Therefore, this patch changes SELinux to use task_alloc hook rather
> than
> task_create hook so that we can remove task_create hook.
Aside from the nit on the patch description above,
Acked-by: Stephen Smalley
>
> Signed-off-by: Tetsuo Handa
> ---
> security/selinux/hooks.c |
On Wed, 2017-03-22 at 22:49 +1100, Russell Coker wrote:
> On Tuesday, 21 March 2017 2:01:04 PM AEDT Stephen Smalley wrote:
> > On Tue, 2017-03-21 at 16:06 +0100, cgzones wrote:
> > > Hi list,
> > > this thread[1] about setsockopt(...,...,SO_SNDBUFFORCE), which
> >
On Tue, 2017-03-14 at 00:11 +0100, cgzones wrote:
> Hi list,
> I created bug report against dbus 1.10 on Debian [1] due to failing
> to
> send policyload notices.
> Are there any objections or comments on the upstream patch[2]?
Also, the patch looks correct to me.
> The patch works for me:
>
> M
On Tue, 2017-03-14 at 00:11 +0100, cgzones wrote:
> Hi list,
> I created bug report against dbus 1.10 on Debian [1] due to failing
> to
> send policyload notices.
> Are there any objections or comments on the upstream patch[2]?
The patch has been working correctly in dbus 1.11 in Fedora for quite
On Tue, 2017-03-21 at 16:06 +0100, cgzones wrote:
> Hi list,
> this thread[1] about setsockopt(...,...,SO_SNDBUFFORCE), which
> triggers widely due to systemd, let me think about the recent SELinux
> kernel fixes: the reordering of dac_read_search and dac_override and
> also the cap_wake_alarm fix.
On Fri, 2017-03-17 at 12:07 +0100, cgzones wrote:
> Hi list,
> I am using newrole v2.6 on Debian testing. The pam config
> /etc/pam.d/newrole contains:
>
> #%PAM-1.0
>
> @include common-auth
> @include common-account
> @include common-session
> session required pam_namespace.so unmnt_remnt no_un
On Wed, 2017-03-15 at 21:30 +0100, Dominick Grift wrote:
> On Wed, Mar 15, 2017 at 02:52:29PM -0500, Ian Pilcher wrote:
> > 10 years later, is this still accurate?
>
> No:
>
> echo "(portcon tcp 12345 (system_u object_r http_port_t ((s0)(s0"
> > myport.cil && semodule -i myport.cil
Note that
Fixes https://github.com/SELinuxProject/selinux/issues/49 (#49).
Signed-off-by: Stephen Smalley
---
python/semanage/seobject.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
index 94bd368..7a54373 100644
--- a
On Fri, 2017-03-10 at 14:49 -0500, James Carter wrote:
> Use the same option "-C" used to ouput CIL from a policy.conf, but
> now
> generate CIL from a binary policy instead of giving an error.
>
> Use the option "-F" to generate a policy.conf file from a binary
> policy.
>
> Signed-off-by: James
On Thu, 2017-03-09 at 15:09 +0100, Petr Lautrbach wrote:
> On 03/09/2017 10:09 AM, Ville Skyttä wrote:
> >
> > https://docs.python.org/3/whatsnew/3.6.html#deprecated-python-behav
> > ior
>
>
> I'd suggest to add the text from the page directly to the commit
> message:
>
> A backslash-character
On Fri, 2017-03-03 at 10:52 +0100, Vit Mojzis wrote:
> HTMLManPages got domain name by splitting name of selinux manpage
> on "_selinux" which doesn't work properly when domain name contains
> "_selinux".
Thanks, applied.
>
> Signed-off-by: Vit Mojzis
> ---
> python/sepolicy/sepolicy/manpage.p
On Fri, 2017-03-10 at 15:01 -0500, Paul Moore wrote:
> On Thu, Feb 9, 2017 at 10:58 AM, Antonio Murdaca > wrote:
> >
> > This patch allows genfscon per-file labeling for cgroupfs. For
> > instance,
> > this allows to label the "release_agent" file within each
> > cgroup mount and limit writes to
checked when required for
the operation.
Signed-off-by: Stephen Smalley
---
fs/namei.c | 20 ++--
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/fs/namei.c b/fs/namei.c
index d41fab7..482414a 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -340,22 +340,14 @@ int
On Thu, 2017-03-09 at 10:28 -0500, Stephen Smalley wrote:
> On Thu, 2017-03-09 at 17:03 +0800, yangshukui wrote:
> >
> > I want to use SELinux in system container and only concern the
> > function
> > in the container.
> > this system container run in vm
On Thu, 2017-03-09 at 17:03 +0800, yangshukui wrote:
> I want to use SELinux in system container and only concern the
> function
> in the container.
> this system container run in vm and every vm has only one system
> container.
>
> How do I use now?
> docker run ... system-contaier /sbin/init
>
On Fri, 2017-03-03 at 09:36 -0600, Ian Pilcher wrote:
> On 03/02/2017 12:12 AM, Jason Zaman wrote:
> >
> > On Wed, Mar 01, 2017 at 05:51:01PM -0600, Ian Pilcher wrote:
> > >
> > > On 03/01/2017 05:28 PM, Ian Pilcher wrote:
> > > >
> > > > Per Lennart's response, systemd *should* be honoring the
On Wed, 2017-02-22 at 17:03 +, Richard Haines wrote:
> Add SELinux support for the SCTP protocol. The SELinux-sctp.txt
> document
> describes how the patch has been implemented.
>
> Patches to assist the testing of this kernel patch are:
> 1) Support new SCTP portcon statement used by SCTP tes
On Thu, 2017-03-02 at 12:29 +1000, Doug Brown wrote:
> Hi list,
>
> Some SELinux configurations can't be included in policy and require
> the
> use of semanage. This is fine in some cases, such as the installation
> of
> services by package management, but the use of `semanage -i` doesn't
> lend i
with the pending "fs: switch order of
CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH checks" kernel patch applied.
This audit output has been confirmed manually.
Signed-off-by: Stephen Smalley
---
policy/test_global.te | 4
tests/Makefile | 1 +
tests/capable_file
Define the new cgroup_seclabel policy capability used to
enable userspace setting of security labels on cgroup files
via setfscreatecon() aka /proc/self/attr/fscreate and/or
setfilecon() aka setxattr().
Signed-off-by: Stephen Smalley
---
libsepol/include/sepol/policydb/polcaps.h | 1 +
libsepol
hange
with a conditional on a new cgroup_seclabel policy capability. This
preserves existing behavior until/unless a new policy explicitly enables
this capability.
Reported-by: John Stultz
Signed-off-by: Stephen Smalley
---
security/selinux/hooks.c| 7 ---
security/selin
no permissions. Fix this in the SELinux hook by
returning immediately if the flags are 0. Arguably prlimit64() itself
ought to return immediately if both old_rlim and new_rlim are NULL since
it is effectively a no-op in that case.
Reported by the lkp-robot based on trinity testing.
Signed-
On Wed, 2017-02-22 at 16:47 +0100, Petr Lautrbach wrote:
> On 02/14/2017 04:11 PM, Stephen Smalley wrote:
> >
> > On Tue, 2017-02-14 at 14:14 +0100, Vit Mojzis wrote:
> > >
> > > Use faccessat() with AT_EACCESS instead of accesss() in order to
> > >
checked when required for
the operation.
Signed-off-by: Stephen Smalley
---
fs/namei.c | 20 ++--
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/fs/namei.c b/fs/namei.c
index ad74877..8736e4a 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -340,22 +340,14 @@ int
On Wed, 2017-02-15 at 00:18 +1100, James Morris wrote:
> Mark all of the registration hooks as __ro_after_init (via the
> __lsm_ro_after_init macro).
>
> Signed-off-by: James Morris
Acked-by: Stephen Smalley
> ---
> security/apparmor/lsm.c|2 +-
> security/com
not
> feasible.
>
> Introduce a new kernel configuration parameter
> CONFIG_SECURITY_WRITABLE_HOOKS,
> and a helper macro __lsm_ro_after_init, to handle this case.
>
> Signed-off-by: James Morris
Acked-by: Stephen Smalley
> ---
> include/linux/lsm_hooks.h |7 +
even when
no privilege was exercised, and is inefficient. Flip the order
of the tests in both functions so that we only call capable() if
the capability is truly required for the operation.
Signed-off-by: Stephen Smalley
---
fs/timerfd.c | 8
1 file changed, 4 insertions(+), 4 deletions
could
only be used to obtain a process' own limits.
Signed-off-by: Stephen Smalley
---
v2 fixes the build for the CONFIG_SECURITY=n case, as detected by the
0-day kernel test infrastructure.
include/linux/lsm_hooks.h | 18 +++---
include/linux/security.h
RHEL7.3 updated its policy to define the new netlink socket classes,
thereby enabling execution of the netlink_socket tests, but its
kernel does not include the corresponding kernel patch implementing
them. Disable these tests on RHEL7.
Signed-off-by: Stephen Smalley
---
tests/Makefile | 4
correctly return
success (i.e. they contain the back-ported patch).
Signed-off-by: Stephen Smalley
---
tests/nnp/execnnp.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/tests/nnp/execnnp.c b/tests/nnp/execnnp.c
index 8421df4..d8f1986 100644
--- a/tests/nnp/execnnp.c
+++ b/tests
A couple of testsuite fixes for RHEL7.3.
Stephen Smalley (2):
selinux-testsuite: exclude netlink_socket tests from RHEL7
selinux-testsuite: fix nnp test for RHEL7
tests/Makefile | 4
tests/nnp/execnnp.c | 4 +---
2 files changed, 5 insertions(+), 3 deletions(-)
--
2.7.4
could
only be used to obtain a process' own limits.
Signed-off-by: Stephen Smalley
---
include/linux/lsm_hooks.h | 18 +++---
include/linux/security.h| 6 ++
kernel/sys.c| 30 ++
security/
On Tue, 2017-02-14 at 15:17 -0500, Stephen Smalley wrote:
> On Tue, 2017-02-14 at 10:25 -0500, Stephen Smalley wrote:
> >
> > On Tue, 2017-02-14 at 10:11 -0500, Stephen Smalley wrote:
> > >
> > >
> > > On Tue, 2017-02-14 at 14:14 +0100, Vit Mojzis wro
On Tue, 2017-02-14 at 10:25 -0500, Stephen Smalley wrote:
> On Tue, 2017-02-14 at 10:11 -0500, Stephen Smalley wrote:
> >
> > On Tue, 2017-02-14 at 14:14 +0100, Vit Mojzis wrote:
> > >
> > >
> > > Use faccessat() with AT_EACCESS instead of accesss() in
On Tue, 2017-02-14 at 10:11 -0500, Stephen Smalley wrote:
> On Tue, 2017-02-14 at 14:14 +0100, Vit Mojzis wrote:
> >
> > Use faccessat() with AT_EACCESS instead of accesss() in order to
> > check
> > permissions of effective user. access() calls checking existence of
On Tue, 2017-02-14 at 14:14 +0100, Vit Mojzis wrote:
> Use faccessat() with AT_EACCESS instead of accesss() in order to
> check
> permissions of effective user. access() calls checking existence of
> a file (F_OK) were left untouched since they work correctly.
>
> This enables setuid programs to u
Add tests for prlimit(2) permission checks for getting and
setting resource limits of other processes. The tests are only
executed if the new getrlimit permission is defined by the base policy.
Signed-off-by: Stephen Smalley
---
policy/Makefile| 4 ++
policy/test_prlimit.te | 52
could
only be used to obtain a process' own limits.
Signed-off-by: Stephen Smalley
---
include/linux/lsm_hooks.h | 18 +++---
include/linux/security.h| 6 ++
kernel/sys.c| 30 ++
security/
On Tue, 2017-02-07 at 15:30 -0800, Andy Lutomirski wrote:
> On Tue, Feb 7, 2017 at 2:43 PM, Paul Moore
> wrote:
> >
> > On Tue, Jan 31, 2017 at 11:54 AM, Stephen Smalley > v> wrote:
> > >
> > > SELinux tries to support setting/clearing of /proc/pid/att
ned
in the base policy.
Signed-off-by: Stephen Smalley
---
policy/Makefile | 4 ++
policy/test_netlink_socket.te| 50 +
tests/Makefile | 4 ++
tests/netlink_socket/Makefile| 4 ++
tests/netlink_socket/netlinkcre
script.
Signed-off-by: Stephen Smalley
---
tests/ptrace/test | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/ptrace/test b/tests/ptrace/test
index 711d026..dc5bf40 100755
--- a/tests/ptrace/test
+++ b/tests/ptrace/test
@@ -5,7 +5,7 @@ BEGIN { plan tests => 2}
$based
On Mon, 2017-02-06 at 09:03 -0500, Daniel J Walsh wrote:
> I know we discussed this a few months ago, but I can not seem to find
> the emails.
>
> With current container runtime policy, we are adding type-bounds
> checks
> for containers, so that
>
> docker --no-new-privs will work with SELInux.
On Fri, 2017-02-03 at 16:25 +0100, Vit Mojzis wrote:
>
> On 2.2.2017 20:44, Stephen Smalley wrote:
> >
> > On Thu, 2017-02-02 at 18:22 +0100, Vit Mojzis wrote:
> > >
> > > Hi list,
> > > we have a report about a possible regression in "semanage
also allow containers to write only to the systemd
> cgroup
> for instance, while the other cgroups are kept with cgroup_t label.
>
> Signed-off-by: Antonio Murdaca
Acked-by: Stephen Smalley
> ---
> Changes in v2:
> - whitelist cgroup2 fs type
>
> secur
On Thu, 2017-02-02 at 18:22 +0100, Vit Mojzis wrote:
> Hi list,
> we have a report about a possible regression in "semanage user" and
> I'd
> like to hear your opinion on what the correct behaviour should be.
>
> Given that local changes have been made to a SELinux user definition
> (originally
On Thu, 2017-02-02 at 13:34 -0500, Stephen Smalley wrote:
> On Thu, 2017-02-02 at 18:22 +0100, Vit Mojzis wrote:
> >
> > Hi list,
> > we have a report about a possible regression in "semanage user" and
> > I'd
> > like to hear your opinion on what
On Thu, 2017-02-02 at 18:22 +0100, Vit Mojzis wrote:
> Hi list,
> we have a report about a possible regression in "semanage user" and
> I'd
> like to hear your opinion on what the correct behaviour should be.
>
> Given that local changes have been made to a SELinux user definition
> (originally
(buf[1] instead
of buf[0]).
Signed-off-by: Stephen Smalley
---
libselinux/src/procattr.c | 7 ++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/libselinux/src/procattr.c b/libselinux/src/procattr.c
index 8cd59af..c8792f2 100644
--- a/libselinux/src/procattr.c
+++ b/libselin
are no users of this facility to my knowledge; possibly we
should just get rid of it.
Signed-off-by: Stephen Smalley
---
security/selinux/hooks.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index a5398fe..6a047bf 100644
On Fri, 2017-01-27 at 12:47 +, Richard Haines wrote:
> This fixes the following bug:
> UX regression: setfiles progress indicator is now misleading and
> confusing in fixfiles.
>
> The outputting of * is replaced by the number of files in 1k
> increments
> as the previous versions. If "/" is s
Signed-off-by: Stephen Smalley
---
policycoreutils/scripts/fixfiles | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
index df6f766..3896d19 100755
--- a/policycoreutils/scripts/fixfiles
+++ b/policycoreutils
On Wed, 2017-01-25 at 15:46 -0500, Lokesh Mandvekar wrote:
> Signed-off-by: Lokesh Mandvekar
Thanks, applied
> ---
> libselinux/man/man3/selinux_restorecon.3 | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libselinux/man/man3/selinux_restorecon.3
> b/libselinux/man/man
On Wed, 2017-01-25 at 15:26 -0500, Lokesh Mandvekar wrote:
> Hi, first patch (attached) to this list so please be gentle :)
>
> It's just a typo fix. Is there a workflow I should be following to
> send
> patches?
Thanks, we prefer patches sent inline (e.g. use git send-email) if
possible.
__
On Wed, 2017-01-25 at 19:07 +0100, cgzones wrote:
> The use case is my sddm policy.
> I asked for help with it on the reference policy ML:
> http://oss.tresys.com/pipermail/refpolicy/2017-January/008950.html
>
> The parent process (sddm-helper) spawns over one pam service
> (sddm-greeter) the logi
On Wed, 2017-01-25 at 18:29 +0100, cgzones wrote:
> Hi list,
> I created patch against dpkg, which is reported here:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852539
> Laurent suggested to post it also on this ML for discussion.
>
>
> Currently, dpkg runs its maintainer tasks in the SEL
On Wed, 2017-01-25 at 18:26 +0100, cgzones wrote:
> Hi list,
> I created patch against pam_selinux, which is reported here:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852540
> Laurent suggested to post it also on this ML for discussion.
>
>
> When an SELinux unaware login application, li
On Wed, 2017-01-25 at 22:44 +1300, Thomas Petazzoni wrote:
> libselinux 2.6 has added some code in regex.c that uses
> __BYTE_ORDER__
> to determine the system endianness. Unfortunately, this definition
> provided directly by the compiler doesn't exist in older gcc versions
> such as gcc 4.4.
>
>
On Wed, Jan 25, 2017 at 1:22 AM, Russell Coker wrote:
> type=AVC msg=audit(1485258907.829:106): avc: denied { 0x80 } for
> pid=1280 comm="rewrite-0" name="after-the-deadline" dev="vda" ino=104107534
> scontext=system_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:unlabeled_t:s0 tclass=fi
Disable generating filespec hash table stats on non-debug builds,
as they are not useful information for users and cause fixfiles
check to produce noisy output.
Reported-by: Alan Jenkins
Signed-off-by: Stephen Smalley
---
libselinux/src/selinux_restorecon.c | 6 ++
1 file changed, 6
Define a logging callback for libselinux so that any informational
or error messages generated by libselinux functions are properly
prefixed with the program name and routed to the proper output stream.
Signed-off-by: Stephen Smalley
---
policycoreutils/setfiles/setfiles.c | 21
On Mon, 2017-01-23 at 12:15 +, Alan Jenkins wrote:
> fixfiles was redirecting log output to `tty`. This overrides user
> intent
> e.g. when shell redirection is used.
>
> Redirect it to stdout, using /proc. `tty` equally depended on /proc.
> We do not depend on /dev/stdout: it might not be p
On Fri, 2017-01-20 at 12:15 -0500, Karl MacMillan wrote:
> ln on macOS doesn't support --relative, so use the gnu version by
> default.
>
> Also document how to build on macOS.
Thanks, applied.
>
> Signed-off-by: Karl MacMillan
> ---
> README| 5 +
> libsepol/src/Makefile
On Thu, 2017-01-19 at 11:34 +0100, Vit Mojzis wrote:
> Policy module structure created by libsepol out of base module
> contains NULL in module name, which results in segfault in "pp"
> compiler. Add NULL check.
>
> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1350806
Thanks, applied.
>
>
On Wed, 2017-01-18 at 21:58 +0100, Dominick Grift wrote:
> On 01/18/2017 09:53 PM, James Carter wrote:
> >
> > Nicolas Iooss discovered that requiring a type in an optional block
> > after the type has already been declared in another optional block
> > results in a duplicate declaration error.
>
On Wed, 2017-01-18 at 12:07 -0500, Karl MacMillan wrote:
> Compilation fixes for macOS
>
> ln on macOS doesn't support --relative, so use the gnu version by
> default.
>
> Changes to how PREFIX is used in recent Makefiles make it so that
> installation to /usr/local is broken on all systems, but
On Tue, 2017-01-17 at 15:30 +, Alan Jenkins wrote:
> On 13/01/2017, Stephen Smalley wrote:
> >
> > $ touch /tmp/foo
> > $ chcon -t etc_t /tmp/foo
> > $ restorecon /tmp/foo
> > Warning no default label for /tmp/foo
> > $ restorecon -R /tmp/foo
&g
On Sun, 2017-01-15 at 14:03 +0100, Nicolas Iooss wrote:
> libselinux/src/get_context_list.c defines
>
> get_default_context_with_rolelevel(user, role, level...
>
> libselinux/utils/getdefaultcon.c uses
>
> get_default_context_with_rolelevel(seuser, role, level...
>
> but libselinux/incl
On Tue, 2017-01-17 at 23:01 +0100, Nicolas Iooss wrote:
> On Tue, Jan 17, 2017 at 10:48 PM, Stephen Smalley
> wrote:
> > On Sat, 2017-01-14 at 15:38 +0100, Nicolas Iooss wrote:
> > > After libsepol is modified (for example while developing new
> > features
> >
On Sat, 2017-01-14 at 16:33 +0100, Sven Vermeulen wrote:
> Hi all,
>
> In seobject.py, there are a few calls to
> audit.audit_encode_nv_string() which seem to make the use of audit.py
> as offered by the Linux audit daemon's python support mandatory. In
> the past, the use of this audit module was
On Sat, 2017-01-14 at 15:40 +0100, Nicolas Iooss wrote:
> selinux.security_getenforce() triggers an exception when running
> tests
> on systems without SELinux. In order to skip tests which need SELinux
> in
> enforcing mode, test selinux.is_selinux_enabled() too, like commit
> 945bc8853b62 ("sandb
On Sat, 2017-01-14 at 15:38 +0100, Nicolas Iooss wrote:
> After libsepol is modified (for example while developing new features
> or
> fixing bugs), running "make install" in the top-level directory does
> not
> update the programs which use libsepol.a. Add this static library to
> the
> target dep
On Sat, 2017-01-14 at 14:12 +0100, Nicolas Iooss wrote:
> This kind of strange construction is currently accepted by
> checkmodule
> but it makes memory to be leaked in declare_type():
>
> optional {
> require { type TYPE1; }
> }
> optional {
> require { attribute ATTR;
On Sat, 2017-01-14 at 13:48 +0100, Laurent Bigonville wrote:
> Hi,
>
> Not sure I already posted this on the ML.
>
> When listing the user/login with semanage (login/user -l) in French
> (and
> probably in other languages as well), the columns headers are not
> properly aligned.
>
> This makes
On Sat, 2017-01-14 at 12:00 +0100, Nicolas Iooss wrote:
> When generating file_contexts.homedirs, libsemanage enumerates the
> users
> on the system and tries to find misconfiguration issues by comparing
> their home directories with file contexts defined in the policy. The
> comparison is done by
On Tue, 2017-01-17 at 10:34 -0500, Daniel J Walsh wrote:
> In order to allow processes to modify the cgroup hierarchy in a
> container from an SELinux point of view, we need to allow read/write
> access to cgroup_t, which means that a container process could break
> out
> and modify all cgroups, we
$ touch /tmp/foo
$ chcon -t etc_t /tmp/foo
$ restorecon /tmp/foo
Warning no default label for /tmp/foo
$ restorecon -R /tmp/foo
Warning no default label for /tmp/foo
$ restorecon -R /tmp
Signed-off-by: Stephen Smalley
---
libselinux/src/selinux_restorecon.c | 7 +--
1 file changed, 5
On Fri, 2017-01-13 at 11:15 -0800, Nick Kralevich wrote:
> Unlike queue_remove(), queue_head() does not modify the queue, but
> rather, returns a pointer to an element within the queue. Freeing the
> memory associated with a value returned from that function corrupts
> subsequent users of the queue
On Fri, 2017-01-13 at 13:29 -0500, Daniel J Walsh wrote:
>
> On 01/13/2017 10:27 AM, Stephen Smalley wrote:
> >
> > On Fri, 2017-01-13 at 09:48 -0500, Stephen Smalley wrote:
> > >
> > > On Thu, 2017-01-12 at 23:42 +, Alan Jenkins wrote:
> >
sockcreate vsock stream default
sockcreate x25 seqpacket default
Note that CAN required adding an explicit protocol value since it
did not support creating sockets with the default/0 protocol value.
Signed-off-by: Stephen Smalley
---
tests/extended_socket_class/sockcreate.c | 34
On Thu, 2017-01-12 at 21:20 -0800, Sandeep Patil wrote:
> Signed-off-by: Sandeep Patil
Thanks, applied.
> ---
> libselinux/src/label_backends_android.c | 9 +++--
> 1 file changed, 3 insertions(+), 6 deletions(-)
>
> diff --git a/libselinux/src/label_backends_android.c
> b/libselinux/src/l
On Thu, 2017-01-12 at 20:47 +, Alan Jenkins wrote:
> Perhaps the root cause is actually the same. I still prefer the
> messages from fixfiles though. It explicitly detected conflicting
> labels on hardlinks
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1411371
On this topic, I have opened
On Fri, 2017-01-13 at 09:48 -0500, Stephen Smalley wrote:
> On Thu, 2017-01-12 at 23:42 +, Alan Jenkins wrote:
> >
> > My main puzzle here[*] is why `fixfiles` handles sysfs (/sys/)
> > fine,
> > but
> > then there's floods of warnings about debugfs
&g
Jenkins
Signed-off-by: Stephen Smalley
---
libselinux/src/selinux_restorecon.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libselinux/src/selinux_restorecon.c
b/libselinux/src/selinux_restorecon.c
index e38d1d0..f5fa8f5 100644
--- a/libselinux/src/selinux_restorecon.c
+++ b
On Thu, 2017-01-12 at 23:42 +, Alan Jenkins wrote:
> My main puzzle here[*] is why `fixfiles` handles sysfs (/sys/) fine,
> but
> then there's floods of warnings about debugfs
> (/sys/kernel/debug/). The
> same seems to happen with /dev/ being fine, but not the other
> virtual
> fs's with s
On Thu, 2017-01-12 at 20:47 +, Alan Jenkins wrote:
> On 12/01/17 20:01, Stephen Smalley wrote:
> > On Wed, 2017-01-11 at 12:41 +, Alan Jenkins wrote:
> > > fixfiles links to restorecon. However if you start with
> > > restorecon
> > > "restore
On Wed, 2017-01-11 at 12:41 +, Alan Jenkins wrote:
> fixfiles links to restorecon. However if you start with restorecon
> "restore file(s) default SELinux security contexts", you can easily
> miss the fixfiles script. fixfiles is more generally useful than
> `restorecon -R`. For example `re
he removed classes
are bridge_socket for PF_BRIDGE, ib_socket for PF_IB, and mpls_socket
for PF_MPLS.
Signed-off-by: Stephen Smalley
---
security/selinux/hooks.c| 6 --
security/selinux/include/classmap.h | 6 --
2 files changed, 12 deletions(-)
diff --git a/security/selinux
With the removal of the security_task_wait() hook, we also need to
drop the corresponding test from the selinux testsuite.
Signed-off-by: Stephen Smalley
---
policy/Makefile | 2 +-
policy/test_wait.te | 45
tests/Makefile | 2 +-
tests/wait/Makefile
a child process upon a denial, the hook is not useful. Remove
the security hook and its implementations in SELinux and Smack. Smack
already removed its check from its hook.
Reported-by: yangshukui
Signed-off-by: Stephen Smalley
---
include/linux/lsm_hooks.h | 7 ---
include/linux
On Sun, 2017-01-08 at 19:45 +0100, Nicolas Iooss wrote:
> The prototype of isdigit() is provided by ctypes.h header. Without
> including this file, gcc fails to build checkpolicy using musl libc:
>
> checkpolicy.c: In function ‘main’:
> checkpolicy.c:705:8: error: implicit declaration of f
On Wed, 2017-01-04 at 23:02 +0100, Nicolas Iooss wrote:
> When sepol_polcap_getname() is called with a negative capnum, it
> dereferences polcap_names[capnum] which produces a segmentation fault
> most of the time.
>
> For information, here is a gdb session when hll/pp loads a policy
> module
> wh
On Wed, 2016-12-28 at 19:05 +0100, Nicolas Iooss wrote:
> Hello,
>
> When building checkpolicy with gcc Address Sanitizer and using the
> result to compile refpolicy, some leaks are reported. I wrote a
> minimal
> policy which exposes one of the issues I am experiencing:
>
> $ cat test.mod
> modu
On Mon, 2016-12-26 at 22:18 +0100, Nicolas Iooss wrote:
> In an error path of define_bool_tunable(), variable id is freed after
> being used by a successful call to declare_symbol(). This may cause
> trouble as this pointer may have been used as-is in the policy symtab
> hash table.
>
> Moreover b
nce Policy.
>
> Finally, the prefix for system_u is wrongly set to "user_u" (it
> shouldn't have it).
>
> I have tested the patch and it seems to work fine.
>
> I hope it helps.
>
> Kind regards,
>
> Guido Trentalancia
>
> On the 9th o
On Mon, 2017-01-09 at 19:29 +0100, Oleg Nesterov wrote:
> Seriously, could someone explain why do we need the
> security_task_wait()
> hook at all?
I would be ok with killing it.
IIRC, the original motivation was to block an unauthorized data flow
from child to parent when the child context differ
On Thu, 2016-12-29 at 19:45 +0100, Guido Trentalancia wrote:
> The following patch makes sure that the SELinux identity
> reserved for system processes and objects is skipped
> when adding users.
>
> A warning is produced when a Unix identity is found to be
> equal to the SELinux user identity for
On Thu, 2016-12-22 at 13:43 +0100, Petr Lautrbach wrote:
> When the restorecon method was added to the libselinux swig python
> bindings, there was no libselinux restorecon implementation and it
> he had to call matchpathcon() which is deprecated in favor of
> selabel_lookup().
>
> The new restore
On Wed, 2017-01-04 at 22:46 +0100, Nicolas Iooss wrote:
> Signed-off-by: Nicolas Iooss
> ---
> libsemanage/src/genhomedircon.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libsemanage/src/genhomedircon.c
> b/libsemanage/src/genhomedircon.c
> index 7ceeafb7b5d9..fd6d39
On Dec 30, 2016 8:08 AM, "Russell Coker" wrote:
On Monday, 26 December 2016 7:10:19 PM AEDT Nicolas Iooss wrote:
> With the output you gave I searched in D-Bus source how the
> LinuxSecurityLabel was computed here. I discovered a lot of files in dbus/
> directory which seem to duplicate things fr
On Dec 27, 2016 6:04 AM, "Luis Ressel" wrote:
Hello,
when a userspace program A (usually kmod or udev) instructs the kernel
to load a kernel module via the finit_module syscall, the kernel loads
the module into its address space and executes the initalization
routine provided by the module.
Thi
701 - 800 of 1507 matches
Mail list logo