[PATCH 006/155] libselinux: do not check fcontext duplicates on use

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH 006/155] libselinux: do not check fcontext duplicates on use
@ 2011-08-03 20:48 Daniel J Walsh
  2011-08-04 14:48 ` Stephen Smalley
  0 siblings, 1 reply; 4+ messages in thread
From: Daniel J Walsh @ 2011-08-03 20:48 UTC (permalink / raw)
  To: eparis; +Cc: selinux

[-- Attachment #1: Type: text/plain, Size: 346 bytes --]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


This patch looks good to me. acked.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk45tB4ACgkQrlYvE4MpobNbVwCgpzlYBRsKdMJ2+MTRcR/JTEt4
VmIAoJjd8nTHf9WyoIJDrs61wl5XaWkM
=MfbT
-----END PGP SIGNATURE-----

[-- Attachment #2: 0006-libselinux-do-not-check-fcontext-duplicates-on-use.patch --]
[-- Type: text/plain, Size: 0 bytes --]



^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH 006/155] libselinux: do not check fcontext duplicates on use
  2011-08-03 20:48 [PATCH 006/155] libselinux: do not check fcontext duplicates on use Daniel J Walsh
@ 2011-08-04 14:48 ` Stephen Smalley
  2011-08-04 14:52   ` Eric Paris
  0 siblings, 1 reply; 4+ messages in thread
From: Stephen Smalley @ 2011-08-04 14:48 UTC (permalink / raw)
  To: Daniel J Walsh; +Cc: eparis, selinux

[-- Attachment #1: Type: text/plain, Size: 1657 bytes --]

On Wed, 2011-08-03 at 16:48 -0400, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
> This patch looks good to me. acked.

>From 576af10294e14d03660708d3f7eddf49e71897d7 Mon Sep 17 00:00:00 2001
From: Eric Paris <eparis@redhat.com>
Date: Tue, 28 Jun 2011 21:37:38 -0400
Subject: [PATCH 006/155] libselinux: do not check fcontext duplicates on use

Tools like restorecon or systemd, which load the fcontext database to
make labeling decisions do not need to check for duplicate rules.  Only
the first rule will be used.  Instead we should only check for
duplicates when new rules are added to the database.  And fail the
transaction if we find one.

Signed-off-by: Eric Paris <eparis@redhat.com>
---
 libselinux/src/label_file.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c
index af7fd8f..3b8346d 100644
--- a/libselinux/src/label_file.c
+++ b/libselinux/src/label_file.c
@@ -485,7 +485,7 @@ static int init(struct selabel_handle *rec, struct selinux_opt *opts,
 					 pass, ++lineno) != 0)
 				goto finish;
 		}
-		if (pass == 1) {
+		if (pass == 1 && rec->validating) {
 			status = nodups_specs(data, path);
 			if (status)
 				goto finish;


This seems like the wrong fix to me.  rec->validating is set based on
whether the application passed SELABEL_OPT_VALIDATE in the selinux_opt
array to selabel_open().  So you should fix the applications that set
this option if you do not want this behavior.  Not silently ignore what
they requested while leaving the field and option flag intact.



-- 
Stephen Smalley
National Security Agency

[-- Attachment #2: 0006-libselinux-do-not-check-fcontext-duplicates-on-use.patch --]
[-- Type: text/x-patch, Size: 1120 bytes --]

>From 576af10294e14d03660708d3f7eddf49e71897d7 Mon Sep 17 00:00:00 2001
From: Eric Paris <eparis@redhat.com>
Date: Tue, 28 Jun 2011 21:37:38 -0400
Subject: [PATCH 006/155] libselinux: do not check fcontext duplicates on use

Tools like restorecon or systemd, which load the fcontext database to
make labeling decisions do not need to check for duplicate rules.  Only
the first rule will be used.  Instead we should only check for
duplicates when new rules are added to the database.  And fail the
transaction if we find one.

Signed-off-by: Eric Paris <eparis@redhat.com>
---
 libselinux/src/label_file.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c
index af7fd8f..3b8346d 100644
--- a/libselinux/src/label_file.c
+++ b/libselinux/src/label_file.c
@@ -485,7 +485,7 @@ static int init(struct selabel_handle *rec, struct selinux_opt *opts,
 					 pass, ++lineno) != 0)
 				goto finish;
 		}
-		if (pass == 1) {
+		if (pass == 1 && rec->validating) {
 			status = nodups_specs(data, path);
 			if (status)
 				goto finish;
-- 
1.7.6


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH 006/155] libselinux: do not check fcontext duplicates on use
  2011-08-04 14:48 ` Stephen Smalley
@ 2011-08-04 14:52   ` Eric Paris
  2011-08-04 15:14     ` Stephen Smalley
  0 siblings, 1 reply; 4+ messages in thread
From: Eric Paris @ 2011-08-04 14:52 UTC (permalink / raw)
  To: Stephen Smalley; +Cc: Daniel J Walsh, selinux

On 08/04/2011 10:48 AM, Stephen Smalley wrote:
> On Wed, 2011-08-03 at 16:48 -0400, Daniel J Walsh wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>>
>> This patch looks good to me. acked.
> 
>>From 576af10294e14d03660708d3f7eddf49e71897d7 Mon Sep 17 00:00:00 2001
> From: Eric Paris <eparis@redhat.com>
> Date: Tue, 28 Jun 2011 21:37:38 -0400
> Subject: [PATCH 006/155] libselinux: do not check fcontext duplicates on use
> 
> Tools like restorecon or systemd, which load the fcontext database to
> make labeling decisions do not need to check for duplicate rules.  Only
> the first rule will be used.  Instead we should only check for
> duplicates when new rules are added to the database.  And fail the
> transaction if we find one.
> 
> Signed-off-by: Eric Paris <eparis@redhat.com>
> ---
>  libselinux/src/label_file.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c
> index af7fd8f..3b8346d 100644
> --- a/libselinux/src/label_file.c
> +++ b/libselinux/src/label_file.c
> @@ -485,7 +485,7 @@ static int init(struct selabel_handle *rec, struct selinux_opt *opts,
>  					 pass, ++lineno) != 0)
>  				goto finish;
>  		}
> -		if (pass == 1) {
> +		if (pass == 1 && rec->validating) {
>  			status = nodups_specs(data, path);
>  			if (status)
>  				goto finish;
> 
> 
> This seems like the wrong fix to me.  rec->validating is set based on
> whether the application passed SELABEL_OPT_VALIDATE in the selinux_opt
> array to selabel_open().  So you should fix the applications that set
> this option if you do not want this behavior.  Not silently ignore what
> they requested while leaving the field and option flag intact.

I don't understand.  Before this patch rec->validating wasn't being used
at all and we always checked for dups.  With this patch we actually pay
attention to what the application set.  As it turns out
restorecon/fixfiles don't set the flag, but semanage fcontext does, so
this is actually a case where the programs were right but the underlying
library was wrong.  I'm fixing the library to pay attention to the flag.
 What am I missing?

-Eric


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH 006/155] libselinux: do not check fcontext duplicates on use
  2011-08-04 14:52   ` Eric Paris
@ 2011-08-04 15:14     ` Stephen Smalley
  0 siblings, 0 replies; 4+ messages in thread
From: Stephen Smalley @ 2011-08-04 15:14 UTC (permalink / raw)
  To: Eric Paris; +Cc: Daniel J Walsh, selinux

On Thu, 2011-08-04 at 10:52 -0400, Eric Paris wrote:
> I don't understand.  Before this patch rec->validating wasn't being used
> at all and we always checked for dups.  With this patch we actually pay
> attention to what the application set.  As it turns out
> restorecon/fixfiles don't set the flag, but semanage fcontext does, so
> this is actually a case where the programs were right but the underlying
> library was wrong.  I'm fixing the library to pay attention to the flag.
>  What am I missing?

Oops, I read the patch backwards.  Never mind.
Technically the library was correct in that the original meaning of
validate was to validate the contexts, but I suppose this fits with the
sense of it.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2011-08-04 15:14 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-08-03 20:48 [PATCH 006/155] libselinux: do not check fcontext duplicates on use Daniel J Walsh
2011-08-04 14:48 ` Stephen Smalley
2011-08-04 14:52   ` Eric Paris
2011-08-04 15:14     ` Stephen Smalley

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.