From patchwork Tue Jul 2 12:09:04 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vit Mojzis X-Patchwork-Id: 11027769 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id DE4D3138B for ; Tue, 2 Jul 2019 12:09:24 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C6FEF288EA for ; Tue, 2 Jul 2019 12:09:24 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B91D7288E5; Tue, 2 Jul 2019 12:09:24 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 09233288E5 for ; Tue, 2 Jul 2019 12:09:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725972AbfGBMJX (ORCPT ); Tue, 2 Jul 2019 08:09:23 -0400 Received: from mx1.redhat.com ([209.132.183.28]:50008 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725835AbfGBMJX (ORCPT ); Tue, 2 Jul 2019 08:09:23 -0400 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 8A278C1EB21A for ; Tue, 2 Jul 2019 12:09:23 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.43.12.184]) by smtp.corp.redhat.com (Postfix) with ESMTP id 0EA60BA48 for ; Tue, 2 Jul 2019 12:09:22 +0000 (UTC) From: Vit Mojzis To: selinux@vger.kernel.org Subject: [PATCH 1/2] Revert "mcstransd select correct colour range." Date: Tue, 2 Jul 2019 14:09:04 +0200 Message-Id: <20190702120905.9808-1-vmojzis@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Tue, 02 Jul 2019 12:09:23 +0000 (UTC) Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP This reverts commit fe17b3d2d924018750386c5ee74f12ca4b054136. MLS ranges should be compared based on dominance. This fixes mlscolor-test on mcstrans examples. Eg. mlscolor-test using /usr/share/mcstrans/examples/urcsts when executed on mls machine fails as follows: \#pushd /usr/share/mcstrans/examples/urcsts \#cp -f secolor.conf /etc/selinux/mls/secolor.conf \#cp -f setrans.conf /etc/selinux/mls/setrans.conf \#systemctl restart mcstransd \#python3 /usr/share/mcstrans/util/mlscolor-test urcsts.color For 'system_u:system_r:inetd_t:SystemLow' got '#000000 #000000 #000000 #000000 #000000 #000000 #000000 #000000' expected '#000000 #000000 #000000 #000000 #000000 #000000 #000000 #008000' ... mlscolor-test done with 19 errors Signed-off-by: Vit Mojzis --- mcstrans/src/mcscolor.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/mcstrans/src/mcscolor.c b/mcstrans/src/mcscolor.c index 6ea1aa97..d597e0df 100644 --- a/mcstrans/src/mcscolor.c +++ b/mcstrans/src/mcscolor.c @@ -134,12 +134,12 @@ static const secolor_t *find_color(int idx, const char *component, } while (ptr) { - if (fnmatch(ptr->pattern, component, 0) == 0) { - if (idx == COLOR_RANGE) { - if (check_dominance(ptr->pattern, raw) == 0) - return &ptr->color; - } else - return &ptr->color; + if (idx == COLOR_RANGE) { + if (check_dominance(ptr->pattern, raw) == 0) + return &ptr->color; + } else { + if (fnmatch(ptr->pattern, component, 0) == 0) + return &ptr->color; } ptr = ptr->next; } From patchwork Tue Jul 2 12:09:05 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vit Mojzis X-Patchwork-Id: 11027771 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id AC914138B for ; Tue, 2 Jul 2019 12:09:30 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 961A2288E6 for ; Tue, 2 Jul 2019 12:09:30 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8ABBB288EA; Tue, 2 Jul 2019 12:09:30 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1F8B92012F for ; Tue, 2 Jul 2019 12:09:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726341AbfGBMJ3 (ORCPT ); Tue, 2 Jul 2019 08:09:29 -0400 Received: from mx1.redhat.com ([209.132.183.28]:60218 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725835AbfGBMJ3 (ORCPT ); Tue, 2 Jul 2019 08:09:29 -0400 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 8F7943082E53 for ; Tue, 2 Jul 2019 12:09:29 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.43.12.184]) by smtp.corp.redhat.com (Postfix) with ESMTP id 15F9C60C44 for ; Tue, 2 Jul 2019 12:09:28 +0000 (UTC) From: Vit Mojzis To: selinux@vger.kernel.org Subject: [PATCH 2/2] Fix mcstrans secolor examples Date: Tue, 2 Jul 2019 14:09:05 +0200 Message-Id: <20190702120905.9808-2-vmojzis@redhat.com> In-Reply-To: <20190702120905.9808-1-vmojzis@redhat.com> References: <20190702120905.9808-1-vmojzis@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.46]); Tue, 02 Jul 2019 12:09:29 +0000 (UTC) Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP According to "check_dominance" function: Range defined as "s15:c0.c1023" does not dominate any other range than "s15:c0.c1023" (does not dominate "s15", "s15:c0.c200", etc.). While range defined as "s15-s15:c0.c1023" dominates all of the above. This is either a bug, or "s15:c0.c1023" should not be used in the examples. Signed-off-by: Vit Mojzis --- libselinux/man/man5/secolor.conf.5 | 4 ++-- libselinux/man/ru/man5/secolor.conf.5 | 4 ++-- mcstrans/share/examples/urcsts-via-include/secolor.conf | 2 +- mcstrans/share/examples/urcsts/secolor.conf | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/libselinux/man/man5/secolor.conf.5 b/libselinux/man/man5/secolor.conf.5 index b834577a..a3bf2da1 100644 --- a/libselinux/man/man5/secolor.conf.5 +++ b/libselinux/man/man5/secolor.conf.5 @@ -123,7 +123,7 @@ range s7\-s7:c0.c1023 = black red .br range s9\-s9:c0.c1023 = black orange .br -range s15:c0.c1023 = black yellow +range s15\-s15:c0.c1023 = black yellow .RE .sp @@ -165,7 +165,7 @@ type xguest_t = black green .br user sysadm_u = white black .br -range s0:c0.c1023 = black white +range s0-s0:c0.c1023 = black white .br user * = black white .br diff --git a/libselinux/man/ru/man5/secolor.conf.5 b/libselinux/man/ru/man5/secolor.conf.5 index 4c1236ae..bcae80c1 100644 --- a/libselinux/man/ru/man5/secolor.conf.5 +++ b/libselinux/man/ru/man5/secolor.conf.5 @@ -121,7 +121,7 @@ range s7\-s7:c0.c1023 = black red .br range s9\-s9:c0.c1023 = black orange .br -range s15:c0.c1023 = black yellow +range s15\-s15:c0.c1023 = black yellow .RE .sp @@ -163,7 +163,7 @@ type xguest_t = black green .br user sysadm_u = white black .br -range s0:c0.c1023 = black white +range s0\-s0:c0.c1023 = black white .br user * = black white .br diff --git a/mcstrans/share/examples/urcsts-via-include/secolor.conf b/mcstrans/share/examples/urcsts-via-include/secolor.conf index d35b3c67..3b3f5430 100644 --- a/mcstrans/share/examples/urcsts-via-include/secolor.conf +++ b/mcstrans/share/examples/urcsts-via-include/secolor.conf @@ -17,5 +17,5 @@ range s3-s3:c0.c1023 = black tan range s5-s5:c0.c1023 = white blue range s7-s7:c0.c1023 = black red range s9-s9:c0.c1023 = black orange -range s15:c0.c1023 = black yellow +range s15-s15:c0.c1023 = black yellow diff --git a/mcstrans/share/examples/urcsts/secolor.conf b/mcstrans/share/examples/urcsts/secolor.conf index d35b3c67..3b3f5430 100644 --- a/mcstrans/share/examples/urcsts/secolor.conf +++ b/mcstrans/share/examples/urcsts/secolor.conf @@ -17,5 +17,5 @@ range s3-s3:c0.c1023 = black tan range s5-s5:c0.c1023 = white blue range s7-s7:c0.c1023 = black red range s9-s9:c0.c1023 = black orange -range s15:c0.c1023 = black yellow +range s15-s15:c0.c1023 = black yellow