| Message ID | 20170927081645.32481-2-vmojzis@redhat.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
2017-09-27 1:16 GMT-07:00 Vit Mojzis <vmojzis@redhat.com>: > Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813 > --- > libsemanage/include/semanage/fcontexts_policy.h | 4 ++++ > libsemanage/src/direct_api.c | 6 ++++++ > libsemanage/src/fcontexts_policy.c | 8 ++++++++ > libsemanage/src/handle.h | 19 +++++++++++++------ > 4 files changed, 31 insertions(+), 6 deletions(-) > > diff --git a/libsemanage/include/semanage/fcontexts_policy.h b/libsemanage/include/semanage/fcontexts_policy.h > index a50db2b..199a1e1 100644 > --- a/libsemanage/include/semanage/fcontexts_policy.h > +++ b/libsemanage/include/semanage/fcontexts_policy.h > @@ -26,4 +26,8 @@ extern int semanage_fcontext_list(semanage_handle_t * handle, > semanage_fcontext_t *** records, > unsigned int *count); > > +extern int semanage_fcontext_list_homedirs(semanage_handle_t * handle, > + semanage_fcontext_t *** records, > + unsigned int *count); > + > #endif > diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c > index 65842df..886a228 100644 > --- a/libsemanage/src/direct_api.c > +++ b/libsemanage/src/direct_api.c > @@ -210,6 +210,12 @@ int semanage_direct_connect(semanage_handle_t * sh) > semanage_fcontext_dbase_local(sh)) < 0) > goto err; > > + if (fcontext_file_dbase_init(sh, > + selinux_file_context_homedir_path(), > + selinux_file_context_homedir_path(), > + semanage_fcontext_dbase_homedirs(sh)) < 0) > + goto err; > + > if (seuser_file_dbase_init(sh, > semanage_path(SEMANAGE_ACTIVE, > SEMANAGE_SEUSERS_LOCAL), > diff --git a/libsemanage/src/fcontexts_policy.c b/libsemanage/src/fcontexts_policy.c > index 0b063b1..98490ab 100644 > --- a/libsemanage/src/fcontexts_policy.c > +++ b/libsemanage/src/fcontexts_policy.c > @@ -51,3 +51,11 @@ int semanage_fcontext_list(semanage_handle_t * handle, > dbase_config_t *dconfig = semanage_fcontext_dbase_policy(handle); > return dbase_list(handle, dconfig, records, count); > } > + > +int semanage_fcontext_list_homedirs(semanage_handle_t * handle, > + semanage_fcontext_t *** records, unsigned int *count) > +{ > + > + dbase_config_t *dconfig = semanage_fcontext_dbase_homedirs(handle); > + return dbase_list(handle, dconfig, records, count); > +} > diff --git a/libsemanage/src/handle.h b/libsemanage/src/handle.h > index 889871d..1780ac8 100644 > --- a/libsemanage/src/handle.h > +++ b/libsemanage/src/handle.h > @@ -79,7 +79,7 @@ struct semanage_handle { > struct semanage_policy_table *funcs; > > /* Object databases */ > -#define DBASE_COUNT 23 > +#define DBASE_COUNT 24 > > /* Local modifications */ > #define DBASE_LOCAL_USERS_BASE 0 > @@ -102,13 +102,14 @@ struct semanage_handle { > #define DBASE_POLICY_INTERFACES 15 > #define DBASE_POLICY_BOOLEANS 16 > #define DBASE_POLICY_FCONTEXTS 17 > -#define DBASE_POLICY_SEUSERS 18 > -#define DBASE_POLICY_NODES 19 > -#define DBASE_POLICY_IBPKEYS 20 > -#define DBASE_POLICY_IBENDPORTS 21 > +#define DBASE_POLICY_FCONTEXTS_H 18 > +#define DBASE_POLICY_SEUSERS 19 > +#define DBASE_POLICY_NODES 20 > +#define DBASE_POLICY_IBPKEYS 21 > +#define DBASE_POLICY_IBENDPORTS 22 > > /* Active kernel policy */ > -#define DBASE_ACTIVE_BOOLEANS 22 > +#define DBASE_ACTIVE_BOOLEANS 23 Any particular reason to reassign all these defines instead of just setting DBASE_POLICY_FCONTEXTS_H to 22 and setting DBASE_ACTIVE_BOOLEANS to 23 other than just to have DBASE_POLICY_FCONTEXTS_H follow DBASE_POLICY_FCONTEXTS? I'm also assuming, after looking at the code, that the database itself is built every time so versioning mismatches are not a worry. > dbase_config_t dbase[DBASE_COUNT]; > }; > > @@ -236,6 +237,12 @@ static inline > } > > static inline > + dbase_config_t * semanage_fcontext_dbase_homedirs(semanage_handle_t * handle) > +{ > + return &handle->dbase[DBASE_POLICY_FCONTEXTS_H]; > +} > + > +static inline > dbase_config_t * semanage_seuser_dbase_policy(semanage_handle_t * handle) > { > return &handle->dbase[DBASE_POLICY_SEUSERS]; > -- > 2.9.4 > >
On Wed, 2017-09-27 at 10:16 +0200, Vit Mojzis wrote: > Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813 > --- > libsemanage/include/semanage/fcontexts_policy.h | 4 ++++ > libsemanage/src/direct_api.c | 6 ++++++ > libsemanage/src/fcontexts_policy.c | 8 ++++++++ > libsemanage/src/handle.h | 19 +++++++++++++ > ------ > 4 files changed, 31 insertions(+), 6 deletions(-) > > diff --git a/libsemanage/include/semanage/fcontexts_policy.h > b/libsemanage/include/semanage/fcontexts_policy.h > index a50db2b..199a1e1 100644 > --- a/libsemanage/include/semanage/fcontexts_policy.h > +++ b/libsemanage/include/semanage/fcontexts_policy.h > @@ -26,4 +26,8 @@ extern int semanage_fcontext_list(semanage_handle_t > * handle, > semanage_fcontext_t *** records, > unsigned int *count); > > +extern int semanage_fcontext_list_homedirs(semanage_handle_t * > handle, > + semanage_fcontext_t *** records, > + unsigned int *count); > + > #endif > diff --git a/libsemanage/src/direct_api.c > b/libsemanage/src/direct_api.c > index 65842df..886a228 100644 > --- a/libsemanage/src/direct_api.c > +++ b/libsemanage/src/direct_api.c > @@ -210,6 +210,12 @@ int semanage_direct_connect(semanage_handle_t * > sh) > semanage_fcontext_dbase_local(s > h)) < 0) > goto err; > > + if (fcontext_file_dbase_init(sh, > + selinux_file_context_homedir_pa > th(), > + selinux_file_context_homedir_pa > th(), This will return the wrong results if one specifies a policy store other than the active one to semodule (via -s) or semanage (via -S), e.g. semanage fcontext -S mls -l. You shouldn't be using the path of the active, installed file_contexts.homedirs file but rather one from the per-policy-store sandbox. The libsemanage functions always act on the sandbox. Also, you shouldn't be passing the same path as the ro and rw paths here, as you don't want a dbase flush to suddenly overwrite the installed file_contexts.homedirs file. I guess the problem you currently have is we aren't keeping around a copy of the generated file_contexts.homedirs in the sandbox; it is only created in the final tmp location and that entire directory tree is deleted once we complete the transaction. You'd need to regenerate it on demand or keep it around if you want to do this. > + semanage_fcontext_dbase_homedir > s(sh)) < 0) > + goto err; > + > if (seuser_file_dbase_init(sh, > semanage_path(SEMANAGE_ACTIVE, > SEMANAGE_SEUSERS_LO > CAL), > diff --git a/libsemanage/src/fcontexts_policy.c > b/libsemanage/src/fcontexts_policy.c > index 0b063b1..98490ab 100644 > --- a/libsemanage/src/fcontexts_policy.c > +++ b/libsemanage/src/fcontexts_policy.c > @@ -51,3 +51,11 @@ int semanage_fcontext_list(semanage_handle_t * > handle, > dbase_config_t *dconfig = > semanage_fcontext_dbase_policy(handle); > return dbase_list(handle, dconfig, records, count); > } > + > +int semanage_fcontext_list_homedirs(semanage_handle_t * handle, > + semanage_fcontext_t *** records, unsigned > int *count) > +{ > + > + dbase_config_t *dconfig = > semanage_fcontext_dbase_homedirs(handle); > + return dbase_list(handle, dconfig, records, count); > +} > diff --git a/libsemanage/src/handle.h b/libsemanage/src/handle.h > index 889871d..1780ac8 100644 > --- a/libsemanage/src/handle.h > +++ b/libsemanage/src/handle.h > @@ -79,7 +79,7 @@ struct semanage_handle { > struct semanage_policy_table *funcs; > > /* Object databases */ > -#define DBASE_COUNT 23 > +#define DBASE_COUNT 24 > > /* Local modifications */ > #define DBASE_LOCAL_USERS_BASE 0 > @@ -102,13 +102,14 @@ struct semanage_handle { > #define DBASE_POLICY_INTERFACES 15 > #define DBASE_POLICY_BOOLEANS 16 > #define DBASE_POLICY_FCONTEXTS 17 > -#define DBASE_POLICY_SEUSERS 18 > -#define DBASE_POLICY_NODES 19 > -#define DBASE_POLICY_IBPKEYS 20 > -#define DBASE_POLICY_IBENDPORTS 21 > +#define DBASE_POLICY_FCONTEXTS_H 18 > +#define DBASE_POLICY_SEUSERS 19 > +#define DBASE_POLICY_NODES 20 > +#define DBASE_POLICY_IBPKEYS 21 > +#define DBASE_POLICY_IBENDPORTS 22 > > /* Active kernel policy */ > -#define DBASE_ACTIVE_BOOLEANS 22 > +#define DBASE_ACTIVE_BOOLEANS 23 > dbase_config_t dbase[DBASE_COUNT]; > }; > > @@ -236,6 +237,12 @@ static inline > } > > static inline > + dbase_config_t * > semanage_fcontext_dbase_homedirs(semanage_handle_t * handle) > +{ > + return &handle->dbase[DBASE_POLICY_FCONTEXTS_H]; > +} > + > +static inline > dbase_config_t * semanage_seuser_dbase_policy(semanage_handle_t > * handle) > { > return &handle->dbase[DBASE_POLICY_SEUSERS];
On Wed, 2017-09-27 at 13:42 -0400, Stephen Smalley wrote: > On Wed, 2017-09-27 at 10:16 +0200, Vit Mojzis wrote: > > Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813 > > --- > > libsemanage/include/semanage/fcontexts_policy.h | 4 ++++ > > libsemanage/src/direct_api.c | 6 ++++++ > > libsemanage/src/fcontexts_policy.c | 8 ++++++++ > > libsemanage/src/handle.h | 19 +++++++++++++ > > ------ > > 4 files changed, 31 insertions(+), 6 deletions(-) > > > > diff --git a/libsemanage/include/semanage/fcontexts_policy.h > > b/libsemanage/include/semanage/fcontexts_policy.h > > index a50db2b..199a1e1 100644 > > --- a/libsemanage/include/semanage/fcontexts_policy.h > > +++ b/libsemanage/include/semanage/fcontexts_policy.h > > @@ -26,4 +26,8 @@ extern int > > semanage_fcontext_list(semanage_handle_t > > * handle, > > semanage_fcontext_t *** records, > > unsigned int *count); > > > > +extern int semanage_fcontext_list_homedirs(semanage_handle_t * > > handle, > > + semanage_fcontext_t *** records, > > + unsigned int *count); > > + > > #endif > > diff --git a/libsemanage/src/direct_api.c > > b/libsemanage/src/direct_api.c > > index 65842df..886a228 100644 > > --- a/libsemanage/src/direct_api.c > > +++ b/libsemanage/src/direct_api.c > > @@ -210,6 +210,12 @@ int semanage_direct_connect(semanage_handle_t > > * > > sh) > > semanage_fcontext_dbase_local > > (s > > h)) < 0) > > goto err; > > > > + if (fcontext_file_dbase_init(sh, > > + selinux_file_context_homedir_ > > pa > > th(), > > + selinux_file_context_homedir_ > > pa > > th(), > > This will return the wrong results if one specifies a policy store > other than the active one to semodule (via -s) or semanage (via -S), > e.g. semanage fcontext -S mls -l. You shouldn't be using the path of > the active, installed file_contexts.homedirs file but rather one from > the per-policy-store sandbox. The libsemanage functions always act > on > the sandbox. Also, you shouldn't be passing the same path as the ro > and > rw paths here, as you don't want a dbase flush to suddenly overwrite > the installed file_contexts.homedirs file. > > I guess the problem you currently have is we aren't keeping around a > copy of the generated file_contexts.homedirs in the sandbox; it is > only > created in the final tmp location and that entire directory tree is > deleted once we complete the transaction. You'd need to regenerate > it > on demand or keep it around if you want to do this. The easiest way to do this would likely be to add a SEMANAGE_STORE_FC_HOMEDIRS definition to semanage_sandbox_defs, add "/file_contexts.homedirs" to semanage_sandbox_paths[] at the corresponding index, and change semanage_genhomedircon() to set s.fcfilepath to semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_HOMEDIRS), and then semanage_copy_file() it to semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC_HOMEDIRS). Then you can call dbase_init on semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_FC_HOMEDIRS) as the ro path and semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_HOMEDIRS) as the rw path. Requires an extra copy of file_contexts.homedirs to stay around, but that's not significant. > > > + semanage_fcontext_dbase_homed > > ir > > s(sh)) < 0) > > + goto err; > > + > > if (seuser_file_dbase_init(sh, > > semanage_path(SEMANAGE_ACTIVE, > > SEMANAGE_SEUSERS_ > > LO > > CAL), > > diff --git a/libsemanage/src/fcontexts_policy.c > > b/libsemanage/src/fcontexts_policy.c > > index 0b063b1..98490ab 100644 > > --- a/libsemanage/src/fcontexts_policy.c > > +++ b/libsemanage/src/fcontexts_policy.c > > @@ -51,3 +51,11 @@ int semanage_fcontext_list(semanage_handle_t * > > handle, > > dbase_config_t *dconfig = > > semanage_fcontext_dbase_policy(handle); > > return dbase_list(handle, dconfig, records, count); > > } > > + > > +int semanage_fcontext_list_homedirs(semanage_handle_t * handle, > > + semanage_fcontext_t *** records, > > unsigned > > int *count) > > +{ > > + > > + dbase_config_t *dconfig = > > semanage_fcontext_dbase_homedirs(handle); > > + return dbase_list(handle, dconfig, records, count); > > +} > > diff --git a/libsemanage/src/handle.h b/libsemanage/src/handle.h > > index 889871d..1780ac8 100644 > > --- a/libsemanage/src/handle.h > > +++ b/libsemanage/src/handle.h > > @@ -79,7 +79,7 @@ struct semanage_handle { > > struct semanage_policy_table *funcs; > > > > /* Object databases */ > > -#define DBASE_COUNT 23 > > +#define DBASE_COUNT 24 > > > > /* Local modifications */ > > #define DBASE_LOCAL_USERS_BASE 0 > > @@ -102,13 +102,14 @@ struct semanage_handle { > > #define DBASE_POLICY_INTERFACES 15 > > #define DBASE_POLICY_BOOLEANS 16 > > #define DBASE_POLICY_FCONTEXTS 17 > > -#define DBASE_POLICY_SEUSERS 18 > > -#define DBASE_POLICY_NODES 19 > > -#define DBASE_POLICY_IBPKEYS 20 > > -#define DBASE_POLICY_IBENDPORTS 21 > > +#define DBASE_POLICY_FCONTEXTS_H 18 > > +#define DBASE_POLICY_SEUSERS 19 > > +#define DBASE_POLICY_NODES 20 > > +#define DBASE_POLICY_IBPKEYS 21 > > +#define DBASE_POLICY_IBENDPORTS 22 > > > > /* Active kernel policy */ > > -#define DBASE_ACTIVE_BOOLEANS 22 > > +#define DBASE_ACTIVE_BOOLEANS 23 > > dbase_config_t dbase[DBASE_COUNT]; > > }; > > > > @@ -236,6 +237,12 @@ static inline > > } > > > > static inline > > + dbase_config_t * > > semanage_fcontext_dbase_homedirs(semanage_handle_t * handle) > > +{ > > + return &handle->dbase[DBASE_POLICY_FCONTEXTS_H]; > > +} > > + > > +static inline > > dbase_config_t * > > semanage_seuser_dbase_policy(semanage_handle_t > > * handle) > > { > > return &handle->dbase[DBASE_POLICY_SEUSERS];
On 27.9.2017 19:04, William Roberts wrote: > 2017-09-27 1:16 GMT-07:00 Vit Mojzis <vmojzis@redhat.com>: >> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813 >> --- >> libsemanage/include/semanage/fcontexts_policy.h | 4 ++++ >> libsemanage/src/direct_api.c | 6 ++++++ >> libsemanage/src/fcontexts_policy.c | 8 ++++++++ >> libsemanage/src/handle.h | 19 +++++++++++++------ >> 4 files changed, 31 insertions(+), 6 deletions(-) >> >> diff --git a/libsemanage/include/semanage/fcontexts_policy.h b/libsemanage/include/semanage/fcontexts_policy.h >> index a50db2b..199a1e1 100644 >> --- a/libsemanage/include/semanage/fcontexts_policy.h >> +++ b/libsemanage/include/semanage/fcontexts_policy.h >> @@ -26,4 +26,8 @@ extern int semanage_fcontext_list(semanage_handle_t * handle, >> semanage_fcontext_t *** records, >> unsigned int *count); >> >> +extern int semanage_fcontext_list_homedirs(semanage_handle_t * handle, >> + semanage_fcontext_t *** records, >> + unsigned int *count); >> + >> #endif >> diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c >> index 65842df..886a228 100644 >> --- a/libsemanage/src/direct_api.c >> +++ b/libsemanage/src/direct_api.c >> @@ -210,6 +210,12 @@ int semanage_direct_connect(semanage_handle_t * sh) >> semanage_fcontext_dbase_local(sh)) < 0) >> goto err; >> >> + if (fcontext_file_dbase_init(sh, >> + selinux_file_context_homedir_path(), >> + selinux_file_context_homedir_path(), >> + semanage_fcontext_dbase_homedirs(sh)) < 0) >> + goto err; >> + >> if (seuser_file_dbase_init(sh, >> semanage_path(SEMANAGE_ACTIVE, >> SEMANAGE_SEUSERS_LOCAL), >> diff --git a/libsemanage/src/fcontexts_policy.c b/libsemanage/src/fcontexts_policy.c >> index 0b063b1..98490ab 100644 >> --- a/libsemanage/src/fcontexts_policy.c >> +++ b/libsemanage/src/fcontexts_policy.c >> @@ -51,3 +51,11 @@ int semanage_fcontext_list(semanage_handle_t * handle, >> dbase_config_t *dconfig = semanage_fcontext_dbase_policy(handle); >> return dbase_list(handle, dconfig, records, count); >> } >> + >> +int semanage_fcontext_list_homedirs(semanage_handle_t * handle, >> + semanage_fcontext_t *** records, unsigned int *count) >> +{ >> + >> + dbase_config_t *dconfig = semanage_fcontext_dbase_homedirs(handle); >> + return dbase_list(handle, dconfig, records, count); >> +} >> diff --git a/libsemanage/src/handle.h b/libsemanage/src/handle.h >> index 889871d..1780ac8 100644 >> --- a/libsemanage/src/handle.h >> +++ b/libsemanage/src/handle.h >> @@ -79,7 +79,7 @@ struct semanage_handle { >> struct semanage_policy_table *funcs; >> >> /* Object databases */ >> -#define DBASE_COUNT 23 >> +#define DBASE_COUNT 24 >> >> /* Local modifications */ >> #define DBASE_LOCAL_USERS_BASE 0 >> @@ -102,13 +102,14 @@ struct semanage_handle { >> #define DBASE_POLICY_INTERFACES 15 >> #define DBASE_POLICY_BOOLEANS 16 >> #define DBASE_POLICY_FCONTEXTS 17 >> -#define DBASE_POLICY_SEUSERS 18 >> -#define DBASE_POLICY_NODES 19 >> -#define DBASE_POLICY_IBPKEYS 20 >> -#define DBASE_POLICY_IBENDPORTS 21 >> +#define DBASE_POLICY_FCONTEXTS_H 18 >> +#define DBASE_POLICY_SEUSERS 19 >> +#define DBASE_POLICY_NODES 20 >> +#define DBASE_POLICY_IBPKEYS 21 >> +#define DBASE_POLICY_IBENDPORTS 22 >> >> /* Active kernel policy */ >> -#define DBASE_ACTIVE_BOOLEANS 22 >> +#define DBASE_ACTIVE_BOOLEANS 23 > Any particular reason to reassign all these defines instead > of just setting DBASE_POLICY_FCONTEXTS_H to 22 and > setting DBASE_ACTIVE_BOOLEANS to 23 other than just > to have DBASE_POLICY_FCONTEXTS_H follow > DBASE_POLICY_FCONTEXTS? Nope, just to keep organized . Should I set it to 22 instead? > > I'm also assuming, after looking at the code, that the database > itself is built every time so versioning mismatches are not a worry. > >> dbase_config_t dbase[DBASE_COUNT]; >> }; >> >> @@ -236,6 +237,12 @@ static inline >> } >> >> static inline >> + dbase_config_t * semanage_fcontext_dbase_homedirs(semanage_handle_t * handle) >> +{ >> + return &handle->dbase[DBASE_POLICY_FCONTEXTS_H]; >> +} >> + >> +static inline >> dbase_config_t * semanage_seuser_dbase_policy(semanage_handle_t * handle) >> { >> return &handle->dbase[DBASE_POLICY_SEUSERS]; >> -- >> 2.9.4 >> >> > >
On Sun, Oct 1, 2017 at 8:43 AM, Vit Mojzis <vmojzis@redhat.com> wrote: > > > On 27.9.2017 19:04, William Roberts wrote: >> >> 2017-09-27 1:16 GMT-07:00 Vit Mojzis <vmojzis@redhat.com>: >>> >>> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813 >>> --- >>> libsemanage/include/semanage/fcontexts_policy.h | 4 ++++ >>> libsemanage/src/direct_api.c | 6 ++++++ >>> libsemanage/src/fcontexts_policy.c | 8 ++++++++ >>> libsemanage/src/handle.h | 19 >>> +++++++++++++------ >>> 4 files changed, 31 insertions(+), 6 deletions(-) >>> >>> diff --git a/libsemanage/include/semanage/fcontexts_policy.h >>> b/libsemanage/include/semanage/fcontexts_policy.h >>> index a50db2b..199a1e1 100644 >>> --- a/libsemanage/include/semanage/fcontexts_policy.h >>> +++ b/libsemanage/include/semanage/fcontexts_policy.h >>> @@ -26,4 +26,8 @@ extern int semanage_fcontext_list(semanage_handle_t * >>> handle, >>> semanage_fcontext_t *** records, >>> unsigned int *count); >>> >>> +extern int semanage_fcontext_list_homedirs(semanage_handle_t * handle, >>> + semanage_fcontext_t *** records, >>> + unsigned int *count); >>> + >>> #endif >>> diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c >>> index 65842df..886a228 100644 >>> --- a/libsemanage/src/direct_api.c >>> +++ b/libsemanage/src/direct_api.c >>> @@ -210,6 +210,12 @@ int semanage_direct_connect(semanage_handle_t * sh) >>> semanage_fcontext_dbase_local(sh)) >>> < 0) >>> goto err; >>> >>> + if (fcontext_file_dbase_init(sh, >>> + selinux_file_context_homedir_path(), >>> + selinux_file_context_homedir_path(), >>> + >>> semanage_fcontext_dbase_homedirs(sh)) < 0) >>> + goto err; >>> + >>> if (seuser_file_dbase_init(sh, >>> semanage_path(SEMANAGE_ACTIVE, >>> >>> SEMANAGE_SEUSERS_LOCAL), >>> diff --git a/libsemanage/src/fcontexts_policy.c >>> b/libsemanage/src/fcontexts_policy.c >>> index 0b063b1..98490ab 100644 >>> --- a/libsemanage/src/fcontexts_policy.c >>> +++ b/libsemanage/src/fcontexts_policy.c >>> @@ -51,3 +51,11 @@ int semanage_fcontext_list(semanage_handle_t * handle, >>> dbase_config_t *dconfig = >>> semanage_fcontext_dbase_policy(handle); >>> return dbase_list(handle, dconfig, records, count); >>> } >>> + >>> +int semanage_fcontext_list_homedirs(semanage_handle_t * handle, >>> + semanage_fcontext_t *** records, unsigned int >>> *count) >>> +{ >>> + >>> + dbase_config_t *dconfig = >>> semanage_fcontext_dbase_homedirs(handle); >>> + return dbase_list(handle, dconfig, records, count); >>> +} >>> diff --git a/libsemanage/src/handle.h b/libsemanage/src/handle.h >>> index 889871d..1780ac8 100644 >>> --- a/libsemanage/src/handle.h >>> +++ b/libsemanage/src/handle.h >>> @@ -79,7 +79,7 @@ struct semanage_handle { >>> struct semanage_policy_table *funcs; >>> >>> /* Object databases */ >>> -#define DBASE_COUNT 23 >>> +#define DBASE_COUNT 24 >>> >>> /* Local modifications */ >>> #define DBASE_LOCAL_USERS_BASE 0 >>> @@ -102,13 +102,14 @@ struct semanage_handle { >>> #define DBASE_POLICY_INTERFACES 15 >>> #define DBASE_POLICY_BOOLEANS 16 >>> #define DBASE_POLICY_FCONTEXTS 17 >>> -#define DBASE_POLICY_SEUSERS 18 >>> -#define DBASE_POLICY_NODES 19 >>> -#define DBASE_POLICY_IBPKEYS 20 >>> -#define DBASE_POLICY_IBENDPORTS 21 >>> +#define DBASE_POLICY_FCONTEXTS_H 18 >>> +#define DBASE_POLICY_SEUSERS 19 >>> +#define DBASE_POLICY_NODES 20 >>> +#define DBASE_POLICY_IBPKEYS 21 >>> +#define DBASE_POLICY_IBENDPORTS 22 >>> >>> /* Active kernel policy */ >>> -#define DBASE_ACTIVE_BOOLEANS 22 >>> +#define DBASE_ACTIVE_BOOLEANS 23 >> >> Any particular reason to reassign all these defines instead >> of just setting DBASE_POLICY_FCONTEXTS_H to 22 and >> setting DBASE_ACTIVE_BOOLEANS to 23 other than just >> to have DBASE_POLICY_FCONTEXTS_H follow >> DBASE_POLICY_FCONTEXTS? > > Nope, just to keep organized . > Should I set it to 22 instead? > I don't have a major gripe with that other than it makes the patch larger than needed. >> >> I'm also assuming, after looking at the code, that the database >> itself is built every time so versioning mismatches are not a worry. >> >>> dbase_config_t dbase[DBASE_COUNT]; >>> }; >>> >>> @@ -236,6 +237,12 @@ static inline >>> } >>> >>> static inline >>> + dbase_config_t * semanage_fcontext_dbase_homedirs(semanage_handle_t >>> * handle) >>> +{ >>> + return &handle->dbase[DBASE_POLICY_FCONTEXTS_H]; >>> +} >>> + >>> +static inline >>> dbase_config_t * semanage_seuser_dbase_policy(semanage_handle_t * >>> handle) >>> { >>> return &handle->dbase[DBASE_POLICY_SEUSERS]; >>> -- >>> 2.9.4 >>> >>> >> >> >
diff --git a/libsemanage/include/semanage/fcontexts_policy.h b/libsemanage/include/semanage/fcontexts_policy.h index a50db2b..199a1e1 100644 --- a/libsemanage/include/semanage/fcontexts_policy.h +++ b/libsemanage/include/semanage/fcontexts_policy.h @@ -26,4 +26,8 @@ extern int semanage_fcontext_list(semanage_handle_t * handle, semanage_fcontext_t *** records, unsigned int *count); +extern int semanage_fcontext_list_homedirs(semanage_handle_t * handle, + semanage_fcontext_t *** records, + unsigned int *count); + #endif diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c index 65842df..886a228 100644 --- a/libsemanage/src/direct_api.c +++ b/libsemanage/src/direct_api.c @@ -210,6 +210,12 @@ int semanage_direct_connect(semanage_handle_t * sh) semanage_fcontext_dbase_local(sh)) < 0) goto err; + if (fcontext_file_dbase_init(sh, + selinux_file_context_homedir_path(), + selinux_file_context_homedir_path(), + semanage_fcontext_dbase_homedirs(sh)) < 0) + goto err; + if (seuser_file_dbase_init(sh, semanage_path(SEMANAGE_ACTIVE, SEMANAGE_SEUSERS_LOCAL), diff --git a/libsemanage/src/fcontexts_policy.c b/libsemanage/src/fcontexts_policy.c index 0b063b1..98490ab 100644 --- a/libsemanage/src/fcontexts_policy.c +++ b/libsemanage/src/fcontexts_policy.c @@ -51,3 +51,11 @@ int semanage_fcontext_list(semanage_handle_t * handle, dbase_config_t *dconfig = semanage_fcontext_dbase_policy(handle); return dbase_list(handle, dconfig, records, count); } + +int semanage_fcontext_list_homedirs(semanage_handle_t * handle, + semanage_fcontext_t *** records, unsigned int *count) +{ + + dbase_config_t *dconfig = semanage_fcontext_dbase_homedirs(handle); + return dbase_list(handle, dconfig, records, count); +} diff --git a/libsemanage/src/handle.h b/libsemanage/src/handle.h index 889871d..1780ac8 100644 --- a/libsemanage/src/handle.h +++ b/libsemanage/src/handle.h @@ -79,7 +79,7 @@ struct semanage_handle { struct semanage_policy_table *funcs; /* Object databases */ -#define DBASE_COUNT 23 +#define DBASE_COUNT 24 /* Local modifications */ #define DBASE_LOCAL_USERS_BASE 0 @@ -102,13 +102,14 @@ struct semanage_handle { #define DBASE_POLICY_INTERFACES 15 #define DBASE_POLICY_BOOLEANS 16 #define DBASE_POLICY_FCONTEXTS 17 -#define DBASE_POLICY_SEUSERS 18 -#define DBASE_POLICY_NODES 19 -#define DBASE_POLICY_IBPKEYS 20 -#define DBASE_POLICY_IBENDPORTS 21 +#define DBASE_POLICY_FCONTEXTS_H 18 +#define DBASE_POLICY_SEUSERS 19 +#define DBASE_POLICY_NODES 20 +#define DBASE_POLICY_IBPKEYS 21 +#define DBASE_POLICY_IBENDPORTS 22 /* Active kernel policy */ -#define DBASE_ACTIVE_BOOLEANS 22 +#define DBASE_ACTIVE_BOOLEANS 23 dbase_config_t dbase[DBASE_COUNT]; }; @@ -236,6 +237,12 @@ static inline } static inline + dbase_config_t * semanage_fcontext_dbase_homedirs(semanage_handle_t * handle) +{ + return &handle->dbase[DBASE_POLICY_FCONTEXTS_H]; +} + +static inline dbase_config_t * semanage_seuser_dbase_policy(semanage_handle_t * handle) { return &handle->dbase[DBASE_POLICY_SEUSERS];