberts 2017-09-27 17:42 ` Stephen Smalley 2017-09-27 8:16 ` [PATCH 2/2] python/semanage: Enable listing fcontexts.homedirs Vit Mojzis 1 sibling, 2 replies; 21+ messages in thread From: Vit Mojzis @ 2017-09-27 8:16 UTC (permalink / raw) To: selinux Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813 --- libsemanage/include/semanage/fcontexts_policy.h | 4 ++++ libsemanage/src/direct_api.c | 6 ++++++ libsemanage/src/fcontexts_policy.c | 8 ++++++++ libsemanage/src/handle.h | 19 +++++++++++++------ 4 files changed, 31 insertions(+), 6 deletions(-) diff --git a/libsemanage/include/semanage/fcontexts_policy.h b/libsemanage/include/semanage/fcontexts_policy.h index a50db2b..199a1e1 100644 --- a/libsemanage/include/semanage/fcontexts_policy.h +++ b/libsemanage/include/semanage/fcontexts_policy.h @@ -26,4 +26,8 @@ extern int semanage_fcontext_list(semanage_handle_t * handle, semanage_fcontext_t *** records, unsigned int *count); +extern int semanage_fcontext_list_homedirs(semanage_handle_t * handle, + semanage_fcontext_t *** records, + unsigned int *count); + #endif diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c index 65842df..886a228 100644 --- a/libsemanage/src/direct_api.c +++ b/libsemanage/src/direct_api.c @@ -210,6 +210,12 @@ int semanage_direct_connect(semanage_handle_t * sh) semanage_fcontext_dbase_local(sh)) < 0) goto err; + if (fcontext_file_dbase_init(sh, + selinux_file_context_homedir_path(), + selinux_file_context_homedir_path(), + semanage_fcontext_dbase_homedirs(sh)) < 0) + goto err; + if (seuser_file_dbase_init(sh, semanage_path(SEMANAGE_ACTIVE, SEMANAGE_SEUSERS_LOCAL), diff --git a/libsemanage/src/fcontexts_policy.c b/libsemanage/src/fcontexts_policy.c index 0b063b1..98490ab 100644 --- a/libsemanage/src/fcontexts_policy.c +++ b/libsemanage/src/fcontexts_policy.c @@ -51,3 +51,11 @@ int semanage_fcontext_list(semanage_handle_t * handle, dbase_config_t *dconfig = semanage_fcontext_dbase_policy(handle); return dbase_list(handle, dconfig, records, count); } + +int semanage_fcontext_list_homedirs(semanage_handle_t * handle, + semanage_fcontext_t *** records, unsigned int *count) +{ + + dbase_config_t *dconfig = semanage_fcontext_dbase_homedirs(handle); + return dbase_list(handle, dconfig, records, count); +} diff --git a/libsemanage/src/handle.h b/libsemanage/src/handle.h index 889871d..1780ac8 100644 --- a/libsemanage/src/handle.h +++ b/libsemanage/src/handle.h @@ -79,7 +79,7 @@ struct semanage_handle { struct semanage_policy_table *funcs; /* Object databases */ -#define DBASE_COUNT 23 +#define DBASE_COUNT 24 /* Local modifications */ #define DBASE_LOCAL_USERS_BASE 0 @@ -102,13 +102,14 @@ struct semanage_handle { #define DBASE_POLICY_INTERFACES 15 #define DBASE_POLICY_BOOLEANS 16 #define DBASE_POLICY_FCONTEXTS 17 -#define DBASE_POLICY_SEUSERS 18 -#define DBASE_POLICY_NODES 19 -#define DBASE_POLICY_IBPKEYS 20 -#define DBASE_POLICY_IBENDPORTS 21 +#define DBASE_POLICY_FCONTEXTS_H 18 +#define DBASE_POLICY_SEUSERS 19 +#define DBASE_POLICY_NODES 20 +#define DBASE_POLICY_IBPKEYS 21 +#define DBASE_POLICY_IBENDPORTS 22 /* Active kernel policy */ -#define DBASE_ACTIVE_BOOLEANS 22 +#define DBASE_ACTIVE_BOOLEANS 23 dbase_config_t dbase[DBASE_COUNT]; }; @@ -236,6 +237,12 @@ static inline } static inline + dbase_config_t * semanage_fcontext_dbase_homedirs(semanage_handle_t * handle) +{ + return &handle->dbase[DBASE_POLICY_FCONTEXTS_H]; +} + +static inline dbase_config_t * semanage_seuser_dbase_policy(semanage_handle_t * handle) { return &handle->dbase[DBASE_POLICY_SEUSERS]; -- 2.9.4 ^ permalink raw reply related [flat|nested] 21+ messages in thread
* Re: [PATCH 1/2] libsemanage: Add support for listing fcontext.homedirs file 2017-09-27 8:16 ` [PATCH 1/2] libsemanage: Add support for listing fcontext.homedirs file Vit Mojzis @ 2017-09-27 17:04 ` William Roberts 2017-10-01 15:43 ` Vit Mojzis 2017-09-27 17:42 ` Stephen Smalley 1 sibling, 1 reply; 21+ messages in thread From: William Roberts @ 2017-09-27 17:04 UTC (permalink / raw) To: Vit Mojzis; +Cc: selinux 2017-09-27 1:16 GMT-07:00 Vit Mojzis <vmojzis@redhat.com>: > Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813 > --- > libsemanage/include/semanage/fcontexts_policy.h | 4 ++++ > libsemanage/src/direct_api.c | 6 ++++++ > libsemanage/src/fcontexts_policy.c | 8 ++++++++ > libsemanage/src/handle.h | 19 +++++++++++++------ > 4 files changed, 31 insertions(+), 6 deletions(-) > > diff --git a/libsemanage/include/semanage/fcontexts_policy.h b/libsemanage/include/semanage/fcontexts_policy.h > index a50db2b..199a1e1 100644 > --- a/libsemanage/include/semanage/fcontexts_policy.h > +++ b/libsemanage/include/semanage/fcontexts_policy.h > @@ -26,4 +26,8 @@ extern int semanage_fcontext_list(semanage_handle_t * handle, > semanage_fcontext_t *** records, > unsigned int *count); > > +extern int semanage_fcontext_list_homedirs(semanage_handle_t * handle, > + semanage_fcontext_t *** records, > + unsigned int *count); > + > #endif > diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c > index 65842df..886a228 100644 > --- a/libsemanage/src/direct_api.c > +++ b/libsemanage/src/direct_api.c > @@ -210,6 +210,12 @@ int semanage_direct_connect(semanage_handle_t * sh) > semanage_fcontext_dbase_local(sh)) < 0) > goto err; > > + if (fcontext_file_dbase_init(sh, > + selinux_file_context_homedir_path(), > + selinux_file_context_homedir_path(), > + semanage_fcontext_dbase_homedirs(sh)) < 0) > + goto err; > + > if (seuser_file_dbase_init(sh, > semanage_path(SEMANAGE_ACTIVE, > SEMANAGE_SEUSERS_LOCAL), > diff --git a/libsemanage/src/fcontexts_policy.c b/libsemanage/src/fcontexts_policy.c > index 0b063b1..98490ab 100644 > --- a/libsemanage/src/fcontexts_policy.c > +++ b/libsemanage/src/fcontexts_policy.c > @@ -51,3 +51,11 @@ int semanage_fcontext_list(semanage_handle_t * handle, > dbase_config_t *dconfig = semanage_fcontext_dbase_policy(handle); > return dbase_list(handle, dconfig, records, count); > } > + > +int semanage_fcontext_list_homedirs(semanage_handle_t * handle, > + semanage_fcontext_t *** records, unsigned int *count) > +{ > + > + dbase_config_t *dconfig = semanage_fcontext_dbase_homedirs(handle); > + return dbase_list(handle, dconfig, records, count); > +} > diff --git a/libsemanage/src/handle.h b/libsemanage/src/handle.h > index 889871d..1780ac8 100644 > --- a/libsemanage/src/handle.h > +++ b/libsemanage/src/handle.h > @@ -79,7 +79,7 @@ struct semanage_handle { > struct semanage_policy_table *funcs; > > /* Object databases */ > -#define DBASE_COUNT 23 > +#define DBASE_COUNT 24 > > /* Local modifications */ > #define DBASE_LOCAL_USERS_BASE 0 > @@ -102,13 +102,14 @@ struct semanage_handle { > #define DBASE_POLICY_INTERFACES 15 > #define DBASE_POLICY_BOOLEANS 16 > #define DBASE_POLICY_FCONTEXTS 17 > -#define DBASE_POLICY_SEUSERS 18 > -#define DBASE_POLICY_NODES 19 > -#define DBASE_POLICY_IBPKEYS 20 > -#define DBASE_POLICY_IBENDPORTS 21 > +#define DBASE_POLICY_FCONTEXTS_H 18 > +#define DBASE_POLICY_SEUSERS 19 > +#define DBASE_POLICY_NODES 20 > +#define DBASE_POLICY_IBPKEYS 21 > +#define DBASE_POLICY_IBENDPORTS 22 > > /* Active kernel policy */ > -#define DBASE_ACTIVE_BOOLEANS 22 > +#define DBASE_ACTIVE_BOOLEANS 23 Any particular reason to reassign all these defines instead of just setting DBASE_POLICY_FCONTEXTS_H to 22 and setting DBASE_ACTIVE_BOOLEANS to 23 other than just to have DBASE_POLICY_FCONTEXTS_H follow DBASE_POLICY_FCONTEXTS? I'm also assuming, after looking at the code, that the database itself is built every time so versioning mismatches are not a worry. > dbase_config_t dbase[DBASE_COUNT]; > }; > > @@ -236,6 +237,12 @@ static inline > } > > static inline > + dbase_config_t * semanage_fcontext_dbase_homedirs(semanage_handle_t * handle) > +{ > + return &handle->dbase[DBASE_POLICY_FCONTEXTS_H]; > +} > + > +static inline > dbase_config_t * semanage_seuser_dbase_policy(semanage_handle_t * handle) > { > return &handle->dbase[DBASE_POLICY_SEUSERS]; > -- > 2.9.4 > > -- Respectfully, William C Roberts ^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [PATCH 1/2] libsemanage: Add support for listing fcontext.homedirs file 2017-09-27 17:04 ` William Roberts @ 2017-10-01 15:43 ` Vit Mojzis 2017-10-01 18:15 ` William Roberts 0 siblings, 1 reply; 21+ messages in thread From: Vit Mojzis @ 2017-10-01 15:43 UTC (permalink / raw) To: William Roberts; +Cc: selinux On 27.9.2017 19:04, William Roberts wrote: > 2017-09-27 1:16 GMT-07:00 Vit Mojzis <vmojzis@redhat.com>: >> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813 >> --- >> libsemanage/include/semanage/fcontexts_policy.h | 4 ++++ >> libsemanage/src/direct_api.c | 6 ++++++ >> libsemanage/src/fcontexts_policy.c | 8 ++++++++ >> libsemanage/src/handle.h | 19 +++++++++++++------ >> 4 files changed, 31 insertions(+), 6 deletions(-) >> >> diff --git a/libsemanage/include/semanage/fcontexts_policy.h b/libsemanage/include/semanage/fcontexts_policy.h >> index a50db2b..199a1e1 100644 >> --- a/libsemanage/include/semanage/fcontexts_policy.h >> +++ b/libsemanage/include/semanage/fcontexts_policy.h >> @@ -26,4 +26,8 @@ extern int semanage_fcontext_list(semanage_handle_t * handle, >> semanage_fcontext_t *** records, >> unsigned int *count); >> >> +extern int semanage_fcontext_list_homedirs(semanage_handle_t * handle, >> + semanage_fcontext_t *** records, >> + unsigned int *count); >> + >> #endif >> diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c >> index 65842df..886a228 100644 >> --- a/libsemanage/src/direct_api.c >> +++ b/libsemanage/src/direct_api.c >> @@ -210,6 +210,12 @@ int semanage_direct_connect(semanage_handle_t * sh) >> semanage_fcontext_dbase_local(sh)) < 0) >> goto err; >> >> + if (fcontext_file_dbase_init(sh, >> + selinux_file_context_homedir_path(), >> + selinux_file_context_homedir_path(), >> + semanage_fcontext_dbase_homedirs(sh)) < 0) >> + goto err; >> + >> if (seuser_file_dbase_init(sh, >> semanage_path(SEMANAGE_ACTIVE, >> SEMANAGE_SEUSERS_LOCAL), >> diff --git a/libsemanage/src/fcontexts_policy.c b/libsemanage/src/fcontexts_policy.c >> index 0b063b1..98490ab 100644 >> --- a/libsemanage/src/fcontexts_policy.c >> +++ b/libsemanage/src/fcontexts_policy.c >> @@ -51,3 +51,11 @@ int semanage_fcontext_list(semanage_handle_t * handle, >> dbase_config_t *dconfig = semanage_fcontext_dbase_policy(handle); >> return dbase_list(handle, dconfig, records, count); >> } >> + >> +int semanage_fcontext_list_homedirs(semanage_handle_t * handle, >> + semanage_fcontext_t *** records, unsigned int *count) >> +{ >> + >> + dbase_config_t *dconfig = semanage_fcontext_dbase_homedirs(handle); >> + return dbase_list(handle, dconfig, records, count); >> +} >> diff --git a/libsemanage/src/handle.h b/libsemanage/src/handle.h >> index 889871d..1780ac8 100644 >> --- a/libsemanage/src/handle.h >> +++ b/libsemanage/src/handle.h >> @@ -79,7 +79,7 @@ struct semanage_handle { >> struct semanage_policy_table *funcs; >> >> /* Object databases */ >> -#define DBASE_COUNT 23 >> +#define DBASE_COUNT 24 >> >> /* Local modifications */ >> #define DBASE_LOCAL_USERS_BASE 0 >> @@ -102,13 +102,14 @@ struct semanage_handle { >> #define DBASE_POLICY_INTERFACES 15 >> #define DBASE_POLICY_BOOLEANS 16 >> #define DBASE_POLICY_FCONTEXTS 17 >> -#define DBASE_POLICY_SEUSERS 18 >> -#define DBASE_POLICY_NODES 19 >> -#define DBASE_POLICY_IBPKEYS 20 >> -#define DBASE_POLICY_IBENDPORTS 21 >> +#define DBASE_POLICY_FCONTEXTS_H 18 >> +#define DBASE_POLICY_SEUSERS 19 >> +#define DBASE_POLICY_NODES 20 >> +#define DBASE_POLICY_IBPKEYS 21 >> +#define DBASE_POLICY_IBENDPORTS 22 >> >> /* Active kernel policy */ >> -#define DBASE_ACTIVE_BOOLEANS 22 >> +#define DBASE_ACTIVE_BOOLEANS 23 > Any particular reason to reassign all these defines instead > of just setting DBASE_POLICY_FCONTEXTS_H to 22 and > setting DBASE_ACTIVE_BOOLEANS to 23 other than just > to have DBASE_POLICY_FCONTEXTS_H follow > DBASE_POLICY_FCONTEXTS? Nope, just to keep organized . Should I set it to 22 instead? > > I'm also assuming, after looking at the code, that the database > itself is built every time so versioning mismatches are not a worry. > >> dbase_config_t dbase[DBASE_COUNT]; >> }; >> >> @@ -236,6 +237,12 @@ static inline >> } >> >> static inline >> + dbase_config_t * semanage_fcontext_dbase_homedirs(semanage_handle_t * handle) >> +{ >> + return &handle->dbase[DBASE_POLICY_FCONTEXTS_H]; >> +} >> + >> +static inline >> dbase_config_t * semanage_seuser_dbase_policy(semanage_handle_t * handle) >> { >> return &handle->dbase[DBASE_POLICY_SEUSERS]; >> -- >> 2.9.4 >> >> > > ^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [PATCH 1/2] libsemanage: Add support for listing fcontext.homedirs file 2017-10-01 15:43 ` Vit Mojzis @ 2017-10-01 18:15 ` William Roberts 0 siblings, 0 replies; 21+ messages in thread From: William Roberts @ 2017-10-01 18:15 UTC (permalink / raw) To: Vit Mojzis; +Cc: selinux On Sun, Oct 1, 2017 at 8:43 AM, Vit Mojzis <vmojzis@redhat.com> wrote: > > > On 27.9.2017 19:04, William Roberts wrote: >> >> 2017-09-27 1:16 GMT-07:00 Vit Mojzis <vmojzis@redhat.com>: >>> >>> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813 >>> --- >>> libsemanage/include/semanage/fcontexts_policy.h | 4 ++++ >>> libsemanage/src/direct_api.c | 6 ++++++ >>> libsemanage/src/fcontexts_policy.c | 8 ++++++++ >>> libsemanage/src/handle.h | 19 >>> +++++++++++++------ >>> 4 files changed, 31 insertions(+), 6 deletions(-) >>> >>> diff --git a/libsemanage/include/semanage/fcontexts_policy.h >>> b/libsemanage/include/semanage/fcontexts_policy.h >>> index a50db2b..199a1e1 100644 >>> --- a/libsemanage/include/semanage/fcontexts_policy.h >>> +++ b/libsemanage/include/semanage/fcontexts_policy.h >>> @@ -26,4 +26,8 @@ extern int semanage_fcontext_list(semanage_handle_t * >>> handle, >>> semanage_fcontext_t *** records, >>> unsigned int *count); >>> >>> +extern int semanage_fcontext_list_homedirs(semanage_handle_t * handle, >>> + semanage_fcontext_t *** records, >>> + unsigned int *count); >>> + >>> #endif >>> diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c >>> index 65842df..886a228 100644 >>> --- a/libsemanage/src/direct_api.c >>> +++ b/libsemanage/src/direct_api.c >>> @@ -210,6 +210,12 @@ int semanage_direct_connect(semanage_handle_t * sh) >>> semanage_fcontext_dbase_local(sh)) >>> < 0) >>> goto err; >>> >>> + if (fcontext_file_dbase_init(sh, >>> + selinux_file_context_homedir_path(), >>> + selinux_file_context_homedir_path(), >>> + >>> semanage_fcontext_dbase_homedirs(sh)) < 0) >>> + goto err; >>> + >>> if (seuser_file_dbase_init(sh, >>> semanage_path(SEMANAGE_ACTIVE, >>> >>> SEMANAGE_SEUSERS_LOCAL), >>> diff --git a/libsemanage/src/fcontexts_policy.c >>> b/libsemanage/src/fcontexts_policy.c >>> index 0b063b1..98490ab 100644 >>> --- a/libsemanage/src/fcontexts_policy.c >>> +++ b/libsemanage/src/fcontexts_policy.c >>> @@ -51,3 +51,11 @@ int semanage_fcontext_list(semanage_handle_t * handle, >>> dbase_config_t *dconfig = >>> semanage_fcontext_dbase_policy(handle); >>> return dbase_list(handle, dconfig, records, count); >>> } >>> + >>> +int semanage_fcontext_list_homedirs(semanage_handle_t * handle, >>> + semanage_fcontext_t *** records, unsigned int >>> *count) >>> +{ >>> + >>> + dbase_config_t *dconfig = >>> semanage_fcontext_dbase_homedirs(handle); >>> + return dbase_list(handle, dconfig, records, count); >>> +} >>> diff --git a/libsemanage/src/handle.h b/libsemanage/src/handle.h >>> index 889871d..1780ac8 100644 >>> --- a/libsemanage/src/handle.h >>> +++ b/libsemanage/src/handle.h >>> @@ -79,7 +79,7 @@ struct semanage_handle { >>> struct semanage_policy_table *funcs; >>> >>> /* Object databases */ >>> -#define DBASE_COUNT 23 >>> +#define DBASE_COUNT 24 >>> >>> /* Local modifications */ >>> #define DBASE_LOCAL_USERS_BASE 0 >>> @@ -102,13 +102,14 @@ struct semanage_handle { >>> #define DBASE_POLICY_INTERFACES 15 >>> #define DBASE_POLICY_BOOLEANS 16 >>> #define DBASE_POLICY_FCONTEXTS 17 >>> -#define DBASE_POLICY_SEUSERS 18 >>> -#define DBASE_POLICY_NODES 19 >>> -#define DBASE_POLICY_IBPKEYS 20 >>> -#define DBASE_POLICY_IBENDPORTS 21 >>> +#define DBASE_POLICY_FCONTEXTS_H 18 >>> +#define DBASE_POLICY_SEUSERS 19 >>> +#define DBASE_POLICY_NODES 20 >>> +#define DBASE_POLICY_IBPKEYS 21 >>> +#define DBASE_POLICY_IBENDPORTS 22 >>> >>> /* Active kernel policy */ >>> -#define DBASE_ACTIVE_BOOLEANS 22 >>> +#define DBASE_ACTIVE_BOOLEANS 23 >> >> Any particular reason to reassign all these defines instead >> of just setting DBASE_POLICY_FCONTEXTS_H to 22 and >> setting DBASE_ACTIVE_BOOLEANS to 23 other than just >> to have DBASE_POLICY_FCONTEXTS_H follow >> DBASE_POLICY_FCONTEXTS? > > Nope, just to keep organized . > Should I set it to 22 instead? > I don't have a major gripe with that other than it makes the patch larger than needed. >> >> I'm also assuming, after looking at the code, that the database >> itself is built every time so versioning mismatches are not a worry. >> >>> dbase_config_t dbase[DBASE_COUNT]; >>> }; >>> >>> @@ -236,6 +237,12 @@ static inline >>> } >>> >>> static inline >>> + dbase_config_t * semanage_fcontext_dbase_homedirs(semanage_handle_t >>> * handle) >>> +{ >>> + return &handle->dbase[DBASE_POLICY_FCONTEXTS_H]; >>> +} >>> + >>> +static inline >>> dbase_config_t * semanage_seuser_dbase_policy(semanage_handle_t * >>> handle) >>> { >>> return &handle->dbase[DBASE_POLICY_SEUSERS]; >>> -- >>> 2.9.4 >>> >>> >> >> > ^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [PATCH 1/2] libsemanage: Add support for listing fcontext.homedirs file 2017-09-27 8:16 ` [PATCH 1/2] libsemanage: Add support for listing fcontext.homedirs file Vit Mojzis 2017-09-27 17:04 ` William Roberts @ 2017-09-27 17:42 ` Stephen Smalley 2017-09-27 18:17 ` Stephen Smalley 1 sibling, 1 reply; 21+ messages in thread From: Stephen Smalley @ 2017-09-27 17:42 UTC (permalink / raw) To: Vit Mojzis, selinux On Wed, 2017-09-27 at 10:16 +0200, Vit Mojzis wrote: > Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813 > --- > libsemanage/include/semanage/fcontexts_policy.h | 4 ++++ > libsemanage/src/direct_api.c | 6 ++++++ > libsemanage/src/fcontexts_policy.c | 8 ++++++++ > libsemanage/src/handle.h | 19 +++++++++++++ > ------ > 4 files changed, 31 insertions(+), 6 deletions(-) > > diff --git a/libsemanage/include/semanage/fcontexts_policy.h > b/libsemanage/include/semanage/fcontexts_policy.h > index a50db2b..199a1e1 100644 > --- a/libsemanage/include/semanage/fcontexts_policy.h > +++ b/libsemanage/include/semanage/fcontexts_policy.h > @@ -26,4 +26,8 @@ extern int semanage_fcontext_list(semanage_handle_t > * handle, > semanage_fcontext_t *** records, > unsigned int *count); > > +extern int semanage_fcontext_list_homedirs(semanage_handle_t * > handle, > + semanage_fcontext_t *** records, > + unsigned int *count); > + > #endif > diff --git a/libsemanage/src/direct_api.c > b/libsemanage/src/direct_api.c > index 65842df..886a228 100644 > --- a/libsemanage/src/direct_api.c > +++ b/libsemanage/src/direct_api.c > @@ -210,6 +210,12 @@ int semanage_direct_connect(semanage_handle_t * > sh) > semanage_fcontext_dbase_local(s > h)) < 0) > goto err; > > + if (fcontext_file_dbase_init(sh, > + selinux_file_context_homedir_pa > th(), > + selinux_file_context_homedir_pa > th(), This will return the wrong results if one specifies a policy store other than the active one to semodule (via -s) or semanage (via -S), e.g. semanage fcontext -S mls -l. You shouldn't be using the path of the active, installed file_contexts.homedirs file but rather one from the per-policy-store sandbox. The libsemanage functions always act on the sandbox. Also, you shouldn't be passing the same path as the ro and rw paths here, as you don't want a dbase flush to suddenly overwrite the installed file_contexts.homedirs file. I guess the problem you currently have is we aren't keeping around a copy of the generated file_contexts.homedirs in the sandbox; it is only created in the final tmp location and that entire directory tree is deleted once we complete the transaction. You'd need to regenerate it on demand or keep it around if you want to do this. > + semanage_fcontext_dbase_homedir > s(sh)) < 0) > + goto err; > + > if (seuser_file_dbase_init(sh, > semanage_path(SEMANAGE_ACTIVE, > SEMANAGE_SEUSERS_LO > CAL), > diff --git a/libsemanage/src/fcontexts_policy.c > b/libsemanage/src/fcontexts_policy.c > index 0b063b1..98490ab 100644 > --- a/libsemanage/src/fcontexts_policy.c > +++ b/libsemanage/src/fcontexts_policy.c > @@ -51,3 +51,11 @@ int semanage_fcontext_list(semanage_handle_t * > handle, > dbase_config_t *dconfig = > semanage_fcontext_dbase_policy(handle); > return dbase_list(handle, dconfig, records, count); > } > + > +int semanage_fcontext_list_homedirs(semanage_handle_t * handle, > + semanage_fcontext_t *** records, unsigned > int *count) > +{ > + > + dbase_config_t *dconfig = > semanage_fcontext_dbase_homedirs(handle); > + return dbase_list(handle, dconfig, records, count); > +} > diff --git a/libsemanage/src/handle.h b/libsemanage/src/handle.h > index 889871d..1780ac8 100644 > --- a/libsemanage/src/handle.h > +++ b/libsemanage/src/handle.h > @@ -79,7 +79,7 @@ struct semanage_handle { > struct semanage_policy_table *funcs; > > /* Object databases */ > -#define DBASE_COUNT 23 > +#define DBASE_COUNT 24 > > /* Local modifications */ > #define DBASE_LOCAL_USERS_BASE 0 > @@ -102,13 +102,14 @@ struct semanage_handle { > #define DBASE_POLICY_INTERFACES 15 > #define DBASE_POLICY_BOOLEANS 16 > #define DBASE_POLICY_FCONTEXTS 17 > -#define DBASE_POLICY_SEUSERS 18 > -#define DBASE_POLICY_NODES 19 > -#define DBASE_POLICY_IBPKEYS 20 > -#define DBASE_POLICY_IBENDPORTS 21 > +#define DBASE_POLICY_FCONTEXTS_H 18 > +#define DBASE_POLICY_SEUSERS 19 > +#define DBASE_POLICY_NODES 20 > +#define DBASE_POLICY_IBPKEYS 21 > +#define DBASE_POLICY_IBENDPORTS 22 > > /* Active kernel policy */ > -#define DBASE_ACTIVE_BOOLEANS 22 > +#define DBASE_ACTIVE_BOOLEANS 23 > dbase_config_t dbase[DBASE_COUNT]; > }; > > @@ -236,6 +237,12 @@ static inline > } > > static inline > + dbase_config_t * > semanage_fcontext_dbase_homedirs(semanage_handle_t * handle) > +{ > + return &handle->dbase[DBASE_POLICY_FCONTEXTS_H]; > +} > + > +static inline > dbase_config_t * semanage_seuser_dbase_policy(semanage_handle_t > * handle) > { > return &handle->dbase[DBASE_POLICY_SEUSERS]; ^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [PATCH 1/2] libsemanage: Add support for listing fcontext.homedirs file 2017-09-27 17:42 ` Stephen Smalley @ 2017-09-27 18:17 ` Stephen Smalley 2017-10-01 18:01 ` [PATCH 1/3] libsemanage: Keep copy of file_contexts.homedirs in policy store Vit Mojzis 0 siblings, 1 reply; 21+ messages in thread From: Stephen Smalley @ 2017-09-27 18:17 UTC (permalink / raw) To: Vit Mojzis, selinux On Wed, 2017-09-27 at 13:42 -0400, Stephen Smalley wrote: > On Wed, 2017-09-27 at 10:16 +0200, Vit Mojzis wrote: > > Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813 > > --- > > libsemanage/include/semanage/fcontexts_policy.h | 4 ++++ > > libsemanage/src/direct_api.c | 6 ++++++ > > libsemanage/src/fcontexts_policy.c | 8 ++++++++ > > libsemanage/src/handle.h | 19 +++++++++++++ > > ------ > > 4 files changed, 31 insertions(+), 6 deletions(-) > > > > diff --git a/libsemanage/include/semanage/fcontexts_policy.h > > b/libsemanage/include/semanage/fcontexts_policy.h > > index a50db2b..199a1e1 100644 > > --- a/libsemanage/include/semanage/fcontexts_policy.h > > +++ b/libsemanage/include/semanage/fcontexts_policy.h > > @@ -26,4 +26,8 @@ extern int > > semanage_fcontext_list(semanage_handle_t > > * handle, > > semanage_fcontext_t *** records, > > unsigned int *count); > > > > +extern int semanage_fcontext_list_homedirs(semanage_handle_t * > > handle, > > + semanage_fcontext_t *** records, > > + unsigned int *count); > > + > > #endif > > diff --git a/libsemanage/src/direct_api.c > > b/libsemanage/src/direct_api.c > > index 65842df..886a228 100644 > > --- a/libsemanage/src/direct_api.c > > +++ b/libsemanage/src/direct_api.c > > @@ -210,6 +210,12 @@ int semanage_direct_connect(semanage_handle_t > > * > > sh) > > semanage_fcontext_dbase_local > > (s > > h)) < 0) > > goto err; > > > > + if (fcontext_file_dbase_init(sh, > > + selinux_file_context_homedir_ > > pa > > th(), > > + selinux_file_context_homedir_ > > pa > > th(), > > This will return the wrong results if one specifies a policy store > other than the active one to semodule (via -s) or semanage (via -S), > e.g. semanage fcontext -S mls -l. You shouldn't be using the path of > the active, installed file_contexts.homedirs file but rather one from > the per-policy-store sandbox. The libsemanage functions always act > on > the sandbox. Also, you shouldn't be passing the same path as the ro > and > rw paths here, as you don't want a dbase flush to suddenly overwrite > the installed file_contexts.homedirs file. > > I guess the problem you currently have is we aren't keeping around a > copy of the generated file_contexts.homedirs in the sandbox; it is > only > created in the final tmp location and that entire directory tree is > deleted once we complete the transaction. You'd need to regenerate > it > on demand or keep it around if you want to do this. The easiest way to do this would likely be to add a SEMANAGE_STORE_FC_HOMEDIRS definition to semanage_sandbox_defs, add "/file_contexts.homedirs" to semanage_sandbox_paths[] at the corresponding index, and change semanage_genhomedircon() to set s.fcfilepath to semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_HOMEDIRS), and then semanage_copy_file() it to semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC_HOMEDIRS). Then you can call dbase_init on semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_FC_HOMEDIRS) as the ro path and semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_HOMEDIRS) as the rw path. Requires an extra copy of file_contexts.homedirs to stay around, but that's not significant. > > > + semanage_fcontext_dbase_homed > > ir > > s(sh)) < 0) > > + goto err; > > + > > if (seuser_file_dbase_init(sh, > > semanage_path(SEMANAGE_ACTIVE, > > SEMANAGE_SEUSERS_ > > LO > > CAL), > > diff --git a/libsemanage/src/fcontexts_policy.c > > b/libsemanage/src/fcontexts_policy.c > > index 0b063b1..98490ab 100644 > > --- a/libsemanage/src/fcontexts_policy.c > > +++ b/libsemanage/src/fcontexts_policy.c > > @@ -51,3 +51,11 @@ int semanage_fcontext_list(semanage_handle_t * > > handle, > > dbase_config_t *dconfig = > > semanage_fcontext_dbase_policy(handle); > > return dbase_list(handle, dconfig, records, count); > > } > > + > > +int semanage_fcontext_list_homedirs(semanage_handle_t * handle, > > + semanage_fcontext_t *** records, > > unsigned > > int *count) > > +{ > > + > > + dbase_config_t *dconfig = > > semanage_fcontext_dbase_homedirs(handle); > > + return dbase_list(handle, dconfig, records, count); > > +} > > diff --git a/libsemanage/src/handle.h b/libsemanage/src/handle.h > > index 889871d..1780ac8 100644 > > --- a/libsemanage/src/handle.h > > +++ b/libsemanage/src/handle.h > > @@ -79,7 +79,7 @@ struct semanage_handle { > > struct semanage_policy_table *funcs; > > > > /* Object databases */ > > -#define DBASE_COUNT 23 > > +#define DBASE_COUNT 24 > > > > /* Local modifications */ > > #define DBASE_LOCAL_USERS_BASE 0 > > @@ -102,13 +102,14 @@ struct semanage_handle { > > #define DBASE_POLICY_INTERFACES 15 > > #define DBASE_POLICY_BOOLEANS 16 > > #define DBASE_POLICY_FCONTEXTS 17 > > -#define DBASE_POLICY_SEUSERS 18 > > -#define DBASE_POLICY_NODES 19 > > -#define DBASE_POLICY_IBPKEYS 20 > > -#define DBASE_POLICY_IBENDPORTS 21 > > +#define DBASE_POLICY_FCONTEXTS_H 18 > > +#define DBASE_POLICY_SEUSERS 19 > > +#define DBASE_POLICY_NODES 20 > > +#define DBASE_POLICY_IBPKEYS 21 > > +#define DBASE_POLICY_IBENDPORTS 22 > > > > /* Active kernel policy */ > > -#define DBASE_ACTIVE_BOOLEANS 22 > > +#define DBASE_ACTIVE_BOOLEANS 23 > > dbase_config_t dbase[DBASE_COUNT]; > > }; > > > > @@ -236,6 +237,12 @@ static inline > > } > > > > static inline > > + dbase_config_t * > > semanage_fcontext_dbase_homedirs(semanage_handle_t * handle) > > +{ > > + return &handle->dbase[DBASE_POLICY_FCONTEXTS_H]; > > +} > > + > > +static inline > > dbase_config_t * > > semanage_seuser_dbase_policy(semanage_handle_t > > * handle) > > { > > return &handle->dbase[DBASE_POLICY_SEUSERS]; ^ permalink raw reply [flat|nested] 21+ messages in thread
* [PATCH 1/3] libsemanage: Keep copy of file_contexts.homedirs in policy store 2017-09-27 18:17 ` Stephen Smalley @ 2017-10-01 18:01 ` Vit Mojzis 2017-10-01 18:01 ` [PATCH 2/3] libsemanage: Add support for listing fcontext.homedirs file Vit Mojzis 2017-10-01 18:01 ` Vit Mojzis 0 siblings, 2 replies; 21+ messages in thread From: Vit Mojzis @ 2017-10-01 18:01 UTC (permalink / raw) To: selinux This will allow listing the correct file_contexts.homedirs using libsemanage regardless of selected policy store. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813 --- libsemanage/src/direct_api.c | 19 ++++++++++++++----- libsemanage/src/genhomedircon.c | 4 ++-- libsemanage/src/semanage_store.c | 1 + libsemanage/src/semanage_store.h | 1 + 4 files changed, 18 insertions(+), 7 deletions(-) diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c index 65842df..971a08f 100644 --- a/libsemanage/src/direct_api.c +++ b/libsemanage/src/direct_api.c @@ -1577,11 +1577,20 @@ rebuild: /* run genhomedircon if its enabled, this should be the last operation * which requires the out policydb */ if (!sh->conf->disable_genhomedircon) { - if (out && (retval = - semanage_genhomedircon(sh, out, sh->conf->usepasswd, sh->conf->ignoredirs)) != 0) { - ERR(sh, "semanage_genhomedircon returned error code %d.", - retval); - goto cleanup; + if (out){ + if ((retval = semanage_genhomedircon(sh, out, sh->conf->usepasswd, + sh->conf->ignoredirs)) != 0) { + ERR(sh, "semanage_genhomedircon returned error code %d.", retval); + goto cleanup; + } + /* file_contexts.homedirs was created in SEMANAGE_TMP store */ + retval = semanage_copy_file( + semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_HOMEDIRS), + semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC_HOMEDIRS), + sh->conf->file_mode); + if (retval < 0) { + goto cleanup; + } } } else { WARN(sh, "WARNING: genhomedircon is disabled. \ diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c index b9a74b7..27a269e 100644 --- a/libsemanage/src/genhomedircon.c +++ b/libsemanage/src/genhomedircon.c @@ -1345,8 +1345,8 @@ int semanage_genhomedircon(semanage_handle_t * sh, s.homedir_template_path = semanage_path(SEMANAGE_TMP, SEMANAGE_HOMEDIR_TMPL); - s.fcfilepath = semanage_final_path(SEMANAGE_FINAL_TMP, - SEMANAGE_FC_HOMEDIRS); + s.fcfilepath = + semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_HOMEDIRS); s.fallback = calloc(1, sizeof(genhomedircon_user_entry_t)); if (s.fallback == NULL) { diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c index 6158d08..63c80b0 100644 --- a/libsemanage/src/semanage_store.c +++ b/libsemanage/src/semanage_store.c @@ -116,6 +116,7 @@ static const char *semanage_sandbox_paths[SEMANAGE_STORE_NUM_PATHS] = { "/modules/disabled", "/policy.kern", "/file_contexts.local", + "/file_contexts.homedirs", "/file_contexts", "/seusers" }; diff --git a/libsemanage/src/semanage_store.h b/libsemanage/src/semanage_store.h index fcaa505..34bf852 100644 --- a/libsemanage/src/semanage_store.h +++ b/libsemanage/src/semanage_store.h @@ -61,6 +61,7 @@ enum semanage_sandbox_defs { SEMANAGE_MODULES_DISABLED, SEMANAGE_STORE_KERNEL, SEMANAGE_STORE_FC_LOCAL, + SEMANAGE_STORE_FC_HOMEDIRS, SEMANAGE_STORE_FC, SEMANAGE_STORE_SEUSERS, SEMANAGE_STORE_NUM_PATHS -- 2.9.4 ^ permalink raw reply related [flat|nested] 21+ messages in thread
* [PATCH 2/3] libsemanage: Add support for listing fcontext.homedirs file 2017-10-01 18:01 ` [PATCH 1/3] libsemanage: Keep copy of file_contexts.homedirs in policy store Vit Mojzis @ 2017-10-01 18:01 ` Vit Mojzis 2017-10-02 19:07 ` Stephen Smalley 2017-10-01 18:01 ` Vit Mojzis 1 sibling, 1 reply; 21+ messages in thread From: Vit Mojzis @ 2017-10-01 18:01 UTC (permalink / raw) To: selinux Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813 --- libsemanage/include/semanage/fcontexts_policy.h | 4 ++++ libsemanage/src/direct_api.c | 6 ++++++ libsemanage/src/fcontexts_policy.c | 8 ++++++++ libsemanage/src/handle.h | 19 +++++++++++++------ 4 files changed, 31 insertions(+), 6 deletions(-) diff --git a/libsemanage/include/semanage/fcontexts_policy.h b/libsemanage/include/semanage/fcontexts_policy.h index a50db2b..199a1e1 100644 --- a/libsemanage/include/semanage/fcontexts_policy.h +++ b/libsemanage/include/semanage/fcontexts_policy.h @@ -26,4 +26,8 @@ extern int semanage_fcontext_list(semanage_handle_t * handle, semanage_fcontext_t *** records, unsigned int *count); +extern int semanage_fcontext_list_homedirs(semanage_handle_t * handle, + semanage_fcontext_t *** records, + unsigned int *count); + #endif diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c index 971a08f..334267d 100644 --- a/libsemanage/src/direct_api.c +++ b/libsemanage/src/direct_api.c @@ -210,6 +210,12 @@ int semanage_direct_connect(semanage_handle_t * sh) semanage_fcontext_dbase_local(sh)) < 0) goto err; + if (fcontext_file_dbase_init(sh, + semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_FC_HOMEDIRS), + semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_HOMEDIRS), + semanage_fcontext_dbase_homedirs(sh)) < 0) + goto err; + if (seuser_file_dbase_init(sh, semanage_path(SEMANAGE_ACTIVE, SEMANAGE_SEUSERS_LOCAL), diff --git a/libsemanage/src/fcontexts_policy.c b/libsemanage/src/fcontexts_policy.c index 0b063b1..98490ab 100644 --- a/libsemanage/src/fcontexts_policy.c +++ b/libsemanage/src/fcontexts_policy.c @@ -51,3 +51,11 @@ int semanage_fcontext_list(semanage_handle_t * handle, dbase_config_t *dconfig = semanage_fcontext_dbase_policy(handle); return dbase_list(handle, dconfig, records, count); } + +int semanage_fcontext_list_homedirs(semanage_handle_t * handle, + semanage_fcontext_t *** records, unsigned int *count) +{ + + dbase_config_t *dconfig = semanage_fcontext_dbase_homedirs(handle); + return dbase_list(handle, dconfig, records, count); +} diff --git a/libsemanage/src/handle.h b/libsemanage/src/handle.h index 889871d..1780ac8 100644 --- a/libsemanage/src/handle.h +++ b/libsemanage/src/handle.h @@ -79,7 +79,7 @@ struct semanage_handle { struct semanage_policy_table *funcs; /* Object databases */ -#define DBASE_COUNT 23 +#define DBASE_COUNT 24 /* Local modifications */ #define DBASE_LOCAL_USERS_BASE 0 @@ -102,13 +102,14 @@ struct semanage_handle { #define DBASE_POLICY_INTERFACES 15 #define DBASE_POLICY_BOOLEANS 16 #define DBASE_POLICY_FCONTEXTS 17 -#define DBASE_POLICY_SEUSERS 18 -#define DBASE_POLICY_NODES 19 -#define DBASE_POLICY_IBPKEYS 20 -#define DBASE_POLICY_IBENDPORTS 21 +#define DBASE_POLICY_FCONTEXTS_H 18 +#define DBASE_POLICY_SEUSERS 19 +#define DBASE_POLICY_NODES 20 +#define DBASE_POLICY_IBPKEYS 21 +#define DBASE_POLICY_IBENDPORTS 22 /* Active kernel policy */ -#define DBASE_ACTIVE_BOOLEANS 22 +#define DBASE_ACTIVE_BOOLEANS 23 dbase_config_t dbase[DBASE_COUNT]; }; @@ -236,6 +237,12 @@ static inline } static inline + dbase_config_t * semanage_fcontext_dbase_homedirs(semanage_handle_t * handle) +{ + return &handle->dbase[DBASE_POLICY_FCONTEXTS_H]; +} + +static inline dbase_config_t * semanage_seuser_dbase_policy(semanage_handle_t * handle) { return &handle->dbase[DBASE_POLICY_SEUSERS]; -- 2.9.4 ^ permalink raw reply related [flat|nested] 21+ messages in thread
* Re: [PATCH 2/3] libsemanage: Add support for listing fcontext.homedirs file 2017-10-01 18:01 ` [PATCH 2/3] libsemanage: Add support for listing fcontext.homedirs file Vit Mojzis @ 2017-10-02 19:07 ` Stephen Smalley 2017-10-03 9:57 ` [PATCH] " Vit Mojzis 0 siblings, 1 reply; 21+ messages in thread From: Stephen Smalley @ 2017-10-02 19:07 UTC (permalink / raw) To: Vit Mojzis, selinux On Sun, 2017-10-01 at 20:01 +0200, Vit Mojzis wrote: > Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813 > --- > libsemanage/include/semanage/fcontexts_policy.h | 4 ++++ > libsemanage/src/direct_api.c | 6 ++++++ > libsemanage/src/fcontexts_policy.c | 8 ++++++++ > libsemanage/src/handle.h | 19 +++++++++++++ > ------ > 4 files changed, 31 insertions(+), 6 deletions(-) > > diff --git a/libsemanage/include/semanage/fcontexts_policy.h > b/libsemanage/include/semanage/fcontexts_policy.h > index a50db2b..199a1e1 100644 > --- a/libsemanage/include/semanage/fcontexts_policy.h > +++ b/libsemanage/include/semanage/fcontexts_policy.h > @@ -26,4 +26,8 @@ extern int semanage_fcontext_list(semanage_handle_t > * handle, > semanage_fcontext_t *** records, > unsigned int *count); > > +extern int semanage_fcontext_list_homedirs(semanage_handle_t * > handle, > + semanage_fcontext_t *** records, > + unsigned int *count); > + > #endif > diff --git a/libsemanage/src/direct_api.c > b/libsemanage/src/direct_api.c > index 971a08f..334267d 100644 > --- a/libsemanage/src/direct_api.c > +++ b/libsemanage/src/direct_api.c > @@ -210,6 +210,12 @@ int semanage_direct_connect(semanage_handle_t * > sh) > semanage_fcontext_dbase_local(s > h)) < 0) > goto err; > > + if (fcontext_file_dbase_init(sh, > + semanage_path(SEMANAGE_ACTIVE, > SEMANAGE_STORE_FC_HOMEDIRS), > + semanage_path(SEMANAGE_TMP, > SEMANAGE_STORE_FC_HOMEDIRS), > + semanage_fcontext_dbase_homedir > s(sh)) < 0) > + goto err; > + Don't we also need to do a fcontext_file_dbase_release(semanage_fcontext_dbase_homedir(sh)); from semanage_direct_disconnect()? > if (seuser_file_dbase_init(sh, > semanage_path(SEMANAGE_ACTIVE, > SEMANAGE_SEUSERS_LO > CAL), > diff --git a/libsemanage/src/fcontexts_policy.c > b/libsemanage/src/fcontexts_policy.c > index 0b063b1..98490ab 100644 > --- a/libsemanage/src/fcontexts_policy.c > +++ b/libsemanage/src/fcontexts_policy.c > @@ -51,3 +51,11 @@ int semanage_fcontext_list(semanage_handle_t * > handle, > dbase_config_t *dconfig = > semanage_fcontext_dbase_policy(handle); > return dbase_list(handle, dconfig, records, count); > } > + > +int semanage_fcontext_list_homedirs(semanage_handle_t * handle, > + semanage_fcontext_t *** records, unsigned > int *count) > +{ > + > + dbase_config_t *dconfig = > semanage_fcontext_dbase_homedirs(handle); > + return dbase_list(handle, dconfig, records, count); > +} > diff --git a/libsemanage/src/handle.h b/libsemanage/src/handle.h > index 889871d..1780ac8 100644 > --- a/libsemanage/src/handle.h > +++ b/libsemanage/src/handle.h > @@ -79,7 +79,7 @@ struct semanage_handle { > struct semanage_policy_table *funcs; > > /* Object databases */ > -#define DBASE_COUNT 23 > +#define DBASE_COUNT 24 > > /* Local modifications */ > #define DBASE_LOCAL_USERS_BASE 0 > @@ -102,13 +102,14 @@ struct semanage_handle { > #define DBASE_POLICY_INTERFACES 15 > #define DBASE_POLICY_BOOLEANS 16 > #define DBASE_POLICY_FCONTEXTS 17 > -#define DBASE_POLICY_SEUSERS 18 > -#define DBASE_POLICY_NODES 19 > -#define DBASE_POLICY_IBPKEYS 20 > -#define DBASE_POLICY_IBENDPORTS 21 > +#define DBASE_POLICY_FCONTEXTS_H 18 > +#define DBASE_POLICY_SEUSERS 19 > +#define DBASE_POLICY_NODES 20 > +#define DBASE_POLICY_IBPKEYS 21 > +#define DBASE_POLICY_IBENDPORTS 22 > > /* Active kernel policy */ > -#define DBASE_ACTIVE_BOOLEANS 22 > +#define DBASE_ACTIVE_BOOLEANS 23 > dbase_config_t dbase[DBASE_COUNT]; > }; > > @@ -236,6 +237,12 @@ static inline > } > > static inline > + dbase_config_t * > semanage_fcontext_dbase_homedirs(semanage_handle_t * handle) > +{ > + return &handle->dbase[DBASE_POLICY_FCONTEXTS_H]; > +} > + > +static inline > dbase_config_t * semanage_seuser_dbase_policy(semanage_handle_t > * handle) > { > return &handle->dbase[DBASE_POLICY_SEUSERS]; ^ permalink raw reply [flat|nested] 21+ messages in thread
* [PATCH] libsemanage: Add support for listing fcontext.homedirs file 2017-10-02 19:07 ` Stephen Smalley @ 2017-10-03 9:57 ` Vit Mojzis 2017-10-04 14:07 ` Stephen Smalley 0 siblings, 1 reply; 21+ messages in thread From: Vit Mojzis @ 2017-10-03 9:57 UTC (permalink / raw) To: selinux Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813 --- libsemanage/include/semanage/fcontexts_policy.h | 4 ++++ libsemanage/src/direct_api.c | 7 +++++++ libsemanage/src/fcontexts_policy.c | 8 ++++++++ libsemanage/src/handle.h | 19 +++++++++++++------ 4 files changed, 32 insertions(+), 6 deletions(-) diff --git a/libsemanage/include/semanage/fcontexts_policy.h b/libsemanage/include/semanage/fcontexts_policy.h index a50db2b..199a1e1 100644 --- a/libsemanage/include/semanage/fcontexts_policy.h +++ b/libsemanage/include/semanage/fcontexts_policy.h @@ -26,4 +26,8 @@ extern int semanage_fcontext_list(semanage_handle_t * handle, semanage_fcontext_t *** records, unsigned int *count); +extern int semanage_fcontext_list_homedirs(semanage_handle_t * handle, + semanage_fcontext_t *** records, + unsigned int *count); + #endif diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c index 971a08f..00ad820 100644 --- a/libsemanage/src/direct_api.c +++ b/libsemanage/src/direct_api.c @@ -210,6 +210,12 @@ int semanage_direct_connect(semanage_handle_t * sh) semanage_fcontext_dbase_local(sh)) < 0) goto err; + if (fcontext_file_dbase_init(sh, + semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_FC_HOMEDIRS), + semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_HOMEDIRS), + semanage_fcontext_dbase_homedirs(sh)) < 0) + goto err; + if (seuser_file_dbase_init(sh, semanage_path(SEMANAGE_ACTIVE, SEMANAGE_SEUSERS_LOCAL), @@ -349,6 +355,7 @@ static int semanage_direct_disconnect(semanage_handle_t * sh) iface_file_dbase_release(semanage_iface_dbase_local(sh)); bool_file_dbase_release(semanage_bool_dbase_local(sh)); fcontext_file_dbase_release(semanage_fcontext_dbase_local(sh)); + fcontext_file_dbase_release(semanage_fcontext_dbase_homedirs(sh)); seuser_file_dbase_release(semanage_seuser_dbase_local(sh)); node_file_dbase_release(semanage_node_dbase_local(sh)); diff --git a/libsemanage/src/fcontexts_policy.c b/libsemanage/src/fcontexts_policy.c index 0b063b1..98490ab 100644 --- a/libsemanage/src/fcontexts_policy.c +++ b/libsemanage/src/fcontexts_policy.c @@ -51,3 +51,11 @@ int semanage_fcontext_list(semanage_handle_t * handle, dbase_config_t *dconfig = semanage_fcontext_dbase_policy(handle); return dbase_list(handle, dconfig, records, count); } + +int semanage_fcontext_list_homedirs(semanage_handle_t * handle, + semanage_fcontext_t *** records, unsigned int *count) +{ + + dbase_config_t *dconfig = semanage_fcontext_dbase_homedirs(handle); + return dbase_list(handle, dconfig, records, count); +} diff --git a/libsemanage/src/handle.h b/libsemanage/src/handle.h index 889871d..1780ac8 100644 --- a/libsemanage/src/handle.h +++ b/libsemanage/src/handle.h @@ -79,7 +79,7 @@ struct semanage_handle { struct semanage_policy_table *funcs; /* Object databases */ -#define DBASE_COUNT 23 +#define DBASE_COUNT 24 /* Local modifications */ #define DBASE_LOCAL_USERS_BASE 0 @@ -102,13 +102,14 @@ struct semanage_handle { #define DBASE_POLICY_INTERFACES 15 #define DBASE_POLICY_BOOLEANS 16 #define DBASE_POLICY_FCONTEXTS 17 -#define DBASE_POLICY_SEUSERS 18 -#define DBASE_POLICY_NODES 19 -#define DBASE_POLICY_IBPKEYS 20 -#define DBASE_POLICY_IBENDPORTS 21 +#define DBASE_POLICY_FCONTEXTS_H 18 +#define DBASE_POLICY_SEUSERS 19 +#define DBASE_POLICY_NODES 20 +#define DBASE_POLICY_IBPKEYS 21 +#define DBASE_POLICY_IBENDPORTS 22 /* Active kernel policy */ -#define DBASE_ACTIVE_BOOLEANS 22 +#define DBASE_ACTIVE_BOOLEANS 23 dbase_config_t dbase[DBASE_COUNT]; }; @@ -236,6 +237,12 @@ static inline } static inline + dbase_config_t * semanage_fcontext_dbase_homedirs(semanage_handle_t * handle) +{ + return &handle->dbase[DBASE_POLICY_FCONTEXTS_H]; +} + +static inline dbase_config_t * semanage_seuser_dbase_policy(semanage_handle_t * handle) { return &handle->dbase[DBASE_POLICY_SEUSERS]; -- 2.9.4 ^ permalink raw reply related [flat|nested] 21+ messages in thread
* Re: [PATCH] libsemanage: Add support for listing fcontext.homedirs file 2017-10-03 9:57 ` [PATCH] " Vit Mojzis @ 2017-10-04 14:07 ` Stephen Smalley 2017-10-04 14:54 ` Vit Mojzis 0 siblings, 1 reply; 21+ messages in thread From: Stephen Smalley @ 2017-10-04 14:07 UTC (permalink / raw) To: Vit Mojzis, selinux On Tue, 2017-10-03 at 11:57 +0200, Vit Mojzis wrote: > Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813 These all look good to me now. Could you please re-post them all with Signed-off-by: lines, and then we'll merge them in a couple of days barring any other concerns? > --- > libsemanage/include/semanage/fcontexts_policy.h | 4 ++++ > libsemanage/src/direct_api.c | 7 +++++++ > libsemanage/src/fcontexts_policy.c | 8 ++++++++ > libsemanage/src/handle.h | 19 +++++++++++++ > ------ > 4 files changed, 32 insertions(+), 6 deletions(-) > > diff --git a/libsemanage/include/semanage/fcontexts_policy.h > b/libsemanage/include/semanage/fcontexts_policy.h > index a50db2b..199a1e1 100644 > --- a/libsemanage/include/semanage/fcontexts_policy.h > +++ b/libsemanage/include/semanage/fcontexts_policy.h > @@ -26,4 +26,8 @@ extern int semanage_fcontext_list(semanage_handle_t > * handle, > semanage_fcontext_t *** records, > unsigned int *count); > > +extern int semanage_fcontext_list_homedirs(semanage_handle_t * > handle, > + semanage_fcontext_t *** records, > + unsigned int *count); > + > #endif > diff --git a/libsemanage/src/direct_api.c > b/libsemanage/src/direct_api.c > index 971a08f..00ad820 100644 > --- a/libsemanage/src/direct_api.c > +++ b/libsemanage/src/direct_api.c > @@ -210,6 +210,12 @@ int semanage_direct_connect(semanage_handle_t * > sh) > semanage_fcontext_dbase_local(s > h)) < 0) > goto err; > > + if (fcontext_file_dbase_init(sh, > + semanage_path(SEMANAGE_ACTIVE, > SEMANAGE_STORE_FC_HOMEDIRS), > + semanage_path(SEMANAGE_TMP, > SEMANAGE_STORE_FC_HOMEDIRS), > + semanage_fcontext_dbase_homedir > s(sh)) < 0) > + goto err; > + > if (seuser_file_dbase_init(sh, > semanage_path(SEMANAGE_ACTIVE, > SEMANAGE_SEUSERS_LO > CAL), > @@ -349,6 +355,7 @@ static int > semanage_direct_disconnect(semanage_handle_t * sh) > iface_file_dbase_release(semanage_iface_dbase_local(sh)); > bool_file_dbase_release(semanage_bool_dbase_local(sh)); > fcontext_file_dbase_release(semanage_fcontext_dbase_local(sh > )); > + fcontext_file_dbase_release(semanage_fcontext_dbase_homedirs > (sh)); > seuser_file_dbase_release(semanage_seuser_dbase_local(sh)); > node_file_dbase_release(semanage_node_dbase_local(sh)); > > diff --git a/libsemanage/src/fcontexts_policy.c > b/libsemanage/src/fcontexts_policy.c > index 0b063b1..98490ab 100644 > --- a/libsemanage/src/fcontexts_policy.c > +++ b/libsemanage/src/fcontexts_policy.c > @@ -51,3 +51,11 @@ int semanage_fcontext_list(semanage_handle_t * > handle, > dbase_config_t *dconfig = > semanage_fcontext_dbase_policy(handle); > return dbase_list(handle, dconfig, records, count); > } > + > +int semanage_fcontext_list_homedirs(semanage_handle_t * handle, > + semanage_fcontext_t *** records, unsigned > int *count) > +{ > + > + dbase_config_t *dconfig = > semanage_fcontext_dbase_homedirs(handle); > + return dbase_list(handle, dconfig, records, count); > +} > diff --git a/libsemanage/src/handle.h b/libsemanage/src/handle.h > index 889871d..1780ac8 100644 > --- a/libsemanage/src/handle.h > +++ b/libsemanage/src/handle.h > @@ -79,7 +79,7 @@ struct semanage_handle { > struct semanage_policy_table *funcs; > > /* Object databases */ > -#define DBASE_COUNT 23 > +#define DBASE_COUNT 24 > > /* Local modifications */ > #define DBASE_LOCAL_USERS_BASE 0 > @@ -102,13 +102,14 @@ struct semanage_handle { > #define DBASE_POLICY_INTERFACES 15 > #define DBASE_POLICY_BOOLEANS 16 > #define DBASE_POLICY_FCONTEXTS 17 > -#define DBASE_POLICY_SEUSERS 18 > -#define DBASE_POLICY_NODES 19 > -#define DBASE_POLICY_IBPKEYS 20 > -#define DBASE_POLICY_IBENDPORTS 21 > +#define DBASE_POLICY_FCONTEXTS_H 18 > +#define DBASE_POLICY_SEUSERS 19 > +#define DBASE_POLICY_NODES 20 > +#define DBASE_POLICY_IBPKEYS 21 > +#define DBASE_POLICY_IBENDPORTS 22 > > /* Active kernel policy */ > -#define DBASE_ACTIVE_BOOLEANS 22 > +#define DBASE_ACTIVE_BOOLEANS 23 > dbase_config_t dbase[DBASE_COUNT]; > }; > > @@ -236,6 +237,12 @@ static inline > } > > static inline > + dbase_config_t * > semanage_fcontext_dbase_homedirs(semanage_handle_t * handle) > +{ > + return &handle->dbase[DBASE_POLICY_FCONTEXTS_H]; > +} > + > +static inline > dbase_config_t * semanage_seuser_dbase_policy(semanage_handle_t > * handle) > { > return &handle->dbase[DBASE_POLICY_SEUSERS]; ^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [PATCH] libsemanage: Add support for listing fcontext.homedirs file 2017-10-04 14:07 ` Stephen Smalley @ 2017-10-04 14:54 ` Vit Mojzis 2017-10-04 15:36 ` [PATCH 1/3] libsemanage: Keep copy of file_contexts.homedirs in policy store Vit Mojzis 0 siblings, 1 reply; 21+ messages in thread From: Vit Mojzis @ 2017-10-04 14:54 UTC (permalink / raw) To: selinux On 4.10.2017 16:07, Stephen Smalley wrote: > On Tue, 2017-10-03 at 11:57 +0200, Vit Mojzis wrote: >> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813 > These all look good to me now. Could you please re-post them all with > Signed-off-by: lines, and then we'll merge them in a couple of days > barring any other concerns? Sure. Thank you, I appreciate your help. > >> --- >> libsemanage/include/semanage/fcontexts_policy.h | 4 ++++ >> libsemanage/src/direct_api.c | 7 +++++++ >> libsemanage/src/fcontexts_policy.c | 8 ++++++++ >> libsemanage/src/handle.h | 19 +++++++++++++ >> ------ >> 4 files changed, 32 insertions(+), 6 deletions(-) >> >> diff --git a/libsemanage/include/semanage/fcontexts_policy.h >> b/libsemanage/include/semanage/fcontexts_policy.h >> index a50db2b..199a1e1 100644 >> --- a/libsemanage/include/semanage/fcontexts_policy.h >> +++ b/libsemanage/include/semanage/fcontexts_policy.h >> @@ -26,4 +26,8 @@ extern int semanage_fcontext_list(semanage_handle_t >> * handle, >> semanage_fcontext_t *** records, >> unsigned int *count); >> >> +extern int semanage_fcontext_list_homedirs(semanage_handle_t * >> handle, >> + semanage_fcontext_t *** records, >> + unsigned int *count); >> + >> #endif >> diff --git a/libsemanage/src/direct_api.c >> b/libsemanage/src/direct_api.c >> index 971a08f..00ad820 100644 >> --- a/libsemanage/src/direct_api.c >> +++ b/libsemanage/src/direct_api.c >> @@ -210,6 +210,12 @@ int semanage_direct_connect(semanage_handle_t * >> sh) >> semanage_fcontext_dbase_local(s >> h)) < 0) >> goto err; >> >> + if (fcontext_file_dbase_init(sh, >> + semanage_path(SEMANAGE_ACTIVE, >> SEMANAGE_STORE_FC_HOMEDIRS), >> + semanage_path(SEMANAGE_TMP, >> SEMANAGE_STORE_FC_HOMEDIRS), >> + semanage_fcontext_dbase_homedir >> s(sh)) < 0) >> + goto err; >> + >> if (seuser_file_dbase_init(sh, >> semanage_path(SEMANAGE_ACTIVE, >> SEMANAGE_SEUSERS_LO >> CAL), >> @@ -349,6 +355,7 @@ static int >> semanage_direct_disconnect(semanage_handle_t * sh) >> iface_file_dbase_release(semanage_iface_dbase_local(sh)); >> bool_file_dbase_release(semanage_bool_dbase_local(sh)); >> fcontext_file_dbase_release(semanage_fcontext_dbase_local(sh >> )); >> + fcontext_file_dbase_release(semanage_fcontext_dbase_homedirs >> (sh)); >> seuser_file_dbase_release(semanage_seuser_dbase_local(sh)); >> node_file_dbase_release(semanage_node_dbase_local(sh)); >> >> diff --git a/libsemanage/src/fcontexts_policy.c >> b/libsemanage/src/fcontexts_policy.c >> index 0b063b1..98490ab 100644 >> --- a/libsemanage/src/fcontexts_policy.c >> +++ b/libsemanage/src/fcontexts_policy.c >> @@ -51,3 +51,11 @@ int semanage_fcontext_list(semanage_handle_t * >> handle, >> dbase_config_t *dconfig = >> semanage_fcontext_dbase_policy(handle); >> return dbase_list(handle, dconfig, records, count); >> } >> + >> +int semanage_fcontext_list_homedirs(semanage_handle_t * handle, >> + semanage_fcontext_t *** records, unsigned >> int *count) >> +{ >> + >> + dbase_config_t *dconfig = >> semanage_fcontext_dbase_homedirs(handle); >> + return dbase_list(handle, dconfig, records, count); >> +} >> diff --git a/libsemanage/src/handle.h b/libsemanage/src/handle.h >> index 889871d..1780ac8 100644 >> --- a/libsemanage/src/handle.h >> +++ b/libsemanage/src/handle.h >> @@ -79,7 +79,7 @@ struct semanage_handle { >> struct semanage_policy_table *funcs; >> >> /* Object databases */ >> -#define DBASE_COUNT 23 >> +#define DBASE_COUNT 24 >> >> /* Local modifications */ >> #define DBASE_LOCAL_USERS_BASE 0 >> @@ -102,13 +102,14 @@ struct semanage_handle { >> #define DBASE_POLICY_INTERFACES 15 >> #define DBASE_POLICY_BOOLEANS 16 >> #define DBASE_POLICY_FCONTEXTS 17 >> -#define DBASE_POLICY_SEUSERS 18 >> -#define DBASE_POLICY_NODES 19 >> -#define DBASE_POLICY_IBPKEYS 20 >> -#define DBASE_POLICY_IBENDPORTS 21 >> +#define DBASE_POLICY_FCONTEXTS_H 18 >> +#define DBASE_POLICY_SEUSERS 19 >> +#define DBASE_POLICY_NODES 20 >> +#define DBASE_POLICY_IBPKEYS 21 >> +#define DBASE_POLICY_IBENDPORTS 22 >> >> /* Active kernel policy */ >> -#define DBASE_ACTIVE_BOOLEANS 22 >> +#define DBASE_ACTIVE_BOOLEANS 23 >> dbase_config_t dbase[DBASE_COUNT]; >> }; >> >> @@ -236,6 +237,12 @@ static inline >> } >> >> static inline >> + dbase_config_t * >> semanage_fcontext_dbase_homedirs(semanage_handle_t * handle) >> +{ >> + return &handle->dbase[DBASE_POLICY_FCONTEXTS_H]; >> +} >> + >> +static inline >> dbase_config_t * semanage_seuser_dbase_policy(semanage_handle_t >> * handle) >> { >> return &handle->dbase[DBASE_POLICY_SEUSERS]; ^ permalink raw reply [flat|nested] 21+ messages in thread
* [PATCH 1/3] libsemanage: Keep copy of file_contexts.homedirs in policy store 2017-10-04 14:54 ` Vit Mojzis @ 2017-10-04 15:36 ` Vit Mojzis 2017-10-04 15:36 ` [PATCH 2/3] libsemanage: Add support for listing fcontext.homedirs file Vit Mojzis 2017-10-04 15:36 ` [PATCH 3/3] python/semanage: Enable listing file_contexts.homedirs Vit Mojzis 0 siblings, 2 replies; 21+ messages in thread From: Vit Mojzis @ 2017-10-04 15:36 UTC (permalink / raw) To: selinux This will allow listing the correct file_contexts.homedirs using libsemanage regardless of selected policy store. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813 Signed-off-by: Vit Mojzis <vmojzis@redhat.com> --- libsemanage/src/direct_api.c | 19 ++++++++++++++----- libsemanage/src/genhomedircon.c | 4 ++-- libsemanage/src/semanage_store.c | 1 + libsemanage/src/semanage_store.h | 1 + 4 files changed, 18 insertions(+), 7 deletions(-) diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c index 65842df..971a08f 100644 --- a/libsemanage/src/direct_api.c +++ b/libsemanage/src/direct_api.c @@ -1577,11 +1577,20 @@ rebuild: /* run genhomedircon if its enabled, this should be the last operation * which requires the out policydb */ if (!sh->conf->disable_genhomedircon) { - if (out && (retval = - semanage_genhomedircon(sh, out, sh->conf->usepasswd, sh->conf->ignoredirs)) != 0) { - ERR(sh, "semanage_genhomedircon returned error code %d.", - retval); - goto cleanup; + if (out){ + if ((retval = semanage_genhomedircon(sh, out, sh->conf->usepasswd, + sh->conf->ignoredirs)) != 0) { + ERR(sh, "semanage_genhomedircon returned error code %d.", retval); + goto cleanup; + } + /* file_contexts.homedirs was created in SEMANAGE_TMP store */ + retval = semanage_copy_file( + semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_HOMEDIRS), + semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC_HOMEDIRS), + sh->conf->file_mode); + if (retval < 0) { + goto cleanup; + } } } else { WARN(sh, "WARNING: genhomedircon is disabled. \ diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c index b9a74b7..27a269e 100644 --- a/libsemanage/src/genhomedircon.c +++ b/libsemanage/src/genhomedircon.c @@ -1345,8 +1345,8 @@ int semanage_genhomedircon(semanage_handle_t * sh, s.homedir_template_path = semanage_path(SEMANAGE_TMP, SEMANAGE_HOMEDIR_TMPL); - s.fcfilepath = semanage_final_path(SEMANAGE_FINAL_TMP, - SEMANAGE_FC_HOMEDIRS); + s.fcfilepath = + semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_HOMEDIRS); s.fallback = calloc(1, sizeof(genhomedircon_user_entry_t)); if (s.fallback == NULL) { diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c index 6158d08..63c80b0 100644 --- a/libsemanage/src/semanage_store.c +++ b/libsemanage/src/semanage_store.c @@ -116,6 +116,7 @@ static const char *semanage_sandbox_paths[SEMANAGE_STORE_NUM_PATHS] = { "/modules/disabled", "/policy.kern", "/file_contexts.local", + "/file_contexts.homedirs", "/file_contexts", "/seusers" }; diff --git a/libsemanage/src/semanage_store.h b/libsemanage/src/semanage_store.h index fcaa505..34bf852 100644 --- a/libsemanage/src/semanage_store.h +++ b/libsemanage/src/semanage_store.h @@ -61,6 +61,7 @@ enum semanage_sandbox_defs { SEMANAGE_MODULES_DISABLED, SEMANAGE_STORE_KERNEL, SEMANAGE_STORE_FC_LOCAL, + SEMANAGE_STORE_FC_HOMEDIRS, SEMANAGE_STORE_FC, SEMANAGE_STORE_SEUSERS, SEMANAGE_STORE_NUM_PATHS -- 2.9.4 ^ permalink raw reply related [flat|nested] 21+ messages in thread
* [PATCH 2/3] libsemanage: Add support for listing fcontext.homedirs file 2017-10-04 15:36 ` [PATCH 1/3] libsemanage: Keep copy of file_contexts.homedirs in policy store Vit Mojzis @ 2017-10-04 15:36 ` Vit Mojzis 2017-10-04 15:36 ` [PATCH 3/3] python/semanage: Enable listing file_contexts.homedirs Vit Mojzis 1 sibling, 0 replies; 21+ messages in thread From: Vit Mojzis @ 2017-10-04 15:36 UTC (permalink / raw) To: selinux Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813 Signed-off-by: Vit Mojzis <vmojzis@redhat.com> --- libsemanage/include/semanage/fcontexts_policy.h | 4 ++++ libsemanage/src/direct_api.c | 7 +++++++ libsemanage/src/fcontexts_policy.c | 8 ++++++++ libsemanage/src/handle.h | 19 +++++++++++++------ 4 files changed, 32 insertions(+), 6 deletions(-) diff --git a/libsemanage/include/semanage/fcontexts_policy.h b/libsemanage/include/semanage/fcontexts_policy.h index a50db2b..199a1e1 100644 --- a/libsemanage/include/semanage/fcontexts_policy.h +++ b/libsemanage/include/semanage/fcontexts_policy.h @@ -26,4 +26,8 @@ extern int semanage_fcontext_list(semanage_handle_t * handle, semanage_fcontext_t *** records, unsigned int *count); +extern int semanage_fcontext_list_homedirs(semanage_handle_t * handle, + semanage_fcontext_t *** records, + unsigned int *count); + #endif diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c index 971a08f..00ad820 100644 --- a/libsemanage/src/direct_api.c +++ b/libsemanage/src/direct_api.c @@ -210,6 +210,12 @@ int semanage_direct_connect(semanage_handle_t * sh) semanage_fcontext_dbase_local(sh)) < 0) goto err; + if (fcontext_file_dbase_init(sh, + semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_FC_HOMEDIRS), + semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_HOMEDIRS), + semanage_fcontext_dbase_homedirs(sh)) < 0) + goto err; + if (seuser_file_dbase_init(sh, semanage_path(SEMANAGE_ACTIVE, SEMANAGE_SEUSERS_LOCAL), @@ -349,6 +355,7 @@ static int semanage_direct_disconnect(semanage_handle_t * sh) iface_file_dbase_release(semanage_iface_dbase_local(sh)); bool_file_dbase_release(semanage_bool_dbase_local(sh)); fcontext_file_dbase_release(semanage_fcontext_dbase_local(sh)); + fcontext_file_dbase_release(semanage_fcontext_dbase_homedirs(sh)); seuser_file_dbase_release(semanage_seuser_dbase_local(sh)); node_file_dbase_release(semanage_node_dbase_local(sh)); diff --git a/libsemanage/src/fcontexts_policy.c b/libsemanage/src/fcontexts_policy.c index 0b063b1..98490ab 100644 --- a/libsemanage/src/fcontexts_policy.c +++ b/libsemanage/src/fcontexts_policy.c @@ -51,3 +51,11 @@ int semanage_fcontext_list(semanage_handle_t * handle, dbase_config_t *dconfig = semanage_fcontext_dbase_policy(handle); return dbase_list(handle, dconfig, records, count); } + +int semanage_fcontext_list_homedirs(semanage_handle_t * handle, + semanage_fcontext_t *** records, unsigned int *count) +{ + + dbase_config_t *dconfig = semanage_fcontext_dbase_homedirs(handle); + return dbase_list(handle, dconfig, records, count); +} diff --git a/libsemanage/src/handle.h b/libsemanage/src/handle.h index 889871d..1780ac8 100644 --- a/libsemanage/src/handle.h +++ b/libsemanage/src/handle.h @@ -79,7 +79,7 @@ struct semanage_handle { struct semanage_policy_table *funcs; /* Object databases */ -#define DBASE_COUNT 23 +#define DBASE_COUNT 24 /* Local modifications */ #define DBASE_LOCAL_USERS_BASE 0 @@ -102,13 +102,14 @@ struct semanage_handle { #define DBASE_POLICY_INTERFACES 15 #define DBASE_POLICY_BOOLEANS 16 #define DBASE_POLICY_FCONTEXTS 17 -#define DBASE_POLICY_SEUSERS 18 -#define DBASE_POLICY_NODES 19 -#define DBASE_POLICY_IBPKEYS 20 -#define DBASE_POLICY_IBENDPORTS 21 +#define DBASE_POLICY_FCONTEXTS_H 18 +#define DBASE_POLICY_SEUSERS 19 +#define DBASE_POLICY_NODES 20 +#define DBASE_POLICY_IBPKEYS 21 +#define DBASE_POLICY_IBENDPORTS 22 /* Active kernel policy */ -#define DBASE_ACTIVE_BOOLEANS 22 +#define DBASE_ACTIVE_BOOLEANS 23 dbase_config_t dbase[DBASE_COUNT]; }; @@ -236,6 +237,12 @@ static inline } static inline + dbase_config_t * semanage_fcontext_dbase_homedirs(semanage_handle_t * handle) +{ + return &handle->dbase[DBASE_POLICY_FCONTEXTS_H]; +} + +static inline dbase_config_t * semanage_seuser_dbase_policy(semanage_handle_t * handle) { return &handle->dbase[DBASE_POLICY_SEUSERS]; -- 2.9.4 ^ permalink raw reply related [flat|nested] 21+ messages in thread
* [PATCH 3/3] python/semanage: Enable listing file_contexts.homedirs 2017-10-04 15:36 ` [PATCH 1/3] libsemanage: Keep copy of file_contexts.homedirs in policy store Vit Mojzis 2017-10-04 15:36 ` [PATCH 2/3] libsemanage: Add support for listing fcontext.homedirs file Vit Mojzis @ 2017-10-04 15:36 ` Vit Mojzis 2017-10-04 20:24 ` Stephen Smalley 2017-10-06 15:32 ` Stephen Smalley 1 sibling, 2 replies; 21+ messages in thread From: Vit Mojzis @ 2017-10-04 15:36 UTC (permalink / raw) To: selinux Include entries from file_contexts.homedirs when listing file contexts via "semanage fcontext -l" "semanage fcontext -l" so far ignored content of file_contexts.homedirs file, which is confusing for users (more specific rules may be ignored in favor of rules unseen to the user since file_contexts.homedirs has higher priority than file_contexts). Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813 Signed-off-by: Vit Mojzis <vmojzis@redhat.com> --- python/semanage/seobject.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py index 70fd192..1385315 100644 --- a/python/semanage/seobject.py +++ b/python/semanage/seobject.py @@ -2566,10 +2566,15 @@ class fcontextRecords(semanageRecords): if rc < 0: raise ValueError(_("Could not list file contexts")) + (rc, fchomedirs) = semanage_fcontext_list_homedirs(self.sh) + if rc < 0: + raise ValueError(_("Could not list file contexts for home directories")) + (rc, fclocal) = semanage_fcontext_list_local(self.sh) if rc < 0: raise ValueError(_("Could not list local file contexts")) + self.flist += fchomedirs self.flist += fclocal ddict = {} -- 2.9.4 ^ permalink raw reply related [flat|nested] 21+ messages in thread
* Re: [PATCH 3/3] python/semanage: Enable listing file_contexts.homedirs 2017-10-04 15:36 ` [PATCH 3/3] python/semanage: Enable listing file_contexts.homedirs Vit Mojzis @ 2017-10-04 20:24 ` Stephen Smalley 2017-10-06 15:32 ` Stephen Smalley 1 sibling, 0 replies; 21+ messages in thread From: Stephen Smalley @ 2017-10-04 20:24 UTC (permalink / raw) To: Vit Mojzis, selinux On Wed, 2017-10-04 at 17:36 +0200, Vit Mojzis wrote: > Include entries from file_contexts.homedirs when listing file > contexts > via "semanage fcontext -l" > > "semanage fcontext -l" so far ignored content of > file_contexts.homedirs > file, which is confusing for users (more specific rules may be > ignored in > favor of rules unseen to the user since file_contexts.homedirs has > higher priority than file_contexts). > > Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813 > > Signed-off-by: Vit Mojzis <vmojzis@redhat.com> For all three patches: Reviewed-by: Stephen Smalley <sds@tycho.nsa.gov> Queued for merging in a couple of days. > --- > python/semanage/seobject.py | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/python/semanage/seobject.py > b/python/semanage/seobject.py > index 70fd192..1385315 100644 > --- a/python/semanage/seobject.py > +++ b/python/semanage/seobject.py > @@ -2566,10 +2566,15 @@ class fcontextRecords(semanageRecords): > if rc < 0: > raise ValueError(_("Could not list file contexts")) > > + (rc, fchomedirs) = > semanage_fcontext_list_homedirs(self.sh) > + if rc < 0: > + raise ValueError(_("Could not list file contexts for > home directories")) > + > (rc, fclocal) = semanage_fcontext_list_local(self.sh) > if rc < 0: > raise ValueError(_("Could not list local file > contexts")) > > + self.flist += fchomedirs > self.flist += fclocal > > ddict = {} ^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [PATCH 3/3] python/semanage: Enable listing file_contexts.homedirs 2017-10-04 15:36 ` [PATCH 3/3] python/semanage: Enable listing file_contexts.homedirs Vit Mojzis 2017-10-04 20:24 ` Stephen Smalley @ 2017-10-06 15:32 ` Stephen Smalley 1 sibling, 0 replies; 21+ messages in thread From: Stephen Smalley @ 2017-10-06 15:32 UTC (permalink / raw) To: Vit Mojzis, selinux On Wed, 2017-10-04 at 17:36 +0200, Vit Mojzis wrote: > Include entries from file_contexts.homedirs when listing file > contexts > via "semanage fcontext -l" > > "semanage fcontext -l" so far ignored content of > file_contexts.homedirs > file, which is confusing for users (more specific rules may be > ignored in > favor of rules unseen to the user since file_contexts.homedirs has > higher priority than file_contexts). > > Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813 > > Signed-off-by: Vit Mojzis <vmojzis@redhat.com> Thanks, merged all three patches. > --- > python/semanage/seobject.py | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/python/semanage/seobject.py > b/python/semanage/seobject.py > index 70fd192..1385315 100644 > --- a/python/semanage/seobject.py > +++ b/python/semanage/seobject.py > @@ -2566,10 +2566,15 @@ class fcontextRecords(semanageRecords): > if rc < 0: > raise ValueError(_("Could not list file contexts")) > > + (rc, fchomedirs) = > semanage_fcontext_list_homedirs(self.sh) > + if rc < 0: > + raise ValueError(_("Could not list file contexts for > home directories")) > + > (rc, fclocal) = semanage_fcontext_list_local(self.sh) > if rc < 0: > raise ValueError(_("Could not list local file > contexts")) > > + self.flist += fchomedirs > self.flist += fclocal > > ddict = {} ^ permalink raw reply [flat|nested] 21+ messages in thread
* [PATCH 3/3] python/semanage: Enable listing file_contexts.homedirs 2017-10-01 18:01 ` [PATCH 1/3] libsemanage: Keep copy of file_contexts.homedirs in policy store Vit Mojzis 2017-10-01 18:01 ` [PATCH 2/3] libsemanage: Add support for listing fcontext.homedirs file Vit Mojzis @ 2017-10-01 18:01 ` Vit Mojzis 1 sibling, 0 replies; 21+ messages in thread From: Vit Mojzis @ 2017-10-01 18:01 UTC (permalink / raw) To: selinux Include entries from file_contexts.homedirs when listing file contexts via "semanage fcontext -l" "semanage fcontext -l" so far ignored content of file_contexts.homedirs file, which is confusing for users (more specific rules may be ignored in favor of rules unseen to the user since file_contexts.homedirs has higher priority than file_contexts). Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813 --- python/semanage/seobject.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py index 70fd192..1385315 100644 --- a/python/semanage/seobject.py +++ b/python/semanage/seobject.py @@ -2566,10 +2566,15 @@ class fcontextRecords(semanageRecords): if rc < 0: raise ValueError(_("Could not list file contexts")) + (rc, fchomedirs) = semanage_fcontext_list_homedirs(self.sh) + if rc < 0: + raise ValueError(_("Could not list file contexts for home directories")) + (rc, fclocal) = semanage_fcontext_list_local(self.sh) if rc < 0: raise ValueError(_("Could not list local file contexts")) + self.flist += fchomedirs self.flist += fclocal ddict = {} -- 2.9.4 ^ permalink raw reply related [flat|nested] 21+ messages in thread
* [PATCH 2/2] python/semanage: Enable listing fcontexts.homedirs 2017-09-27 8:16 Enable listing fcontexts.homedirs Vit Mojzis 2017-09-27 8:16 ` [PATCH 1/2] libsemanage: Add support for listing fcontext.homedirs file Vit Mojzis @ 2017-09-27 8:16 ` Vit Mojzis 2017-09-27 17:42 ` Stephen Smalley 1 sibling, 1 reply; 21+ messages in thread From: Vit Mojzis @ 2017-09-27 8:16 UTC (permalink / raw) To: selinux Include entries from fcontexts.homedirs when listing file contexts via "semanage fcontext -l" Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813 --- python/semanage/seobject.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py index 70fd192..cf64e25 100644 --- a/python/semanage/seobject.py +++ b/python/semanage/seobject.py @@ -2566,10 +2566,15 @@ class fcontextRecords(semanageRecords): if rc < 0: raise ValueError(_("Could not list file contexts")) + (rc, fchomedirs) = semanage_fcontext_list_homedirs(self.sh) + if rc < 0: + raise ValueError(_("Could not list local file contexts")) + (rc, fclocal) = semanage_fcontext_list_local(self.sh) if rc < 0: raise ValueError(_("Could not list local file contexts")) + self.flist += fchomedirs self.flist += fclocal ddict = {} -- 2.9.4 ^ permalink raw reply related [flat|nested] 21+ messages in thread
* Re: [PATCH 2/2] python/semanage: Enable listing fcontexts.homedirs 2017-09-27 8:16 ` [PATCH 2/2] python/semanage: Enable listing fcontexts.homedirs Vit Mojzis @ 2017-09-27 17:42 ` Stephen Smalley 0 siblings, 0 replies; 21+ messages in thread From: Stephen Smalley @ 2017-09-27 17:42 UTC (permalink / raw) To: Vit Mojzis, selinux On Wed, 2017-09-27 at 10:16 +0200, Vit Mojzis wrote: > Include entries from fcontexts.homedirs when listing file contexts > via "semanage fcontext -l" > > Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813 > --- > python/semanage/seobject.py | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/python/semanage/seobject.py > b/python/semanage/seobject.py > index 70fd192..cf64e25 100644 > --- a/python/semanage/seobject.py > +++ b/python/semanage/seobject.py > @@ -2566,10 +2566,15 @@ class fcontextRecords(semanageRecords): > if rc < 0: > raise ValueError(_("Could not list file contexts")) > > + (rc, fchomedirs) = > semanage_fcontext_list_homedirs(self.sh) > + if rc < 0: > + raise ValueError(_("Could not list local file > contexts")) > + The error message needs to match the actual failure (local vs homedirs). > (rc, fclocal) = semanage_fcontext_list_local(self.sh) > if rc < 0: > raise ValueError(_("Could not list local file > contexts")) > > + self.flist += fchomedirs > self.flist += fclocal > > ddict = {} ^ permalink raw reply [flat|nested] 21+ messages in thread
end of thread, other threads:[~2017-10-06 15:32 UTC | newest] Thread overview: 21+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2017-09-27 8:16 Enable listing fcontexts.homedirs Vit Mojzis 2017-09-27 8:16 ` [PATCH 1/2] libsemanage: Add support for listing fcontext.homedirs file Vit Mojzis 2017-09-27 17:04 ` William Roberts 2017-10-01 15:43 ` Vit Mojzis 2017-10-01 18:15 ` William Roberts 2017-09-27 17:42 ` Stephen Smalley 2017-09-27 18:17 ` Stephen Smalley 2017-10-01 18:01 ` [PATCH 1/3] libsemanage: Keep copy of file_contexts.homedirs in policy store Vit Mojzis 2017-10-01 18:01 ` [PATCH 2/3] libsemanage: Add support for listing fcontext.homedirs file Vit Mojzis 2017-10-02 19:07 ` Stephen Smalley 2017-10-03 9:57 ` [PATCH] " Vit Mojzis 2017-10-04 14:07 ` Stephen Smalley 2017-10-04 14:54 ` Vit Mojzis 2017-10-04 15:36 ` [PATCH 1/3] libsemanage: Keep copy of file_contexts.homedirs in policy store Vit Mojzis 2017-10-04 15:36 ` [PATCH 2/3] libsemanage: Add support for listing fcontext.homedirs file Vit Mojzis 2017-10-04 15:36 ` [PATCH 3/3] python/semanage: Enable listing file_contexts.homedirs Vit Mojzis 2017-10-04 20:24 ` Stephen Smalley 2017-10-06 15:32 ` Stephen Smalley 2017-10-01 18:01 ` Vit Mojzis 2017-09-27 8:16 ` [PATCH 2/2] python/semanage: Enable listing fcontexts.homedirs Vit Mojzis 2017-09-27 17:42 ` Stephen Smalley
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.