selinux.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] libselinux: fix selinux_restorecon() statfs bug
@ 2020-06-04 20:08 Stephen Smalley
  2020-06-04 20:51 ` Jonathan Lebon
  2020-06-10 15:56 ` Stephen Smalley
  0 siblings, 2 replies; 5+ messages in thread
From: Stephen Smalley @ 2020-06-04 20:08 UTC (permalink / raw)
  To: selinux; +Cc: Stephen Smalley

As reported in https://github.com/SELinuxProject/selinux/issues/248,
setfiles -r (rootpath) fails when the alternate root contains a symlink
that is correct relative to the alternate root but not in the current root.
This is a regression introduced by commit e016502c0a26 ("libselinux: Save
digest of all partial matches for directory").  Do not call statfs(2) here
if acting on a symbolic link.  Unfortunately there is no lstatfs() call.
Ensure that we initialize the statfs buffer always.  If the supplied
file is a symlink, then we don't need to worry about the later tests of
filesystem type because we wouldn't be setting the digest anyway and
we are not performing a full sysfs relabel.  While here, fix the earlier
test for a directory to use the correct test.

Reproducer:
$ mkdir /root/my-chroot && echo foo > /root/my-chroot/link-target && ln -s /link-target /root/my-chroot/symlink
$ echo "/root/my-chroot/symlink" | setfiles -vFi -r /root/my-chroot -f - /etc/selinux/targeted/contexts/files/file_contexts

Before:
setfiles: statfs(/root/my-chroot/symlink) failed: No such file or directory

After:
Relabeled /root/my-chroot/symlink from unconfined_u:object_r:admin_home_t:s0 to system_u:object_r:default_t:s0

Fixes: https://github.com/SELinuxProject/selinux/issues/248
Fixes: e016502c0a26 ("libselinux: Save digest of all partial matches for directory")
Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
---
 libselinux/src/selinux_restorecon.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c
index 91dfeb66..d1ce830c 100644
--- a/libselinux/src/selinux_restorecon.c
+++ b/libselinux/src/selinux_restorecon.c
@@ -938,7 +938,7 @@ int selinux_restorecon(const char *pathname_orig,
 	}
 
 	/* Skip digest if not a directory */
-	if ((sb.st_mode & S_IFDIR) != S_IFDIR)
+	if (!S_ISDIR(sb.st_mode))
 		setrestorecondigest = false;
 
 	if (!flags.recurse) {
@@ -952,7 +952,8 @@ int selinux_restorecon(const char *pathname_orig,
 	}
 
 	/* Obtain fs type */
-	if (statfs(pathname, &sfsb) < 0) {
+	memset(&sfsb, 0, sizeof sfsb);
+	if (!S_ISLNK(sb.st_mode) && statfs(pathname, &sfsb) < 0) {
 		selinux_log(SELINUX_ERROR,
 			    "statfs(%s) failed: %s\n",
 			    pathname, strerror(errno));
-- 
2.23.3


^ permalink raw reply related	[flat|nested] 5+ messages in thread
* Re: [PATCH] libselinux: fix selinux_restorecon() statfs bug
  2020-06-04 20:08 [PATCH] libselinux: fix selinux_restorecon() statfs bug Stephen Smalley
@ 2020-06-04 20:51 ` Jonathan Lebon
  2020-06-10 15:56 ` Stephen Smalley
  1 sibling, 0 replies; 5+ messages in thread
From: Jonathan Lebon @ 2020-06-04 20:51 UTC (permalink / raw)
  To: Stephen Smalley; +Cc: SElinux list

Patch looks good to me, and I can confirm that it fixes the reported
problem upstream.

Tested-by: Jonathan Lebon <jlebon@redhat.com>


^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] libselinux: fix selinux_restorecon() statfs bug
  2020-06-04 20:08 [PATCH] libselinux: fix selinux_restorecon() statfs bug Stephen Smalley
  2020-06-04 20:51 ` Jonathan Lebon
@ 2020-06-10 15:56 ` Stephen Smalley
  2020-06-10 16:19   ` Petr Lautrbach
  1 sibling, 1 reply; 5+ messages in thread
From: Stephen Smalley @ 2020-06-10 15:56 UTC (permalink / raw)
  To: SElinux list

On Thu, Jun 4, 2020 at 4:08 PM Stephen Smalley
<stephen.smalley.work@gmail.com> wrote:
>
> As reported in https://github.com/SELinuxProject/selinux/issues/248,
> setfiles -r (rootpath) fails when the alternate root contains a symlink
> that is correct relative to the alternate root but not in the current root.
> This is a regression introduced by commit e016502c0a26 ("libselinux: Save
> digest of all partial matches for directory").  Do not call statfs(2) here
> if acting on a symbolic link.  Unfortunately there is no lstatfs() call.
> Ensure that we initialize the statfs buffer always.  If the supplied
> file is a symlink, then we don't need to worry about the later tests of
> filesystem type because we wouldn't be setting the digest anyway and
> we are not performing a full sysfs relabel.  While here, fix the earlier
> test for a directory to use the correct test.
>
> Reproducer:
> $ mkdir /root/my-chroot && echo foo > /root/my-chroot/link-target && ln -s /link-target /root/my-chroot/symlink
> $ echo "/root/my-chroot/symlink" | setfiles -vFi -r /root/my-chroot -f - /etc/selinux/targeted/contexts/files/file_contexts
>
> Before:
> setfiles: statfs(/root/my-chroot/symlink) failed: No such file or directory
>
> After:
> Relabeled /root/my-chroot/symlink from unconfined_u:object_r:admin_home_t:s0 to system_u:object_r:default_t:s0
>
> Fixes: https://github.com/SELinuxProject/selinux/issues/248
> Fixes: e016502c0a26 ("libselinux: Save digest of all partial matches for directory")
> Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>

Anyone want to ack or object to this patch?

> ---
>  libselinux/src/selinux_restorecon.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c
> index 91dfeb66..d1ce830c 100644
> --- a/libselinux/src/selinux_restorecon.c
> +++ b/libselinux/src/selinux_restorecon.c
> @@ -938,7 +938,7 @@ int selinux_restorecon(const char *pathname_orig,
>         }
>
>         /* Skip digest if not a directory */
> -       if ((sb.st_mode & S_IFDIR) != S_IFDIR)
> +       if (!S_ISDIR(sb.st_mode))
>                 setrestorecondigest = false;
>
>         if (!flags.recurse) {
> @@ -952,7 +952,8 @@ int selinux_restorecon(const char *pathname_orig,
>         }
>
>         /* Obtain fs type */
> -       if (statfs(pathname, &sfsb) < 0) {
> +       memset(&sfsb, 0, sizeof sfsb);
> +       if (!S_ISLNK(sb.st_mode) && statfs(pathname, &sfsb) < 0) {
>                 selinux_log(SELINUX_ERROR,
>                             "statfs(%s) failed: %s\n",
>                             pathname, strerror(errno));
> --
> 2.23.3
>

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] libselinux: fix selinux_restorecon() statfs bug
  2020-06-10 15:56 ` Stephen Smalley
@ 2020-06-10 16:19   ` Petr Lautrbach
  2020-06-18 19:34     ` Petr Lautrbach
  0 siblings, 1 reply; 5+ messages in thread
From: Petr Lautrbach @ 2020-06-10 16:19 UTC (permalink / raw)
  To: SElinux list; +Cc: Stephen Smalley

[-- Attachment #1: Type: text/plain, Size: 2979 bytes --]

On Wed, Jun 10, 2020 at 11:56:28AM -0400, Stephen Smalley wrote:
> On Thu, Jun 4, 2020 at 4:08 PM Stephen Smalley
> <stephen.smalley.work@gmail.com> wrote:
> >
> > As reported in https://github.com/SELinuxProject/selinux/issues/248,
> > setfiles -r (rootpath) fails when the alternate root contains a symlink
> > that is correct relative to the alternate root but not in the current root.
> > This is a regression introduced by commit e016502c0a26 ("libselinux: Save
> > digest of all partial matches for directory").  Do not call statfs(2) here
> > if acting on a symbolic link.  Unfortunately there is no lstatfs() call.
> > Ensure that we initialize the statfs buffer always.  If the supplied
> > file is a symlink, then we don't need to worry about the later tests of
> > filesystem type because we wouldn't be setting the digest anyway and
> > we are not performing a full sysfs relabel.  While here, fix the earlier
> > test for a directory to use the correct test.
> >
> > Reproducer:
> > $ mkdir /root/my-chroot && echo foo > /root/my-chroot/link-target && ln -s /link-target /root/my-chroot/symlink
> > $ echo "/root/my-chroot/symlink" | setfiles -vFi -r /root/my-chroot -f - /etc/selinux/targeted/contexts/files/file_contexts
> >
> > Before:
> > setfiles: statfs(/root/my-chroot/symlink) failed: No such file or directory
> >
> > After:
> > Relabeled /root/my-chroot/symlink from unconfined_u:object_r:admin_home_t:s0 to system_u:object_r:default_t:s0
> >
> > Fixes: https://github.com/SELinuxProject/selinux/issues/248
> > Fixes: e016502c0a26 ("libselinux: Save digest of all partial matches for directory")
> > Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
> 
> Anyone want to ack or object to this patch?

Acked-by: Petr Lautrbach <plautrba@redhat.com>

> > ---
> >  libselinux/src/selinux_restorecon.c | 5 +++--
> >  1 file changed, 3 insertions(+), 2 deletions(-)
> >
> > diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c
> > index 91dfeb66..d1ce830c 100644
> > --- a/libselinux/src/selinux_restorecon.c
> > +++ b/libselinux/src/selinux_restorecon.c
> > @@ -938,7 +938,7 @@ int selinux_restorecon(const char *pathname_orig,
> >         }
> >
> >         /* Skip digest if not a directory */
> > -       if ((sb.st_mode & S_IFDIR) != S_IFDIR)
> > +       if (!S_ISDIR(sb.st_mode))
> >                 setrestorecondigest = false;
> >
> >         if (!flags.recurse) {
> > @@ -952,7 +952,8 @@ int selinux_restorecon(const char *pathname_orig,
> >         }
> >
> >         /* Obtain fs type */
> > -       if (statfs(pathname, &sfsb) < 0) {
> > +       memset(&sfsb, 0, sizeof sfsb);
> > +       if (!S_ISLNK(sb.st_mode) && statfs(pathname, &sfsb) < 0) {
> >                 selinux_log(SELINUX_ERROR,
> >                             "statfs(%s) failed: %s\n",
> >                             pathname, strerror(errno));
> > --
> > 2.23.3
> >
> 

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] libselinux: fix selinux_restorecon() statfs bug
  2020-06-10 16:19   ` Petr Lautrbach
@ 2020-06-18 19:34     ` Petr Lautrbach
  0 siblings, 0 replies; 5+ messages in thread
From: Petr Lautrbach @ 2020-06-18 19:34 UTC (permalink / raw)
  To: SElinux list; +Cc: Stephen Smalley

[-- Attachment #1: Type: text/plain, Size: 3188 bytes --]

On Wed, Jun 10, 2020 at 06:19:22PM +0200, Petr Lautrbach wrote:
> On Wed, Jun 10, 2020 at 11:56:28AM -0400, Stephen Smalley wrote:
> > On Thu, Jun 4, 2020 at 4:08 PM Stephen Smalley
> > <stephen.smalley.work@gmail.com> wrote:
> > >
> > > As reported in https://github.com/SELinuxProject/selinux/issues/248,
> > > setfiles -r (rootpath) fails when the alternate root contains a symlink
> > > that is correct relative to the alternate root but not in the current root.
> > > This is a regression introduced by commit e016502c0a26 ("libselinux: Save
> > > digest of all partial matches for directory").  Do not call statfs(2) here
> > > if acting on a symbolic link.  Unfortunately there is no lstatfs() call.
> > > Ensure that we initialize the statfs buffer always.  If the supplied
> > > file is a symlink, then we don't need to worry about the later tests of
> > > filesystem type because we wouldn't be setting the digest anyway and
> > > we are not performing a full sysfs relabel.  While here, fix the earlier
> > > test for a directory to use the correct test.
> > >
> > > Reproducer:
> > > $ mkdir /root/my-chroot && echo foo > /root/my-chroot/link-target && ln -s /link-target /root/my-chroot/symlink
> > > $ echo "/root/my-chroot/symlink" | setfiles -vFi -r /root/my-chroot -f - /etc/selinux/targeted/contexts/files/file_contexts
> > >
> > > Before:
> > > setfiles: statfs(/root/my-chroot/symlink) failed: No such file or directory
> > >
> > > After:
> > > Relabeled /root/my-chroot/symlink from unconfined_u:object_r:admin_home_t:s0 to system_u:object_r:default_t:s0
> > >
> > > Fixes: https://github.com/SELinuxProject/selinux/issues/248
> > > Fixes: e016502c0a26 ("libselinux: Save digest of all partial matches for directory")
> > > Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
> > 
> > Anyone want to ack or object to this patch?
> 
> Acked-by: Petr Lautrbach <plautrba@redhat.com>

Applied.

> > > ---
> > >  libselinux/src/selinux_restorecon.c | 5 +++--
> > >  1 file changed, 3 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c
> > > index 91dfeb66..d1ce830c 100644
> > > --- a/libselinux/src/selinux_restorecon.c
> > > +++ b/libselinux/src/selinux_restorecon.c
> > > @@ -938,7 +938,7 @@ int selinux_restorecon(const char *pathname_orig,
> > >         }
> > >
> > >         /* Skip digest if not a directory */
> > > -       if ((sb.st_mode & S_IFDIR) != S_IFDIR)
> > > +       if (!S_ISDIR(sb.st_mode))
> > >                 setrestorecondigest = false;
> > >
> > >         if (!flags.recurse) {
> > > @@ -952,7 +952,8 @@ int selinux_restorecon(const char *pathname_orig,
> > >         }
> > >
> > >         /* Obtain fs type */
> > > -       if (statfs(pathname, &sfsb) < 0) {
> > > +       memset(&sfsb, 0, sizeof sfsb);
> > > +       if (!S_ISLNK(sb.st_mode) && statfs(pathname, &sfsb) < 0) {
> > >                 selinux_log(SELINUX_ERROR,
> > >                             "statfs(%s) failed: %s\n",
> > >                             pathname, strerror(errno));
> > > --
> > > 2.23.3
> > >
> > 



[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-06-18 19:34 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-06-04 20:08 [PATCH] libselinux: fix selinux_restorecon() statfs bug Stephen Smalley
2020-06-04 20:51 ` Jonathan Lebon
2020-06-10 15:56 ` Stephen Smalley
2020-06-10 16:19   ` Petr Lautrbach
2020-06-18 19:34     ` Petr Lautrbach

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).