From: Dominick Grift <dac.override@gmail.com>
To: selinux@vger.kernel.org
Cc: Dominick Grift <dac.override@gmail.com>
Subject: [RFC 1/3] libsemanage: fall back to valid "object_r" role instead of "user" prefix string
Date: Sat, 23 Nov 2019 15:42:43 +0100 [thread overview]
Message-ID: <20191123144245.3079306-2-dac.override@gmail.com> (raw)
In-Reply-To: <20191123144245.3079306-1-dac.override@gmail.com>
There are a few references to the "user" prefix that have to be changed to a valid role so that cil_resolve_userprefix can be made to validate the given role.
Fortunately object_r is alway's there. I do not like to hard-code identifiers but I see no other option.
Signed-off-by: Dominick Grift <dac.override@gmail.com>
---
libsemanage/src/genhomedircon.c | 2 +-
libsemanage/src/user_record.c | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c
index d08c88de..6a21223d 100644
--- a/libsemanage/src/genhomedircon.c
+++ b/libsemanage/src/genhomedircon.c
@@ -85,7 +85,7 @@
#define TEMPLATE_USERID "%{USERID}"
#define FALLBACK_SENAME "user_u"
-#define FALLBACK_PREFIX "user"
+#define FALLBACK_PREFIX "object_r"
#define FALLBACK_LEVEL "s0"
#define FALLBACK_NAME "[^/]+"
#define FALLBACK_UIDGID "[0-9]+"
diff --git a/libsemanage/src/user_record.c b/libsemanage/src/user_record.c
index 45239250..91228eb8 100644
--- a/libsemanage/src/user_record.c
+++ b/libsemanage/src/user_record.c
@@ -240,7 +240,7 @@ int semanage_user_create(semanage_handle_t * handle,
goto err;
/* Initialize the prefix for migration purposes */
- if (semanage_user_extra_set_prefix(handle, tmp_user->extra, "user") < 0)
+ if (semanage_user_extra_set_prefix(handle, tmp_user->extra, "object_r") < 0)
goto err;
*user_ptr = tmp_user;
@@ -349,7 +349,7 @@ hidden int semanage_user_join(semanage_handle_t * handle,
< 0)
goto err;
if (semanage_user_extra_set_prefix
- (handle, tmp_user->extra, "user") < 0)
+ (handle, tmp_user->extra, "object_r") < 0)
goto err;
}
--
2.24.0
next prev parent reply other threads:[~2019-11-23 14:42 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-23 14:42 [RFC 0/3] Second phase of UserPrefix to UserRBACSEPRole transition Dominick Grift
2019-11-23 14:42 ` Dominick Grift [this message]
2019-11-23 14:42 ` [RFC 2/3] semanage: do not default prefix to "user" Dominick Grift
2019-11-23 14:42 ` [RFC 3/3] cil: qualify roles from symtable when resolving userprefix Dominick Grift
2019-11-25 13:24 ` [RFC 0/3] Second phase of UserPrefix to UserRBACSEPRole transition Stephen Smalley
2019-11-25 13:50 ` Dominick Grift
2019-11-25 14:10 ` Dominick Grift
2019-11-26 18:27 ` Stephen Smalley
2019-11-27 11:22 ` Dominick Grift
2019-11-27 15:03 ` Stephen Smalley
2019-11-27 15:25 ` Dominick Grift
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191123144245.3079306-2-dac.override@gmail.com \
--to=dac.override@gmail.com \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.