Re: I am concerned about putting genhomedircon changes inlibsemanage into Fedora 8.

Re: I am concerned about putting genhomedircon changes inlibsemanage into Fedora 8.

[Todd C. Miller]

I've added the checks Steve suggested.  It doesn't appear to cause
any new regressions.  I didn't do a real parse of the contexts file
line--I just grab the last whitespace-delimited field.  This should
be sufficient since the line comes from the template file and the
added checks will reject a bogus context, should it occur.

 - todd

Index: libsemanage/src/genhomedircon.c
===================================================================
--- libsemanage/src/genhomedircon.c	(revision 2587)
+++ libsemanage/src/genhomedircon.c	(working copy)
@@ -1,5 +1,6 @@
-/* Author: Mark Goldman   <mgoldman@tresys.com>
- * 			Paul Rosenfeld	<prosenfeld@tresys.com>
+/* Author: Mark Goldman	  <mgoldman@tresys.com>
+ * 	   Paul Rosenfeld <prosenfeld@tresys.com>
+ * 	   Todd C. Miller <tmiller@tresys.com>
  *
  * Copyright (C) 2007 Tresys Technology, LLC
  *
@@ -23,6 +24,9 @@
 #include <semanage/seusers_policy.h>
 #include <semanage/users_policy.h>
 #include <semanage/user_record.h>
+#include <sepol/context.h>
+#include <sepol/context_record.h>
+#include <sepol/policydb/context.h>
 #include "semanage_store.h"
 #include "seuser_internal.h"
 #include "debug.h"
@@ -80,6 +84,7 @@
 	int usepasswd;
 	const char *homedir_template_path;
 	semanage_handle_t *h_semanage;
+	sepol_policydb_t *policydb;
 } genhomedircon_settings_t;
 
 typedef struct user_entry {
@@ -352,10 +357,47 @@
 	return retval;
 }
 
-static int write_home_dir_context(FILE * out, semanage_list_t * tpl,
-				  const char *user, const char *seuser,
-				  const char *home, const char *role_prefix)
+static const char * extract_context(Ustr *line)
 {
+	const char whitespace[] = " \t\n";
+	size_t off, len;
+
+	/* check for trailing whitespace */
+	off = ustr_spn_chrs_rev(line, 0, whitespace, strlen(whitespace));
+
+	/* find the length of the last field in line */
+	len = ustr_cspn_chrs_rev(line, off, whitespace, strlen(whitespace));
+
+	if (len == 0)
+		return NULL;
+	return ustr_cstr(line) + ustr_len(line) - (len + off);
+}
+
+static int check_line(genhomedircon_settings_t * s, Ustr *line)
+{
+	sepol_context_t *ctx_record = NULL;
+	const char *ctx_str;
+	int result;
+
+	ctx_str = extract_context(line);
+	if (!ctx_str)
+		return STATUS_ERR;
+
+	result = sepol_context_from_string(s->h_semanage->sepolh,
+					   ctx_str, &ctx_record);
+	if (result == STATUS_SUCCESS && ctx_record != NULL) {
+		result = sepol_context_check(s->h_semanage->sepolh,
+					     s->policydb, ctx_record);
+		sepol_context_free(ctx_record);
+	}
+	return result;
+}
+
+static int write_home_dir_context(genhomedircon_settings_t * s, FILE * out,
+				  semanage_list_t * tpl, const char *user,
+				  const char *seuser, const char *home,
+				  const char *role_prefix)
+{
 	replacement_pair_t repl[] = {
 		{.search_for = TEMPLATE_SEUSER,.replace_with = seuser},
 		{.search_for = TEMPLATE_HOME_DIR,.replace_with = home},
@@ -369,8 +411,12 @@
 
 	for (; tpl; tpl = tpl->next) {
 		line = replace_all(tpl->data, repl);
-		if (!line || !ustr_io_putfileline(&line, out))
+		if (!line)
 			goto fail;
+		if (check_line(s, line) == STATUS_SUCCESS) {
+			if (!ustr_io_putfileline(&line, out))
+				goto fail;
+		}
 		ustr_sc_free(&line);
 	}
 	return STATUS_SUCCESS;
@@ -380,8 +426,8 @@
 	return STATUS_ERR;
 }
 
-static int write_home_root_context(FILE * out, semanage_list_t * tpl,
-				   char *homedir)
+static int write_home_root_context(genhomedircon_settings_t * s, FILE * out,
+				   semanage_list_t * tpl, char *homedir)
 {
 	replacement_pair_t repl[] = {
 		{.search_for = TEMPLATE_HOME_ROOT,.replace_with = homedir},
@@ -391,8 +437,12 @@
 
 	for (; tpl; tpl = tpl->next) {
 		line = replace_all(tpl->data, repl);
-		if (!line || !ustr_io_putfileline(&line, out))
+		if (!line)
 			goto fail;
+		if (check_line(s, line) == STATUS_SUCCESS) {
+			if (!ustr_io_putfileline(&line, out))
+				goto fail;
+		}
 		ustr_sc_free(&line);
 	}
 	return STATUS_SUCCESS;
@@ -402,7 +452,8 @@
 	return STATUS_ERR;
 }
 
-static int write_user_context(FILE * out, semanage_list_t * tpl, char *user,
+static int write_user_context(genhomedircon_settings_t * s, FILE * out,
+			      semanage_list_t * tpl, char *user,
 			      char *seuser, char *role_prefix)
 {
 	replacement_pair_t repl[] = {
@@ -415,8 +466,12 @@
 
 	for (; tpl; tpl = tpl->next) {
 		line = replace_all(tpl->data, repl);
-		if (!line || !ustr_io_putfileline(&line, out))
+		if (!line)
 			goto fail;
+		if (check_line(s, line) == STATUS_SUCCESS) {
+			if (!ustr_io_putfileline(&line, out))
+				goto fail;
+		}
 		ustr_sc_free(&line);
 	}
 	return STATUS_SUCCESS;
@@ -602,7 +657,7 @@
 	return head;
 }
 
-static int write_gen_home_dir_context(FILE * out, genhomedircon_settings_t * s,
+static int write_gen_home_dir_context(genhomedircon_settings_t * s, FILE * out,
 				      semanage_list_t * user_context_tpl,
 				      semanage_list_t * homedir_context_tpl)
 {
@@ -615,13 +670,13 @@
 	}
 
 	for (; users; pop_user_entry(&users)) {
-		if (write_home_dir_context(out, homedir_context_tpl,
+		if (write_home_dir_context(s, out, homedir_context_tpl,
 					   users->name,
 					   users->sename, users->home,
 					   users->prefix)) {
 			return STATUS_ERR;
 		}
-		if (write_user_context(out, user_context_tpl, users->name,
+		if (write_user_context(s, out, user_context_tpl, users->name,
 				       users->sename, users->prefix)) {
 			return STATUS_ERR;
 		}
@@ -671,7 +726,7 @@
 			goto done;
 		}
 
-		if (write_home_dir_context(out,
+		if (write_home_dir_context(s, out,
 					   homedir_context_tpl, FALLBACK_USER,
 					   FALLBACK_USER, ustr_cstr(temp),
 					   FALLBACK_USER_PREFIX) !=
@@ -680,7 +735,7 @@
 			retval = STATUS_ERR;
 			goto done;
 		}
-		if (write_home_root_context(out,
+		if (write_home_root_context(s, out,
 					    homeroot_context_tpl,
 					    h->data) != STATUS_SUCCESS) {
 			ustr_sc_free(&temp);
@@ -690,13 +745,13 @@
 
 		ustr_sc_free(&temp);
 	}
-	if (write_user_context(out, user_context_tpl,
+	if (write_user_context(s, out, user_context_tpl,
 			       ".*", FALLBACK_USER,
 			       FALLBACK_USER_PREFIX) != STATUS_SUCCESS) {
 		retval = STATUS_ERR;
 		goto done;
 	}
-	if (write_gen_home_dir_context(out, s, user_context_tpl,
+	if (write_gen_home_dir_context(s, out, user_context_tpl,
 				       homedir_context_tpl) != STATUS_SUCCESS) {
 		retval = STATUS_ERR;
 	}
@@ -711,7 +766,9 @@
 	return retval;
 }
 
-int semanage_genhomedircon(semanage_handle_t * sh, int usepasswd)
+int semanage_genhomedircon(semanage_handle_t * sh,
+			   sepol_policydb_t * policydb,
+			   int usepasswd)
 {
 	genhomedircon_settings_t s;
 	FILE *out = NULL;
@@ -725,6 +782,7 @@
 
 	s.usepasswd = usepasswd;
 	s.h_semanage = sh;
+	s.policydb = policydb;
 
 	if (!(out = fopen(s.fcfilepath, "w"))) {
 		/* couldn't open output file */
Index: libsemanage/src/genhomedircon.h
===================================================================
--- libsemanage/src/genhomedircon.h	(revision 2587)
+++ libsemanage/src/genhomedircon.h	(working copy)
@@ -22,6 +22,7 @@
 
 #include "utilities.h"
 
-int semanage_genhomedircon(semanage_handle_t * sh, int usepasswd);
+int semanage_genhomedircon(semanage_handle_t * sh,
+			   sepol_policydb_t * policydb, int usepasswd);
 
 #endif
Index: libsemanage/src/direct_api.c
===================================================================
--- libsemanage/src/direct_api.c	(revision 2587)
+++ libsemanage/src/direct_api.c	(working copy)
@@ -702,7 +702,7 @@
 		goto cleanup;
 
 	if (sh->do_rebuild || modified) {
-		retval = semanage_install_sandbox(sh);
+		retval = semanage_install_sandbox(sh, out);
 	}
 
       cleanup:
Index: libsemanage/src/semanage_store.c
===================================================================
--- libsemanage/src/semanage_store.c	(revision 2587)
+++ libsemanage/src/semanage_store.c	(working copy)
@@ -1279,7 +1279,8 @@
  * should be placed within a mutex lock to ensure that it runs
  * atomically.	Returns commit number on success, -1 on error.
  */
-int semanage_install_sandbox(semanage_handle_t * sh)
+int semanage_install_sandbox(semanage_handle_t * sh,
+			     sepol_policydb_t * policydb)
 {
 	int retval = -1, commit_num = -1;
 
@@ -1294,7 +1295,7 @@
 	}
 	if (!sh->conf->disable_genhomedircon) {
 		if ((retval =
-		     semanage_genhomedircon(sh, TRUE)) != 0) {
+		     semanage_genhomedircon(sh, policydb, TRUE)) != 0) {
 			ERR(sh, "semanage_genhomedircon returned error code %d.",
 			    retval);
 			goto cleanup;
Index: libsemanage/src/semanage_store.h
===================================================================
--- libsemanage/src/semanage_store.h	(revision 2587)
+++ libsemanage/src/semanage_store.h	(working copy)
@@ -83,8 +83,6 @@
 int semanage_get_modules_names(semanage_handle_t * sh,
 			       char ***filenames, int *len);
 
-int semanage_install_sandbox(semanage_handle_t * sh);
-
 /* lock file routines */
 int semanage_get_trans_lock(semanage_handle_t * sh);
 int semanage_get_active_lock(semanage_handle_t * sh);
@@ -102,7 +100,8 @@
 int semanage_write_policydb(semanage_handle_t * sh,
 			    sepol_policydb_t * policydb);
 
-int semanage_install_sandbox(semanage_handle_t * sh);
+int semanage_install_sandbox(semanage_handle_t * sh,
+			     sepol_policydb_t * policydb);
 
 int semanage_verify_modules(semanage_handle_t * sh,
 			    char **module_filenames, int num_modules);

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: I am concerned about putting genhomedircon changes inlibsemanage into Fedora 8.

[Stephen Smalley]

On Wed, 2007-09-26 at 16:01 -0400, Todd C. Miller wrote:
> I've added the checks Steve suggested.  It doesn't appear to cause
> any new regressions.  I didn't do a real parse of the contexts file
> line--I just grab the last whitespace-delimited field.  This should
> be sufficient since the line comes from the template file and the
> added checks will reject a bogus context, should it occur.
> 
>  - todd
> 
> Index: libsemanage/src/genhomedircon.c
> ===================================================================
> --- libsemanage/src/genhomedircon.c	(revision 2587)
> +++ libsemanage/src/genhomedircon.c	(working copy)
> @@ -1,5 +1,6 @@
> -/* Author: Mark Goldman   <mgoldman@tresys.com>
> - * 			Paul Rosenfeld	<prosenfeld@tresys.com>
> +/* Author: Mark Goldman	  <mgoldman@tresys.com>
> + * 	   Paul Rosenfeld <prosenfeld@tresys.com>
> + * 	   Todd C. Miller <tmiller@tresys.com>
>   *
>   * Copyright (C) 2007 Tresys Technology, LLC
>   *
> @@ -23,6 +24,9 @@
>  #include <semanage/seusers_policy.h>
>  #include <semanage/users_policy.h>
>  #include <semanage/user_record.h>
> +#include <sepol/context.h>
> +#include <sepol/context_record.h>
> +#include <sepol/policydb/context.h>

That last include shouldn't be necessary - the headers under
sepol/policydb/ are private to the static lib.

>  #include "semanage_store.h"
>  #include "seuser_internal.h"
>  #include "debug.h"
> @@ -80,6 +84,7 @@
>  	int usepasswd;
>  	const char *homedir_template_path;
>  	semanage_handle_t *h_semanage;
> +	sepol_policydb_t *policydb;
>  } genhomedircon_settings_t;
>  
>  typedef struct user_entry {
> @@ -352,10 +357,47 @@
>  	return retval;
>  }
>  
> -static int write_home_dir_context(FILE * out, semanage_list_t * tpl,
> -				  const char *user, const char *seuser,
> -				  const char *home, const char *role_prefix)
> +static const char * extract_context(Ustr *line)
>  {
> +	const char whitespace[] = " \t\n";
> +	size_t off, len;
> +
> +	/* check for trailing whitespace */
> +	off = ustr_spn_chrs_rev(line, 0, whitespace, strlen(whitespace));
> +
> +	/* find the length of the last field in line */
> +	len = ustr_cspn_chrs_rev(line, off, whitespace, strlen(whitespace));
> +
> +	if (len == 0)
> +		return NULL;
> +	return ustr_cstr(line) + ustr_len(line) - (len + off);
> +}
> +
> +static int check_line(genhomedircon_settings_t * s, Ustr *line)
> +{
> +	sepol_context_t *ctx_record = NULL;
> +	const char *ctx_str;
> +	int result;
> +
> +	ctx_str = extract_context(line);
> +	if (!ctx_str)
> +		return STATUS_ERR;
> +
> +	result = sepol_context_from_string(s->h_semanage->sepolh,
> +					   ctx_str, &ctx_record);
> +	if (result == STATUS_SUCCESS && ctx_record != NULL) {
> +		result = sepol_context_check(s->h_semanage->sepolh,
> +					     s->policydb, ctx_record);
> +		sepol_context_free(ctx_record);
> +	}
> +	return result;
> +}
> +
> +static int write_home_dir_context(genhomedircon_settings_t * s, FILE * out,
> +				  semanage_list_t * tpl, const char *user,
> +				  const char *seuser, const char *home,
> +				  const char *role_prefix)
> +{
>  	replacement_pair_t repl[] = {
>  		{.search_for = TEMPLATE_SEUSER,.replace_with = seuser},
>  		{.search_for = TEMPLATE_HOME_DIR,.replace_with = home},
> @@ -369,8 +411,12 @@
>  
>  	for (; tpl; tpl = tpl->next) {
>  		line = replace_all(tpl->data, repl);
> -		if (!line || !ustr_io_putfileline(&line, out))
> +		if (!line)
>  			goto fail;
> +		if (check_line(s, line) == STATUS_SUCCESS) {
> +			if (!ustr_io_putfileline(&line, out))
> +				goto fail;
> +		}
>  		ustr_sc_free(&line);
>  	}
>  	return STATUS_SUCCESS;
> @@ -380,8 +426,8 @@
>  	return STATUS_ERR;
>  }
>  
> -static int write_home_root_context(FILE * out, semanage_list_t * tpl,
> -				   char *homedir)
> +static int write_home_root_context(genhomedircon_settings_t * s, FILE * out,
> +				   semanage_list_t * tpl, char *homedir)
>  {
>  	replacement_pair_t repl[] = {
>  		{.search_for = TEMPLATE_HOME_ROOT,.replace_with = homedir},
> @@ -391,8 +437,12 @@
>  
>  	for (; tpl; tpl = tpl->next) {
>  		line = replace_all(tpl->data, repl);
> -		if (!line || !ustr_io_putfileline(&line, out))
> +		if (!line)
>  			goto fail;
> +		if (check_line(s, line) == STATUS_SUCCESS) {
> +			if (!ustr_io_putfileline(&line, out))
> +				goto fail;
> +		}
>  		ustr_sc_free(&line);
>  	}
>  	return STATUS_SUCCESS;
> @@ -402,7 +452,8 @@
>  	return STATUS_ERR;
>  }
>  
> -static int write_user_context(FILE * out, semanage_list_t * tpl, char *user,
> +static int write_user_context(genhomedircon_settings_t * s, FILE * out,
> +			      semanage_list_t * tpl, char *user,
>  			      char *seuser, char *role_prefix)
>  {
>  	replacement_pair_t repl[] = {
> @@ -415,8 +466,12 @@
>  
>  	for (; tpl; tpl = tpl->next) {
>  		line = replace_all(tpl->data, repl);
> -		if (!line || !ustr_io_putfileline(&line, out))
> +		if (!line)
>  			goto fail;
> +		if (check_line(s, line) == STATUS_SUCCESS) {
> +			if (!ustr_io_putfileline(&line, out))
> +				goto fail;
> +		}
>  		ustr_sc_free(&line);
>  	}
>  	return STATUS_SUCCESS;
> @@ -602,7 +657,7 @@
>  	return head;
>  }
>  
> -static int write_gen_home_dir_context(FILE * out, genhomedircon_settings_t * s,
> +static int write_gen_home_dir_context(genhomedircon_settings_t * s, FILE * out,
>  				      semanage_list_t * user_context_tpl,
>  				      semanage_list_t * homedir_context_tpl)
>  {
> @@ -615,13 +670,13 @@
>  	}
>  
>  	for (; users; pop_user_entry(&users)) {
> -		if (write_home_dir_context(out, homedir_context_tpl,
> +		if (write_home_dir_context(s, out, homedir_context_tpl,
>  					   users->name,
>  					   users->sename, users->home,
>  					   users->prefix)) {
>  			return STATUS_ERR;
>  		}
> -		if (write_user_context(out, user_context_tpl, users->name,
> +		if (write_user_context(s, out, user_context_tpl, users->name,
>  				       users->sename, users->prefix)) {
>  			return STATUS_ERR;
>  		}
> @@ -671,7 +726,7 @@
>  			goto done;
>  		}
>  
> -		if (write_home_dir_context(out,
> +		if (write_home_dir_context(s, out,
>  					   homedir_context_tpl, FALLBACK_USER,
>  					   FALLBACK_USER, ustr_cstr(temp),
>  					   FALLBACK_USER_PREFIX) !=
> @@ -680,7 +735,7 @@
>  			retval = STATUS_ERR;
>  			goto done;
>  		}
> -		if (write_home_root_context(out,
> +		if (write_home_root_context(s, out,
>  					    homeroot_context_tpl,
>  					    h->data) != STATUS_SUCCESS) {
>  			ustr_sc_free(&temp);
> @@ -690,13 +745,13 @@
>  
>  		ustr_sc_free(&temp);
>  	}
> -	if (write_user_context(out, user_context_tpl,
> +	if (write_user_context(s, out, user_context_tpl,
>  			       ".*", FALLBACK_USER,
>  			       FALLBACK_USER_PREFIX) != STATUS_SUCCESS) {
>  		retval = STATUS_ERR;
>  		goto done;
>  	}
> -	if (write_gen_home_dir_context(out, s, user_context_tpl,
> +	if (write_gen_home_dir_context(s, out, user_context_tpl,
>  				       homedir_context_tpl) != STATUS_SUCCESS) {
>  		retval = STATUS_ERR;
>  	}
> @@ -711,7 +766,9 @@
>  	return retval;
>  }
>  
> -int semanage_genhomedircon(semanage_handle_t * sh, int usepasswd)
> +int semanage_genhomedircon(semanage_handle_t * sh,
> +			   sepol_policydb_t * policydb,
> +			   int usepasswd)
>  {
>  	genhomedircon_settings_t s;
>  	FILE *out = NULL;
> @@ -725,6 +782,7 @@
>  
>  	s.usepasswd = usepasswd;
>  	s.h_semanage = sh;
> +	s.policydb = policydb;
>  
>  	if (!(out = fopen(s.fcfilepath, "w"))) {
>  		/* couldn't open output file */
> Index: libsemanage/src/genhomedircon.h
> ===================================================================
> --- libsemanage/src/genhomedircon.h	(revision 2587)
> +++ libsemanage/src/genhomedircon.h	(working copy)
> @@ -22,6 +22,7 @@
>  
>  #include "utilities.h"
>  
> -int semanage_genhomedircon(semanage_handle_t * sh, int usepasswd);
> +int semanage_genhomedircon(semanage_handle_t * sh,
> +			   sepol_policydb_t * policydb, int usepasswd);
>  
>  #endif
> Index: libsemanage/src/direct_api.c
> ===================================================================
> --- libsemanage/src/direct_api.c	(revision 2587)
> +++ libsemanage/src/direct_api.c	(working copy)
> @@ -702,7 +702,7 @@
>  		goto cleanup;
>  
>  	if (sh->do_rebuild || modified) {
> -		retval = semanage_install_sandbox(sh);
> +		retval = semanage_install_sandbox(sh, out);
>  	}
>  
>        cleanup:
> Index: libsemanage/src/semanage_store.c
> ===================================================================
> --- libsemanage/src/semanage_store.c	(revision 2587)
> +++ libsemanage/src/semanage_store.c	(working copy)
> @@ -1279,7 +1279,8 @@
>   * should be placed within a mutex lock to ensure that it runs
>   * atomically.	Returns commit number on success, -1 on error.
>   */
> -int semanage_install_sandbox(semanage_handle_t * sh)
> +int semanage_install_sandbox(semanage_handle_t * sh,
> +			     sepol_policydb_t * policydb)
>  {
>  	int retval = -1, commit_num = -1;
>  
> @@ -1294,7 +1295,7 @@
>  	}
>  	if (!sh->conf->disable_genhomedircon) {
>  		if ((retval =
> -		     semanage_genhomedircon(sh, TRUE)) != 0) {
> +		     semanage_genhomedircon(sh, policydb, TRUE)) != 0) {
>  			ERR(sh, "semanage_genhomedircon returned error code %d.",
>  			    retval);
>  			goto cleanup;
> Index: libsemanage/src/semanage_store.h
> ===================================================================
> --- libsemanage/src/semanage_store.h	(revision 2587)
> +++ libsemanage/src/semanage_store.h	(working copy)
> @@ -83,8 +83,6 @@
>  int semanage_get_modules_names(semanage_handle_t * sh,
>  			       char ***filenames, int *len);
>  
> -int semanage_install_sandbox(semanage_handle_t * sh);
> -
>  /* lock file routines */
>  int semanage_get_trans_lock(semanage_handle_t * sh);
>  int semanage_get_active_lock(semanage_handle_t * sh);
> @@ -102,7 +100,8 @@
>  int semanage_write_policydb(semanage_handle_t * sh,
>  			    sepol_policydb_t * policydb);
>  
> -int semanage_install_sandbox(semanage_handle_t * sh);
> +int semanage_install_sandbox(semanage_handle_t * sh,
> +			     sepol_policydb_t * policydb);
>  
>  int semanage_verify_modules(semanage_handle_t * sh,
>  			    char **module_filenames, int num_modules);
-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: I am concerned about putting genhomedircon changes inlibsemanage into Fedora 8.

[Stephen Smalley]

On Wed, 2007-09-26 at 16:00 -0400, Stephen Smalley wrote:
> On Wed, 2007-09-26 at 16:01 -0400, Todd C. Miller wrote:
> > I've added the checks Steve suggested.  It doesn't appear to cause
> > any new regressions.  I didn't do a real parse of the contexts file
> > line--I just grab the last whitespace-delimited field.  This should
> > be sufficient since the line comes from the template file and the
> > added checks will reject a bogus context, should it occur.
> > 
> >  - todd
> > 
> > Index: libsemanage/src/genhomedircon.c
> > ===================================================================
> > --- libsemanage/src/genhomedircon.c	(revision 2587)
> > +++ libsemanage/src/genhomedircon.c	(working copy)
> > @@ -1,5 +1,6 @@
> > -/* Author: Mark Goldman   <mgoldman@tresys.com>
> > - * 			Paul Rosenfeld	<prosenfeld@tresys.com>
> > +/* Author: Mark Goldman	  <mgoldman@tresys.com>
> > + * 	   Paul Rosenfeld <prosenfeld@tresys.com>
> > + * 	   Todd C. Miller <tmiller@tresys.com>
> >   *
> >   * Copyright (C) 2007 Tresys Technology, LLC
> >   *
> > @@ -23,6 +24,9 @@
> >  #include <semanage/seusers_policy.h>
> >  #include <semanage/users_policy.h>
> >  #include <semanage/user_record.h>
> > +#include <sepol/context.h>
> > +#include <sepol/context_record.h>
> > +#include <sepol/policydb/context.h>
> 
> That last include shouldn't be necessary - the headers under
> sepol/policydb/ are private to the static lib.

Other tidbits:
- Running semodule -B with this patch applied yields error messages from
libsepol on the invalid contexts.  Quiet it via something like:
  sepol_msg_set_callback(s->h_semanage->sepolh, NULL, NULL);
  result = sepol_context_check(...);
  sepol_msg_set_callback(s->h_semanage->sepolh, semanage_msg_relay_handler, NULL);

- A diff of file_contexts.homedirs generated via libsemanage vs. the
old /usr/sbin/genhomedircon script shows differences on rawhide.  Not
sure who is right.  Diff below.

diff -bwru files.0/file_contexts.homedirs files/file_contexts.homedirs
--- files.0/file_contexts.homedirs	2007-09-25 19:49:39.000000000 -0400
+++ files/file_contexts.homedirs	2007-09-25 19:50:09.000000000 -0400
@@ -1,30 +1,53 @@
-
 #
 #
-# User-specific file contexts, generated via /usr/sbin/genhomedircon
-# use semanage command to manage system users in order to change the file_context
+# User-specific file contexts, generated via libsemanage
+# use semanage command to manage system users to change the file_context
 #
 #
 
 
 #
-# Home Context for user system_u
+# Home Context for user user_u
 #
 
-/home/[^/]*/.+	system_u:object_r:user_home_t:s0
-/home/[^/]*/.*/plugins/nprhapengine\.so.*	--	system_u:object_r:textrel_shlib_t:s0
-/home/[^/]*/.*/plugins/libflashplayer\.so.*	--	system_u:object_r:textrel_shlib_t:s0
-/home/[^/]*/((www)|(web)|(public_html))(/.+)?	system_u:object_r:httpd_user_content_t:s0
-/home/[^/]*/\.mozilla(/.*)?/plugins/libflashplayer\.so.*	--	system_u:object_r:textrel_shlib_t:s0
-/home/[^/]*/\.config/gtk-.*	system_u:object_r:user_gnome_home_t:s0
-/home/[^/]*	-d	system_u:object_r:user_home_dir_t:s0
+/home/[^/]*/.+	user_u:object_r:user_home_t:s0
+/home/[^/]*/.gnome2(/.*)?	user_u:object_r:user_gnome_home_t:s0
+/home/[^/]*/.*/plugins/nprhapengine\.so.*	--	user_u:object_r:textrel_shlib_t:s0
+/home/[^/]*/.*/plugins/libflashplayer\.so.*	--	user_u:object_r:textrel_shlib_t:s0
+/home/[^/]*/((www)|(web)|(public_html))(/.+)?	user_u:object_r:httpd_user_content_t:s0
+/home/[^/]*/\.ssh(/.*)?	user_u:object_r:user_home_ssh_t:s0
+/home/[^/]*/\.uml(/.*)?	user_u:object_r:user_uml_rw_t:s0
+/home/[^/]*/\.java(/.*)?	user_u:object_r:user_mozilla_home_t:s0
+/home/[^/]*/\.xauth.*	--	user_u:object_r:user_xauth_home_t:s0
+/home/[^/]*/\.fonts(/.*)?	user_u:object_r:user_fonts_t:s0
+/home/[^/]*/\.pyzor(/.*)?	user_u:object_r:user_pyzor_home_t:s0
+/home/[^/]*/\.razor(/.*)?	user_u:object_r:user_razor_home_t:s0
+/home/[^/]*/vmware(/.*)?	user_u:object_r:user_vmware_file_t:s0
+/home/[^/]*/\.galeon(/.*)?	user_u:object_r:user_mozilla_home_t:s0
+/home/[^/]*/\.vmware(/.*)?	user_u:object_r:user_vmware_file_t:s0
+/home/[^/]*/\.vmware[^/]*/.*\.cfg	--	user_u:object_r:user_vmware_conf_t:s0
+/home/[^/]*/\.mozilla(/.*)?	user_u:object_r:user_mozilla_home_t:s0
+/home/[^/]*/\.phoenix(/.*)?	user_u:object_r:user_mozilla_home_t:s0
+/home/[^/]*/\.mplayer(/.*)?	user_u:object_r:user_mplayer_home_t:s0
+/home/[^/]*/\.mozilla(/.*)?/plugins/libflashplayer\.so.*	--	user_u:object_r:textrel_shlib_t:s0
+/home/[^/]*/\.ethereal(/.*)?	user_u:object_r:user_ethereal_home_t:s0
+/home/[^/]*/\.netscape(/.*)?	user_u:object_r:user_mozilla_home_t:s0
+/home/[^/]*/\.Xauthority.*	--	user_u:object_r:user_xauth_home_t:s0
+/home/[^/]*/\.fonts/auto(/.*)?	user_u:object_r:user_fonts_cache_t:s0
+/home/[^/]*/\.config/gtk-.*	user_u:object_r:user_gnome_home_t:s0
+/home/[^/]*/\.fonts\.cache-.*	--	user_u:object_r:user_fonts_cache_t:s0
+/home/[^/]*/\.ICEauthority.*	--	user_u:object_r:user_iceauth_home_t:s0
+/home/[^/]*/\.spamassassin(/.*)?	user_u:object_r:user_spamassassin_home_t:s0
+/home/[^/]*	-d	user_u:object_r:user_home_dir_t:s0
+/home/[^/]*	-l	user_u:object_r:user_home_dir_t:s0
+/home/[^/]*/\.ircmotd	--	user_u:object_r:user_irc_home_t:s0
+/home/[^/]*/\.screenrc	--	user_u:object_r:user_screen_ro_home_t:s0
+/home/[^/]*/\.fonts\.conf	--	user_u:object_r:user_fonts_config_t:s0
 /home/lost\+found/.*	<<none>>
 /home	-d	system_u:object_r:home_root_t:s0
 /home/\.journal	<<none>>
 /home/lost\+found	-d	system_u:object_r:lost_found_t:s0
-/tmp/\.exchange-.*(/.*)?	system_u:object_r:user_evolution_exchange_tmp_t:s0
-/tmp/gconfd-.*	-d	system_u:object_r:user_tmp_t:s0
-
+/tmp/gconfd-.*	-d	user_u:object_r:user_tmp_t:s0
 
 
 #
@@ -32,12 +55,36 @@
 #
 
 /root/.+	root:object_r:sysadm_home_t:s0
+/root/.gnome2(/.*)?	root:object_r:sysadm_gnome_home_t:s0
 /root/.*/plugins/nprhapengine\.so.*	--	root:object_r:textrel_shlib_t:s0
 /root/.*/plugins/libflashplayer\.so.*	--	root:object_r:textrel_shlib_t:s0
 /root/((www)|(web)|(public_html))(/.+)?	root:object_r:httpd_sysadm_content_t:s0
+/root/\.ssh(/.*)?	root:object_r:sysadm_home_ssh_t:s0
+/root/\.uml(/.*)?	root:object_r:sysadm_uml_rw_t:s0
+/root/\.java(/.*)?	root:object_r:sysadm_mozilla_home_t:s0
+/root/\.xauth.*	--	root:object_r:sysadm_xauth_home_t:s0
+/root/\.fonts(/.*)?	root:object_r:sysadm_fonts_t:s0
+/root/\.pyzor(/.*)?	root:object_r:sysadm_pyzor_home_t:s0
+/root/\.razor(/.*)?	root:object_r:sysadm_razor_home_t:s0
+/root/vmware(/.*)?	root:object_r:sysadm_vmware_file_t:s0
+/root/\.galeon(/.*)?	root:object_r:sysadm_mozilla_home_t:s0
+/root/\.vmware(/.*)?	root:object_r:sysadm_vmware_file_t:s0
+/root/\.vmware[^/]*/.*\.cfg	--	root:object_r:sysadm_vmware_conf_t:s0
+/root/\.mozilla(/.*)?	root:object_r:sysadm_mozilla_home_t:s0
+/root/\.phoenix(/.*)?	root:object_r:sysadm_mozilla_home_t:s0
+/root/\.mplayer(/.*)?	root:object_r:sysadm_mplayer_home_t:s0
 /root/\.mozilla(/.*)?/plugins/libflashplayer\.so.*	--	root:object_r:textrel_shlib_t:s0
+/root/\.ethereal(/.*)?	root:object_r:sysadm_ethereal_home_t:s0
+/root/\.netscape(/.*)?	root:object_r:sysadm_mozilla_home_t:s0
+/root/\.Xauthority.*	--	root:object_r:sysadm_xauth_home_t:s0
+/root/\.fonts/auto(/.*)?	root:object_r:sysadm_fonts_cache_t:s0
 /root/\.config/gtk-.*	root:object_r:sysadm_gnome_home_t:s0
+/root/\.fonts\.cache-.*	--	root:object_r:sysadm_fonts_cache_t:s0
+/root/\.ICEauthority.*	--	root:object_r:sysadm_iceauth_home_t:s0
+/root/\.spamassassin(/.*)?	root:object_r:sysadm_spamassassin_home_t:s0
 /root	-d	root:object_r:sysadm_home_dir_t:s0
-/tmp/\.exchange-root(/.*)?	root:object_r:sysadm_evolution_exchange_tmp_t:s0
+/root	-l	root:object_r:sysadm_home_dir_t:s0
+/root/\.ircmotd	--	root:object_r:sysadm_irc_home_t:s0
+/root/\.screenrc	--	root:object_r:sysadm_screen_ro_home_t:s0
+/root/\.fonts\.conf	--	root:object_r:sysadm_fonts_config_t:s0
 /tmp/gconfd-root	-d	root:object_r:sysadm_tmp_t:s0
-

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: I am concerned about putting genhomedircon changes inlibsemanage into Fedora 8.

[Daniel J Walsh]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Stephen Smalley wrote:
> On Wed, 2007-09-26 at 16:00 -0400, Stephen Smalley wrote:
>> On Wed, 2007-09-26 at 16:01 -0400, Todd C. Miller wrote:
>>> I've added the checks Steve suggested.  It doesn't appear to cause
>>> any new regressions.  I didn't do a real parse of the contexts file
>>> line--I just grab the last whitespace-delimited field.  This should
>>> be sufficient since the line comes from the template file and the
>>> added checks will reject a bogus context, should it occur.
>>>
>>>  - todd
>>>
>>> Index: libsemanage/src/genhomedircon.c
>>> ===================================================================
>>> --- libsemanage/src/genhomedircon.c	(revision 2587)
>>> +++ libsemanage/src/genhomedircon.c	(working copy)
>>> @@ -1,5 +1,6 @@
>>> -/* Author: Mark Goldman   <mgoldman@tresys.com>
>>> - * 			Paul Rosenfeld	<prosenfeld@tresys.com>
>>> +/* Author: Mark Goldman	  <mgoldman@tresys.com>
>>> + * 	   Paul Rosenfeld <prosenfeld@tresys.com>
>>> + * 	   Todd C. Miller <tmiller@tresys.com>
>>>   *
>>>   * Copyright (C) 2007 Tresys Technology, LLC
>>>   *
>>> @@ -23,6 +24,9 @@
>>>  #include <semanage/seusers_policy.h>
>>>  #include <semanage/users_policy.h>
>>>  #include <semanage/user_record.h>
>>> +#include <sepol/context.h>
>>> +#include <sepol/context_record.h>
>>> +#include <sepol/policydb/context.h>
>> That last include shouldn't be necessary - the headers under
>> sepol/policydb/ are private to the static lib.
> 
> Other tidbits:
> - Running semodule -B with this patch applied yields error messages from
> libsepol on the invalid contexts.  Quiet it via something like:
>   sepol_msg_set_callback(s->h_semanage->sepolh, NULL, NULL);
>   result = sepol_context_check(...);
>   sepol_msg_set_callback(s->h_semanage->sepolh, semanage_msg_relay_handler, NULL);
> 
> - A diff of file_contexts.homedirs generated via libsemanage vs. the
> old /usr/sbin/genhomedircon script shows differences on rawhide.  Not
> sure who is right.  Diff below.
> 
> diff -bwru files.0/file_contexts.homedirs files/file_contexts.homedirs
> --- files.0/file_contexts.homedirs	2007-09-25 19:49:39.000000000 -0400
> +++ files/file_contexts.homedirs	2007-09-25 19:50:09.000000000 -0400
> @@ -1,30 +1,53 @@
> -
>  #
>  #
> -# User-specific file contexts, generated via /usr/sbin/genhomedircon
> -# use semanage command to manage system users in order to change the file_context
> +# User-specific file contexts, generated via libsemanage
> +# use semanage command to manage system users to change the file_context
>  #
>  #
>  
>  
>  #
> -# Home Context for user system_u
> +# Home Context for user user_u
>  #
>  
> -/home/[^/]*/.+	system_u:object_r:user_home_t:s0
> -/home/[^/]*/.*/plugins/nprhapengine\.so.*	--	system_u:object_r:textrel_shlib_t:s0
> -/home/[^/]*/.*/plugins/libflashplayer\.so.*	--	system_u:object_r:textrel_shlib_t:s0
> -/home/[^/]*/((www)|(web)|(public_html))(/.+)?	system_u:object_r:httpd_user_content_t:s0
> -/home/[^/]*/\.mozilla(/.*)?/plugins/libflashplayer\.so.*	--	system_u:object_r:textrel_shlib_t:s0
> -/home/[^/]*/\.config/gtk-.*	system_u:object_r:user_gnome_home_t:s0
> -/home/[^/]*	-d	system_u:object_r:user_home_dir_t:s0
> +/home/[^/]*/.+	user_u:object_r:user_home_t:s0
> +/home/[^/]*/.gnome2(/.*)?	user_u:object_r:user_gnome_home_t:s0
> +/home/[^/]*/.*/plugins/nprhapengine\.so.*	--	user_u:object_r:textrel_shlib_t:s0
> +/home/[^/]*/.*/plugins/libflashplayer\.so.*	--	user_u:object_r:textrel_shlib_t:s0
> +/home/[^/]*/((www)|(web)|(public_html))(/.+)?	user_u:object_r:httpd_user_content_t:s0
> +/home/[^/]*/\.ssh(/.*)?	user_u:object_r:user_home_ssh_t:s0
> +/home/[^/]*/\.uml(/.*)?	user_u:object_r:user_uml_rw_t:s0
> +/home/[^/]*/\.java(/.*)?	user_u:object_r:user_mozilla_home_t:s0
> +/home/[^/]*/\.xauth.*	--	user_u:object_r:user_xauth_home_t:s0
> +/home/[^/]*/\.fonts(/.*)?	user_u:object_r:user_fonts_t:s0
> +/home/[^/]*/\.pyzor(/.*)?	user_u:object_r:user_pyzor_home_t:s0
> +/home/[^/]*/\.razor(/.*)?	user_u:object_r:user_razor_home_t:s0
> +/home/[^/]*/vmware(/.*)?	user_u:object_r:user_vmware_file_t:s0
> +/home/[^/]*/\.galeon(/.*)?	user_u:object_r:user_mozilla_home_t:s0
> +/home/[^/]*/\.vmware(/.*)?	user_u:object_r:user_vmware_file_t:s0
> +/home/[^/]*/\.vmware[^/]*/.*\.cfg	--	user_u:object_r:user_vmware_conf_t:s0
> +/home/[^/]*/\.mozilla(/.*)?	user_u:object_r:user_mozilla_home_t:s0
> +/home/[^/]*/\.phoenix(/.*)?	user_u:object_r:user_mozilla_home_t:s0
> +/home/[^/]*/\.mplayer(/.*)?	user_u:object_r:user_mplayer_home_t:s0
> +/home/[^/]*/\.mozilla(/.*)?/plugins/libflashplayer\.so.*	--	user_u:object_r:textrel_shlib_t:s0
> +/home/[^/]*/\.ethereal(/.*)?	user_u:object_r:user_ethereal_home_t:s0
> +/home/[^/]*/\.netscape(/.*)?	user_u:object_r:user_mozilla_home_t:s0
> +/home/[^/]*/\.Xauthority.*	--	user_u:object_r:user_xauth_home_t:s0
> +/home/[^/]*/\.fonts/auto(/.*)?	user_u:object_r:user_fonts_cache_t:s0
> +/home/[^/]*/\.config/gtk-.*	user_u:object_r:user_gnome_home_t:s0
> +/home/[^/]*/\.fonts\.cache-.*	--	user_u:object_r:user_fonts_cache_t:s0
> +/home/[^/]*/\.ICEauthority.*	--	user_u:object_r:user_iceauth_home_t:s0
> +/home/[^/]*/\.spamassassin(/.*)?	user_u:object_r:user_spamassassin_home_t:s0
> +/home/[^/]*	-d	user_u:object_r:user_home_dir_t:s0
> +/home/[^/]*	-l	user_u:object_r:user_home_dir_t:s0
> +/home/[^/]*/\.ircmotd	--	user_u:object_r:user_irc_home_t:s0
> +/home/[^/]*/\.screenrc	--	user_u:object_r:user_screen_ro_home_t:s0
> +/home/[^/]*/\.fonts\.conf	--	user_u:object_r:user_fonts_config_t:s0
>  /home/lost\+found/.*	<<none>>
>  /home	-d	system_u:object_r:home_root_t:s0
>  /home/\.journal	<<none>>
>  /home/lost\+found	-d	system_u:object_r:lost_found_t:s0
> -/tmp/\.exchange-.*(/.*)?	system_u:object_r:user_evolution_exchange_tmp_t:s0
> -/tmp/gconfd-.*	-d	system_u:object_r:user_tmp_t:s0
> -
> +/tmp/gconfd-.*	-d	user_u:object_r:user_tmp_t:s0
>  
>  
>  #
> @@ -32,12 +55,36 @@
>  #
>  
>  /root/.+	root:object_r:sysadm_home_t:s0
> +/root/.gnome2(/.*)?	root:object_r:sysadm_gnome_home_t:s0
>  /root/.*/plugins/nprhapengine\.so.*	--	root:object_r:textrel_shlib_t:s0
>  /root/.*/plugins/libflashplayer\.so.*	--	root:object_r:textrel_shlib_t:s0
>  /root/((www)|(web)|(public_html))(/.+)?	root:object_r:httpd_sysadm_content_t:s0
> +/root/\.ssh(/.*)?	root:object_r:sysadm_home_ssh_t:s0
> +/root/\.uml(/.*)?	root:object_r:sysadm_uml_rw_t:s0
> +/root/\.java(/.*)?	root:object_r:sysadm_mozilla_home_t:s0
> +/root/\.xauth.*	--	root:object_r:sysadm_xauth_home_t:s0
> +/root/\.fonts(/.*)?	root:object_r:sysadm_fonts_t:s0
> +/root/\.pyzor(/.*)?	root:object_r:sysadm_pyzor_home_t:s0
> +/root/\.razor(/.*)?	root:object_r:sysadm_razor_home_t:s0
> +/root/vmware(/.*)?	root:object_r:sysadm_vmware_file_t:s0
> +/root/\.galeon(/.*)?	root:object_r:sysadm_mozilla_home_t:s0
> +/root/\.vmware(/.*)?	root:object_r:sysadm_vmware_file_t:s0
> +/root/\.vmware[^/]*/.*\.cfg	--	root:object_r:sysadm_vmware_conf_t:s0
> +/root/\.mozilla(/.*)?	root:object_r:sysadm_mozilla_home_t:s0
> +/root/\.phoenix(/.*)?	root:object_r:sysadm_mozilla_home_t:s0
> +/root/\.mplayer(/.*)?	root:object_r:sysadm_mplayer_home_t:s0
>  /root/\.mozilla(/.*)?/plugins/libflashplayer\.so.*	--	root:object_r:textrel_shlib_t:s0
> +/root/\.ethereal(/.*)?	root:object_r:sysadm_ethereal_home_t:s0
> +/root/\.netscape(/.*)?	root:object_r:sysadm_mozilla_home_t:s0
> +/root/\.Xauthority.*	--	root:object_r:sysadm_xauth_home_t:s0
> +/root/\.fonts/auto(/.*)?	root:object_r:sysadm_fonts_cache_t:s0
>  /root/\.config/gtk-.*	root:object_r:sysadm_gnome_home_t:s0
> +/root/\.fonts\.cache-.*	--	root:object_r:sysadm_fonts_cache_t:s0
> +/root/\.ICEauthority.*	--	root:object_r:sysadm_iceauth_home_t:s0
> +/root/\.spamassassin(/.*)?	root:object_r:sysadm_spamassassin_home_t:s0
>  /root	-d	root:object_r:sysadm_home_dir_t:s0
> -/tmp/\.exchange-root(/.*)?	root:object_r:sysadm_evolution_exchange_tmp_t:s0
> +/root	-l	root:object_r:sysadm_home_dir_t:s0
> +/root/\.ircmotd	--	root:object_r:sysadm_irc_home_t:s0
> +/root/\.screenrc	--	root:object_r:sysadm_screen_ro_home_t:s0
> +/root/\.fonts\.conf	--	root:object_r:sysadm_fonts_config_t:s0
>  /tmp/gconfd-root	-d	root:object_r:sysadm_tmp_t:s0
> -
> 
Add the xguest_u to really see it.

useradd -Z xguest_u xguest

Looks good but the errors have got to go.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFG+sIXrlYvE4MpobMRAjTYAKCI7hKnpV5iBeGYBrqcroGLfBLSiQCghqG2
aIUhiyuxzrBrRRwZwn4IaL8=
=UPgo
-----END PGP SIGNATURE-----

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: I am concerned about putting genhomedircon changesinlibsemanage into Fedora 8.

[Todd Miller]

Stephen Smalley wrote:
> - A diff of file_contexts.homedirs generated via libsemanage vs. the
> old /usr/sbin/genhomedircon script shows differences on rawhide.  Not
> sure who is right.  Diff below.

It looks like the new genhomedircon is being overzealous in its
replacemen
of system_u.

 - todd


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: I am concerned about putting genhomedircon changesinlibsemanage into Fedora 8.

[Stephen Smalley]

On Wed, 2007-09-26 at 17:41 -0400, Todd Miller wrote:
> Stephen Smalley wrote:
> > - A diff of file_contexts.homedirs generated via libsemanage vs. the
> > old /usr/sbin/genhomedircon script shows differences on rawhide.  Not
> > sure who is right.  Diff below.
> 
> It looks like the new genhomedircon is being overzealous in its
> replacemen
> of system_u.

The python script sets the default user from the __default_ entry in
seusers and the default prefix from the default user's prefix.  I don't
see corresponding support in the C implementation; it seems to use a
fixed value of user_u (which I think the python script did too at one
point, but later changed to check __default__).  In rawhide, __default__
is set to system_u rather than user_u for some reason.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: I am concerned about putting genhomedircon changesinlibsemanage into Fedora 8.

[Daniel J Walsh]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Stephen Smalley wrote:
> On Wed, 2007-09-26 at 17:41 -0400, Todd Miller wrote:
>> Stephen Smalley wrote:
>>> - A diff of file_contexts.homedirs generated via libsemanage vs. the
>>> old /usr/sbin/genhomedircon script shows differences on rawhide.  Not
>>> sure who is right.  Diff below.
>> It looks like the new genhomedircon is being overzealous in its
>> replacemen
>> of system_u.
> 
> The python script sets the default user from the __default_ entry in
> seusers and the default prefix from the default user's prefix.  I don't
> see corresponding support in the C implementation; it seems to use a
> fixed value of user_u (which I think the python script did too at one
> point, but later changed to check __default__).  In rawhide, __default__
> is set to system_u rather than user_u for some reason.
> 
I fixed this last night.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFG++/vrlYvE4MpobMRAh/VAKDNQ5TDb3C80W0pOcQSbNwfH2CZqQCgiJk4
V1aCXdmVETy13gbH5/D/Q8k=
=xPPk
-----END PGP SIGNATURE-----

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: I am concerned about putting genhomedircon changesinlibsemanage into Fedora 8.

[Todd C. Miller]

Stephen Smalley wrote:

> That last include shouldn't be necessary - the headers under
> sepol/policydb/ are private to the static lib.

Good catch.  I've removed it from the diff.

 - todd

Index: libsemanage/src/genhomedircon.c
===================================================================
--- libsemanage/src/genhomedircon.c	(revision 2587)
+++ libsemanage/src/genhomedircon.c	(working copy)
@@ -1,5 +1,6 @@
-/* Author: Mark Goldman   <mgoldman@tresys.com>
- * 			Paul Rosenfeld	<prosenfeld@tresys.com>
+/* Author: Mark Goldman	  <mgoldman@tresys.com>
+ * 	   Paul Rosenfeld <prosenfeld@tresys.com>
+ * 	   Todd C. Miller <tmiller@tresys.com>
  *
  * Copyright (C) 2007 Tresys Technology, LLC
  *
@@ -23,6 +24,8 @@
 #include <semanage/seusers_policy.h>
 #include <semanage/users_policy.h>
 #include <semanage/user_record.h>
+#include <sepol/context.h>
+#include <sepol/context_record.h>
 #include "semanage_store.h"
 #include "seuser_internal.h"
 #include "debug.h"
@@ -80,6 +83,7 @@
 	int usepasswd;
 	const char *homedir_template_path;
 	semanage_handle_t *h_semanage;
+	sepol_policydb_t *policydb;
 } genhomedircon_settings_t;
 
 typedef struct user_entry {
@@ -352,10 +356,47 @@
 	return retval;
 }
 
-static int write_home_dir_context(FILE * out, semanage_list_t * tpl,
-				  const char *user, const char *seuser,
-				  const char *home, const char *role_prefix)
+static const char * extract_context(Ustr *line)
 {
+	const char whitespace[] = " \t\n";
+	size_t off, len;
+
+	/* check for trailing whitespace */
+	off = ustr_spn_chrs_rev(line, 0, whitespace, strlen(whitespace));
+
+	/* find the length of the last field in line */
+	len = ustr_cspn_chrs_rev(line, off, whitespace, strlen(whitespace));
+
+	if (len == 0)
+		return NULL;
+	return ustr_cstr(line) + ustr_len(line) - (len + off);
+}
+
+static int check_line(genhomedircon_settings_t * s, Ustr *line)
+{
+	sepol_context_t *ctx_record = NULL;
+	const char *ctx_str;
+	int result;
+
+	ctx_str = extract_context(line);
+	if (!ctx_str)
+		return STATUS_ERR;
+
+	result = sepol_context_from_string(s->h_semanage->sepolh,
+					   ctx_str, &ctx_record);
+	if (result == STATUS_SUCCESS && ctx_record != NULL) {
+		result = sepol_context_check(s->h_semanage->sepolh,
+					     s->policydb, ctx_record);
+		sepol_context_free(ctx_record);
+	}
+	return result;
+}
+
+static int write_home_dir_context(genhomedircon_settings_t * s, FILE * out,
+				  semanage_list_t * tpl, const char *user,
+				  const char *seuser, const char *home,
+				  const char *role_prefix)
+{
 	replacement_pair_t repl[] = {
 		{.search_for = TEMPLATE_SEUSER,.replace_with = seuser},
 		{.search_for = TEMPLATE_HOME_DIR,.replace_with = home},
@@ -369,8 +410,12 @@
 
 	for (; tpl; tpl = tpl->next) {
 		line = replace_all(tpl->data, repl);
-		if (!line || !ustr_io_putfileline(&line, out))
+		if (!line)
 			goto fail;
+		if (check_line(s, line) == STATUS_SUCCESS) {
+			if (!ustr_io_putfileline(&line, out))
+				goto fail;
+		}
 		ustr_sc_free(&line);
 	}
 	return STATUS_SUCCESS;
@@ -380,8 +425,8 @@
 	return STATUS_ERR;
 }
 
-static int write_home_root_context(FILE * out, semanage_list_t * tpl,
-				   char *homedir)
+static int write_home_root_context(genhomedircon_settings_t * s, FILE * out,
+				   semanage_list_t * tpl, char *homedir)
 {
 	replacement_pair_t repl[] = {
 		{.search_for = TEMPLATE_HOME_ROOT,.replace_with = homedir},
@@ -391,8 +436,12 @@
 
 	for (; tpl; tpl = tpl->next) {
 		line = replace_all(tpl->data, repl);
-		if (!line || !ustr_io_putfileline(&line, out))
+		if (!line)
 			goto fail;
+		if (check_line(s, line) == STATUS_SUCCESS) {
+			if (!ustr_io_putfileline(&line, out))
+				goto fail;
+		}
 		ustr_sc_free(&line);
 	}
 	return STATUS_SUCCESS;
@@ -402,7 +451,8 @@
 	return STATUS_ERR;
 }
 
-static int write_user_context(FILE * out, semanage_list_t * tpl, char *user,
+static int write_user_context(genhomedircon_settings_t * s, FILE * out,
+			      semanage_list_t * tpl, char *user,
 			      char *seuser, char *role_prefix)
 {
 	replacement_pair_t repl[] = {
@@ -415,8 +465,12 @@
 
 	for (; tpl; tpl = tpl->next) {
 		line = replace_all(tpl->data, repl);
-		if (!line || !ustr_io_putfileline(&line, out))
+		if (!line)
 			goto fail;
+		if (check_line(s, line) == STATUS_SUCCESS) {
+			if (!ustr_io_putfileline(&line, out))
+				goto fail;
+		}
 		ustr_sc_free(&line);
 	}
 	return STATUS_SUCCESS;
@@ -602,7 +656,7 @@
 	return head;
 }
 
-static int write_gen_home_dir_context(FILE * out, genhomedircon_settings_t * s,
+static int write_gen_home_dir_context(genhomedircon_settings_t * s, FILE * out,
 				      semanage_list_t * user_context_tpl,
 				      semanage_list_t * homedir_context_tpl)
 {
@@ -615,13 +669,13 @@
 	}
 
 	for (; users; pop_user_entry(&users)) {
-		if (write_home_dir_context(out, homedir_context_tpl,
+		if (write_home_dir_context(s, out, homedir_context_tpl,
 					   users->name,
 					   users->sename, users->home,
 					   users->prefix)) {
 			return STATUS_ERR;
 		}
-		if (write_user_context(out, user_context_tpl, users->name,
+		if (write_user_context(s, out, user_context_tpl, users->name,
 				       users->sename, users->prefix)) {
 			return STATUS_ERR;
 		}
@@ -671,7 +725,7 @@
 			goto done;
 		}
 
-		if (write_home_dir_context(out,
+		if (write_home_dir_context(s, out,
 					   homedir_context_tpl, FALLBACK_USER,
 					   FALLBACK_USER, ustr_cstr(temp),
 					   FALLBACK_USER_PREFIX) !=
@@ -680,7 +734,7 @@
 			retval = STATUS_ERR;
 			goto done;
 		}
-		if (write_home_root_context(out,
+		if (write_home_root_context(s, out,
 					    homeroot_context_tpl,
 					    h->data) != STATUS_SUCCESS) {
 			ustr_sc_free(&temp);
@@ -690,13 +744,13 @@
 
 		ustr_sc_free(&temp);
 	}
-	if (write_user_context(out, user_context_tpl,
+	if (write_user_context(s, out, user_context_tpl,
 			       ".*", FALLBACK_USER,
 			       FALLBACK_USER_PREFIX) != STATUS_SUCCESS) {
 		retval = STATUS_ERR;
 		goto done;
 	}
-	if (write_gen_home_dir_context(out, s, user_context_tpl,
+	if (write_gen_home_dir_context(s, out, user_context_tpl,
 				       homedir_context_tpl) != STATUS_SUCCESS) {
 		retval = STATUS_ERR;
 	}
@@ -711,7 +765,9 @@
 	return retval;
 }
 
-int semanage_genhomedircon(semanage_handle_t * sh, int usepasswd)
+int semanage_genhomedircon(semanage_handle_t * sh,
+			   sepol_policydb_t * policydb,
+			   int usepasswd)
 {
 	genhomedircon_settings_t s;
 	FILE *out = NULL;
@@ -725,6 +781,7 @@
 
 	s.usepasswd = usepasswd;
 	s.h_semanage = sh;
+	s.policydb = policydb;
 
 	if (!(out = fopen(s.fcfilepath, "w"))) {
 		/* couldn't open output file */
Index: libsemanage/src/genhomedircon.h
===================================================================
--- libsemanage/src/genhomedircon.h	(revision 2587)
+++ libsemanage/src/genhomedircon.h	(working copy)
@@ -22,6 +22,7 @@
 
 #include "utilities.h"
 
-int semanage_genhomedircon(semanage_handle_t * sh, int usepasswd);
+int semanage_genhomedircon(semanage_handle_t * sh,
+			   sepol_policydb_t * policydb, int usepasswd);
 
 #endif
Index: libsemanage/src/direct_api.c
===================================================================
--- libsemanage/src/direct_api.c	(revision 2587)
+++ libsemanage/src/direct_api.c	(working copy)
@@ -702,7 +702,7 @@
 		goto cleanup;
 
 	if (sh->do_rebuild || modified) {
-		retval = semanage_install_sandbox(sh);
+		retval = semanage_install_sandbox(sh, out);
 	}
 
       cleanup:
Index: libsemanage/src/semanage_store.c
===================================================================
--- libsemanage/src/semanage_store.c	(revision 2587)
+++ libsemanage/src/semanage_store.c	(working copy)
@@ -1279,7 +1279,8 @@
  * should be placed within a mutex lock to ensure that it runs
  * atomically.	Returns commit number on success, -1 on error.
  */
-int semanage_install_sandbox(semanage_handle_t * sh)
+int semanage_install_sandbox(semanage_handle_t * sh,
+			     sepol_policydb_t * policydb)
 {
 	int retval = -1, commit_num = -1;
 
@@ -1294,7 +1295,7 @@
 	}
 	if (!sh->conf->disable_genhomedircon) {
 		if ((retval =
-		     semanage_genhomedircon(sh, TRUE)) != 0) {
+		     semanage_genhomedircon(sh, policydb, TRUE)) != 0) {
 			ERR(sh, "semanage_genhomedircon returned error code %d.",
 			    retval);
 			goto cleanup;
Index: libsemanage/src/semanage_store.h
===================================================================
--- libsemanage/src/semanage_store.h	(revision 2587)
+++ libsemanage/src/semanage_store.h	(working copy)
@@ -83,8 +83,6 @@
 int semanage_get_modules_names(semanage_handle_t * sh,
 			       char ***filenames, int *len);
 
-int semanage_install_sandbox(semanage_handle_t * sh);
-
 /* lock file routines */
 int semanage_get_trans_lock(semanage_handle_t * sh);
 int semanage_get_active_lock(semanage_handle_t * sh);
@@ -102,7 +100,8 @@
 int semanage_write_policydb(semanage_handle_t * sh,
 			    sepol_policydb_t * policydb);
 
-int semanage_install_sandbox(semanage_handle_t * sh);
+int semanage_install_sandbox(semanage_handle_t * sh,
+			     sepol_policydb_t * policydb);
 
 int semanage_verify_modules(semanage_handle_t * sh,
 			    char **module_filenames, int num_modules);

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: I am concerned about putting genhomedircon changesinlibsemanage into Fedora 8.

[Daniel J Walsh]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

That change works for me.


xguest looks like it has only its valid contexts and they all seem to be
there.

Differences that I see, between genhomedircon script and new way of
doing it are.

  diff /tmp/xguest.old /tmp/xguest.new
27a28,29
> /tmp/gconfd-twalsh    -d      xguest_u:object_r:xguest_tmp_t:s0
> /tmp/gconfd-xguest    -d      xguest_u:object_r:xguest_tmp_t:s0


Looks like the old way did not pick up /tmp contexts.

/root was labeled system_u the old way and user_u the new way.



But
/usr/sbin/semanage login -m -s guest_u __default__

Is causing a segfault in genhomedircon line 627
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFG+sz4rlYvE4MpobMRArnwAJ4qsMrDubqqc+H0xEd12mmA/vmzSACgs8WM
GiEUGaXIbHE6h6B4cZJ4K5s=
=0BW0
-----END PGP SIGNATURE-----

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: I am concerned about putting genhomedircon changesinlibsemanage into Fedora 8.

[Todd Miller]

I see the issue, getpwnam_r() has surprising semantics when a user is not found.  I'll have a fix for that tomorrow AM.

 - todd


-----Original Message-----

But
/usr/sbin/semanage login -m -s guest_u __default__

Is causing a segfault in genhomedircon line 627


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: I am concerned about putting genhomedircon changesinlibsemanage into Fedora 8.

[Daniel J Walsh]

[-- Attachment #1: Type: text/plain, Size: 1021 bytes --]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Todd Miller wrote:
> I see the issue, getpwnam_r() has surprising semantics when a user is not found.  I'll have a fix for that tomorrow AM.
> 
>  - todd
> 
> 
> -----Original Message-----
> 
> But
> /usr/sbin/semanage login -m -s guest_u __default__
> 
> Is causing a segfault in genhomedircon line 627
Already have it.

This is a repatch off of libsemanage-2.0.9

It should include your stuff plus it gets the fallback_user by looking
up the __default__ login record.

That way if I change the __default__ record to use xguest_u, it will
build all user accounts with this context.

getpwnam_r returns 0 even if an account does not exist.

So you need to check the pointer.

A couple of other translation problems also.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFG+whdrlYvE4MpobMRAlR1AKDo9/UsBwEpuVTITZ3TNGPcJUzj3wCfQuqi
3sJtxxIok2gVI0olG85lAnM=
=1n+T
-----END PGP SIGNATURE-----

[-- Attachment #2: libsemanage-rhat.patch --]
[-- Type: text/x-patch, Size: 15793 bytes --]

diff --exclude-from=exclude -N -u -r nsalibsemanage/include/semanage/handle.h libsemanage-2.0.9/include/semanage/handle.h
--- nsalibsemanage/include/semanage/handle.h	2007-08-20 19:15:36.000000000 -0400
+++ libsemanage-2.0.9/include/semanage/handle.h	2007-09-26 19:49:09.000000000 -0400
@@ -69,6 +69,10 @@
  * 1 for yes, 0 for no (default) */
 void semanage_set_create_store(semanage_handle_t * handle, int create_store);
 
+/* set whether to generate homedir file context
+ * 1 for yes (default), 0 for no */
+void semanage_set_rebuild_file_context(semanage_handle_t * handle, int do_rebuild_file_context);
+
 /* Set whether or not to disable dontaudits upon commit */
 void semanage_set_disable_dontaudit(semanage_handle_t * handle, int disable_dontaudit);
 
diff --exclude-from=exclude -N -u -r nsalibsemanage/Makefile libsemanage-2.0.9/Makefile
--- nsalibsemanage/Makefile	2007-07-16 14:20:39.000000000 -0400
+++ libsemanage-2.0.9/Makefile	2007-09-26 19:49:09.000000000 -0400
@@ -1,6 +1,9 @@
 all: 
 	$(MAKE) -C src all
 
+swigify: 
+	$(MAKE) -C src swigify
+
 pywrap: 
 	$(MAKE) -C src pywrap
 
diff --exclude-from=exclude -N -u -r nsalibsemanage/src/direct_api.c libsemanage-2.0.9/src/direct_api.c
--- nsalibsemanage/src/direct_api.c	2007-09-26 19:37:44.000000000 -0400
+++ libsemanage-2.0.9/src/direct_api.c	2007-09-26 19:49:09.000000000 -0400
@@ -702,7 +702,7 @@
 		goto cleanup;
 
 	if (sh->do_rebuild || modified) {
-		retval = semanage_install_sandbox(sh);
+		retval = semanage_install_sandbox(sh, out);
 	}
 
       cleanup:
diff --exclude-from=exclude -N -u -r nsalibsemanage/src/genhomedircon.c libsemanage-2.0.9/src/genhomedircon.c
--- nsalibsemanage/src/genhomedircon.c	2007-09-13 08:21:11.000000000 -0400
+++ libsemanage-2.0.9/src/genhomedircon.c	2007-09-26 19:49:09.000000000 -0400
@@ -1,5 +1,6 @@
-/* Author: Mark Goldman   <mgoldman@tresys.com>
- * 			Paul Rosenfeld	<prosenfeld@tresys.com>
+/* Author: Mark Goldman	  <mgoldman@tresys.com>
+ * 	   Paul Rosenfeld <prosenfeld@tresys.com>
+ * 	   Todd C. Miller <tmiller@tresys.com>
  *
  * Copyright (C) 2007 Tresys Technology, LLC
  *
@@ -23,6 +24,8 @@
 #include <semanage/seusers_policy.h>
 #include <semanage/users_policy.h>
 #include <semanage/user_record.h>
+#include <sepol/context.h>
+#include <sepol/context_record.h>
 #include "semanage_store.h"
 #include "seuser_internal.h"
 #include "debug.h"
@@ -80,6 +83,7 @@
 	int usepasswd;
 	const char *homedir_template_path;
 	semanage_handle_t *h_semanage;
+	sepol_policydb_t *policydb;
 } genhomedircon_settings_t;
 
 typedef struct user_entry {
@@ -352,9 +356,48 @@
 	return retval;
 }
 
-static int write_home_dir_context(FILE * out, semanage_list_t * tpl,
-				  const char *user, const char *seuser,
-				  const char *home, const char *role_prefix)
+static const char * extract_context(Ustr *line)
+{
+	const char whitespace[] = " \t\n";
+	size_t off, len;
+
+	/* check for trailing whitespace */
+	off = ustr_spn_chrs_rev(line, 0, whitespace, strlen(whitespace));
+
+	/* find the length of the last field in line */
+	len = ustr_cspn_chrs_rev(line, off, whitespace, strlen(whitespace));
+
+	if (len == 0)
+		return NULL;
+	return ustr_cstr(line) + ustr_len(line) - (len + off);
+}
+
+static int check_line(genhomedircon_settings_t * s, Ustr *line)
+{
+	sepol_context_t *ctx_record = NULL;
+	const char *ctx_str;
+	int result;
+
+	ctx_str = extract_context(line);
+	if (!ctx_str)
+		return STATUS_ERR;
+
+	result = sepol_context_from_string(s->h_semanage->sepolh,
+					   ctx_str, &ctx_record);
+	if (result == STATUS_SUCCESS && ctx_record != NULL) {
+		sepol_msg_set_callback(s->h_semanage->sepolh, NULL, NULL);
+		result = sepol_context_check(s->h_semanage->sepolh,
+					     s->policydb, ctx_record);
+		sepol_msg_set_callback(s->h_semanage->sepolh, semanage_msg_relay_handler, NULL);		
+		sepol_context_free(ctx_record);
+	}
+	return result;
+}
+
+static int write_home_dir_context(genhomedircon_settings_t * s, FILE * out,
+				  semanage_list_t * tpl, const char *user,
+				  const char *seuser, const char *home,
+				  const char *role_prefix)
 {
 	replacement_pair_t repl[] = {
 		{.search_for = TEMPLATE_SEUSER,.replace_with = seuser},
@@ -369,8 +412,12 @@
 
 	for (; tpl; tpl = tpl->next) {
 		line = replace_all(tpl->data, repl);
-		if (!line || !ustr_io_putfileline(&line, out))
+		if (!line)
 			goto fail;
+		if (check_line(s, line) == STATUS_SUCCESS) {
+			if (!ustr_io_putfileline(&line, out))
+				goto fail;
+		}
 		ustr_sc_free(&line);
 	}
 	return STATUS_SUCCESS;
@@ -380,8 +427,8 @@
 	return STATUS_ERR;
 }
 
-static int write_home_root_context(FILE * out, semanage_list_t * tpl,
-				   char *homedir)
+static int write_home_root_context(genhomedircon_settings_t * s, FILE * out,
+				   semanage_list_t * tpl, char *homedir)
 {
 	replacement_pair_t repl[] = {
 		{.search_for = TEMPLATE_HOME_ROOT,.replace_with = homedir},
@@ -391,8 +438,12 @@
 
 	for (; tpl; tpl = tpl->next) {
 		line = replace_all(tpl->data, repl);
-		if (!line || !ustr_io_putfileline(&line, out))
+		if (!line)
 			goto fail;
+		if (check_line(s, line) == STATUS_SUCCESS) {
+			if (!ustr_io_putfileline(&line, out))
+				goto fail;
+		}
 		ustr_sc_free(&line);
 	}
 	return STATUS_SUCCESS;
@@ -402,7 +453,8 @@
 	return STATUS_ERR;
 }
 
-static int write_user_context(FILE * out, semanage_list_t * tpl, char *user,
+static int write_user_context(genhomedircon_settings_t * s, FILE * out,
+			      semanage_list_t * tpl, char *user,
 			      char *seuser, char *role_prefix)
 {
 	replacement_pair_t repl[] = {
@@ -415,8 +467,12 @@
 
 	for (; tpl; tpl = tpl->next) {
 		line = replace_all(tpl->data, repl);
-		if (!line || !ustr_io_putfileline(&line, out))
+		if (!line)
 			goto fail;
+		if (check_line(s, line) == STATUS_SUCCESS) {
+			if (!ustr_io_putfileline(&line, out))
+				goto fail;
+		}
 		ustr_sc_free(&line);
 	}
 	return STATUS_SUCCESS;
@@ -496,6 +552,32 @@
 	free(temp);
 }
 
+static char *global_fallback_user=NULL;
+static char *global_fallback_user_prefix=NULL;
+
+static int set_fallback_user(const char *user, const char *prefix) {
+	free(global_fallback_user);
+	free(global_fallback_user_prefix);
+	global_fallback_user = strdup(user);
+	global_fallback_user_prefix = strdup(prefix);
+	if (!global_fallback_user || !global_fallback_user_prefix)
+		return -1;
+	return 0;
+}
+
+static char *get_fallback_user(void) {
+	return global_fallback_user;
+}
+
+static char *get_fallback_user_prefix(void) {
+	return global_fallback_user_prefix;
+}
+
+static void free_fallback_user(void) {
+	free(global_fallback_user);
+	free(global_fallback_user_prefix);
+}
+
 static genhomedircon_user_entry_t *get_users(genhomedircon_settings_t * s,
 					     int *errors)
 {
@@ -538,13 +620,39 @@
 
 	for (i = 0; i < nseusers; i++) {
 		name = semanage_seuser_get_name(seuser_list[i]);
+		if (strcmp(name, DEFAULT_LOGIN) == 0) {
+			seuname = semanage_seuser_get_sename(seuser_list[i]);
+
+			/* find the user structure given the name */
+			u = bsearch(seuname, user_list, nusers, sizeof(semanage_user_t *),
+				    (int (*)(const void *, const void *))
+				    &name_user_cmp);
+			if (u) {
+				prefix = semanage_user_get_prefix(*u);
+			} else {
+				prefix = name;
+			}
+
+			if (set_fallback_user(seuname, prefix) != 0) {
+				*errors = STATUS_ERR;
+				goto cleanup;
+			}
+			break;
+		}
+	}
+	char *fallback_user = get_fallback_user();
+			
+	for (i = 0; i < nseusers; i++) {
+		name = semanage_seuser_get_name(seuser_list[i]);
 		seuname = semanage_seuser_get_sename(seuser_list[i]);
 
-		if (strcmp(seuname, FALLBACK_USER) == 0)
+		if (strcmp(seuname, fallback_user) == 0)
 			continue;
-		if (strcmp(seuname, DEFAULT_LOGIN) == 0)
+
+		if (strcmp(name, DEFAULT_LOGIN) == 0)
 			continue;
-		if (strcmp(seuname, TEMPLATE_SEUSER) == 0)
+		
+		if (strcmp(name, TEMPLATE_SEUSER) == 0)
 			continue;
 
 		/* find the user structure given the name */
@@ -563,6 +671,9 @@
 				*errors = STATUS_ERR;
 				goto cleanup;
 			}
+		}
+
+		if (!pwent) {
 			WARN(s->h_semanage,
 			     "user %s not in password file", name);
 			continue;
@@ -602,7 +713,7 @@
 	return head;
 }
 
-static int write_gen_home_dir_context(FILE * out, genhomedircon_settings_t * s,
+static int write_gen_home_dir_context(genhomedircon_settings_t * s, FILE * out,
 				      semanage_list_t * user_context_tpl,
 				      semanage_list_t * homedir_context_tpl)
 {
@@ -615,13 +726,13 @@
 	}
 
 	for (; users; pop_user_entry(&users)) {
-		if (write_home_dir_context(out, homedir_context_tpl,
+		if (write_home_dir_context(s, out, homedir_context_tpl,
 					   users->name,
 					   users->sename, users->home,
 					   users->prefix)) {
 			return STATUS_ERR;
 		}
-		if (write_user_context(out, user_context_tpl, users->name,
+		if (write_user_context(s, out, user_context_tpl, users->name,
 				       users->sename, users->prefix)) {
 			return STATUS_ERR;
 		}
@@ -662,6 +773,14 @@
 		goto done;
 	}
 
+	if (write_gen_home_dir_context(s, out, user_context_tpl,
+				       homedir_context_tpl) != STATUS_SUCCESS) {
+		retval = STATUS_ERR;
+	}
+
+	char *fallback_user = get_fallback_user();
+	char *fallback_user_prefix = get_fallback_user_prefix();
+
 	for (h = homedirs; h; h = h->next) {
 		Ustr *temp = ustr_dup_cstr(h->data);
 
@@ -671,16 +790,16 @@
 			goto done;
 		}
 
-		if (write_home_dir_context(out,
-					   homedir_context_tpl, FALLBACK_USER,
-					   FALLBACK_USER, ustr_cstr(temp),
-					   FALLBACK_USER_PREFIX) !=
+		if (write_home_dir_context(s, out,
+					   homedir_context_tpl, fallback_user,
+					   fallback_user, ustr_cstr(temp),
+					   fallback_user_prefix) !=
 		    STATUS_SUCCESS) {
 			ustr_sc_free(&temp);
 			retval = STATUS_ERR;
 			goto done;
 		}
-		if (write_home_root_context(out,
+		if (write_home_root_context(s, out,
 					    homeroot_context_tpl,
 					    h->data) != STATUS_SUCCESS) {
 			ustr_sc_free(&temp);
@@ -690,16 +809,12 @@
 
 		ustr_sc_free(&temp);
 	}
-	if (write_user_context(out, user_context_tpl,
-			       ".*", FALLBACK_USER,
-			       FALLBACK_USER_PREFIX) != STATUS_SUCCESS) {
+	if (write_user_context(s, out, user_context_tpl,
+			       ".*", fallback_user,
+			       fallback_user_prefix) != STATUS_SUCCESS) {
 		retval = STATUS_ERR;
 		goto done;
 	}
-	if (write_gen_home_dir_context(out, s, user_context_tpl,
-				       homedir_context_tpl) != STATUS_SUCCESS) {
-		retval = STATUS_ERR;
-	}
 
       done:
 	/* Cleanup */
@@ -711,7 +826,9 @@
 	return retval;
 }
 
-int semanage_genhomedircon(semanage_handle_t * sh, int usepasswd)
+int semanage_genhomedircon(semanage_handle_t * sh,
+			   sepol_policydb_t * policydb,
+			   int usepasswd)
 {
 	genhomedircon_settings_t s;
 	FILE *out = NULL;
@@ -719,12 +836,15 @@
 
 	assert(sh);
 
+	set_fallback_user(FALLBACK_USER, FALLBACK_USER_PREFIX);
+
 	s.homedir_template_path =
 	    semanage_path(SEMANAGE_TMP, SEMANAGE_HOMEDIR_TMPL);
 	s.fcfilepath = semanage_path(SEMANAGE_TMP, SEMANAGE_FC_HOMEDIRS);
 
 	s.usepasswd = usepasswd;
 	s.h_semanage = sh;
+	s.policydb = policydb;
 
 	if (!(out = fopen(s.fcfilepath, "w"))) {
 		/* couldn't open output file */
@@ -735,5 +855,8 @@
 	retval = write_context_file(&s, out);
 
 	fclose(out);
+
+	free_fallback_user();
+
 	return retval;
 }
diff --exclude-from=exclude -N -u -r nsalibsemanage/src/genhomedircon.h libsemanage-2.0.9/src/genhomedircon.h
--- nsalibsemanage/src/genhomedircon.h	2007-08-23 16:52:25.000000000 -0400
+++ libsemanage-2.0.9/src/genhomedircon.h	2007-09-26 19:49:09.000000000 -0400
@@ -22,6 +22,7 @@
 
 #include "utilities.h"
 
-int semanage_genhomedircon(semanage_handle_t * sh, int usepasswd);
+int semanage_genhomedircon(semanage_handle_t * sh,
+			   sepol_policydb_t * policydb, int usepasswd);
 
 #endif
diff --exclude-from=exclude -N -u -r nsalibsemanage/src/handle.c libsemanage-2.0.9/src/handle.c
--- nsalibsemanage/src/handle.c	2007-08-20 19:15:37.000000000 -0400
+++ libsemanage-2.0.9/src/handle.c	2007-09-26 19:49:09.000000000 -0400
@@ -68,6 +68,7 @@
 	/* By default do not create store */
 	sh->create_store = 0;
 
+	sh->do_rebuild_file_context = 1;
 	/* Set timeout: some default value for now, later use config */
 	sh->timeout = SEMANAGE_COMMIT_READ_WAIT;
 
@@ -100,6 +101,15 @@
 	return;
 }
 
+void semanage_set_rebuild_file_context(semanage_handle_t * sh, int do_rebuild_file_context)
+{
+
+	assert(sh != NULL);
+
+	sh->do_rebuild_file_context = do_rebuild_file_context;
+	return;
+}
+
 void semanage_set_create_store(semanage_handle_t * sh, int create_store)
 {
 
diff --exclude-from=exclude -N -u -r nsalibsemanage/src/handle.h libsemanage-2.0.9/src/handle.h
--- nsalibsemanage/src/handle.h	2007-07-16 14:20:38.000000000 -0400
+++ libsemanage-2.0.9/src/handle.h	2007-09-26 19:49:09.000000000 -0400
@@ -58,6 +58,7 @@
 	int is_connected;
 	int is_in_transaction;
 	int do_reload;		/* whether to reload policy after commit */
+	int do_rebuild_file_context;	/* whether to generate homedircontext */
 	int do_rebuild;		/* whether to rebuild policy if there were no changes */
 	int modules_modified;
 	int create_store;	/* whether to create the store if it does not exist
diff --exclude-from=exclude -N -u -r nsalibsemanage/src/libsemanage.map libsemanage-2.0.9/src/libsemanage.map
--- nsalibsemanage/src/libsemanage.map	2007-08-20 19:15:37.000000000 -0400
+++ libsemanage-2.0.9/src/libsemanage.map	2007-09-26 19:49:09.000000000 -0400
@@ -9,6 +9,7 @@
 	  semanage_module_list_nth; semanage_module_get_name;
 	  semanage_module_get_version; semanage_select_store;
 	  semanage_reload_policy; semanage_set_reload; semanage_set_rebuild;
+	  semanage_set_rebuild_file_context;
 	  semanage_user_*; semanage_bool_*; semanage_seuser_*;
 	  semanage_iface_*; semanage_port_*; semanage_context_*;
 	  semanage_node_*;
diff --exclude-from=exclude -N -u -r nsalibsemanage/src/semanage_store.c libsemanage-2.0.9/src/semanage_store.c
--- nsalibsemanage/src/semanage_store.c	2007-09-26 19:37:44.000000000 -0400
+++ libsemanage-2.0.9/src/semanage_store.c	2007-09-26 19:49:09.000000000 -0400
@@ -1148,7 +1148,7 @@
 
       skip_reload:
 
-	if ((r =
+	if (sh->do_rebuild_file_context && (r =
 	     semanage_exec_prog(sh, sh->conf->setfiles, store_pol,
 				store_fc)) != 0) {
 		ERR(sh, "setfiles returned error code %d.", r);
@@ -1279,7 +1279,8 @@
  * should be placed within a mutex lock to ensure that it runs
  * atomically.	Returns commit number on success, -1 on error.
  */
-int semanage_install_sandbox(semanage_handle_t * sh)
+int semanage_install_sandbox(semanage_handle_t * sh,
+			     sepol_policydb_t * policydb)
 {
 	int retval = -1, commit_num = -1;
 
@@ -1294,7 +1295,7 @@
 	}
 	if (!sh->conf->disable_genhomedircon) {
 		if ((retval =
-		     semanage_genhomedircon(sh, TRUE)) != 0) {
+		     semanage_genhomedircon(sh, policydb, TRUE)) != 0) {
 			ERR(sh, "semanage_genhomedircon returned error code %d.",
 			    retval);
 			goto cleanup;
diff --exclude-from=exclude -N -u -r nsalibsemanage/src/semanage_store.h libsemanage-2.0.9/src/semanage_store.h
--- nsalibsemanage/src/semanage_store.h	2007-08-23 16:52:25.000000000 -0400
+++ libsemanage-2.0.9/src/semanage_store.h	2007-09-26 20:10:59.000000000 -0400
@@ -83,8 +83,6 @@
 int semanage_get_modules_names(semanage_handle_t * sh,
 			       char ***filenames, int *len);
 
-int semanage_install_sandbox(semanage_handle_t * sh);
-
 /* lock file routines */
 int semanage_get_trans_lock(semanage_handle_t * sh);
 int semanage_get_active_lock(semanage_handle_t * sh);
@@ -102,7 +100,8 @@
 int semanage_write_policydb(semanage_handle_t * sh,
 			    sepol_policydb_t * policydb);
 
-int semanage_install_sandbox(semanage_handle_t * sh);
+int semanage_install_sandbox(semanage_handle_t * sh,
+			     sepol_policydb_t * policydb);
 
 int semanage_verify_modules(semanage_handle_t * sh,
 			    char **module_filenames, int num_modules);

[-- Attachment #3: libsemanage-rhat.patch.sig --]
[-- Type: application/octet-stream, Size: 65 bytes --]

Re: I am concerned about putting genhomedircon changesinlibsemanage into Fedora 8.

[Stephen Smalley]

On Wed, 2007-09-26 at 21:34 -0400, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Todd Miller wrote:
> > I see the issue, getpwnam_r() has surprising semantics when a user is not found.  I'll have a fix for that tomorrow AM.
> > 
> >  - todd
> > 
> > 
> > -----Original Message-----
> > 
> > But
> > /usr/sbin/semanage login -m -s guest_u __default__
> > 
> > Is causing a segfault in genhomedircon line 627
> Already have it.
> 
> This is a repatch off of libsemanage-2.0.9
> 
> It should include your stuff plus it gets the fallback_user by looking
> up the __default__ login record.
> 
> That way if I change the __default__ record to use xguest_u, it will
> build all user accounts with this context.
> 
> getpwnam_r returns 0 even if an account does not exist.
> 
> So you need to check the pointer.
> 
> A couple of other translation problems also.
> 
> 

diff --exclude-from=exclude -N -u -r nsalibsemanage/include/semanage/handle.h libsemanage-2.0.9/include/semanage/handle.h
--- nsalibsemanage/include/semanage/handle.h	2007-08-20 19:15:36.000000000 -0400
+++ libsemanage-2.0.9/include/semanage/handle.h	2007-09-26 19:49:09.000000000 -0400
@@ -69,6 +69,10 @@
  * 1 for yes, 0 for no (default) */
 void semanage_set_create_store(semanage_handle_t * handle, int create_store);
 
+/* set whether to generate homedir file context
+ * 1 for yes (default), 0 for no */
+void semanage_set_rebuild_file_context(semanage_handle_t * handle, int do_rebuild_file_context);

There was some discussion of whether we could avoid exposing this kind
of interface to the callers and let libsemanage figure it out internally
instead.  In any event, this change can be separated out as a distinct
logical change.

diff --exclude-from=exclude -N -u -r nsalibsemanage/src/genhomedircon.c libsemanage-2.0.9/src/genhomedircon.c
--- nsalibsemanage/src/genhomedircon.c	2007-09-13 08:21:11.000000000 -0400
+++ libsemanage-2.0.9/src/genhomedircon.c	2007-09-26 19:49:09.000000000 -0400
<snip>
+static int check_line(genhomedircon_settings_t * s, Ustr *line)
+{
+	sepol_context_t *ctx_record = NULL;
+	const char *ctx_str;
+	int result;
+
+	ctx_str = extract_context(line);
+	if (!ctx_str)
+		return STATUS_ERR;
+
+	result = sepol_context_from_string(s->h_semanage->sepolh,
+					   ctx_str, &ctx_record);
+	if (result == STATUS_SUCCESS && ctx_record != NULL) {
+		sepol_msg_set_callback(s->h_semanage->sepolh, NULL, NULL);
+		result = sepol_context_check(s->h_semanage->sepolh,
+					     s->policydb, ctx_record);
+		sepol_msg_set_callback(s->h_semanage->sepolh, semanage_msg_relay_handler, NULL);

Mea culpa - the last argument needs to be s->h_semanage rather than NULL in the above call,
or we'll seg fault on subsequent error messages.
		
@@ -415,8 +467,12 @@
 
 	for (; tpl; tpl = tpl->next) {
 		line = replace_all(tpl->data, repl);
-		if (!line || !ustr_io_putfileline(&line, out))
+		if (!line)
 			goto fail;
+		if (check_line(s, line) == STATUS_SUCCESS) {
+			if (!ustr_io_putfileline(&line, out))
+				goto fail;
+		}
 		ustr_sc_free(&line);
 	}
 	return STATUS_SUCCESS;
@@ -496,6 +552,32 @@
 	free(temp);
 }
 
+static char *global_fallback_user=NULL;
+static char *global_fallback_user_prefix=NULL;

Rather than being static variables, these should likely be fields in the genhomedircon_settings
structure.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: I am concerned about putting genhomedircon changesinlibsemanage into Fedora 8.

[Joshua Brindle]

Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Todd Miller wrote:
>> I see the issue, getpwnam_r() has surprising semantics when a user is not found.  I'll have a fix for that tomorrow AM.
>>
>>  - todd
>>
>>
>> -----Original Message-----
>>
>> But
>> /usr/sbin/semanage login -m -s guest_u __default__
>>
>> Is causing a segfault in genhomedircon line 627
> Already have it.
> 
> This is a repatch off of libsemanage-2.0.9
> 
> It should include your stuff plus it gets the fallback_user by looking
> up the __default__ login record.
> 
> That way if I change the __default__ record to use xguest_u, it will
> build all user accounts with this context.
> 
> getpwnam_r returns 0 even if an account does not exist.
> 
> So you need to check the pointer.
> 
> A couple of other translation problems also.
> 

Please inline patches and separate different changes out (eg., swigify 
makefile changes have nothing to do with this).


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: I am concerned about putting genhomedircon changesinlibsemanage into Fedora 8.

[Todd C. Miller]

Daniel J Walsh wrote:

> Already have it.
> 
> This is a repatch off of libsemanage-2.0.9
> 
> It should include your stuff plus it gets the fallback_user by looking
> up the __default__ login record.
> 
> That way if I change the __default__ record to use xguest_u, it will
> build all user accounts with this context.
> 
> getpwnam_r returns 0 even if an account does not exist.
> 
> So you need to check the pointer.
> 
> A couple of other translation problems also.

Unfortunately, the return values for getpwnam_r() and getpwent_r()
are inconsistent.  While getpwnam_r() returns 0 when the user does
not exist, getpwent_r() returns ENOENT.  I decided to deal with
both semantics in the same way so if they are every brought into
line the code will still do the right thing.

I made similar fixes to yours for the seuser vs. user mismatches.
A merge of your diff and mine follows.  I added some error condition
fixes and made the style more consistent.

 - todd

Index: libsemanage/include/semanage/handle.h
===================================================================
--- libsemanage/include/semanage/handle.h	(revision 2587)
+++ libsemanage/include/semanage/handle.h	(working copy)
@@ -69,6 +69,10 @@
  * 1 for yes, 0 for no (default) */
 void semanage_set_create_store(semanage_handle_t * handle, int create_store);
 
+/* set whether to generate homedir file context
+ * 1 for yes (default), 0 for no */
+void semanage_set_rebuild_file_context(semanage_handle_t * handle, int do_rebuild_file_context);
+
 /* Set whether or not to disable dontaudits upon commit */
 void semanage_set_disable_dontaudit(semanage_handle_t * handle, int disable_dontaudit);
 
Index: libsemanage/src/handle.h
===================================================================
--- libsemanage/src/handle.h	(revision 2587)
+++ libsemanage/src/handle.h	(working copy)
@@ -58,6 +58,7 @@
 	int is_connected;
 	int is_in_transaction;
 	int do_reload;		/* whether to reload policy after commit */
+	int do_rebuild_file_context;	/* whether to generate homedircontext */
 	int do_rebuild;		/* whether to rebuild policy if there were no changes */
 	int modules_modified;
 	int create_store;	/* whether to create the store if it does not exist
Index: libsemanage/src/libsemanage.map
===================================================================
--- libsemanage/src/libsemanage.map	(revision 2587)
+++ libsemanage/src/libsemanage.map	(working copy)
@@ -9,6 +9,7 @@
 	  semanage_module_list_nth; semanage_module_get_name;
 	  semanage_module_get_version; semanage_select_store;
 	  semanage_reload_policy; semanage_set_reload; semanage_set_rebuild;
+	  semanage_set_rebuild_file_context;
 	  semanage_user_*; semanage_bool_*; semanage_seuser_*;
 	  semanage_iface_*; semanage_port_*; semanage_context_*;
 	  semanage_node_*;
Index: libsemanage/src/genhomedircon.c
===================================================================
--- libsemanage/src/genhomedircon.c	(revision 2587)
+++ libsemanage/src/genhomedircon.c	(working copy)
@@ -1,5 +1,6 @@
-/* Author: Mark Goldman   <mgoldman@tresys.com>
- * 			Paul Rosenfeld	<prosenfeld@tresys.com>
+/* Author: Mark Goldman	  <mgoldman@tresys.com>
+ * 	   Paul Rosenfeld <prosenfeld@tresys.com>
+ * 	   Todd C. Miller <tmiller@tresys.com>
  *
  * Copyright (C) 2007 Tresys Technology, LLC
  *
@@ -23,6 +24,8 @@
 #include <semanage/seusers_policy.h>
 #include <semanage/users_policy.h>
 #include <semanage/user_record.h>
+#include <sepol/context.h>
+#include <sepol/context_record.h>
 #include "semanage_store.h"
 #include "seuser_internal.h"
 #include "debug.h"
@@ -80,6 +83,7 @@
 	int usepasswd;
 	const char *homedir_template_path;
 	semanage_handle_t *h_semanage;
+	sepol_policydb_t *policydb;
 } genhomedircon_settings_t;
 
 typedef struct user_entry {
@@ -154,6 +158,7 @@
 	size_t temp;
 	struct passwd pwstorage, *pwbuf;
 	struct stat buf;
+	int retval;
 
 	shells = get_shell_list();
 	assert(shells);
@@ -225,7 +230,7 @@
 	if (rbuf == NULL)
 		goto fail;
 	setpwent();
-	for (errno = 0; getpwent_r(&pwstorage, rbuf, rbuflen, &pwbuf) == 0; errno = 0) {
+	while ((retval = getpwent_r(&pwstorage, rbuf, rbuflen, &pwbuf)) == 0) {
 		if (pwbuf->pw_uid < minuid)
 			continue;
 		if (!semanage_list_find(shells, pwbuf->pw_shell))
@@ -248,7 +253,7 @@
 		free(path);
 	}
 
-	if (errno) {
+	if (retval && retval != ENOENT) {
 		WARN(s->h_semanage, "Error while fetching users.  "
 		     "Returning list so far.");
 	}
@@ -352,10 +357,50 @@
 	return retval;
 }
 
-static int write_home_dir_context(FILE * out, semanage_list_t * tpl,
-				  const char *user, const char *seuser,
-				  const char *home, const char *role_prefix)
+static const char * extract_context(Ustr *line)
 {
+	const char whitespace[] = " \t\n";
+	size_t off, len;
+
+	/* check for trailing whitespace */
+	off = ustr_spn_chrs_rev(line, 0, whitespace, strlen(whitespace));
+
+	/* find the length of the last field in line */
+	len = ustr_cspn_chrs_rev(line, off, whitespace, strlen(whitespace));
+
+	if (len == 0)
+		return NULL;
+	return ustr_cstr(line) + ustr_len(line) - (len + off);
+}
+
+static int check_line(genhomedircon_settings_t * s, Ustr *line)
+{
+	sepol_context_t *ctx_record = NULL;
+	const char *ctx_str;
+	int result;
+
+	ctx_str = extract_context(line);
+	if (!ctx_str)
+		return STATUS_ERR;
+
+	result = sepol_context_from_string(s->h_semanage->sepolh,
+					   ctx_str, &ctx_record);
+	if (result == STATUS_SUCCESS && ctx_record != NULL) {
+		sepol_msg_set_callback(s->h_semanage->sepolh, NULL, NULL);
+		result = sepol_context_check(s->h_semanage->sepolh,
+					     s->policydb, ctx_record);
+		sepol_msg_set_callback(s->h_semanage->sepolh,
+				       semanage_msg_relay_handler, NULL);
+		sepol_context_free(ctx_record);
+	}
+	return result;
+}
+
+static int write_home_dir_context(genhomedircon_settings_t * s, FILE * out,
+				  semanage_list_t * tpl, const char *user,
+				  const char *seuser, const char *home,
+				  const char *role_prefix)
+{
 	replacement_pair_t repl[] = {
 		{.search_for = TEMPLATE_SEUSER,.replace_with = seuser},
 		{.search_for = TEMPLATE_HOME_DIR,.replace_with = home},
@@ -369,8 +414,12 @@
 
 	for (; tpl; tpl = tpl->next) {
 		line = replace_all(tpl->data, repl);
-		if (!line || !ustr_io_putfileline(&line, out))
+		if (!line)
 			goto fail;
+		if (check_line(s, line) == STATUS_SUCCESS) {
+			if (!ustr_io_putfileline(&line, out))
+				goto fail;
+		}
 		ustr_sc_free(&line);
 	}
 	return STATUS_SUCCESS;
@@ -380,8 +429,8 @@
 	return STATUS_ERR;
 }
 
-static int write_home_root_context(FILE * out, semanage_list_t * tpl,
-				   char *homedir)
+static int write_home_root_context(genhomedircon_settings_t * s, FILE * out,
+				   semanage_list_t * tpl, char *homedir)
 {
 	replacement_pair_t repl[] = {
 		{.search_for = TEMPLATE_HOME_ROOT,.replace_with = homedir},
@@ -391,8 +440,12 @@
 
 	for (; tpl; tpl = tpl->next) {
 		line = replace_all(tpl->data, repl);
-		if (!line || !ustr_io_putfileline(&line, out))
+		if (!line)
 			goto fail;
+		if (check_line(s, line) == STATUS_SUCCESS) {
+			if (!ustr_io_putfileline(&line, out))
+				goto fail;
+		}
 		ustr_sc_free(&line);
 	}
 	return STATUS_SUCCESS;
@@ -402,7 +455,8 @@
 	return STATUS_ERR;
 }
 
-static int write_user_context(FILE * out, semanage_list_t * tpl, char *user,
+static int write_user_context(genhomedircon_settings_t * s, FILE * out,
+			      semanage_list_t * tpl, char *user,
 			      char *seuser, char *role_prefix)
 {
 	replacement_pair_t repl[] = {
@@ -415,8 +469,12 @@
 
 	for (; tpl; tpl = tpl->next) {
 		line = replace_all(tpl->data, repl);
-		if (!line || !ustr_io_putfileline(&line, out))
+		if (!line)
 			goto fail;
+		if (check_line(s, line) == STATUS_SUCCESS) {
+			if (!ustr_io_putfileline(&line, out))
+				goto fail;
+		}
 		ustr_sc_free(&line);
 	}
 	return STATUS_SUCCESS;
@@ -496,6 +554,36 @@
 	free(temp);
 }
 
+static char *global_fallback_user;
+static char *global_fallback_user_prefix;
+
+static char *get_fallback_user(void)
+{
+	return global_fallback_user;
+}
+
+static char *get_fallback_user_prefix(void)
+{
+	return global_fallback_user_prefix;
+}
+
+static int set_fallback_user(const char *user, const char *prefix)
+{
+	free(global_fallback_user);
+	free(global_fallback_user_prefix);
+	global_fallback_user = strdup(user);
+	global_fallback_user_prefix = strdup(prefix);
+	if (!global_fallback_user || !global_fallback_user_prefix)
+		return -1;
+	return 0;
+}
+
+static void free_fallback_user(void)
+{
+	free(global_fallback_user);
+	free(global_fallback_user_prefix);
+}
+
 static genhomedircon_user_entry_t *get_users(genhomedircon_settings_t * s,
 					     int *errors)
 {
@@ -508,6 +596,7 @@
 	const char *name = NULL;
 	const char *seuname = NULL;
 	const char *prefix = NULL;
+	const char *fallback_user = NULL;
 	struct passwd pwstorage, *pwent = NULL;
 	unsigned int i;
 	long rbuflen;
@@ -538,13 +627,41 @@
 
 	for (i = 0; i < nseusers; i++) {
 		name = semanage_seuser_get_name(seuser_list[i]);
+		if (strcmp(name, DEFAULT_LOGIN) == 0) {
+			seuname = semanage_seuser_get_sename(seuser_list[i]);
+
+			/* find the user structure given the name */
+			u = bsearch(seuname, user_list, nusers,
+				    sizeof(semanage_user_t *),
+				    (int (*)(const void *, const void *))
+				    &name_user_cmp);
+			if (u) {
+				prefix = semanage_user_get_prefix(*u);
+			} else {
+				prefix = name;
+			}
+
+			if (set_fallback_user(seuname, prefix) != 0) {
+				*errors = STATUS_ERR;
+				goto cleanup;
+			}
+			break;
+		}
+	}
+			
+	fallback_user = get_fallback_user();
+	for (i = 0; i < nseusers; i++) {
 		seuname = semanage_seuser_get_sename(seuser_list[i]);
 
-		if (strcmp(seuname, FALLBACK_USER) == 0)
+		if (strcmp(seuname, fallback_user) == 0)
 			continue;
-		if (strcmp(seuname, DEFAULT_LOGIN) == 0)
+
+		name = semanage_seuser_get_name(seuser_list[i]);
+
+		if (strcmp(name, DEFAULT_LOGIN) == 0)
 			continue;
-		if (strcmp(seuname, TEMPLATE_SEUSER) == 0)
+		
+		if (strcmp(name, TEMPLATE_SEUSER) == 0)
 			continue;
 
 		/* find the user structure given the name */
@@ -557,12 +674,13 @@
 			prefix = name;
 		}
 
-		errno = 0;
-		if (getpwnam_r(name, &pwstorage, rbuf, rbuflen, &pwent) != 0) {
-			if (errno != 0) {
+		retval = getpwnam_r(name, &pwstorage, rbuf, rbuflen, &pwent);
+		if (retval != 0 || pwent == NULL) {
+			if (retval != 0 && retval != ENOENT) {
 				*errors = STATUS_ERR;
 				goto cleanup;
 			}
+
 			WARN(s->h_semanage,
 			     "user %s not in password file", name);
 			continue;
@@ -602,7 +720,7 @@
 	return head;
 }
 
-static int write_gen_home_dir_context(FILE * out, genhomedircon_settings_t * s,
+static int write_gen_home_dir_context(genhomedircon_settings_t * s, FILE * out,
 				      semanage_list_t * user_context_tpl,
 				      semanage_list_t * homedir_context_tpl)
 {
@@ -615,13 +733,13 @@
 	}
 
 	for (; users; pop_user_entry(&users)) {
-		if (write_home_dir_context(out, homedir_context_tpl,
+		if (write_home_dir_context(s, out, homedir_context_tpl,
 					   users->name,
 					   users->sename, users->home,
 					   users->prefix)) {
 			return STATUS_ERR;
 		}
-		if (write_user_context(out, user_context_tpl, users->name,
+		if (write_user_context(s, out, user_context_tpl, users->name,
 				       users->sename, users->prefix)) {
 			return STATUS_ERR;
 		}
@@ -642,6 +760,7 @@
 	semanage_list_t *user_context_tpl = NULL;
 	semanage_list_t *homedir_context_tpl = NULL;
 	semanage_list_t *homeroot_context_tpl = NULL;
+	char *fallback_user, *fallback_user_prefix;
 	int retval = STATUS_SUCCESS;
 
 	homedirs = get_home_dirs(s);
@@ -662,6 +781,15 @@
 		goto done;
 	}
 
+	if (write_gen_home_dir_context(s, out, user_context_tpl,
+				       homedir_context_tpl) != STATUS_SUCCESS) {
+		retval = STATUS_ERR;
+		goto done;
+	}
+
+	fallback_user = get_fallback_user();
+	fallback_user_prefix = get_fallback_user_prefix();
+
 	for (h = homedirs; h; h = h->next) {
 		Ustr *temp = ustr_dup_cstr(h->data);
 
@@ -671,16 +799,16 @@
 			goto done;
 		}
 
-		if (write_home_dir_context(out,
-					   homedir_context_tpl, FALLBACK_USER,
-					   FALLBACK_USER, ustr_cstr(temp),
-					   FALLBACK_USER_PREFIX) !=
+		if (write_home_dir_context(s, out,
+					   homedir_context_tpl, fallback_user,
+					   fallback_user, ustr_cstr(temp),
+					   fallback_user_prefix) !=
 		    STATUS_SUCCESS) {
 			ustr_sc_free(&temp);
 			retval = STATUS_ERR;
 			goto done;
 		}
-		if (write_home_root_context(out,
+		if (write_home_root_context(s, out,
 					    homeroot_context_tpl,
 					    h->data) != STATUS_SUCCESS) {
 			ustr_sc_free(&temp);
@@ -690,16 +818,12 @@
 
 		ustr_sc_free(&temp);
 	}
-	if (write_user_context(out, user_context_tpl,
-			       ".*", FALLBACK_USER,
-			       FALLBACK_USER_PREFIX) != STATUS_SUCCESS) {
+	if (write_user_context(s, out, user_context_tpl,
+			       ".*", fallback_user,
+			       fallback_user_prefix) != STATUS_SUCCESS) {
 		retval = STATUS_ERR;
 		goto done;
 	}
-	if (write_gen_home_dir_context(out, s, user_context_tpl,
-				       homedir_context_tpl) != STATUS_SUCCESS) {
-		retval = STATUS_ERR;
-	}
 
       done:
 	/* Cleanup */
@@ -711,7 +835,9 @@
 	return retval;
 }
 
-int semanage_genhomedircon(semanage_handle_t * sh, int usepasswd)
+int semanage_genhomedircon(semanage_handle_t * sh,
+			   sepol_policydb_t * policydb,
+			   int usepasswd)
 {
 	genhomedircon_settings_t s;
 	FILE *out = NULL;
@@ -719,12 +845,16 @@
 
 	assert(sh);
 
+	if (set_fallback_user(FALLBACK_USER, FALLBACK_USER_PREFIX) != 0)
+		return STATUS_ERR;
+
 	s.homedir_template_path =
 	    semanage_path(SEMANAGE_TMP, SEMANAGE_HOMEDIR_TMPL);
 	s.fcfilepath = semanage_path(SEMANAGE_TMP, SEMANAGE_FC_HOMEDIRS);
 
 	s.usepasswd = usepasswd;
 	s.h_semanage = sh;
+	s.policydb = policydb;
 
 	if (!(out = fopen(s.fcfilepath, "w"))) {
 		/* couldn't open output file */
@@ -735,5 +865,8 @@
 	retval = write_context_file(&s, out);
 
 	fclose(out);
+
+	free_fallback_user();
+
 	return retval;
 }
Index: libsemanage/src/genhomedircon.h
===================================================================
--- libsemanage/src/genhomedircon.h	(revision 2587)
+++ libsemanage/src/genhomedircon.h	(working copy)
@@ -22,6 +22,7 @@
 
 #include "utilities.h"
 
-int semanage_genhomedircon(semanage_handle_t * sh, int usepasswd);
+int semanage_genhomedircon(semanage_handle_t * sh,
+			   sepol_policydb_t * policydb, int usepasswd);
 
 #endif
Index: libsemanage/src/direct_api.c
===================================================================
--- libsemanage/src/direct_api.c	(revision 2587)
+++ libsemanage/src/direct_api.c	(working copy)
@@ -702,7 +702,7 @@
 		goto cleanup;
 
 	if (sh->do_rebuild || modified) {
-		retval = semanage_install_sandbox(sh);
+		retval = semanage_install_sandbox(sh, out);
 	}
 
       cleanup:
Index: libsemanage/src/semanage_store.c
===================================================================
--- libsemanage/src/semanage_store.c	(revision 2587)
+++ libsemanage/src/semanage_store.c	(working copy)
@@ -1148,7 +1148,7 @@
 
       skip_reload:
 
-	if ((r =
+	if (sh->do_rebuild_file_context && (r =
 	     semanage_exec_prog(sh, sh->conf->setfiles, store_pol,
 				store_fc)) != 0) {
 		ERR(sh, "setfiles returned error code %d.", r);
@@ -1279,7 +1279,8 @@
  * should be placed within a mutex lock to ensure that it runs
  * atomically.	Returns commit number on success, -1 on error.
  */
-int semanage_install_sandbox(semanage_handle_t * sh)
+int semanage_install_sandbox(semanage_handle_t * sh,
+			     sepol_policydb_t * policydb)
 {
 	int retval = -1, commit_num = -1;
 
@@ -1294,7 +1295,7 @@
 	}
 	if (!sh->conf->disable_genhomedircon) {
 		if ((retval =
-		     semanage_genhomedircon(sh, TRUE)) != 0) {
+		     semanage_genhomedircon(sh, policydb, TRUE)) != 0) {
 			ERR(sh, "semanage_genhomedircon returned error code %d.",
 			    retval);
 			goto cleanup;
Index: libsemanage/src/semanage_store.h
===================================================================
--- libsemanage/src/semanage_store.h	(revision 2587)
+++ libsemanage/src/semanage_store.h	(working copy)
@@ -83,8 +83,6 @@
 int semanage_get_modules_names(semanage_handle_t * sh,
 			       char ***filenames, int *len);
 
-int semanage_install_sandbox(semanage_handle_t * sh);
-
 /* lock file routines */
 int semanage_get_trans_lock(semanage_handle_t * sh);
 int semanage_get_active_lock(semanage_handle_t * sh);
@@ -102,7 +100,8 @@
 int semanage_write_policydb(semanage_handle_t * sh,
 			    sepol_policydb_t * policydb);
 
-int semanage_install_sandbox(semanage_handle_t * sh);
+int semanage_install_sandbox(semanage_handle_t * sh,
+			     sepol_policydb_t * policydb);
 
 int semanage_verify_modules(semanage_handle_t * sh,
 			    char **module_filenames, int num_modules);
Index: libsemanage/src/handle.c
===================================================================
--- libsemanage/src/handle.c	(revision 2587)
+++ libsemanage/src/handle.c	(working copy)
@@ -68,6 +68,9 @@
 	/* By default do not create store */
 	sh->create_store = 0;
 
+	/* Rebuild the file_contexts by default */
+	sh->do_rebuild_file_context = 1;
+
 	/* Set timeout: some default value for now, later use config */
 	sh->timeout = SEMANAGE_COMMIT_READ_WAIT;
 
@@ -100,6 +103,15 @@
 	return;
 }
 
+void semanage_set_rebuild_file_context(semanage_handle_t * sh, int do_rebuild_file_context)
+{
+
+	assert(sh != NULL);
+
+	sh->do_rebuild_file_context = do_rebuild_file_context;
+	return;
+}
+
 void semanage_set_create_store(semanage_handle_t * sh, int create_store)
 {
 
Index: libsemanage/Makefile
===================================================================
--- libsemanage/Makefile	(revision 2587)
+++ libsemanage/Makefile	(working copy)
@@ -1,6 +1,9 @@
 all: 
 	$(MAKE) -C src all
 
+swigify: 
+	$(MAKE) -C src swigify
+
 pywrap: 
 	$(MAKE) -C src pywrap
 

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: I am concerned about putting genhomedircon changesinlibsemanage into Fedora 8.

[Daniel J Walsh]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Looks good to me.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFG+9P7rlYvE4MpobMRAo4OAKDXNhcDMjVf/0u+fFtnYImC6vIxOgCgtjwq
C1RVGkz2aUjid6CW5Yiw+bQ=
=+z9d
-----END PGP SIGNATURE-----

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: I am concerned about putting genhomedircon changesinlibsemanage into Fedora 8.

[Stephen Smalley]

On Thu, 2007-09-27 at 10:46 -0400, Todd C. Miller wrote:
> Daniel J Walsh wrote:
> 
> > Already have it.
> > 
> > This is a repatch off of libsemanage-2.0.9
> > 
> > It should include your stuff plus it gets the fallback_user by looking
> > up the __default__ login record.
> > 
> > That way if I change the __default__ record to use xguest_u, it will
> > build all user accounts with this context.
> > 
> > getpwnam_r returns 0 even if an account does not exist.
> > 
> > So you need to check the pointer.
> > 
> > A couple of other translation problems also.
> 
> Unfortunately, the return values for getpwnam_r() and getpwent_r()
> are inconsistent.  While getpwnam_r() returns 0 when the user does
> not exist, getpwent_r() returns ENOENT.  I decided to deal with
> both semantics in the same way so if they are every brought into
> line the code will still do the right thing.
> 
> I made similar fixes to yours for the seuser vs. user mismatches.
> A merge of your diff and mine follows.  I added some error condition
> fixes and made the style more consistent.
> 
>  - todd
> 
> Index: libsemanage/include/semanage/handle.h
> ===================================================================
> --- libsemanage/include/semanage/handle.h	(revision 2587)
> +++ libsemanage/include/semanage/handle.h	(working copy)
> @@ -69,6 +69,10 @@
>   * 1 for yes, 0 for no (default) */
>  void semanage_set_create_store(semanage_handle_t * handle, int create_store);
>  
> +/* set whether to generate homedir file context
> + * 1 for yes (default), 0 for no */
> +void semanage_set_rebuild_file_context(semanage_handle_t * handle, int do_rebuild_file_context);

Did you mean to include this change too?  When this separate patch was
first posted, my suggestion was that the library should internally
decide whether it was necessary to do this, not the caller.  Also it
doesn't seem to be doing what it says it does anymore - it only appears
to affect validation of file contexts via setfiles (which should happen
on module installs too), not whether genhomedircon runs.

> +
>  /* Set whether or not to disable dontaudits upon commit */
>  void semanage_set_disable_dontaudit(semanage_handle_t * handle, int disable_dontaudit);
>  
> Index: libsemanage/src/handle.h
> ===================================================================
> --- libsemanage/src/handle.h	(revision 2587)
> +++ libsemanage/src/handle.h	(working copy)
> @@ -58,6 +58,7 @@
>  	int is_connected;
>  	int is_in_transaction;
>  	int do_reload;		/* whether to reload policy after commit */
> +	int do_rebuild_file_context;	/* whether to generate homedircontext */

Ditto.

>  	int do_rebuild;		/* whether to rebuild policy if there were no changes */
>  	int modules_modified;
>  	int create_store;	/* whether to create the store if it does not exist
> Index: libsemanage/src/libsemanage.map
> ===================================================================
> --- libsemanage/src/libsemanage.map	(revision 2587)
> +++ libsemanage/src/libsemanage.map	(working copy)
> @@ -9,6 +9,7 @@
>  	  semanage_module_list_nth; semanage_module_get_name;
>  	  semanage_module_get_version; semanage_select_store;
>  	  semanage_reload_policy; semanage_set_reload; semanage_set_rebuild;
> +	  semanage_set_rebuild_file_context;

Ditto.

>  	  semanage_user_*; semanage_bool_*; semanage_seuser_*;
>  	  semanage_iface_*; semanage_port_*; semanage_context_*;
>  	  semanage_node_*;
> Index: libsemanage/src/genhomedircon.c
> ===================================================================
> --- libsemanage/src/genhomedircon.c	(revision 2587)
> +++ libsemanage/src/genhomedircon.c	(working copy)
<snip>
> +static int check_line(genhomedircon_settings_t * s, Ustr *line)
> +{
> +	sepol_context_t *ctx_record = NULL;
> +	const char *ctx_str;
> +	int result;
> +
> +	ctx_str = extract_context(line);
> +	if (!ctx_str)
> +		return STATUS_ERR;
> +
> +	result = sepol_context_from_string(s->h_semanage->sepolh,
> +					   ctx_str, &ctx_record);
> +	if (result == STATUS_SUCCESS && ctx_record != NULL) {
> +		sepol_msg_set_callback(s->h_semanage->sepolh, NULL, NULL);
> +		result = sepol_context_check(s->h_semanage->sepolh,
> +					     s->policydb, ctx_record);
> +		sepol_msg_set_callback(s->h_semanage->sepolh,
> +				       semanage_msg_relay_handler, NULL);

As noted elsewhere, the last NULL needs to be s->h_semanage or
subsequent calls to the relay handler will seg fault.

<snip>
> @@ -496,6 +554,36 @@
>  	free(temp);
>  }
>  
> +static char *global_fallback_user;
> +static char *global_fallback_user_prefix;

Not suitable if you want threaded callers - needs to be moved into the
genhomedircon settings (best) or made a __thread variable.

> +static char *get_fallback_user(void)
> +{
> +	return global_fallback_user;
> +}
> +
> +static char *get_fallback_user_prefix(void)
> +{
> +	return global_fallback_user_prefix;
> +}
> +
> +static int set_fallback_user(const char *user, const char *prefix)
> +{
> +	free(global_fallback_user);
> +	free(global_fallback_user_prefix);
> +	global_fallback_user = strdup(user);
> +	global_fallback_user_prefix = strdup(prefix);
> +	if (!global_fallback_user || !global_fallback_user_prefix)
> +		return -1;
> +	return 0;
> +}
> +
> +static void free_fallback_user(void)
> +{
> +	free(global_fallback_user);
> +	free(global_fallback_user_prefix);
> +}
> +
>  static genhomedircon_user_entry_t *get_users(genhomedircon_settings_t * s,
>  					     int *errors)
>  {

> Index: libsemanage/src/semanage_store.c
> ===================================================================
> --- libsemanage/src/semanage_store.c	(revision 2587)
> +++ libsemanage/src/semanage_store.c	(working copy)
> @@ -1148,7 +1148,7 @@
>  
>        skip_reload:
>  
> -	if ((r =
> +	if (sh->do_rebuild_file_context && (r =
>  	     semanage_exec_prog(sh, sh->conf->setfiles, store_pol,

This seems wrong - the interface says it controls whether homedir
contexts are generated, but this controls whether setfiles is run to
validate the contexts (which should happen on module installs too).

>  				store_fc)) != 0) {
>  		ERR(sh, "setfiles returned error code %d.", r);
<snip>
> Index: libsemanage/src/handle.c
> ===================================================================
> --- libsemanage/src/handle.c	(revision 2587)
> +++ libsemanage/src/handle.c	(working copy)
> @@ -68,6 +68,9 @@
>  	/* By default do not create store */
>  	sh->create_store = 0;
>  
> +	/* Rebuild the file_contexts by default */
> +	sh->do_rebuild_file_context = 1;
> +
>  	/* Set timeout: some default value for now, later use config */
>  	sh->timeout = SEMANAGE_COMMIT_READ_WAIT;
>  
> @@ -100,6 +103,15 @@
>  	return;
>  }
>  
> +void semanage_set_rebuild_file_context(semanage_handle_t * sh, int do_rebuild_file_context)
> +{
> +
> +	assert(sh != NULL);
> +
> +	sh->do_rebuild_file_context = do_rebuild_file_context;
> +	return;
> +}
> +
>  void semanage_set_create_store(semanage_handle_t * sh, int create_store)
>  {

More of the rebuild file context changes, unrelated to this patch.

> Index: libsemanage/Makefile
> ===================================================================
> --- libsemanage/Makefile	(revision 2587)
> +++ libsemanage/Makefile	(working copy)
> @@ -1,6 +1,9 @@
>  all: 
>  	$(MAKE) -C src all
>  
> +swigify: 
> +	$(MAKE) -C src swigify
> +
>  pywrap: 
>  	$(MAKE) -C src pywrap

This one is fine but is logically separate.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: I am concerned about putting genhomedircon changesinlibsemanage into Fedora 8.

[Daniel J Walsh]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Stephen Smalley wrote:
> On Thu, 2007-09-27 at 10:46 -0400, Todd C. Miller wrote:
>> Daniel J Walsh wrote:
>>
>>> Already have it.
>>>
>>> This is a repatch off of libsemanage-2.0.9
>>>
>>> It should include your stuff plus it gets the fallback_user by looking
>>> up the __default__ login record.
>>>
>>> That way if I change the __default__ record to use xguest_u, it will
>>> build all user accounts with this context.
>>>
>>> getpwnam_r returns 0 even if an account does not exist.
>>>
>>> So you need to check the pointer.
>>>
>>> A couple of other translation problems also.
>> Unfortunately, the return values for getpwnam_r() and getpwent_r()
>> are inconsistent.  While getpwnam_r() returns 0 when the user does
>> not exist, getpwent_r() returns ENOENT.  I decided to deal with
>> both semantics in the same way so if they are every brought into
>> line the code will still do the right thing.
>>
>> I made similar fixes to yours for the seuser vs. user mismatches.
>> A merge of your diff and mine follows.  I added some error condition
>> fixes and made the style more consistent.
>>
>>  - todd
>>
>> Index: libsemanage/include/semanage/handle.h
>> ===================================================================
>> --- libsemanage/include/semanage/handle.h	(revision 2587)
>> +++ libsemanage/include/semanage/handle.h	(working copy)
>> @@ -69,6 +69,10 @@
>>   * 1 for yes, 0 for no (default) */
>>  void semanage_set_create_store(semanage_handle_t * handle, int create_store);
>>  
>> +/* set whether to generate homedir file context
>> + * 1 for yes (default), 0 for no */
>> +void semanage_set_rebuild_file_context(semanage_handle_t * handle, int do_rebuild_file_context);
> 
> Did you mean to include this change too?  When this separate patch was
> first posted, my suggestion was that the library should internally
> decide whether it was necessary to do this, not the caller.  Also it
> doesn't seem to be doing what it says it does anymore - it only appears
> to affect validation of file contexts via setfiles (which should happen
> on module installs too), not whether genhomedircon runs.
> 
>> +
>>  /* Set whether or not to disable dontaudits upon commit */
>>  void semanage_set_disable_dontaudit(semanage_handle_t * handle, int disable_dontaudit);
>>  
>> Index: libsemanage/src/handle.h
>> ===================================================================
>> --- libsemanage/src/handle.h	(revision 2587)
>> +++ libsemanage/src/handle.h	(working copy)
>> @@ -58,6 +58,7 @@
>>  	int is_connected;
>>  	int is_in_transaction;
>>  	int do_reload;		/* whether to reload policy after commit */
>> +	int do_rebuild_file_context;	/* whether to generate homedircontext */
> 
> Ditto.
> 
>>  	int do_rebuild;		/* whether to rebuild policy if there were no changes */
>>  	int modules_modified;
>>  	int create_store;	/* whether to create the store if it does not exist
>> Index: libsemanage/src/libsemanage.map
>> ===================================================================
>> --- libsemanage/src/libsemanage.map	(revision 2587)
>> +++ libsemanage/src/libsemanage.map	(working copy)
>> @@ -9,6 +9,7 @@
>>  	  semanage_module_list_nth; semanage_module_get_name;
>>  	  semanage_module_get_version; semanage_select_store;
>>  	  semanage_reload_policy; semanage_set_reload; semanage_set_rebuild;
>> +	  semanage_set_rebuild_file_context;
> 
> Ditto.
> 
>>  	  semanage_user_*; semanage_bool_*; semanage_seuser_*;
>>  	  semanage_iface_*; semanage_port_*; semanage_context_*;
>>  	  semanage_node_*;
>> Index: libsemanage/src/genhomedircon.c
>> ===================================================================
>> --- libsemanage/src/genhomedircon.c	(revision 2587)
>> +++ libsemanage/src/genhomedircon.c	(working copy)
> <snip>
>> +static int check_line(genhomedircon_settings_t * s, Ustr *line)
>> +{
>> +	sepol_context_t *ctx_record = NULL;
>> +	const char *ctx_str;
>> +	int result;
>> +
>> +	ctx_str = extract_context(line);
>> +	if (!ctx_str)
>> +		return STATUS_ERR;
>> +
>> +	result = sepol_context_from_string(s->h_semanage->sepolh,
>> +					   ctx_str, &ctx_record);
>> +	if (result == STATUS_SUCCESS && ctx_record != NULL) {
>> +		sepol_msg_set_callback(s->h_semanage->sepolh, NULL, NULL);
>> +		result = sepol_context_check(s->h_semanage->sepolh,
>> +					     s->policydb, ctx_record);
>> +		sepol_msg_set_callback(s->h_semanage->sepolh,
>> +				       semanage_msg_relay_handler, NULL);
> 
> As noted elsewhere, the last NULL needs to be s->h_semanage or
> subsequent calls to the relay handler will seg fault.
> 
> <snip>
>> @@ -496,6 +554,36 @@
>>  	free(temp);
>>  }
>>  
>> +static char *global_fallback_user;
>> +static char *global_fallback_user_prefix;
> 
> Not suitable if you want threaded callers - needs to be moved into the
> genhomedircon settings (best) or made a __thread variable.
> 
>> +static char *get_fallback_user(void)
>> +{
>> +	return global_fallback_user;
>> +}
>> +
>> +static char *get_fallback_user_prefix(void)
>> +{
>> +	return global_fallback_user_prefix;
>> +}
>> +
>> +static int set_fallback_user(const char *user, const char *prefix)
>> +{
>> +	free(global_fallback_user);
>> +	free(global_fallback_user_prefix);
>> +	global_fallback_user = strdup(user);
>> +	global_fallback_user_prefix = strdup(prefix);
>> +	if (!global_fallback_user || !global_fallback_user_prefix)
>> +		return -1;
>> +	return 0;
>> +}
>> +
>> +static void free_fallback_user(void)
>> +{
>> +	free(global_fallback_user);
>> +	free(global_fallback_user_prefix);
>> +}
>> +
>>  static genhomedircon_user_entry_t *get_users(genhomedircon_settings_t * s,
>>  					     int *errors)
>>  {
> 
>> Index: libsemanage/src/semanage_store.c
>> ===================================================================
>> --- libsemanage/src/semanage_store.c	(revision 2587)
>> +++ libsemanage/src/semanage_store.c	(working copy)
>> @@ -1148,7 +1148,7 @@
>>  
>>        skip_reload:
>>  
>> -	if ((r =
>> +	if (sh->do_rebuild_file_context && (r =
>>  	     semanage_exec_prog(sh, sh->conf->setfiles, store_pol,
> 
> This seems wrong - the interface says it controls whether homedir
> contexts are generated, but this controls whether setfiles is run to
> validate the contexts (which should happen on module installs too).
> 
>>  				store_fc)) != 0) {
>>  		ERR(sh, "setfiles returned error code %d.", r);
> <snip>
>> Index: libsemanage/src/handle.c
>> ===================================================================
>> --- libsemanage/src/handle.c	(revision 2587)
>> +++ libsemanage/src/handle.c	(working copy)
>> @@ -68,6 +68,9 @@
>>  	/* By default do not create store */
>>  	sh->create_store = 0;
>>  
>> +	/* Rebuild the file_contexts by default */
>> +	sh->do_rebuild_file_context = 1;
>> +
>>  	/* Set timeout: some default value for now, later use config */
>>  	sh->timeout = SEMANAGE_COMMIT_READ_WAIT;
>>  
>> @@ -100,6 +103,15 @@
>>  	return;
>>  }
>>  
>> +void semanage_set_rebuild_file_context(semanage_handle_t * sh, int do_rebuild_file_context)
>> +{
>> +
>> +	assert(sh != NULL);
>> +
>> +	sh->do_rebuild_file_context = do_rebuild_file_context;
>> +	return;
>> +}
>> +
>>  void semanage_set_create_store(semanage_handle_t * sh, int create_store)
>>  {
> 
> More of the rebuild file context changes, unrelated to this patch.
> 
>> Index: libsemanage/Makefile
>> ===================================================================
>> --- libsemanage/Makefile	(revision 2587)
>> +++ libsemanage/Makefile	(working copy)
>> @@ -1,6 +1,9 @@
>>  all: 
>>  	$(MAKE) -C src all
>>  
>> +swigify: 
>> +	$(MAKE) -C src swigify
>> +
>>  pywrap: 
>>  	$(MAKE) -C src pywrap
> 
> This one is fine but is logically separate.
> 

Yes,   The change to not run genhomedircon should be removed.

libsemanage needs to  figure out whether the
template_homedir/seusers/users changed and not running genhomedircon or
setfiles would be very nice.  Basically none of these should run if
setsetbool is executed, or semanage ports/interface/fcontext (most of
the time)/(semodule most of the time)
It would be nice if there was a way to run semanage (genhomedircon)
without running other parts of semanage also.  For example if the
homedirectory of a user changed.

Making this change would allow me to separate the policy for setsebool
from the rest of semanage.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFG/BH1rlYvE4MpobMRAsVxAKCHGCnKdWFFmUvmxyuMX+jZ3/sv2ACfZtDs
xRnh81nj6njrl0olAoPJWU0=
=bri9
-----END PGP SIGNATURE-----

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.