[prev in list] [next in list] [prev in thread] [next in thread]
List: selinux-commits
Subject: [SELinux commit]SELinux userland upstream repository branch, master,
From: jbrindle () oss ! tresys ! com (jbrindle at oss ! tresys ! com)
Date: 2009-11-27 20:03:37
Message-ID: 200911272003.nARK3bLc010328 () oss ! tresys ! com
[Download RAW message or body]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "SELinux userland upstream repository".
The branch, master has been updated
via 32cf5d539b4b4852d9de966578eae3ad5560cd63 (commit)
via a69fb97edd244b94b2289ee3d0874f989b6ffe9c (commit)
via 48412c39302de7dfd1ba20d8bab042e6fa082c33 (commit)
via bf57d2349edec2cfe3d43eb71567a6b851bfc6cd (commit)
via a3ccf607a2137a2bdfd21b21502803d02a1ea530 (commit)
from 7b9904bef33264b16dd25e4c5d5018c8656d65f4 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 32cf5d539b4b4852d9de966578eae3ad5560cd63
Author: Joshua Brindle <method at manicmethod.com>
Date: Fri Nov 27 15:03:02 2009 -0500
bump checkpolicy to 2.0.21, libselinux to 2.0.90 and sepolgen to 1.0.19
commit a69fb97edd244b94b2289ee3d0874f989b6ffe9c
Author: Manoj Srivastava <srivasta at debian.org>
Date: Tue Oct 20 10:34:40 2009 -0500
exception.sh contains bashisms
Hi folks,
The script, src/exception.sh, contains so called bashisms
(constructs not supported by POSIX, but present as bash
extensions). This means when trying to build on systems where /bin/sh
is not bash, the build fails with an error. This patch uses bash to
run exception.sh. This bug affects a significant subset of Debian and
Debian derivative machines.
manoj
Signed-off-by: Manoj Srivastava <srivasta at debian.org>
Signed-off-by: Joshua Brindle <method at manicmethod.com>
commit 48412c39302de7dfd1ba20d8bab042e6fa082c33
Author: Joshua Brindle <method at manicmethod.com>
Date: Fri Nov 27 14:44:41 2009 -0500
Author: Guido Trentalancia
Email: guido at trentalancia.com
Subject: Contributed manual pages for libselinux
Date: Sat, 21 Nov 2009 20:51:17 +0100
Hello Eamon !
On Fri, 2009-11-20 at 21:42 -0500, Eamon Walsh wrote:
> Hi, thanks for doing this. Some quick review below.
You are welcome, I suppose it was a boring task for many...
Thanks very much for reviewing the changes. And please accept my
apologies for not placing "[PATCH]" in the subject of the original post.
I had just subscribed to the list.
I left you cc address intact here...
> There is too much in matchpathcon(3) now. It's going to need to be
> split up into different pages, perhaps the init/fini/teardown stuff in
> one page, the lookup calls in another, and the non-matchpathcon prefixed
> calls in a third page.
>
> Also, .so manpage links are needed for all the calls here.
Yes, matchpathcon is a mess. Following your guidelines, I have now
splitted the huge and messy page in several different man pages. It's
easier to consult and easier to maintain.
The first part (page) is strictly related to _init, its variant
_init_index, _fini, matchpathcon and its variant matchpathcon_index.
Nice and concise. References are provided in the "SEE ALSO" section to
the rest.
The second page describes the auxiliary lookup calls
(matchpathcon_checkmatches) and the inode associations functions
(matchpathcon_filespec_{add,destroy,eval}). The reference section points
to the main matchpathcon page.
A third page has been created for the functions that are used to set the
flags (set_matchpathcon_flags) or to configure the behaviour of the main
matchpathcon functions (set_matchpathcon_invalidcon and
set_matchpathcon_printf).
A fourth and fifth page is devoted to functions that should never had
ended up in matchpathcon (selinux_file_context_cmp and
selinux_file_context_verify in one page and selinux_lsetfilecon_default
in another one): we do not really need to save electrons needed for new
pages...
>
>
> > * print_access_vector
> >
>
> Looks good.
No modifications.
> > * security_disable
> >
>
> See the selinux.h comments for this. It needs to be documented that
> this function can only be called at startup time.
Ok. I have stressed that now and also mentioned that after the policy
has been loaded at startup, then only "setenforce" can be used to alter
(not disable) the mode of the SELinux kernel code (for example by
placing it into "permissive" mode).
> > * security_set_boolean_list
> >
>
> a RETURN VALUE section is needed in this page, documenting at least this
> call if not the others in that page.
I have now added a "RETURN VALUE" section.
Also, to avoid confusion, I have rephrased the word "returns" in
"provides" when not strictly referring the to the return value of the
function (take for example security_get_boolean_names(), strictly
speaking the function returns an integer representing 0=success or
-1=failure, although from a conceptual point of view it also returns a
list trough modification of one of its parameters passed by reference).
Usually when an application developer looks at the "RETURN VALUE"
section it is because he/she has already planned/coded the call to the
function (and thus also the handling to parameters passed by reference)
and only needs to check for the function exit status so that it can be
handled properly at the call point.
> > * selinux_check_passwd_access
> >
>
> This is a replacement for the inconsistently named "checkPasswdAccess"
> function. So, the existing description of checkPasswdAccess should be
> moved to this function, and checkPasswdAccess should be changed to "this
> is a deprecated alias for selinux_check_passwd_access".
Yes, I have now mentioned that checkPasswdAccess is deprecated. We are
referring to file security_compute_av.3 as the description of these two
functions lives there...
By the way, it has been pointed out that this function should not
hard-code a string. I also agree with him, there is a generic constant
for such "passwd" object class, it is defined in flask.h could be used
instead of the string, thus avoiding hard-coding and also allowing to
save a few cycles and be theoretically future-proof (if ever the name
would change, say to "password", "auth-token" or anything else).
libselinux/src/checkAccess.c.orig 2009-11-21 20:07:21.000000000
libselinux/src/checkAccess.c 2009-11-21 20:08:36.000000000
@@ -13,17 +13,12 @@ int selinux_check_passwd_access(access_v
if (is_selinux_enabled() == 0)
return 0;
if (getprevcon_raw(&user_context) == 0) {
- security_class_t passwd_class;
struct av_decision avd;
int retval;
- passwd_class = string_to_security_class("passwd");
- if (passwd_class == 0)
- return 0;
-
retval = security_compute_av_raw(user_context,
user_context,
- passwd_class,
+ SECCLASS_PASSWD,
requested,
&avd);
Note that the above code, should really live in the application and not
in the selinux library. It used to be like that, then for some reason it
has been introduced. Redhat's passwd and cronie are calling the library
function and thus at the moment they rely on it. But for example,
util-linux-ng has the code in it and does not call this function, as I
believe it should be. A very minor issue anyway...
> > * selinux_init_load_policy
> >
>
> A paragraph break is needed in the DESCRIPTION section before this function.
Done. I have also added a note to the already mentioned fact that after
initial policy load, SELinux cannot be anymore disabled using calls to
security_disable(3).
> > * selinux_lsetfilecon_default
> >
>
> See notes above about the matchpathcon manpage.
Yes, separate man page now.
> > * selinux_mkload_policy
> >
>
> Looks good.
No modifications.
> > * set_selinuxmnt
> >
>
> This manpage includes two static functions that are not part of the
> libselinux API (at least, not anymore) and should be removed.
>
> Also, I'm not comfortable with the description given. Instead, use the
> comments in selinux.h, which are more accurate and verbose.
>
Please let me know if things are any better now.
I did also provide on the same day a patch for beautifying and improving
the command-line option parsing of a few utilities (a ticket had been
created by somebody). That patch provides those improvement according to
GNU-style parsing of "help" and "version" options (including long-option
variants). I think it also fixes a couple of typos here and there. Feel
free to include that patch too if you like it, so that the ticket can be
closed ! I will attach it again in another separate message: it has been
slightly modified in order to apply cleanly to the latest git snapshot.
More important, I was also thinking about fingerprinting (and
subsequently checking) the libraries with some cryptographic hash
function such as the NIST-recommended SHA2. It is beginning to be done
for security-related projects like OpenSSL, so I believe it is even more
essential for SELinux. Ever thought about anything like that ?
Best regards,
Guido
Signed-off-By: Joshua Brindle <method at manicmethod.com>
commit bf57d2349edec2cfe3d43eb71567a6b851bfc6cd
Author: Guido Trentalancia <guido at trentalancia.com>
Date: Mon Nov 2 18:14:28 2009 +0100
Patch for Ticket #1 [1672486] (checkpolicy/checkmodule)
This patch is proposed to solve Ticket #1 [1672486] (command line
binaries should support --version and --help).
It adds handling of -h, -V and the long formats --help and --version to
all binaries (checkpolicy/checkmodule).
It also adds handling of long options for some of the available options.
Manual pages have also been updated accordingly (and a few undocumented
options have been documented).
Guido Trentalancia
Signed-off-by: Joshua Brindle <method at manicmethod.com>
commit a3ccf607a2137a2bdfd21b21502803d02a1ea530
Author: Stephen Smalley <sds at tycho.nsa.gov>
Date: Tue Sep 8 10:10:07 2009 -0400
policycoreutils: audit2allow -l doesn't work with dmesg pipe
On Mon, 2009-08-24 at 23:37 +1000, Russell Coker wrote:
> On Mon, 24 Aug 2009, Daniel J Walsh <dwalsh at redhat.com> wrote:
> > >>> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503252
> > >>
> > >> audit2allow -l is looking for the load_policy message which does not go
> > >> to the dmesg, /var/log/messages. Therefore the tool has no idea when
> > >> policy was last loaded.
> > >
> > > That would be a kernel bug then.
> >
> > Well I believe the messages that are intercepted by the audit.log do not go
> > into dmesg, by design. Although Steve, James or Eric could probably say for
> > sure.
>
> When auditd is not running on a Debian system with CentOS kernel
> 2.6.18-92.1.13.el5xen or Debian/Lenny kernel 2.6.26-2-xen-686 then nothing
> goes to the kernel message log which is interpreted by audit2allow as a
> candidate for the "-l" functionality.
>
> It's OK if all the AVC messages go to the audit log and "dmesg|audit2allow -l"
> gives no output. But if all AVC messages other than the load_policy message
> go to the kernel message log then it's a bug.
Originally audit2allow used the avc: allowed message generated by
auditallow statement for load_policy to identify policy reloads. Later
it was switched to use the MAC_POLICY_LOAD events generated by the audit
framework. Those events should still get logged via printk if auditd is
not running, but it appears that the code (audit_printk_skb) will then
log the type= field as an integer rather than a string, and
audit2allow/sepolgen only looks for the string MAC_POLICY_LOAD.
So I suspect that this would be resolved by modifying sepolgen/audit.py
to also match on type=1403 for load messages. Try this:
Signed-off-by: Joshua Brindle <method at manicmethod.com>
-----------------------------------------------------------------------
Summary of changes:
checkpolicy/ChangeLog | 4 +
checkpolicy/VERSION | 2 +-
checkpolicy/checkmodule.8 | 11 ++-
checkpolicy/checkmodule.c | 14 +++-
checkpolicy/checkpolicy.8 | 20 ++++-
checkpolicy/checkpolicy.c | 16 +++-
libselinux/ChangeLog | 4 +
libselinux/VERSION | 2 +-
libselinux/man/man3/fini_selinuxmnt.3 | 1 +
libselinux/man/man3/init_selinuxmnt.3 | 28 ++++++
libselinux/man/man3/matchpathcon.3 | 89 ++++++-------------
libselinux/man/man3/matchpathcon_checkmatches.3 | 52 ++++++++++++
libselinux/man/man3/matchpathcon_filespec_add.3 | 1 +
.../man/man3/matchpathcon_filespec_destroy.3 | 1 +
libselinux/man/man3/matchpathcon_filespec_eval.3 | 1 +
.../{matchpathcon_fini.3 => matchpathcon_index.3} | 0
...y_av_perm_to_string.3 => print_access_vector.3} | 0
libselinux/man/man3/security_class_to_string.3 | 14 +++-
libselinux/man/man3/security_compute_av.3 | 17 +++-
libselinux/man/man3/security_disable.3 | 28 ++++++
libselinux/man/man3/security_load_booleans.3 | 60 ++++++++-----
libselinux/man/man3/security_load_policy.3 | 49 ++++++++++-
libselinux/man/man3/security_mkload_policy.3 | 1 +
libselinux/man/man3/selinux_binary_policy_path.3 | 2 +-
...asswdAccess.3 => selinux_check_passwd_access.3} | 0
libselinux/man/man3/selinux_file_context_cmp.3 | 26 ++++++-
libselinux/man/man3/selinux_file_context_verify.3 | 2 +-
libselinux/man/man3/selinux_lsetfilecon_default.3 | 20 +++++
libselinux/man/man3/set_matchpathcon_flags.3 | 63 ++++++++++++++-
libselinux/man/man3/set_matchpathcon_invalidcon.3 | 1 +
libselinux/man/man3/set_matchpathcon_printf.3 | 2 +-
libselinux/man/man3/set_selinuxmnt.3 | 1 +
libselinux/src/Makefile | 2 +-
sepolgen/ChangeLog | 4 +
sepolgen/VERSION | 2 +-
sepolgen/src/sepolgen/audit.py | 2 +-
36 files changed, 427 insertions(+), 115 deletions(-)
create mode 100644 libselinux/man/man3/fini_selinuxmnt.3
create mode 100644 libselinux/man/man3/init_selinuxmnt.3
create mode 100644 libselinux/man/man3/matchpathcon_checkmatches.3
create mode 100644 libselinux/man/man3/matchpathcon_filespec_add.3
create mode 100644 libselinux/man/man3/matchpathcon_filespec_destroy.3
create mode 100644 libselinux/man/man3/matchpathcon_filespec_eval.3
copy libselinux/man/man3/{matchpathcon_fini.3 => matchpathcon_index.3} (100%)
copy libselinux/man/man3/{security_av_perm_to_string.3 => print_access_vector.3} (100%)
create mode 100644 libselinux/man/man3/security_disable.3
create mode 100644 libselinux/man/man3/security_mkload_policy.3
copy libselinux/man/man3/{checkPasswdAccess.3 => selinux_check_passwd_access.3} (100%)
create mode 100644 libselinux/man/man3/selinux_lsetfilecon_default.3
create mode 100644 libselinux/man/man3/set_matchpathcon_invalidcon.3
create mode 100644 libselinux/man/man3/set_selinuxmnt.3
hooks/post-receive
--
SELinux userland upstream repository
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic