| e37fa2f63be89afab9b5f5ddfedbd589d0676c4e |
|
24-Dec-2009 |
Caleb Case <ccase@tresys.com> |
libsemanage: split final files into /var/lib/selinux/tmp
This patch moves the final files from inside
/var/lib/selinux/<store>/[active|previous|tmp] to
/var/lib/selinux/tmp/<store>. The move is done to facilitate using
source control management on the /var/lib/selinux/<store> directory. If
these files remain in /var/lib/selinux/<store> they will pose a size
problem if an SCM like git is used as we'd be storing lots of binary
diffs. We are suggesting making this change now, rather than later when
source policy, SCM, and CIL[1] support are available, to ease the
migration burden.
These are the files that have been moved:
/var/lib/selinux/<store>/active/... /var/lib/selinux/tmp/<store>/...
file_contexts contexts/files/file_contexts
file_contexts.homedirs contexts/files/file_contexts.homedirs
file_contexts.local contexts/files/file_contexts.local
netfilter_contexts contexts/netfilter_contexts
policy.kern policy/policy.<policyversion>
seusers.final seusers
The layout of these files in /var/lib/selinux/tmp/<store> is designed to
mirror their locations in /etc/selinux/<store>. This should help clarify
the relationship between these final files and the files installed in
etc.
One consequence of this move is that reverting to the previous policy
version requires a policy rebuild. Currently you can revert without
rebuilding.
[1] CIL RFC: http://marc.info/?l=selinux&m=124759244409438&w=2
Signed-off-by: Chad Sellers <csellers@tresys.com>
/external/selinux/libsemanage/src/genhomedircon.c
|
| 6263ad719c6c75a88dc6eee8e3973ba0ade36c98 |
|
28-Mar-2014 |
Thomas Hurd <thurd@tresys.com> |
libsemanage: fix memory leak in semanage_genhomedircon
/external/selinux/libsemanage/src/genhomedircon.c
|
| 88f0c1aa6659f99a89770622f4bc2914435db1bb |
|
16-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
maxuid_set is unused.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/libsemanage/src/genhomedircon.c
|
| f18320d56330af157c19dfa63886119bac6cf082 |
|
10-May-2013 |
Manoj Srivastava <srivasta@debian.org> |
libsemanage: Also check for the uppoer bound on user ids in login.defs
Some non-Debian packages (like qmail, shudder) create
users not below MIN_UID, but above MAX_UID, in /etc/login.defs
(non-system users are supposed to have uids between MIN_UID and
MAX_UID.
genhomedircon.c:gethomedirs() checks pwent.pw_uid against MIN_UID in
/etc/login.defs to exclude system users from generating homedir
contexts. But unfortunately it does not check it against MAX_UID
setting from the same file. This gets us lines like the following in
the contexts/files/file_contexts.homedirs file:
,----
| #
| # Home Context for user user_u
| #
| /var/qmail/[^/]*/.+ user_u:object_r:user_home_t:s0
| /var/qmail/[^/]*/\.ssh(/.*)? user_u:object_r:user_home_ssh_t:s0
| /var/qmail/[^/]*/\.gnupg(/.+)? user_u:object_r:user_gpg_secret_t:s0
| /var/qmail/[^/]* -d user_u:object_r:user_home_dir_t:s0
| /var/qmail/lost\+found/.* <<none>>
| /var/qmail -d system_u:object_r:home_root_t:s0
| /var/qmail/\.journal <<none>>
| /var/qmail/lost\+found -d system_u:object_r:lost_found_t:s0
| /tmp/gconfd-.* -d user_u:object_r:user_tmp_t:s0
`----
This commit adds checking uid value againt MAX_UID too.
/external/selinux/libsemanage/src/genhomedircon.c
|
| d1c606ba46f661b950d6a6b2b29dfc07a536fb0a |
|
05-Feb-2013 |
Eric Paris <eparis@redhat.com> |
libsemanage: genhomedircon: remove useless conditional in get_home_dirs
We have minuid_set = 0 at the top of the function and then do a test
like:
if (!minuid_set || something)
But since minuid_set is always 0, we always call this code. Get rid of
the pointless conditional.
Signed-off-by: Eric Paris <eparis@redhat.com>
/external/selinux/libsemanage/src/genhomedircon.c
|
| e1400f04044e8405419ee4534f8ff4f45c5d532a |
|
05-Feb-2013 |
Eric Paris <eparis@redhat.com> |
libsemanage: genhomedircon: double free in get_home_dirs
Right before the call to semanage_list_sort() we do some cleanup.
Including endpwent(); free(rbuf); semanage_list_destroy(&shells); If
the call to the list sort fails we will go to fail: and will do those
cleanups a second time. Whoops. Do the list sort before the generic
cleanups so the failure code isn't run after the default cleanup.
Signed-off-by: Eric Paris <eparis@redhat.com>
/external/selinux/libsemanage/src/genhomedircon.c
|
| 7d83d86ba10e2fc251a249df4745c6f339e9c523 |
|
05-Feb-2013 |
Eric Paris <eparis@redhat.com> |
libsemanage: genhomedircon: do not leak on failure in write_gen_home_dir_context
We generate a list of users, but we do not free that list on error.
Just keep popping and freeing them on error.
Signed-off-by: Eric Paris <eparis@redhat.com>
/external/selinux/libsemanage/src/genhomedircon.c
|
| 5812ec2fbbb9e9244e31525737ea967c7a795252 |
|
05-Feb-2013 |
Eric Paris <eparis@redhat.com> |
libsemanage: genhomedircon: do not leak shells list
If get_home_dirs() was called without usepasswd we would generate the
entire shell list, but would never use that list. We would then not
free that list when we returned the homedir_list. Instead, do not
create the list of shells until after we know it will be used.
Signed-off-by: Eric Paris <eparis@redhat.com>
/external/selinux/libsemanage/src/genhomedircon.c
|
| 6064f9672cbd805a9c51b60414f3711a499c45aa |
|
05-Dec-2012 |
Eric Paris <eparis@redhat.com> |
libsemange: redo genhomedircon minuid
Just a little less code. No real change.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libsemanage/src/genhomedircon.c
|
| 18649484eee7e4ca7b0be572365aca368a3471b5 |
|
12-Jan-2012 |
Xin Ouyang <xinpascal@gmail.com> |
libsemanage: Fix segfault for building standard policies.
If you are building "standard" policies(not MCS/MLS), libsemanage
will crash, which caused by strdup() to "level" NULL pointers.
For example, semodule -s refpolicy -b base.pp -i a.pp
Signed-off-by: Eric Paris <eparis@redhat.com>
/external/selinux/libsemanage/src/genhomedircon.c
|
| 38e93bad1ffd99e698d24541793148e1da587389 |
|
26-Mar-2012 |
Russell Coker <russell@coker.com.au> |
libsemanage: fallback-user-level
Having magic numbers in the code is a bad idea, using a macro is better.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libsemanage/src/genhomedircon.c
|
| 5e46bb8647877acf8c7ff8253921c90ee50f3cdc |
|
12-Dec-2011 |
Dan Walsh <dwalsh@redhat.com> |
libsemanage: Fallback_user_level can be NULL if you are not using MLS
If you build a distribution without MLS turned on, libsemanage will
crash if given a user without a level. This patch allows users
without levels to be passed in.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libsemanage/src/genhomedircon.c
|
| 915b5f885f030aa24a2ca648a184fa02cb5bbdcd |
|
29-Jun-2011 |
Eric Paris <eparis@redhat.com> |
libsemanage: add ignoredirs config for genhomedircon
For a long time /root has been treated differently in Red Hat
Distributions then upstream policy.
We do not want to label /root the same as a users homedir. Because of
this we have carried a patch in libsemanage/genhomedircon.c to ignore
/root.
This patch adds a flag to semanage.conf, ignoredirs. That will allow
distributions or users to specify directories that genhomedircon
should ignore when setting up users homedir labeling.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libsemanage/src/genhomedircon.c
|
| d784fd71b56cb8f57d5b9fcd784094e004bf7c6a |
|
05-Jan-2011 |
Russell Coker <russell@coker.com.au> |
libsemanage: patch for MCS/MLS in user files
The attached patch makes the
/etc/selinux/default/contexts/files/file_contexts.homedirs generation process
include the MCS/MLS level.
This means that if you have a user with a MCS/MLS level that isn't SystemLow
then their home directory will be labeled such that they can have read/write
access to it by default.
Unless anyone has any better ideas for how to solve this problem I will upload
this to Debian shortly.
What do the MLS users do in this situation? Just relabel home directories
manually?
Finally it seems that when you run "semanage user -m" the
file_contexts.homedirs doesn't get updated, it's only when you run
"semanage login -m" that it takes affect.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Russell Coker <russell@coker.com.au>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libsemanage/src/genhomedircon.c
|
| d67b1ea1cbe30afb4894634f06ca25916b03cbd7 |
|
24-Jun-2011 |
Eric Paris <eparis@redhat.com> |
libsemanage: drop the -no-unused-parameter build flag
Annote the couple of places they are needed and drop the flag
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libsemanage/src/genhomedircon.c
|
| faff0a77c679e8290bac6595c9764dc8929f32d6 |
|
16-Sep-2009 |
Daniel J Walsh <dwalsh@redhat.com> |
Author: Daniel J Walsh
Email: dwalsh@redhat.com
Subject: libsemanage patch
Date: Wed, 16 Sep 2009 13:27:25 -0400
Updated patch. Need check in two places.
Signed-off-by: Joshua Brindle <method@manicmethod.com>
/external/selinux/libsemanage/src/genhomedircon.c
|
| 13cd4c8960688af11ad23b4c946149015c80d549 |
|
19-Aug-2008 |
Joshua Brindle <method@manicmethod.com> |
initial import from svn trunk revision 2950
/external/selinux/libsemanage/src/genhomedircon.c
|