From: Stephen Smalley <sds@tycho.nsa.gov>
To: Nicolas Iooss <nicolas.iooss@m4x.org>
Cc: selinux@vger.kernel.org
Subject: Re: [PATCH] libsemanage: set selinux policy root to match semanage root or storename
Date: Thu, 8 Nov 2018 09:20:55 -0500 [thread overview]
Message-ID: <a29de7d8-7efb-f8ce-1c29-01dd4c43bb73@tycho.nsa.gov> (raw)
In-Reply-To: <CAJfZ7=kYppH2JjSkpcgX1FXnaRtHB7c561hkgRZ0XOym_T7_Ww@mail.gmail.com>
On 11/7/18 3:45 PM, Nicolas Iooss wrote:
> On Tue, Nov 6, 2018 at 8:18 PM Stephen Smalley <sds@tycho.nsa.gov> wrote:
>>
>> As reported in #109, semodule -p /path/to/policyroot -s minimum -n -B
>> tries to use /etc/selinux/targeted/booleans.subs_dist. This is because
>> it invokes the libselinux selinux_boolean_sub() interface, which uses
>> the active/installed policy files rather than the libsemanage ones.
>>
>> To fix, we need to set the selinux policy root when either the semanage
>> root or the semanage storename is set. When setting the semanage root,
>> we need to prepend the semanage root to the selinux policy root. When
>> setting the semanage storename, we need to replace the last component
>> of the selinux policy root with the new storename.
>>
>> Test:
>> strace semodule -p ~/policy-root -s minimum -n -B
>>
>> Before:
>> openat(AT_FDCWD, "/etc/selinux/targeted/booleans.subs_dist", O_RDONLY|O_CLOEXEC) = 5
>>
>> After:
>> openat(AT_FDCWD, "/home/sds/policy-root/etc/selinux/minimum/booleans.subs_dist", O_RDONLY|O_CLOEXEC) = 5
>>
>> Fixes https://github.com/SELinuxProject/selinux/issues/109
>>
>> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
>> ---
>> libsemanage/src/handle.c | 29 ++++++++++++++++++++++++++++-
>> 1 file changed, 28 insertions(+), 1 deletion(-)
>>
>> diff --git a/libsemanage/src/handle.c b/libsemanage/src/handle.c
>> index a6567bd4..c163e553 100644
>> --- a/libsemanage/src/handle.c
>> +++ b/libsemanage/src/handle.c
>> @@ -43,8 +43,21 @@ static char *private_semanage_root = NULL;
>>
>> int semanage_set_root(const char *root)
>> {
>> + char *new_selinux_root = NULL;
>> +
>> + asprintf(&new_selinux_root, "%s%s", root, selinux_policy_root());
>> + if (!new_selinux_root)
>> + return -1;
>
> https://travis-ci.org/SELinuxProject/selinux/builds/451528669 failed
> because the return value of asprintf needs to be checked instead of
> new_selinux_root. http://man7.org/linux/man-pages/man3/asprintf.3.html
> states:
>
> If memory allocation wasn't possible, or some other error occurs,
> these functions will return -1, and the contents of strp are
> undefined.
>
> [...]
>
>> +
>> + char *newroot = NULL;
>> + asprintf(&newroot, "%s%s", root, storename);
>> + assert(newroot);
>
> Same here.
Unfortunately there are more fundamental problems with the patch as
well, e.g.
1) Mutating selinux_policy_root breaks the test of whether we are
installing to the active store in semanage_install_final_tmp(), which
will cause policy reloads to be triggered when performing an operation
on a different store, a different root, or both.
2) semanage_select_store() is supposed to only modify the per-handle
state. Changing selinux policy root is global state and would affect
any other handles.
3) Multiple semanage_set_root() calls would yield the wrong result.
4) An allocation failure for private_semanage_root would leave the
policy root modified.
Not sure of the best approach here. Could possibly just modify the
policy root around the selinux_boolean_sub() call and leave the rest
unchanged...
next prev parent reply other threads:[~2018-11-08 14:18 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-06 19:20 [PATCH] libsemanage: set selinux policy root to match semanage root or storename Stephen Smalley
2018-11-07 20:45 ` Nicolas Iooss
2018-11-08 14:20 ` Stephen Smalley [this message]
2018-11-19 13:52 ` Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a29de7d8-7efb-f8ce-1c29-01dd4c43bb73@tycho.nsa.gov \
--to=sds@tycho.nsa.gov \
--cc=nicolas.iooss@m4x.org \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).