Message ID | 20160923172416.25050-1-plautrba@redhat.com (mailing list archive) |
---|---|
State | Not Applicable |
Headers | show
Return-Path: <selinux-bounces@tycho.nsa.gov> Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 22460601C2 for <patchwork-selinux@patchwork.kernel.org>; Fri, 23 Sep 2016 17:25:38 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 12DD429B6F for <patchwork-selinux@patchwork.kernel.org>; Fri, 23 Sep 2016 17:25:38 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 077E82A234; Fri, 23 Sep 2016 17:25:38 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00 autolearn=ham version=3.3.1 Received: from emsm-gh1-uea10.nsa.gov (emsm-gh1-uea10.nsa.gov [8.44.101.8]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 42D3C29B6F for <patchwork-selinux@patchwork.kernel.org>; Fri, 23 Sep 2016 17:25:36 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.30,382,1470700800"; d="scan'208";a="17917958" IronPort-PHdr: =?us-ascii?q?9a23=3AimpynxalsU5AHCbNUKdbT0H/LSx+4OfEezUN459i?= =?us-ascii?q?sYplN5qZpcm4bnLW6fgltlLVR4KTs6sC0LuM9fi/EjVYvd6oizMrSNR0TRgLiM?= =?us-ascii?q?EbzUQLIfWuLgnFFsPsdDEwB89YVVVorDmROElRH9viNRWJ+iXhpQAbFhi3Dwdp?= =?us-ascii?q?POO9QteU1JXtkbjtsMSLP01hv3mUWftKNhK4rAHc5IE9oLBJDeIP8CbPuWZCYO?= =?us-ascii?q?9MxGlldhq5lhf44dqsrtY4q3wD888784Z8dYmyP+FhFf0LRAghZns44MztqAnr?= =?us-ascii?q?URqE5nxaVH4f1BVPHVvr9hb/C6/8rjGykuNgxDOQNMb2BeQsXT2/871hQTfyhS?= =?us-ascii?q?sHPiJ/+2bS3J8jxJlHqQ6s8kQsi7XfZ5uYYb8nJq4=3D?= X-IPAS-Result: =?us-ascii?q?A2GPBQAMZeVX/wHyM5Bdg2sBAQEBAR6BU7p1I4dpTAEBAQE?= =?us-ascii?q?BAQEBAgECWyeCMgQDEwWCGAI3FCAOAwkCFykICAMBLQwJHwsFGASIKr0pJYY3i?= =?us-ascii?q?GgCEQFohRIFmXaPXgqJfYVukGdUhQdwhSUPF2GBJwEBAQ?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea10.nsa.gov with ESMTP; 23 Sep 2016 17:25:29 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u8NHP21n016115; Fri, 23 Sep 2016 13:25:12 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id u8NHP1N6197673 for <selinux@prometheus.infosec.tycho.ncsc.mil>; Fri, 23 Sep 2016 13:25:01 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u8NHP1kr016040 for <selinux@tycho.nsa.gov>; Fri, 23 Sep 2016 13:25:01 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1CjAQCFZOVXhxy3hNFdg2sBAQEBAYFxpSmCBQGPPYQTFIYKgWRMAQIBAQEBAQITAQEBCgsJCRmGEIEeM4hLvU2GN4hofIUSBZl2j14Kj2uQZ4MdAQtVgV08NIUlgi4BAQE X-IPAS-Result: A1CjAQCFZOVXhxy3hNFdg2sBAQEBAYFxpSmCBQGPPYQTFIYKgWRMAQIBAQEBAQITAQEBCgsJCRmGEIEeM4hLvU2GN4hofIUSBZl2j14Kj2uQZ4MdAQtVgV08NIUlgi4BAQE X-IronPort-AV: E=Sophos;i="5.30,382,1470715200"; d="scan'208";a="5725732" Received: from emsm-gh1-uea10.corp.nsa.gov (HELO emsm-gh1-uea10.nsa.gov) ([10.208.41.36]) by goalie.tycho.ncsc.mil with ESMTP; 23 Sep 2016 13:25:00 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3ADz8UlxSZ0nCTQ3fHotXKvGwJ/Npsv+yvbD5Q0YIu?= =?us-ascii?q?jvd0So/mwa64ZxON2/xhgRfzUJnB7Loc0qyN4vqmATNLuM7d+Fk5M7V0Hycfjs?= =?us-ascii?q?sXmwFySOWkMmbcaMDQUiohAc5ZX0Vk9XzoeWJcGcL5ekGA6ibqtW1aJBzzOEJP?= =?us-ascii?q?K/jvHcaK1oLshrr0o8KYOl0UzBOGIppKZC2sqgvQssREyaBDEY0WjiXzn31TZu?= =?us-ascii?q?5NznlpL1/A1zz158O34YIxu38I46FppIZ8VvDhcqA5S6FIJCg3OGAyosvwvF/M?= =?us-ascii?q?ShXcyGEbVzAunwZSSyzM8Q3gVJ76smOuru50xTWAN8TeV704WT2+qaxsTUm722?= =?us-ascii?q?88Kzcl/TSP2YRLh6VBrUf5qg=3D=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0G8AQAMZeVXhxy3hNFdRwEXAQcFAYJ+A?= =?us-ascii?q?QEBAQGBcaUpggUBjz2EExSGCoFkTAEBAQEBAQEBAgECEAEBAQoLCQkZL4IyGIM?= =?us-ascii?q?XgR4ziEu9ToY3iGh8hRIFmXaPXgqPa5BngylVgV08NIUlgi4BAQE?= X-IPAS-Result: =?us-ascii?q?A0G8AQAMZeVXhxy3hNFdRwEXAQcFAYJ+AQEBAQGBcaUpggU?= =?us-ascii?q?Bjz2EExSGCoFkTAEBAQEBAQEBAgECEAEBAQoLCQkZL4IyGIMXgR4ziEu9ToY3i?= =?us-ascii?q?Gh8hRIFmXaPXgqPa5BngylVgV08NIUlgi4BAQE?= X-IronPort-AV: E=Sophos;i="5.30,382,1470700800"; d="scan'208";a="17917892" Received: from mx1.redhat.com ([209.132.183.28]) by emsm-gh1-uea10.nsa.gov with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 23 Sep 2016 17:24:22 +0000 Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 0CD9072673 for <selinux@tycho.nsa.gov>; Fri, 23 Sep 2016 17:24:22 +0000 (UTC) Received: from hulk.com ([10.40.3.79]) by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u8NHOKNr007824; Fri, 23 Sep 2016 13:24:21 -0400 From: Petr Lautrbach <plautrba@redhat.com> To: selinux@tycho.nsa.gov Subject: [PATCH 1/2] sandbox: do not try setup directories without -X or -M Date: Fri, 23 Sep 2016 19:24:15 +0200 Message-Id: <20160923172416.25050-1-plautrba@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Fri, 23 Sep 2016 17:24:22 +0000 (UTC) X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" <selinux.tycho.nsa.gov> List-Post: <mailto:selinux@tycho.nsa.gov> List-Help: <mailto:selinux-request@tycho.nsa.gov?subject=help> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" <selinux-bounces@tycho.nsa.gov> X-Virus-Scanned: ClamAV using ClamSMTP |
diff --git a/policycoreutils/sandbox/sandbox b/policycoreutils/sandbox/sandbox index 4ed57c1..9cc13c2 100644 --- a/policycoreutils/sandbox/sandbox +++ b/policycoreutils/sandbox/sandbox @@ -503,7 +503,8 @@ sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [- try: self.__parse_options() self.__gen_context() - self.__setup_dir() + if self.__mount: + self.__setup_dir() return self.__execute() except KeyboardInterrupt: sys.exit(0)
sandbox tried to copy all affected files to the new home or tmp even though -M or -X was not specified and there was no new directory. Fixes: $ sandbox ls ~ /usr/bin/sandbox: [Errno 17] File exists: '/root' Signed-off-by: Petr Lautrbach <plautrba@redhat.com> --- policycoreutils/sandbox/sandbox | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)