Package: dpkg
Version: 1.13.9
Severity: wishlist
Hi,
As discussed on IRC, the previous SELinux support patch was
applied to lib/star.c, which may not have been the code actually used
while extracting packages. I have now patched src/archive.c to apply
initial SELinux security context labels to files as they are
unpacked. This should be a minimally invasive patch, and has been
tested (well, it compiles, install, and can install other packages on
non-Se-Linux machines). This is in addition to the previous patches,
and should apply cleanly to
[EMAIL PROTECTED]/dpkg--devel--1.13--patch-179.
You can pull directly from
[EMAIL PROTECTED]/dpkg--selinux--1.13, or apply the
patch below.
manoj
* looking for [EMAIL PROTECTED]/dpkg--devel--1.13--patch-43 to compare with
tla library-add --sparse [EMAIL PROTECTED]/dpkg--devel--1.13--patch-43
* comparing to [EMAIL PROTECTED]/dpkg--devel--1.13--patch-43:
................................................ done.
* modified files
--- orig/ChangeLog
+++ mod/ChangeLog
@@ -1,3 +1,16 @@
+2005-06-18 Manoj Srivastava <[EMAIL PROTECTED]>
+
+ * src/archives.c: Include selinux/selinux.h if WITH_SELINUX is
+ defined. Before extracting the tar object, find out the initial
+ security context for the object to be extracted, as per the
+ local security policy, using matchpathcon(), and set the default
+ security context for the process using
+ setfscreatecon(). After this we proceed to process the
+ tarobject normally, setting owner and permissions, and
+ renaming it from foo.dpkg-new to foo. After that, we
+ step back in, and restore the default security context.
+
+
2005-06-15 Bastian Kleineidam <[EMAIL PROTECTED]>
* man/C/dpkg.cfg.5: Correct reference to dpkg(8) to dpkg(1).
--- orig/debian/changelog
+++ mod/debian/changelog
@@ -11,6 +11,14 @@
- Added missing word to dpkg-architecture manpage. Closes: #313554.
- Reference to dpkg manpage in dpkg.cfg corrected. Closes: #314262.
+ SELinux support (Manoj Srivastava):
+ * Also patch src/archive.c, which is the code that is actually
+ called. Use a slightly different method than what we used in
+ lib/star.c -- here we temporarily set the default security context of
+ the process to the one required to create the file being unpacked in
+ the proper initial context, and then restore the policy defined
+ default after unpacking and renaming.
+
--
dpkg (1.13.9) unstable; urgency=low
--- orig/src/archives.c
+++ mod/src/archives.c
@@ -43,6 +43,12 @@
#include <tarfn.h>
#include <myopt.h>
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+static int selinux_enabled=-1;
+static security_context_t scontext = NULL;
+#endif
+
#include "filesdb.h"
#include "main.h"
#include "archives.h"
@@ -515,6 +521,38 @@
*/
push_cleanup(cu_installnew,~ehflag_normaltidy, 0,0, 1,(void*)nifd);
+#ifdef WITH_SELINUX
+ /* Set selinux_enabled if it is not already set (singleton) */
+ if (selinux_enabled < 0)
+ selinux_enabled = (is_selinux_enabled() > 0);
+
+ /* Since selinux is enabled, try and set the context */
+ if (selinux_enabled == 1) {
+ /*
+ * well, we could use
+ * void set_matchpathcon_printf(void (*f)(const char *fmt, ...));
+ * to redirect the errors from the following bit, but that
+ * seems too much effort.
+ */
+
+ /*
+ * Do nothing if we can't figure out what the context is,
+ * or if it has no context; in which case the default
+ * context shall be applied.
+ */
+ if( ! ((matchpathcon(fnamenewvb.buf,
+ (nifd->namenode->statoverride ?
+ nifd->namenode->statoverride->mode : ti->Mode)
+ & ~S_IFMT, &scontext) != 0) ||
+ (strcmp(scontext, "<<none>>") == 0)))
+ {
+ if(setfscreatecon(scontext) < 0)
+ perror("Error setting security context for file object:");
+ }
+ }
+#endif /* WITH_SELINUX */
+
+
/* Extract whatever it is as .dpkg-new ... */
switch (ti->Type) {
case NormalFile0: case NormalFile1:
@@ -655,9 +693,34 @@
}
}
+#ifdef WITH_SELINUX
+ /*
+ * if selinux is enabled, try and set the defaule security context
+ * for the renamed file
+ */
+ if (selinux_enabled == 1)
+ if(scontext)
+ {
+ if(setfscreatecon(scontext) < 0)
+ perror("Error setting security context for next file object:");
+ freecon(scontext);
+ }
+
+#endif /* WITH_SELINUX */
+
if (rename(fnamenewvb.buf,fnamevb.buf))
ohshite(_("unable to install new version of `%.255s'"),ti->Name);
+#ifdef WITH_SELINUX
+ /*
+ * if selinux is enabled, restore the default security context
+ */
+ if (selinux_enabled == 1)
+ if(setfscreatecon(NULL) < 0)
+ perror("Error restoring default security context:");
+#endif /* WITH_SELINUX */
+
+
nifd->namenode->flags |= fnnf_elide_other_lists;
debug(dbg_eachfiledetail,"tarobject done and installed");
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.11.2-skas3-v8-rc2
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=ANSI_X3.4-1968)
(ignored: LC_ALL set to C)
Versions of packages dpkg depends on:
ii coreutils [textutils] 5.2.1-2.gn1 The GNU core utilities
ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an
ii textutils 5.2.1-2 The GNU text file processing utili
dpkg recommends no packages.
-- no debconf information
--
Cheese -- milk's leap toward immortality. Clifton Fadiman, "Any Number
Can Play"
Manoj Srivastava <[EMAIL PROTECTED]> <http://www.golden-gryphon.com/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
