From patchwork Wed Feb 3 17:16:53 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12064875 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C549EC433DB for ; Wed, 3 Feb 2021 17:17:46 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 7EB7264F8C for ; Wed, 3 Feb 2021 17:17:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231687AbhBCRRp (ORCPT ); Wed, 3 Feb 2021 12:17:45 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35162 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231249AbhBCRRl (ORCPT ); Wed, 3 Feb 2021 12:17:41 -0500 Received: from mail-ed1-x532.google.com (mail-ed1-x532.google.com [IPv6:2a00:1450:4864:20::532]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 99767C061573 for ; Wed, 3 Feb 2021 09:17:01 -0800 (PST) Received: by mail-ed1-x532.google.com with SMTP id t5so442070eds.12 for ; Wed, 03 Feb 2021 09:17:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20161025; h=from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=OHbYRj5YDeqPeKJB1k9XEmHCynunPqcnx1gDOOtkyy0=; b=UI/qQa0qvCVN24cRCBP9Mu9xptTPOt+CrsEVkj3elT42OM0JiJs2JjK0V0IQ53NnlJ Tg67Slf9EVwegp9jC6Hi2RCH3cMI3tLbAmV6MrJkD+uCVm4FRmpiA40t4m8iBbcGc/AH afTc7MH7drZF8SAkt5/yJLFw//ehH3bRPTJ9alIQn8bmGUx136D4vh+M8xbLWvnaU6Zl 75yuSwusvijh6ynB51nJ7cvZBPL/O+N8ubIRMejDwVPTcf2xnPYiZzEg7qIW+zj4H5Wp sqQYfrDD8IYJCKnuayA/9VQFVuazkU40nIln3en7WWJo9KX/aXyQyiHpKMg50uGOwM+M 6oag== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=OHbYRj5YDeqPeKJB1k9XEmHCynunPqcnx1gDOOtkyy0=; b=MKkjQ4M12L24lEQuprGWFjeEMxKw5y5hJwK9TbnQknbL7BH8/QKD40frc+15qB8wmi Nh29zJwXEsMVYz2JtOJLawzb85l9lG7hvwpCVgLa45EUNKMoafE8YrK1mbN5nRMNGY8a DKFlGztirAxNAY7UmYFODzUkDWW6JY2VOENd7Nk1b7Cs8Ktdo1yv+GY0HfPOcJU+9Qqf /Ux9KR+8QjZAMtP5pU75CBIolpvZytqvyVtOtUVKvN8xtieyuESrcZMUtSx2rAwjfl20 AV9tti3vKvBY+z1BnMZw6V1MaMBchIRZ8IoyjyqNixszOKPW0ShSQ6zTYkeZq17pbfxl QjhA== X-Gm-Message-State: AOAM531iknvXAzAfa+qp854FANTLXApr1unUmWzkbIOp2LN4Ehygcac9 mFXOnZGCDyCYUCig0jMzmmtr67h1Z44= X-Google-Smtp-Source: ABdhPJyuQl5YpJbXMpeLBQ9IMdzdzSa5tDdD1tOQ4VlTnPnqsgdqY4l7f11J/Ipo4HHTBXnOY7EYKQ== X-Received: by 2002:aa7:d148:: with SMTP id r8mr4048336edo.127.1612372620379; Wed, 03 Feb 2021 09:17:00 -0800 (PST) Received: from debianHome.localdomain (dynamic-077-000-080-008.77.0.pool.telefonica.de. [77.0.80.8]) by smtp.gmail.com with ESMTPSA id z16sm1256353ejx.73.2021.02.03.09.16.59 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 03 Feb 2021 09:16:59 -0800 (PST) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [PATCH 1/2] libselinux/getconlist: report failures Date: Wed, 3 Feb 2021 18:16:53 +0100 Message-Id: <20210203171654.37002-1-cgzones@googlemail.com> X-Mailer: git-send-email 2.30.0 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Check the given context a priori, to print a more user friendly message, opposed to a generic following get_ordered_context_list/_with_level failure. Notify the user about failures of get_ordered_context_list/_with_level, so no-context-found and a failure results are distinguishable. Signed-off-by: Christian Göttsche --- libselinux/utils/getconlist.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/libselinux/utils/getconlist.c b/libselinux/utils/getconlist.c index 29c16640..76654b75 100644 --- a/libselinux/utils/getconlist.c +++ b/libselinux/utils/getconlist.c @@ -58,8 +58,14 @@ int main(int argc, char **argv) free(level); return 2; } - } else + } else { cur_context = argv[optind + 1]; + if (security_check_context(cur_context) != 0) { + fprintf(stderr, "Given context '%s' is invalid.\n", cur_context); + free(level); + return 3; + } + } /* Get the list and print it */ if (level) @@ -72,6 +78,11 @@ int main(int argc, char **argv) for (i = 0; list[i]; i++) puts(list[i]); freeconary(list); + } else { + fprintf(stderr, "get_ordered_context_list%s failure: %d(%s)\n", + level ? "_with_level" : "", errno, strerror(errno)); + free(level); + return 4; } free(level); From patchwork Wed Feb 3 17:16:54 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12064877 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4C8E6C433E0 for ; Wed, 3 Feb 2021 17:17:47 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id F181564F8C for ; Wed, 3 Feb 2021 17:17:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231757AbhBCRRp (ORCPT ); Wed, 3 Feb 2021 12:17:45 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35164 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231476AbhBCRRl (ORCPT ); Wed, 3 Feb 2021 12:17:41 -0500 Received: from mail-ed1-x52f.google.com (mail-ed1-x52f.google.com [IPv6:2a00:1450:4864:20::52f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0B1D3C0613D6 for ; Wed, 3 Feb 2021 09:17:02 -0800 (PST) Received: by mail-ed1-x52f.google.com with SMTP id l12so524896edt.3 for ; Wed, 03 Feb 2021 09:17:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20161025; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=i33UezBDuD8/xEWYRdQB0AXv1sicv5L8V0h+HMhsnDw=; b=mF3qAsxzg4X9W2mCI2cbS+FQs4EeuP6BM+FURsfEL3bOIFCIrkeVPC6VuKX642clOM naUBFyh4rWn/ACHJG0s9DxN6cu1aPvOeGStq4FgfjeKreiA+gIAjeuhXUacwKOKH5yXD 8EKUVRbZlZgwv8NdSvofwrohyWy2B/ohAZVcm5Lte1cxRJ7B/VP0RVunx/fjKwNorDcL bFkW5SfoWAm6qP01HuJnUQfDDguSOMUrAXWZx+BustTtEsoz4ZUeRp+z81GXoKcnQCTx ATCpYX5D/EMnKDvvIUpDSzZcASNKaCW0vPSNnPk3pzkjzS/pugNEb+XFc8bbUAE/l39k O/5A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=i33UezBDuD8/xEWYRdQB0AXv1sicv5L8V0h+HMhsnDw=; b=lhli9b8F8eWkGZmhnOTq7cvn0qPquq5wW7eT8Y7R1/ePSoO2AOlv7Mw0EyzQQ727VE f0t3Eo/VMN4gilK76S+CCFrS8qx9cF3gRsBkLK2m77dlIeTHWxi0MDj/fDLHYdsNTGh5 Y2CZd0ij7uU37LfMBRCjcSGLyKXAVUMFRxbzPG9eypiWSNGEOOGtLNqCgNxF+smX/+Uz tMOqDWIlg+yhp7wKLaqkEEaSccHQ3lga8TuueQtdIe7AgBAO8enorwFV3SlSa/ZzpFzU MmSUnuTtHZTrDNAOzz3KlshBbRN5u8hHMULuPXPfjqKPpBVxQNpqFhXcGCPMv80cqPEc rBQA== X-Gm-Message-State: AOAM531V8SDCC0oWGA3iMmcWxoi6eNI+KhAeUeTIKsORO27wM0QgJb0b GsbVI9V7XM510AxwDJSvx8MPTdQLSFI= X-Google-Smtp-Source: ABdhPJxyusgpspjfc2be5ZFqlqN/Z9d5X1js89kWM73mWeqhDZCv/gDUI2+YSQTQf44a3NwscXxocw== X-Received: by 2002:a50:998f:: with SMTP id m15mr4085541edb.342.1612372620786; Wed, 03 Feb 2021 09:17:00 -0800 (PST) Received: from debianHome.localdomain (dynamic-077-000-080-008.77.0.pool.telefonica.de. [77.0.80.8]) by smtp.gmail.com with ESMTPSA id z16sm1256353ejx.73.2021.02.03.09.17.00 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 03 Feb 2021 09:17:00 -0800 (PST) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [PATCH 2/2] policycoreutils/fixfiles.8: add missing file systems and merge check and verify Date: Wed, 3 Feb 2021 18:16:54 +0100 Message-Id: <20210203171654.37002-2-cgzones@googlemail.com> X-Mailer: git-send-email 2.30.0 In-Reply-To: <20210203171654.37002-1-cgzones@googlemail.com> References: <20210203171654.37002-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Mention the supported file systems ext4, gfs2 and btrfs. The options check and verify are interchangeable, merge their description. Signed-off-by: Christian Göttsche Acked-by: Petr Lautrbach --- policycoreutils/scripts/fixfiles.8 | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/policycoreutils/scripts/fixfiles.8 b/policycoreutils/scripts/fixfiles.8 index 12342530..c4e894e5 100644 --- a/policycoreutils/scripts/fixfiles.8 +++ b/policycoreutils/scripts/fixfiles.8 @@ -35,8 +35,8 @@ database (extended attributes) on filesystems. .P It can also be run at any time to relabel when adding support for new policy, or just check whether the file contexts are all -as you expect. By default it will relabel all mounted ext2, ext3, xfs and -jfs file systems as long as they do not have a security context mount +as you expect. By default it will relabel all mounted ext2, ext3, ext4, gfs2, xfs, +jfs and btrfs file systems as long as they do not have a security context mount option. You can use the \-R flag to use rpmpackages as an alternative. The file /etc/selinux/fixfiles_exclude_dirs can contain a list of directories excluded from relabeling. @@ -79,7 +79,7 @@ Modify verbosity from progress to verbose. (Run restorecon with \-v instead of \ .SH "ARGUMENTS" One of: .TP -.B check +.B check | verify print any incorrect file context labels, showing old and new context, but do not change them. .TP .B restore @@ -88,9 +88,6 @@ change any incorrect file context labels. .B relabel Prompt for removal of contents of /tmp directory and then change any incorrect file context labels to match the install file_contexts file. .TP -.B verify -List out files with incorrect file context labels, but do not change them. -.TP .B [[dir/file] ... ] List of files or directories trees that you wish to check file context on.