From patchwork Wed Aug 24 12:53:10 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Haines X-Patchwork-Id: 9297627 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id D54EB60757 for ; Wed, 24 Aug 2016 12:54:06 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C669328F38 for ; Wed, 24 Aug 2016 12:54:06 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id BB17A28FC0; Wed, 24 Aug 2016 12:54:06 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from emsm-gh1-uea11.nsa.gov (emsm-gh1-uea11.nsa.gov [8.44.101.9]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 556D428F38 for ; Wed, 24 Aug 2016 12:54:05 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.28,570,1464652800"; d="scan'208";a="18711704" IronPort-PHdr: =?us-ascii?q?9a23=3A+f7cVhG9JLSkR6+si6FOUp1GYnF86YWxBRYc798d?= =?us-ascii?q?s5kLTJ75r8qwAkXT6L1XgUPTWs2DsrQf2rOQ6P6rBDdIoc7Y9itTKNoUD15NoP?= =?us-ascii?q?5VtjRoONSCB0z/IayiRA0BN+MGamVY+WqmO1NeAsf0ag6aiHSz6TkPBke3blIt?= =?us-ascii?q?dazLE4Lfx/66y/q1s8WKJV4Z3XzmP/gvd1329VyX7ZhOx9M6a+4Y8VjgmjNwYe?= =?us-ascii?q?NYxGdldxq4vi3XwYOOxqNl6DlaoPk79sRNAu3QdqU8SqFEXnx9azhmrPDxsVH/?= =?us-ascii?q?aSfHpj5FCiRF2iZPVhPI6BD8Q4fZrjrxtu073jKTe8LxU+MaQzOnup1qQx/hki?= =?us-ascii?q?tPFzc49mzMwphqjalbqQitkBdIw4fVZoyOHPBif6XBcMkcSHYHVcFUAX8SSrig?= =?us-ascii?q?ZpcCWrJSdd1TqJPw8h5X9RY=3D?= X-IPAS-Result: =?us-ascii?q?A2GoAgCSmL1X/wHyM5BdGwEBAYMLAQEBAQEegVKzVYV3OSC?= =?us-ascii?q?HSUwBAQEBAQEBAgECWyeCMgQDEwU+CjIBAQEBAQEBAQEBAQEBAQEBAQEBAQEBA?= =?us-ascii?q?QEBAQ8CCEgBASECNwYBDSAMAgMJAgUSKQgIAwEtFR8LBRgEh3YBAxcEs2QFgQK?= =?us-ascii?q?HR4MWAwiEIokbgU8RAYJmC4MHBZlIjySBa4gDhWBIhiGJUFSBTzkNHIFNb4YUD?= =?us-ascii?q?RcHWoEnAQEB?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea11.nsa.gov with ESMTP; 24 Aug 2016 12:53:41 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u7OCrdPY021852; Wed, 24 Aug 2016 08:53:40 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id u7OCrPZl167481 for ; Wed, 24 Aug 2016 08:53:25 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u7OCrP5Q021828 for ; Wed, 24 Aug 2016 08:53:25 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1CCAwCal71Xh9UAFEFdGwEBAYMLAQEBAQGBcKRZBI54giqEDYYdgUVMAQEBAQEBAQITAQEBCA0JCRmFFEMBOAEVgTuIFwEDFwSzYQWBAodGgxYDCIQiiRuERwuDBwWZSI8kgWuNY0iGIYlQghdFDRELgU1vhhQrggEBAQE X-IPAS-Result: A1CCAwCal71Xh9UAFEFdGwEBAYMLAQEBAQGBcKRZBI54giqEDYYdgUVMAQEBAQEBAQITAQEBCA0JCRmFFEMBOAEVgTuIFwEDFwSzYQWBAodGgxYDCIQiiRuERwuDBwWZSI8kgWuNY0iGIYlQghdFDRELgU1vhhQrggEBAQE X-IronPort-AV: E=Sophos;i="5.28,570,1464667200"; d="scan'208";a="5662615" Received: from emsm-gh1-uea11.corp.nsa.gov (HELO emsm-gh1-uea11.nsa.gov) ([10.208.41.37]) by goalie.tycho.ncsc.mil with ESMTP; 24 Aug 2016 08:53:24 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3AJLvnex9ZJWPMoP9uRHKM819IXTAuvvDOBiVQ1KB9?= =?us-ascii?q?1OscTK2v8tzYMVDF4r011RmSDNydsKwP1rGe8/i5HzdRudDZ6DFKWacPfidNsd?= =?us-ascii?q?8RkQ0kDZzNImzAB9muURYHGt9fXkRu5XCxPBsdMs//Y1rPvi/6tmZKSV3BPAZ4?= =?us-ascii?q?bt74BpTVx5zukbvjotuIPU4V33L9Oeo0d0Tu612J94E/ushLEu4J0BzHo39FKa?= =?us-ascii?q?x95FhDAhatpSv6/dq655V58i5d6LoL/s9EVrjmLexjFeQLRGduD2dg/8DvtB/e?= =?us-ascii?q?XSOT93AcVSMQiRMODA/bvz/gWZKkiCrxtuNn1GG6NMzwQKt8DS6j5KdiUhPfgx?= =?us-ascii?q?AHPj8//Xr/gNBxir5WuhSsu1p0xIuCM9LdD+Z3Yq6IJYBSfmFGRMsEDyE=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0FBAwBal71Xh9UAFEFdHAEBgwsBAQEBA?= =?us-ascii?q?YFwpFkEjniCKoNNQIYdgUVMAQEBAQEBAQIBAhABAQEIDQkJGS+CMhhFCjIBAQE?= =?us-ascii?q?BAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQ8CCEgBAR1DATgBFYE7iBcBAxcEs2AFg?= =?us-ascii?q?QKHRoMWAwiEIokbhEcLgwcFmUiPJIFrjWNIhiGJUIIXRQ0RC4FNb4YUK4IBAQE?= =?us-ascii?q?B?= X-IPAS-Result: =?us-ascii?q?A0FBAwBal71Xh9UAFEFdHAEBgwsBAQEBAYFwpFkEjniCKoN?= =?us-ascii?q?NQIYdgUVMAQEBAQEBAQIBAhABAQEIDQkJGS+CMhhFCjIBAQEBAQEBAQEBAQEBA?= =?us-ascii?q?QEBAQEBAQEBAQEBAQ8CCEgBAR1DATgBFYE7iBcBAxcEs2AFgQKHRoMWAwiEIok?= =?us-ascii?q?bhEcLgwcFmUiPJIFrjWNIhiGJUIIXRQ0RC4FNb4YUK4IBAQEB?= X-IronPort-AV: E=Sophos;i="5.28,570,1464652800"; d="scan'208";a="18711694" Received: from rgout0307.bt.lon5.cpcloud.co.uk ([65.20.0.213]) by emsm-gh1-uea11.nsa.gov with ESMTP; 24 Aug 2016 12:53:23 +0000 X-OWM-Source-IP: 86.147.52.137 (GB) X-OWM-Env-Sender: richard_c_haines@btinternet.com X-Junkmail-Premium-Raw: score=8/50, refid=2.7.2:2016.8.24.111218:17:8.129, ip=86.147.52.137, rules=__HAS_FROM, __FRAUD_WEBMAIL_FROM, __TO_MALFORMED_2, __TO_NO_NAME, __HAS_CC_HDR, __CC_NAME, __CC_NAME_DIFF_FROM_ACC, __HAS_MSGID, __SANE_MSGID, __HAS_X_MAILER, __ANY_URI, __FRAUD_BODY_WEBMAIL, __URI_NO_WWW, __LINES_OF_YELLING, BODY_SIZE_5000_5999, __MIME_TEXT_ONLY, LINES_OF_YELLING_3, RDNS_GENERIC_POOLED, HTML_00_01, HTML_00_10, RDNS_SUSP_GENERIC, __FRAUD_WEBMAIL, __PHISH_SPEAR_STRUCTURE_1, RDNS_SUSP, BODY_SIZE_7000_LESS, NO_URI_HTTPS, __CC_REAL_NAMES Received: from localhost.localdomain (86.147.52.137) by rgout03.bt.lon5.cpcloud.co.uk (8.6.122.06) (authenticated as richard_c_haines@btinternet.com) id 57BCDABA00112928; Wed, 24 Aug 2016 13:53:17 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btinternet.com; s=btcpcloud; t=1472043203; bh=TCQwB9MvMM5hAs1geFYI0uWLExCyOGjQdDhtg8lGIDk=; h=From:To:Cc:Subject:Date:Message-Id:X-Mailer; b=kGgXPu+YN8OV0bPM9IXoMCmk1tVXiVj3FgmT6JeIJxWZqDvQj2UJsWQwIT0JbVLP7UWWKbbcc4tQNLC+PO2Vf0EOXjjIMmakZCttZO1kyiPPlsjH/nIUQjH/J4RI/3lgWp+E+gZQHxRxvs/M4S2fYwHl2SXSeZmYP0+f2xGdN34= From: Richard Haines To: selinux@tycho.nsa.gov Subject: [PATCH 1/2] libselinux: Ignore restorecon_last in selinux_restorecon(3) Date: Wed, 24 Aug 2016 13:53:10 +0100 Message-Id: <1472043190-28871-1-git-send-email-richard_c_haines@btinternet.com> X-Mailer: git-send-email 2.7.4 X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: MIME-Version: 1.0 Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP Update selinux_restorecon(3) to allow the "security.restorecon_last" extended attribute to be ignored. Signed-off-by: Richard Haines --- libselinux/include/selinux/restorecon.h | 4 ++++ libselinux/man/man3/selinux_restorecon.3 | 20 +++++++++++++++++--- libselinux/src/selinux_restorecon.c | 9 ++++++++- libselinux/utils/selinux_restorecon.c | 9 +++++++-- 4 files changed, 36 insertions(+), 6 deletions(-) diff --git a/libselinux/include/selinux/restorecon.h b/libselinux/include/selinux/restorecon.h index e6db8f9..563ae94 100644 --- a/libselinux/include/selinux/restorecon.h +++ b/libselinux/include/selinux/restorecon.h @@ -91,6 +91,10 @@ extern int selinux_restorecon(const char *pathname, * mounts to be excluded from relabeling checks. */ #define SELINUX_RESTORECON_IGNORE_MOUNTS 0x2000 +/* + * Do not check or update RESTORECON_LAST extended attribute. + */ +#define SELINUX_RESTORECON_IGNORE_XATTR 0x4000 /** * selinux_restorecon_set_sehandle - Set the global fc handle. diff --git a/libselinux/man/man3/selinux_restorecon.3 b/libselinux/man/man3/selinux_restorecon.3 index ad8acdc..0849faa 100644 --- a/libselinux/man/man3/selinux_restorecon.3 +++ b/libselinux/man/man3/selinux_restorecon.3 @@ -43,6 +43,8 @@ flag set. If any of the specfiles had been updated, the digest will also be updated. However if the digest is the same, no relabeling checks will take place (unless the .B SELINUX_RESTORECON_IGNORE_DIGEST +or the +.B SELINUX_RESTORECON_IGNORE_XATTR flag is set). .sp .IR restorecon_flags @@ -58,6 +60,14 @@ extended attribute once relabeling has been completed successfully provided the .B SELINUX_RESTORECON_NOCHANGE flag has not been set. .sp +.B SELINUX_RESTORECON_IGNORE_XATTR +do not check or update any directory SHA1 digests. Use this option to +effectively disable usage of the +.IR security.restorecon_last +extended attribute. Note that setting this flag will override the +.B SELINUX_RESTORECON_IGNORE_DIGEST +flag. +.sp .B SELINUX_RESTORECON_NOCHANGE don't change any file labels (passive check) or update the digest in the .IR security.restorecon_last @@ -214,10 +224,14 @@ relabeled depending on the settings of the .B SELINUX_RESTORECON_SET_SPECFILE_CTX flag (provided .B SELINUX_RESTORECON_NOCHANGE -is not set). +or the +.B SELINUX_RESTORECON_IGNORE_XATTR +are not set). .IP "5." 4 -.B /sys -and in-memory filesystems do not support the +.B RAMFS +and +.B TMPFS +filesystems do not support the .IR security.restorecon_last extended attribute and are automatically excluded from any relabeling checks. .IP "6." 4 diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c index d49fb15..1618a88 100644 --- a/libselinux/src/selinux_restorecon.c +++ b/libselinux/src/selinux_restorecon.c @@ -86,6 +86,7 @@ struct rest_flags { bool syslog_changes; bool log_matches; bool ignore_noent; + bool ignore_xattr; }; static void restorecon_init(void) @@ -673,6 +674,8 @@ int selinux_restorecon(const char *pathname_orig, SELINUX_RESTORECON_LOG_MATCHES) ? true : false; flags.ignore_noent = (restorecon_flags & SELINUX_RESTORECON_IGNORE_NOENTRY) ? true : false; + flags.ignore_xattr = (restorecon_flags & + SELINUX_RESTORECON_IGNORE_XATTR) ? true : false; ignore_mounts = (restorecon_flags & SELINUX_RESTORECON_IGNORE_MOUNTS) ? true : false; @@ -698,7 +701,7 @@ int selinux_restorecon(const char *pathname_orig, if (!fc_sehandle) return -1; - if (fc_digest_len) { + if (fc_digest_len && !flags.ignore_xattr) { xattr_value = malloc(fc_digest_len); if (!xattr_value) return -1; @@ -777,6 +780,10 @@ int selinux_restorecon(const char *pathname_orig, setrestoreconlast = false; } + /* Ignore restoreconlast if told to do so */ + if (flags.ignore_xattr) + setrestoreconlast = false; + if (setrestoreconlast) { size = getxattr(pathname, RESTORECON_LAST, xattr_value, fc_digest_len); diff --git a/libselinux/utils/selinux_restorecon.c b/libselinux/utils/selinux_restorecon.c index 7aea81f..1bed0f1 100644 --- a/libselinux/utils/selinux_restorecon.c +++ b/libselinux/utils/selinux_restorecon.c @@ -37,7 +37,7 @@ static int validate_context(char **contextp) static void usage(const char *progname) { fprintf(stderr, - "\nusage: %s [-FCnRrdmiIaAsl] [-e dir] [-v|-P]\n" + "\nusage: %s [-FCcnRrdmiIaAsl] [-e dir] [-v|-P]\n" "[-x alt_rootpath] [-p policy] [-f specfile] pathname ...\n" "\nWhere:\n\t" "-F Set the label to that in specfile.\n\t" @@ -45,6 +45,7 @@ static void usage(const char *progname) "label to that\n\t in the specfile.\n\t" "-C Check labels even if the stored SHA1 digest matches\n\t" " the specfiles SHA1 digest.\n\t" + "-c Do not check or update SHA1 digests.\n\t" "-n Don't change any file labels (passive check).\n\t" "-R Recursively change file and directory labels.\n\t" "-v Show changes in file labels (-v and -P are mutually " @@ -127,7 +128,7 @@ int main(int argc, char **argv) exclude_list = NULL; exclude_count = 0; - while ((opt = getopt(argc, argv, "iIFCnRvPrdaAslme:f:p:x:")) > 0) { + while ((opt = getopt(argc, argv, "iIFCcnRvPrdaAslme:f:p:x:")) > 0) { switch (opt) { case 'F': restorecon_flags |= @@ -137,6 +138,10 @@ int main(int argc, char **argv) restorecon_flags |= SELINUX_RESTORECON_IGNORE_DIGEST; break; + case 'c': + restorecon_flags |= + SELINUX_RESTORECON_IGNORE_XATTR; + break; case 'n': restorecon_flags |= SELINUX_RESTORECON_NOCHANGE; break;