[ SELINUX ] Make rpm_execcon failure non-fatal in permissive mode.

[ SELINUX ] Make rpm_execcon failure non-fatal in permissive mode.

[Ivan Gyurdiev]

[-- Attachment #1: Type: text/plain, Size: 232 bytes --]

Changelog: Makes failure in rpm_execcon non-fatal in permissive mode.
See: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=173094

P.S. I'm not sure why an rpm-specific function is in the shared library 
- seems strange to me.

[-- Attachment #2: libselinux.rpm_respect_mode.diff --]
[-- Type: text/x-patch, Size: 790 bytes --]

diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION old/libselinux/src/rpm.c new/libselinux/src/rpm.c
--- old/libselinux/src/rpm.c	2005-08-25 11:32:02.000000000 -0400
+++ new/libselinux/src/rpm.c	2005-11-15 00:27:14.000000000 -0500
@@ -11,7 +11,7 @@ int rpm_execcon(unsigned int verified __
 {
 	security_context_t mycon = NULL, fcon = NULL, newcon = NULL;
 	context_t con = NULL;
-	int rc;
+	int rc = 0;
 
 	if (is_selinux_enabled() < 1)
 		return execve(filename, argv, envp);
@@ -44,8 +44,11 @@ int rpm_execcon(unsigned int verified __
 	rc = setexeccon(newcon);
 	if (rc < 0) 
 		goto out;
-	rc = execve(filename, argv, envp);
 out:
+
+	if (rc >= 0 || !security_getenforce())
+		rc = execve(filename, argv, envp); 
+
 	context_free(con);
 	freecon(newcon);
 	freecon(fcon);

Re: [ SELINUX ] Make rpm_execcon failure non-fatal in permissive mode.

[Stephen Smalley]

On Tue, 2005-11-15 at 00:40 -0500, Ivan Gyurdiev wrote:
> Changelog: Makes failure in rpm_execcon non-fatal in permissive mode.
> See: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=173094
> 
> P.S. I'm not sure why an rpm-specific function is in the shared library 
> - seems strange to me.

It is unusual, but allows us to evolve that logic without having to
re-patch rpm (which has been very difficult in the past to get updated
for changes in SELinux).  Same issue applies for /sbin/init and
selinux_init_load_policy(), and for various programs and
checkPasswdAccess().

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [ SELINUX ] Make rpm_execcon failure non-fatal in permissive mode.

[Stephen Smalley]

On Tue, 2005-11-15 at 00:40 -0500, Ivan Gyurdiev wrote:
> Changelog: Makes failure in rpm_execcon non-fatal in permissive mode.
> See: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=173094
> 
> P.S. I'm not sure why an rpm-specific function is in the shared library 
> - seems strange to me.

Needs the following diff on top of your diff in order to correctly
handle failures while setting up the context.  Second hunk isn't
strictly needed but seems desirable for cleanliness.

Index: libselinux/src/rpm.c
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/libselinux/src/rpm.c,v
retrieving revision 1.7
diff -u -p -r1.7 rpm.c
--- libselinux/src/rpm.c	15 Nov 2005 12:49:52 -0000	1.7
+++ libselinux/src/rpm.c	15 Nov 2005 12:50:11 -0000
@@ -30,6 +30,7 @@ int rpm_execcon(unsigned int verified __
 
 	if (!strcmp(mycon, newcon)) {
 		/* No default transition, use rpm_script_t for now. */
+		rc = -1;
 		con = context_new(mycon);
 		if (!con)
 			goto out;
@@ -39,6 +40,7 @@ int rpm_execcon(unsigned int verified __
 		newcon = strdup(context_str(con));
 		if (!newcon)
 			goto out;
+		rc = 0;
 	}
 
 	rc = setexeccon(newcon);


-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [ SELINUX ] Make rpm_execcon failure non-fatal in permissive mode.

[Stephen Smalley]

On Tue, 2005-11-15 at 07:54 -0500, Stephen Smalley wrote:
> On Tue, 2005-11-15 at 00:40 -0500, Ivan Gyurdiev wrote:
> > Changelog: Makes failure in rpm_execcon non-fatal in permissive mode.
> > See: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=173094
> > 
> > P.S. I'm not sure why an rpm-specific function is in the shared library 
> > - seems strange to me.
> 
> Needs the following diff on top of your diff in order to correctly
> handle failures while setting up the context.  Second hunk isn't
> strictly needed but seems desirable for cleanliness.
> 
> Index: libselinux/src/rpm.c
> ===================================================================
> RCS file: /nfshome/pal/CVS/selinux-usr/libselinux/src/rpm.c,v
> retrieving revision 1.7
> diff -u -p -r1.7 rpm.c
> --- libselinux/src/rpm.c	15 Nov 2005 12:49:52 -0000	1.7
> +++ libselinux/src/rpm.c	15 Nov 2005 12:50:11 -0000
> @@ -30,6 +30,7 @@ int rpm_execcon(unsigned int verified __
>  
>  	if (!strcmp(mycon, newcon)) {
>  		/* No default transition, use rpm_script_t for now. */
> +		rc = -1;
>  		con = context_new(mycon);
>  		if (!con)
>  			goto out;
> @@ -39,6 +40,7 @@ int rpm_execcon(unsigned int verified __
>  		newcon = strdup(context_str(con));
>  		if (!newcon)
>  			goto out;
> +		rc = 0;
>  	}
>  
>  	rc = setexeccon(newcon);

Both diffs merged as of libselinux 1.27.22.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.