From patchwork Mon Nov 25 11:18:32 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13884823 Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 80DB21957F4 for ; Mon, 25 Nov 2024 11:18:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732533528; cv=none; b=OnTcQeeqxpF59OlaI6MPbfWAW835Xc7w84/JpaXtNY5ee0vXhnkMIbYu8XfbKM1mDi4fX/JoJr9i6vBjIjE15EfuWx5lgDfohphmxry8a5UtKZfB4SPM5z5eN0DO/ay43eIiF9zTMpsj2Ag6ErH1h8c0gPaXAU3ze44lPaZhHAM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732533528; c=relaxed/simple; bh=yA4zYpLIRF9wBjamTMo85hSMBWtrFjZ251BqWvhmDp4=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version:Content-Type; b=Z27673BFgKb6Z7rnqARDctcYVbWgCNHFxsenqvzk9w5CkxHcdBS+uP8eNltPknk90Wv27RsWSfABolbPH+k4WJm4+7A0ZkSF3D+yvAhk1d7n3dC+JzmLLEDfAvN+CwF0SaJ5xjxbr8vzk5MYgVgiYIgT60t0Ct3IBp7yVzpGT5k= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=t6tmU3Xm; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="t6tmU3Xm" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1732533524; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=O5JXb33srMViKxdGk82E6jSz/58pI075e6DiJWIdNjY=; b=t6tmU3XmaMqfkMVnCaUE/Qz72JNSF5s8MGbKYnt5dL0zcZk/ChYgm9+OebsthvtT8KH0Lw 58LvrDxbp3Atxfqus9iTL7qIoYOr0l8vqdiUL9yv+NUYX9el4hxtuul2zQwcP3azRrSl+F qpIwRX6hwHiw9Je7dwyhJWXiahdgxHwHIjXrluLY4x1o/fatUBFsNJ2EY1kuSoOFXdnTCg QZQOsbfSlWUbH02MQBIOVZvwn7Xidv9sjuockzaXn2JIn7tuB6oCtC4VxxLeRBTB5DBhUW 5dyCG1m7ce1aLAmXlWgmpD5kp3zR8z77YGnUrm+a4Quo+upOv/4c7jCo/6DkFA== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [PATCH v2 1/9] libsemanage: set O_CLOEXEC flag for file descriptors Date: Mon, 25 Nov 2024 12:18:32 +0100 Message-ID: <20241125111840.63845-1-cgoettsche@seltendoof.de> Reply-To: cgzones@googlemail.com Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche Close internal managed file descriptors in case of an concurrent execve. Also avoid leaking file descriptors in get_shell_list(). Signed-off-by: Christian Göttsche --- libsemanage/src/compressed_file.c | 4 ++-- libsemanage/src/conf-parse.y | 2 +- libsemanage/src/database_file.c | 2 +- libsemanage/src/database_policydb.c | 2 +- libsemanage/src/direct_api.c | 20 ++++++++++---------- libsemanage/src/genhomedircon.c | 8 +++++--- libsemanage/src/parse_utils.c | 2 +- libsemanage/src/semanage_store.c | 26 +++++++++++++------------- libsemanage/src/utilities.c | 2 +- 9 files changed, 35 insertions(+), 33 deletions(-) diff --git a/libsemanage/src/compressed_file.c b/libsemanage/src/compressed_file.c index e62d2a18..e4a1efb0 100644 --- a/libsemanage/src/compressed_file.c +++ b/libsemanage/src/compressed_file.c @@ -48,7 +48,7 @@ static int bzip(semanage_handle_t *sh, const char *filename, void *data, size_t len; FILE *f; - if ((f = fopen(filename, "wb")) == NULL) { + if ((f = fopen(filename, "wbe")) == NULL) { return -1; } @@ -177,7 +177,7 @@ int map_compressed_file(semanage_handle_t *sh, const char *path, int ret = 0, fd = -1; FILE *file = NULL; - fd = open(path, O_RDONLY); + fd = open(path, O_RDONLY | O_CLOEXEC); if (fd == -1) { ERR(sh, "Unable to open %s\n", path); return -1; diff --git a/libsemanage/src/conf-parse.y b/libsemanage/src/conf-parse.y index d6481359..b2b84892 100644 --- a/libsemanage/src/conf-parse.y +++ b/libsemanage/src/conf-parse.y @@ -468,7 +468,7 @@ semanage_conf_t *semanage_conf_parse(const char *config_filename) if (semanage_conf_init(current_conf) == -1) { goto cleanup; } - if ((semanage_in = fopen(config_filename, "r")) == NULL) { + if ((semanage_in = fopen(config_filename, "re")) == NULL) { /* configuration file does not exist or could not be * read. THIS IS NOT AN ERROR. just rely on the * defaults. */ diff --git a/libsemanage/src/database_file.c b/libsemanage/src/database_file.c index 42e308d5..a54c5aee 100644 --- a/libsemanage/src/database_file.c +++ b/libsemanage/src/database_file.c @@ -127,7 +127,7 @@ static int dbase_file_flush(semanage_handle_t * handle, dbase_file_t * dbase) fname = dbase->path[handle->is_in_transaction]; mask = umask(0077); - str = fopen(fname, "w"); + str = fopen(fname, "we"); umask(mask); if (!str) { ERR(handle, "could not open %s for writing: %s", diff --git a/libsemanage/src/database_policydb.c b/libsemanage/src/database_policydb.c index da64a3ad..62467d15 100644 --- a/libsemanage/src/database_policydb.c +++ b/libsemanage/src/database_policydb.c @@ -111,7 +111,7 @@ static int dbase_policydb_cache(semanage_handle_t * handle, /* Try opening file * ENOENT is not fatal - we just create an empty policydb */ - fp = fopen(fname, "rb"); + fp = fopen(fname, "rbe"); if (fp == NULL && errno != ENOENT) { ERR(handle, "could not open %s for reading: %s", fname, strerror(errno)); diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c index d5299796..85876676 100644 --- a/libsemanage/src/direct_api.c +++ b/libsemanage/src/direct_api.c @@ -457,7 +457,7 @@ static int write_file(semanage_handle_t * sh, int out; if ((out = - open(filename, O_WRONLY | O_CREAT | O_TRUNC, + open(filename, O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC, S_IRUSR | S_IWUSR)) == -1) { ERR(sh, "Could not open %s for writing.", filename); return -1; @@ -644,17 +644,17 @@ static int semanage_pipe_data(semanage_handle_t *sh, const char *path, const cha */ sigaction(SIGPIPE, &new_signal, &old_signal); - retval = pipe(input_fd); + retval = pipe2(input_fd, O_CLOEXEC); if (retval == -1) { ERR(sh, "Unable to create pipe for input pipe: %s\n", strerror(errno)); goto cleanup; } - retval = pipe(output_fd); + retval = pipe2(output_fd, O_CLOEXEC); if (retval == -1) { ERR(sh, "Unable to create pipe for output pipe: %s\n", strerror(errno)); goto cleanup; } - retval = pipe(err_fd); + retval = pipe2(err_fd, O_CLOEXEC); if (retval == -1) { ERR(sh, "Unable to create pipe for error pipe: %s\n", strerror(errno)); goto cleanup; @@ -826,7 +826,7 @@ static int semanage_direct_write_langext(semanage_handle_t *sh, goto cleanup; } - fp = fopen(fn, "w"); + fp = fopen(fn, "we"); if (fp == NULL) { ERR(sh, "Unable to open %s module ext file.", modinfo->name); ret = -1; @@ -1077,7 +1077,7 @@ static int semanage_compare_checksum(semanage_handle_t *sh, const char *referenc int fd, retval; char *data; - fd = open(path, O_RDONLY); + fd = open(path, O_RDONLY | O_CLOEXEC); if (fd == -1) { if (errno != ENOENT) { ERR(sh, "Unable to open %s: %s\n", path, strerror(errno)); @@ -1218,7 +1218,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) } if (sepol_get_disable_dontaudit(sh->sepolh) == 1) { FILE *touch; - touch = fopen(path, "w"); + touch = fopen(path, "we"); if (touch != NULL) { if (fclose(touch) != 0) { ERR(sh, "Error attempting to create disable_dontaudit flag."); @@ -1250,7 +1250,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) if (sepol_get_preserve_tunables(sh->sepolh) == 1) { FILE *touch; - touch = fopen(path, "w"); + touch = fopen(path, "we"); if (touch != NULL) { if (fclose(touch) != 0) { ERR(sh, "Error attempting to create preserve_tunable flag."); @@ -2109,7 +2109,7 @@ static int semanage_direct_set_enabled(semanage_handle_t *sh, switch (enabled) { case 0: /* disable the module */ mask = umask(0077); - fp = fopen(fn, "w"); + fp = fopen(fn, "we"); umask(mask); if (fp == NULL) { @@ -2296,7 +2296,7 @@ static int semanage_direct_get_module_info(semanage_handle_t *sh, goto cleanup; } - fp = fopen(fn, "r"); + fp = fopen(fn, "re"); if (fp == NULL) { ERR(sh, diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c index fd2f8a89..53673645 100644 --- a/libsemanage/src/genhomedircon.c +++ b/libsemanage/src/genhomedircon.c @@ -218,7 +218,7 @@ static semanage_list_t *get_shell_list(void) size_t buff_len = 0; ssize_t len; - shells = fopen(PATH_SHELLS_FILE, "r"); + shells = fopen(PATH_SHELLS_FILE, "re"); if (!shells) return default_shell_list(); while ((len = getline(&temp, &buff_len, shells)) > 0) { @@ -227,11 +227,13 @@ static semanage_list_t *get_shell_list(void) if (semanage_list_push(&list, temp)) { free(temp); semanage_list_destroy(&list); + fclose(shells); return default_shell_list(); } } } free(temp); + fclose(shells); return list; } @@ -503,7 +505,7 @@ static semanage_list_t *make_template(genhomedircon_settings_t * s, FILE *template_file = NULL; semanage_list_t *template_data = NULL; - template_file = fopen(s->homedir_template_path, "r"); + template_file = fopen(s->homedir_template_path, "re"); if (!template_file) return NULL; template_data = semanage_slurp_file_filter(template_file, pred); @@ -1413,7 +1415,7 @@ int semanage_genhomedircon(semanage_handle_t * sh, s.h_semanage = sh; s.policydb = policydb; - if (!(out = fopen(s.fcfilepath, "w"))) { + if (!(out = fopen(s.fcfilepath, "we"))) { /* couldn't open output file */ ERR(sh, "Could not open the file_context file for writing"); retval = STATUS_ERR; diff --git a/libsemanage/src/parse_utils.c b/libsemanage/src/parse_utils.c index 2f33f629..d1d6e930 100644 --- a/libsemanage/src/parse_utils.c +++ b/libsemanage/src/parse_utils.c @@ -45,7 +45,7 @@ void parse_release(parse_info_t * info) int parse_open(semanage_handle_t * handle, parse_info_t * info) { - info->file_stream = fopen(info->filename, "r"); + info->file_stream = fopen(info->filename, "re"); if (!info->file_stream && (errno != ENOENT)) { ERR(handle, "could not open file %s: %s", info->filename, strerror(errno)); diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c index 5cd2d219..d75aab68 100644 --- a/libsemanage/src/semanage_store.c +++ b/libsemanage/src/semanage_store.c @@ -585,7 +585,7 @@ int semanage_create_store(semanage_handle_t * sh, int create) if (stat(path, &sb) == -1) { if (errno == ENOENT && create) { mask = umask(0077); - if ((fd = creat(path, S_IRUSR | S_IWUSR)) == -1) { + if ((fd = open(path, O_CREAT | O_WRONLY | O_TRUNC | O_CLOEXEC, S_IRUSR | S_IWUSR)) == -1) { umask(mask); ERR(sh, "Could not create lock file at %s.", path); @@ -682,7 +682,7 @@ int semanage_copy_file(semanage_handle_t *sh, const char *src, const char *dst, if (n < 0 || n >= PATH_MAX) return -1; - if ((in = open(src, O_RDONLY)) == -1) { + if ((in = open(src, O_RDONLY | O_CLOEXEC)) == -1) { return -1; } @@ -690,7 +690,7 @@ int semanage_copy_file(semanage_handle_t *sh, const char *src, const char *dst, mode = S_IRUSR | S_IWUSR; mask = umask(0); - if ((out = open(tmp, O_WRONLY | O_CREAT | O_TRUNC, mode)) == -1) { + if ((out = open(tmp, O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC, mode)) == -1) { umask(mask); errsv = errno; close(in); @@ -1489,7 +1489,7 @@ int semanage_split_fc(semanage_handle_t * sh) char buf[PATH_MAX] = { 0 }; /* I use fopen here instead of open so that I can use fgets which only reads a single line */ - file_con = fopen(semanage_path(SEMANAGE_TMP, SEMANAGE_FC_TMPL), "r"); + file_con = fopen(semanage_path(SEMANAGE_TMP, SEMANAGE_FC_TMPL), "re"); if (!file_con) { ERR(sh, "Could not open %s for reading.", semanage_path(SEMANAGE_TMP, SEMANAGE_FC_TMPL)); @@ -1497,14 +1497,14 @@ int semanage_split_fc(semanage_handle_t * sh) } fc = open(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC), - O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR); + O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC, S_IRUSR | S_IWUSR); if (fc < 0) { ERR(sh, "Could not open %s for writing.", semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC)); goto cleanup; } hd = open(semanage_path(SEMANAGE_TMP, SEMANAGE_HOMEDIR_TMPL), - O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR); + O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC, S_IRUSR | S_IWUSR); if (hd < 0) { ERR(sh, "Could not open %s for writing.", semanage_path(SEMANAGE_TMP, SEMANAGE_HOMEDIR_TMPL)); @@ -1719,7 +1719,7 @@ static int semanage_commit_sandbox(semanage_handle_t * sh) memset(write_buf, 0, sizeof(write_buf)); snprintf(write_buf, sizeof(write_buf), "%d", commit_number); if ((fd = - open(commit_filename, O_WRONLY | O_CREAT | O_TRUNC, + open(commit_filename, O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC, S_IRUSR | S_IWUSR)) == -1) { ERR(sh, "Could not open commit number file %s for writing.", commit_filename); @@ -1735,7 +1735,7 @@ static int semanage_commit_sandbox(semanage_handle_t * sh) close(fd); /* sync changes in sandbox to filesystem */ - fd = open(sandbox, O_DIRECTORY); + fd = open(sandbox, O_DIRECTORY | O_CLOEXEC); if (fd == -1) { ERR(sh, "Error while opening %s for syncfs(): %d", sandbox, errno); return -1; @@ -1869,7 +1869,7 @@ static int semanage_get_lock(semanage_handle_t * sh, int got_lock = 0; if ((fd = - open(lock_file, O_RDWR | O_CREAT | O_TRUNC, + open(lock_file, O_RDWR | O_CREAT | O_TRUNC | O_CLOEXEC, S_IRUSR | S_IWUSR)) == -1) { ERR(sh, "Could not open direct %s at %s.", lock_name, lock_file); @@ -2013,7 +2013,7 @@ int semanage_direct_get_serial(semanage_handle_t * sh) semanage_path(SEMANAGE_ACTIVE, SEMANAGE_COMMIT_NUM_FILE); } - if ((fd = open(commit_filename, O_RDONLY)) == -1) { + if ((fd = open(commit_filename, O_RDONLY | O_CLOEXEC)) == -1) { if (errno == ENOENT) { /* the commit number file does not exist yet, * so assume that the number is 0 */ @@ -2093,7 +2093,7 @@ int semanage_read_policydb(semanage_handle_t * sh, sepol_policydb_t * in, semanage_path(SEMANAGE_ACTIVE, file)) == NULL) { goto cleanup; } - if ((infile = fopen(kernel_filename, "r")) == NULL) { + if ((infile = fopen(kernel_filename, "re")) == NULL) { ERR(sh, "Could not open kernel policy %s for reading.", kernel_filename); goto cleanup; @@ -2136,7 +2136,7 @@ int semanage_write_policydb(semanage_handle_t * sh, sepol_policydb_t * out, semanage_path(SEMANAGE_TMP, file)) == NULL) { goto cleanup; } - if ((outfile = fopen(kernel_filename, "wb")) == NULL) { + if ((outfile = fopen(kernel_filename, "wbe")) == NULL) { ERR(sh, "Could not open kernel policy %s for writing.", kernel_filename); goto cleanup; @@ -3003,7 +3003,7 @@ void semanage_setfiles(semanage_handle_t * sh, const char *path){ /* Make sure "path" is owned by root */ if ((geteuid() != 0 || getegid() != 0) && - ((fd = open(path, O_RDONLY)) != -1)){ + ((fd = open(path, O_RDONLY | O_CLOEXEC)) != -1)){ /* Skip files with the SUID or SGID bit set -- abuse protection */ if ((fstat(fd, &sb) != -1) && !(S_ISREG(sb.st_mode) && diff --git a/libsemanage/src/utilities.c b/libsemanage/src/utilities.c index 77b948fa..70b5b677 100644 --- a/libsemanage/src/utilities.c +++ b/libsemanage/src/utilities.c @@ -38,7 +38,7 @@ char *semanage_findval(const char *file, const char *var, const char *delim) assert(file); assert(var); - if ((fd = fopen(file, "r")) == NULL) + if ((fd = fopen(file, "re")) == NULL) return NULL; while (getline(&buff, &buff_len, fd) > 0) { From patchwork Mon Nov 25 11:18:33 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13884822 Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 96082196DB1 for ; Mon, 25 Nov 2024 11:18:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732533528; cv=none; b=PBl3jnVyLy40N5s7NDWd6hYH0KJtMosVjCz57k65VBYMgQqYtkODKO2hUklzQef5Clvyi9M45Y45jPhCpe0+KKTHaAa1EOL9s8qF91D3oLTuzOGs8gefGEwzkfj+NKd1Ga8CymbkEXtDPDSJnCFc1V8iy0N4JYSLYHXDGaeZ8Xc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732533528; c=relaxed/simple; bh=uCsnvZ84bGSW1jvXFgFM8yuB2slcKn6VOZshtGeibJ4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=ua+wA3eOA71NzjXxYLC5Ldn7wTnIxbIcep11qTVR3liR9ZakqgZkbrSNFzEOYvgyQi0/F3gdKnf6SAMISec2U4Vo6w9MmYC0b9grpU8Q8w/z1KLZwQLISEX1QBx7chHLyqI0CUYN/ww/MG3pSLiaqNAw+VDKVKM8CiH6KU8AgnA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=iXSaPlsk; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="iXSaPlsk" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1732533524; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=EVu6fqqXlO3/e9l8ZL6MMnLXQovESjSF8gOKzosyS74=; b=iXSaPlskalXsYJWY731ecdaLlURQbmI9rnuNv9cdo35y3QCresWkIjMwAEAL7/6ni5HOSa Oil84kRQmExcPDR90G6ZzbAHDqVJHj2d6PDpwVQXzOaK1qWeZ+PgpYJyLuUOsh5eFcwlQP 6Bqa0zU2PzzLefm5nIAhCOC62palJDiLG29rZOw8vcM/5FdS9tE8+aAP5KBgIT9q0BSfO1 IM8OdX9LA/MZ4ArSDeqsVWbZW4u5peQ2U2xbxHpKgh4c7386CHTJgJMxhegY9eUQ/vQAMu du4obTDPI9onVsm8nZihVU/PDdL9XfT3fR60GTR0bCL5KugLo/mbt32SyR67aQ== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [PATCH v2 2/9] libsemanage: handle cil_set_handle_unknown() failure Date: Mon, 25 Nov 2024 12:18:33 +0100 Message-ID: <20241125111840.63845-2-cgoettsche@seltendoof.de> In-Reply-To: <20241125111840.63845-1-cgoettsche@seltendoof.de> References: <20241125111840.63845-1-cgoettsche@seltendoof.de> Reply-To: cgzones@googlemail.com Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche Signed-off-by: Christian Göttsche --- libsemanage/src/direct_api.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c index 85876676..a271a576 100644 --- a/libsemanage/src/direct_api.c +++ b/libsemanage/src/direct_api.c @@ -1354,7 +1354,9 @@ static int semanage_direct_commit(semanage_handle_t * sh) cil_set_multiple_decls(cildb, sh->conf->multiple_decls); if (sh->conf->handle_unknown != -1) { - cil_set_handle_unknown(cildb, sh->conf->handle_unknown); + retval = cil_set_handle_unknown(cildb, sh->conf->handle_unknown); + if (retval < 0) + goto cleanup; } retval = semanage_load_files(sh, cildb, mod_filenames, num_modinfos); From patchwork Mon Nov 25 11:18:34 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13884825 Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B3D4E197512 for ; Mon, 25 Nov 2024 11:18:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732533529; cv=none; b=MBzvylFn6TLuURRol8inu7ED2SxOZSDenjImHp2FReDBCUK04Gg8HDr3kT1rkShLV+x5iqb/QGW2loN2vQa2sj7nYz3GiIZYD+lr9j+v6M3JkUEFVH6YmOuI6oSrpUq3WPATmQlAvpvUbI2tk2NRHR8AiH/lPA/7uGQP9UPDCnY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732533529; c=relaxed/simple; bh=L8IGVhYD8htZLNR23bfoQsBM7vC26Vt2xwSuTv6++Hg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=dah6RGpMzI7ZzyoIc53mLhh20VPThEnbU1VG6ZD6vOW8SBArerFE4hO01HpIxAdG/7KhWsQv/3+NPwaqIc7XGUHwQFvMN7748dfP1Zmi17x1TgMZ9fvbNqsn0PCdeYEBmcaHsA7JhblsmirXVqzN8f+vt/7iaod4G/eXOVwCSwY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=TTiprbWI; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="TTiprbWI" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1732533525; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Ptn2dur4Spw/kDJiK3uMrF0jJ9/x1YjXh1diV/fmzwg=; b=TTiprbWIdujRXr2sSPtBTFwARtAwiC3xzK5CnJJS/brJG38WFDhCl4cQnieIDnzCJU/c0M CSkqbGGyFFKBEsMzOrVabcl+MQeLcxCB2tXvDtL+xRXH0cnoE4jcGCi3rUfune/6r8De81 uAfW10PES2Z9k+W1aB/Zx8jxIqcvRMJv4+HOj3EdPap16UQxZIA3Biwykr+6bSrZ9yBipS RdtAZhmGLt6igBlSZqX6+sEHJN2iRDnwVWxJljRYZdSceinaM0zBg2liQvhIcG6mfe4jFr SlrdHVNukdIDKBNokIbzupyxdBUqD5v9dFTsC0mfHg+Ok6jOrE8YpgN4WnOjtA== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [PATCH v2 3/9] libsemanage: handle shell allocation failure Date: Mon, 25 Nov 2024 12:18:34 +0100 Message-ID: <20241125111840.63845-3-cgoettsche@seltendoof.de> In-Reply-To: <20241125111840.63845-1-cgoettsche@seltendoof.de> References: <20241125111840.63845-1-cgoettsche@seltendoof.de> Reply-To: cgzones@googlemail.com Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche Return failure instead of silently using a fallback. Signed-off-by: Christian Göttsche --- libsemanage/src/genhomedircon.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c index 53673645..c38d284b 100644 --- a/libsemanage/src/genhomedircon.c +++ b/libsemanage/src/genhomedircon.c @@ -228,7 +228,7 @@ static semanage_list_t *get_shell_list(void) free(temp); semanage_list_destroy(&list); fclose(shells); - return default_shell_list(); + return NULL; } } } @@ -333,7 +333,10 @@ static semanage_list_t *get_home_dirs(genhomedircon_settings_t * s) return homedir_list; shells = get_shell_list(); - assert(shells); + if (!shells) { + ERR(s->h_semanage, "Allocation failure!"); + goto fail; + } path = semanage_findval(PATH_ETC_LOGIN_DEFS, "UID_MIN", NULL); if (path && *path) { From patchwork Mon Nov 25 11:18:35 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13884826 Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0284C197A9F for ; Mon, 25 Nov 2024 11:18:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732533529; cv=none; b=d8qPt4HHZ8KKL1jjA5S5PvFEv++vhvlH81IfC6LPywMk++PgZtUiHn3roTm9JmGgFxTIjmh74ioNQ6PKexbT8h5EWum8pE0c3Q/LXj95YilA979QKw9brMFzLVvTKQg9baTrWSzUT8DALGMf35VK2orBIqJfruaYi5DMacTQLEQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732533529; c=relaxed/simple; bh=zuJAzZTkWMct2ypY8fP89yDYUcV/sRiCKbf8H7Nkpok=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=YhlbePH+kvXLVBKR8cazxnXLfl/weihKO7ruYA4UNIlwHjlWRBdcv+w5qxHOfaoaQex/29oq3uTArE2470uuNLyNwCs354DySAnIi044H9bJSJi755aYyzsKFST+qGNa3iCDwm0CWmxkRWs+wE/CBAINo337OZlt5Me1h419URQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=bHTfhsW6; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="bHTfhsW6" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1732533525; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=j+yMpsxxplNo2nXRMWgSEJnTJRQq8yo5sKNzkvd7fZU=; b=bHTfhsW6Qn2wyhu2NoMLQwhK5QGMliqP3Cu27uq94IiNkAZTG27Q8SK4WtVmlWNWiTHD/y uH2K/Zs7hKP9smPamUuLyMUaNu3bzbFWl2W2hVHzceJNAnOdSyGeBXqcLZ2ZvHYvai9NyQ viXbfrgPAQLPkmuYpVwvxD/CTO59xLAOaFFpu1/8HW5v+5vhpwFir2GSM5I+oADZx6f7T3 nsbpU9p1Nsbm8TME91xt/xkdWXnge8VaNcXUNptUe6/PoMRHBmDZD7+YmmV/F783eJJGMR wueAtluWSpWe6OlzIWym50+n0Hw4H+aLPVlnONOe4NptyR/loY6WIFSegNxX8g== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [PATCH v2 4/9] libsemanage: drop duplicate newlines and error descriptions in error messages Date: Mon, 25 Nov 2024 12:18:35 +0100 Message-ID: <20241125111840.63845-4-cgoettsche@seltendoof.de> In-Reply-To: <20241125111840.63845-1-cgoettsche@seltendoof.de> References: <20241125111840.63845-1-cgoettsche@seltendoof.de> Reply-To: cgzones@googlemail.com Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche The ERR macro already appends the errno description and a trailing newline. Signed-off-by: Christian Göttsche --- libsemanage/src/compressed_file.c | 4 +- libsemanage/src/database_file.c | 4 +- libsemanage/src/database_policydb.c | 4 +- libsemanage/src/direct_api.c | 100 +++++++++++++--------------- libsemanage/src/genhomedircon.c | 2 +- libsemanage/src/handle.c | 2 +- libsemanage/src/parse_utils.c | 4 +- libsemanage/src/semanage_store.c | 6 +- 8 files changed, 61 insertions(+), 65 deletions(-) diff --git a/libsemanage/src/compressed_file.c b/libsemanage/src/compressed_file.c index e4a1efb0..4fa5b3e0 100644 --- a/libsemanage/src/compressed_file.c +++ b/libsemanage/src/compressed_file.c @@ -179,13 +179,13 @@ int map_compressed_file(semanage_handle_t *sh, const char *path, fd = open(path, O_RDONLY | O_CLOEXEC); if (fd == -1) { - ERR(sh, "Unable to open %s\n", path); + ERR(sh, "Unable to open %s.", path); return -1; } file = fdopen(fd, "r"); if (file == NULL) { - ERR(sh, "Unable to open %s\n", path); + ERR(sh, "Unable to open %s.", path); close(fd); return -1; } diff --git a/libsemanage/src/database_file.c b/libsemanage/src/database_file.c index a54c5aee..47814254 100644 --- a/libsemanage/src/database_file.c +++ b/libsemanage/src/database_file.c @@ -130,8 +130,8 @@ static int dbase_file_flush(semanage_handle_t * handle, dbase_file_t * dbase) str = fopen(fname, "we"); umask(mask); if (!str) { - ERR(handle, "could not open %s for writing: %s", - fname, strerror(errno)); + ERR(handle, "could not open %s for writing", + fname); goto err; } __fsetlocking(str, FSETLOCKING_BYCALLER); diff --git a/libsemanage/src/database_policydb.c b/libsemanage/src/database_policydb.c index 62467d15..3c346ad7 100644 --- a/libsemanage/src/database_policydb.c +++ b/libsemanage/src/database_policydb.c @@ -113,8 +113,8 @@ static int dbase_policydb_cache(semanage_handle_t * handle, * ENOENT is not fatal - we just create an empty policydb */ fp = fopen(fname, "rbe"); if (fp == NULL && errno != ENOENT) { - ERR(handle, "could not open %s for reading: %s", - fname, strerror(errno)); + ERR(handle, "could not open %s for reading", + fname); goto err; } diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c index a271a576..0e7ef4da 100644 --- a/libsemanage/src/direct_api.c +++ b/libsemanage/src/direct_api.c @@ -313,7 +313,7 @@ int semanage_direct_connect(semanage_handle_t * sh) /* The file does not exist */ sepol_set_disable_dontaudit(sh->sepolh, 0); } else { - ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); + ERR(sh, "Unable to access %s.", path); goto err; } @@ -592,7 +592,7 @@ static int read_from_pipe_to_data(semanage_handle_t *sh, size_t initial_len, int } data_read = malloc(max_len * sizeof(*data_read)); if (data_read == NULL) { - ERR(sh, "Failed to malloc, out of memory.\n"); + ERR(sh, "Failed to malloc, out of memory."); return -1; } @@ -604,7 +604,7 @@ static int read_from_pipe_to_data(semanage_handle_t *sh, size_t initial_len, int max_len *= 2; tmp = realloc(data_read, max_len); if (tmp == NULL) { - ERR(sh, "Failed to realloc, out of memory.\n"); + ERR(sh, "Failed to realloc, out of memory."); free(data_read); return -1; } @@ -646,93 +646,93 @@ static int semanage_pipe_data(semanage_handle_t *sh, const char *path, const cha retval = pipe2(input_fd, O_CLOEXEC); if (retval == -1) { - ERR(sh, "Unable to create pipe for input pipe: %s\n", strerror(errno)); + ERR(sh, "Unable to create pipe for input pipe."); goto cleanup; } retval = pipe2(output_fd, O_CLOEXEC); if (retval == -1) { - ERR(sh, "Unable to create pipe for output pipe: %s\n", strerror(errno)); + ERR(sh, "Unable to create pipe for output pipe."); goto cleanup; } retval = pipe2(err_fd, O_CLOEXEC); if (retval == -1) { - ERR(sh, "Unable to create pipe for error pipe: %s\n", strerror(errno)); + ERR(sh, "Unable to create pipe for error pipe."); goto cleanup; } pid = fork(); if (pid == -1) { - ERR(sh, "Unable to fork from parent: %s.", strerror(errno)); + ERR(sh, "Unable to fork from parent."); retval = -1; goto cleanup; } else if (pid == 0) { retval = dup2(input_fd[PIPE_READ], STDIN_FILENO); if (retval == -1) { - ERR(sh, "Unable to dup2 input pipe: %s\n", strerror(errno)); + ERR(sh, "Unable to dup2 input pipe."); goto cleanup; } retval = dup2(output_fd[PIPE_WRITE], STDOUT_FILENO); if (retval == -1) { - ERR(sh, "Unable to dup2 output pipe: %s\n", strerror(errno)); + ERR(sh, "Unable to dup2 output pipe."); goto cleanup; } retval = dup2(err_fd[PIPE_WRITE], STDERR_FILENO); if (retval == -1) { - ERR(sh, "Unable to dup2 error pipe: %s\n", strerror(errno)); + ERR(sh, "Unable to dup2 error pipe."); goto cleanup; } retval = close(input_fd[PIPE_WRITE]); if (retval == -1) { - ERR(sh, "Unable to close input pipe: %s\n", strerror(errno)); + ERR(sh, "Unable to close input pipe."); goto cleanup; } retval = close(output_fd[PIPE_READ]); if (retval == -1) { - ERR(sh, "Unable to close output pipe: %s\n", strerror(errno)); + ERR(sh, "Unable to close output pipe."); goto cleanup; } retval = close(err_fd[PIPE_READ]); if (retval == -1) { - ERR(sh, "Unable to close error pipe: %s\n", strerror(errno)); + ERR(sh, "Unable to close error pipe."); goto cleanup; } retval = execl(path, path, NULL); if (retval == -1) { - ERR(sh, "Unable to execute %s : %s\n", path, strerror(errno)); + ERR(sh, "Unable to execute %s.", path); _exit(EXIT_FAILURE); } } else { retval = close(input_fd[PIPE_READ]); input_fd[PIPE_READ] = -1; if (retval == -1) { - ERR(sh, "Unable to close read end of input pipe: %s\n", strerror(errno)); + ERR(sh, "Unable to close read end of input pipe."); goto cleanup; } retval = close(output_fd[PIPE_WRITE]); output_fd[PIPE_WRITE] = -1; if (retval == -1) { - ERR(sh, "Unable to close write end of output pipe: %s\n", strerror(errno)); + ERR(sh, "Unable to close write end of output pipe."); goto cleanup; } retval = close(err_fd[PIPE_WRITE]); err_fd[PIPE_WRITE] = -1; if (retval == -1) { - ERR(sh, "Unable to close write end of error pipe: %s\n", strerror(errno)); + ERR(sh, "Unable to close write end of error pipe."); goto cleanup; } retval = write_full(input_fd[PIPE_WRITE], in_data, in_data_len); if (retval == -1) { - ERR(sh, "Failed to write data to input pipe: %s\n", strerror(errno)); + ERR(sh, "Failed to write data to input pipe."); goto cleanup; } retval = close(input_fd[PIPE_WRITE]); input_fd[PIPE_WRITE] = -1; if (retval == -1) { - ERR(sh, "Unable to close write end of input pipe: %s\n", strerror(errno)); + ERR(sh, "Unable to close write end of input pipe."); goto cleanup; } @@ -744,7 +744,7 @@ static int semanage_pipe_data(semanage_handle_t *sh, const char *path, const cha retval = close(output_fd[PIPE_READ]); output_fd[PIPE_READ] = -1; if (retval == -1) { - ERR(sh, "Unable to close read end of output pipe: %s\n", strerror(errno)); + ERR(sh, "Unable to close read end of output pipe."); goto cleanup; } @@ -756,7 +756,7 @@ static int semanage_pipe_data(semanage_handle_t *sh, const char *path, const cha retval = close(err_fd[PIPE_READ]); err_fd[PIPE_READ] = -1; if (retval == -1) { - ERR(sh, "Unable to close read end of error pipe: %s\n", strerror(errno)); + ERR(sh, "Unable to close read end of error pipe."); goto cleanup; } @@ -923,7 +923,7 @@ static int semanage_compile_module(semanage_handle_t *sh, status = map_compressed_file(sh, hll_path, &hll_contents); if (status < 0) { - ERR(sh, "Unable to read file %s\n", hll_path); + ERR(sh, "Unable to read file %s.", hll_path); goto cleanup; } @@ -933,16 +933,13 @@ static int semanage_compile_module(semanage_handle_t *sh, if (err_data_len > 0) { for (start = end = err_data; end < err_data + err_data_len; end++) { if (*end == '\n') { - fprintf(stderr, "%s: ", modinfo->name); - fwrite(start, 1, end - start + 1, stderr); + ERR(sh, "%s: %.*s.", modinfo->name, (int)(end - start + 1), start); start = end + 1; } } if (end != start) { - fprintf(stderr, "%s: ", modinfo->name); - fwrite(start, 1, end - start, stderr); - fprintf(stderr, "\n"); + ERR(sh, "%s: %.*s.", modinfo->name, (int)(end - start), start); } } if (status != 0) { @@ -956,14 +953,14 @@ static int semanage_compile_module(semanage_handle_t *sh, status = write_compressed_file(sh, cil_path, cil_data, cil_data_len); if (status == -1) { - ERR(sh, "Failed to write %s\n", cil_path); + ERR(sh, "Failed to write %s.", cil_path); goto cleanup; } if (sh->conf->remove_hll == 1) { status = unlink(hll_path); if (status != 0) { - ERR(sh, "Error while removing HLL file %s: %s", hll_path, strerror(errno)); + ERR(sh, "Error while removing HLL file %s.", hll_path); goto cleanup; } @@ -1054,8 +1051,7 @@ static int semanage_compile_hll_modules(semanage_handle_t *sh, unmap_compressed_file(&contents); continue; } else if (errno != ENOENT) { - ERR(sh, "Unable to access %s: %s\n", cil_path, - strerror(errno)); + ERR(sh, "Unable to access %s.", cil_path); return -1; //an error in the "stat" call } } @@ -1080,7 +1076,7 @@ static int semanage_compare_checksum(semanage_handle_t *sh, const char *referenc fd = open(path, O_RDONLY | O_CLOEXEC); if (fd == -1) { if (errno != ENOENT) { - ERR(sh, "Unable to open %s: %s\n", path, strerror(errno)); + ERR(sh, "Unable to open %s.", path); return -1; } /* Checksum file not present - force a rebuild. */ @@ -1088,21 +1084,21 @@ static int semanage_compare_checksum(semanage_handle_t *sh, const char *referenc } if (fstat(fd, &sb) == -1) { - ERR(sh, "Unable to stat %s\n", path); + ERR(sh, "Unable to stat %s.", path); retval = -1; goto out_close; } if (sb.st_size != (off_t)CHECKSUM_CONTENT_SIZE) { /* Incompatible/invalid hash type - just force a rebuild. */ - WARN(sh, "Module checksum invalid - forcing a rebuild\n"); + WARN(sh, "Module checksum invalid - forcing a rebuild."); retval = 1; goto out_close; } data = mmap(NULL, CHECKSUM_CONTENT_SIZE, PROT_READ, MAP_PRIVATE, fd, 0); if (data == MAP_FAILED) { - ERR(sh, "Unable to mmap %s\n", path); + ERR(sh, "Unable to mmap %s.", path); retval = -1; goto out_close; } @@ -1212,7 +1208,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) /* The file does not exist */ do_rebuild |= (sepol_get_disable_dontaudit(sh->sepolh) == 1); } else { - ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); + ERR(sh, "Unable to access %s.", path); retval = -1; goto cleanup; } @@ -1243,7 +1239,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) /* The file does not exist */ do_rebuild |= (sepol_get_preserve_tunables(sh->sepolh) == 1); } else { - ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); + ERR(sh, "Unable to access %s.", path); retval = -1; goto cleanup; } @@ -1279,7 +1275,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) path = semanage_path(SEMANAGE_TMP, semanage_computed_files[i]); if (stat(path, &sb) != 0) { if (errno != ENOENT) { - ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); + ERR(sh, "Unable to access %s.", path); retval = -1; goto cleanup; } @@ -1309,7 +1305,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) retval = semanage_compile_hll_modules(sh, modinfos, num_modinfos, &extra, modules_checksum); if (retval < 0) { - ERR(sh, "Failed to compile hll files into cil files.\n"); + ERR(sh, "Failed to compile hll files into cil files."); goto cleanup; } @@ -1322,7 +1318,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) retval = semanage_write_modules_checksum(sh, modules_checksum); if (retval < 0) { - ERR(sh, "Failed to write module checksum file.\n"); + ERR(sh, "Failed to write module checksum file."); goto cleanup; } } @@ -1444,7 +1440,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) /* The file does not exist */ pseusers->dtable->clear(sh, pseusers->dbase); } else { - ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); + ERR(sh, "Unable to access %s.", path); retval = -1; goto cleanup; } @@ -1462,7 +1458,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) /* The file does not exist */ pusers_extra->dtable->clear(sh, pusers_extra->dbase); } else { - ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); + ERR(sh, "Unable to access %s.", path); retval = -1; goto cleanup; } @@ -1733,13 +1729,13 @@ static int semanage_direct_install_file(semanage_handle_t * sh, retval = map_compressed_file(sh, install_filename, &contents); if (retval < 0) { - ERR(sh, "Unable to read file %s\n", install_filename); + ERR(sh, "Unable to read file %s.", install_filename); goto cleanup; } path = strdup(install_filename); if (path == NULL) { - ERR(sh, "No memory available for strdup.\n"); + ERR(sh, "No memory available for strdup."); retval = -1; goto cleanup; } @@ -1780,12 +1776,12 @@ static int semanage_direct_install_file(semanage_handle_t * sh, if (module_name == NULL) { module_name = strdup(filename); if (module_name == NULL) { - ERR(sh, "No memory available for module_name.\n"); + ERR(sh, "No memory available for module_name."); retval = -1; goto cleanup; } } else if (strcmp(module_name, filename) != 0) { - fprintf(stderr, "Warning: SELinux userspace will refer to the module from %s as %s rather than %s\n", install_filename, module_name, filename); + ERR(sh, "Warning: SELinux userspace will refer to the module from %s as %s rather than %s.", install_filename, module_name, filename); } retval = semanage_direct_install(sh, contents.data, contents.len, @@ -1826,7 +1822,7 @@ static int semanage_direct_extract(semanage_handle_t * sh, } if (stat(module_path, &sb) != 0) { - ERR(sh, "Unable to access %s: %s\n", module_path, strerror(errno)); + ERR(sh, "Unable to access %s.", module_path); rc = -1; goto cleanup; } @@ -1857,7 +1853,7 @@ static int semanage_direct_extract(semanage_handle_t * sh, if (extract_cil == 1 && strcmp(_modinfo->lang_ext, "cil") && stat(input_file, &sb) != 0) { if (errno != ENOENT) { - ERR(sh, "Unable to access %s: %s\n", input_file, strerror(errno)); + ERR(sh, "Unable to access %s.", input_file); rc = -1; goto cleanup; } @@ -2017,7 +2013,7 @@ static int semanage_direct_get_enabled(semanage_handle_t *sh, if (stat(path, &sb) < 0) { if (errno != ENOENT) { - ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); + ERR(sh, "Unable to access %s.", path); status = -1; goto cleanup; } @@ -2350,7 +2346,7 @@ static int semanage_direct_get_module_info(semanage_handle_t *sh, /* set enabled/disabled status */ if (stat(fn, &sb) < 0) { if (errno != ENOENT) { - ERR(sh, "Unable to access %s: %s\n", fn, strerror(errno)); + ERR(sh, "Unable to access %s.", fn); status = -1; goto cleanup; } @@ -2779,7 +2775,7 @@ static int semanage_direct_install_info(semanage_handle_t *sh, /* validate module info */ ret = semanage_module_info_validate(modinfo); if (ret != 0) { - ERR(sh, "%s failed module validation.\n", modinfo->name); + ERR(sh, "%s failed module validation.", modinfo->name); status = -2; goto cleanup; } @@ -2867,7 +2863,7 @@ static int semanage_direct_install_info(semanage_handle_t *sh, if (stat(path, &sb) == 0) { ret = unlink(path); if (ret != 0) { - ERR(sh, "Error while removing cached CIL file %s: %s", path, strerror(errno)); + ERR(sh, "Error while removing cached CIL file %s.", path); status = -3; goto cleanup; } diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c index c38d284b..4949bc75 100644 --- a/libsemanage/src/genhomedircon.c +++ b/libsemanage/src/genhomedircon.c @@ -1117,7 +1117,7 @@ static int get_group_users(genhomedircon_settings_t * s, goto cleanup; if (group == NULL) { - ERR(s->h_semanage, "Can't find group named %s\n", grname); + ERR(s->h_semanage, "Can't find group named %s.", grname); goto cleanup; } diff --git a/libsemanage/src/handle.c b/libsemanage/src/handle.c index 2f4121db..faea0606 100644 --- a/libsemanage/src/handle.c +++ b/libsemanage/src/handle.c @@ -151,7 +151,7 @@ int semanage_get_hll_compiler_path(semanage_handle_t *sh, lower_lang_ext = strdup(lang_ext); if (lower_lang_ext == NULL) { - ERR(sh, "Could not create copy of lang_ext. Out of memory.\n"); + ERR(sh, "Could not create copy of lang_ext. Out of memory."); status = -1; goto cleanup; } diff --git a/libsemanage/src/parse_utils.c b/libsemanage/src/parse_utils.c index d1d6e930..cf6a91fa 100644 --- a/libsemanage/src/parse_utils.c +++ b/libsemanage/src/parse_utils.c @@ -47,8 +47,8 @@ int parse_open(semanage_handle_t * handle, parse_info_t * info) info->file_stream = fopen(info->filename, "re"); if (!info->file_stream && (errno != ENOENT)) { - ERR(handle, "could not open file %s: %s", - info->filename, strerror(errno)); + ERR(handle, "could not open file %s.", + info->filename); return STATUS_ERR; } if (info->file_stream) diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c index d75aab68..cdb495cb 100644 --- a/libsemanage/src/semanage_store.c +++ b/libsemanage/src/semanage_store.c @@ -1551,7 +1551,7 @@ static int sefcontext_compile(semanage_handle_t * sh, const char *path) { if (stat(path, &sb) < 0) { if (errno != ENOENT) { - ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); + ERR(sh, "Unable to access %s.", path); return -1; } @@ -1737,11 +1737,11 @@ static int semanage_commit_sandbox(semanage_handle_t * sh) /* sync changes in sandbox to filesystem */ fd = open(sandbox, O_DIRECTORY | O_CLOEXEC); if (fd == -1) { - ERR(sh, "Error while opening %s for syncfs(): %d", sandbox, errno); + ERR(sh, "Error while opening %s for syncfs().", sandbox); return -1; } if (syncfs(fd) == -1) { - ERR(sh, "Error while syncing %s to filesystem: %d", sandbox, errno); + ERR(sh, "Error while syncing %s to filesystem.", sandbox); close(fd); return -1; } From patchwork Mon Nov 25 11:18:36 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13884824 Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 57BC719645D for ; Mon, 25 Nov 2024 11:18:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732533528; cv=none; b=uA854UT0256ZfdBpDpbmXjx/F2VzScrCzPH/zLOSic5Y0RfRkZFALS077ZVsOVuL11JaRbdXcl+/QcJ3LvylttpyiiyGLiqNcvWh5isvA2cr9pg3O7HCTdvCqQHri0YIEi2cow2UzQN7gG0dqwkY/Wm8zyGSVtqHzEKqBpTW4sI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732533528; c=relaxed/simple; bh=X5Kv3uLcQyzfZKVX4gz3VF8MsXUD9CbSDl/XTwCWRkI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=ZpZTKyWTOHcX1uF4kJSuzdMhDZJ+fAEuFFNcmmP54Rz0PKtoMTWTHUvw/Voe6X+RVJGV6n8gpqIY8tLVBEA98F8oaCaSy9SDvVN9r062pwcPAkSrepxuxyRYStWyWgr/S7tMKrY4yboKCG3cEQMVULOJUctjwj/YAYduI6epIwE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=D13nBEBr; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="D13nBEBr" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1732533525; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=h1OrDkm2suvUFvmfQlICwBamz2979XqKgU6gkhaLD9w=; b=D13nBEBrFfsRBVUOH3QMqZ0RNrz5DNMfD7+4mKd8iF0du4gNMlPJ5NJOCxysrb+LmF5hVQ 96FxUvKJPWnGAnrDJpFM2C2vMEDEpg6w2rGWX3whDAUXhbCwcgcOtGhvfs83VlYYvtT5MH 1CNjMdOGkKoIZ56XhAnuZyfY0BvzHjedQ4p7PqUgWMZbBAOkX2sgqz7f8TY1bp7SLrDdMp kUwGFU5lHTVeo9oXCoJpyjc0GmNgbFIrEFBwy24fbTcB6m6S0z5JeSekv2CfOWYNnIV63t /u+VdQ+dlYli95cF+5VQbyshMqUmjxr1dd2JEigpNmI2JnG2BerkHyvSyinlag== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [PATCH v2 5/9] libsemanage: check closing written files Date: Mon, 25 Nov 2024 12:18:36 +0100 Message-ID: <20241125111840.63845-5-cgoettsche@seltendoof.de> In-Reply-To: <20241125111840.63845-1-cgoettsche@seltendoof.de> References: <20241125111840.63845-1-cgoettsche@seltendoof.de> Reply-To: cgzones@googlemail.com Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche Check that closing a file that has been written to is successful, to avoid potential unsuccessful writes/syncs. Signed-off-by: Christian Göttsche --- libsemanage/src/database_file.c | 5 ++++- libsemanage/src/direct_api.c | 15 +++++++++------ libsemanage/src/genhomedircon.c | 3 ++- libsemanage/src/semanage_store.c | 18 +++++++++++++----- 4 files changed, 28 insertions(+), 13 deletions(-) diff --git a/libsemanage/src/database_file.c b/libsemanage/src/database_file.c index 47814254..214dbe6c 100644 --- a/libsemanage/src/database_file.c +++ b/libsemanage/src/database_file.c @@ -149,7 +149,10 @@ static int dbase_file_flush(semanage_handle_t * handle, dbase_file_t * dbase) } dbase_llist_set_modified(&dbase->llist, 0); - fclose(str); + if (fclose(str) != 0 && errno != EINTR) { + str = NULL; + goto err; + } return STATUS_SUCCESS; err: diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c index 0e7ef4da..87c7627d 100644 --- a/libsemanage/src/direct_api.c +++ b/libsemanage/src/direct_api.c @@ -467,7 +467,10 @@ static int write_file(semanage_handle_t * sh, close(out); return -1; } - close(out); + if (close(out) == -1 && errno != EINTR) { + ERR(sh, "Error while closing %s.", filename); + return -1; + } return 0; } @@ -839,7 +842,7 @@ static int semanage_direct_write_langext(semanage_handle_t *sh, goto cleanup; } - if (fclose(fp) != 0) { + if (fclose(fp) != 0 && errno != EINTR) { ERR(sh, "Unable to close %s module ext file.", modinfo->name); fp = NULL; ret = -1; @@ -1216,7 +1219,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) FILE *touch; touch = fopen(path, "we"); if (touch != NULL) { - if (fclose(touch) != 0) { + if (fclose(touch) != 0 && errno != EINTR) { ERR(sh, "Error attempting to create disable_dontaudit flag."); goto cleanup; } @@ -1248,7 +1251,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) FILE *touch; touch = fopen(path, "we"); if (touch != NULL) { - if (fclose(touch) != 0) { + if (fclose(touch) != 0 && errno != EINTR) { ERR(sh, "Error attempting to create preserve_tunable flag."); goto cleanup; } @@ -2120,7 +2123,7 @@ static int semanage_direct_set_enabled(semanage_handle_t *sh, ret = fclose(fp); fp = NULL; - if (ret != 0) { + if (ret != 0 && errno != EINTR) { ERR(sh, "Unable to close disabled file for module %s", modkey->name); @@ -2321,7 +2324,7 @@ static int semanage_direct_get_module_info(semanage_handle_t *sh, free(tmp); tmp = NULL; - if (fclose(fp) != 0) { + if (fclose(fp) != 0 && errno != EINTR) { fp = NULL; ERR(sh, "Unable to close %s module lang ext file.", diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c index 4949bc75..19543799 100644 --- a/libsemanage/src/genhomedircon.c +++ b/libsemanage/src/genhomedircon.c @@ -1429,7 +1429,8 @@ int semanage_genhomedircon(semanage_handle_t * sh, done: if (out != NULL) - fclose(out); + if (fclose(out) != 0 && errno != EINTR) + retval = STATUS_ERR; while (s.fallback) pop_user_entry(&(s.fallback)); diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c index cdb495cb..e44efc16 100644 --- a/libsemanage/src/semanage_store.c +++ b/libsemanage/src/semanage_store.c @@ -717,7 +717,7 @@ int semanage_copy_file(semanage_handle_t *sh, const char *src, const char *dst, errsv = errno; retval = -1; } - if (close(out) < 0) { + if (close(out) < 0 && errno != EINTR) { errsv = errno; retval = -1; } @@ -1536,9 +1536,11 @@ int semanage_split_fc(semanage_handle_t * sh) if (file_con) fclose(file_con); if (fc >= 0) - close(fc); + if (close(fc) == -1 && errno != EINTR) + retval = -1; if (hd >= 0) - close(hd); + if (close(hd) == -1 && errno != EINTR) + retval = -1; return retval; @@ -1732,7 +1734,11 @@ static int semanage_commit_sandbox(semanage_handle_t * sh) close(fd); return -1; } - close(fd); + if (close(fd) == -1 && errno != EINTR) { + ERR(sh, "Error while closing commit number file %s.", + commit_filename); + return -1; + } /* sync changes in sandbox to filesystem */ fd = open(sandbox, O_DIRECTORY | O_CLOEXEC); @@ -2157,7 +2163,9 @@ int semanage_write_policydb(semanage_handle_t * sh, sepol_policydb_t * out, cleanup: if (outfile != NULL) { - fclose(outfile); + if (fclose(outfile) != 0 && errno != EINTR) { + retval = STATUS_ERR; + } } umask(mask); sepol_policy_file_free(pf); From patchwork Mon Nov 25 11:18:37 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13884827 Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 23E8C198841 for ; Mon, 25 Nov 2024 11:18:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732533531; cv=none; b=UZza0DVxblmHRFnruKvKgo3EnvDLBF8P/HJURWcjes/iVC6WZopCaoOzOtZdqWXVfQ03ZbavaduLPtN42BxRqeoNUoRFOIqIGkYcvdsDdzxz58dTNIOjfnjCy+eLgSHIzLQgfs09cjtk1Ykrg0ZUVywOexsWcpg1KEXpshhZB6Q= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732533531; c=relaxed/simple; bh=OCUkKxgu2xKrEbJTT/WDSZ/8T3gYlr+6cjiO97qrbUo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=QVP/5YMJB+E9qcZf/Nk9/YVLZqoqWicIHovZ7YpvkvPF5wKcQxCEX6w4AZQUp5sljl6u7dBXqG7QISILcebDxHDLpw9MxndAYZKj5/Zlz7NKrjsmnxrMJKG7gzRHYrkRTRy0S3bWYSyuMHMEBxSeS9TacLfL0PaIE9WE/7bVgTA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=qLM4vf/p; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="qLM4vf/p" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1732533525; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=zdhqOqY2yQ+X0ABHh5r0rsyS+XmfHAggfrjOr0wkDy4=; b=qLM4vf/pQHxQvxpY3XCLUE8+HswsxxPoAkZqZnCCGkkHSIGzB0oAVHOZXlMHn1D3om2Qic h9KwuQAmu4dN64pguFOWQXjGLO8feMiF0TXhcvy4bAMbzlMCHu63JXGYt06hZbkvMTa998 MFSGRKhuJOuq831IMwvDiCoeQPVvTOmzgrBF/gvs4bxOpybupKwnC7GOr17jWVl5124d7r HJLcP8NonjZ8t/YEGqimsu6bTdDed73PsFgDzaG3Nu26CUL4liD0tpXtsxyLPIbPmE2+Hl FtGSXQ1X3KMURtGwP3d+CyxOlWjcZDPHKAFLLgj0qby2ULzfzM/WcSLu4whvug== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [PATCH v2 6/9] libsemanage: simplify file deletion Date: Mon, 25 Nov 2024 12:18:37 +0100 Message-ID: <20241125111840.63845-6-cgoettsche@seltendoof.de> In-Reply-To: <20241125111840.63845-1-cgoettsche@seltendoof.de> References: <20241125111840.63845-1-cgoettsche@seltendoof.de> Reply-To: cgzones@googlemail.com Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche Instead of checking if a file to be deleted exists, just try to delete it and ignore any error for it not existing in the first place. Signed-off-by: Christian Göttsche --- libsemanage/src/direct_api.c | 24 +++++++++--------------- 1 file changed, 9 insertions(+), 15 deletions(-) diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c index 87c7627d..99cba7f7 100644 --- a/libsemanage/src/direct_api.c +++ b/libsemanage/src/direct_api.c @@ -2762,7 +2762,6 @@ static int semanage_direct_install_info(semanage_handle_t *sh, int status = 0; int ret = 0; int type; - struct stat sb; char path[PATH_MAX]; mode_t mask = umask(0077); @@ -2863,13 +2862,11 @@ static int semanage_direct_install_info(semanage_handle_t *sh, goto cleanup; } - if (stat(path, &sb) == 0) { - ret = unlink(path); - if (ret != 0) { - ERR(sh, "Error while removing cached CIL file %s.", path); - status = -3; - goto cleanup; - } + ret = unlink(path); + if (ret != 0 && errno != ENOENT) { + ERR(sh, "Error while removing cached CIL file %s.", path); + status = -3; + goto cleanup; } } @@ -2966,13 +2963,10 @@ static int semanage_direct_remove_key(semanage_handle_t *sh, goto cleanup; } - struct stat sb; - if (stat(path, &sb) == 0) { - ret = unlink(path); - if (ret != 0) { - status = -1; - goto cleanup; - } + ret = unlink(path); + if (ret != 0 && errno != ENOENT) { + status = -1; + goto cleanup; } } else { From patchwork Mon Nov 25 11:18:38 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13884828 Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 46124195808 for ; Mon, 25 Nov 2024 11:18:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732533531; cv=none; b=OPN5rkZ1wgBywDou1sCjPyWr1nmpmfLPtzwwi80wsEpjWv5ExJbI9KIIdUHLd1qnt+RnzFKOuJROL53PINjqsqLKzqb7Hr+IxZQK4Y/eey7kYZn0rmvfQCy/jOK3BJ50pj4V4p4ohtPqy8o7aWEfjDtA0ZZxvGwJKGO8aXVqIr0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732533531; c=relaxed/simple; bh=36WYOF0H4CMtHQtx6IaL8VqVlDcO/pQKsg9kLPerpeg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=i4idTnks/b75WuS++VrtK0ZmWk6WDjmKy9w0o75Ep0NN9Kl2mvi7IUcQm4czqljUmYCiqkj2l43APXFLMMrhgWWru5ZG2sb2IPHIcRiBWPiZM4ayWfzW51XKApWVPBxkplNqvubC4aLwnVfzVTkWReTy0FSxFLpva6XkD7vXOQw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=rJm4eRuZ; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="rJm4eRuZ" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1732533525; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=i30zIH1O4GFPwcYg0VAF4ZW1BbA30M2gT0zRaeJY7sI=; b=rJm4eRuZ1fQIERkOPos8bBe7xVC+VMuRXOAu6Qlk90aXzNtguLNxs7eYTgwRBPbVcnyeOX MhWd4/zJW51zYzFT1S+87J5sfPrDPlTDW7dVvRSgrM7pWlObI8gvHS+XFc5dhL9f+JoomI es/T9OlvznS36Fi9f23OAy4WRKd8sW2PtDU3uXMaIq/ZekP5Kim7G3fMrDRSsIr6eYDVAM g+gwB5TbM8nfunYVCrIXDYe0iWb/frBQPw8qDLuUVL6YBt9fKDE7agxghb1HGbEZC94Cr/ QkW/oigYeq6fgPicZiT8y1l9c4JEk1pBZ+Os8r4Ch4T3f1PJvLtfETXWTY3B5g== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [PATCH v2 7/9] libsemanage: optimize policy by default Date: Mon, 25 Nov 2024 12:18:38 +0100 Message-ID: <20241125111840.63845-7-cgoettsche@seltendoof.de> In-Reply-To: <20241125111840.63845-1-cgoettsche@seltendoof.de> References: <20241125111840.63845-1-cgoettsche@seltendoof.de> Reply-To: cgzones@googlemail.com Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche Fedora is setting optimize-policy to 1 by default, and there seem to be no bugs related to policy optimizations so far. Signed-off-by: Christian Göttsche --- libsemanage/man/man5/semanage.conf.5 | 2 +- libsemanage/src/conf-parse.y | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/libsemanage/man/man5/semanage.conf.5 b/libsemanage/man/man5/semanage.conf.5 index 140cb8d9..6a1afc13 100644 --- a/libsemanage/man/man5/semanage.conf.5 +++ b/libsemanage/man/man5/semanage.conf.5 @@ -124,7 +124,7 @@ In order to compile the original HLL file into CIL, the same HLL file will need .TP .B optimize-policy When set to "true", the kernel policy will be optimized upon rebuilds. -It can be set to either "true" or "false" and by default it is set to "false". +It can be set to either "true" or "false" and by default it is set to "true". .TP .B multiple-decls diff --git a/libsemanage/src/conf-parse.y b/libsemanage/src/conf-parse.y index b2b84892..6cb8a598 100644 --- a/libsemanage/src/conf-parse.y +++ b/libsemanage/src/conf-parse.y @@ -396,7 +396,7 @@ static int semanage_conf_init(semanage_conf_t * conf) conf->bzip_small = 0; conf->ignore_module_cache = 0; conf->remove_hll = 0; - conf->optimize_policy = 0; + conf->optimize_policy = 1; conf->multiple_decls = 1; conf->save_previous = 0; From patchwork Mon Nov 25 11:18:39 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13884829 Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6BC5D1990CE for ; Mon, 25 Nov 2024 11:18:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732533531; cv=none; b=PfLhONRT4a11IVHkcU1a5AOCalVup0nN36sYsJsuUBC7OFFm9NxSuADVJwLDYCQTNTbpcZB1JbpFgVWAQ+dvuOIVjaQqM7BKCkcXU74FgLWn5PQsMZB/9ZTpJSH05uX9ELHVxGWmwTS3jlauhGE+Y8ZoNZN4Zqci7QmQ39eNZoA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732533531; c=relaxed/simple; bh=CBICRA3m+l8pwJk1yVAGvMQgxVQSgNkoOutadCnNSw8=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=KUi4wqfH0k+DB1PXgWnSJBcXBC1NN7rZNbVgGDs6sLoGDUF6zW79DDstohjZ6jBmIvXrm0hAJUhjgWVB8Zrz8z8ErVYiVQi3ecMmP+TsXigrLxDq7xzJ6JkHrl6xbQw02ZVOHczcWCDAigvLO9BOZk9yrOrvHROc1cQMOtvrwWA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=SJkJyXrw; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="SJkJyXrw" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1732533526; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=M2CeE+Dw0DNxNGWi7bvPJ4DaRD93fdA/Svgjm6kizRY=; b=SJkJyXrwhNO5yzWilwlWASVRSjkaEGy6iOLj6w+LYxxackE7CFF9/kXj9ysZtMnM48/Q9+ TIvYCaNwhnDumRlPZHtTe7zT9r2NyFhQwLT1FE+6GMBniYpWsuVHfoesTq24p/EBOv+8jN krunVL4gCh/GOPY+hzSddJUThTHgHYQh/QJz1q2HhYPyw8qyzob52VPW1E0qqzDqcEH0do 04UuJxD0mxQhN0rdzJu2z70HvHxZ26sgRqTBoZm3z3KgmAYX1byhVwWNPBVnN8UhR3FnkD +bwRKKV0rzPwONOPIWzrD2DIMGDvWvLv92GJhmMElG4N0J2X/oAe+V/dnZbaRA== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [PATCH v2 8/9] libsemanage/man: add documentation for command overrides Date: Mon, 25 Nov 2024 12:18:39 +0100 Message-ID: <20241125111840.63845-8-cgoettsche@seltendoof.de> In-Reply-To: <20241125111840.63845-1-cgoettsche@seltendoof.de> References: <20241125111840.63845-1-cgoettsche@seltendoof.de> Reply-To: cgzones@googlemail.com Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche For example fedora contains the following cdefault configuration: [sefcontext_compile] path = /usr/sbin/sefcontext_compile args = -r $@ [end] Signed-off-by: Christian Göttsche --- libsemanage/man/man5/semanage.conf.5 | 79 ++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) diff --git a/libsemanage/man/man5/semanage.conf.5 b/libsemanage/man/man5/semanage.conf.5 index 6a1afc13..b22e65bd 100644 --- a/libsemanage/man/man5/semanage.conf.5 +++ b/libsemanage/man/man5/semanage.conf.5 @@ -131,6 +131,85 @@ It can be set to either "true" or "false" and by default it is set to "true". When set to "true", duplicate type, type attribute, and role declarations will be allowed. It can be set to either "true" or "false" and by default it is set to "true". +.RE +.PP +For certain tasks the SELinux Management library resorts to running +external commands. For the following commands their path and arguments can +be overridden: + +.RS +.RS +.TP +.B load_policy +Command to load a kernel policy. +Requires no argument. +Defaults to +.IR /sbin/load_policy +with no arguments. + +.TP +.B setfiles +Command to verify file context definitions. +Requires two arguments, the path to the kernel policy and the path to the +file context definition file. +Defaults to +.IR /sbin/setfiles +with the arguments '\-q \-c $@ $<'. + +.TP +.B sefcontext_compile +Command to compile a file context definition file. +Requires one argument, the path to the to be compiled file context +definition file. +Defaults to +.IR /sbin/sefcontext_compile +with the argument '$@'. + +.RE +.PP +Either +.IR path +or +.IR args +can be omitted. +The argument string must contain '$@' for the first required argument, +and '$<' for the second one. +The syntax for overriding an external command property is: + +.RS + +[\fIname\fR] +.sp 0 +path = /path/to/command +.sp 0 +args = --flag +.sp 0 +[end] + +.RE + +.TP +Example + +.RS + +[sefcontext_compile] +.sp 0 +path = /usr/sbin/sefcontext_compile +.sp 0 +args = -r $@ +.sp 0 +[end] + +.RE +.PP +Optionally the SELinux Management library can invoke external commands to +verify source modules (\fBverify module\fR), linked modules +(\fBverify linked\fR), and kernel policies (\fBverify kernel\fR). +The syntax is identical to the above command overrides. +The program should exit with a value of 0 on success, and non zero on +failure. + .SH "SEE ALSO" .TP semanage(8) From patchwork Mon Nov 25 11:18:40 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13884830 Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A50631990D3 for ; Mon, 25 Nov 2024 11:18:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732533532; cv=none; b=RIVNQG9fEb5jRRfmUeoNDW/DrNpGh+JjQj93s6RNblXQ51txu9P6eRQJedFIazsxmIZfPOvTHv7g8YdztGK9PTshi+HFF6GsCIY1/F4wW7aN7xJnyyzVrDqNqKsBxX48yKnx+o61tuixiwrjh1GKOBOH+IXFOY+QV+XxKjcW6sE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732533532; c=relaxed/simple; bh=UgHP+oReoy7OLVBgNQ0IKQJ7ZPFuZlJ3xggYJ7VnxuA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=tMVLjq8Tbi9QbUam2K7EqWIwfxAEEVOAbQtPHTzi5amD43WtP9O7nwsu5gNa3UCJkzhxQ8FqtcUnticAKQVx8lOPrQH34vS2MMBW7PTfQPSnGITrRiRzgXWqkR1ffDGjQq05nVqJ+iAB5chPXRbfps17iGfJG2XA2NC+qwWOw0E= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=Uk0CRlZZ; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="Uk0CRlZZ" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1732533526; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=woLjiBHNAMrp6exXJNdJmHyi+kmMIyT7H1QJKNDoPBE=; b=Uk0CRlZZLB5zzVwEIUBPqQaqgQFu5VKuK8OeuRmkCJaywscw+b8qLUSHznf7G6kzcE5aUc ET2yUkg9OPgaShRcL1KT1CPzJiK8LZeHnljmkpC4V5eAv45HUUIqmTyZG2HVRkTJqA9Ezs LaXxlbee0msW4iS1JmR1Ppk1yNnTQ97wCyQPdejhjvVFx6URGtQ0zU3rSDxrnwyMvfylHj MSE1jRCVetfzoa4DVgcIjets061LrHBCJ4yP3LbWQSVVHe//4yRtAPN3ZEA1B6H9H0zmgl ucp3QWeAD2H/ZuiGanb0xylHTTOxU3G11HtCjCHrZ6IWqt09n1+X6fctarcqzw== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [PATCH v2 9/9] libsemanage: respect shell paths with /usr prefix Date: Mon, 25 Nov 2024 12:18:40 +0100 Message-ID: <20241125111840.63845-9-cgoettsche@seltendoof.de> In-Reply-To: <20241125111840.63845-1-cgoettsche@seltendoof.de> References: <20241125111840.63845-1-cgoettsche@seltendoof.de> Reply-To: cgzones@googlemail.com Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche Consider paths with the prefix /usr for shells by including them in the list of fallback default shells and by extending the check for a nologin shell. Signed-off-by: Christian Göttsche --- libsemanage/src/genhomedircon.c | 32 +++++++++++++++++++++++--------- 1 file changed, 23 insertions(+), 9 deletions(-) diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c index 19543799..8782e2cb 100644 --- a/libsemanage/src/genhomedircon.c +++ b/libsemanage/src/genhomedircon.c @@ -192,15 +192,23 @@ static semanage_list_t *default_shell_list(void) semanage_list_t *list = NULL; if (semanage_list_push(&list, "/bin/csh") + || semanage_list_push(&list, "/usr/bin/csh") || semanage_list_push(&list, "/bin/tcsh") + || semanage_list_push(&list, "/usr/bin/tcsh") || semanage_list_push(&list, "/bin/ksh") + || semanage_list_push(&list, "/usr/bin/ksh") || semanage_list_push(&list, "/bin/bsh") + || semanage_list_push(&list, "/usr/bin/bsh") || semanage_list_push(&list, "/bin/ash") - || semanage_list_push(&list, "/usr/bin/ksh") + || semanage_list_push(&list, "/usr/bin/ash") + || semanage_list_push(&list, "/bin/pdksh") || semanage_list_push(&list, "/usr/bin/pdksh") || semanage_list_push(&list, "/bin/zsh") + || semanage_list_push(&list, "/usr/bin/zsh") || semanage_list_push(&list, "/bin/sh") - || semanage_list_push(&list, "/bin/bash")) + || semanage_list_push(&list, "/usr/bin/sh") + || semanage_list_push(&list, "/bin/bash") + || semanage_list_push(&list, "/usr/bin/bash")) goto fail; return list; @@ -210,6 +218,12 @@ static semanage_list_t *default_shell_list(void) return NULL; } +static bool is_nologin_shell(const char *path) +{ + return strcmp(path, PATH_NOLOGIN_SHELL) == 0 || + strcmp(path, "/usr" PATH_NOLOGIN_SHELL) == 0; +} + static semanage_list_t *get_shell_list(void) { FILE *shells; @@ -223,13 +237,13 @@ static semanage_list_t *get_shell_list(void) return default_shell_list(); while ((len = getline(&temp, &buff_len, shells)) > 0) { if (temp[len-1] == '\n') temp[len-1] = 0; - if (strcmp(temp, PATH_NOLOGIN_SHELL)) { - if (semanage_list_push(&list, temp)) { - free(temp); - semanage_list_destroy(&list); - fclose(shells); - return NULL; - } + if (is_nologin_shell(temp)) + continue; + if (semanage_list_push(&list, temp)) { + free(temp); + semanage_list_destroy(&list); + fclose(shells); + return NULL; } } free(temp);