From ef33cdb47fbdda3cd4c05bccba096923709a9bca Mon Sep 17 00:00:00 2001 From: Xin Ouyang Date: Fri, 24 May 2013 14:45:58 +0800 Subject: policycoreutils: Revert "restorecon: only update type by default" This reverts uprev commit 96cedba3e59aa474f0f040da5108a17bba45ce6c. 96cedb will cause wrong security contexts for /dev/ while using MLS type of old refpolicy, so revert it. This patch should be dropped while refpolicy is upreved to 2.20120725+. Signed-off-by: Xin Ouyang --- ...cycoreutils-revert-restorecon-update-type.patch | 315 +++++++++++++++++++++ recipes-security/selinux/policycoreutils_2.1.13.bb | 5 +- 2 files changed, 319 insertions(+), 1 deletion(-) create mode 100644 recipes-security/selinux/policycoreutils/policycoreutils-revert-restorecon-update-type.patch diff --git a/recipes-security/selinux/policycoreutils/policycoreutils-revert-restorecon-update-type.patch b/recipes-security/selinux/policycoreutils/policycoreutils-revert-restorecon-update-type.patch new file mode 100644 index 0000000..dd7f97c --- /dev/null +++ b/recipes-security/selinux/policycoreutils/policycoreutils-revert-restorecon-update-type.patch @@ -0,0 +1,315 @@ +From 0fa419825539f172e1097d685e92c7d1a5826f23 Mon Sep 17 00:00:00 2001 +From: Xin Ouyang +Date: Fri, 24 May 2013 14:31:10 +0800 +Subject: [PATCH] policycoreutils: Revert "restorecon: only update type by default" + +This reverts uprev commit 96cedba3e59aa474f0f040da5108a17bba45ce6c. + +96cedb will cause wrong security contexts for /dev/ while using +MLS type of old refpolicy, so revert it. + +This patch should be dropped while refpolicy is upreved to 2.20120725+. + +Upstream-Status: Inappropriate [for old refpolicy] + +--- + setfiles/restore.c | 113 +++++++++++++++------------------- + setfiles/restorecon.8 | 12 ++-- + setfiles/setfiles.8 | 19 +++--- + 3 files changed, 61 insertions(+), 83 deletions(-) + +diff --git a/setfiles/restore.c b/setfiles/restore.c +index 4c62b41..2acec8e 100644 +--- a/setfiles/restore.c ++++ b/setfiles/restore.c +@@ -1,6 +1,5 @@ + #include "restore.h" + #include +-#include + + #define SKIP -2 + #define ERR -1 +@@ -34,6 +33,7 @@ struct edir { + + static file_spec_t *fl_head; + static int filespec_add(ino_t ino, const security_context_t con, const char *file); ++static int only_changed_user(const char *a, const char *b); + struct restore_opts *r_opts = NULL; + static void filespec_destroy(void); + static void filespec_eval(void); +@@ -104,7 +104,8 @@ static int restore(FTSENT *ftsent) + { + char *my_file = strdupa(ftsent->fts_path); + int ret = -1; +- security_context_t curcon = NULL, newcon = NULL; ++ char *context, *newcon; ++ int user_only_changed = 0; + + if (match(my_file, ftsent->fts_statp, &newcon) < 0) + /* Check for no matching specification. */ +@@ -138,105 +139,74 @@ static int restore(FTSENT *ftsent) + printf("%s: %s matched by %s\n", r_opts->progname, my_file, newcon); + } + +- /* +- * Do not relabel if their is no default specification for this file +- */ +- +- if (strcmp(newcon, "<>") == 0) { +- goto out; +- } +- + /* Get the current context of the file. */ +- ret = lgetfilecon_raw(ftsent->fts_accpath, &curcon); ++ ret = lgetfilecon_raw(ftsent->fts_accpath, &context); + if (ret < 0) { + if (errno == ENODATA) { +- curcon = NULL; ++ context = NULL; + } else { + fprintf(stderr, "%s get context on %s failed: '%s'\n", + r_opts->progname, my_file, strerror(errno)); + goto err; + } +- } +- ++ user_only_changed = 0; ++ } else ++ user_only_changed = only_changed_user(context, newcon); + /* lgetfilecon returns number of characters and ret needs to be reset + * to 0. + */ + ret = 0; + + /* +- * Do not relabel the file if the file is already labeled according to +- * the specification. ++ * Do not relabel the file if the matching specification is ++ * <> or the file is already labeled according to the ++ * specification. + */ +- if (curcon && (strcmp(curcon, newcon) == 0)) { ++ if ((strcmp(newcon, "<>") == 0) || ++ (context && (strcmp(context, newcon) == 0))) { ++ freecon(context); + goto out; + } + +- if (!r_opts->force && curcon && (is_context_customizable(curcon) > 0)) { ++ if (!r_opts->force && context && (is_context_customizable(context) > 0)) { + if (r_opts->verbose > 1) { + fprintf(stderr, + "%s: %s not reset customized by admin to %s\n", +- r_opts->progname, my_file, curcon); ++ r_opts->progname, my_file, context); + } ++ freecon(context); + goto out; + } + +- /* +- * Do not change label unless this is a force or the type is different +- */ +- if (!r_opts->force && curcon) { +- int types_differ = 0; +- context_t cona; +- context_t conb; +- int err = 0; +- cona = context_new(curcon); +- if (! cona) { +- goto out; +- } +- conb = context_new(newcon); +- if (! conb) { +- context_free(cona); +- goto out; +- } +- +- types_differ = strcmp(context_type_get(cona), context_type_get(conb)); +- if (types_differ) { +- err |= context_user_set(conb, context_user_get(cona)); +- err |= context_role_set(conb, context_role_get(cona)); +- err |= context_range_set(conb, context_range_get(cona)); +- if (!err) { +- freecon(newcon); +- newcon = strdup(context_str(conb)); +- } +- } +- context_free(cona); +- context_free(conb); +- +- if (!types_differ || err) { +- goto out; +- } +- } +- + if (r_opts->verbose) { +- printf("%s reset %s context %s->%s\n", +- r_opts->progname, my_file, curcon ?: "", newcon); ++ /* If we're just doing "-v", trim out any relabels where ++ * the user has r_opts->changed but the role and type are the ++ * same. For "-vv", emit everything. */ ++ if (r_opts->verbose > 1 || !user_only_changed) { ++ printf("%s reset %s context %s->%s\n", ++ r_opts->progname, my_file, context ?: "", newcon); ++ } + } + +- if (r_opts->logging && r_opts->change) { +- if (curcon) ++ if (r_opts->logging && !user_only_changed) { ++ if (context) + syslog(LOG_INFO, "relabeling %s from %s to %s\n", +- my_file, curcon, newcon); ++ my_file, context, newcon); + else + syslog(LOG_INFO, "labeling %s to %s\n", + my_file, newcon); + } + +- if (r_opts->outfile) ++ if (r_opts->outfile && !user_only_changed) + fprintf(r_opts->outfile, "%s\n", my_file); + ++ if (context) ++ freecon(context); ++ + /* + * Do not relabel the file if -n was used. + */ +- if (!r_opts->change) ++ if (!r_opts->change || user_only_changed) + goto out; + + /* +@@ -250,15 +220,12 @@ static int restore(FTSENT *ftsent) + } + ret = 0; + out: +- freecon(curcon); + freecon(newcon); + return ret; + skip: +- freecon(curcon); + freecon(newcon); + return SKIP; + err: +- freecon(curcon); + freecon(newcon); + return ERR; + } +@@ -479,6 +446,22 @@ int add_exclude(const char *directory) + return 0; + } + ++/* Compare two contexts to see if their differences are "significant", ++ * or whether the only difference is in the user. */ ++static int only_changed_user(const char *a, const char *b) ++{ ++ char *rest_a, *rest_b; /* Rest of the context after the user */ ++ if (r_opts->force) ++ return 0; ++ if (!a || !b) ++ return 0; ++ rest_a = strchr(a, ':'); ++ rest_b = strchr(b, ':'); ++ if (!rest_a || !rest_b) ++ return 0; ++ return (strcmp(rest_a, rest_b) == 0); ++} ++ + /* + * Evaluate the association hash table distribution. + */ +diff --git a/setfiles/restorecon.8 b/setfiles/restorecon.8 +index ffbb9d1..f765000 100644 +--- a/setfiles/restorecon.8 ++++ b/setfiles/restorecon.8 +@@ -21,11 +21,6 @@ It can also be run at any other time to correct inconsistent labels, to add + support for newly-installed policy or, by using the \-n option, to passively + check whether the file contexts are all set as specified by the active policy + (default behavior) or by some other policy (see the \-c option). +-.P +-If a file object does not have a context, restorecon will write the default +-context to the file object's extended attributes. If a file object has a +-context, restorecon will only modify the type portion of the security context. +-The -F option will force a replacement of the entire context. + + .SH "OPTIONS" + .TP +@@ -36,8 +31,8 @@ exclude a directory (repeat the option to exclude more than one directory). + infilename contains a list of files to be processed. Use \- for stdin. + .TP + .B \-F +-Force reset of context to match file_context for customizable files, and the +-default file context, changing the user, role, range portion as well as the type. ++force reset of context to match file_context for customizable files, or the ++user section, if it has changed. + .TP + .B \-h, \-? + display usage information and exit. +@@ -63,6 +58,9 @@ change files and directories file labels recursively (descend directories). + .B \-v + show changes in file labels, if type or role are going to be changed. + .TP ++.B \-vv ++show changes in file labels, if type, role or user are going to be changed. ++.TP + .B \-0 + the separator for the input items is assumed to be the null character + (instead of the white space). The quotes and the backslash characters are +diff --git a/setfiles/setfiles.8 b/setfiles/setfiles.8 +index 7ff54f9..bcec84c 100644 +--- a/setfiles/setfiles.8 ++++ b/setfiles/setfiles.8 +@@ -4,7 +4,7 @@ setfiles \- set SELinux file security contexts. + + .SH "SYNOPSIS" + .B setfiles +-.I [\-c policy] [\-d] [\-l] [\-n] [\-e directory] [\-o filename] [\-q] [\-s] [\-v] [\-W] [\-F] spec_file pathname... ++.I [\-c policy] [\-d] [\-l] [\-n] [\-e directory] [\-o filename] [\-q] [\-s] [\-v] [\-vv] [\-W] [\-F] spec_file pathname... + .SH "DESCRIPTION" + This manual page describes the + .BR setfiles +@@ -19,13 +19,9 @@ It can also be run at any other time to correct inconsistent labels, to add + support for newly-installed policy or, by using the \-n option, to passively + check whether the file contexts are all set as specified by the active policy + (default behavior) or by some other policy (see the \-c option). +-.P +-If a file object does not have a context, setfiles will write the default +-context to the file object's extended attributes. If a file object has a +-context, setfiles will only modify the type portion of the security context. +-The -F option will force a replacement of the entire context. ++ + .SH "OPTIONS" +-.TP ++.TP + .B \-c + check the validity of the contexts against the specified binary policy. + .TP +@@ -40,9 +36,7 @@ directory to exclude (repeat option for more than one directory). + take a list of files to be processed from an input file. + .TP + .B \-F +-Force reset of context to match file_context for customizable files, and the +-default file context, changing the user, role, range portion as well as the +-type. ++force reset of context to match file_context for customizable files. + .TP + .B \-h, \-? + display usage information and exit. +@@ -73,7 +67,10 @@ take a list of files from standard input instead of using a pathname from the + command line (equivalent to \-f \-). + .TP + .B \-v +-show changes in file labels. ++show changes in file labels, if type or role are going to be changed. ++.TP ++.B \-vv ++show changes in file labels, if type, role or user are going to be changed. + .TP + .B \-W + display warnings about entries that had no matching files. +-- +1.8.1.2 + diff --git a/recipes-security/selinux/policycoreutils_2.1.13.bb b/recipes-security/selinux/policycoreutils_2.1.13.bb index b5ef344..c514567 100644 --- a/recipes-security/selinux/policycoreutils_2.1.13.bb +++ b/recipes-security/selinux/policycoreutils_2.1.13.bb @@ -1,4 +1,4 @@ -PR = "r0" +PR = "r1" include selinux_20120924.inc include ${BPN}.inc @@ -8,3 +8,6 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833" SRC_URI[md5sum] = "97c0b828599fe608f37894989820d71d" SRC_URI[sha256sum] = "34040f06f3111d9ee957576e4095841d35b9ca9141ee8d80aab036cbefb28584" +SRC_URI += "\ + file://policycoreutils-revert-restorecon-update-type.patch \ + " -- cgit v1.2.3-54-g00ecf