From: Daniel J Walsh <dwalsh@redhat.com>
To: noloader@gmail.com
Cc: SELinux <selinux@tycho.nsa.gov>
Subject: Re: Adding a booleans.subs file to selinux policy.
Date: Mon, 02 Apr 2012 11:15:44 -0400 [thread overview]
Message-ID: <4F79C2A0.10101@redhat.com> (raw)
In-Reply-To: <CAH8yC8kr9v1v6yzFcntoG_zHD=U-TAXqBqmNbQFu-SN0AiaCAA@mail.gmail.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 03/30/2012 08:07 PM, Jeffrey Walton wrote:
> On Fri, Mar 30, 2012 at 11:58 AM, Daniel J Walsh <dwalsh@redhat.com>
> wrote:
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>>
>> Basically I am sick of some of the bad names we chose for booleans when
>> we were first writing policy, so I want a mechanism to allow us to change
>> the names but still support the old names.
>>
>> This patch will allow policy developers to ship a
>> /etc/selinux/targeted/contexts/booleans.subs
>>
>> Then libselinux will check if a boolean name exists, if not it will see
>> if there is a substitute name and attempt to use that.
>>
>> I have attached the libselinux_bools-subs.patch and the first pass at
>> what a booleans.subs file will look like in Fedora 18.
> +static int bool_open(const char *name, int flag) { ... + + len =
> strlen(name) + strlen(selinux_mnt) + sizeof(SELINUX_BOOL_DIR); Calling
> strlen() on NULL is not valid C, IIRC.
>
> + snprintf(fname, len, "%s%s%s", selinux_mnt, SELINUX_BOOL_DIR, name);
> Silent truncation?
>
> Should work under benign conditions. Will probably fail in a hostile
> environment.
>
> Jeff
>
> -- This message was distributed to subscribers of the selinux mailing
> list. If you no longer wish to subscribe, send mail to
> majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes
> as the message.
Ok adding
if (!name) {
errno = EINVAL;
return fd;
}
At the beginning of bool_open.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk95wqAACgkQrlYvE4MpobOW1gCfWqW9HitmVXgRBG5CVMJRi8U6
AqUAmwT5g4X4Q5TNWAjwdvTuXe/+7Fgn
=L56v
-----END PGP SIGNATURE-----
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
prev parent reply other threads:[~2012-04-02 15:15 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-03-30 15:58 Adding a booleans.subs file to selinux policy Daniel J Walsh
2012-03-31 0:07 ` Jeffrey Walton
2012-04-02 15:15 ` Daniel J Walsh [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4F79C2A0.10101@redhat.com \
--to=dwalsh@redhat.com \
--cc=noloader@gmail.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.