On Thu, 2017-11-02 at 14:19 +0100, Petr Lautrbach wrote:
> When SELinux is disabled, semanage without -N fails with a quite
> complicated
> error message when it tries to reload a new policy. Since reload in
> this case
> doesn't make sense, we should probably try to avoid that.
I haven't looked c
On Wed, 2017-11-01 at 17:39 -0400, Paul Moore wrote:
> On Tue, Oct 31, 2017 at 7:08 PM, Florian Westphal
> wrote:
> > Paul Moore wrote:
> > > On Mon, Oct 30, 2017 at 10:58 AM, Stephen Smalley > > gov> wrote:
> > > > matching before (as in this patc
On Wed, 2017-11-01 at 17:40 +1100, James Morris wrote:
> On Tue, 31 Oct 2017, Stephen Smalley wrote:
>
> > This btw would be a bit cleaner if we dropped the .ns. portion of
> > the
> > name, such that we would have:
> > security.selinux # xattr name in the init name
On Wed, 2017-11-01 at 00:08 +0100, Florian Westphal wrote:
> Paul Moore wrote:
> > On Mon, Oct 30, 2017 at 10:58 AM, Stephen Smalley > v> wrote:
> > > matching before (as in this patch) or after calling
> > > xfrm_bundle_ok()?
> >
> > I would probabl
On Tue, 2017-10-31 at 09:00 -0400, Stephen Smalley wrote:
> On Tue, 2017-10-31 at 14:11 +1100, James Morris wrote:
> > On Mon, 30 Oct 2017, Stephen Smalley wrote:
> >
> > > Thanks, interesting approach. One drawback is that it doesn't
> > > presently
&g
On Tue, 2017-10-31 at 09:43 -0400, Stephen Smalley wrote:
> On Tue, 2017-10-31 at 12:11 +0100, Florian Westphal wrote:
> > Stephen Smalley wrote:
> > > Since 4.14-rc1, the selinux-testsuite has been encountering
> > > sporadic
> > > failures during testing of
On Tue, 2017-10-31 at 12:11 +0100, Florian Westphal wrote:
> Stephen Smalley wrote:
> > Since 4.14-rc1, the selinux-testsuite has been encountering
> > sporadic
> > failures during testing of labeled IPSEC. git bisect pointed to
> > commit ec30d78c14a813db39a647b6a348
On Tue, 2017-10-31 at 14:11 +1100, James Morris wrote:
> On Mon, 30 Oct 2017, Stephen Smalley wrote:
>
> > Thanks, interesting approach. One drawback is that it doesn't
> > presently
> > support any form of inheritance of labels from the parent
> > namespace
On Mon, 2017-10-30 at 21:04 +1100, James Morris wrote:
> This is a proof-of-concept patch to demonstrate an approach to
> supporting
> SELinux namespaces for security.selinux xattr labels.
>
> This follows on from the experimental SELinux namespace code posted
> by
> Stephen: https://marc.info/?
On Mon, 2017-10-30 at 10:57 +, Matthew Garrett via Selinux wrote:
> On Thu, Oct 26, 2017 at 3:20 PM, Stephen Smalley
> wrote:
> > On Thu, 2017-10-26 at 01:40 -0700, Matthew Garrett via Selinux
> > wrote:
> > > +static void selinux_cred_getsecid(const struc
try. With these changes,
the selinux-testsuite passes all tests again.
Fixes: ec30d78c14a813db39a647b6a348b4286ba4abf5 ("xfrm: add xdst pcpu cache")
Signed-off-by: Stephen Smalley
---
This is an RFC because I am not entirely confident in the fix, e.g. is it
sufficient to perform this
-testsuite; I used
it to confirm that we are not getting proper xfrm state selector
matching with the current xdst pcpu cache code and to test a possible fix.
Signed-off-by: Stephen Smalley
---
tests/inet_socket/ipsec-load | 7 +--
tests/inet_socket/test | 23 ++
quot;)
Signed-off-by: Stephen Smalley
---
Sending this as an RFC to lsm and selinux for comments before sending it
to netdev. See https://github.com/SELinuxProject/selinux-kernel/issues/36
for earlier discussion about the bug.
net/xfrm/xfrm_policy.c | 2 ++
1 file changed, 2 insertions(+)
d
Trivial reformatting via tools/check-syntax -f.
Noticed it when I ran it to fix up the inet_socket/test script
after the changes in the preceding commit and it also fixed this one.
Signed-off-by: Stephen Smalley
---
tests/nnp_nosuid/test | 2 +-
1 file changed, 1 insertion(+), 1 deletion
f-by: Matthew Garrett
> Acked-by: Paul Moore
> Cc: Paul Moore
> Cc: Stephen Smalley
> Cc: Eric Paris
> Cc: selinux@tycho.nsa.gov
> Cc: Casey Schaufler
> Cc: linux-security-mod...@vger.kernel.org
> Cc: Mimi Zohar
> Cc: Dmitry Kasatkin
> Cc: linux-integr...@v
relax the checking somewhat based on testing a wider range of
older kernels.
Signed-off-by: Stephen Smalley
---
tests/inet_socket/client.c | 20 ++--
tests/inet_socket/test | 24
2 files changed, 22 insertions(+), 22 deletions(-)
diff --git a/tests/i
On Tue, 2017-10-24 at 23:00 +0200, Nicolas Iooss wrote:
> On Tue, Oct 24, 2017 at 10:20 PM, William Roberts
> wrote:
> > On Oct 24, 2017 13:05, "Stephen Smalley" wrote:
> >
> > On Tue, 2017-10-24 at 09:26 -0700, William Roberts wrote:
> > > Error 52,
arted the job, and it failed again in the same way (but on
different cases). Then I restarted it a third time, and this time it
ran to completion. This seems problematic; we likely need to
reconsider any use of curl from the travis.yml file.
>
>
>
>
> On Tue, Oct 24, 2017 at
On Wed, 2017-10-18 at 19:30 -0700, William Roberts wrote:
> On Tue, Oct 17, 2017 at 12:50 PM, Stephen Smalley
> wrote:
> > On Tue, 2017-10-17 at 11:49 -0700, William Roberts wrote:
> > > On Sun, Oct 15, 2017 at 5:10 AM, Nicolas Iooss > > .org
> > > > wrot
On Thu, 2017-10-19 at 16:57 +0100, Richard Haines wrote:
> Add CALIPSO tests to inet_socket.
>
> Note the CALIPSO/IPv6 datagram tests check whether the kernel patch
> described in "Add SCM_SECURITY support to IPv6" [1] is installed.
>
> [1] https://github.com/SELinuxProject/selinux-kernel/issues/
On Thu, 2017-10-19 at 16:56 +0100, Richard Haines wrote:
> The default is not to test, however it still tries to build
> create_modify_qp.c that requires a header and library that may not
> exist.
>
> Signed-off-by: Richard Haines
Thanks, applied.
> ---
> tests/infiniband_pkey/Makefile | 10 ++
On Mon, 2017-10-23 at 10:52 +0200, Jan Zarsky wrote:
> When reading policy, ibendport device names are allocated in
> ocontext_read_selinux() but they are not freed when calling
> sepol_policydb_free();
>
> Fix this by freeing them in ocontext_selinux_free().
>
> Signed-off-by: Jan Zarsky
Thank
On Sat, 2017-10-21 at 15:43 +0200, Nicolas Belouin wrote:
> With CAP_SYS_ADMIN being bloated and inapropriate for actions such
> as mounting/unmounting filesystems, the creation of a new capability
> is needed.
> CAP_SYS_MOUNT is meant to give a process the ability to call for
> mount,
> umount and
On Tue, 2017-10-17 at 14:59 +0100, Richard Haines wrote:
> The SELinux SCTP implementation is explained in:
> Documentation/security/SELinux-sctp.txt
>
> Signed-off-by: Richard Haines
> ---
> Documentation/security/SELinux-sctp.txt | 108 +
> security/selinux/hooks.c|
On Thu, 2017-10-19 at 14:27 -0400, Stephen Smalley wrote:
> On Thu, 2017-10-19 at 09:25 -0700, William Roberts wrote:
> > On Thu, Oct 19, 2017 at 7:26 AM, Stephen Smalley > >
> > wrote:
> > > On Tue, 2017-10-17 at 09:33 -0700, Daniel Cashman wrote:
> > > &g
On Thu, 2017-10-19 at 09:25 -0700, William Roberts wrote:
> On Thu, Oct 19, 2017 at 7:26 AM, Stephen Smalley
> wrote:
> > On Tue, 2017-10-17 at 09:33 -0700, Daniel Cashman wrote:
> > > From: Dan Cashman
> > >
> > > The file_contexts labeling backend, spe
On Tue, 2017-10-17 at 09:33 -0700, Daniel Cashman wrote:
> From: Dan Cashman
>
> The file_contexts labeling backend, specified in label_file.c,
> currently assumes
> that only one path will be specified as an option to
> selabel_open(). The split
> of platform and non-platform policy on device,
On Tue, 2017-10-17 at 11:49 -0700, William Roberts wrote:
> On Sun, Oct 15, 2017 at 5:10 AM, Nicolas Iooss > wrote:
> > On Fri, Oct 13, 2017 at 1:50 AM, William Roberts
> > wrote:
> > > On Thu, Oct 12, 2017 at 1:48 PM, Stephen Smalley > > ov> wrote:
>
On Mon, 2017-10-16 at 17:44 +1100, James Morris wrote:
> This is a patch against the SELinux namespace work.
>
> Mark the initial SELinux namespace pointer as __ro_after_init, to
> harden
> against malicious overwrite by an attacker.
>
> Signed-off-by: James Morris
Thanks, this looks fine; I c
On Wed, 2017-10-11 at 10:53 +0200, Petr Lautrbach wrote:
> When libselinux is built using USE_PCRE2 libselinux.pc needs to
> require
> libpcre2-8 instead of libpcre.
>
> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1487521
>
> Signed-off-by: Petr Lautrbach
Thanks, applied.
We still need
On Tue, 2017-10-10 at 14:12 -0700, Daniel Cashman wrote:
> From: Dan Cashman
>
> The file_contexts labeling backend, specified in label_file.c,
> currently assumes
> that only one path will be specified as an option to
> selabel_open(). The split
> of platform and non-platform policy on device,
On Thu, 2017-10-12 at 11:29 -0700, William Roberts wrote:
> I see a travis.yml file, recently modified by Nicolas, but I failed
> to
> find the Travis CI instance on travis.org, where is it?
>
> We should likely have it running on commits to the repo and PRs so we
> can have some independent way o
On Wed, 2017-10-11 at 13:43 -0700, Chenbo Feng via Selinux wrote:
> On Wed, Oct 11, 2017 at 5:54 AM, Stephen Smalley
> wrote:
> > On Tue, 2017-10-10 at 17:09 -0700, Chenbo Feng wrote:
> > > From: Chenbo Feng
> > >
> > > Introduce a bpf object related check
On Tue, 2017-10-10 at 10:54 -0700, Chenbo Feng via Selinux wrote:
> On Tue, Oct 10, 2017 at 7:52 AM, Stephen Smalley
> wrote:
> > On Tue, 2017-10-10 at 10:18 -0400, Stephen Smalley wrote:
> > > On Mon, 2017-10-09 at 15:20 -0700, Chenbo Feng wrote:
>
On Tue, 2017-10-10 at 17:09 -0700, Chenbo Feng wrote:
> From: Chenbo Feng
>
> Introduce a bpf object related check when sending and receiving files
> through unix domain socket as well as binder. It checks if the
> receiving
> process have privilege to read/write the bpf map or use the bpf
> prog
On Tue, 2017-10-10 at 10:48 -0700, Chenbo Feng wrote:
> On Tue, Oct 10, 2017 at 7:24 AM, Stephen Smalley
> wrote:
> > On Mon, 2017-10-09 at 15:20 -0700, Chenbo Feng wrote:
> > > From: Chenbo Feng
> > >
> > > Introduce a bpf object related check
On Tue, 2017-10-10 at 10:18 -0400, Stephen Smalley wrote:
> On Mon, 2017-10-09 at 15:20 -0700, Chenbo Feng wrote:
> > From: Chenbo Feng
> >
> > Implement the actual checks introduced to eBPF related syscalls.
> > This
> > implementation use the security field ins
On Mon, 2017-10-09 at 14:10 +1100, James Morris wrote:
> On Mon, 2 Oct 2017, Stephen Smalley wrote:
>
> > Move the access vector cache (AVC) into the selinux namespace
> > structure and pass it explicitly to all AVC functions. The
> > AVC private state is encapsulated in
On Fri, 2017-10-06 at 14:24 -0500, Serge E. Hallyn wrote:
> Quoting Stephen Smalley (s...@tycho.nsa.gov):
> > On Fri, 2017-10-06 at 12:07 +1100, James Morris wrote:
> > > On Mon, 2 Oct 2017, Stephen Smalley wrote:
> > >
> > > > This change presumes t
On Mon, 2017-10-09 at 15:20 -0700, Chenbo Feng wrote:
> From: Chenbo Feng
>
> Introduce a bpf object related check when sending and receiving files
> through unix domain socket as well as binder. It checks if the
> receiving
> process have privilege to read/write the bpf map or use the bpf
> prog
On Mon, 2017-10-09 at 15:20 -0700, Chenbo Feng wrote:
> From: Chenbo Feng
>
> Implement the actual checks introduced to eBPF related syscalls. This
> implementation use the security field inside bpf object to store a
> sid that
> identify the bpf object. And when processes try to access the objec
On Fri, 2017-10-06 at 13:53 -0400, Waiman Long wrote:
> Antonio,
>
> I have a question about your 4.14 upstream commit 901ef845fa2469c
> ("selinux: allow per-file labeling for cgroupfs"). With that, I am no
> longer able to mount the cgroup2 filesystem with a 4.14 kernel. The
> problem is that you
On Oct 8, 2017 9:54 PM, "James Morris" wrote:
On Thu, 5 Oct 2017, Stephen Smalley wrote:
> inet_socket test failures are expected due to running in a non-init
> network namespace; they don't work even without unsharing the selinux
> namespace.
Do these results all look
On Wed, 2017-10-04 at 17:36 +0200, Vit Mojzis wrote:
> Include entries from file_contexts.homedirs when listing file
> contexts
> via "semanage fcontext -l"
>
> "semanage fcontext -l" so far ignored content of
> file_contexts.homedirs
> file, which is confusing for users (more specific rules may b
On Fri, 2017-10-06 at 12:07 +1100, James Morris wrote:
> On Mon, 2 Oct 2017, Stephen Smalley wrote:
>
> > This change presumes that one will always unshare the network
> > namespace
> > when unsharing a new selinux namespace (the reverse is not
> > requ
On Thu, 2017-10-05 at 09:37 -0400, Stephen Smalley wrote:
> On Wed, 2017-10-04 at 11:29 -0700, Chenbo Feng wrote:
> > From: Chenbo Feng
> >
> > Introduce a bpf object related check when sending and receiving
> > files
> > through unix domain socket as
On Thu, 2017-10-05 at 11:49 -0400, Stephen Smalley wrote:
> On Thu, 2017-10-05 at 11:27 -0400, Stephen Smalley wrote:
> > On Mon, 2017-10-02 at 11:58 -0400, Stephen Smalley wrote:
> > > Provide a userspace API to unshare the selinux namespace.
> > > Currently implemented
On Thu, 2017-10-05 at 11:27 -0400, Stephen Smalley wrote:
> On Mon, 2017-10-02 at 11:58 -0400, Stephen Smalley wrote:
> > Provide a userspace API to unshare the selinux namespace.
> > Currently implemented via a selinuxfs node. This could be
> > coupled with unsharing of
On Mon, 2017-10-02 at 11:58 -0400, Stephen Smalley wrote:
> Provide a userspace API to unshare the selinux namespace.
> Currently implemented via a selinuxfs node. This could be
> coupled with unsharing of other namespaces (e.g. mount namespace,
> network namespace) that will always
On Thu, 2017-10-05 at 10:06 -0400, Stephen Smalley wrote:
> On Thu, 2017-10-05 at 00:47 -0500, Serge E. Hallyn wrote:
> > On Mon, Oct 02, 2017 at 11:58:19AM -0400, Stephen Smalley wrote:
> > > The selinux netlink socket is used to notify userspace of changes
> > > to
&
On Thu, 2017-10-05 at 00:47 -0500, Serge E. Hallyn wrote:
> On Mon, Oct 02, 2017 at 11:58:19AM -0400, Stephen Smalley wrote:
> > The selinux netlink socket is used to notify userspace of changes
> > to
> > the enforcing mode and policy reloads. At present, these
> > n
On Wed, 2017-10-04 at 11:29 -0700, Chenbo Feng wrote:
> From: Chenbo Feng
>
> Introduce a bpf object related check when sending and receiving files
> through unix domain socket as well as binder. It checks if the
> receiving
> process have privilege to read/write the bpf map or use the bpf
> prog
On Wed, 2017-10-04 at 11:29 -0700, Chenbo Feng wrote:
> From: Chenbo Feng
>
> Implement the actual checks introduced to eBPF related syscalls. This
> implementation use the security field inside bpf object to store a
> sid that
> identify the bpf object. And when processes try to access the objec
_prlimit' [-Wmissing-prototypes]
>
> Signed-off-by: Corentin Labbe
Acked-by: Stephen Smalley
> ---
> security/selinux/hooks.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index 8507a56f8
y: Corentin Labbe
Acked-by: Stephen Smalley
> ---
> security/selinux/hooks.c | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index f5d304736852..8507a56f85e4 100644
> --- a/security/selinux/hooks
fusing for users (more specific rules may be
> ignored in
> favor of rules unseen to the user since file_contexts.homedirs has
> higher priority than file_contexts).
>
> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813
>
> Signed-off-by: Vit Mojzis
For all three p
On Tue, 2017-10-03 at 11:57 +0200, Vit Mojzis wrote:
> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813
These all look good to me now. Could you please re-post them all with
Signed-off-by: lines, and then we'll merge them in a couple of days
barring any other concerns?
> ---
> libsema
dependency information, and the ultimate goal
is to stop using binary modules altogether so it is not worth fixing.
Remove it to avoid any further broken usage.
Signed-off-by: Stephen Smalley
---
semodule-utils/.gitignore| 1 -
semodule-utils/Makefile | 2
On Mon, 2017-10-02 at 16:54 -0500, David Graziano wrote:
> I'm trying to find a way of labeling specific files/directories in
> sysfs that do not exist at boot time. I'm running an embedded SELinux
> enabled system (4.1 series kernel) where at boot there is an init
> script performing a restorecon
On Mon, 2017-10-02 at 16:56 -0700, Casey Schaufler wrote:
> On 10/2/2017 8:58 AM, Stephen Smalley wrote:
> > Provide a userspace API to unshare the selinux namespace.
> > Currently implemented via a selinuxfs node. This could be
> > coupled with unsharing of other namespaces (
On Sun, 2017-10-01 at 20:01 +0200, Vit Mojzis wrote:
> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813
> ---
> libsemanage/include/semanage/fcontexts_policy.h | 4
> libsemanage/src/direct_api.c| 6 ++
> libsemanage/src/fcontexts_policy.c | 8
bsequently affect the enforcing mode or policy of the
parent. This also helps avoid common mistakes like failing to create
a mount namespace and mount a new selinuxfs instance in order to act
on one's own selinux namespace after unsharing.
Signed-off-by: Stephen Smalley
---
security/selinux/s
present,
it will modify the on-disk xattr but will only update the in-core SID for
the current namespace and could leave other namespaces out of sync until
the inode is evicted and refetched.
Not-signed-off-by: Stephen Smalley
---
security/selinux/hooks.c
is cleaner and hopefully
less fragile. In other cases, the cred could in fact differ.
Not-signed-off-by: Stephen Smalley
---
security/selinux/hooks.c| 42 ++---
security/selinux/include/security.h | 2 ++
2 files changed, 23 insertions(+), 21 deletions
* No doubt other things I'm forgetting or haven't thought of.
Use at your own risk.
Not-signed-off-by: Stephen Smalley
---
security/selinux/include/classmap.h | 3 +-
security/selinux/selinuxfs.c| 66 +
2 files changed, 68 insertions(+), 1
n that commit.
Not-signed-off-by: Stephen Smalley
---
security/selinux/hooks.c| 109
security/selinux/include/objsec.h | 5 +-
security/selinux/include/security.h | 3 +-
security/selinux/ss/services.c | 19 ---
4 files changed, 1
support multiple selinux namespaces since
the AVC caches state (e.g. SIDs, policy sequence number) that
is maintained and provided by the security server on a per-namespace
basis.
This change by itself should have no effect on SELinux behavior or
APIs (userspace or LSM).
Signed-off-by: Stephen
signing off on this or most subsequent patches as I am not
yet convinced that this is the right approach.
Not-signed-off-by: Stephen Smalley
---
security/selinux/hooks.c| 34 --
security/selinux/include/objsec.h | 9 -
security/selinux/include
created.
Signed-off-by: Stephen Smalley
---
include/net/net_namespace.h | 3 +++
security/selinux/netlink.c | 31 +--
2 files changed, 28 insertions(+), 6 deletions(-)
diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h
index 57faa37..e4dd04a 100644
initial
namespace) and uses that namespace for all selinuxfs operations.
Signed-off-by: Stephen Smalley
---
security/selinux/include/security.h | 3 +-
security/selinux/selinuxfs.c| 480 ++--
security/selinux/ss/services.c | 13 +
security/selinux
noted that in their current form, these patches do not
yet support any of these use cases.
You can also find these patches in the following tree:
https://github.com/stephensmalley/selinux-kernel/tree/selinuxns
Use at your own risk. Enjoy!
Stephen Smalley (10):
selinux: introduce a selinux namespac
after running make localmodconfig and then re-adding the already documented
config options to my config; these three tests had failures due to
the missing config options.
Signed-off-by: Stephen Smalley
---
v2 fixes the config option required for testing NETLINK_ISCSI sockets.
README | 21
Move the required kernel configuration options to run the testsuite
from the README to a separate defconfig file, and update the README to
refer to it and provide instructions on how to merge this file with a
base config.
Signed-off-by: Stephen Smalley
---
README| 80
after running make localmodconfig and then re-adding the already documented
config options to my config; these three tests had failures due to
the missing config options.
Signed-off-by: Stephen Smalley
---
README | 21 -
1 file changed, 20 insertions(+), 1 deletion(-)
diff
On Mon, 2017-06-26 at 14:38 +0200, Vit Mojzis wrote:
> access() uses real UID instead of effective UID which causes false
> negative checks in setuid programs.
> Replace access(,F_OK) (i.e. tests for file existence) by stat().
>
> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1186431
>
> Sig
On Wed, 2017-09-27 at 13:42 -0400, Stephen Smalley wrote:
> On Wed, 2017-09-27 at 10:16 +0200, Vit Mojzis wrote:
> > Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813
> > ---
> > libsemanage/include/semanage/fcontexts_policy.h | 4
> > l
On Wed, 2017-09-27 at 10:16 +0200, Vit Mojzis wrote:
> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813
> ---
> libsemanage/include/semanage/fcontexts_policy.h | 4
> libsemanage/src/direct_api.c| 6 ++
> libsemanage/src/fcontexts_policy.c | 8
On Wed, 2017-09-27 at 10:16 +0200, Vit Mojzis wrote:
> Include entries from fcontexts.homedirs when listing file contexts
> via "semanage fcontext -l"
>
> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1409813
> ---
> python/semanage/seobject.py | 5 +
> 1 file changed, 5 insertions(+)
>
On Sun, 2017-09-24 at 19:04 +0200, Nicolas Iooss wrote:
> Several "sepolic gui" tabs raise exceptions when using a policy
> without
> MLS because some dictionaries describing users and logins lack level
> and
> range properties. Use conditions and get() where appropriate in order
> to make "sepolic
On Sat, 2017-09-23 at 15:45 +0200, Nicolas Iooss wrote:
> The latest update to Travis-CI build environment splitted sugilite
> environment into amethyst and garnet and deprecated sugilite. As
> garnet
> provides tools for languages C and Python, and as it is automatically
> selected according to
>
On Tue, 2017-09-19 at 22:49 +0200, Nicolas Iooss wrote:
> On a system without any file context customizations, "sepolicy gui"
> fails to load because it tries to read a non-existing file:
>
> FileNotFoundError: [Errno 2] No such file or directory:
> '/etc/selinux/refpolicy-git/contexts/fil
On Wed, 2017-09-13 at 10:16 +0200, jan.zarsky.jzar...@redhat.com wrote:
> From: Jan Zarsky
>
> When sepol_bool_query() returns NULL response, variable name is not
> freed. Fix this by calling free() before returning.
>
> Signed-off-by: Jan Zarsky
Thanks, applied.
> ---
> libsepol/src/boolean
On Mon, 2017-09-11 at 11:04 -0700, Daniel Cashman wrote:
> From: Dan Cashman
>
> The file_contexts labeling backend, specified in label_file.c,
> currently assumes
> that only one path will be specified as an option to
> selabel_open(). The split
> of platform and non-platform policy on device,
Hi,
The selinux mailing list is for developer discussions regarding
SELinux. Advertisements for commercial products are not acceptable on
the list. Please refrain from doing so again. Thanks.
On Sep 12, 2017 12:49 PM, "Christian Göttsche"
wrote:
> This seems to revert what was an intentional change to avoid noise in
> fixfiles check output. See the mailing list discussions that preceded and
> followed the patch.
In my opinion, it's a helpful noise, which is triggered by an intended
On Sep 11, 2017 3:45 AM, "Christian Göttsche via Selinux" <
selinux@tycho.nsa.gov> wrote:
Since 1cd972f restorecon does not print a warning in recurse mode for child
files without a default label.
Change it back in verbose mode:
$ touch /run/test.pid
$ restorecon -R /run
$ restorecon -v -R /run
W
On Sep 12, 2017 7:01 AM, "Dominick Grift" wrote:
I have extended socket class polcap enabled but i am still seeing "socket"
class events and i was wondering whether that is to be expected?
avc: denied { create } for pid=10484 comm="nethogs" scontext=wheel.id:
sysadm.role:nethogs.subj:s0 tcont
On Sep 8, 2017 6:49 PM, "Chris PeBenito" wrote:
I believe that all major SELinux distributions have at least Python 3.4
support. Python 3 changeover has gone so long that even 3.3 is about to go
end-of-life [1]. Can we officially drop Python 2.7 support in userspace
code?
I'd like to drop supp
k.
Further changes to Smack might still be required to take full advantage of
this change, since it should now be possible to perform capability
checking based on the supplied cred. The changes to Smack and AppArmor
have only been compile-tested.
Signed-off-by: Stephen Smalley
---
drivers/usb/co
On Thu, 2017-09-07 at 14:26 +0200, Dominick Grift wrote:
> I was just reminded of the fact that role and range transitions
> cannot be conditional in kernel policy.
>
> Is this technically impossible? Why can type transitions be
> conditional in kernel policy but not role and range transitions?
I
On Thu, 2017-09-07 at 11:05 +0200, Dominick Grift wrote:
> pam_selinux requirements are generally pretty simple: its used to
> associate a context with a login shell.
>
> With systemd things have becomes a bit more complicated.
>
> systemd uses pam_selinux to associate a context with both a login
On Tue, 2017-09-05 at 15:24 -0700, Chenbo Feng via Selinux wrote:
> On Fri, Sep 1, 2017 at 5:50 AM, Stephen Smalley
> wrote:
> > On Thu, 2017-08-31 at 13:56 -0700, Chenbo Feng wrote:
> > > From: Chenbo Feng
> > >
> > > Introduce 5 LSM hooks to provide f
On Thu, 2017-08-31 at 13:56 -0700, Chenbo Feng wrote:
> From: Chenbo Feng
>
> Introduce 5 LSM hooks to provide finer granularity controls on eBPF
> related operations including create eBPF maps, modify and read eBPF
> maps
> content and load eBPF programs to the kernel. Hooks use the new
> securi
On Tue, 2017-08-29 at 08:54 -0400, Stephen Smalley wrote:
> On Mon, 2017-08-28 at 14:58 -0700, Jeffrey Vander Stoep via Selinux
> wrote:
> > Genfs_contexts does not label symlinks in sysfs, instead it leaves
> > them with the default “sysfs” label. Is this a bug?
>
> W
(we'd need to test on RHEL 6/7
at least).
Have you measured to see the impact of switching from setxattr to
genfscon for sysfs labeling?
commit ea6b184f7d521a503ecab71feca6e4057562252b
Author: Stephen Smalley
Date: Mon Sep 22 15:41:19 2008 -0400
selinux: use default proc sid on symli
On Fri, 2017-08-25 at 12:52 -0700, Chenbo Feng via Selinux wrote:
> On Fri, Aug 25, 2017 at 12:45 PM, Jeffrey Vander Stoep com> wrote:
> > On Fri, Aug 25, 2017 at 12:26 PM, Stephen Smalley > v> wrote:
> > > On Fri, 2017-08-25 at 11:01 -0700, Jeffrey Vander Stoep vi
On Fri, 2017-08-25 at 11:01 -0700, Jeffrey Vander Stoep via Selinux
wrote:
> I’d like to get your thoughts on adding LSM permission checks on BPF
> objects.
>
> By default, the ability to create and use eBPF maps/programs requires
> CAP_SYS_ADMIN [1]. Alternatively, all processes can be granted ac
On Tue, 2017-08-22 at 15:15 +0300, Sky Autumn wrote:
> Hello, everyone.
> There's my problem. When I try to set label on directory with russian
> letters in name with policy module, the following error occur:
> /etc/selinux/final/targeted/contexts/files/file_contexts: line 5206
> error due to:
Update my email address since epoch.ncsc.mil no longer exists.
Signed-off-by: Stephen Smalley
---
checkpolicy/checkmodule.8 | 2 +-
checkpolicy/checkpolicy.8 | 4 ++--
checkpolicy/checkpolicy.c | 2 +-
checkpolicy/policy_define.c
Update my email address since epoch.ncsc.mil no longer exists.
MAINTAINERS and CREDITS are already correct.
Signed-off-by: Stephen Smalley
---
security/selinux/avc.c | 2 +-
security/selinux/hooks.c| 2 +-
security/selinux/include/avc.h | 2 +-
security/selinux
301 - 400 of 1507 matches
Mail list logo