Information about selinuxfs

Information about selinuxfs

[Carlos Anísio Monteiro]

Helo.

A information about the selinuxfs filesystem.
The directory name and the path to mount o selinuxfs must be alway /selinux.
A change on this name (/selinux) only affect the sysvinit and initrd, 
what set the directory name and path, or it will cause others problems ?

Many thanks.


-- 
Carlos Anisio Monteiro  <monteiro@ipen.br>
IPEN/CNEN-SP
Sao Paulo - Brasil



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Information about selinuxfs

[Stephen Smalley]

On Fri, 2003-12-12 at 07:47, Carlos Anísio Monteiro wrote:
> Helo.
> 
> A information about the selinuxfs filesystem.
> The directory name and the path to mount o selinuxfs must be alway /selinux.
> A change on this name (/selinux) only affect the sysvinit and initrd, 
> what set the directory name and path, or it will cause others problems ?

libselinux expects selinuxfs to be mounted on /selinux for the various
security_* calls.  However, someone recently suggested that we change
libselinux to discover the selinuxfs mount point at runtime from
/proc/mounts, which would allow you to change the mount point without
requiring a patch and rebuild for libselinux.

There have been suggestions to move the selinuxfs mount point from
/selinux to somewhere else, e.g. /security/selinux, but no final
decision yet.

-- 
Stephen Smalley <sds@epoch.ncsc.mil>
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Information about selinuxfs

[Russell Coker]

On Fri, 12 Dec 2003 23:47, Carlos Anísio Monteiro <monteiro@ipen.br> wrote:
> A information about the selinuxfs filesystem.
> The directory name and the path to mount o selinuxfs must be alway
> /selinux. A change on this name (/selinux) only affect the sysvinit and
> initrd, what set the directory name and path, or it will cause others
> problems ?

Every program that wants to verify the validity of a security context, load 
new security policy, check the version of the policy, or do almost any other 
operation that involves SE Linux will depend on the path.  So changing the 
mount point will require recompiling libselinux.

There has been some discussion about this, but so far no decision has been 
made.

Why do you want to change it and where do you think would be the best place?

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

[patch] Change libselinux to discover selinuxfs mount point via /proc/mounts (Was: Re: Information about selinuxfs)

[Stephen Smalley]

[-- Attachment #1: Type: text/plain, Size: 1367 bytes --]

On Fri, 2003-12-12 at 08:43, Stephen Smalley wrote:
> libselinux expects selinuxfs to be mounted on /selinux for the various
> security_* calls.  However, someone recently suggested that we change
> libselinux to discover the selinuxfs mount point at runtime from
> /proc/mounts, which would allow you to change the mount point without
> requiring a patch and rebuild for libselinux.

The attached patch makes the change described above to libselinux.  A
constructor function determines the selinuxfs mount point from
/proc/mounts during initialization, and this mount point directory is
then used by the libselinux functions.  This eliminates the need to
rebuild libselinux in the future if the mount point changes.

 libselinux/src/check_context.c   |    6 +++
 libselinux/src/compute_av.c      |    5 ++-
 libselinux/src/compute_create.c  |    5 ++-
 libselinux/src/compute_relabel.c |    5 ++-
 libselinux/src/compute_user.c    |    5 ++-
 libselinux/src/getenforce.c      |    5 ++-
 libselinux/src/init.c            |   62 +++++++++++++++++++++++++++++++++++++++
 libselinux/src/load_policy.c     |    6 +++
 libselinux/src/policy.h          |    3 +
 libselinux/src/policyvers.c      |    5 ++-
 libselinux/src/setenforce.c      |    5 ++-
 11 files changed, 103 insertions(+), 9 deletions(-)

-- 
Stephen Smalley <sds@epoch.ncsc.mil>
National Security Agency

[-- Attachment #2: libselinux.patch --]
[-- Type: text/x-patch, Size: 8240 bytes --]

Index: selinux-usr/libselinux/src/check_context.c
diff -u selinux-usr/libselinux/src/check_context.c:1.2 selinux-usr/libselinux/src/check_context.c:1.3
--- selinux-usr/libselinux/src/check_context.c:1.2	Tue Apr 29 17:09:21 2003
+++ selinux-usr/libselinux/src/check_context.c	Fri Dec 12 10:29:05 2003
@@ -4,14 +4,18 @@
 #include <stdlib.h>
 #include <errno.h>
 #include <string.h>
+#include <stdio.h>
 #include <selinux/selinux.h>
 #include "policy.h"
+#include <limits.h>
 
 int security_check_context(security_context_t con)
 {
+	char path[PATH_MAX];
 	int fd, ret;
 
-	fd = open(SELINUXMNT "context", O_RDWR);
+	snprintf(path, sizeof path, "%s/context", selinux_mnt);
+	fd = open(path, O_RDWR);
 	if (fd < 0)
 		return -1;
 
Index: selinux-usr/libselinux/src/compute_av.c
diff -u selinux-usr/libselinux/src/compute_av.c:1.5 selinux-usr/libselinux/src/compute_av.c:1.6
--- selinux-usr/libselinux/src/compute_av.c:1.5	Mon Dec  1 14:28:32 2003
+++ selinux-usr/libselinux/src/compute_av.c	Fri Dec 12 10:29:05 2003
@@ -8,6 +8,7 @@
 #include <asm/page.h>
 #include <selinux/selinux.h>
 #include "policy.h"
+#include <limits.h>
 
 int security_compute_av(security_context_t scon,
 			security_context_t tcon,
@@ -15,11 +16,13 @@
 			access_vector_t requested,
 			struct av_decision *avd)
 {
+	char path[PATH_MAX];
 	char *buf;
 	size_t len;
 	int fd, ret;
 
-	fd = open(SELINUXMNT "access", O_RDWR);
+	snprintf(path, sizeof path, "%s/access", selinux_mnt);
+	fd = open(path, O_RDWR);
 	if (fd < 0) 
 		return -1;
 
Index: selinux-usr/libselinux/src/compute_create.c
diff -u selinux-usr/libselinux/src/compute_create.c:1.7 selinux-usr/libselinux/src/compute_create.c:1.8
--- selinux-usr/libselinux/src/compute_create.c:1.7	Thu Jul 17 10:38:06 2003
+++ selinux-usr/libselinux/src/compute_create.c	Fri Dec 12 10:29:05 2003
@@ -8,17 +8,20 @@
 #include <asm/page.h>
 #include <selinux/selinux.h>
 #include "policy.h"
+#include <limits.h>
 
 int security_compute_create(security_context_t scon,
 			    security_context_t tcon,
 			    security_class_t tclass,
 			    security_context_t *newcon)
 {
+	char path[PATH_MAX];
 	char *buf;
 	size_t size;
 	int fd, ret;
 
-	fd = open(SELINUXMNT "create", O_RDWR);
+	snprintf(path, sizeof path, "%s/create", selinux_mnt);
+	fd = open(path, O_RDWR);
 	if (fd < 0)
 		return -1;
 
Index: selinux-usr/libselinux/src/compute_relabel.c
diff -u selinux-usr/libselinux/src/compute_relabel.c:1.7 selinux-usr/libselinux/src/compute_relabel.c:1.8
--- selinux-usr/libselinux/src/compute_relabel.c:1.7	Thu Jul 17 10:38:06 2003
+++ selinux-usr/libselinux/src/compute_relabel.c	Fri Dec 12 10:29:05 2003
@@ -8,17 +8,20 @@
 #include <asm/page.h>
 #include <selinux/selinux.h>
 #include "policy.h"
+#include <limits.h>
 
 int security_compute_relabel(security_context_t scon,
 			    security_context_t tcon,
 			    security_class_t tclass,
 			    security_context_t *newcon)
 {
+	char path[PATH_MAX];
 	char *buf;
 	size_t size;
 	int fd, ret;
 
-	fd = open(SELINUXMNT "relabel", O_RDWR);
+	snprintf(path, sizeof path, "%s/relabel", selinux_mnt);
+	fd = open(path, O_RDWR);
 	if (fd < 0)
 		return -1;
 
Index: selinux-usr/libselinux/src/compute_user.c
diff -u selinux-usr/libselinux/src/compute_user.c:1.5 selinux-usr/libselinux/src/compute_user.c:1.6
--- selinux-usr/libselinux/src/compute_user.c:1.5	Mon Dec  1 14:28:32 2003
+++ selinux-usr/libselinux/src/compute_user.c	Fri Dec 12 10:29:05 2003
@@ -8,18 +8,21 @@
 #include <asm/page.h>
 #include <selinux/selinux.h>
 #include "policy.h"
+#include <limits.h>
 
 int security_compute_user(security_context_t scon,
 			  const char *user,
 			  security_context_t **con)
 {
+	char path[PATH_MAX];
 	char **ary;
 	char *buf, *ptr;
 	size_t size;
 	int fd, ret;
 	unsigned int i, nel;
 
-	fd = open(SELINUXMNT "user", O_RDWR);
+	snprintf(path, sizeof path, "%s/user", selinux_mnt);
+	fd = open(path, O_RDWR);
 	if (fd < 0)
 		return -1;
 
Index: selinux-usr/libselinux/src/getenforce.c
diff -u selinux-usr/libselinux/src/getenforce.c:1.1 selinux-usr/libselinux/src/getenforce.c:1.2
--- selinux-usr/libselinux/src/getenforce.c:1.1	Tue Oct 21 15:40:40 2003
+++ selinux-usr/libselinux/src/getenforce.c	Fri Dec 12 10:29:05 2003
@@ -7,13 +7,16 @@
 #include <selinux/selinux.h>
 #include "policy.h"
 #include <stdio.h>
+#include <limits.h>
 
 int security_getenforce(void)
 {
 	int fd, ret, enforce = 0;
+	char path[PATH_MAX];
 	char buf[20];
 
-	fd = open(SELINUXMNT "enforce", O_RDONLY);
+	snprintf(path, sizeof path, "%s/enforce", selinux_mnt);
+	fd = open(path, O_RDONLY);
 	if (fd < 0)
 		return -1;
 
Index: selinux-usr/libselinux/src/init.c
diff -u /dev/null selinux-usr/libselinux/src/init.c:1.1
--- /dev/null	Fri Dec 12 10:30:01 2003
+++ selinux-usr/libselinux/src/init.c	Fri Dec 12 10:29:05 2003
@@ -0,0 +1,62 @@
+#include <unistd.h>
+#include <fcntl.h>
+#include <string.h>
+#include <selinux/selinux.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <ctype.h>
+#include <asm/page.h>
+
+char *selinux_mnt = NULL;
+
+static void init_selinuxmnt(void) __attribute__ ((constructor));
+
+static void init_selinuxmnt(void)
+{
+	char *buf, *p;
+	size_t size;
+	int fd;
+	ssize_t ret;
+
+	if (selinux_mnt)
+		return;
+
+	fd = open("/proc/mounts", O_RDONLY);
+	if (fd < 0)
+		return;
+
+	size = PAGE_SIZE;
+	buf = malloc(size);
+	if (!buf)
+		goto out;
+		
+	memset(buf, 0, size);
+
+	ret = read(fd, buf, size - 1);
+	if (ret < 0)
+		goto out2;
+
+	p = strstr(buf, "selinuxfs");
+	if (!p)
+		goto out2;
+
+	p--;
+	*p = 0;
+	p--;
+
+	while (p > buf && !isspace(*p))
+		p--;
+
+	if (isspace(*p))
+		p++;
+
+	selinux_mnt = strdup(p);
+
+out2:
+	free(buf);
+out:
+	close(fd);
+	return;
+
+}
+ 
Index: selinux-usr/libselinux/src/load_policy.c
diff -u selinux-usr/libselinux/src/load_policy.c:1.2 selinux-usr/libselinux/src/load_policy.c:1.3
--- selinux-usr/libselinux/src/load_policy.c:1.2	Tue Apr 29 17:09:21 2003
+++ selinux-usr/libselinux/src/load_policy.c	Fri Dec 12 10:29:05 2003
@@ -2,15 +2,19 @@
 #include <sys/types.h>
 #include <fcntl.h>
 #include <stdlib.h>
+#include <stdio.h>
 #include <errno.h>
 #include <selinux/selinux.h>
 #include "policy.h"
+#include <limits.h>
 
 int security_load_policy(void *data, size_t len)
 {
+	char path[PATH_MAX];
 	int fd, ret;
 	
-	fd = open(SELINUXMNT "load", O_RDWR);
+	snprintf(path, sizeof path, "%s/load", selinux_mnt);
+	fd = open(path, O_RDWR);
 	if (fd < 0) 
 		return -1;
 
Index: selinux-usr/libselinux/src/policy.h
diff -u selinux-usr/libselinux/src/policy.h:1.4 selinux-usr/libselinux/src/policy.h:1.5
--- selinux-usr/libselinux/src/policy.h:1.4	Tue Oct 21 15:40:40 2003
+++ selinux-usr/libselinux/src/policy.h	Fri Dec 12 10:29:06 2003
@@ -9,6 +9,9 @@
 /* Initial length guess for getting contexts. */
 #define INITCONTEXTLEN 255
 
+/* selinuxfs mount point */
+extern char *selinux_mnt;
+
 #endif
 
 
Index: selinux-usr/libselinux/src/policyvers.c
diff -u selinux-usr/libselinux/src/policyvers.c:1.1 selinux-usr/libselinux/src/policyvers.c:1.2
--- selinux-usr/libselinux/src/policyvers.c:1.1	Tue Oct 21 15:40:40 2003
+++ selinux-usr/libselinux/src/policyvers.c	Fri Dec 12 10:29:06 2003
@@ -7,16 +7,19 @@
 #include <selinux/selinux.h>
 #include <stdio.h>
 #include "policy.h"
+#include <limits.h>
 
 #define DEFAULT_POLICY_VERSION 15
 
 int security_policyvers(void)
 {
 	int fd, ret;
+	char path[PATH_MAX];
 	char buf[20];
 	unsigned vers = DEFAULT_POLICY_VERSION;
 
-	fd = open(SELINUXMNT "policyvers", O_RDONLY);
+	snprintf(path, sizeof path, "%s/policyvers", selinux_mnt);
+	fd = open(path, O_RDONLY);
 	if (fd < 0)
 		return vers;
 	memset(buf, 0, sizeof buf);
Index: selinux-usr/libselinux/src/setenforce.c
diff -u selinux-usr/libselinux/src/setenforce.c:1.1 selinux-usr/libselinux/src/setenforce.c:1.2
--- selinux-usr/libselinux/src/setenforce.c:1.1	Tue Oct 21 15:40:40 2003
+++ selinux-usr/libselinux/src/setenforce.c	Fri Dec 12 10:29:06 2003
@@ -7,13 +7,16 @@
 #include <selinux/selinux.h>
 #include "policy.h"
 #include <stdio.h>
+#include <limits.h>
 
 int security_setenforce(int value)
 {
 	int fd, ret;
+	char path[PATH_MAX];
 	char buf[20];
 
-	fd = open(SELINUXMNT "enforce", O_RDWR);
+	snprintf(path, sizeof path, "%s/enforce", selinux_mnt);
+	fd = open(path, O_RDWR);
 	if (fd < 0)
 		return -1;
 

Re: [patch] Change libselinux to discover selinuxfs mount point via /proc/mounts (Was: Re: Information about selinuxfs)

[Stephen Smalley]

[-- Attachment #1: Type: text/plain, Size: 1103 bytes --]

On Fri, 2003-12-12 at 10:43, Stephen Smalley wrote:
> The attached patch makes the change described above to libselinux.  A
> constructor function determines the selinuxfs mount point from
> /proc/mounts during initialization, and this mount point directory is
> then used by the libselinux functions.  This eliminates the need to
> rebuild libselinux in the future if the mount point changes.

Dan Walsh pointed out that this patch to libselinux breaks the
SELinux-patched /sbin/init program, because:
a) when the init_selinuxmnt() constructor runs for /sbin/init, selinuxfs
has not yet been mounted, so selinux_mnt cannot be determined,
b) even if init_selinuxmnt() were explicitly called by /sbin/init after
performing the mount, it still cannot obtain the information from
/proc/mounts because /proc is not mounted yet.

An updated sysvinit-selinux.patch is attached; this patch causes
/sbin/init to explicitly set selinux_mnt to avoid this problem.  Dan has
updated RPMs on his page (under ftp://people.redhat.com/dwalsh/SELinux).

-- 
Stephen Smalley <sds@epoch.ncsc.mil>
National Security Agency

[-- Attachment #2: sysvinit-selinux.patch --]
[-- Type: text/plain, Size: 3309 bytes --]

--- sysvinit-2.85/src/Makefile.selinux	2003-12-18 10:59:15.184561444 -0500
+++ sysvinit-2.85/src/Makefile	2003-12-18 10:59:15.645514208 -0500
@@ -32,7 +32,7 @@
 all:		$(PROGS)
 
 init:		init.o init_utmp.o
-		$(CC) $(LDFLAGS) $(STATIC) -o $@ init.o init_utmp.o
+		$(CC) $(LDFLAGS) $(STATIC) -o $@ init.o init_utmp.o -lselinux
 
 halt:		halt.o ifdown.o hddown.o utmp.o reboot.h
 		$(CC) $(LDFLAGS) -o $@ halt.o ifdown.o hddown.o utmp.o
@@ -62,7 +62,7 @@
 		$(CC) $(LDFLAGS) -o $@ bootlogd.o
 
 init.o:		init.c init.h set.h reboot.h
-		$(CC) -c $(CFLAGS) init.c
+		$(CC) -c $(CFLAGS) -DWITH_SELINUX init.c
 
 utmp.o:		utmp.c init.h
 		$(CC) -c $(CFLAGS) utmp.c
--- sysvinit-2.85/src/init.c.selinux	2003-12-18 10:59:15.590519844 -0500
+++ sysvinit-2.85/src/init.c	2003-12-18 11:01:06.370705686 -0500
@@ -78,6 +78,81 @@
 			sigemptyset(&sa.sa_mask); \
 			sigaction(sig, &sa, NULL); \
 		} while(0)
+#ifdef WITH_SELINUX
+#include <sys/mman.h>
+#include <selinux/selinux.h>
+#include <sys/mount.h>
+
+static int load_policy(int *enforce) 
+{
+  int fd=-1,ret=-1;
+  int rc=0;
+  struct stat sb;
+  void *map;
+  char policy_file[PATH_MAX];
+  int policy_version=0;
+  extern char *selinux_mnt;
+
+  log(L_VB, "Loading security policy\n");
+  if (mount("none", SELINUXMNT, "selinuxfs", 0, 0) < 0) {
+    if (errno == ENODEV) {
+      log(L_VB, "SELinux not supported by kernel: %s\n",SELINUXMNT,strerror(errno));
+    } 
+    else {
+      log(L_VB, "Failed to mount %s: %s\n",SELINUXMNT,strerror(errno));
+      return ret;
+    }
+    return ret; /* Never gets here */
+  }
+
+  selinux_mnt = SELINUXMNT; /* set manually since we mounted it */
+
+  policy_version=security_policyvers();
+  if (policy_version < 0) {
+    log(L_VB,  "Can't get policy version: %s\n", strerror(errno));
+    goto UMOUNT;
+  }
+  
+  rc=security_getenforce();
+  if (rc < 0) {
+    log(L_VB,  "Can't get SELinux enforcement flag: %s\n", strerror(errno));
+    goto UMOUNT;
+  } 
+  *enforce=rc;
+
+  snprintf(policy_file,sizeof(policy_file),"%s.%d",SELINUXPOLICY,policy_version);
+  fd = open(policy_file, O_RDONLY);
+  if (fd < 0) {
+    log(L_VB,  "Can't open '%s':  %s\n",
+	    policy_file, strerror(errno));
+    goto UMOUNT;
+  }
+  
+  if (fstat(fd, &sb) < 0) {
+    log(L_VB, "Can't stat '%s':  %s\n",
+	    policy_file, strerror(errno));
+    goto UMOUNT;
+  }
+  
+  map = mmap(NULL, sb.st_size, PROT_READ, MAP_SHARED, fd, 0);
+  if (map == MAP_FAILED) {
+    log(L_VB,  "Can't map '%s':  %s\n",
+	    policy_file, strerror(errno));
+    goto UMOUNT;
+  }
+  ret=security_load_policy(map, sb.st_size);
+  if (ret < 0) {
+    log(L_VB, "security_load_policy failed\n");
+  }
+
+ UMOUNT:
+  /*umount(SELINUXMNT); */
+  if ( fd >= 0) {
+    close(fd);
+  }
+  return(ret);
+}
+#endif
 
 /* Version information */
 char *Version = "@(#) init " VERSION "  " DATE "  miquels@cistron.nl";
@@ -2576,6 +2651,20 @@
 		maxproclen += strlen(argv[f]) + 1;
 	}
 
+#ifdef WITH_SELINUX
+  	if (getenv("SELINUX_INIT") == NULL) {
+	  putenv("SELINUX_INIT=YES");
+	  int enforce=0;
+	  if (load_policy(&enforce) == 0 ) {
+	    execv(myname, argv);
+	  } else {
+	    if (enforce) 
+	      /* SELinux in enforcing mode but load_policy failed */
+	      exit(1);
+	  }
+	}
+#endif
+  
 	/* Start booting. */
 	argv0 = argv[0];
 	argv[1] = NULL;