Re: [PATCH] python/sepolgen: Try to translate SELinux contexts to raw

On 04/11/2018 05:26 AM, Vit Mojzis wrote: > This allows sepolgen to generate policy from AVC messages that contain > contexts translated by mcstrans. > > Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1356149 Not friendly to cite a non-public bugzilla. > > Signed-off-by: Vit Mojzis

Re: [PATCH] libsemanage: do not change file mode of seusers and users_extra

On 04/12/2018 11:07 AM, Stephen Smalley wrote: > On 04/12/2018 06:26 AM, Vit Mojzis wrote: >> Commit 8702a865e08b5660561e194a83e4a363061edc03 causes file mode of >> seusers and users_extra to change based on the value defined in config >> file whenever direct_commit

Re: [PATCH] libsemanage: do not change file mode of seusers and users_extra

On 04/12/2018 04:03 PM, Petr Lautrbach wrote: > On Thu, Apr 12, 2018 at 01:22:40PM -0400, Stephen Smalley wrote: >> On 04/12/2018 11:07 AM, Stephen Smalley wrote: >>> On 04/12/2018 06:26 AM, Vit Mojzis wrote: >>>> Commit 8702a865e08b5660561e194a83e4a363061edc03 ca

[PATCH] selinux: fix missing dput() before selinuxfs unmount

t;selinux: wrap selinuxfs state") Reported-by: Tetsuo Handa <penguin-ker...@i-love.sakura.ne.jp> Reported-by: Dmitry Vyukov <dvyu...@google.com> Signed-off-by: Stephen Smalley <s...@tycho.nsa.gov> --- security/selinux/selinuxfs.c | 1 + 1 file changed, 1 insertion(+) diff --git a/s

Re: [PATCH] libsemanage: do not change file mode of seusers and users_extra

On 04/12/2018 06:26 AM, Vit Mojzis wrote: > Commit 8702a865e08b5660561e194a83e4a363061edc03 causes file mode of > seusers and users_extra to change based on the value defined in config > file whenever direct_commit is called and policy is not rebuilt. > (e.g. when setting a boolean). > > Fixes:

last call for selinux 2.8-rc1 release

Hi, We are looking at making a 2.8-rc1 selinux userspace release in the not-too-distant future, so if you have any additional patches you want included in 2.8, please post them to the list soon. Thanks.

Re: selinux crashes always at startup

On 04/18/2018 04:01 PM, Stephen Smalley wrote: > On 04/18/2018 03:40 PM, Jaap wrote: >> >> selinux crashes always at startup. problem is always reported (says selinux) >> But it does not get better. > > None of the SELinux messages you showed are errors. The

Re: selinux crashes always at startup

On 04/18/2018 03:40 PM, Jaap wrote: > > selinux crashes always at startup. problem is always reported (says selinux) > But it does not get better. None of the SELinux messages you showed are errors. They are just informational, and the message "the above unknown classes and permissions will

Re: [PATCH 5/5] libselinux: remove unused variable usercon

On 04/13/2018 08:40 PM, William Roberts wrote: > In general this series looks fine. > > However, checkpatch.pl is complaining about DOS line endings in your patches: > > For example: > ERROR: DOS line endings > #325: FILE: libselinux/src/label_file.h:281: > +^I^Iint alloc_stems =

Re: selinux crashes always at startup

nd userspace permission denials (USER_AVC) since boot. You can use other start time values (e.g. recent, today, ...) and other selectors to control exactly what is reported. > > > On 04/18/2018 10:04 PM, Stephen Smalley wrote: >> On 04/18/2018 04:01 PM, Stephen Smalley wrote:

ANN: SELinux userspace 2.8-rc1 release candidate

Richard Haines via Selinux (1): selinux: Add support for the SCTP portcon keyword Stephen Smalley (4): checkpolicy,libselinux,libsepol,policycoreutils: Update my email address semodule-utils: remove semodule_deps libsepol: Export sepol_polcap_getnum/name functions Update

Re: ANN: SELinux userspace 2.8-rc1 release candidate

On 04/20/2018 08:31 AM, Petr Lautrbach wrote: > On Thu, Apr 19, 2018 at 11:07:39AM -0400, Stephen Smalley wrote: >> A 2.8-rc1 release candidate for the SELinux userspace is now available at: >> https://github.com/SELinuxProject/selinux/wiki/Releases >> >> Please giv

Re: ANN: SELinux userspace 2.8-rc1 release candidate

On 04/20/2018 09:31 AM, Petr Lautrbach wrote: > On Fri, Apr 20, 2018 at 08:49:41AM -0400, Stephen Smalley wrote: >> On 04/20/2018 08:31 AM, Petr Lautrbach wrote: >>> On Thu, Apr 19, 2018 at 11:07:39AM -0400, Stephen Smalley wrote: >>>> A 2.8-rc1 release candidate fo

[PATCH] Revert "libselinux: verify file_contexts when using restorecon"

This reverts commit 814631d3aebaa041073a42c677c1ed62ce7830d5. As reported by Petr Lautrbach, this commit changed the behavior of selabel_open() when SELABEL_OPT_VALIDATE is 0, and this would be an API change. Reported-by: Petr Lautrbach <plaut...@redhat.com> Signed-off-by: Stephen Smal

Re: ANN: SELinux userspace 2.8-rc1 release candidate

On 04/25/2018 10:11 AM, Yuli Khodorkovskiy wrote: > On Fri, Apr 20, 2018 at 10:09 AM, Stephen Smalley <s...@tycho.nsa.gov> wrote: >> On 04/20/2018 09:31 AM, Petr Lautrbach wrote: >>> On Fri, Apr 20, 2018 at 08:49:41AM -0400, Stephen Smalley wrote: >>>> On 04/20

Re: [PATCH 04/24] VFS: Add LSM hooks for filesystem context [ver #7]

On 04/24/2018 11:22 AM, David Howells wrote: > Stephen Smalley <s...@tycho.nsa.gov> wrote: > >> Neither fsopen() nor fscontext_fs_write() appear to perform any kind of >> up-front permission checking (DAC or MAC), although some security hooks may >> be ultimately

Re: [PATCH 04/24] VFS: Add LSM hooks for filesystem context [ver #7]

On 04/20/2018 11:35 AM, David Howells wrote: > Paul Moore wrote: > >> Adding the SELinux mailing list to the CC line; in the future please >> include the SELinux mailing list on patches like this. It would also >> be very helpful to include "selinux" somewhere in the

Re: [PATCH 3/3] selinux: provide unix_stream_socketpair callback

On 04/23/2018 09:30 AM, David Herrmann wrote: > Make sure to implement the new unix_stream_socketpair callback so the > SO_PEERSEC call on socketpair(2)s will return correct information. > > Signed-off-by: David Herrmann <dh.herrm...@gmail.com> Acked-by: Stephen Smalley &

selinux namespace work rebased to 4.17-rc1

The selinux namespace work has been rebased on top of the latest selinux/next branch, which in turn is now 4.17-rc1 based. As before, it can be found at: https://github.com/stephensmalley/selinux-kernel/tree/selinuxns As a reminder, this is still highly experimental and has a number of known

Re: [PATCH v2 2/2] libselinux: echo line number of bad label in selabel_fini()

On 03/29/2018 11:48 AM, Yuli Khodorkovskiy wrote: > > > On Thu, Mar 29, 2018 at 9:49 AM, Stephen Smalley <s...@tycho.nsa.gov > <mailto:s...@tycho.nsa.gov>> wrote: > > On 03/28/2018 11:40 PM, Yuli Khodorkovskiy wrote: > > Keep track o

Re: linux-next 20180327 - "SELinux: (dev dm-3, type ext4) getxattr errno 34"

On 03/29/2018 02:29 PM, Stephen Smalley wrote: > On 03/29/2018 01:57 PM, valdis.kletni...@vt.edu wrote: >> Seeing this error trying to mount ext4 disks. next-20180320 was OK. >> >> SELinux: (dev dm-3, type ext4) getxattr errno 34 >> >> and for /var, it refused

Re: linux-next 20180327 - "SELinux: (dev dm-3, type ext4) getxattr errno 34"

On 03/29/2018 01:57 PM, valdis.kletni...@vt.edu wrote: > Seeing this error trying to mount ext4 disks. next-20180320 was OK. > > SELinux: (dev dm-3, type ext4) getxattr errno 34 > > and for /var, it refused to mount entirely (which brought the boot > process to a screeching halt). > > git log

Re: [PATCH v2 1/2] libselinux: verify file_contexts when using restorecon

On 03/28/2018 11:40 PM, Yuli Khodorkovskiy wrote: > In permissive mode, calling restorecon with a bad label in file_contexts > does not verify the label's existence in the loaded policy. This > results in any label successfully applying to a file, as long as the > file exists. > > This issue has

Re: [PATCH] policycoreutils/semodule: Allow enabling/disabling multiple modules at once

On 03/19/2018 07:08 AM, Vit Mojzis wrote: > From: Vit Mojzis > > Unify behaviour for all module actions. > The same behaviour is already present for -i/-u/-r/-e switches. > > Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1545218 I've put up a PR for this one

Re: [PATCH] libselinux: verify file_contexts when using restorecon

On 03/25/2018 03:34 PM, Yuli Khodorkovskiy wrote: > In permissive mode, calling restorecon with a bad label in file_contexts > does not verify the label's existence in the loaded policy. This > results in any label successfully applying to a file, as long as the > file exists. > > This issue has

Re: [PATCH v2 2/2] libselinux: echo line number of bad label in selabel_fini()

On 03/28/2018 11:40 PM, Yuli Khodorkovskiy wrote: > Keep track of line numbers for each file context in > selabel_handle. If an error occurs in selabel_fini(), the > line number of an invalid file context is echoed to the user. > > Signed-off-by: Yuli Khodorkovskiy > --- >

[PATCH 1/2] selinux: fix handling of uninitialized selinux state in get_bools/classes

If security_get_bools/classes are called before the selinux state is initialized (i.e. before first policy load), then they should just return immediately with no booleans/classes. Signed-off-by: Stephen Smalley <s...@tycho.nsa.gov> --- security/selinux/ss/services.c | 13 +

Re: Alias path subbing results in unexpected policy labelling

On 03/19/2018 10:29 PM, Joe Kirwin wrote: > *_Empirical Observations _* > * > * > If I was to create an SELinux policy containing the following file_contexts > (fruits.fc) > ``` > /apple/orange/.*                  --              > gen_context(system_u:object_r:atype_t,s0) > /banana/.*           

Re: dbus-daemon patches review

On 03/21/2018 07:58 AM, Laurent Bigonville wrote: > Hello, > > Could somebody have a quick look at the two patches that I opened for two > dbus bugs: > > https://bugs.freedesktop.org/show_bug.cgi?id=92831 (stop using avc_init()) > > https://bugs.freedesktop.org/attachment.cgi?id=138021 (stop

Re: dbus-daemon patches review

On 03/23/2018 09:14 AM, Stephen Smalley wrote: > On 03/23/2018 08:44 AM, Laurent Bigonville wrote: >> Le 23/03/18 à 13:26, Stephen Smalley a écrit : >>> On 03/23/2018 06:31 AM, Laurent Bigonville wrote: >>>> Le 22/03/18 à 17:09, Stephen Smalley a écrit : >>

Re: dbus-daemon patches review

On 03/23/2018 08:44 AM, Laurent Bigonville wrote: > Le 23/03/18 à 13:26, Stephen Smalley a écrit : >> On 03/23/2018 06:31 AM, Laurent Bigonville wrote: >>> Le 22/03/18 à 17:09, Stephen Smalley a écrit : >>>> On 03/21/2018 07:58 AM, Laurent Bigonville wrote: >>&

Re: dbus-daemon patches review

On 03/23/2018 06:31 AM, Laurent Bigonville wrote: > Le 22/03/18 à 17:09, Stephen Smalley a écrit : >> On 03/21/2018 07:58 AM, Laurent Bigonville wrote: >>> Hello, >>> >>> Could somebody have a quick look at the two patches that I opened for two >>> db

[PATCH 2/2] selinux: wrap AVC state

-off-by: Stephen Smalley <s...@tycho.nsa.gov> --- security/selinux/avc.c | 284 ++--- security/selinux/hooks.c| 398 security/selinux/include/avc.h | 32 ++- security/selinux/include/avc_ss.h

[PATCH 1/2] selinux: wrap selinuxfs state

-by: Stephen Smalley <s...@tycho.nsa.gov> --- security/selinux/selinuxfs.c | 472 + security/selinux/ss/services.c | 13 ++ 2 files changed, 307 insertions(+), 178 deletions(-) diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c

Re: libsepol policycap names

On 03/02/2018 01:49 PM, Chris PeBenito wrote: > I've been able to make SETools dynamically link to libsepol.  However, > one challenge is with policycap names.  They're static libsepol, with > nothing that exports them.  Can we either: > > * export the sepol_polcap_getname() function, or > * move

Re: [PATCH] gui/semanagePage: Close "edit" and "add" dialogues when successfull

On 02/22/2018 08:29 AM, Vit Mojzis wrote: > "Edit" and "add" dialogues weren't closed after successful transaction > ("add" and "edit" methods return "None" if successful). I see the bug, but the behavior after applying the patch also seems to be wrong: Traceback (most recent call last): File

Re: [PATCH] secilc: Fix documentation build for OS X systems

On 02/23/2018 11:57 PM, Yuli Khodorkovskiy wrote: > Since Darwin systems do not have GNU sed installed, the Darwin sed is > missing the "regexp-extended" flag needed to modify the secilc markdown > files before processing with pandoc. > > A quick fix for Mac users is to `brew install gnu-sed` and

Re: [PATCH] semodule-utils/semodule_package: fix semodule_unpackage man page

On 02/22/2018 08:33 AM, Vit Mojzis wrote: > Fix command line arguments and description in man page. > > Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1334834 > > Signed-off-by: Vit Mojzis Thanks, applied. > --- > semodule-utils/semodule_package/semodule_unpackage.8 |

Re: [PATCH] Minor update for bash completion. Bash completion for ports is missing '-' for type. Based on documentation, it should be --type, not -type.

On 02/18/2018 05:21 PM, Lee Stubbs wrote: > --- > python/semanage/semanage-bash-completion.sh | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/python/semanage/semanage-bash-completion.sh > b/python/semanage/semanage-bash-completion.sh > index 6b53292..2d811c9 100644 > ---

Re: Linux 4.16 cap_sys_module

On 02/28/2018 04:53 AM, Dominick Grift wrote: > On Wed, Feb 28, 2018 at 10:27:08AM +0100, Dominick Grift wrote: >> Since Linux 4.16 (to atleast RC2) user space started to excessively trigger >> cap_sys_module >> >> Here is one example of such and event: >> >> type=SYSCALL msg=audit(02/27/2018

Re: Linux 4.16 cap_sys_module

On 02/28/2018 08:53 AM, Stephen Smalley wrote: > On 02/28/2018 04:53 AM, Dominick Grift wrote: >> On Wed, Feb 28, 2018 at 10:27:08AM +0100, Dominick Grift wrote: >>> Since Linux 4.16 (to atleast RC2) user space started to excessively trigger >>> cap_sys_module

Re: [PATCH v5 3/5] SELinux: Prepare for PTRACE_MODE_SCHED

On 09/26/2018 04:34 PM, Casey Schaufler wrote: From: Casey Schaufler A ptrace access check with mode PTRACE_MODE_SCHED gets called from process switching code. This precludes the use of audit or avc, as the locking is incompatible. The only available check that can be made without using avc is

Re: [PATCH] libsepol: fix endianity in ibpkey range checks

k Acked-by: Stephen Smalley --- libsepol/src/policydb.c | 14 ++ 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c index a6d76ca3..dc201e2f 100644 --- a/libsepol/src/policydb.c +++ b/libsepol/src/policydb.c @@ -2830,1

Re: [PATCH v3] selinux: policydb - fix byte order and alignment issues

>my_module.cil < Cc: Eli Cohen Cc: James Morris Cc: Doug Ledford Cc: # 4.13+ Fixes: a806f7a1616f ("selinux: Create policydb version for Infiniband support") Signed-off-by: Ondrej Mosnacek Acked-by: Stephen Smalley --- security/selinux/ss/policydb.c | 41 ++

Re: [PATCH v4] selinux: policydb - fix byte order and alignment issues

On 10/18/2018 03:47 AM, Ondrej Mosnacek wrote: Do the LE conversions before doing the Infiniband-related range checks. The incorrect checks are otherwise causing a failure to load any policy with an ibendportcon rule on BE systems. This can be reproduced by running (on e.g. ppc64): cat

Re: [PATCH] libsepol: fix endianity in ibpkey range checks

On 10/17/2018 05:18 PM, Paul Moore wrote: On Wed, Oct 17, 2018 at 12:07 PM William Roberts wrote: On Wed, Oct 17, 2018 at 7:48 AM Ondrej Mosnacek wrote: We need to convert from little-endian before dong range checks on the ibpkey port numbers, otherwise we would be checking a wrong value.

Re: [PATCH v2] selinux: fix byte order and alignment issues in policydb.c

On 10/16/2018 03:09 AM, Ondrej Mosnacek wrote: Add missing LE conversions to the Infiniband-related range checks. These were causing a failure to load any policy with an ibendportcon rule on BE systems. This can be reproduced by running: cat >my_module.cil < Cc: Eli Cohen Cc: James Morris Cc:

Re: Blocking exec on processes based on arguments

On 10/10/2018 07:57 AM, Ville Baillie wrote: Hi, Does SELinux provide any sort of mechanism for blocking exec on commands based on their command line arguments? The proposed use case goes a little like this, allow 'wget' to access 'http://good-server-1/*' and 'http://good-server-2/*' but block

Re: cil mlsconstrain

On 10/23/2018 09:33 AM, Ted Toth wrote: Is it possible to modify/replace an existing mlsconstrain? In playing around I created multiple instances of a mlsconstrain and variations of mlsconstrains but haven't figured out how to clean them up as I get "Error: Unknown keyword delete' when trying

Re: [PATCH v6] selinux: policydb - fix byte order and alignment issues

>my_module.cil < Cc: Eli Cohen Cc: James Morris Cc: Doug Ledford Cc: # 4.13+ Fixes: a806f7a1616f ("selinux: Create policydb version for Infiniband support") Signed-off-by: Ondrej Mosnacek Acked-by: Stephen Smalley --- security/selinux/ss/policydb.c | 51 ++

Re: cil mlsconstrain

On 10/23/2018 09:56 AM, Ted Toth wrote: On Tue, Oct 23, 2018 at 8:39 AM Stephen Smalley <mailto:s...@tycho.nsa.gov>> wrote: On 10/23/2018 09:33 AM, Ted Toth wrote: > Is it possible to modify/replace an existing mlsconstrain? In playing > around I created mul

Re: [PATCH 1/2] selinux: use separate table for initial SID lookup

On 10/31/2018 08:27 AM, Ondrej Mosnacek wrote: This patch separates the lookup of the initial SIDs into a separate lookup table (implemented simply by a fixed-size array), in order to pave the way for improving the process of converting the sidtab to a new policy during a policy reload. The

Re: [PATCH 2/2] selinux: fix ENOMEM errors during policy reload

On 10/31/2018 08:27 AM, Ondrej Mosnacek wrote: Before this patch, during a policy reload the sidtab would become frozen and trying to map a new context to SID would be unable to add a new entry to sidtab and fail with -ENOMEM. Such failures are usually propagated into userspace, which has no

Re: [PATCH 2/2] selinux: fix ENOMEM errors during policy reload

On 10/31/2018 04:31 PM, Stephen Smalley wrote: We'd like to replace the policy rwlock with RCU at some point; there is a very old patch that tried to do that once before, which eliminated the policy write lock altogether (policy switch became a single pointer update), but no one has yet taken

selinux list move reminder

Hi, As a reminder, the selinux mailing list has moved to vger.kernel.org. If you wish to continue following the list, please subscribe by sending a plaintext message containing "subscribe selinux" in the body to majord...@vger.kernel.org. Be advised that vger.kernel.org does not accept HTML

Re: SELinux MLS for Apache Process

On 11/6/18 9:33 AM, Ishara Fernando wrote: Dear all , I have been trying to test and see how SELinux MLS works with Apache , this is what I did to test *1) As we're aware if we start apache process as the default SELinux user (i.e: Just as root user) , it will obtain a security context

Re: SELinux MLS for Apache Process

On 11/8/18 8:33 AM, Ishara Fernando wrote: Dear Stephen , Many thanks for the detailed information , it has been very useful . Infact I have tested your steps in a similar environment (CentOS 6.10 , see versions below) as of yours in a Virtual machine based on Virtualbox  , I have reached to

Re: [RFC PATCH 2/3] selinux: use separate table for initial SID lookup

On 11/13/18 8:52 AM, Ondrej Mosnacek wrote: This patch is non-functional and moves handling of initial SIDs into a separate table. Note that the SIDs stored in the main table are now shifted by SECINITSID_NUM and converted to/from the actual SIDs transparently by helper functions. When you say

Re: Android kill capability denials

On 11/15/18 8:11 AM, Ondrej Mosnacek wrote: On Mon, Nov 12, 2018 at 7:56 AM Ravi Kumar wrote: Hi team , On android- with latest kernels 4.14 we are seeing some denials which seem to be very much genuine to be address . Where kernel is trying to kill its own created process ( might be for

Re: Android kill capability denials

On 11/15/18 9:42 AM, Stephen Smalley wrote: On 11/15/18 8:11 AM, Ondrej Mosnacek wrote: On Mon, Nov 12, 2018 at 7:56 AM Ravi Kumar wrote: Hi team , On android- with latest kernels 4.14  we are seeing some denials which seem to be very much genuine to be address . Where kernel is trying

Re: [PATCH v3] selinux: simplify mls_context_to_sid()

On 11/14/18 10:23 AM, Stephen Smalley wrote: On 11/13/18 10:14 PM, Paul Moore wrote: On Tue, Nov 13, 2018 at 4:10 PM Stephen Smalley wrote: On 11/12/18 6:44 AM, Ondrej Mosnacek wrote: This function has only two callers, but only one of them actually needs the special logic at the beginning

Re: [PATCH v3] selinux: simplify mls_context_to_sid()

On 11/13/18 10:14 PM, Paul Moore wrote: On Tue, Nov 13, 2018 at 4:10 PM Stephen Smalley wrote: On 11/12/18 6:44 AM, Ondrej Mosnacek wrote: This function has only two callers, but only one of them actually needs the special logic at the beginning. Factoring this logic out

Re: SELinux MLS for Apache Process

On 11/7/18 2:04 AM, Ishara Fernando wrote: Thanks Stephen , so below are the details of my SELinux setup *Centos Version* : CentOS release 6.2 (Final) *Kernel version* : 2.6.32-220.el6.x86_64 *RPM package* : selinux-policy-mls-3.7.19-312.el6.noarch That's quite old. Any particular reason

Re: [RFC PATCH 2/3] selinux: use separate table for initial SID lookup

On 11/14/18 4:45 AM, Ondrej Mosnacek wrote: On Tue, Nov 13, 2018 at 10:35 PM Stephen Smalley wrote: On 11/13/18 8:52 AM, Ondrej Mosnacek wrote: This patch is non-functional and moves handling of initial SIDs into a separate table. Note that the SIDs stored in the main table are now shifted

Re: [PATCH v3] selinux: simplify mls_context_to_sid()

On 11/12/18 6:44 AM, Ondrej Mosnacek wrote: This function has only two callers, but only one of them actually needs the special logic at the beginning. Factoring this logic out into string_to_context_struct() allows us to drop the arguments 'oldc', 's', and 'def_sid'. Signed-off-by: Ondrej

Re: [RFC PATCH 1/3] selinux: refactor sidtab conversion

On 11/13/18 8:52 AM, Ondrej Mosnacek wrote: This is a purely cosmetic change that encapsulates the three-step sidtab conversion logic (shutdown -> clone -> map) into a single function defined in sidtab.c (as opposed to services.c). Signed-off-by: Ondrej Mosnacek Acked-by: Stephen S

Re: [PATCH] selinux-testsuite: update the dependencies in README.md

On 10/03/2018 11:52 AM, Paul Moore wrote: The overlayfs tests require setfattr and getfattr which are part of the attr package in Fedora. Signed-off-by: Paul Moore Acked-by: Stephen Smalley --- README.md |4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git

Re: MLS dominance check behavior on el7

On 09/30/2018 10:43 AM, Chris PeBenito wrote: On 09/11/2018 04:20 PM, Stephen Smalley wrote: On 09/11/2018 03:04 PM, Joe Nall wrote: On Sep 11, 2018, at 1:29 PM, Stephen Smalley wrote: On 09/11/2018 10:41 AM, Stephen Smalley wrote: On 09/10/2018 06:30 PM, Ted Toth wrote: mcstrans

Re: [PATCH] selinux: fix race when removing selinuxfs entries

On 10/02/2018 11:58 AM, Al Viro wrote: On Tue, Oct 02, 2018 at 01:18:30PM +0200, Ondrej Mosnacek wrote: No. With the side of Hell, No. The bug is real, but this is not the way to fix it. First of all, it's still broken - e.g. mount something on a subdirectory and watch what that thing will

selinux list is moving

Hi, The selinux mailing list is moving to vger.kernel.org. If you wish to continue following the list, please subscribe by sending a plaintext message containing "subscribe selinux" in the body to majord...@vger.kernel.org. Going forward, mailing list archiving is being provided by lore, see

Re: [RFC PATCH] selinux: add a fallback to defcontext for native labeling

On 10/02/2018 02:48 PM, Taras Kondratiuk wrote: Quoting Stephen Smalley (2018-09-21 07:40:58) If we set the inode sid to the superblock def_sid on an invalid context, then we lose the association to the original context value. The support for deferred mapping of contexts requires allocating

[PATCH] README: Update the SELinux mailing list location

Signed-off-by: Stephen Smalley --- README | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/README b/README index 174551a1..1c009b01 100644 --- a/README +++ b/README @@ -1,5 +1,6 @@ -Please submit all bug reports and patches to selinux@tycho.nsa.gov. -Subscribe via selinux

Re: [PATCH] SELinux: allow other LSMs to use custom mount args

On 08/29/2018 12:58 AM, Paul Moore wrote: On Tue, Aug 28, 2018 at 5:32 PM Micah Morton wrote: The security_sb_copy_data LSM hook allows LSMs to copy custom string name/value args passed to mount_fs() into a temporary buffer (called "secdata") that will be accessible to LSM code during the

Re: [RFC PATCH] selinux: add a fallback to defcontext for native labeling

On 09/20/2018 06:59 PM, Taras Kondratiuk wrote: Quoting Stephen Smalley (2018-09-20 07:49:12) On 09/19/2018 10:41 PM, Taras Kondratiuk wrote: Quoting Stephen Smalley (2018-09-19 12:00:33) On 09/19/2018 12:52 PM, Taras Kondratiuk wrote: When files on NFSv4 server are not properly labeled

Re: [PATCH v4 00/19] LSM: Module stacking for SARA and Landlock

On 09/23/2018 01:09 PM, Casey Schaufler wrote: On 9/23/2018 8:59 AM, Tetsuo Handa wrote: On 2018/09/23 11:43, Kees Cook wrote: I'm excited about getting this landed! Soon. Real soon. I hope. I would very much like for someone from the SELinux camp to chime in, especially on the

[PATCH] libselinux: fix selinux_restorecon() on non-SELinux hosts

y to use selinux_restorecon") Reported-by: sajjad ahmed Signed-off-by: Stephen Smalley Cc: Richard Haines --- libselinux/src/selinux_restorecon.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c index 41f22

Re: setfiles rootfs labeling

On 09/26/2018 09:55 AM, sajjad ahmed via Selinux wrote: Hi all, I'm trying to use the setfiles utility (v 2.7) from policycoreutils to label rootfs, it seems like setfiles exclude all the directories straight away and labels nothing. I tried an older version (< 2.6) that works fine. I'm

Re: setfiles rootfs labeling

On 09/26/2018 10:18 AM, Stephen Smalley wrote: On 09/26/2018 09:55 AM, sajjad ahmed via Selinux wrote: Hi all, I'm trying to use the setfiles utility (v 2.7) from policycoreutils to label rootfs, it seems like setfiles exclude all the directories straight away and labels nothing. I tried

Re: [PATCH v5 3/5] SELinux: Prepare for PTRACE_MODE_SCHED

On Wed, Sep 26, 2018, 4:35 PM Casey Schaufler wrote: > From: Casey Schaufler > > A ptrace access check with mode PTRACE_MODE_SCHED gets called > from process switching code. This precludes the use of audit or avc, > as the locking is incompatible. The only available check that > can be made

Re: [RFC PATCH] selinux: add a fallback to defcontext for native labeling

On 09/19/2018 10:41 PM, Taras Kondratiuk wrote: Quoting Stephen Smalley (2018-09-19 12:00:33) On 09/19/2018 12:52 PM, Taras Kondratiuk wrote: When files on NFSv4 server are not properly labeled (label doesn't match a policy on a client) they will end up with unlabeled_t type which is too

Re: [RFC PATCH] selinux: add a fallback to defcontext for native labeling

On 09/19/2018 12:52 PM, Taras Kondratiuk wrote: When files on NFSv4 server are not properly labeled (label doesn't match a policy on a client) they will end up with unlabeled_t type which is too generic. We would like to be able to set a default context per mount. 'defcontext' mount option looks

Re: [PATCH] checkpolicy: remove extraneous policy build noise

On 09/19/2018 03:21 PM, William Roberts wrote: Some people might be checking this output since it's been there so long, -s would be a good way to go. Alternatively, a way to bring back this information via a verbose option -V could be considered. Either way, a simple logging mechanism

Re: [PATCH] checkpolicy: remove extraneous policy build noise

On 09/19/2018 03:41 PM, William Roberts wrote: On Wed, Sep 19, 2018 at 12:36 PM Stephen Smalley <mailto:s...@tycho.nsa.gov>> wrote: On 09/19/2018 03:21 PM, William Roberts wrote: > Some people might be checking this output since it's been there so long, > -s

Re: Bug in selinux on ubuntu 16.04 with kernel 4.15.0-34

On 09/21/2018 04:50 AM, Benjamin Schüle wrote: Hello, just found a bug in selinux. It appears on ubuntu 16.04 with kernel 4.15, but not with kernel 4.4. What's going wrong: Copy a link with "-a" option while selinux is on. steps to reproduce: ~$ mkdir -p a/b ~$ ln -s b a/c ~$ cp

Re: [RFC PATCH] selinux: add a fallback to defcontext for native labeling

On 09/25/2018 01:45 AM, Taras Kondratiuk wrote: Quoting Paul Moore (2018-09-24 20:46:57) On Fri, Sep 21, 2018 at 10:39 AM Stephen Smalley wrote: On 09/20/2018 06:59 PM, Taras Kondratiuk wrote: Quoting Stephen Smalley (2018-09-20 07:49:12) On 09/19/2018 10:41 PM, Taras Kondratiuk wrote

Re: [RFC PATCH] selinux: add a fallback to defcontext for native labeling

On 09/25/2018 12:03 PM, Paul Moore wrote: On Tue, Sep 25, 2018 at 9:58 AM Stephen Smalley wrote: On 09/25/2018 01:45 AM, Taras Kondratiuk wrote: Quoting Paul Moore (2018-09-24 20:46:57) On Fri, Sep 21, 2018 at 10:39 AM Stephen Smalley wrote: On 09/20/2018 06:59 PM, Taras Kondratiuk wrote

selinux list move reminder

Hi, As a reminder, the selinux mailing list has moved to vger.kernel.org. If you wish to continue following the list, please subscribe by sending a plaintext message containing "subscribe selinux" in the body to majord...@vger.kernel.org. Be advised that vger.kernel.org does not accept HTML

selinux list move final notice

Hi, As a reminder, the selinux mailing list has moved to vger.kernel.org. If you wish to continue following the list, please subscribe by sending a plaintext message containing "subscribe selinux" in the body to majord...@vger.kernel.org. Be advised that vger.kernel.org does not accept HTML

Re: MLS dominance check behavior on el7

On 09/11/2018 12:53 PM, Joshua Brindle wrote: On Tue, Sep 11, 2018 at 10:41 AM, Stephen Smalley wrote: On 09/10/2018 06:30 PM, Ted Toth wrote: mcstrans mcscolor.c also uses the same logic I'd been using to check dominance so this too will no longer function as expected on el7. Do you any

Re: MLS dominance check behavior on el7

. However, if you define a class/permission in a .cil module, you can certainly specify a require on it and use it from a conventional .te/.if module, ala: $ cat > usemcstrans.te <On Tue, Sep 11, 2018 at 2:27 PM Stephen Smalley <mailto:s...@tycho.nsa.gov>> wrote: On 09/11/2018 02:

Re: MLS dominance check behavior on el7

On 09/11/2018 10:41 AM, Stephen Smalley wrote: On 09/10/2018 06:30 PM, Ted Toth wrote: mcstrans mcscolor.c also uses the same logic I'd been using to check dominance so this too will no longer function as expected on el7. Do you any suggestions for doing a 'generic' (one not tied to a specific

Re: MLS dominance check behavior on el7

On 09/11/2018 01:39 PM, Joshua Brindle wrote: On Tue, Sep 11, 2018 at 1:33 PM, Stephen Smalley wrote: On 09/11/2018 12:53 PM, Joshua Brindle wrote: On Tue, Sep 11, 2018 at 10:41 AM, Stephen Smalley wrote: On 09/10/2018 06:30 PM, Ted Toth wrote: mcstrans mcscolor.c also uses the same

Re: MLS dominance check behavior on el7

On 09/11/2018 03:29 PM, Stephen Smalley wrote: On 09/11/2018 02:49 PM, Ted Toth wrote: Yes I too noticed the translate permission but couldn't find any info related to it intended purpose. Regarding CIL unfortunately I have zero experience with it but I've installed the compiler and started

Re: MLS dominance check behavior on el7

this: $ cat > mcstrans.cil <Then try performing permission checks with "mcstrans" as your class and "color_use" as your permission, between a domain and itself, with different levels. On Tue, Sep 11, 2018 at 1:27 PM Stephen Smalley <mailto:s...@tycho.nsa.gov>&g

Re: MLS dominance check behavior on el7

On 09/11/2018 03:04 PM, Joe Nall wrote: On Sep 11, 2018, at 1:29 PM, Stephen Smalley wrote: On 09/11/2018 10:41 AM, Stephen Smalley wrote: On 09/10/2018 06:30 PM, Ted Toth wrote: mcstrans mcscolor.c also uses the same logic I'd been using to check dominance so this too will no longer

<    7   8   9   10   11   12