apparent bug in setrans

All of lore.kernel.org
 help / color / mirror / Atom feed

* apparent bug in setrans
@ 2006-01-24  3:31 Russell Coker
  2006-01-24  3:42 ` Russell Coker
  2006-01-25 16:45 ` Daniel J Walsh
  0 siblings, 2 replies; 4+ messages in thread
From: Russell Coker @ 2006-01-24  3:31 UTC (permalink / raw)
  To: SELinux Mail List

$ runcon -l s0:c1.c3 id
uid=500(rjc) gid=500(rjc) groups=500(rjc) context=rjc:system_r:unconfined_t

Above is the result of running id on a fairly recent rawhide machine.  It 
appears that there's a bug in setrans which maps everything to "" if it can't 
find a name.

I'm currently finishing my paper for the SE Linux Symposium and then I've got 
to work on a tutorial for LCA in a few days.  I'll schedule fixing this bug 
for the weekend if no-one else beats me to it.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: apparent bug in setrans
  2006-01-24  3:31 apparent bug in setrans Russell Coker
@ 2006-01-24  3:42 ` Russell Coker
  2006-01-25 16:45 ` Daniel J Walsh
  1 sibling, 0 replies; 4+ messages in thread
From: Russell Coker @ 2006-01-24  3:42 UTC (permalink / raw)
  To: SELinux Mail List

On Tuesday 24 January 2006 14:31, Russell Coker <russell@coker.com.au> wrote:
> $ runcon -l s0:c1.c3 id
> uid=500(rjc) gid=500(rjc) groups=500(rjc) context=rjc:system_r:unconfined_t
>
> Above is the result of running id on a fairly recent rawhide machine.  It
> appears that there's a bug in setrans which maps everything to "" if it
> can't find a name.

An apparently related bug is that the command "newrole -l s3-s15:c0.c255" will 
fail because it tries to label the terminal device with no sensitivity level.  
Adding "s3=TopSecret" in the setrans.conf file makes it work correctly.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: apparent bug in setrans
  2006-01-24  3:31 apparent bug in setrans Russell Coker
  2006-01-24  3:42 ` Russell Coker
@ 2006-01-25 16:45 ` Daniel J Walsh
  2006-01-26 23:05   ` Russell Coker
  1 sibling, 1 reply; 4+ messages in thread
From: Daniel J Walsh @ 2006-01-25 16:45 UTC (permalink / raw)
  To: russell; +Cc: SELinux Mail List

Russell Coker wrote:
> $ runcon -l s0:c1.c3 id
> uid=500(rjc) gid=500(rjc) groups=500(rjc) context=rjc:system_r:unconfined_t
>
>   
I am getting
 runcon -l s0:c1.c7 id
uid=0(root) gid=0(root) 
groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) 
context=user_u:system_r:unconfined_t:s0:c1.c7
 rpm -q libsetrans
libsetrans-0.1.18-1


> Above is the result of running id on a fairly recent rawhide machine.  It 
> appears that there's a bug in setrans which maps everything to "" if it can't 
> find a name.
>
> I'm currently finishing my paper for the SE Linux Symposium and then I've got 
> to work on a tutorial for LCA in a few days.  I'll schedule fixing this bug 
> for the weekend if no-one else beats me to it.
>
>   


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: apparent bug in setrans
  2006-01-25 16:45 ` Daniel J Walsh
@ 2006-01-26 23:05   ` Russell Coker
  0 siblings, 0 replies; 4+ messages in thread
From: Russell Coker @ 2006-01-26 23:05 UTC (permalink / raw)
  To: Daniel J Walsh; +Cc: SELinux Mail List

On Thursday 26 January 2006 03:45, Daniel J Walsh <dwalsh@redhat.com> wrote:
> Russell Coker wrote:
> > $ runcon -l s0:c1.c3 id
> > uid=500(rjc) gid=500(rjc) groups=500(rjc)
> > context=rjc:system_r:unconfined_t
>
> I am getting
>  runcon -l s0:c1.c7 id
> uid=0(root) gid=0(root)
> groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
> context=user_u:system_r:unconfined_t:s0:c1.c7
>  rpm -q libsetrans
> libsetrans-0.1.18-1

Thanks, version 0.1.18-1 has fixed that problem for me.  I haven't yet tested 
it on my MLS test system though.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2006-01-27  1:49 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-01-24  3:31 apparent bug in setrans Russell Coker
2006-01-24  3:42 ` Russell Coker
2006-01-25 16:45 ` Daniel J Walsh
2006-01-26 23:05   ` Russell Coker

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.