psss / rpms / libsemanage

Forked from rpms/libsemanage 5 years ago
Clone
Source Code
GIT

Blame libsemanage-fedora.patch

f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f7 f8 f9 master private-master-2.4 private-master-2.5 private-upstream-master
  1.   f27
  2.   libsemanage-fedora.patch
Blob History Raw
44b3968 
diff --git libsemanage-2.7/include/semanage/fcontexts_policy.h libsemanage-2.7/include/semanage/fcontexts_policy.h
44b3968 
index a50db2b..199a1e1 100644
44b3968 
--- libsemanage-2.7/include/semanage/fcontexts_policy.h
44b3968 
+++ libsemanage-2.7/include/semanage/fcontexts_policy.h
44b3968 
@@ -26,4 +26,8 @@ extern int semanage_fcontext_list(semanage_handle_t * handle,
44b3968 
 				  semanage_fcontext_t *** records,
44b3968 
 				  unsigned int *count);
44b3968
44b3968 
+extern int semanage_fcontext_list_homedirs(semanage_handle_t * handle,
44b3968 
+				  semanage_fcontext_t *** records,
44b3968 
+				  unsigned int *count);
44b3968 
+
44b3968 
 #endif
0b7304d 
diff --git libsemanage-2.7/src/direct_api.c libsemanage-2.7/src/direct_api.c
44b3968 
index 65842df..31fcada 100644
0b7304d 
--- libsemanage-2.7/src/direct_api.c
0b7304d 
+++ libsemanage-2.7/src/direct_api.c
0b7304d 
@@ -148,9 +148,6 @@ int semanage_direct_connect(semanage_handle_t * sh)
4a5295e 
 		if (semanage_create_store(sh, 1))
4a5295e 
 			goto err;
4a5295e
4a5295e 
-	if (semanage_access_check(sh) < SEMANAGE_CAN_READ)
4a5295e 
-		goto err;
4a5295e 
-
4a5295e 
 	sh->u.direct.translock_file_fd = -1;
4a5295e 
 	sh->u.direct.activelock_file_fd = -1;
4a5295e
44b3968 
@@ -210,6 +207,12 @@ int semanage_direct_connect(semanage_handle_t * sh)
44b3968 
 				     semanage_fcontext_dbase_local(sh)) < 0)
44b3968 
 		goto err;
44b3968
44b3968 
+	if (fcontext_file_dbase_init(sh,
44b3968 
+				     semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_FC_HOMEDIRS),
44b3968 
+				     semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_HOMEDIRS),
44b3968 
+				     semanage_fcontext_dbase_homedirs(sh)) < 0)
44b3968 
+		goto err;
44b3968 
+
44b3968 
 	if (seuser_file_dbase_init(sh,
44b3968 
 				   semanage_path(SEMANAGE_ACTIVE,
44b3968 
 						 SEMANAGE_SEUSERS_LOCAL),
44b3968 
@@ -349,6 +352,7 @@ static int semanage_direct_disconnect(semanage_handle_t * sh)
44b3968 
 	iface_file_dbase_release(semanage_iface_dbase_local(sh));
44b3968 
 	bool_file_dbase_release(semanage_bool_dbase_local(sh));
44b3968 
 	fcontext_file_dbase_release(semanage_fcontext_dbase_local(sh));
44b3968 
+	fcontext_file_dbase_release(semanage_fcontext_dbase_homedirs(sh));
44b3968 
 	seuser_file_dbase_release(semanage_seuser_dbase_local(sh));
44b3968 
 	node_file_dbase_release(semanage_node_dbase_local(sh));
44b3968
44b3968 
@@ -373,10 +377,6 @@ static int semanage_direct_disconnect(semanage_handle_t * sh)
4a5295e
4a5295e 
 static int semanage_direct_begintrans(semanage_handle_t * sh)
4a5295e 
 {
4a5295e 
-
4a5295e 
-	if (semanage_access_check(sh) != SEMANAGE_CAN_WRITE) {
4a5295e 
-		return -1;
4a5295e 
-	}
4a5295e 
 	if (semanage_get_trans_lock(sh) < 0) {
4a5295e 
 		return -1;
4a5295e 
 	}
44b3968 
@@ -1545,43 +1545,46 @@ rebuild:
4a5295e 
 	}
4a5295e
4a5295e 
 	path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_LOCAL);
4a5295e 
-	if (access(path, F_OK) == 0) {
4a5295e 
-		retval = semanage_copy_file(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_LOCAL),
4a5295e 
-							semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC_LOCAL),
4a5295e 
-							sh->conf->file_mode);
4a5295e 
-		if (retval < 0) {
4a5295e 
-			goto cleanup;
4a5295e 
-		}
4a5295e 
+	retval = semanage_copy_file(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_LOCAL),
4a5295e 
+						semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC_LOCAL),
4a5295e 
+						sh->conf->file_mode);
4a5295e 
+	if (retval < 0 && errno != ENOENT) {
4a5295e 
+		goto cleanup;
4a5295e 
 	}
4a5295e
4a5295e 
 	path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC);
4a5295e 
-	if (access(path, F_OK) == 0) {
4a5295e 
-		retval = semanage_copy_file(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC),
4a5295e 
-							semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC),
4a5295e 
-							sh->conf->file_mode);
4a5295e 
-		if (retval < 0) {
4a5295e 
-			goto cleanup;
4a5295e 
-		}
4a5295e 
+	retval = semanage_copy_file(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC),
4a5295e 
+						semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC),
4a5295e 
+						sh->conf->file_mode);
4a5295e 
+	if (retval < 0 && errno != ENOENT) {
4a5295e 
+		goto cleanup;
4a5295e 
 	}
4a5295e
4a5295e 
 	path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_SEUSERS);
4a5295e 
-	if (access(path, F_OK) == 0) {
4a5295e 
-		retval = semanage_copy_file(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_SEUSERS),
4a5295e 
-							semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_SEUSERS),
4a5295e 
-							sh->conf->file_mode);
4a5295e 
-		if (retval < 0) {
4a5295e 
-			goto cleanup;
4a5295e 
-		}
4a5295e 
+	retval = semanage_copy_file(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_SEUSERS),
4a5295e 
+						semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_SEUSERS),
4a5295e 
+						sh->conf->file_mode);
4a5295e 
+	if (retval < 0 && errno != ENOENT) {
4a5295e 
+		goto cleanup;
4a5295e 
 	}
4a5295e
4a5295e 
 	/* run genhomedircon if its enabled, this should be the last operation
44b3968 
 	 * which requires the out policydb */
44b3968 
 	if (!sh->conf->disable_genhomedircon) {
44b3968 
-		if (out && (retval =
44b3968 
-			semanage_genhomedircon(sh, out, sh->conf->usepasswd, sh->conf->ignoredirs)) != 0) {
44b3968 
-			ERR(sh, "semanage_genhomedircon returned error code %d.",
44b3968 
-			    retval);
44b3968 
-			goto cleanup;
44b3968 
+		if (out){
44b3968 
+			if ((retval = semanage_genhomedircon(sh, out, sh->conf->usepasswd,
44b3968 
+								sh->conf->ignoredirs)) != 0) {
44b3968 
+				ERR(sh, "semanage_genhomedircon returned error code %d.", retval);
44b3968 
+				goto cleanup;
44b3968 
+			}
44b3968 
+			/* file_contexts.homedirs was created in SEMANAGE_TMP store */
44b3968 
+			retval = semanage_copy_file(
44b3968 
+						semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_HOMEDIRS),
44b3968 
+						semanage_final_path(SEMANAGE_FINAL_TMP,	SEMANAGE_FC_HOMEDIRS),
44b3968 
+						sh->conf->file_mode);
44b3968 
+			if (retval < 0) {
44b3968 
+				goto cleanup;
44b3968 
+			}
44b3968 
 		}
44b3968 
 	} else {
44b3968 
 		WARN(sh, "WARNING: genhomedircon is disabled. \
44b3968 
diff --git libsemanage-2.7/src/fcontexts_policy.c libsemanage-2.7/src/fcontexts_policy.c
44b3968 
index 0b063b1..98490ab 100644
44b3968 
--- libsemanage-2.7/src/fcontexts_policy.c
44b3968 
+++ libsemanage-2.7/src/fcontexts_policy.c
44b3968 
@@ -51,3 +51,11 @@ int semanage_fcontext_list(semanage_handle_t * handle,
44b3968 
 	dbase_config_t *dconfig = semanage_fcontext_dbase_policy(handle);
44b3968 
 	return dbase_list(handle, dconfig, records, count);
44b3968 
 }
44b3968 
+
44b3968 
+int semanage_fcontext_list_homedirs(semanage_handle_t * handle,
44b3968 
+			   semanage_fcontext_t *** records, unsigned int *count)
44b3968 
+{
44b3968 
+
44b3968 
+	dbase_config_t *dconfig = semanage_fcontext_dbase_homedirs(handle);
44b3968 
+	return dbase_list(handle, dconfig, records, count);
44b3968 
+}
44b3968 
diff --git libsemanage-2.7/src/genhomedircon.c libsemanage-2.7/src/genhomedircon.c
44b3968 
index b9a74b7..d09d82f 100644
44b3968 
--- libsemanage-2.7/src/genhomedircon.c
44b3968 
+++ libsemanage-2.7/src/genhomedircon.c
44b3968 
@@ -1345,8 +1345,8 @@ int semanage_genhomedircon(semanage_handle_t * sh,
44b3968
44b3968 
 	s.homedir_template_path =
44b3968 
 	    semanage_path(SEMANAGE_TMP, SEMANAGE_HOMEDIR_TMPL);
44b3968 
-	s.fcfilepath = semanage_final_path(SEMANAGE_FINAL_TMP,
44b3968 
-					   SEMANAGE_FC_HOMEDIRS);
44b3968 
+	s.fcfilepath =
44b3968 
+		semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_HOMEDIRS);
44b3968
44b3968 
 	s.fallback = calloc(1, sizeof(genhomedircon_user_entry_t));
44b3968 
 	if (s.fallback == NULL) {
44b3968 
@@ -1385,7 +1385,9 @@ done:
44b3968 
 	if (out != NULL)
44b3968 
 		fclose(out);
44b3968
44b3968 
-	pop_user_entry(&(s.fallback));
44b3968 
+	while (s.fallback)
44b3968 
+		pop_user_entry(&(s.fallback));
44b3968 
+
44b3968 
 	ignore_free();
44b3968
44b3968 
 	return retval;
44b3968 
diff --git libsemanage-2.7/src/handle.h libsemanage-2.7/src/handle.h
44b3968 
index 889871d..1780ac8 100644
44b3968 
--- libsemanage-2.7/src/handle.h
44b3968 
+++ libsemanage-2.7/src/handle.h
44b3968 
@@ -79,7 +79,7 @@ struct semanage_handle {
44b3968 
 	struct semanage_policy_table *funcs;
44b3968
44b3968 
 	/* Object databases */
44b3968 
-#define DBASE_COUNT      23
44b3968 
+#define DBASE_COUNT      24
44b3968
44b3968 
 /* Local modifications */
44b3968 
 #define DBASE_LOCAL_USERS_BASE  0
44b3968 
@@ -102,13 +102,14 @@ struct semanage_handle {
44b3968 
 #define DBASE_POLICY_INTERFACES  15
44b3968 
 #define DBASE_POLICY_BOOLEANS    16
44b3968 
 #define DBASE_POLICY_FCONTEXTS   17
44b3968 
-#define DBASE_POLICY_SEUSERS     18
44b3968 
-#define DBASE_POLICY_NODES       19
44b3968 
-#define DBASE_POLICY_IBPKEYS     20
44b3968 
-#define DBASE_POLICY_IBENDPORTS  21
44b3968 
+#define DBASE_POLICY_FCONTEXTS_H 18
44b3968 
+#define DBASE_POLICY_SEUSERS     19
44b3968 
+#define DBASE_POLICY_NODES       20
44b3968 
+#define DBASE_POLICY_IBPKEYS     21
44b3968 
+#define DBASE_POLICY_IBENDPORTS  22
44b3968
44b3968 
 /* Active kernel policy */
44b3968 
-#define DBASE_ACTIVE_BOOLEANS    22
44b3968 
+#define DBASE_ACTIVE_BOOLEANS    23
44b3968 
 	dbase_config_t dbase[DBASE_COUNT];
44b3968 
 };
44b3968
44b3968 
@@ -236,6 +237,12 @@ static inline
44b3968 
 }
44b3968
44b3968 
 static inline
44b3968 
+    dbase_config_t * semanage_fcontext_dbase_homedirs(semanage_handle_t * handle)
44b3968 
+{
44b3968 
+	return &handle->dbase[DBASE_POLICY_FCONTEXTS_H];
44b3968 
+}
44b3968 
+
44b3968 
+static inline
44b3968 
     dbase_config_t * semanage_seuser_dbase_policy(semanage_handle_t * handle)
44b3968 
 {
44b3968 
 	return &handle->dbase[DBASE_POLICY_SEUSERS];
0b7304d 
diff --git libsemanage-2.7/src/semanage_store.c libsemanage-2.7/src/semanage_store.c
44b3968 
index 6158d08..320fa7b 100644
0b7304d 
--- libsemanage-2.7/src/semanage_store.c
0b7304d 
+++ libsemanage-2.7/src/semanage_store.c
44b3968 
@@ -116,6 +116,7 @@ static const char *semanage_sandbox_paths[SEMANAGE_STORE_NUM_PATHS] = {
44b3968 
 	"/modules/disabled",
44b3968 
 	"/policy.kern",
44b3968 
 	"/file_contexts.local",
44b3968 
+	"/file_contexts.homedirs",
44b3968 
 	"/file_contexts",
44b3968 
 	"/seusers"
44b3968 
 };
44b3968 
@@ -537,7 +538,6 @@ char *semanage_conf_path(void)
4a5295e 
 int semanage_create_store(semanage_handle_t * sh, int create)
4a5295e 
 {
4a5295e 
 	struct stat sb;
4a5295e 
-	int mode_mask = R_OK | W_OK | X_OK;
4a5295e 
 	const char *path = semanage_files[SEMANAGE_ROOT];
4a5295e 
 	int fd;
4a5295e
44b3968 
@@ -556,9 +556,9 @@ int semanage_create_store(semanage_handle_t * sh, int create)
4a5295e 
 			return -1;
4a5295e 
 		}
4a5295e 
 	} else {
4a5295e 
-		if (!S_ISDIR(sb.st_mode) || access(path, mode_mask) == -1) {
4a5295e 
+		if (!S_ISDIR(sb.st_mode)) {
4a5295e 
 			ERR(sh,
4a5295e 
-			    "Could not access module store at %s, or it is not a directory.",
4a5295e 
+			    "Module store at %s is not a directory.",
4a5295e 
 			    path);
4a5295e 
 			return -1;
4a5295e 
 		}
44b3968 
@@ -579,9 +579,9 @@ int semanage_create_store(semanage_handle_t * sh, int create)
4a5295e 
 			return -1;
4a5295e 
 		}
4a5295e 
 	} else {
4a5295e 
-		if (!S_ISDIR(sb.st_mode) || access(path, mode_mask) == -1) {
4a5295e 
+		if (!S_ISDIR(sb.st_mode)) {
4a5295e 
 			ERR(sh,
4a5295e 
-			    "Could not access module store active subdirectory at %s, or it is not a directory.",
4a5295e 
+			    "Module store active subdirectory at %s is not a directory.",
4a5295e 
 			    path);
4a5295e 
 			return -1;
4a5295e 
 		}
44b3968 
@@ -602,9 +602,9 @@ int semanage_create_store(semanage_handle_t * sh, int create)
4a5295e 
 			return -1;
4a5295e 
 		}
4a5295e 
 	} else {
4a5295e 
-		if (!S_ISDIR(sb.st_mode) || access(path, mode_mask) == -1) {
4a5295e 
+		if (!S_ISDIR(sb.st_mode)) {
4a5295e 
 			ERR(sh,
4a5295e 
-			    "Could not access module store active modules subdirectory at %s, or it is not a directory.",
4a5295e 
+			    "Module store active modules subdirectory at %s is not a directory.",
4a5295e 
 			    path);
4a5295e 
 			return -1;
4a5295e 
 		}
44b3968 
@@ -623,8 +623,8 @@ int semanage_create_store(semanage_handle_t * sh, int create)
4a5295e 
 			return -1;
4a5295e 
 		}
4a5295e 
 	} else {
4a5295e 
-		if (!S_ISREG(sb.st_mode) || access(path, R_OK | W_OK) == -1) {
4a5295e 
-			ERR(sh, "Could not access lock file at %s.", path);
4a5295e 
+		if (!S_ISREG(sb.st_mode)) {
4a5295e 
+			ERR(sh, "Lock file at %s missing.", path);
4a5295e 
 			return -1;
4a5295e 
 		}
4a5295e 
 	}
44b3968 
diff --git libsemanage-2.7/src/semanage_store.h libsemanage-2.7/src/semanage_store.h
44b3968 
index fcaa505..34bf852 100644
44b3968 
--- libsemanage-2.7/src/semanage_store.h
44b3968 
+++ libsemanage-2.7/src/semanage_store.h
44b3968 
@@ -61,6 +61,7 @@ enum semanage_sandbox_defs {
44b3968 
 	SEMANAGE_MODULES_DISABLED,
44b3968 
 	SEMANAGE_STORE_KERNEL,
44b3968 
 	SEMANAGE_STORE_FC_LOCAL,
44b3968 
+	SEMANAGE_STORE_FC_HOMEDIRS,
44b3968 
 	SEMANAGE_STORE_FC,
44b3968 
 	SEMANAGE_STORE_SEUSERS,
44b3968 
 	SEMANAGE_STORE_NUM_PATHS
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.