[patch 0/4] libsemanage: genhomedircon regressions

[patch 0/4] libsemanage: genhomedircon regressions

[Todd C. Miller]

This patch set fixes several regressions found in the new genhomedircon
replacement.  I've broken things up into their logical parts for easy
reading.  I've also included Dan's do_rebuild_file_context and swigify
patches as a 4th diff.  If we want to treat that completely separately
we can.

 - todd

-- 


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

[patch 1/4] libsemanage: validate homedir contexts

[Todd C. Miller]

Validate contexts against the new policy before writing them to
file_contexts.homedirs.

---
 libsemanage/src/direct_api.c     |    2 
 libsemanage/src/genhomedircon.c  |  100 +++++++++++++++++++++++++++++++--------
 libsemanage/src/genhomedircon.h  |    3 -
 libsemanage/src/semanage_store.c |    5 +
 libsemanage/src/semanage_store.h |    5 -
 5 files changed, 88 insertions(+), 27 deletions(-)

Index: trunk/libsemanage/src/genhomedircon.c
===================================================================
--- trunk.orig/libsemanage/src/genhomedircon.c
+++ trunk/libsemanage/src/genhomedircon.c
@@ -1,5 +1,6 @@
-/* Author: Mark Goldman   <mgoldman@tresys.com>
- * 			Paul Rosenfeld	<prosenfeld@tresys.com>
+/* Author: Mark Goldman	  <mgoldman@tresys.com>
+ * 	   Paul Rosenfeld <prosenfeld@tresys.com>
+ * 	   Todd C. Miller <tmiller@tresys.com>
  *
  * Copyright (C) 2007 Tresys Technology, LLC
  *
@@ -23,6 +24,8 @@
 #include <semanage/seusers_policy.h>
 #include <semanage/users_policy.h>
 #include <semanage/user_record.h>
+#include <sepol/context.h>
+#include <sepol/context_record.h>
 #include "semanage_store.h"
 #include "seuser_internal.h"
 #include "debug.h"
@@ -80,6 +83,7 @@ typedef struct {
 	int usepasswd;
 	const char *homedir_template_path;
 	semanage_handle_t *h_semanage;
+	sepol_policydb_t *policydb;
 } genhomedircon_settings_t;
 
 typedef struct user_entry {
@@ -352,9 +356,49 @@ static Ustr *replace_all(const char *str
 	return retval;
 }
 
-static int write_home_dir_context(FILE * out, semanage_list_t * tpl,
-				  const char *user, const char *seuser,
-				  const char *home, const char *role_prefix)
+static const char * extract_context(Ustr *line)
+{
+	const char whitespace[] = " \t\n";
+	size_t off, len;
+
+	/* check for trailing whitespace */
+	off = ustr_spn_chrs_rev(line, 0, whitespace, strlen(whitespace));
+
+	/* find the length of the last field in line */
+	len = ustr_cspn_chrs_rev(line, off, whitespace, strlen(whitespace));
+
+	if (len == 0)
+		return NULL;
+	return ustr_cstr(line) + ustr_len(line) - (len + off);
+}
+
+static int check_line(genhomedircon_settings_t * s, Ustr *line)
+{
+	sepol_context_t *ctx_record = NULL;
+	const char *ctx_str;
+	int result;
+
+	ctx_str = extract_context(line);
+	if (!ctx_str)
+		return STATUS_ERR;
+
+	result = sepol_context_from_string(s->h_semanage->sepolh,
+					   ctx_str, &ctx_record);
+	if (result == STATUS_SUCCESS && ctx_record != NULL) {
+		sepol_msg_set_callback(s->h_semanage->sepolh, NULL, NULL);
+		result = sepol_context_check(s->h_semanage->sepolh,
+					     s->policydb, ctx_record);
+		sepol_msg_set_callback(s->h_semanage->sepolh,
+				       semanage_msg_relay_handler, s->h_semanage);
+		sepol_context_free(ctx_record);
+	}
+	return result;
+}
+
+static int write_home_dir_context(genhomedircon_settings_t * s, FILE * out,
+				  semanage_list_t * tpl, const char *user,
+				  const char *seuser, const char *home,
+				  const char *role_prefix)
 {
 	replacement_pair_t repl[] = {
 		{.search_for = TEMPLATE_SEUSER,.replace_with = seuser},
@@ -369,8 +413,12 @@ static int write_home_dir_context(FILE *
 
 	for (; tpl; tpl = tpl->next) {
 		line = replace_all(tpl->data, repl);
-		if (!line || !ustr_io_putfileline(&line, out))
+		if (!line)
 			goto fail;
+		if (check_line(s, line) == STATUS_SUCCESS) {
+			if (!ustr_io_putfileline(&line, out))
+				goto fail;
+		}
 		ustr_sc_free(&line);
 	}
 	return STATUS_SUCCESS;
@@ -380,8 +428,8 @@ static int write_home_dir_context(FILE *
 	return STATUS_ERR;
 }
 
-static int write_home_root_context(FILE * out, semanage_list_t * tpl,
-				   char *homedir)
+static int write_home_root_context(genhomedircon_settings_t * s, FILE * out,
+				   semanage_list_t * tpl, char *homedir)
 {
 	replacement_pair_t repl[] = {
 		{.search_for = TEMPLATE_HOME_ROOT,.replace_with = homedir},
@@ -391,8 +439,12 @@ static int write_home_root_context(FILE 
 
 	for (; tpl; tpl = tpl->next) {
 		line = replace_all(tpl->data, repl);
-		if (!line || !ustr_io_putfileline(&line, out))
+		if (!line)
 			goto fail;
+		if (check_line(s, line) == STATUS_SUCCESS) {
+			if (!ustr_io_putfileline(&line, out))
+				goto fail;
+		}
 		ustr_sc_free(&line);
 	}
 	return STATUS_SUCCESS;
@@ -402,8 +454,9 @@ static int write_home_root_context(FILE 
 	return STATUS_ERR;
 }
 
-static int write_user_context(FILE * out, semanage_list_t * tpl, char *user,
-			      char *seuser, char *role_prefix)
+static int write_user_context(genhomedircon_settings_t * s, FILE * out,
+			      semanage_list_t * tpl, const char *user,
+			      const char *seuser, const char *role_prefix)
 {
 	replacement_pair_t repl[] = {
 		{.search_for = TEMPLATE_USER,.replace_with = user},
@@ -415,8 +468,12 @@ static int write_user_context(FILE * out
 
 	for (; tpl; tpl = tpl->next) {
 		line = replace_all(tpl->data, repl);
-		if (!line || !ustr_io_putfileline(&line, out))
+		if (!line)
 			goto fail;
+		if (check_line(s, line) == STATUS_SUCCESS) {
+			if (!ustr_io_putfileline(&line, out))
+				goto fail;
+		}
 		ustr_sc_free(&line);
 	}
 	return STATUS_SUCCESS;
@@ -602,7 +659,7 @@ static genhomedircon_user_entry_t *get_u
 	return head;
 }
 
-static int write_gen_home_dir_context(FILE * out, genhomedircon_settings_t * s,
+static int write_gen_home_dir_context(genhomedircon_settings_t * s, FILE * out,
 				      semanage_list_t * user_context_tpl,
 				      semanage_list_t * homedir_context_tpl)
 {
@@ -615,13 +672,13 @@ static int write_gen_home_dir_context(FI
 	}
 
 	for (; users; pop_user_entry(&users)) {
-		if (write_home_dir_context(out, homedir_context_tpl,
+		if (write_home_dir_context(s, out, homedir_context_tpl,
 					   users->name,
 					   users->sename, users->home,
 					   users->prefix)) {
 			return STATUS_ERR;
 		}
-		if (write_user_context(out, user_context_tpl, users->name,
+		if (write_user_context(s, out, user_context_tpl, users->name,
 				       users->sename, users->prefix)) {
 			return STATUS_ERR;
 		}
@@ -671,7 +728,7 @@ static int write_context_file(genhomedir
 			goto done;
 		}
 
-		if (write_home_dir_context(out,
+		if (write_home_dir_context(s, out,
 					   homedir_context_tpl, FALLBACK_USER,
 					   FALLBACK_USER, ustr_cstr(temp),
 					   FALLBACK_USER_PREFIX) !=
@@ -680,7 +737,7 @@ static int write_context_file(genhomedir
 			retval = STATUS_ERR;
 			goto done;
 		}
-		if (write_home_root_context(out,
+		if (write_home_root_context(s, out,
 					    homeroot_context_tpl,
 					    h->data) != STATUS_SUCCESS) {
 			ustr_sc_free(&temp);
@@ -711,7 +768,9 @@ static int write_context_file(genhomedir
 	return retval;
 }
 
-int semanage_genhomedircon(semanage_handle_t * sh, int usepasswd)
+int semanage_genhomedircon(semanage_handle_t * sh,
+			   sepol_policydb_t * policydb,
+			   int usepasswd)
 {
 	genhomedircon_settings_t s;
 	FILE *out = NULL;
@@ -725,6 +784,7 @@ int semanage_genhomedircon(semanage_hand
 
 	s.usepasswd = usepasswd;
 	s.h_semanage = sh;
+	s.policydb = policydb;
 
 	if (!(out = fopen(s.fcfilepath, "w"))) {
 		/* couldn't open output file */
Index: trunk/libsemanage/src/genhomedircon.h
===================================================================
--- trunk.orig/libsemanage/src/genhomedircon.h
+++ trunk/libsemanage/src/genhomedircon.h
@@ -22,6 +22,7 @@
 
 #include "utilities.h"
 
-int semanage_genhomedircon(semanage_handle_t * sh, int usepasswd);
+int semanage_genhomedircon(semanage_handle_t * sh,
+			   sepol_policydb_t * policydb, int usepasswd);
 
 #endif
Index: trunk/libsemanage/src/direct_api.c
===================================================================
--- trunk.orig/libsemanage/src/direct_api.c
+++ trunk/libsemanage/src/direct_api.c
@@ -702,7 +702,7 @@ static int semanage_direct_commit(semana
 		goto cleanup;
 
 	if (sh->do_rebuild || modified) {
-		retval = semanage_install_sandbox(sh);
+		retval = semanage_install_sandbox(sh, out);
 	}
 
       cleanup:
Index: trunk/libsemanage/src/semanage_store.c
===================================================================
--- trunk.orig/libsemanage/src/semanage_store.c
+++ trunk/libsemanage/src/semanage_store.c
@@ -1279,7 +1279,8 @@ static int semanage_commit_sandbox(seman
  * should be placed within a mutex lock to ensure that it runs
  * atomically.	Returns commit number on success, -1 on error.
  */
-int semanage_install_sandbox(semanage_handle_t * sh)
+int semanage_install_sandbox(semanage_handle_t * sh,
+			     sepol_policydb_t * policydb)
 {
 	int retval = -1, commit_num = -1;
 
@@ -1294,7 +1295,7 @@ int semanage_install_sandbox(semanage_ha
 	}
 	if (!sh->conf->disable_genhomedircon) {
 		if ((retval =
-		     semanage_genhomedircon(sh, TRUE)) != 0) {
+		     semanage_genhomedircon(sh, policydb, TRUE)) != 0) {
 			ERR(sh, "semanage_genhomedircon returned error code %d.",
 			    retval);
 			goto cleanup;
Index: trunk/libsemanage/src/semanage_store.h
===================================================================
--- trunk.orig/libsemanage/src/semanage_store.h
+++ trunk/libsemanage/src/semanage_store.h
@@ -83,8 +83,6 @@ int semanage_make_sandbox(semanage_handl
 int semanage_get_modules_names(semanage_handle_t * sh,
 			       char ***filenames, int *len);
 
-int semanage_install_sandbox(semanage_handle_t * sh);
-
 /* lock file routines */
 int semanage_get_trans_lock(semanage_handle_t * sh);
 int semanage_get_active_lock(semanage_handle_t * sh);
@@ -102,7 +100,8 @@ int semanage_expand_sandbox(semanage_han
 int semanage_write_policydb(semanage_handle_t * sh,
 			    sepol_policydb_t * policydb);
 
-int semanage_install_sandbox(semanage_handle_t * sh);
+int semanage_install_sandbox(semanage_handle_t * sh,
+			     sepol_policydb_t * policydb);
 
 int semanage_verify_modules(semanage_handle_t * sh,
 			    char **module_filenames, int num_modules);

-- 


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

[patch 2/4] libsemanage: fix getpw*_r usage

[Todd C. Miller]

getpwnam_r() returns 0 when a user doesn't exist and just zeroes the
struct passwd pointer.  However, getpwent_r() returns ENOENT when there
are no more users.  This diff deals with both possible behaviors so that
if the two functions are brought in line nothing will break.  We can
also remove the errno check and use the return value directly.

Index: trunk/libsemanage/src/genhomedircon.c
===================================================================
--- trunk.orig/libsemanage/src/genhomedircon.c
+++ trunk/libsemanage/src/genhomedircon.c
@@ -158,6 +158,7 @@ static semanage_list_t *get_home_dirs(ge
 	size_t temp;
 	struct passwd pwstorage, *pwbuf;
 	struct stat buf;
+	int retval;
 
 	shells = get_shell_list();
 	assert(shells);
@@ -229,7 +230,7 @@ static semanage_list_t *get_home_dirs(ge
 	if (rbuf == NULL)
 		goto fail;
 	setpwent();
-	for (errno = 0; getpwent_r(&pwstorage, rbuf, rbuflen, &pwbuf) == 0; errno = 0) {
+	while ((retval = getpwent_r(&pwstorage, rbuf, rbuflen, &pwbuf)) == 0) {
 		if (pwbuf->pw_uid < minuid)
 			continue;
 		if (!semanage_list_find(shells, pwbuf->pw_shell))
@@ -252,7 +253,7 @@ static semanage_list_t *get_home_dirs(ge
 		free(path);
 	}
 
-	if (errno) {
+	if (retval && retval != ENOENT) {
 		WARN(s->h_semanage, "Error while fetching users.  "
 		     "Returning list so far.");
 	}
@@ -614,12 +615,13 @@ static genhomedircon_user_entry_t *get_u
 			prefix = name;
 		}
 
-		errno = 0;
-		if (getpwnam_r(name, &pwstorage, rbuf, rbuflen, &pwent) != 0) {
-			if (errno != 0) {
+		retval = getpwnam_r(name, &pwstorage, rbuf, rbuflen, &pwent);
+		if (retval != 0 || pwent == NULL) {
+			if (retval != 0 && retval != ENOENT) {
 				*errors = STATUS_ERR;
 				goto cleanup;
 			}
+
 			WARN(s->h_semanage,
 			     "user %s not in password file", name);
 			continue;

-- 


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

[patch 3/4] libsemanage: update default user

[Todd C. Miller]

Patch from dwalsh to update the default user and prefix based on the
seusers file.  Previously it just assumed user_u and user.

---
 libsemanage/src/genhomedircon.c |   86 +++++++++++++++++++++++++++++++++-------
 1 file changed, 73 insertions(+), 13 deletions(-)

Index: trunk/libsemanage/src/genhomedircon.c
===================================================================
--- trunk.orig/libsemanage/src/genhomedircon.c
+++ trunk/libsemanage/src/genhomedircon.c
@@ -82,6 +82,8 @@ typedef struct {
 	const char *fcfilepath;
 	int usepasswd;
 	const char *homedir_template_path;
+	char *fallback_user;
+	char *fallback_user_prefix;
 	semanage_handle_t *h_semanage;
 	sepol_policydb_t *policydb;
 } genhomedircon_settings_t;
@@ -554,6 +556,25 @@ static void pop_user_entry(genhomedircon
 	free(temp);
 }
 
+static int set_fallback_user(genhomedircon_settings_t *s,
+			     const char *user, const char *prefix)
+{
+	char *fallback_user = strdup(user);
+	char *fallback_user_prefix = strdup(prefix);
+
+	if (fallback_user == NULL || fallback_user_prefix == NULL) {
+		free(fallback_user);
+		free(fallback_user_prefix);
+		return STATUS_ERR;
+	}
+
+	free(s->fallback_user);
+	free(s->fallback_user_prefix);
+	s->fallback_user = fallback_user;
+	s->fallback_user_prefix = fallback_user_prefix;
+	return STATUS_SUCCESS;
+}
+
 static genhomedircon_user_entry_t *get_users(genhomedircon_settings_t * s,
 					     int *errors)
 {
@@ -596,13 +617,40 @@ static genhomedircon_user_entry_t *get_u
 
 	for (i = 0; i < nseusers; i++) {
 		name = semanage_seuser_get_name(seuser_list[i]);
+		if (strcmp(name, DEFAULT_LOGIN) == 0) {
+			seuname = semanage_seuser_get_sename(seuser_list[i]);
+
+			/* find the user structure given the name */
+			u = bsearch(seuname, user_list, nusers,
+				    sizeof(semanage_user_t *),
+				    (int (*)(const void *, const void *))
+				    &name_user_cmp);
+			if (u) {
+				prefix = semanage_user_get_prefix(*u);
+			} else {
+				prefix = name;
+			}
+
+			if (set_fallback_user(s, seuname, prefix) != 0) {
+				*errors = STATUS_ERR;
+				goto cleanup;
+			}
+			break;
+		}
+	}
+
+	for (i = 0; i < nseusers; i++) {
 		seuname = semanage_seuser_get_sename(seuser_list[i]);
 
-		if (strcmp(seuname, FALLBACK_USER) == 0)
+		if (strcmp(seuname, s->fallback_user) == 0)
 			continue;
-		if (strcmp(seuname, DEFAULT_LOGIN) == 0)
+
+		name = semanage_seuser_get_name(seuser_list[i]);
+
+		if (strcmp(name, DEFAULT_LOGIN) == 0)
 			continue;
-		if (strcmp(seuname, TEMPLATE_SEUSER) == 0)
+
+		if (strcmp(name, TEMPLATE_SEUSER) == 0)
 			continue;
 
 		/* find the user structure given the name */
@@ -721,6 +769,12 @@ static int write_context_file(genhomedir
 		goto done;
 	}
 
+	if (write_gen_home_dir_context(s, out, user_context_tpl,
+				       homedir_context_tpl) != STATUS_SUCCESS) {
+		retval = STATUS_ERR;
+		goto done;
+	}
+
 	for (h = homedirs; h; h = h->next) {
 		Ustr *temp = ustr_dup_cstr(h->data);
 
@@ -731,9 +785,10 @@ static int write_context_file(genhomedir
 		}
 
 		if (write_home_dir_context(s, out,
-					   homedir_context_tpl, FALLBACK_USER,
-					   FALLBACK_USER, ustr_cstr(temp),
-					   FALLBACK_USER_PREFIX) !=
+					   homedir_context_tpl,
+					   s->fallback_user, s->fallback_user,
+					   ustr_cstr(temp),
+					   s->fallback_user_prefix) !=
 		    STATUS_SUCCESS) {
 			ustr_sc_free(&temp);
 			retval = STATUS_ERR;
@@ -749,16 +804,12 @@ static int write_context_file(genhomedir
 
 		ustr_sc_free(&temp);
 	}
-	if (write_user_context(out, user_context_tpl,
-			       ".*", FALLBACK_USER,
-			       FALLBACK_USER_PREFIX) != STATUS_SUCCESS) {
+	if (write_user_context(s, out, user_context_tpl,
+			       ".*", s->fallback_user,
+			       s->fallback_user_prefix) != STATUS_SUCCESS) {
 		retval = STATUS_ERR;
 		goto done;
 	}
-	if (write_gen_home_dir_context(out, s, user_context_tpl,
-				       homedir_context_tpl) != STATUS_SUCCESS) {
-		retval = STATUS_ERR;
-	}
 
       done:
 	/* Cleanup */
@@ -784,6 +835,11 @@ int semanage_genhomedircon(semanage_hand
 	    semanage_path(SEMANAGE_TMP, SEMANAGE_HOMEDIR_TMPL);
 	s.fcfilepath = semanage_path(SEMANAGE_TMP, SEMANAGE_FC_HOMEDIRS);
 
+	s.fallback_user = strdup(FALLBACK_USER);
+	s.fallback_user_prefix = strdup(FALLBACK_USER_PREFIX);
+	if (s.fallback_user == NULL || s.fallback_user_prefix == NULL)
+		return STATUS_ERR;
+
 	s.usepasswd = usepasswd;
 	s.h_semanage = sh;
 	s.policydb = policydb;
@@ -797,5 +853,9 @@ int semanage_genhomedircon(semanage_hand
 	retval = write_context_file(&s, out);
 
 	fclose(out);
+
+	free(s.fallback_user);
+	free(s.fallback_user_prefix);
+
 	return retval;
 }

-- 


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

[patch 4/4] libsemanage: rebuild_file_context option

[Todd C. Miller]

Patch from dwalsh to allow disabling of file_contexts rebuilding.

---
 libsemanage/Makefile                  |    3 +++
 libsemanage/include/semanage/handle.h |    4 ++++
 libsemanage/src/handle.c              |   12 ++++++++++++
 libsemanage/src/handle.h              |    1 +
 libsemanage/src/libsemanage.map       |    1 +
 libsemanage/src/semanage_store.c      |    2 +-
 6 files changed, 22 insertions(+), 1 deletion(-)

Index: trunk/libsemanage/include/semanage/handle.h
===================================================================
--- trunk.orig/libsemanage/include/semanage/handle.h
+++ trunk/libsemanage/include/semanage/handle.h
@@ -69,6 +69,10 @@ void semanage_set_rebuild(semanage_handl
  * 1 for yes, 0 for no (default) */
 void semanage_set_create_store(semanage_handle_t * handle, int create_store);
 
+/* set whether to generate homedir file context
+ * 1 for yes (default), 0 for no */
+void semanage_set_rebuild_file_context(semanage_handle_t * handle, int do_rebuild_file_context);
+
 /* Set whether or not to disable dontaudits upon commit */
 void semanage_set_disable_dontaudit(semanage_handle_t * handle, int disable_dontaudit);
 
Index: trunk/libsemanage/src/handle.h
===================================================================
--- trunk.orig/libsemanage/src/handle.h
+++ trunk/libsemanage/src/handle.h
@@ -58,6 +58,7 @@ struct semanage_handle {
 	int is_connected;
 	int is_in_transaction;
 	int do_reload;		/* whether to reload policy after commit */
+	int do_rebuild_file_context;	/* whether to generate homedircontext */
 	int do_rebuild;		/* whether to rebuild policy if there were no changes */
 	int modules_modified;
 	int create_store;	/* whether to create the store if it does not exist
Index: trunk/libsemanage/src/libsemanage.map
===================================================================
--- trunk.orig/libsemanage/src/libsemanage.map
+++ trunk/libsemanage/src/libsemanage.map
@@ -9,6 +9,7 @@ LIBSEMANAGE_1.0 {
 	  semanage_module_list_nth; semanage_module_get_name;
 	  semanage_module_get_version; semanage_select_store;
 	  semanage_reload_policy; semanage_set_reload; semanage_set_rebuild;
+	  semanage_set_rebuild_file_context;
 	  semanage_user_*; semanage_bool_*; semanage_seuser_*;
 	  semanage_iface_*; semanage_port_*; semanage_context_*;
 	  semanage_node_*;
Index: trunk/libsemanage/src/semanage_store.c
===================================================================
--- trunk.orig/libsemanage/src/semanage_store.c
+++ trunk/libsemanage/src/semanage_store.c
@@ -1148,7 +1148,7 @@ static int semanage_install_active(seman
 
       skip_reload:
 
-	if ((r =
+	if (sh->do_rebuild_file_context && (r =
 	     semanage_exec_prog(sh, sh->conf->setfiles, store_pol,
 				store_fc)) != 0) {
 		ERR(sh, "setfiles returned error code %d.", r);
Index: trunk/libsemanage/src/handle.c
===================================================================
--- trunk.orig/libsemanage/src/handle.c
+++ trunk/libsemanage/src/handle.c
@@ -68,6 +68,9 @@ semanage_handle_t *semanage_handle_creat
 	/* By default do not create store */
 	sh->create_store = 0;
 
+	/* Rebuild the file_contexts by default */
+	sh->do_rebuild_file_context = 1;
+
 	/* Set timeout: some default value for now, later use config */
 	sh->timeout = SEMANAGE_COMMIT_READ_WAIT;
 
@@ -100,6 +103,15 @@ void semanage_set_reload(semanage_handle
 	return;
 }
 
+void semanage_set_rebuild_file_context(semanage_handle_t * sh, int do_rebuild_file_context)
+{
+
+	assert(sh != NULL);
+
+	sh->do_rebuild_file_context = do_rebuild_file_context;
+	return;
+}
+
 void semanage_set_create_store(semanage_handle_t * sh, int create_store)
 {
 
Index: trunk/libsemanage/Makefile
===================================================================
--- trunk.orig/libsemanage/Makefile
+++ trunk/libsemanage/Makefile
@@ -1,6 +1,9 @@
 all: 
 	$(MAKE) -C src all
 
+swigify:
+	$(MAKE) -C src swigify
+
 pywrap: 
 	$(MAKE) -C src pywrap
 

-- 


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [patch 0/4] libsemanage: genhomedircon regressions

[Stephen Smalley]

On Thu, 2007-09-27 at 16:07 -0400, Todd C. Miller wrote:
> This patch set fixes several regressions found in the new genhomedircon
> replacement.  I've broken things up into their logical parts for easy
> reading.  I've also included Dan's do_rebuild_file_context and swigify
> patches as a 4th diff.  If we want to treat that completely separately
> we can.

patch 1/4 yielded a non-buildable tree, so I applied 1/4 and 3/4
together as a single commit.

2/4 applied as a bug fix independent of the others.

4/4 dropped except for Makefile swigify target.

libsemanage 2.0.10.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [patch 0/4] libsemanage: genhomedircon regressions

[Stephen Smalley]

On Fri, 2007-09-28 at 09:36 -0400, Stephen Smalley wrote:
> On Thu, 2007-09-27 at 16:07 -0400, Todd C. Miller wrote:
> > This patch set fixes several regressions found in the new genhomedircon
> > replacement.  I've broken things up into their logical parts for easy
> > reading.  I've also included Dan's do_rebuild_file_context and swigify
> > patches as a 4th diff.  If we want to treat that completely separately
> > we can.
> 
> patch 1/4 yielded a non-buildable tree, so I applied 1/4 and 3/4
> together as a single commit.
> 
> 2/4 applied as a bug fix independent of the others.
> 
> 4/4 dropped except for Makefile swigify target.
> 
> libsemanage 2.0.10.

Looking again at the output, the order differs - the libsemanage
genhomedircon puts the specific user entries first and then the
generic /home entries, which seems wrong given that later entries take
precedence for matchpathcon.  genhomedircon script does the opposite.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [patch 0/4] libsemanage: genhomedircon regressions

[Daniel J Walsh]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Stephen Smalley wrote:
> On Fri, 2007-09-28 at 09:36 -0400, Stephen Smalley wrote:
>> On Thu, 2007-09-27 at 16:07 -0400, Todd C. Miller wrote:
>>> This patch set fixes several regressions found in the new genhomedircon
>>> replacement.  I've broken things up into their logical parts for easy
>>> reading.  I've also included Dan's do_rebuild_file_context and swigify
>>> patches as a 4th diff.  If we want to treat that completely separately
>>> we can.
>> patch 1/4 yielded a non-buildable tree, so I applied 1/4 and 3/4
>> together as a single commit.
>>
>> 2/4 applied as a bug fix independent of the others.
>>
>> 4/4 dropped except for Makefile swigify target.
>>
>> libsemanage 2.0.10.
> 
> Looking again at the output, the order differs - the libsemanage
> genhomedircon puts the specific user entries first and then the
> generic /home entries, which seems wrong given that later entries take
> precedence for matchpathcon.  genhomedircon script does the opposite.
> 

It should be alright because of the specificity is greater.

/home/dwalsh/.*

vs

/home/.*
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFG/QhwrlYvE4MpobMRAs9nAKCBvu1gSUsxBfLLkwCfLeSU7ejQxgCfcYd+
8i2BugMuBIPJl+UUW5GX6rw=
=Uyti
-----END PGP SIGNATURE-----

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [patch 0/4] libsemanage: genhomedircon regressions

[Stephen Smalley]

On Fri, 2007-09-28 at 09:58 -0400, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Stephen Smalley wrote:
> > On Fri, 2007-09-28 at 09:36 -0400, Stephen Smalley wrote:
> >> On Thu, 2007-09-27 at 16:07 -0400, Todd C. Miller wrote:
> >>> This patch set fixes several regressions found in the new genhomedircon
> >>> replacement.  I've broken things up into their logical parts for easy
> >>> reading.  I've also included Dan's do_rebuild_file_context and swigify
> >>> patches as a 4th diff.  If we want to treat that completely separately
> >>> we can.
> >> patch 1/4 yielded a non-buildable tree, so I applied 1/4 and 3/4
> >> together as a single commit.
> >>
> >> 2/4 applied as a bug fix independent of the others.
> >>
> >> 4/4 dropped except for Makefile swigify target.
> >>
> >> libsemanage 2.0.10.
> > 
> > Looking again at the output, the order differs - the libsemanage
> > genhomedircon puts the specific user entries first and then the
> > generic /home entries, which seems wrong given that later entries take
> > precedence for matchpathcon.  genhomedircon script does the opposite.
> > 
> 
> It should be alright because of the specificity is greater.
> 
> /home/dwalsh/.*
> 
> vs
> 
> /home/.*

I don't think that works out in all cases, e.g.
matchpathcon /home/xguest/.ssh yields a different result.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [patch 0/4] libsemanage: genhomedircon regressions

[Stephen Smalley]

On Fri, 2007-09-28 at 09:51 -0400, Stephen Smalley wrote:
> On Fri, 2007-09-28 at 09:58 -0400, Daniel J Walsh wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > 
> > Stephen Smalley wrote:
> > > On Fri, 2007-09-28 at 09:36 -0400, Stephen Smalley wrote:
> > >> On Thu, 2007-09-27 at 16:07 -0400, Todd C. Miller wrote:
> > >>> This patch set fixes several regressions found in the new genhomedircon
> > >>> replacement.  I've broken things up into their logical parts for easy
> > >>> reading.  I've also included Dan's do_rebuild_file_context and swigify
> > >>> patches as a 4th diff.  If we want to treat that completely separately
> > >>> we can.
> > >> patch 1/4 yielded a non-buildable tree, so I applied 1/4 and 3/4
> > >> together as a single commit.
> > >>
> > >> 2/4 applied as a bug fix independent of the others.
> > >>
> > >> 4/4 dropped except for Makefile swigify target.
> > >>
> > >> libsemanage 2.0.10.
> > > 
> > > Looking again at the output, the order differs - the libsemanage
> > > genhomedircon puts the specific user entries first and then the
> > > generic /home entries, which seems wrong given that later entries take
> > > precedence for matchpathcon.  genhomedircon script does the opposite.
> > > 
> > 
> > It should be alright because of the specificity is greater.
> > 
> > /home/dwalsh/.*
> > 
> > vs
> > 
> > /home/.*
> 
> I don't think that works out in all cases, e.g.
> matchpathcon /home/xguest/.ssh yields a different result.

Old order (genhomedircon script output):
# matchpathcon /home/xguest/.ssh
/home/xguest/.ssh       xguest_u:object_r:xguest_home_t

New order (latest libsemanage):
# matchpathcon /home/xguest/.ssh
/home/xguest/.ssh       system_u:object_r:user_home_ssh_t

Which did you want it to be?

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [patch 0/4] libsemanage: genhomedircon regressions

[Daniel J Walsh]

[-- Attachment #1: Type: text/plain, Size: 2203 bytes --]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Stephen Smalley wrote:
> On Fri, 2007-09-28 at 09:51 -0400, Stephen Smalley wrote:
>> On Fri, 2007-09-28 at 09:58 -0400, Daniel J Walsh wrote:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> Stephen Smalley wrote:
>>>> On Fri, 2007-09-28 at 09:36 -0400, Stephen Smalley wrote:
>>>>> On Thu, 2007-09-27 at 16:07 -0400, Todd C. Miller wrote:
>>>>>> This patch set fixes several regressions found in the new genhomedircon
>>>>>> replacement.  I've broken things up into their logical parts for easy
>>>>>> reading.  I've also included Dan's do_rebuild_file_context and swigify
>>>>>> patches as a 4th diff.  If we want to treat that completely separately
>>>>>> we can.
>>>>> patch 1/4 yielded a non-buildable tree, so I applied 1/4 and 3/4
>>>>> together as a single commit.
>>>>>
>>>>> 2/4 applied as a bug fix independent of the others.
>>>>>
>>>>> 4/4 dropped except for Makefile swigify target.
>>>>>
>>>>> libsemanage 2.0.10.
>>>> Looking again at the output, the order differs - the libsemanage
>>>> genhomedircon puts the specific user entries first and then the
>>>> generic /home entries, which seems wrong given that later entries take
>>>> precedence for matchpathcon.  genhomedircon script does the opposite.
>>>>
>>> It should be alright because of the specificity is greater.
>>>
>>> /home/dwalsh/.*
>>>
>>> vs
>>>
>>> /home/.*
>> I don't think that works out in all cases, e.g.
>> matchpathcon /home/xguest/.ssh yields a different result.
> 
> Old order (genhomedircon script output):
> # matchpathcon /home/xguest/.ssh
> /home/xguest/.ssh       xguest_u:object_r:xguest_home_t
> 
> New order (latest libsemanage):
> # matchpathcon /home/xguest/.ssh
> /home/xguest/.ssh       system_u:object_r:user_home_ssh_t
> 
> Which did you want it to be?
> 
Yes you are right.

The problem is we need to find the failsafe account before writing the
general account.

How about this patch.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFG/RhdrlYvE4MpobMRAqTmAKDCE7++pT4Cyia9otRgxVKDGliybQCeORmj
JjDY5P3SDBwohQRC5uPJwNU=
=HkqG
-----END PGP SIGNATURE-----

[-- Attachment #2: diff --]
[-- Type: text/plain, Size: 3680 bytes --]

diff --exclude-from=exclude -N -u -r nsalibsemanage/src/genhomedircon.c libsemanage-2.0.10/src/genhomedircon.c
--- nsalibsemanage/src/genhomedircon.c	2007-09-28 09:48:57.000000000 -0400
+++ libsemanage-2.0.10/src/genhomedircon.c	2007-09-28 10:59:54.000000000 -0400
@@ -575,10 +575,8 @@
 	return STATUS_SUCCESS;
 }
 
-static genhomedircon_user_entry_t *get_users(genhomedircon_settings_t * s,
-					     int *errors)
+static int setup_fallback_user(genhomedircon_settings_t * s)
 {
-	genhomedircon_user_entry_t *head = NULL;
 	semanage_seuser_t **seuser_list = NULL;
 	unsigned int nseusers = 0;
 	semanage_user_t **user_list = NULL;
@@ -587,17 +585,13 @@
 	const char *name = NULL;
 	const char *seuname = NULL;
 	const char *prefix = NULL;
-	struct passwd pwstorage, *pwent = NULL;
 	unsigned int i;
-	long rbuflen;
-	char *rbuf = NULL;
 	int retval;
-
-	*errors = 0;
+	int errors = 0;
 	retval = semanage_seuser_list(s->h_semanage, &seuser_list, &nseusers);
 	if (retval < 0 || (nseusers < 1)) {
 		/* if there are no users, this function can't do any other work */
-		return NULL;
+		return errors;
 	}
 
 	if (semanage_user_list(s->h_semanage, &user_list, &nusers) < 0) {
@@ -607,14 +601,6 @@
 	qsort(user_list, nusers, sizeof(semanage_user_t *),
 	      (int (*)(const void *, const void *))&user_sort_func);
 
-	/* Allocate space for the getpwnam_r buffer */
-	rbuflen = sysconf(_SC_GETPW_R_SIZE_MAX);
-	if (rbuflen <= 0)
-		goto cleanup;
-	rbuf = malloc(rbuflen);
-	if (rbuf == NULL)
-		goto cleanup;
-
 	for (i = 0; i < nseusers; i++) {
 		name = semanage_seuser_get_name(seuser_list[i]);
 		if (strcmp(name, DEFAULT_LOGIN) == 0) {
@@ -630,14 +616,54 @@
 			} else {
 				prefix = name;
 			}
-
 			if (set_fallback_user(s, seuname, prefix) != 0) {
-				*errors = STATUS_ERR;
-				goto cleanup;
+				errors = STATUS_ERR;
 			}
 			break;
 		}
 	}
+	return errors;
+}
+
+static genhomedircon_user_entry_t *get_users(genhomedircon_settings_t * s,
+					     int *errors)
+{
+	genhomedircon_user_entry_t *head = NULL;
+	semanage_seuser_t **seuser_list = NULL;
+	unsigned int nseusers = 0;
+	semanage_user_t **user_list = NULL;
+	unsigned int nusers = 0;
+	semanage_user_t **u = NULL;
+	const char *name = NULL;
+	const char *seuname = NULL;
+	const char *prefix = NULL;
+	struct passwd pwstorage, *pwent = NULL;
+	unsigned int i;
+	long rbuflen;
+	char *rbuf = NULL;
+	int retval;
+
+	*errors = 0;
+	retval = semanage_seuser_list(s->h_semanage, &seuser_list, &nseusers);
+	if (retval < 0 || (nseusers < 1)) {
+		/* if there are no users, this function can't do any other work */
+		return NULL;
+	}
+
+	if (semanage_user_list(s->h_semanage, &user_list, &nusers) < 0) {
+		nusers = 0;
+	}
+
+	qsort(user_list, nusers, sizeof(semanage_user_t *),
+	      (int (*)(const void *, const void *))&user_sort_func);
+
+	/* Allocate space for the getpwnam_r buffer */
+	rbuflen = sysconf(_SC_GETPW_R_SIZE_MAX);
+	if (rbuflen <= 0)
+		goto cleanup;
+	rbuf = malloc(rbuflen);
+	if (rbuf == NULL)
+		goto cleanup;
 
 	for (i = 0; i < nseusers; i++) {
 		seuname = semanage_seuser_get_sename(seuser_list[i]);
@@ -769,12 +795,10 @@
 		goto done;
 	}
 
-	if (write_gen_home_dir_context(s, out, user_context_tpl,
-				       homedir_context_tpl) != STATUS_SUCCESS) {
+	if (setup_fallback_user(s) != 0) {
 		retval = STATUS_ERR;
 		goto done;
 	}
-
 	for (h = homedirs; h; h = h->next) {
 		Ustr *temp = ustr_dup_cstr(h->data);
 
@@ -811,6 +835,12 @@
 		goto done;
 	}
 
+	if (write_gen_home_dir_context(s, out, user_context_tpl,
+				       homedir_context_tpl) != STATUS_SUCCESS) {
+		retval = STATUS_ERR;
+		goto done;
+	}
+
       done:
 	/* Cleanup */
 	semanage_list_destroy(&homedirs);

[-- Attachment #3: diff.sig --]
[-- Type: application/octet-stream, Size: 65 bytes --]

RE: [patch 0/4] libsemanage: genhomedircon regressions

[Todd Miller]

Stephen Smalley wrote:
> Looking again at the output, the order differs - the libsemanage
> genhomedircon puts the specific user entries first and then the
> generic /home entries, which seems wrong given that later entries take
> precedence for matchpathcon.  genhomedircon script does the opposite.

This change was present in the modified diff Dan sent and I preserved
that change in the patch set.  At the time I had thought it was moved
to make the output better match the python script but that appears not
to be the case.

It is easy to change back but I'm sure there was a reason for the move.
Perhaps Dan can shed some light on this.

 - todd


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: [patch 0/4] libsemanage: genhomedircon regressions

[Todd Miller]

Josh just pointed out that unlike file_contexts,
file_contexts.homedir isn't sorted via semanage_fc_sort().

This is probably the best solution, though it would mean
we lose the comments (they get stripped out during the
sorting for obvious reasons).

Thoughts?

 - todd


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: [patch 0/4] libsemanage: genhomedircon regressions

[Stephen Smalley]

On Fri, 2007-09-28 at 11:00 -0400, Todd Miller wrote:
> Josh just pointed out that unlike file_contexts,
> file_contexts.homedir isn't sorted via semanage_fc_sort().
> 
> This is probably the best solution, though it would mean
> we lose the comments (they get stripped out during the
> sorting for obvious reasons).
> 
> Thoughts?

I'd have assumed that you want the general /home patterns to come first
always (lowest precedence), then the per-user patterns (and no conflicts
among the per-user patterns).  So I'm not sure why you'd want to sort it
heuristically like the rest of the file contexts.  The heuristics could
end up putting the general /home patterns later, which I don't think you
ever want.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: [patch 0/4] libsemanage: genhomedircon regressions

[Joshua Brindle]

Stephen Smalley wrote:
> On Fri, 2007-09-28 at 11:00 -0400, Todd Miller wrote:
>> Josh just pointed out that unlike file_contexts,
>> file_contexts.homedir isn't sorted via semanage_fc_sort().
>> 
>> This is probably the best solution, though it would mean we lose the
>> comments (they get stripped out during the sorting for obvious
>> reasons). 
>> 
>> Thoughts?
> 
> I'd have assumed that you want the general /home patterns to
> come first always (lowest precedence), then the per-user
> patterns (and no conflicts among the per-user patterns).  So
> I'm not sure why you'd want to sort it heuristically like the
> rest of the file contexts.  The heuristics could end up
> putting the general /home patterns later, which I don't think
> you ever want.


Matchpathcon should already read file_context.homedirs and matches
entries in it before going on to the file_context file so using the
fc_sort function would just be to sort the homedirs file and not sort
both files together.


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: [patch 0/4] libsemanage: genhomedircon regressions

[Stephen Smalley]

On Fri, 2007-09-28 at 11:35 -0400, Joshua Brindle wrote:
> Stephen Smalley wrote:
> > On Fri, 2007-09-28 at 11:00 -0400, Todd Miller wrote:
> >> Josh just pointed out that unlike file_contexts,
> >> file_contexts.homedir isn't sorted via semanage_fc_sort().
> >> 
> >> This is probably the best solution, though it would mean we lose the
> >> comments (they get stripped out during the sorting for obvious
> >> reasons). 
> >> 
> >> Thoughts?
> > 
> > I'd have assumed that you want the general /home patterns to
> > come first always (lowest precedence), then the per-user
> > patterns (and no conflicts among the per-user patterns).  So
> > I'm not sure why you'd want to sort it heuristically like the
> > rest of the file contexts.  The heuristics could end up
> > putting the general /home patterns later, which I don't think
> > you ever want.
> 
> 
> Matchpathcon should already read file_context.homedirs and matches
> entries in it before going on to the file_context file so using the
> fc_sort function would just be to sort the homedirs file and not sort
> both files together.

I know - but my concern is that the fc sort code may get the internal
ordering of files_contexts.homedirs wrong.  We know that we always want
the general /home/.+ patterns in file_contexts.homedirs to precede the
per-user entries, and the per-user entries should be disjoint anyway so
their ordering relative to one another shouldn't matter.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [patch 0/4] libsemanage: genhomedircon regressions

[Daniel J Walsh]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Todd Miller wrote:
> Stephen Smalley wrote:
>> Looking again at the output, the order differs - the libsemanage
>> genhomedircon puts the specific user entries first and then the
>> generic /home entries, which seems wrong given that later entries take
>> precedence for matchpathcon.  genhomedircon script does the opposite.
> 
> This change was present in the modified diff Dan sent and I preserved
> that change in the patch set.  At the time I had thought it was moved
> to make the output better match the python script but that appears not
> to be the case.
> 
> It is easy to change back but I'm sure there was a reason for the move.
> Perhaps Dan can shed some light on this.
> 
>  - todd
THe problem was the fallback_user was not determined at the time it was
being written out.  I have sent a new patch that separates out the
descovery of the fallback_user from gen_users.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFG/RqurlYvE4MpobMRArtLAJ9zp2AKWoO6jUvB25bYYZl19t8KwACfeA5k
XSwO4xxrQgvgvsBU10nUyBs=
=CxFA
-----END PGP SIGNATURE-----

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [patch 0/4] libsemanage: genhomedircon regressions

[Todd C. Miller]

Daniel J Walsh wrote:
> Yes you are right.
>
> The problem is we need to find the failsafe account before writing the
> general account.
> 
> How about this patch.

There is some missing frees in there and I don't think we really
need to get the full users list.  I would write it like this.

 - todd

Index: libsemanage/src/genhomedircon.c
===================================================================
--- libsemanage/src/genhomedircon.c	(revision 2624)
+++ libsemanage/src/genhomedircon.c	(working copy)
@@ -575,6 +575,57 @@
 	return STATUS_SUCCESS;
 }
 
+static int setup_fallback_user(genhomedircon_settings_t * s)
+{
+	semanage_seuser_t **seuser_list = NULL;
+	unsigned int nseusers = 0;
+	semanage_user_key_t *key = NULL;
+	semanage_user_t *u = NULL;
+	const char *name = NULL;
+	const char *seuname = NULL;
+	const char *prefix = NULL;
+	unsigned int i;
+	int retval;
+	int errors = 0;
+
+	retval = semanage_seuser_list(s->h_semanage, &seuser_list, &nseusers);
+	if (retval < 0 || (nseusers < 1)) {
+		/* if there are no users, this function can't do any other work */
+		return errors;
+	}
+
+	for (i = 0; i < nseusers; i++) {
+		name = semanage_seuser_get_name(seuser_list[i]);
+		if (strcmp(name, DEFAULT_LOGIN) == 0) {
+			seuname = semanage_seuser_get_sename(seuser_list[i]);
+
+			/* find the user structure given the name */
+			if (semanage_user_key_create(s->h_semanage, seuname,
+						     &key) < 0) {
+				errors = STATUS_ERR;
+				break;
+			}
+			if (semanage_user_query(s->h_semanage, key, &u) < 0)
+				prefix = name;
+			else
+				prefix = semanage_user_get_prefix(u);
+
+			if (set_fallback_user(s, seuname, prefix) != 0)
+				errors = STATUS_ERR;
+			semanage_user_key_free(key);
+			if (u)
+				semanage_user_free(u);
+			break;
+		}
+	}
+
+	for (i = 0; i < nseusers; i++)
+		semanage_seuser_free(seuser_list[i]);
+	free(seuser_list);
+
+	return errors;
+}
+
 static genhomedircon_user_entry_t *get_users(genhomedircon_settings_t * s,
 					     int *errors)
 {
@@ -616,30 +667,6 @@
 		goto cleanup;
 
 	for (i = 0; i < nseusers; i++) {
-		name = semanage_seuser_get_name(seuser_list[i]);
-		if (strcmp(name, DEFAULT_LOGIN) == 0) {
-			seuname = semanage_seuser_get_sename(seuser_list[i]);
-
-			/* find the user structure given the name */
-			u = bsearch(seuname, user_list, nusers,
-				    sizeof(semanage_user_t *),
-				    (int (*)(const void *, const void *))
-				    &name_user_cmp);
-			if (u) {
-				prefix = semanage_user_get_prefix(*u);
-			} else {
-				prefix = name;
-			}
-
-			if (set_fallback_user(s, seuname, prefix) != 0) {
-				*errors = STATUS_ERR;
-				goto cleanup;
-			}
-			break;
-		}
-	}
-
-	for (i = 0; i < nseusers; i++) {
 		seuname = semanage_seuser_get_sename(seuser_list[i]);
 
 		if (strcmp(seuname, s->fallback_user) == 0)
@@ -769,12 +796,10 @@
 		goto done;
 	}
 
-	if (write_gen_home_dir_context(s, out, user_context_tpl,
-				       homedir_context_tpl) != STATUS_SUCCESS) {
+	if (setup_fallback_user(s) != 0) {
 		retval = STATUS_ERR;
 		goto done;
 	}
-
 	for (h = homedirs; h; h = h->next) {
 		Ustr *temp = ustr_dup_cstr(h->data);
 
@@ -811,6 +836,11 @@
 		goto done;
 	}
 
+	if (write_gen_home_dir_context(s, out, user_context_tpl,
+				       homedir_context_tpl) != STATUS_SUCCESS) {
+		retval = STATUS_ERR;
+	}
+
       done:
 	/* Cleanup */
 	semanage_list_destroy(&homedirs);

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [patch 0/4] libsemanage: genhomedircon regressions

[Stephen Smalley]

On Fri, 2007-09-28 at 14:04 -0400, Todd C. Miller wrote:
> Daniel J Walsh wrote:
> > Yes you are right.
> >
> > The problem is we need to find the failsafe account before writing the
> > general account.
> > 
> > How about this patch.
> 
> There is some missing frees in there and I don't think we really
> need to get the full users list.  I would write it like this.

Thanks, applied.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [patch 0/4] libsemanage: genhomedircon regressions

[Daniel J Walsh]

[-- Attachment #1: Type: text/plain, Size: 380 bytes --]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This patch makes sure /root gets labeled even if it is using the default
context.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFHASDNrlYvE4MpobMRAuAAAJ0edHnaWRQ/RuE8llb+RQ9Zh43j6ACg2qXK
FsPmAB6fb4Ct9ytLVhxYijk=
=S8km
-----END PGP SIGNATURE-----

[-- Attachment #2: diff --]
[-- Type: text/plain, Size: 679 bytes --]

diff --exclude-from=exclude -N -u -r nsalibsemanage/src/genhomedircon.c libsemanage-2.0.11/src/genhomedircon.c
--- nsalibsemanage/src/genhomedircon.c	2007-10-01 09:54:35.000000000 -0400
+++ libsemanage-2.0.11/src/genhomedircon.c	2007-10-01 12:24:39.000000000 -0400
@@ -668,12 +668,11 @@
 
 	for (i = 0; i < nseusers; i++) {
 		seuname = semanage_seuser_get_sename(seuser_list[i]);
+		name = semanage_seuser_get_name(seuser_list[i]);
 
-		if (strcmp(seuname, s->fallback_user) == 0)
+		if (strcmp(name,"root") && strcmp(seuname, s->fallback_user) == 0)
 			continue;
 
-		name = semanage_seuser_get_name(seuser_list[i]);
-
 		if (strcmp(name, DEFAULT_LOGIN) == 0)
 			continue;
 

[-- Attachment #3: diff.sig --]
[-- Type: application/octet-stream, Size: 65 bytes --]

RE: [patch 0/4] libsemanage: genhomedircon regressions

[Todd Miller]

Daniel J Walsh wrote:
> This patch makes sure /root gets labeled even if it is using the
> default context.

That looks reasonable to me.

 - todd


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [patch 0/4] libsemanage: genhomedircon regressions

[Stephen Smalley]

On Mon, 2007-10-01 at 12:31 -0400, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> This patch makes sure /root gets labeled even if it is using the default
> context.

Thanks, merged.

> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
> 
> iD8DBQFHASDNrlYvE4MpobMRAuAAAJ0edHnaWRQ/RuE8llb+RQ9Zh43j6ACg2qXK
> FsPmAB6fb4Ct9ytLVhxYijk=
> =S8km
> -----END PGP SIGNATURE-----
> plain text document attachment (diff)
> diff --exclude-from=exclude -N -u -r nsalibsemanage/src/genhomedircon.c libsemanage-2.0.11/src/genhomedircon.c
> --- nsalibsemanage/src/genhomedircon.c	2007-10-01 09:54:35.000000000 -0400
> +++ libsemanage-2.0.11/src/genhomedircon.c	2007-10-01 12:24:39.000000000 -0400
> @@ -668,12 +668,11 @@
>  
>  	for (i = 0; i < nseusers; i++) {
>  		seuname = semanage_seuser_get_sename(seuser_list[i]);
> +		name = semanage_seuser_get_name(seuser_list[i]);
>  
> -		if (strcmp(seuname, s->fallback_user) == 0)
> +		if (strcmp(name,"root") && strcmp(seuname, s->fallback_user) == 0)
>  			continue;
>  
> -		name = semanage_seuser_get_name(seuser_list[i]);
> -
>  		if (strcmp(name, DEFAULT_LOGIN) == 0)
>  			continue;
>  
-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.