diff mbox

policycoreutils/sandbox: Fix sandbox to propagate specified MCS/MLS Security Level.

Message ID 1447487320-18763-1-git-send-email-mgrepl@redhat.com (mailing list archive)
State Accepted
Headers show

Commit Message

Miroslav Grepl Nov. 14, 2015, 7:48 a.m. UTC 
If "level" option is used to start sandbox commands, this level is not propagated
to specified  homedir and tmpdir directories. See rhbz #1279006.

Signed-off-by: Miroslav Grepl <mgrepl@redhat.com>
---
 policycoreutils/sandbox/sandbox | 3 ---
 1 file changed, 3 deletions(-)

Comments

James Carter Nov. 20, 2015, 6:31 p.m. UTC | #1 
On 11/14/2015 02:48 AM, Miroslav Grepl wrote:
> If "level" option is used to start sandbox commands, this level is not propagated
> to specified  homedir and tmpdir directories. See rhbz #1279006.
>
> Signed-off-by: Miroslav Grepl <mgrepl@redhat.com>

Applied.

Thanks,
Jim

> ---
>   policycoreutils/sandbox/sandbox | 3 ---
>   1 file changed, 3 deletions(-)
>
> diff --git a/policycoreutils/sandbox/sandbox b/policycoreutils/sandbox/sandbox
> index 5109eca..163afa0 100644
> --- a/policycoreutils/sandbox/sandbox
> +++ b/policycoreutils/sandbox/sandbox
> @@ -406,9 +406,6 @@ sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-
>              self.__execcon = "%s:%s:%s:%s" % (con[0], con[1], self.setype, level)
>              self.__filecon = "%s:object_r:sandbox_file_t:%s" % (con[0], level)
>       def __setup_dir(self):
> -           if self.__options.level or self.__options.session:
> -                  return
> -
>              if self.__options.homedir:
>                     selinux.chcon(self.__options.homedir, self.__filecon, recursive=True)
>                     self.__homedir = self.__options.homedir
>
diff mbox

Patch

diff --git a/policycoreutils/sandbox/sandbox b/policycoreutils/sandbox/sandbox
index 5109eca..163afa0 100644
--- a/policycoreutils/sandbox/sandbox
+++ b/policycoreutils/sandbox/sandbox
@@ -406,9 +406,6 @@  sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-
            self.__execcon = "%s:%s:%s:%s" % (con[0], con[1], self.setype, level)
            self.__filecon = "%s:object_r:sandbox_file_t:%s" % (con[0], level)
     def __setup_dir(self):
-           if self.__options.level or self.__options.session:
-                  return
-
            if self.__options.homedir:
                   selinux.chcon(self.__options.homedir, self.__filecon, recursive=True)
                   self.__homedir = self.__options.homedir