* After talking to some people at Red Hat, they feal the translation library should be plugable
@ 2005-09-12 16:02 Daniel J Walsh
2005-09-12 16:21 ` Stephen Smalley
0 siblings, 1 reply; 3+ messages in thread
From: Daniel J Walsh @ 2005-09-12 16:02 UTC (permalink / raw)
To: Stephen Smalley, SELinux
[-- Attachment #1: Type: text/plain, Size: 656 bytes --]
Also it should be based off policy. So this patch to libselinux will
use the policy type to find the translation library. Also libsetrans
will now be in /lib/selinux.
I have modified the libsetrans library to link libtargeted.so.0 and
libstrict.so.0 to libsetrans.so.0. MLS Policy would obviously install
their own policy for MITRE Librarie or whatever.
Thoughts...
Next step to get MCS will be to change libselinux get_default_context to
use pluggable module to get categories for a user. Should we use same
library?
Currenly MCS policy defaults all users to s0-s0:c0.c127, we need to
allow admin to specify users categories.
Dan
--
[-- Attachment #2: libselinux-rhat.patch --]
[-- Type: text/x-patch, Size: 3510 bytes --]
diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/selinux.h libselinux-1.25.7/include/selinux/selinux.h
--- nsalibselinux/include/selinux/selinux.h 2005-09-01 11:17:40.000000000 -0400
+++ libselinux-1.25.7/include/selinux/selinux.h 2005-09-12 11:33:32.000000000 -0400
@@ -304,6 +304,12 @@
extern int selinux_getenforcemode(int *enforce);
/*
+ selinux_gettype reads the /etc/selinux/config file and determines
+ whether the policy tyep for this machine, type must be freed.
+ */
+extern void selinux_gettype(char **type);
+
+/*
selinux_policy_root reads the /etc/selinux/config file and returns
the directory path under which the compiled policy file and context
configuration files exist.
diff --exclude-from=exclude -N -u -r nsalibselinux/src/init.c libselinux-1.25.7/src/init.c
--- nsalibselinux/src/init.c 2005-09-01 13:21:11.000000000 -0400
+++ libselinux-1.25.7/src/init.c 2005-09-12 11:36:33.000000000 -0400
@@ -8,6 +8,7 @@
#include <asm/page.h>
#include <stdio.h>
#include <dlfcn.h>
+#include <limits.h>
#include "dso.h"
#include "policy.h"
@@ -85,9 +86,14 @@
static void init_translations(void)
{
#ifdef SHARED
+ char *path[PATH_MAX];
+ char *type=NULL;
int (*lib_trans_init)(void) = NULL;
-
- translation_lib_handle = dlopen("libsetrans.so.0", RTLD_NOW);
+ selinux_gettype(&type);
+ if (!type) return;
+ snprintf(path, PATH_MAX-1, "/lib/selinux/lib%s.so.0", type);
+ free(type);
+ translation_lib_handle = dlopen(path, RTLD_NOW);
if (!translation_lib_handle)
return;
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_config.c libselinux-1.25.7/src/selinux_config.c
--- nsalibselinux/src/selinux_config.c 2005-03-17 14:56:21.000000000 -0500
+++ libselinux-1.25.7/src/selinux_config.c 2005-09-12 11:35:35.000000000 -0400
@@ -85,6 +85,28 @@
static int use_compat_file_path;
+void selinux_gettype(char **rtype) {
+ char *type=SELINUXDEFAULT;
+ char buf[4097];
+ int len, i;
+ FILE *cfg = fopen(SELINUXCONFIG,"r");
+ if (cfg) {
+ while (fgets_unlocked(buf, 4096, cfg)) {
+ if (strncmp(buf,SELINUXTYPETAG,len)==0) {
+ type=buf+len;
+ break;
+ }
+ }
+ fclose(cfg);
+ }
+ i=strlen(type)-1;
+ while ((i>=0) &&
+ (isspace(type[i]) || iscntrl(type[i]))) {
+ type[i]=0;
+ i--;
+ }
+ *rtype=strdup(type);
+}
int selinux_getenforcemode(int *enforce) {
int ret=-1;
FILE *cfg = fopen(SELINUXCONFIG,"r");
@@ -122,38 +144,24 @@
static void init_selinux_policyroot(void)
{
- char *type=SELINUXDEFAULT;
+ char *type=NULL;
int i=0, len=sizeof(SELINUXTYPETAG)-1, len2;
- char buf[4097];
- FILE *cfg;
if (selinux_policyroot) return;
if (access(SELINUXDIR, F_OK) != 0) {
selinux_policyroot = SECURITYDIR;
use_compat_file_path = 1;
return;
}
- cfg = fopen(SELINUXCONFIG,"r");
- if (cfg) {
- while (fgets_unlocked(buf, 4096, cfg)) {
- if (strncmp(buf,SELINUXTYPETAG,len)==0) {
- type=buf+len;
- break;
- }
- }
- fclose(cfg);
- }
- i=strlen(type)-1;
- while ((i>=0) &&
- (isspace(type[i]) || iscntrl(type[i]))) {
- type[i]=0;
- i--;
- }
+ selinux_gettype(&type);
+ if (!type) return;
len=sizeof(SELINUXDIR) + strlen(type);
selinux_policyroot=malloc(len);
- if (!selinux_policyroot)
+ if (!selinux_policyroot) {
+ free(type);
return;
+ }
snprintf(selinux_policyroot,len, "%s%s", SELINUXDIR, type);
-
+ free(type);
for (i = 0; i < NEL; i++) {
len2 = len + strlen(file_path_suffixes_data.str
+ file_path_suffixes_idx[i])+1;
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: After talking to some people at Red Hat, they feal the translation library should be plugable
2005-09-12 16:02 After talking to some people at Red Hat, they feal the translation library should be plugable Daniel J Walsh
@ 2005-09-12 16:21 ` Stephen Smalley
2005-09-12 16:46 ` Stephen Smalley
0 siblings, 1 reply; 3+ messages in thread
From: Stephen Smalley @ 2005-09-12 16:21 UTC (permalink / raw)
To: Daniel J Walsh; +Cc: Joshua Brindle, Karl MacMillan, Ivan Gyurdiev, SELinux
On Mon, 2005-09-12 at 12:02 -0400, Daniel J Walsh wrote:
> Also it should be based off policy. So this patch to libselinux will
> use the policy type to find the translation library. Also libsetrans
> will now be in /lib/selinux.
>
> I have modified the libsetrans library to link libtargeted.so.0 and
> libstrict.so.0 to libsetrans.so.0. MLS Policy would obviously install
> their own policy for MITRE Librarie or whatever.
- If we go down this route, we should allow for other per-policy
libraries, and have a /lib/selinux/$SELINUXTYPE directory. The library
should still be named libsetrans.so.* under it.
- Is there any issue with emulation support, e.g. on x86_64?
- Normally, shared library goes in /lib and symlink goes in /usr/lib,
and dlopen should actually occur on the symlink I would think to avoid
version-specificity?
- Is this preferable to using the alternatives mechanism?
- IMHO, "type" is too overloaded a term (e.g. Type Enforcement types),
so selinux_gettype seems rather ambiguous. selinux_getpolicytype?
- The usual hidden declarations are needed for the new function as we
don't need to allow interposition on it within the library itself.
> Next step to get MCS will be to change libselinux get_default_context to
> use pluggable module to get categories for a user. Should we use same
> library?
>
> Currenly MCS policy defaults all users to s0-s0:c0.c127, we need to
> allow admin to specify users categories.
I thought we were going to introduce a Linux user -> { SELinux user,
<context data> } mapping and deal with the mapping outside of libselinux
entirely, in pam_selinux or wherever appropriate. So pam_selinux would
perform the lookup and pass the resulting pair to an extended version of
get_default_context, which would generate the final context based on the
inputs and the policy. The <context data> could include a default role
and a MLS range, but would just be an opaque string as far as
pam_selinux is concerned.
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: After talking to some people at Red Hat, they feal the translation library should be plugable
2005-09-12 16:21 ` Stephen Smalley
@ 2005-09-12 16:46 ` Stephen Smalley
0 siblings, 0 replies; 3+ messages in thread
From: Stephen Smalley @ 2005-09-12 16:46 UTC (permalink / raw)
To: Daniel J Walsh; +Cc: Joshua Brindle, Karl MacMillan, Ivan Gyurdiev, SELinux
On Mon, 2005-09-12 at 12:21 -0400, Stephen Smalley wrote:
> I thought we were going to introduce a Linux user -> { SELinux user,
> <context data> } mapping and deal with the mapping outside of libselinux
> entirely, in pam_selinux or wherever appropriate. So pam_selinux would
> perform the lookup and pass the resulting pair to an extended version of
> get_default_context, which would generate the final context based on the
> inputs and the policy. The <context data> could include a default role
> and a MLS range, but would just be an opaque string as far as
> pam_selinux is concerned.
Correction: We agreed to put the lookup support for the new mapping
into libselinux (because we lost the argument about glibc nss/nscd
service for SELinux), but I think we still wanted to maintain a
separation between the lookup function that deals with the Linux user
and the extended get_default_context function that deals with the
SELinux user and auxiliary context data, with pam_selinux (and similar
code, like the openssh selinux patch and cron selinux patch) calling the
lookup function first and then passing its results to the extended
get_default_context function. Yes?
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2005-09-12 16:46 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-09-12 16:02 After talking to some people at Red Hat, they feal the translation library should be plugable Daniel J Walsh
2005-09-12 16:21 ` Stephen Smalley
2005-09-12 16:46 ` Stephen Smalley
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.