e37fa2f63be89afab9b5f5ddfedbd589d0676c4e |
|
24-Dec-2009 |
Caleb Case <ccase@tresys.com> |
libsemanage: split final files into /var/lib/selinux/tmp This patch moves the final files from inside /var/lib/selinux/<store>/[active|previous|tmp] to /var/lib/selinux/tmp/<store>. The move is done to facilitate using source control management on the /var/lib/selinux/<store> directory. If these files remain in /var/lib/selinux/<store> they will pose a size problem if an SCM like git is used as we'd be storing lots of binary diffs. We are suggesting making this change now, rather than later when source policy, SCM, and CIL[1] support are available, to ease the migration burden. These are the files that have been moved: /var/lib/selinux/<store>/active/... /var/lib/selinux/tmp/<store>/... file_contexts contexts/files/file_contexts file_contexts.homedirs contexts/files/file_contexts.homedirs file_contexts.local contexts/files/file_contexts.local netfilter_contexts contexts/netfilter_contexts policy.kern policy/policy.<policyversion> seusers.final seusers The layout of these files in /var/lib/selinux/tmp/<store> is designed to mirror their locations in /etc/selinux/<store>. This should help clarify the relationship between these final files and the files installed in etc. One consequence of this move is that reverting to the previous policy version requires a policy rebuild. Currently you can revert without rebuilding. [1] CIL RFC: http://marc.info/?l=selinux&m=124759244409438&w=2 Signed-off-by: Chad Sellers <csellers@tresys.com>
/external/selinux/libsemanage/src/genhomedircon.c
|
6263ad719c6c75a88dc6eee8e3973ba0ade36c98 |
|
28-Mar-2014 |
Thomas Hurd <thurd@tresys.com> |
libsemanage: fix memory leak in semanage_genhomedircon
/external/selinux/libsemanage/src/genhomedircon.c
|
88f0c1aa6659f99a89770622f4bc2914435db1bb |
|
16-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
maxuid_set is unused. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/libsemanage/src/genhomedircon.c
|
f18320d56330af157c19dfa63886119bac6cf082 |
|
10-May-2013 |
Manoj Srivastava <srivasta@debian.org> |
libsemanage: Also check for the uppoer bound on user ids in login.defs Some non-Debian packages (like qmail, shudder) create users not below MIN_UID, but above MAX_UID, in /etc/login.defs (non-system users are supposed to have uids between MIN_UID and MAX_UID. genhomedircon.c:gethomedirs() checks pwent.pw_uid against MIN_UID in /etc/login.defs to exclude system users from generating homedir contexts. But unfortunately it does not check it against MAX_UID setting from the same file. This gets us lines like the following in the contexts/files/file_contexts.homedirs file: ,---- | # | # Home Context for user user_u | # | /var/qmail/[^/]*/.+ user_u:object_r:user_home_t:s0 | /var/qmail/[^/]*/\.ssh(/.*)? user_u:object_r:user_home_ssh_t:s0 | /var/qmail/[^/]*/\.gnupg(/.+)? user_u:object_r:user_gpg_secret_t:s0 | /var/qmail/[^/]* -d user_u:object_r:user_home_dir_t:s0 | /var/qmail/lost\+found/.* <<none>> | /var/qmail -d system_u:object_r:home_root_t:s0 | /var/qmail/\.journal <<none>> | /var/qmail/lost\+found -d system_u:object_r:lost_found_t:s0 | /tmp/gconfd-.* -d user_u:object_r:user_tmp_t:s0 `---- This commit adds checking uid value againt MAX_UID too.
/external/selinux/libsemanage/src/genhomedircon.c
|
d1c606ba46f661b950d6a6b2b29dfc07a536fb0a |
|
05-Feb-2013 |
Eric Paris <eparis@redhat.com> |
libsemanage: genhomedircon: remove useless conditional in get_home_dirs We have minuid_set = 0 at the top of the function and then do a test like: if (!minuid_set || something) But since minuid_set is always 0, we always call this code. Get rid of the pointless conditional. Signed-off-by: Eric Paris <eparis@redhat.com>
/external/selinux/libsemanage/src/genhomedircon.c
|
e1400f04044e8405419ee4534f8ff4f45c5d532a |
|
05-Feb-2013 |
Eric Paris <eparis@redhat.com> |
libsemanage: genhomedircon: double free in get_home_dirs Right before the call to semanage_list_sort() we do some cleanup. Including endpwent(); free(rbuf); semanage_list_destroy(&shells); If the call to the list sort fails we will go to fail: and will do those cleanups a second time. Whoops. Do the list sort before the generic cleanups so the failure code isn't run after the default cleanup. Signed-off-by: Eric Paris <eparis@redhat.com>
/external/selinux/libsemanage/src/genhomedircon.c
|
7d83d86ba10e2fc251a249df4745c6f339e9c523 |
|
05-Feb-2013 |
Eric Paris <eparis@redhat.com> |
libsemanage: genhomedircon: do not leak on failure in write_gen_home_dir_context We generate a list of users, but we do not free that list on error. Just keep popping and freeing them on error. Signed-off-by: Eric Paris <eparis@redhat.com>
/external/selinux/libsemanage/src/genhomedircon.c
|
5812ec2fbbb9e9244e31525737ea967c7a795252 |
|
05-Feb-2013 |
Eric Paris <eparis@redhat.com> |
libsemanage: genhomedircon: do not leak shells list If get_home_dirs() was called without usepasswd we would generate the entire shell list, but would never use that list. We would then not free that list when we returned the homedir_list. Instead, do not create the list of shells until after we know it will be used. Signed-off-by: Eric Paris <eparis@redhat.com>
/external/selinux/libsemanage/src/genhomedircon.c
|
6064f9672cbd805a9c51b60414f3711a499c45aa |
|
05-Dec-2012 |
Eric Paris <eparis@redhat.com> |
libsemange: redo genhomedircon minuid Just a little less code. No real change. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libsemanage/src/genhomedircon.c
|
18649484eee7e4ca7b0be572365aca368a3471b5 |
|
12-Jan-2012 |
Xin Ouyang <xinpascal@gmail.com> |
libsemanage: Fix segfault for building standard policies. If you are building "standard" policies(not MCS/MLS), libsemanage will crash, which caused by strdup() to "level" NULL pointers. For example, semodule -s refpolicy -b base.pp -i a.pp Signed-off-by: Eric Paris <eparis@redhat.com>
/external/selinux/libsemanage/src/genhomedircon.c
|
38e93bad1ffd99e698d24541793148e1da587389 |
|
26-Mar-2012 |
Russell Coker <russell@coker.com.au> |
libsemanage: fallback-user-level Having magic numbers in the code is a bad idea, using a macro is better. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libsemanage/src/genhomedircon.c
|
5e46bb8647877acf8c7ff8253921c90ee50f3cdc |
|
12-Dec-2011 |
Dan Walsh <dwalsh@redhat.com> |
libsemanage: Fallback_user_level can be NULL if you are not using MLS If you build a distribution without MLS turned on, libsemanage will crash if given a user without a level. This patch allows users without levels to be passed in. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libsemanage/src/genhomedircon.c
|
915b5f885f030aa24a2ca648a184fa02cb5bbdcd |
|
29-Jun-2011 |
Eric Paris <eparis@redhat.com> |
libsemanage: add ignoredirs config for genhomedircon For a long time /root has been treated differently in Red Hat Distributions then upstream policy. We do not want to label /root the same as a users homedir. Because of this we have carried a patch in libsemanage/genhomedircon.c to ignore /root. This patch adds a flag to semanage.conf, ignoredirs. That will allow distributions or users to specify directories that genhomedircon should ignore when setting up users homedir labeling. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libsemanage/src/genhomedircon.c
|
d784fd71b56cb8f57d5b9fcd784094e004bf7c6a |
|
05-Jan-2011 |
Russell Coker <russell@coker.com.au> |
libsemanage: patch for MCS/MLS in user files The attached patch makes the /etc/selinux/default/contexts/files/file_contexts.homedirs generation process include the MCS/MLS level. This means that if you have a user with a MCS/MLS level that isn't SystemLow then their home directory will be labeled such that they can have read/write access to it by default. Unless anyone has any better ideas for how to solve this problem I will upload this to Debian shortly. What do the MLS users do in this situation? Just relabel home directories manually? Finally it seems that when you run "semanage user -m" the file_contexts.homedirs doesn't get updated, it's only when you run "semanage login -m" that it takes affect. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Russell Coker <russell@coker.com.au> Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libsemanage/src/genhomedircon.c
|
d67b1ea1cbe30afb4894634f06ca25916b03cbd7 |
|
24-Jun-2011 |
Eric Paris <eparis@redhat.com> |
libsemanage: drop the -no-unused-parameter build flag Annote the couple of places they are needed and drop the flag Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libsemanage/src/genhomedircon.c
|
faff0a77c679e8290bac6595c9764dc8929f32d6 |
|
16-Sep-2009 |
Daniel J Walsh <dwalsh@redhat.com> |
Author: Daniel J Walsh Email: dwalsh@redhat.com Subject: libsemanage patch Date: Wed, 16 Sep 2009 13:27:25 -0400 Updated patch. Need check in two places. Signed-off-by: Joshua Brindle <method@manicmethod.com>
/external/selinux/libsemanage/src/genhomedircon.c
|
13cd4c8960688af11ad23b4c946149015c80d549 |
|
19-Aug-2008 |
Joshua Brindle <method@manicmethod.com> |
initial import from svn trunk revision 2950
/external/selinux/libsemanage/src/genhomedircon.c
|