[PATCH v2 1/9] libsemanage: set O_CLOEXEC flag for file descriptors

[PATCH v2 1/9] libsemanage: set O_CLOEXEC flag for file descriptors

[Christian Göttsche]

From: Christian Göttsche <cgzones@googlemail.com>

Close internal managed file descriptors in case of an concurrent execve.

Also avoid leaking file descriptors in get_shell_list().

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libsemanage/src/compressed_file.c   |  4 ++--
 libsemanage/src/conf-parse.y        |  2 +-
 libsemanage/src/database_file.c     |  2 +-
 libsemanage/src/database_policydb.c |  2 +-
 libsemanage/src/direct_api.c        | 20 ++++++++++----------
 libsemanage/src/genhomedircon.c     |  8 +++++---
 libsemanage/src/parse_utils.c       |  2 +-
 libsemanage/src/semanage_store.c    | 26 +++++++++++++-------------
 libsemanage/src/utilities.c         |  2 +-
 9 files changed, 35 insertions(+), 33 deletions(-)

diff --git a/libsemanage/src/compressed_file.c b/libsemanage/src/compressed_file.c
index e62d2a18..e4a1efb0 100644
--- a/libsemanage/src/compressed_file.c
+++ b/libsemanage/src/compressed_file.c
@@ -48,7 +48,7 @@ static int bzip(semanage_handle_t *sh, const char *filename, void *data,
 	size_t len;
 	FILE *f;
 
-	if ((f = fopen(filename, "wb")) == NULL) {
+	if ((f = fopen(filename, "wbe")) == NULL) {
 		return -1;
 	}
 
@@ -177,7 +177,7 @@ int map_compressed_file(semanage_handle_t *sh, const char *path,
 	int ret = 0, fd = -1;
 	FILE *file = NULL;
 
-	fd = open(path, O_RDONLY);
+	fd = open(path, O_RDONLY | O_CLOEXEC);
 	if (fd == -1) {
 		ERR(sh, "Unable to open %s\n", path);
 		return -1;
diff --git a/libsemanage/src/conf-parse.y b/libsemanage/src/conf-parse.y
index d6481359..b2b84892 100644
--- a/libsemanage/src/conf-parse.y
+++ b/libsemanage/src/conf-parse.y
@@ -468,7 +468,7 @@ semanage_conf_t *semanage_conf_parse(const char *config_filename)
 	if (semanage_conf_init(current_conf) == -1) {
 		goto cleanup;
 	}
-	if ((semanage_in = fopen(config_filename, "r")) == NULL) {
+	if ((semanage_in = fopen(config_filename, "re")) == NULL) {
 		/* configuration file does not exist or could not be
 		 * read.  THIS IS NOT AN ERROR.  just rely on the
 		 * defaults. */
diff --git a/libsemanage/src/database_file.c b/libsemanage/src/database_file.c
index 42e308d5..a54c5aee 100644
--- a/libsemanage/src/database_file.c
+++ b/libsemanage/src/database_file.c
@@ -127,7 +127,7 @@ static int dbase_file_flush(semanage_handle_t * handle, dbase_file_t * dbase)
 	fname = dbase->path[handle->is_in_transaction];
 
 	mask = umask(0077);
-	str = fopen(fname, "w");
+	str = fopen(fname, "we");
 	umask(mask);
 	if (!str) {
 		ERR(handle, "could not open %s for writing: %s",
diff --git a/libsemanage/src/database_policydb.c b/libsemanage/src/database_policydb.c
index da64a3ad..62467d15 100644
--- a/libsemanage/src/database_policydb.c
+++ b/libsemanage/src/database_policydb.c
@@ -111,7 +111,7 @@ static int dbase_policydb_cache(semanage_handle_t * handle,
 
 	/* Try opening file
 	 * ENOENT is not fatal - we just create an empty policydb */
-	fp = fopen(fname, "rb");
+	fp = fopen(fname, "rbe");
 	if (fp == NULL && errno != ENOENT) {
 		ERR(handle, "could not open %s for reading: %s",
 		    fname, strerror(errno));
diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
index d5299796..85876676 100644
--- a/libsemanage/src/direct_api.c
+++ b/libsemanage/src/direct_api.c
@@ -457,7 +457,7 @@ static int write_file(semanage_handle_t * sh,
 	int out;
 
 	if ((out =
-	     open(filename, O_WRONLY | O_CREAT | O_TRUNC,
+	     open(filename, O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC,
 		  S_IRUSR | S_IWUSR)) == -1) {
 		ERR(sh, "Could not open %s for writing.", filename);
 		return -1;
@@ -644,17 +644,17 @@ static int semanage_pipe_data(semanage_handle_t *sh, const char *path, const cha
 	 */
 	sigaction(SIGPIPE, &new_signal, &old_signal);
 
-	retval = pipe(input_fd);
+	retval = pipe2(input_fd, O_CLOEXEC);
 	if (retval == -1) {
 		ERR(sh, "Unable to create pipe for input pipe: %s\n", strerror(errno));
 		goto cleanup;
 	}
-	retval = pipe(output_fd);
+	retval = pipe2(output_fd, O_CLOEXEC);
 	if (retval == -1) {
 		ERR(sh, "Unable to create pipe for output pipe: %s\n", strerror(errno));
 		goto cleanup;
 	}
-	retval = pipe(err_fd);
+	retval = pipe2(err_fd, O_CLOEXEC);
 	if (retval == -1) {
 		ERR(sh, "Unable to create pipe for error pipe: %s\n", strerror(errno));
 		goto cleanup;
@@ -826,7 +826,7 @@ static int semanage_direct_write_langext(semanage_handle_t *sh,
 		goto cleanup;
 	}
 
-	fp = fopen(fn, "w");
+	fp = fopen(fn, "we");
 	if (fp == NULL) {
 		ERR(sh, "Unable to open %s module ext file.", modinfo->name);
 		ret = -1;
@@ -1077,7 +1077,7 @@ static int semanage_compare_checksum(semanage_handle_t *sh, const char *referenc
 	int fd, retval;
 	char *data;
 
-	fd = open(path, O_RDONLY);
+	fd = open(path, O_RDONLY | O_CLOEXEC);
 	if (fd == -1) {
 		if (errno != ENOENT) {
 			ERR(sh, "Unable to open %s: %s\n", path, strerror(errno));
@@ -1218,7 +1218,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
 	}
 	if (sepol_get_disable_dontaudit(sh->sepolh) == 1) {
 		FILE *touch;
-		touch = fopen(path, "w");
+		touch = fopen(path, "we");
 		if (touch != NULL) {
 			if (fclose(touch) != 0) {
 				ERR(sh, "Error attempting to create disable_dontaudit flag.");
@@ -1250,7 +1250,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
 
 	if (sepol_get_preserve_tunables(sh->sepolh) == 1) {
 		FILE *touch;
-		touch = fopen(path, "w");
+		touch = fopen(path, "we");
 		if (touch != NULL) {
 			if (fclose(touch) != 0) {
 				ERR(sh, "Error attempting to create preserve_tunable flag.");
@@ -2109,7 +2109,7 @@ static int semanage_direct_set_enabled(semanage_handle_t *sh,
 	switch (enabled) {
 		case 0: /* disable the module */
 			mask = umask(0077);
-			fp = fopen(fn, "w");
+			fp = fopen(fn, "we");
 			umask(mask);
 
 			if (fp == NULL) {
@@ -2296,7 +2296,7 @@ static int semanage_direct_get_module_info(semanage_handle_t *sh,
 		goto cleanup;
 	}
 
-	fp = fopen(fn, "r");
+	fp = fopen(fn, "re");
 
 	if (fp == NULL) {
 		ERR(sh,
diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c
index fd2f8a89..53673645 100644
--- a/libsemanage/src/genhomedircon.c
+++ b/libsemanage/src/genhomedircon.c
@@ -218,7 +218,7 @@ static semanage_list_t *get_shell_list(void)
 	size_t buff_len = 0;
 	ssize_t len;
 
-	shells = fopen(PATH_SHELLS_FILE, "r");
+	shells = fopen(PATH_SHELLS_FILE, "re");
 	if (!shells)
 		return default_shell_list();
 	while ((len = getline(&temp, &buff_len, shells)) > 0) {
@@ -227,11 +227,13 @@ static semanage_list_t *get_shell_list(void)
 			if (semanage_list_push(&list, temp)) {
 				free(temp);
 				semanage_list_destroy(&list);
+				fclose(shells);
 				return default_shell_list();
 			}
 		}
 	}
 	free(temp);
+	fclose(shells);
 
 	return list;
 }
@@ -503,7 +505,7 @@ static semanage_list_t *make_template(genhomedircon_settings_t * s,
 	FILE *template_file = NULL;
 	semanage_list_t *template_data = NULL;
 
-	template_file = fopen(s->homedir_template_path, "r");
+	template_file = fopen(s->homedir_template_path, "re");
 	if (!template_file)
 		return NULL;
 	template_data = semanage_slurp_file_filter(template_file, pred);
@@ -1413,7 +1415,7 @@ int semanage_genhomedircon(semanage_handle_t * sh,
 	s.h_semanage = sh;
 	s.policydb = policydb;
 
-	if (!(out = fopen(s.fcfilepath, "w"))) {
+	if (!(out = fopen(s.fcfilepath, "we"))) {
 		/* couldn't open output file */
 		ERR(sh, "Could not open the file_context file for writing");
 		retval = STATUS_ERR;
diff --git a/libsemanage/src/parse_utils.c b/libsemanage/src/parse_utils.c
index 2f33f629..d1d6e930 100644
--- a/libsemanage/src/parse_utils.c
+++ b/libsemanage/src/parse_utils.c
@@ -45,7 +45,7 @@ void parse_release(parse_info_t * info)
 int parse_open(semanage_handle_t * handle, parse_info_t * info)
 {
 
-	info->file_stream = fopen(info->filename, "r");
+	info->file_stream = fopen(info->filename, "re");
 	if (!info->file_stream && (errno != ENOENT)) {
 		ERR(handle, "could not open file %s: %s",
 		    info->filename, strerror(errno));
diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c
index 5cd2d219..d75aab68 100644
--- a/libsemanage/src/semanage_store.c
+++ b/libsemanage/src/semanage_store.c
@@ -585,7 +585,7 @@ int semanage_create_store(semanage_handle_t * sh, int create)
 	if (stat(path, &sb) == -1) {
 		if (errno == ENOENT && create) {
 			mask = umask(0077);
-			if ((fd = creat(path, S_IRUSR | S_IWUSR)) == -1) {
+			if ((fd = open(path, O_CREAT | O_WRONLY | O_TRUNC | O_CLOEXEC, S_IRUSR | S_IWUSR)) == -1) {
 				umask(mask);
 				ERR(sh, "Could not create lock file at %s.",
 				    path);
@@ -682,7 +682,7 @@ int semanage_copy_file(semanage_handle_t *sh, const char *src, const char *dst,
 	if (n < 0 || n >= PATH_MAX)
 		return -1;
 
-	if ((in = open(src, O_RDONLY)) == -1) {
+	if ((in = open(src, O_RDONLY | O_CLOEXEC)) == -1) {
 		return -1;
 	}
 
@@ -690,7 +690,7 @@ int semanage_copy_file(semanage_handle_t *sh, const char *src, const char *dst,
 		mode = S_IRUSR | S_IWUSR;
 
 	mask = umask(0);
-	if ((out = open(tmp, O_WRONLY | O_CREAT | O_TRUNC, mode)) == -1) {
+	if ((out = open(tmp, O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC, mode)) == -1) {
 		umask(mask);
 		errsv = errno;
 		close(in);
@@ -1489,7 +1489,7 @@ int semanage_split_fc(semanage_handle_t * sh)
 	char buf[PATH_MAX] = { 0 };
 
 	/* I use fopen here instead of open so that I can use fgets which only reads a single line */
-	file_con = fopen(semanage_path(SEMANAGE_TMP, SEMANAGE_FC_TMPL), "r");
+	file_con = fopen(semanage_path(SEMANAGE_TMP, SEMANAGE_FC_TMPL), "re");
 	if (!file_con) {
 		ERR(sh, "Could not open %s for reading.",
 		    semanage_path(SEMANAGE_TMP, SEMANAGE_FC_TMPL));
@@ -1497,14 +1497,14 @@ int semanage_split_fc(semanage_handle_t * sh)
 	}
 
 	fc = open(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC),
-		  O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR);
+		  O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC, S_IRUSR | S_IWUSR);
 	if (fc < 0) {
 		ERR(sh, "Could not open %s for writing.",
 		    semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC));
 		goto cleanup;
 	}
 	hd = open(semanage_path(SEMANAGE_TMP, SEMANAGE_HOMEDIR_TMPL),
-		  O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR);
+		  O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC, S_IRUSR | S_IWUSR);
 	if (hd < 0) {
 		ERR(sh, "Could not open %s for writing.",
 		    semanage_path(SEMANAGE_TMP, SEMANAGE_HOMEDIR_TMPL));
@@ -1719,7 +1719,7 @@ static int semanage_commit_sandbox(semanage_handle_t * sh)
 	memset(write_buf, 0, sizeof(write_buf));
 	snprintf(write_buf, sizeof(write_buf), "%d", commit_number);
 	if ((fd =
-	     open(commit_filename, O_WRONLY | O_CREAT | O_TRUNC,
+	     open(commit_filename, O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC,
 		  S_IRUSR | S_IWUSR)) == -1) {
 		ERR(sh, "Could not open commit number file %s for writing.",
 		    commit_filename);
@@ -1735,7 +1735,7 @@ static int semanage_commit_sandbox(semanage_handle_t * sh)
 	close(fd);
 
 	/* sync changes in sandbox to filesystem */
-	fd = open(sandbox, O_DIRECTORY);
+	fd = open(sandbox, O_DIRECTORY | O_CLOEXEC);
 	if (fd == -1) {
 		ERR(sh, "Error while opening %s for syncfs(): %d", sandbox, errno);
 		return -1;
@@ -1869,7 +1869,7 @@ static int semanage_get_lock(semanage_handle_t * sh,
 	int got_lock = 0;
 
 	if ((fd =
-	     open(lock_file, O_RDWR | O_CREAT | O_TRUNC,
+	     open(lock_file, O_RDWR | O_CREAT | O_TRUNC | O_CLOEXEC,
 		  S_IRUSR | S_IWUSR)) == -1) {
 		ERR(sh, "Could not open direct %s at %s.", lock_name,
 		    lock_file);
@@ -2013,7 +2013,7 @@ int semanage_direct_get_serial(semanage_handle_t * sh)
 		    semanage_path(SEMANAGE_ACTIVE, SEMANAGE_COMMIT_NUM_FILE);
 	}
 
-	if ((fd = open(commit_filename, O_RDONLY)) == -1) {
+	if ((fd = open(commit_filename, O_RDONLY | O_CLOEXEC)) == -1) {
 		if (errno == ENOENT) {
 			/* the commit number file does not exist yet,
 			 * so assume that the number is 0 */
@@ -2093,7 +2093,7 @@ int semanage_read_policydb(semanage_handle_t * sh, sepol_policydb_t * in,
 	     semanage_path(SEMANAGE_ACTIVE, file)) == NULL) {
 		goto cleanup;
 	}
-	if ((infile = fopen(kernel_filename, "r")) == NULL) {
+	if ((infile = fopen(kernel_filename, "re")) == NULL) {
 		ERR(sh, "Could not open kernel policy %s for reading.",
 		    kernel_filename);
 		goto cleanup;
@@ -2136,7 +2136,7 @@ int semanage_write_policydb(semanage_handle_t * sh, sepol_policydb_t * out,
 	     semanage_path(SEMANAGE_TMP, file)) == NULL) {
 		goto cleanup;
 	}
-	if ((outfile = fopen(kernel_filename, "wb")) == NULL) {
+	if ((outfile = fopen(kernel_filename, "wbe")) == NULL) {
 		ERR(sh, "Could not open kernel policy %s for writing.",
 		    kernel_filename);
 		goto cleanup;
@@ -3003,7 +3003,7 @@ void semanage_setfiles(semanage_handle_t * sh, const char *path){
 
 	/* Make sure "path" is owned by root */
 	if ((geteuid() != 0 || getegid() != 0) &&
-	    ((fd = open(path, O_RDONLY)) != -1)){
+	    ((fd = open(path, O_RDONLY | O_CLOEXEC)) != -1)){
 		/* Skip files with the SUID or SGID bit set -- abuse protection */
 		if ((fstat(fd, &sb) != -1) &&
 		    !(S_ISREG(sb.st_mode) &&
diff --git a/libsemanage/src/utilities.c b/libsemanage/src/utilities.c
index 77b948fa..70b5b677 100644
--- a/libsemanage/src/utilities.c
+++ b/libsemanage/src/utilities.c
@@ -38,7 +38,7 @@ char *semanage_findval(const char *file, const char *var, const char *delim)
 	assert(file);
 	assert(var);
 
-	if ((fd = fopen(file, "r")) == NULL)
+	if ((fd = fopen(file, "re")) == NULL)
 		return NULL;
 
 	while (getline(&buff, &buff_len, fd) > 0) {
-- 
2.45.2

[PATCH v2 2/9] libsemanage: handle cil_set_handle_unknown() failure

[Christian Göttsche]

From: Christian Göttsche <cgzones@googlemail.com>

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libsemanage/src/direct_api.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
index 85876676..a271a576 100644
--- a/libsemanage/src/direct_api.c
+++ b/libsemanage/src/direct_api.c
@@ -1354,7 +1354,9 @@ static int semanage_direct_commit(semanage_handle_t * sh)
 		cil_set_multiple_decls(cildb, sh->conf->multiple_decls);
 
 		if (sh->conf->handle_unknown != -1) {
-			cil_set_handle_unknown(cildb, sh->conf->handle_unknown);
+			retval = cil_set_handle_unknown(cildb, sh->conf->handle_unknown);
+			if (retval < 0)
+				goto cleanup;
 		}
 
 		retval = semanage_load_files(sh, cildb, mod_filenames, num_modinfos);
-- 
2.45.2

[PATCH v2 3/9] libsemanage: handle shell allocation failure

[Christian Göttsche]

From: Christian Göttsche <cgzones@googlemail.com>

Return failure instead of silently using a fallback.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libsemanage/src/genhomedircon.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c
index 53673645..c38d284b 100644
--- a/libsemanage/src/genhomedircon.c
+++ b/libsemanage/src/genhomedircon.c
@@ -228,7 +228,7 @@ static semanage_list_t *get_shell_list(void)
 				free(temp);
 				semanage_list_destroy(&list);
 				fclose(shells);
-				return default_shell_list();
+				return NULL;
 			}
 		}
 	}
@@ -333,7 +333,10 @@ static semanage_list_t *get_home_dirs(genhomedircon_settings_t * s)
 		return homedir_list;
 
 	shells = get_shell_list();
-	assert(shells);
+	if (!shells) {
+		ERR(s->h_semanage, "Allocation failure!");
+		goto fail;
+	}
 
 	path = semanage_findval(PATH_ETC_LOGIN_DEFS, "UID_MIN", NULL);
 	if (path && *path) {
-- 
2.45.2

[PATCH v2 4/9] libsemanage: drop duplicate newlines and error descriptions in error messages

[Christian Göttsche]

From: Christian Göttsche <cgzones@googlemail.com>

The ERR macro already appends the errno description and a trailing
newline.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libsemanage/src/compressed_file.c   |   4 +-
 libsemanage/src/database_file.c     |   4 +-
 libsemanage/src/database_policydb.c |   4 +-
 libsemanage/src/direct_api.c        | 100 +++++++++++++---------------
 libsemanage/src/genhomedircon.c     |   2 +-
 libsemanage/src/handle.c            |   2 +-
 libsemanage/src/parse_utils.c       |   4 +-
 libsemanage/src/semanage_store.c    |   6 +-
 8 files changed, 61 insertions(+), 65 deletions(-)

diff --git a/libsemanage/src/compressed_file.c b/libsemanage/src/compressed_file.c
index e4a1efb0..4fa5b3e0 100644
--- a/libsemanage/src/compressed_file.c
+++ b/libsemanage/src/compressed_file.c
@@ -179,13 +179,13 @@ int map_compressed_file(semanage_handle_t *sh, const char *path,
 
 	fd = open(path, O_RDONLY | O_CLOEXEC);
 	if (fd == -1) {
-		ERR(sh, "Unable to open %s\n", path);
+		ERR(sh, "Unable to open %s.", path);
 		return -1;
 	}
 
 	file = fdopen(fd, "r");
 	if (file == NULL) {
-		ERR(sh, "Unable to open %s\n", path);
+		ERR(sh, "Unable to open %s.", path);
 		close(fd);
 		return -1;
 	}
diff --git a/libsemanage/src/database_file.c b/libsemanage/src/database_file.c
index a54c5aee..47814254 100644
--- a/libsemanage/src/database_file.c
+++ b/libsemanage/src/database_file.c
@@ -130,8 +130,8 @@ static int dbase_file_flush(semanage_handle_t * handle, dbase_file_t * dbase)
 	str = fopen(fname, "we");
 	umask(mask);
 	if (!str) {
-		ERR(handle, "could not open %s for writing: %s",
-		    fname, strerror(errno));
+		ERR(handle, "could not open %s for writing",
+		    fname);
 		goto err;
 	}
 	__fsetlocking(str, FSETLOCKING_BYCALLER);
diff --git a/libsemanage/src/database_policydb.c b/libsemanage/src/database_policydb.c
index 62467d15..3c346ad7 100644
--- a/libsemanage/src/database_policydb.c
+++ b/libsemanage/src/database_policydb.c
@@ -113,8 +113,8 @@ static int dbase_policydb_cache(semanage_handle_t * handle,
 	 * ENOENT is not fatal - we just create an empty policydb */
 	fp = fopen(fname, "rbe");
 	if (fp == NULL && errno != ENOENT) {
-		ERR(handle, "could not open %s for reading: %s",
-		    fname, strerror(errno));
+		ERR(handle, "could not open %s for reading",
+		    fname);
 		goto err;
 	}
 
diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
index a271a576..0e7ef4da 100644
--- a/libsemanage/src/direct_api.c
+++ b/libsemanage/src/direct_api.c
@@ -313,7 +313,7 @@ int semanage_direct_connect(semanage_handle_t * sh)
 		/* The file does not exist */
 		sepol_set_disable_dontaudit(sh->sepolh, 0);
 	} else {
-		ERR(sh, "Unable to access %s: %s\n", path, strerror(errno));
+		ERR(sh, "Unable to access %s.", path);
 		goto err;
 	}
 
@@ -592,7 +592,7 @@ static int read_from_pipe_to_data(semanage_handle_t *sh, size_t initial_len, int
 	}
 	data_read = malloc(max_len * sizeof(*data_read));
 	if (data_read == NULL) {
-		ERR(sh, "Failed to malloc, out of memory.\n");
+		ERR(sh, "Failed to malloc, out of memory.");
 		return -1;
 	}
 
@@ -604,7 +604,7 @@ static int read_from_pipe_to_data(semanage_handle_t *sh, size_t initial_len, int
 			max_len *= 2;
 			tmp = realloc(data_read, max_len);
 			if (tmp == NULL) {
-				ERR(sh, "Failed to realloc, out of memory.\n");
+				ERR(sh, "Failed to realloc, out of memory.");
 				free(data_read);
 				return -1;
 			}
@@ -646,93 +646,93 @@ static int semanage_pipe_data(semanage_handle_t *sh, const char *path, const cha
 
 	retval = pipe2(input_fd, O_CLOEXEC);
 	if (retval == -1) {
-		ERR(sh, "Unable to create pipe for input pipe: %s\n", strerror(errno));
+		ERR(sh, "Unable to create pipe for input pipe.");
 		goto cleanup;
 	}
 	retval = pipe2(output_fd, O_CLOEXEC);
 	if (retval == -1) {
-		ERR(sh, "Unable to create pipe for output pipe: %s\n", strerror(errno));
+		ERR(sh, "Unable to create pipe for output pipe.");
 		goto cleanup;
 	}
 	retval = pipe2(err_fd, O_CLOEXEC);
 	if (retval == -1) {
-		ERR(sh, "Unable to create pipe for error pipe: %s\n", strerror(errno));
+		ERR(sh, "Unable to create pipe for error pipe.");
 		goto cleanup;
 	}
 
 	pid = fork();
 	if (pid == -1) {
-		ERR(sh, "Unable to fork from parent: %s.", strerror(errno));
+		ERR(sh, "Unable to fork from parent.");
 		retval = -1;
 		goto cleanup;
 	} else if (pid == 0) {
 		retval = dup2(input_fd[PIPE_READ], STDIN_FILENO);
 		if (retval == -1) {
-			ERR(sh, "Unable to dup2 input pipe: %s\n", strerror(errno));
+			ERR(sh, "Unable to dup2 input pipe.");
 			goto cleanup;
 		}
 		retval = dup2(output_fd[PIPE_WRITE], STDOUT_FILENO);
 		if (retval == -1) {
-			ERR(sh, "Unable to dup2 output pipe: %s\n", strerror(errno));
+			ERR(sh, "Unable to dup2 output pipe.");
 			goto cleanup;
 		}
 		retval = dup2(err_fd[PIPE_WRITE], STDERR_FILENO);
 		if (retval == -1) {
-			ERR(sh, "Unable to dup2 error pipe: %s\n", strerror(errno));
+			ERR(sh, "Unable to dup2 error pipe.");
 			goto cleanup;
 		}
 
 		retval = close(input_fd[PIPE_WRITE]);
 		if (retval == -1) {
-			ERR(sh, "Unable to close input pipe: %s\n", strerror(errno));
+			ERR(sh, "Unable to close input pipe.");
 			goto cleanup;
 		}
 		retval = close(output_fd[PIPE_READ]);
 		if (retval == -1) {
-			ERR(sh, "Unable to close output pipe: %s\n", strerror(errno));
+			ERR(sh, "Unable to close output pipe.");
 			goto cleanup;
 		}
 		retval = close(err_fd[PIPE_READ]);
 		if (retval == -1) {
-			ERR(sh, "Unable to close error pipe: %s\n", strerror(errno));
+			ERR(sh, "Unable to close error pipe.");
 			goto cleanup;
 		}
 		retval = execl(path, path, NULL);
 		if (retval == -1) {
-			ERR(sh, "Unable to execute %s : %s\n", path, strerror(errno));
+			ERR(sh, "Unable to execute %s.", path);
 			_exit(EXIT_FAILURE);
 		}
 	} else {
 		retval = close(input_fd[PIPE_READ]);
 		input_fd[PIPE_READ] = -1;
 		if (retval == -1) {
-			ERR(sh, "Unable to close read end of input pipe: %s\n", strerror(errno));
+			ERR(sh, "Unable to close read end of input pipe.");
 			goto cleanup;
 		}
 
 		retval = close(output_fd[PIPE_WRITE]);
 		output_fd[PIPE_WRITE] = -1;
 		if (retval == -1) {
-			ERR(sh, "Unable to close write end of output pipe: %s\n", strerror(errno));
+			ERR(sh, "Unable to close write end of output pipe.");
 			goto cleanup;
 		}
 
 		retval = close(err_fd[PIPE_WRITE]);
 		err_fd[PIPE_WRITE] = -1;
 		if (retval == -1) {
-			ERR(sh, "Unable to close write end of error pipe: %s\n", strerror(errno));
+			ERR(sh, "Unable to close write end of error pipe.");
 			goto cleanup;
 		}
 
 		retval = write_full(input_fd[PIPE_WRITE], in_data, in_data_len);
 		if (retval == -1) {
-			ERR(sh, "Failed to write data to input pipe: %s\n", strerror(errno));
+			ERR(sh, "Failed to write data to input pipe.");
 			goto cleanup;
 		}
 		retval = close(input_fd[PIPE_WRITE]);
 		input_fd[PIPE_WRITE] = -1;
 		if (retval == -1) {
-			ERR(sh, "Unable to close write end of input pipe: %s\n", strerror(errno));
+			ERR(sh, "Unable to close write end of input pipe.");
 			goto cleanup;
 		}
 
@@ -744,7 +744,7 @@ static int semanage_pipe_data(semanage_handle_t *sh, const char *path, const cha
 		retval = close(output_fd[PIPE_READ]);
 		output_fd[PIPE_READ] = -1;
 		if (retval == -1) {
-			ERR(sh, "Unable to close read end of output pipe: %s\n", strerror(errno));
+			ERR(sh, "Unable to close read end of output pipe.");
 			goto cleanup;
 		}
 
@@ -756,7 +756,7 @@ static int semanage_pipe_data(semanage_handle_t *sh, const char *path, const cha
 		retval = close(err_fd[PIPE_READ]);
 		err_fd[PIPE_READ] = -1;
 		if (retval == -1) {
-			ERR(sh, "Unable to close read end of error pipe: %s\n", strerror(errno));
+			ERR(sh, "Unable to close read end of error pipe.");
 			goto cleanup;
 		}
 
@@ -923,7 +923,7 @@ static int semanage_compile_module(semanage_handle_t *sh,
 
 	status = map_compressed_file(sh, hll_path, &hll_contents);
 	if (status < 0) {
-		ERR(sh, "Unable to read file %s\n", hll_path);
+		ERR(sh, "Unable to read file %s.", hll_path);
 		goto cleanup;
 	}
 
@@ -933,16 +933,13 @@ static int semanage_compile_module(semanage_handle_t *sh,
 	if (err_data_len > 0) {
 		for (start = end = err_data; end < err_data + err_data_len; end++) {
 			if (*end == '\n') {
-				fprintf(stderr, "%s: ", modinfo->name);
-				fwrite(start, 1, end - start + 1, stderr);
+				ERR(sh, "%s: %.*s.", modinfo->name, (int)(end - start + 1), start);
 				start = end + 1;
 			}
 		}
 
 		if (end != start) {
-			fprintf(stderr, "%s: ", modinfo->name);
-			fwrite(start, 1, end - start, stderr);
-			fprintf(stderr, "\n");
+			ERR(sh, "%s: %.*s.", modinfo->name, (int)(end - start), start);
 		}
 	}
 	if (status != 0) {
@@ -956,14 +953,14 @@ static int semanage_compile_module(semanage_handle_t *sh,
 
 	status = write_compressed_file(sh, cil_path, cil_data, cil_data_len);
 	if (status == -1) {
-		ERR(sh, "Failed to write %s\n", cil_path);
+		ERR(sh, "Failed to write %s.", cil_path);
 		goto cleanup;
 	}
 
 	if (sh->conf->remove_hll == 1) {
 		status = unlink(hll_path);
 		if (status != 0) {
-			ERR(sh, "Error while removing HLL file %s: %s", hll_path, strerror(errno));
+			ERR(sh, "Error while removing HLL file %s.", hll_path);
 			goto cleanup;
 		}
 
@@ -1054,8 +1051,7 @@ static int semanage_compile_hll_modules(semanage_handle_t *sh,
 				unmap_compressed_file(&contents);
 				continue;
 			} else if (errno != ENOENT) {
-				ERR(sh, "Unable to access %s: %s\n", cil_path,
-				    strerror(errno));
+				ERR(sh, "Unable to access %s.", cil_path);
 				return -1; //an error in the "stat" call
 			}
 		}
@@ -1080,7 +1076,7 @@ static int semanage_compare_checksum(semanage_handle_t *sh, const char *referenc
 	fd = open(path, O_RDONLY | O_CLOEXEC);
 	if (fd == -1) {
 		if (errno != ENOENT) {
-			ERR(sh, "Unable to open %s: %s\n", path, strerror(errno));
+			ERR(sh, "Unable to open %s.", path);
 			return -1;
 		}
 		/* Checksum file not present - force a rebuild. */
@@ -1088,21 +1084,21 @@ static int semanage_compare_checksum(semanage_handle_t *sh, const char *referenc
 	}
 
 	if (fstat(fd, &sb) == -1) {
-		ERR(sh, "Unable to stat %s\n", path);
+		ERR(sh, "Unable to stat %s.", path);
 		retval = -1;
 		goto out_close;
 	}
 
 	if (sb.st_size != (off_t)CHECKSUM_CONTENT_SIZE) {
 		/* Incompatible/invalid hash type - just force a rebuild. */
-		WARN(sh, "Module checksum invalid - forcing a rebuild\n");
+		WARN(sh, "Module checksum invalid - forcing a rebuild.");
 		retval = 1;
 		goto out_close;
 	}
 
 	data = mmap(NULL, CHECKSUM_CONTENT_SIZE, PROT_READ, MAP_PRIVATE, fd, 0);
 	if (data == MAP_FAILED) {
-		ERR(sh, "Unable to mmap %s\n", path);
+		ERR(sh, "Unable to mmap %s.", path);
 		retval = -1;
 		goto out_close;
 	}
@@ -1212,7 +1208,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
 		/* The file does not exist */
 		do_rebuild |= (sepol_get_disable_dontaudit(sh->sepolh) == 1);
 	} else {
-		ERR(sh, "Unable to access %s: %s\n", path, strerror(errno));
+		ERR(sh, "Unable to access %s.", path);
 		retval = -1;
 		goto cleanup;
 	}
@@ -1243,7 +1239,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
 		/* The file does not exist */
 		do_rebuild |= (sepol_get_preserve_tunables(sh->sepolh) == 1);
 	} else {
-		ERR(sh, "Unable to access %s: %s\n", path, strerror(errno));
+		ERR(sh, "Unable to access %s.", path);
 		retval = -1;
 		goto cleanup;
 	}
@@ -1279,7 +1275,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
 		path = semanage_path(SEMANAGE_TMP, semanage_computed_files[i]);
 		if (stat(path, &sb) != 0) {
 			if (errno != ENOENT) {
-				ERR(sh, "Unable to access %s: %s\n", path, strerror(errno));
+				ERR(sh, "Unable to access %s.", path);
 				retval = -1;
 				goto cleanup;
 			}
@@ -1309,7 +1305,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
 		retval = semanage_compile_hll_modules(sh, modinfos, num_modinfos,
 						      &extra, modules_checksum);
 		if (retval < 0) {
-			ERR(sh, "Failed to compile hll files into cil files.\n");
+			ERR(sh, "Failed to compile hll files into cil files.");
 			goto cleanup;
 		}
 
@@ -1322,7 +1318,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
 
 		retval = semanage_write_modules_checksum(sh, modules_checksum);
 		if (retval < 0) {
-			ERR(sh, "Failed to write module checksum file.\n");
+			ERR(sh, "Failed to write module checksum file.");
 			goto cleanup;
 		}
 	}
@@ -1444,7 +1440,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
 			/* The file does not exist */
 			pseusers->dtable->clear(sh, pseusers->dbase);
 		} else {
-			ERR(sh, "Unable to access %s: %s\n", path, strerror(errno));
+			ERR(sh, "Unable to access %s.", path);
 			retval = -1;
 			goto cleanup;
 		}
@@ -1462,7 +1458,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
 			/* The file does not exist */
 			pusers_extra->dtable->clear(sh, pusers_extra->dbase);
 		} else {
-			ERR(sh, "Unable to access %s: %s\n", path, strerror(errno));
+			ERR(sh, "Unable to access %s.", path);
 			retval = -1;
 			goto cleanup;
 		}
@@ -1733,13 +1729,13 @@ static int semanage_direct_install_file(semanage_handle_t * sh,
 
 	retval = map_compressed_file(sh, install_filename, &contents);
 	if (retval < 0) {
-		ERR(sh, "Unable to read file %s\n", install_filename);
+		ERR(sh, "Unable to read file %s.", install_filename);
 		goto cleanup;
 	}
 
 	path = strdup(install_filename);
 	if (path == NULL) {
-		ERR(sh, "No memory available for strdup.\n");
+		ERR(sh, "No memory available for strdup.");
 		retval = -1;
 		goto cleanup;
 	}
@@ -1780,12 +1776,12 @@ static int semanage_direct_install_file(semanage_handle_t * sh,
 	if (module_name == NULL) {
 		module_name = strdup(filename);
 		if (module_name == NULL) {
-			ERR(sh, "No memory available for module_name.\n");
+			ERR(sh, "No memory available for module_name.");
 			retval = -1;
 			goto cleanup;
 		}
 	} else if (strcmp(module_name, filename) != 0) {
-		fprintf(stderr, "Warning: SELinux userspace will refer to the module from %s as %s rather than %s\n", install_filename, module_name, filename);
+		ERR(sh, "Warning: SELinux userspace will refer to the module from %s as %s rather than %s.", install_filename, module_name, filename);
 	}
 
 	retval = semanage_direct_install(sh, contents.data, contents.len,
@@ -1826,7 +1822,7 @@ static int semanage_direct_extract(semanage_handle_t * sh,
 	}
 
 	if (stat(module_path, &sb) != 0) {
-		ERR(sh, "Unable to access %s: %s\n", module_path, strerror(errno));
+		ERR(sh, "Unable to access %s.", module_path);
 		rc = -1;
 		goto cleanup;
 	}
@@ -1857,7 +1853,7 @@ static int semanage_direct_extract(semanage_handle_t * sh,
 
 	if (extract_cil == 1 && strcmp(_modinfo->lang_ext, "cil") && stat(input_file, &sb) != 0) {
 		if (errno != ENOENT) {
-			ERR(sh, "Unable to access %s: %s\n", input_file, strerror(errno));
+			ERR(sh, "Unable to access %s.", input_file);
 			rc = -1;
 			goto cleanup;
 		}
@@ -2017,7 +2013,7 @@ static int semanage_direct_get_enabled(semanage_handle_t *sh,
 
 	if (stat(path, &sb) < 0) {
 		if (errno != ENOENT) {
-			ERR(sh, "Unable to access %s: %s\n", path, strerror(errno));
+			ERR(sh, "Unable to access %s.", path);
 			status = -1;
 			goto cleanup;
 		}
@@ -2350,7 +2346,7 @@ static int semanage_direct_get_module_info(semanage_handle_t *sh,
 	/* set enabled/disabled status */
 	if (stat(fn, &sb) < 0) {
 		if (errno != ENOENT) {
-			ERR(sh, "Unable to access %s: %s\n", fn, strerror(errno));
+			ERR(sh, "Unable to access %s.", fn);
 			status = -1;
 			goto cleanup;
 		}
@@ -2779,7 +2775,7 @@ static int semanage_direct_install_info(semanage_handle_t *sh,
 	/* validate module info */
 	ret = semanage_module_info_validate(modinfo);
 	if (ret != 0) {
-		ERR(sh, "%s failed module validation.\n", modinfo->name);
+		ERR(sh, "%s failed module validation.", modinfo->name);
 		status = -2;
 		goto cleanup;
 	}
@@ -2867,7 +2863,7 @@ static int semanage_direct_install_info(semanage_handle_t *sh,
 		if (stat(path, &sb) == 0) {
 			ret = unlink(path);
 			if (ret != 0) {
-				ERR(sh, "Error while removing cached CIL file %s: %s", path, strerror(errno));
+				ERR(sh, "Error while removing cached CIL file %s.", path);
 				status = -3;
 				goto cleanup;
 			}
diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c
index c38d284b..4949bc75 100644
--- a/libsemanage/src/genhomedircon.c
+++ b/libsemanage/src/genhomedircon.c
@@ -1117,7 +1117,7 @@ static int get_group_users(genhomedircon_settings_t * s,
 		goto cleanup;
 
 	if (group == NULL) {
-		ERR(s->h_semanage, "Can't find group named %s\n", grname);
+		ERR(s->h_semanage, "Can't find group named %s.", grname);
 		goto cleanup;
 	}
 
diff --git a/libsemanage/src/handle.c b/libsemanage/src/handle.c
index 2f4121db..faea0606 100644
--- a/libsemanage/src/handle.c
+++ b/libsemanage/src/handle.c
@@ -151,7 +151,7 @@ int semanage_get_hll_compiler_path(semanage_handle_t *sh,
 
 	lower_lang_ext = strdup(lang_ext);
 	if (lower_lang_ext == NULL) {
-		ERR(sh, "Could not create copy of lang_ext. Out of memory.\n");
+		ERR(sh, "Could not create copy of lang_ext. Out of memory.");
 		status = -1;
 		goto cleanup;
 	}
diff --git a/libsemanage/src/parse_utils.c b/libsemanage/src/parse_utils.c
index d1d6e930..cf6a91fa 100644
--- a/libsemanage/src/parse_utils.c
+++ b/libsemanage/src/parse_utils.c
@@ -47,8 +47,8 @@ int parse_open(semanage_handle_t * handle, parse_info_t * info)
 
 	info->file_stream = fopen(info->filename, "re");
 	if (!info->file_stream && (errno != ENOENT)) {
-		ERR(handle, "could not open file %s: %s",
-		    info->filename, strerror(errno));
+		ERR(handle, "could not open file %s.",
+		    info->filename);
 		return STATUS_ERR;
 	}
 	if (info->file_stream)
diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c
index d75aab68..cdb495cb 100644
--- a/libsemanage/src/semanage_store.c
+++ b/libsemanage/src/semanage_store.c
@@ -1551,7 +1551,7 @@ static int sefcontext_compile(semanage_handle_t * sh, const char *path) {
 
 	if (stat(path, &sb) < 0) {
 		if (errno != ENOENT) {
-			ERR(sh, "Unable to access %s: %s\n", path, strerror(errno));
+			ERR(sh, "Unable to access %s.", path);
 			return -1;
 		}
 
@@ -1737,11 +1737,11 @@ static int semanage_commit_sandbox(semanage_handle_t * sh)
 	/* sync changes in sandbox to filesystem */
 	fd = open(sandbox, O_DIRECTORY | O_CLOEXEC);
 	if (fd == -1) {
-		ERR(sh, "Error while opening %s for syncfs(): %d", sandbox, errno);
+		ERR(sh, "Error while opening %s for syncfs().", sandbox);
 		return -1;
 	}
 	if (syncfs(fd) == -1) {
-		ERR(sh, "Error while syncing %s to filesystem: %d", sandbox, errno);
+		ERR(sh, "Error while syncing %s to filesystem.", sandbox);
 		close(fd);
 		return -1;
 	}
-- 
2.45.2

[PATCH v2 5/9] libsemanage: check closing written files

[Christian Göttsche]

From: Christian Göttsche <cgzones@googlemail.com>

Check that closing a file that has been written to is successful, to
avoid potential unsuccessful writes/syncs.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libsemanage/src/database_file.c  |  5 ++++-
 libsemanage/src/direct_api.c     | 15 +++++++++------
 libsemanage/src/genhomedircon.c  |  3 ++-
 libsemanage/src/semanage_store.c | 18 +++++++++++++-----
 4 files changed, 28 insertions(+), 13 deletions(-)

diff --git a/libsemanage/src/database_file.c b/libsemanage/src/database_file.c
index 47814254..214dbe6c 100644
--- a/libsemanage/src/database_file.c
+++ b/libsemanage/src/database_file.c
@@ -149,7 +149,10 @@ static int dbase_file_flush(semanage_handle_t * handle, dbase_file_t * dbase)
 	}
 
 	dbase_llist_set_modified(&dbase->llist, 0);
-	fclose(str);
+	if (fclose(str) != 0 && errno != EINTR) {
+		str = NULL;
+		goto err;
+	}
 	return STATUS_SUCCESS;
 
       err:
diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
index 0e7ef4da..87c7627d 100644
--- a/libsemanage/src/direct_api.c
+++ b/libsemanage/src/direct_api.c
@@ -467,7 +467,10 @@ static int write_file(semanage_handle_t * sh,
 		close(out);
 		return -1;
 	}
-	close(out);
+	if (close(out) == -1 && errno != EINTR) {
+		ERR(sh, "Error while closing %s.", filename);
+		return -1;
+	}
 	return 0;
 }
 
@@ -839,7 +842,7 @@ static int semanage_direct_write_langext(semanage_handle_t *sh,
 		goto cleanup;
 	}
 
-	if (fclose(fp) != 0) {
+	if (fclose(fp) != 0 && errno != EINTR) {
 		ERR(sh, "Unable to close %s module ext file.", modinfo->name);
 		fp = NULL;
 		ret = -1;
@@ -1216,7 +1219,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
 		FILE *touch;
 		touch = fopen(path, "we");
 		if (touch != NULL) {
-			if (fclose(touch) != 0) {
+			if (fclose(touch) != 0 && errno != EINTR) {
 				ERR(sh, "Error attempting to create disable_dontaudit flag.");
 				goto cleanup;
 			}
@@ -1248,7 +1251,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
 		FILE *touch;
 		touch = fopen(path, "we");
 		if (touch != NULL) {
-			if (fclose(touch) != 0) {
+			if (fclose(touch) != 0 && errno != EINTR) {
 				ERR(sh, "Error attempting to create preserve_tunable flag.");
 				goto cleanup;
 			}
@@ -2120,7 +2123,7 @@ static int semanage_direct_set_enabled(semanage_handle_t *sh,
 
 			ret = fclose(fp);
 			fp = NULL;
-			if (ret != 0) {
+			if (ret != 0 && errno != EINTR) {
 				ERR(sh,
 				    "Unable to close disabled file for module %s",
 				    modkey->name);
@@ -2321,7 +2324,7 @@ static int semanage_direct_get_module_info(semanage_handle_t *sh,
 	free(tmp);
 	tmp = NULL;
 
-	if (fclose(fp) != 0) {
+	if (fclose(fp) != 0 && errno != EINTR) {
 		fp = NULL;
 		ERR(sh,
 		    "Unable to close %s module lang ext file.",
diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c
index 4949bc75..19543799 100644
--- a/libsemanage/src/genhomedircon.c
+++ b/libsemanage/src/genhomedircon.c
@@ -1429,7 +1429,8 @@ int semanage_genhomedircon(semanage_handle_t * sh,
 
 done:
 	if (out != NULL)
-		fclose(out);
+		if (fclose(out) != 0 && errno != EINTR)
+			retval = STATUS_ERR;
 
 	while (s.fallback)
 		pop_user_entry(&(s.fallback));
diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c
index cdb495cb..e44efc16 100644
--- a/libsemanage/src/semanage_store.c
+++ b/libsemanage/src/semanage_store.c
@@ -717,7 +717,7 @@ int semanage_copy_file(semanage_handle_t *sh, const char *src, const char *dst,
 		errsv = errno;
 		retval = -1;
 	}
-	if (close(out) < 0) {
+	if (close(out) < 0 && errno != EINTR) {
 		errsv = errno;
 		retval = -1;
 	}
@@ -1536,9 +1536,11 @@ int semanage_split_fc(semanage_handle_t * sh)
 	if (file_con)
 		fclose(file_con);
 	if (fc >= 0)
-		close(fc);
+		if (close(fc) == -1 && errno != EINTR)
+			retval = -1;
 	if (hd >= 0)
-		close(hd);
+		if (close(hd) == -1 && errno != EINTR)
+			retval = -1;
 
 	return retval;
 
@@ -1732,7 +1734,11 @@ static int semanage_commit_sandbox(semanage_handle_t * sh)
 		close(fd);
 		return -1;
 	}
-	close(fd);
+	if (close(fd) == -1 && errno != EINTR) {
+		ERR(sh, "Error while closing commit number file %s.",
+		    commit_filename);
+		return -1;
+	}
 
 	/* sync changes in sandbox to filesystem */
 	fd = open(sandbox, O_DIRECTORY | O_CLOEXEC);
@@ -2157,7 +2163,9 @@ int semanage_write_policydb(semanage_handle_t * sh, sepol_policydb_t * out,
 
       cleanup:
 	if (outfile != NULL) {
-		fclose(outfile);
+		if (fclose(outfile) != 0 && errno != EINTR) {
+			retval = STATUS_ERR;
+		}
 	}
 	umask(mask);
 	sepol_policy_file_free(pf);
-- 
2.45.2

[PATCH v2 6/9] libsemanage: simplify file deletion

[Christian Göttsche]

From: Christian Göttsche <cgzones@googlemail.com>

Instead of checking if a file to be deleted exists, just try to delete
it and ignore any error for it not existing in the first place.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libsemanage/src/direct_api.c | 24 +++++++++---------------
 1 file changed, 9 insertions(+), 15 deletions(-)

diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
index 87c7627d..99cba7f7 100644
--- a/libsemanage/src/direct_api.c
+++ b/libsemanage/src/direct_api.c
@@ -2762,7 +2762,6 @@ static int semanage_direct_install_info(semanage_handle_t *sh,
 	int status = 0;
 	int ret = 0;
 	int type;
-	struct stat sb;
 
 	char path[PATH_MAX];
 	mode_t mask = umask(0077);
@@ -2863,13 +2862,11 @@ static int semanage_direct_install_info(semanage_handle_t *sh,
 			goto cleanup;
 		}
 
-		if (stat(path, &sb) == 0) {
-			ret = unlink(path);
-			if (ret != 0) {
-				ERR(sh, "Error while removing cached CIL file %s.", path);
-				status = -3;
-				goto cleanup;
-			}
+		ret = unlink(path);
+		if (ret != 0 && errno != ENOENT) {
+			ERR(sh, "Error while removing cached CIL file %s.", path);
+			status = -3;
+			goto cleanup;
 		}
 	}
 
@@ -2966,13 +2963,10 @@ static int semanage_direct_remove_key(semanage_handle_t *sh,
 			goto cleanup;
 		}
 
-		struct stat sb;
-		if (stat(path, &sb) == 0) {
-			ret = unlink(path);
-			if (ret != 0) {
-				status = -1;
-				goto cleanup;
-			}
+		ret = unlink(path);
+		if (ret != 0 && errno != ENOENT) {
+			status = -1;
+			goto cleanup;
 		}
 	}
 	else {
-- 
2.45.2

[PATCH v2 7/9] libsemanage: optimize policy by default

[Christian Göttsche]

From: Christian Göttsche <cgzones@googlemail.com>

Fedora is setting optimize-policy to 1 by default, and there seem to be
no bugs related to policy optimizations so far.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libsemanage/man/man5/semanage.conf.5 | 2 +-
 libsemanage/src/conf-parse.y         | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/libsemanage/man/man5/semanage.conf.5 b/libsemanage/man/man5/semanage.conf.5
index 140cb8d9..6a1afc13 100644
--- a/libsemanage/man/man5/semanage.conf.5
+++ b/libsemanage/man/man5/semanage.conf.5
@@ -124,7 +124,7 @@ In order to compile the original HLL file into CIL, the same HLL file will need
 .TP
 .B optimize-policy
 When set to "true", the kernel policy will be optimized upon rebuilds.
-It can be set to either "true" or "false" and by default it is set to "false".
+It can be set to either "true" or "false" and by default it is set to "true".
 
 .TP
 .B multiple-decls
diff --git a/libsemanage/src/conf-parse.y b/libsemanage/src/conf-parse.y
index b2b84892..6cb8a598 100644
--- a/libsemanage/src/conf-parse.y
+++ b/libsemanage/src/conf-parse.y
@@ -396,7 +396,7 @@ static int semanage_conf_init(semanage_conf_t * conf)
 	conf->bzip_small = 0;
 	conf->ignore_module_cache = 0;
 	conf->remove_hll = 0;
-	conf->optimize_policy = 0;
+	conf->optimize_policy = 1;
 	conf->multiple_decls = 1;
 
 	conf->save_previous = 0;
-- 
2.45.2

[PATCH v2 8/9] libsemanage/man: add documentation for command overrides

[Christian Göttsche]

From: Christian Göttsche <cgzones@googlemail.com>

For example fedora contains the following cdefault configuration:

    [sefcontext_compile]
    path = /usr/sbin/sefcontext_compile
    args = -r $@
    [end]

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libsemanage/man/man5/semanage.conf.5 | 79 ++++++++++++++++++++++++++++
 1 file changed, 79 insertions(+)

diff --git a/libsemanage/man/man5/semanage.conf.5 b/libsemanage/man/man5/semanage.conf.5
index 6a1afc13..b22e65bd 100644
--- a/libsemanage/man/man5/semanage.conf.5
+++ b/libsemanage/man/man5/semanage.conf.5
@@ -131,6 +131,85 @@ It can be set to either "true" or "false" and by default it is set to "true".
 When set to "true", duplicate type, type attribute, and role declarations will be allowed.
 It can be set to either "true" or "false" and by default it is set to "true".
 
+.RE
+.PP
+For certain tasks the SELinux Management library resorts to running
+external commands.  For the following commands their path and arguments can
+be overridden:
+
+.RS
+.RS
+.TP
+.B load_policy
+Command to load a kernel policy.
+Requires no argument.
+Defaults to
+.IR /sbin/load_policy
+with no arguments.
+
+.TP
+.B setfiles
+Command to verify file context definitions.
+Requires two arguments, the path to the kernel policy and the path to the
+file context definition file.
+Defaults to
+.IR /sbin/setfiles
+with the arguments '\-q \-c $@ $<'.
+
+.TP
+.B sefcontext_compile
+Command to compile a file context definition file.
+Requires one argument, the path to the to be compiled file context
+definition file.
+Defaults to
+.IR /sbin/sefcontext_compile
+with the argument '$@'.
+
+.RE
+.PP
+Either
+.IR path
+or
+.IR args
+can be omitted.
+The argument string must contain '$@' for the first required argument,
+and '$<' for the second one.
+The syntax for overriding an external command property is:
+
+.RS
+
+[\fIname\fR]
+.sp 0
+path = /path/to/command
+.sp 0
+args = --flag
+.sp 0
+[end]
+
+.RE
+
+.TP
+Example
+
+.RS
+
+[sefcontext_compile]
+.sp 0
+path = /usr/sbin/sefcontext_compile
+.sp 0
+args = -r $@
+.sp 0
+[end]
+
+.RE
+.PP
+Optionally the SELinux Management library can invoke external commands to
+verify source modules (\fBverify module\fR), linked modules
+(\fBverify linked\fR), and kernel policies (\fBverify kernel\fR).
+The syntax is identical to the above command overrides.
+The program should exit with a value of 0 on success, and non zero on
+failure.
+
 .SH "SEE ALSO"
 .TP
 semanage(8)
-- 
2.45.2

[PATCH v2 9/9] libsemanage: respect shell paths with /usr prefix

[Christian Göttsche]

From: Christian Göttsche <cgzones@googlemail.com>

Consider paths with the prefix /usr for shells by including them in the
list of fallback default shells and by extending the check for a nologin
shell.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libsemanage/src/genhomedircon.c | 32 +++++++++++++++++++++++---------
 1 file changed, 23 insertions(+), 9 deletions(-)

diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c
index 19543799..8782e2cb 100644
--- a/libsemanage/src/genhomedircon.c
+++ b/libsemanage/src/genhomedircon.c
@@ -192,15 +192,23 @@ static semanage_list_t *default_shell_list(void)
 	semanage_list_t *list = NULL;
 
 	if (semanage_list_push(&list, "/bin/csh")
+	    || semanage_list_push(&list, "/usr/bin/csh")
 	    || semanage_list_push(&list, "/bin/tcsh")
+	    || semanage_list_push(&list, "/usr/bin/tcsh")
 	    || semanage_list_push(&list, "/bin/ksh")
+	    || semanage_list_push(&list, "/usr/bin/ksh")
 	    || semanage_list_push(&list, "/bin/bsh")
+	    || semanage_list_push(&list, "/usr/bin/bsh")
 	    || semanage_list_push(&list, "/bin/ash")
-	    || semanage_list_push(&list, "/usr/bin/ksh")
+	    || semanage_list_push(&list, "/usr/bin/ash")
+	    || semanage_list_push(&list, "/bin/pdksh")
 	    || semanage_list_push(&list, "/usr/bin/pdksh")
 	    || semanage_list_push(&list, "/bin/zsh")
+	    || semanage_list_push(&list, "/usr/bin/zsh")
 	    || semanage_list_push(&list, "/bin/sh")
-	    || semanage_list_push(&list, "/bin/bash"))
+	    || semanage_list_push(&list, "/usr/bin/sh")
+	    || semanage_list_push(&list, "/bin/bash")
+	    || semanage_list_push(&list, "/usr/bin/bash"))
 		goto fail;
 
 	return list;
@@ -210,6 +218,12 @@ static semanage_list_t *default_shell_list(void)
 	return NULL;
 }
 
+static bool is_nologin_shell(const char *path)
+{
+	return strcmp(path, PATH_NOLOGIN_SHELL) == 0 ||
+	       strcmp(path, "/usr" PATH_NOLOGIN_SHELL) == 0;
+}
+
 static semanage_list_t *get_shell_list(void)
 {
 	FILE *shells;
@@ -223,13 +237,13 @@ static semanage_list_t *get_shell_list(void)
 		return default_shell_list();
 	while ((len = getline(&temp, &buff_len, shells)) > 0) {
 		if (temp[len-1] == '\n') temp[len-1] = 0;
-		if (strcmp(temp, PATH_NOLOGIN_SHELL)) {
-			if (semanage_list_push(&list, temp)) {
-				free(temp);
-				semanage_list_destroy(&list);
-				fclose(shells);
-				return NULL;
-			}
+		if (is_nologin_shell(temp))
+			continue;
+		if (semanage_list_push(&list, temp)) {
+			free(temp);
+			semanage_list_destroy(&list);
+			fclose(shells);
+			return NULL;
 		}
 	}
 	free(temp);
-- 
2.45.2

Re: [PATCH v2 9/9] libsemanage: respect shell paths with /usr prefix

[James Carter]

On Tue, Nov 26, 2024 at 5:46 AM Christian Göttsche
<cgoettsche@seltendoof.de> wrote:
>
> From: Christian Göttsche <cgzones@googlemail.com>
>
> Consider paths with the prefix /usr for shells by including them in the
> list of fallback default shells and by extending the check for a nologin
> shell.
>
> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>

For these nine patches:
Acked-by: James Carter <jwcart2@gmail.com>

> ---
>  libsemanage/src/genhomedircon.c | 32 +++++++++++++++++++++++---------
>  1 file changed, 23 insertions(+), 9 deletions(-)
>
> diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c
> index 19543799..8782e2cb 100644
> --- a/libsemanage/src/genhomedircon.c
> +++ b/libsemanage/src/genhomedircon.c
> @@ -192,15 +192,23 @@ static semanage_list_t *default_shell_list(void)
>         semanage_list_t *list = NULL;
>
>         if (semanage_list_push(&list, "/bin/csh")
> +           || semanage_list_push(&list, "/usr/bin/csh")
>             || semanage_list_push(&list, "/bin/tcsh")
> +           || semanage_list_push(&list, "/usr/bin/tcsh")
>             || semanage_list_push(&list, "/bin/ksh")
> +           || semanage_list_push(&list, "/usr/bin/ksh")
>             || semanage_list_push(&list, "/bin/bsh")
> +           || semanage_list_push(&list, "/usr/bin/bsh")
>             || semanage_list_push(&list, "/bin/ash")
> -           || semanage_list_push(&list, "/usr/bin/ksh")
> +           || semanage_list_push(&list, "/usr/bin/ash")
> +           || semanage_list_push(&list, "/bin/pdksh")
>             || semanage_list_push(&list, "/usr/bin/pdksh")
>             || semanage_list_push(&list, "/bin/zsh")
> +           || semanage_list_push(&list, "/usr/bin/zsh")
>             || semanage_list_push(&list, "/bin/sh")
> -           || semanage_list_push(&list, "/bin/bash"))
> +           || semanage_list_push(&list, "/usr/bin/sh")
> +           || semanage_list_push(&list, "/bin/bash")
> +           || semanage_list_push(&list, "/usr/bin/bash"))
>                 goto fail;
>
>         return list;
> @@ -210,6 +218,12 @@ static semanage_list_t *default_shell_list(void)
>         return NULL;
>  }
>
> +static bool is_nologin_shell(const char *path)
> +{
> +       return strcmp(path, PATH_NOLOGIN_SHELL) == 0 ||
> +              strcmp(path, "/usr" PATH_NOLOGIN_SHELL) == 0;
> +}
> +
>  static semanage_list_t *get_shell_list(void)
>  {
>         FILE *shells;
> @@ -223,13 +237,13 @@ static semanage_list_t *get_shell_list(void)
>                 return default_shell_list();
>         while ((len = getline(&temp, &buff_len, shells)) > 0) {
>                 if (temp[len-1] == '\n') temp[len-1] = 0;
> -               if (strcmp(temp, PATH_NOLOGIN_SHELL)) {
> -                       if (semanage_list_push(&list, temp)) {
> -                               free(temp);
> -                               semanage_list_destroy(&list);
> -                               fclose(shells);
> -                               return NULL;
> -                       }
> +               if (is_nologin_shell(temp))
> +                       continue;
> +               if (semanage_list_push(&list, temp)) {
> +                       free(temp);
> +                       semanage_list_destroy(&list);
> +                       fclose(shells);
> +                       return NULL;
>                 }
>         }
>         free(temp);
> --
> 2.45.2
>
>

Re: [PATCH v2 9/9] libsemanage: respect shell paths with /usr prefix

[Petr Lautrbach]

James Carter <jwcart2@gmail.com> writes:

> On Tue, Nov 26, 2024 at 5:46 AM Christian Göttsche
> <cgoettsche@seltendoof.de> wrote:
>>
>> From: Christian Göttsche <cgzones@googlemail.com>
>>
>> Consider paths with the prefix /usr for shells by including them in the
>> list of fallback default shells and by extending the check for a nologin
>> shell.
>>
>> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
>
> For these nine patches:
> Acked-by: James Carter <jwcart2@gmail.com>

It's merged now. Thanks!


>> ---
>>  libsemanage/src/genhomedircon.c | 32 +++++++++++++++++++++++---------
>>  1 file changed, 23 insertions(+), 9 deletions(-)
>>
>> diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c
>> index 19543799..8782e2cb 100644
>> --- a/libsemanage/src/genhomedircon.c
>> +++ b/libsemanage/src/genhomedircon.c
>> @@ -192,15 +192,23 @@ static semanage_list_t *default_shell_list(void)
>>         semanage_list_t *list = NULL;
>>
>>         if (semanage_list_push(&list, "/bin/csh")
>> +           || semanage_list_push(&list, "/usr/bin/csh")
>>             || semanage_list_push(&list, "/bin/tcsh")
>> +           || semanage_list_push(&list, "/usr/bin/tcsh")
>>             || semanage_list_push(&list, "/bin/ksh")
>> +           || semanage_list_push(&list, "/usr/bin/ksh")
>>             || semanage_list_push(&list, "/bin/bsh")
>> +           || semanage_list_push(&list, "/usr/bin/bsh")
>>             || semanage_list_push(&list, "/bin/ash")
>> -           || semanage_list_push(&list, "/usr/bin/ksh")
>> +           || semanage_list_push(&list, "/usr/bin/ash")
>> +           || semanage_list_push(&list, "/bin/pdksh")
>>             || semanage_list_push(&list, "/usr/bin/pdksh")
>>             || semanage_list_push(&list, "/bin/zsh")
>> +           || semanage_list_push(&list, "/usr/bin/zsh")
>>             || semanage_list_push(&list, "/bin/sh")
>> -           || semanage_list_push(&list, "/bin/bash"))
>> +           || semanage_list_push(&list, "/usr/bin/sh")
>> +           || semanage_list_push(&list, "/bin/bash")
>> +           || semanage_list_push(&list, "/usr/bin/bash"))
>>                 goto fail;
>>
>>         return list;
>> @@ -210,6 +218,12 @@ static semanage_list_t *default_shell_list(void)
>>         return NULL;
>>  }
>>
>> +static bool is_nologin_shell(const char *path)
>> +{
>> +       return strcmp(path, PATH_NOLOGIN_SHELL) == 0 ||
>> +              strcmp(path, "/usr" PATH_NOLOGIN_SHELL) == 0;
>> +}
>> +
>>  static semanage_list_t *get_shell_list(void)
>>  {
>>         FILE *shells;
>> @@ -223,13 +237,13 @@ static semanage_list_t *get_shell_list(void)
>>                 return default_shell_list();
>>         while ((len = getline(&temp, &buff_len, shells)) > 0) {
>>                 if (temp[len-1] == '\n') temp[len-1] = 0;
>> -               if (strcmp(temp, PATH_NOLOGIN_SHELL)) {
>> -                       if (semanage_list_push(&list, temp)) {
>> -                               free(temp);
>> -                               semanage_list_destroy(&list);
>> -                               fclose(shells);
>> -                               return NULL;
>> -                       }
>> +               if (is_nologin_shell(temp))
>> +                       continue;
>> +               if (semanage_list_push(&list, temp)) {
>> +                       free(temp);
>> +                       semanage_list_destroy(&list);
>> +                       fclose(shells);
>> +                       return NULL;
>>                 }
>>         }
>>         free(temp);
>> --
>> 2.45.2
>>
>>