From: Ivan Gyurdiev <ivg2@cornell.edu>
To: Stephen Smalley <sds@epoch.ncsc.mil>
Cc: selinux@tycho.nsa.gov, Joshua Brindle <jbrindle@tresys.com>,
Karl MacMillan <kmacmillan@tresys.com>,
Frank Mayer <mayerf@tresys.com>,
chris pebenito <cpebenito@tresys.com>,
Daniel J Walsh <dwalsh@redhat.com>,
James Morris <jmorris@redhat.com>,
Chad Sellers <csellers@tresys.com>
Subject: [ LIBSEMANAGE ] Runtime control over preservebools argument
Date: Sat, 05 Nov 2005 02:06:06 -0500 [thread overview]
Message-ID: <436C59DE.6050408@cornell.edu> (raw)
In-Reply-To: <1131113812.23420.236.camel@moss-spartans.epoch.ncsc.mil>
[-- Attachment #1: Type: text/plain, Size: 1227 bytes --]
Stephen Smalley wrote:
> On Fri, 2005-11-04 at 09:22 -0500, Ivan Gyurdiev wrote:
>
>> So, how do I specify that this is not a transient change, and I want my
>> booleans loaded into policy immediately?
>>
>
> Ah, I see - setsebool -P wants to both update the saved settings and
> load the result rather than preserving current settings. So it wants
> libsemanage to call load_policy with -b, unlike semodule. Options are:
> - add a semanage interface to set a property on the handle to control
> whether booleans are preserved or not (by altering the args to
> load_policy for that handle), similar to the existing interface for
> controlling whether reloads are performed, or
>
Editing an argument string for programs in C is... probably one of the
most uncool patches I've ever written.
I guess the end justifies the means...
Should pass valgrind, and work when called repeatedly with values 0 or
1. Maybe the reload=0 case is a bit wrong - argument string cannot
contain "-b" anywhere.
I also fixed the memory leak in setsebool - see other patch (which
should be applied first).
Now booleans update correctly (minus migration issues - see other mail).
Next: make them update in less than 10 seconds :)
[-- Attachment #2: libsemanage.preserve_bools.diff --]
[-- Type: text/x-patch, Size: 3665 bytes --]
diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION --exclude Makefile old/libsemanage/include/semanage/handle.h new/libsemanage/include/semanage/handle.h
--- old/libsemanage/include/semanage/handle.h 2005-10-25 08:25:32.000000000 -0400
+++ new/libsemanage/include/semanage/handle.h 2005-11-05 01:16:44.000000000 -0500
@@ -59,6 +59,10 @@ int semanage_reload_policy(semanage_hand
* 1 for yes (default), 0 for no */
void semanage_set_reload(semanage_handle_t *handle, int do_reload);
+/* set whether to reload the boolean settings after a commit,
+ * 1 for yes, 0 for no (default */
+int semanage_set_reload_bools(semanage_handle_t *sh, int do_reload);
+
/* "Connect" to a manager based on the configuration and
* associate the provided handle with the connection.
* If the connect fails then this function returns a negative value,
diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION --exclude Makefile old/libsemanage/src/handle.c new/libsemanage/src/handle.c
--- old/libsemanage/src/handle.c 2005-11-04 23:45:39.000000000 -0500
+++ new/libsemanage/src/handle.c 2005-11-05 01:44:39.000000000 -0500
@@ -25,6 +25,7 @@
#include <stdarg.h>
#include <assert.h>
+#include <string.h>
#include <stdlib.h>
#include <stdio.h>
#include <sys/time.h>
@@ -76,6 +77,38 @@ void semanage_set_reload(semanage_handle
return;
}
+int semanage_set_reload_bools(semanage_handle_t *sh, int do_reload) {
+
+ assert(sh != NULL);
+
+ semanage_conf_t* conf = sh->conf;
+
+ if (do_reload) {
+ char* prev_args = conf->load_policy->args;
+ int len = (prev_args == NULL)? 0: strlen(prev_args);
+ char* ptr = (char*) realloc(prev_args, len + 4);
+
+ if (!ptr) {
+ ERR(sh, "out of memory, could not configure "
+ "boolean reload");
+ return STATUS_ERR;
+ }
+ strcpy(ptr + len, " -b");
+ conf->load_policy->args = ptr;
+
+ } else {
+ char* ptr = conf->load_policy->args;
+
+ while(*ptr++) {
+ if (!strcmp(ptr, "-b")) {
+ *ptr++ = ' ';
+ *ptr++ = ' ';
+ }
+ }
+ }
+ return STATUS_SUCCESS;
+}
+
void semanage_select_store(semanage_handle_t *sh, char *storename,
enum semanage_connect_type storetype) {
diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION --exclude Makefile old/libsemanage/src/libsemanage.map new/libsemanage/src/libsemanage.map
--- old/libsemanage/src/libsemanage.map 2005-11-03 12:48:03.000000000 -0500
+++ new/libsemanage/src/libsemanage.map 2005-11-05 01:21:21.000000000 -0500
@@ -8,7 +8,7 @@ LIBSEMANAGE_1.0 {
semanage_module_list; semanage_module_info_datum_destroy;
semanage_module_list_nth; semanage_module_get_name;
semanage_module_get_version; semanage_select_store;
- semanage_reload_policy; semanage_set_reload;
+ semanage_reload_policy; semanage_set_reload; semanage_set_reload_bools;
semanage_user_*; semanage_bool_*; semanage_seuser_*;
semanage_iface_*; semanage_context_*;
local: *;
diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION --exclude Makefile old/policycoreutils/setsebool/setsebool.c new/policycoreutils/setsebool/setsebool.c
--- old/policycoreutils/setsebool/setsebool.c 2005-11-05 00:29:59.000000000 -0500
+++ new/policycoreutils/setsebool/setsebool.c 2005-11-05 01:49:50.000000000 -0500
@@ -10,6 +10,7 @@
#include <selinux/selinux.h>
#include <semanage/booleans_local.h>
#include <semanage/boolean_record.h>
+#include <semanage/handle.h>
#include <errno.h>
int permanent = 0;
@@ -113,6 +114,10 @@ int semanage_set_boolean_list(size_t boo
boolean = NULL;
}
+ semanage_set_reload(handle, 1);
+ if (semanage_set_reload_bools(handle, 1) < 0)
+ goto err;
+
if (semanage_commit(handle) < 0)
goto err;
next prev parent reply other threads:[~2005-11-05 6:59 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <436915FB.3040500@tresys.com>
[not found] ` <1131027033.23420.30.camel@moss-spartans.epoch.ncsc.mil>
[not found] ` <436A86E6.4040205@cornell.edu>
2005-11-04 5:55 ` [ SELINUX ] [ POLICYCOREUTILS ] Convert setsebool -P to use libsemanage Ivan Gyurdiev
2005-11-04 13:20 ` Stephen Smalley
2005-11-04 14:22 ` Ivan Gyurdiev
2005-11-04 14:16 ` Stephen Smalley
2005-11-05 7:06 ` Ivan Gyurdiev [this message]
2005-11-07 14:38 ` [ LIBSEMANAGE ] Runtime control over preservebools argument Joshua Brindle
2005-11-07 15:12 ` Daniel J Walsh
2005-11-04 14:57 ` [ SELINUX ] [ POLICYCOREUTILS ] Convert setsebool -P to use libsemanage Stephen Smalley
2005-11-04 15:35 ` Ivan Gyurdiev
2005-11-04 14:59 ` Stephen Smalley
2005-11-04 15:43 ` Ivan Gyurdiev
2005-11-04 15:33 ` Stephen Smalley
2005-11-04 16:08 ` Daniel J Walsh
2005-11-04 16:12 ` Stephen Smalley
2005-11-04 16:31 ` Stephen Smalley
2005-11-04 17:08 ` Ivan Gyurdiev
2005-11-04 16:59 ` Stephen Smalley
2005-11-04 17:04 ` Stephen Smalley
2005-11-04 17:11 ` Stephen Smalley
2005-11-04 21:54 ` Ivan Gyurdiev
2005-11-04 21:59 ` Ivan Gyurdiev
2005-11-07 13:48 ` Stephen Smalley
2005-11-07 14:56 ` Stephen Smalley
2005-11-07 15:09 ` Stephen Smalley
2005-11-07 16:40 ` Ivan Gyurdiev
2005-11-07 16:33 ` Stephen Smalley
2005-11-04 15:39 ` Stephen Smalley
2005-11-04 16:05 ` Daniel J Walsh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=436C59DE.6050408@cornell.edu \
--to=ivg2@cornell.edu \
--cc=cpebenito@tresys.com \
--cc=csellers@tresys.com \
--cc=dwalsh@redhat.com \
--cc=jbrindle@tresys.com \
--cc=jmorris@redhat.com \
--cc=kmacmillan@tresys.com \
--cc=mayerf@tresys.com \
--cc=sds@epoch.ncsc.mil \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.