PERFORCE change 113511 for review
Todd Miller
millert at FreeBSD.org
Thu Jan 25 15:19:11 UTC 2007
http://perforce.freebsd.org/chv.cgi?CH=113511
Change 113511 by millert at millert_macbook on 2007/01/25 15:18:19
Update to policycoreutils-1.34.1 from the NSA web site.
Affected files ...
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/ChangeLog#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/VERSION#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/audit2allow/Makefile#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/audit2allow/audit2allow#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/audit2allow/audit2allow.1#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/audit2allow/avc.py#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/load_policy/load_policy.8#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/load_policy/load_policy.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/newrole/Makefile#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/newrole/newrole-lspp.pamd#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/newrole/newrole.1#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/newrole/newrole.c#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/Makefile#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/POTFILES.in#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/af.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/am.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/ar.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/as.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/be.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/bg.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/bn.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/bn_IN.po#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/ca.po#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/cs.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/cy.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/da.po#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/de.po#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/el.po#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/en_GB.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/es.po#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/et.po#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/eu_ES.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/fa.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/fi.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/fr.po#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/gl.po#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/gu.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/he.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/hi.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/hr.po#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/hu.po#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/hy.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/id.po#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/is.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/it.po#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/ja.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/ka.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/kn.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/ko.po#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/ku.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/lo.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/lt.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/lv.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/mk.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/ml.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/mr.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/ms.po#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/my.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/nb.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/nl.po#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/nn.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/no.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/nso.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/or.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/pa.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/pl.po#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/policycoreutils.pot#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/pt.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/pt_BR.po#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/ro.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/ru.po#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/si.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/sk.po#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/sl.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/sq.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/sr%40Latn.po#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/sr.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/sv.po#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/ta.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/te.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/th.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/tr.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/uk.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/ur.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/vi.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/zh_CN.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/zh_TW.po#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/zu.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/restorecon/restorecon.8#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/restorecond/restorecond.8#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/restorecond/restorecond.conf#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/run_init/run_init.8#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/run_init/run_init.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/scripts/chcat.8#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/scripts/fixfiles#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/scripts/fixfiles.8#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/scripts/genhomedircon#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/scripts/genhomedircon.8#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/secon/secon.1#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/semanage/Makefile#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/semanage/semanage#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/semanage/semanage.8#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/semanage/seobject.py#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/semodule/semodule.8#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/semodule/semodule.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/semodule_deps/semodule_deps.8#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/semodule_expand/semodule_expand.8#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/setfiles/setfiles.8#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/setsebool/setsebool.c#3 edit
Differences ...
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/ChangeLog#5 (text+ko) ====
@@ -1,3 +1,74 @@
+1.34.1 2007-01-22
+ * Fixed newrole non-pam build.
+
+1.34.0 2007-01-18
+ * Updated version for stable branch.
+
+1.33.16 2007-01-18
+ * Merged po file updates from Dan Walsh.
+ * Removed update-po from all target in po/Makefile.
+
+1.33.15 2007-01-17
+ * Merged unicode-to-string fix for seobject audit from Dan Walsh.
+ * Merged man page updates to make "apropos selinux" work from Dan Walsh.
+
+1.33.14 2007-01-16
+ * Merged newrole man page patch from Michael Thompson.
+
+1.33.13 2007-01-16
+ * Merged patch to fix python unicode problem from Dan Walsh.
+
+1.33.12 2007-01-11
+ * Merged newrole securetty check from Dan Walsh.
+ * Merged semodule patch to generalize list support from Karl MacMillan.
+
+1.33.11 2007-01-09
+ * Merged fixfiles and seobject fixes from Dan Walsh.
+ * Merged semodule support for list of modules after -i from Karl MacMillan.
+
+1.33.10 2007-01-08
+ * Merged patch to correctly handle a failure during semanage handle
+ creation from Karl MacMillan.
+
+1.33.9 2007-01-05
+ * Merged patch to fix seobject role modification from Dan Walsh.
+
+1.33.8 2007-01-04
+ * Merged patches from Dan Walsh to:
+ - omit the optional name from audit2allow
+ - use the installed python version in the Makefiles
+ - re-open the tty with O_RDWR in newrole
+
+1.33.7 2007-01-03
+ * Patch from Dan Walsh to correctly suppress warnings in load_policy.
+
+1.33.6 2006-11-29
+ * Patch from Dan Walsh to add an pam_acct_msg call to run_init
+ * Patch from Dan Walsh to fix error code returns in newrole
+ * Patch from Dan Walsh to remove verbose flag from semanage man page
+ * Patch from Dan Walsh to make audit2allow use refpolicy Makefile
+ in /usr/share/selinux/<SELINUXTYPE>
+
+1.33.5 2006-11-27
+ * Merged patch from Michael C Thompson to clean up genhomedircon
+ error handling.
+1.33.4 2006-11-21
+ * Merged po file updates from Dan Walsh.
+
+1.33.3 2006-11-21
+ * Merged setsebool patch from Karl MacMillan.
+ This fixes a bug reported by Yuichi Nakamura with
+ always setting booleans persistently on an unmanaged system.
+
+1.33.2 2006-11-20
+ * Merged patch from Dan Walsh (via Karl MacMillan):
+ * Added newrole audit message on login failure
+ * Add /var/log/wtmp to restorecond.conf watch list
+ * Fix genhomedircon, semanage, semodule_expand man pages.
+
+1.33.1 2006-11-13
+ * Merged newrole patch set from Michael Thompson.
+
1.32 2006-10-17
* Updated version for release.
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/VERSION#5 (text+ko) ====
@@ -1,1 +1,1 @@
-1.32
+1.34.1
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/audit2allow/Makefile#4 (text+ko) ====
@@ -6,8 +6,8 @@
LIBDIR = $(PREFIX)/lib
MANDIR = $(PREFIX)/share/man
LOCALEDIR ?= /usr/share/locale
-PYLIBVER ?= python2.3
-PYTHONLIBDIR ?= $(DESTDIR)/System/Library/Frameworks/Python.framework/Versions/2.3/lib/$(PYLIBVER)
+PYLIBVER ?= $(shell python -c 'import sys;print "python%d.%d" % sys.version_info[0:2]')
+PYTHONLIBDIR ?= $(DESTDIR)$(shell python -c 'import sys;print sys.path[2]')
TARGETS=audit2allow
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/audit2allow/audit2allow#4 (text+ko) ====
@@ -29,6 +29,7 @@
if __name__ == '__main__':
import commands, sys, os, getopt, selinux
import gettext
+ import re
try:
gettext.install('policycoreutils')
except:
@@ -59,6 +60,11 @@
print msg
sys.exit(1)
+ def verify_module(module):
+ m = re.findall("[^a-zA-Z0-9]", module)
+ if len(m) != 0:
+ usage(_("Alphanumeric Charaters Only"))
+
def errorExit(error):
sys.stderr.write("%s: " % sys.argv[0])
sys.stderr.write("%s\n" % error)
@@ -125,10 +131,12 @@
if module != "" or a[0] == "-":
usage()
module = a
+ verify_module(module)
if o == "-M":
if module != "" or output_ind or a[0] == "-":
usage()
module = a
+ verify_module(module)
outfile = a+".te"
buildPP = 1
if not os.path.exists("/usr/bin/checkmodule"):
@@ -184,22 +192,27 @@
output.write(serules.out(requires, module))
output.flush()
if buildPP:
- cmd = "checkmodule %s -m -o %s.mod %s.te" % (get_mls_flag(), module, module)
- print _("Compiling policy")
- print cmd
- rc = commands.getstatusoutput(cmd)
- if rc[0] == 0:
- cmd = "semodule_package -o %s.pp -m %s.mod" % (module, module)
- if fc_file != "":
- cmd = "%s -f %s" % (cmd, fc_file)
-
+ if ref_ind:
+ rc, type = selinux.selinux_getpolicytype()
+ cmd = "make -f /usr/share/selinux/%s/include/Makefile %s.pp" % (type, module)
+ print _("Compiling policy")
+ print cmd
+ rc = commands.getstatusoutput(cmd)
+ else:
+ cmd = "checkmodule %s -m -o %s.mod %s.te" % (get_mls_flag(), module, module)
+ print _("Compiling policy")
print cmd
rc = commands.getstatusoutput(cmd)
if rc[0] == 0:
- print _("\n******************** IMPORTANT ***********************\n")
- print (_("In order to load this newly created policy package into the kernel,\nyou are required to execute \n\nsemodule -i %s.pp\n\n") % module)
- else:
- errorExit(rc[1])
+ cmd = "semodule_package -o %s.pp -m %s.mod" % (module, module)
+ if fc_file != "":
+ cmd = "%s -f %s" % (cmd, fc_file)
+
+ print cmd
+ rc = commands.getstatusoutput(cmd)
+ if rc[0] == 0:
+ print _("\n******************** IMPORTANT ***********************\n")
+ print (_("In order to load this newly created policy package into the kernel,\nyou are required to execute \n\nsemodule -i %s.pp\n\n") % module)
else:
errorExit(rc[1])
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/audit2allow/audit2allow.1#3 (text+ko) ====
@@ -24,7 +24,7 @@
.\"
.TH AUDIT2ALLOW "1" "January 2005" "Security Enhanced Linux" NSA
.SH NAME
-audit2allow \- generate policy allow rules from logs of denied operations
+audit2allow \- generate SELinux policy allow rules from logs of denied operations
.SH SYNOPSIS
.B audit2allow
.RI [ options "] "
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/audit2allow/avc.py#3 (text+ko) ====
@@ -231,7 +231,7 @@
else:
file = m[0][1]
ret = "\n#%s\n"% self.out()
- ret += "optional_policy(`%s', `\n" % m[0][1]
+ ret += "optional_policy(`\n"
first = True
for i in m:
if file != i[1]:
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/load_policy/load_policy.8#2 (text+ko) ====
@@ -1,6 +1,6 @@
.TH LOAD_POLICY "8" "May 2003" "Security Enhanced Linux" NSA
.SH NAME
-load_policy \- load a new policy into the kernel
+load_policy \- load a new SELinux policy into the kernel
.SH SYNOPSIS
.B load_policy
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/load_policy/load_policy.c#4 (text+ko) ====
@@ -51,12 +51,12 @@
nargs = argc - optind;
if (nargs > 2)
usage(argv[0]);
- if (nargs >= 1) {
- fprintf(stderr,
- "%s: Warning! Policy file argument (%s) is no longer supported, installed policy is always loaded. Continuing...\n",
- argv[0], argv[optind++]);
+ if (nargs >= 1 && !quiet) {
+ fprintf(stderr,
+ "%s: Warning! Policy file argument (%s) is no longer supported, installed policy is always loaded. Continuing...\n",
+ argv[0], argv[optind++]);
}
- if (nargs == 2) {
+ if (nargs == 2 && ! quiet) {
fprintf(stderr,
"%s: Warning! Boolean file argument (%s) is no longer supported, installed booleans file is always used. Continuing...\n",
argv[0], argv[optind++]);
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/newrole/Makefile#3 (text+ko) ====
@@ -6,10 +6,18 @@
LOCALEDIR = /usr/share/locale
PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null)
AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
-# If LOG_AUDIT_PRIV is y, then newrole will be made into setuid root program.
-# This is so that we have the CAP_AUDIT_WRITE capability. newrole will
-# shed all privileges and change to the user's uid.
-LOG_AUDIT_PRIV ?= n
+# Enable capabilities to permit newrole to generate audit records.
+# This will make newrole a setuid root program.
+# The capabilities used are: CAP_AUDIT_WRITE.
+AUDIT_LOG_PRIV ?= n
+# Enable capabilities to permit newrole to utilitize the pam_namespace module.
+# This will make newrole a setuid root program.
+# The capabilities used are: CAP_SYS_ADMIN, CAP_CHOWN, CAP_FOWNER and
+# CAP_DAC_OVERRIDE.
+NAMESPACE_PRIV ?= n
+# If LSPP_PRIV is y, then newrole will be made into setuid root program.
+# Enabling this option will force AUDIT_LOG_PRIV and NAMESPACE_PRIV to be y.
+LSPP_PRIV ?= n
VERSION = $(shell cat ../VERSION)
CFLAGS ?= -Werror -Wall -W
@@ -26,12 +34,23 @@
override CFLAGS += -DUSE_AUDIT
LDLIBS += -laudit
endif
-ifeq (${LOG_AUDIT_PRIV},y)
- override CFLAGS += -DLOG_AUDIT_PRIV
+ifeq (${LSPP_PRIV},y)
+ override AUDIT_LOG_PRIV=y
+ override NAMESPACE_PRIV=y
+endif
+ifeq (${AUDIT_LOG_PRIV},y)
+ override CFLAGS += -DAUDIT_LOG_PRIV
+ IS_SUID=y
+endif
+ifeq (${NAMESPACE_PRIV},y)
+ override CFLAGS += -DNAMESPACE_PRIV
+ IS_SUID=y
+endif
+ifeq (${IS_SUID},y)
+ MODE := 4555
LDLIBS += -lcap
- MODE := 4555
else
- MODE := 555
+ MODE := 0555
endif
TARGETS=$(patsubst %.c,%,$(wildcard *.c))
@@ -46,8 +65,12 @@
install -m 644 newrole.1 $(MANDIR)/man1/
ifeq (${PAMH}, /usr/include/security/pam_appl.h)
test -d $(ETCDIR)/pam.d || install -m 755 -d $(ETCDIR)/pam.d
+ifeq (${LSPP_PRIV},y)
+ install -m 644 newrole-lspp.pamd $(ETCDIR)/pam.d/newrole
+else
install -m 644 newrole.pamd $(ETCDIR)/pam.d/newrole
endif
+endif
clean:
rm -f $(TARGETS) *.o
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/newrole/newrole.1#2 (text+ko) ====
@@ -1,6 +1,6 @@
.TH NEWROLE "1" "October 2000" "Security Enhanced Linux" NSA
.SH NAME
-newrole \- run a shell with a new role
+newrole \- run a shell with a new SELinux role
.SH SYNOPSIS
.B newrole
[\fB-r\fR|\fB--role\fR]
@@ -57,16 +57,46 @@
.B --version
shows the current version of newrole
.PP
+.SH EXAMPLE
+.br
+Changing role:
+ # id -Z
+ staff_u:staff_r:staff_t:SystemLow-SystemHigh
+ # newrole -r sysadm_r
+ # id -Z
+ staff_u:sysadm_r:sysadm_t:SystemLow-SystemHigh
+
+Changing sensitivity only:
+ # id -Z
+ staff_u:sysadm_r:sysadm_t:Unclassified-SystemHigh
+ # newrole -l Secret
+ # id -Z
+ staff_u:sysadm_r:sysadm_t:Secret-SystemHigh
+
+.PP
+Changing sensitivity and clearance:
+ # id -Z
+ staff_u:sysadm_r:sysadm_t:Unclassified-SystemHigh
+ # newrole -l Secret-Secret
+ # id -Z
+ staff_u:sysadm_r:sysadm_t:Secret
+
.SH FILES
/etc/passwd - user account information
.br
/etc/shadow - encrypted passwords and age information
+.br
+/etc/selinux/<policy>/contexts/default_type - default types for roles
+/etc/selinux/<policy>/contexts/securetty_types - securetty types for level changes
+.br
.SH SEE ALSO
-.B su
-(1),
-.B runas
+.B runcon
(1)
.SH AUTHORS
.nf
-Tim Fraser (tfraser at tislabs.com)
-Anthony Colatrella (amcolat at epoch.ncsc.mil)
+Anthony Colatrella
+Tim Fraser
+Steve Grubb <sgrubb at redhat.com>
+Darrel Goeddel <DGoeddel at trustedcs.com>
+Michael Thompson <mcthomps at us.ibm.com>
+Dan Walsh <dwalsh at redhat.com>
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/newrole/newrole.c#5 (text+ko) ====
@@ -36,18 +36,25 @@
* setuid root, so that it can read the shadow passwd file.
*
*
- * option CANTSPELLGDB:
- *
- * If you set CANTSPELLGDB you will turn on some debugging printfs.
- *
+ * Authors:
+ * Anthony Colatrella
+ * Tim Fraser
+ * Steve Grubb <sgrubb at redhat.com>
+ * Darrel Goeddel <DGoeddel at trustedcs.com>
+ * Michael Thompson <mcthomps at us.ibm.com>
+ * Dan Walsh <dwalsh at redhat.com>
*
- * Authors: Tim Fraser ,
- * Anthony Colatrella <amcolat at epoch.ncsc.mil>
- * Various bug fixes by Stephen Smalley <sds at epoch.ncsc.mil>
- *
*************************************************************************/
#define _GNU_SOURCE
+
+#if defined(AUDIT_LOG_PRIV) && !defined(USE_AUDIT)
+#error AUDIT_LOG_PRIV needs the USE_AUDIT option
+#endif
+#if defined(NAMESPACE_PRIV) && !defined(USE_PAM)
+#error NAMESPACE_PRIV needs the USE_PAM option
+#endif
+
#include <stdio.h>
#include <stdlib.h> /* for malloc(), realloc(), free() */
#include <pwd.h> /* for getpwuid() */
@@ -64,13 +71,11 @@
#include <selinux/get_context_list.h> /* for SELINUX_DEFAULTUSER */
#include <security/mac.h>
#include <signal.h>
+#include <unistd.h> /* for getuid(), exit(), getopt() */
#ifdef USE_AUDIT
#include <libaudit.h>
#endif
-#ifdef LOG_AUDIT_PRIV
-#ifndef USE_AUDIT
-#error LOG_AUDIT_PRIV needs the USE_AUDIT option
-#endif
+#if defined(AUDIT_LOG_PRIV) || (NAMESPACE_PRIV)
#include <sys/prctl.h>
#include <sys/capability.h>
#endif
@@ -86,24 +91,24 @@
#endif
/* USAGE_STRING describes the command-line args of this program. */
-#define USAGE_STRING "USAGE: newrole [ -r role ] [ -t type ] [ -l level ] [ -V ] [ -- args ]"
+#define USAGE_STRING "USAGE: newrole [ -r role ] [ -t type ] [ -l level ] [ -p ] [ -V ] [ -- args ]"
+#define DEFAULT_PATH "/usr/bin:/bin"
#define DEFAULT_CONTEXT_SIZE 255 /* first guess at context size */
extern char **environ;
-char *xstrdup(const char *s)
-{
- char *s2;
-
- s2 = strdup(s);
- if (!s2) {
- fprintf(stderr, _("Out of memory!\n"));
- exit(1);
- }
- return s2;
-}
-
+/**
+ * Construct from the current range and specified desired level a resulting
+ * range. If the specified level is a range, return that. If it is not, then
+ * construct a range with level as the sensitivity and clearance of the current
+ * context.
+ *
+ * newlevel - the level specified on the command line
+ * range - the range in the current context
+ *
+ * Returns malloc'd memory
+ */
static char *build_new_range(char *newlevel, const char *range)
{
char *newrangep = NULL;
@@ -120,9 +125,8 @@
return newrangep;
}
- /* look for MLS range */
+ /* look for MLS range in current context */
tmpptr = strchr(range, '-');
-
if (tmpptr) {
/* we are inserting into a ranged MLS context */
len = strlen(newlevel) + 1 + strlen(tmpptr + 1) + 1;
@@ -153,16 +157,11 @@
* All PAM code goes in this section.
*
************************************************************************/
-
-#include <unistd.h> /* for getuid(), exit(), getopt() */
-
#include <pam/pam_appl.h> /* for PAM functions */
#include <pam/pam_misc.h> /* for misc_conv PAM utility function */
#define SERVICE_NAME "newrole" /* the name of this program for PAM */
-int authenticate_via_pam(const struct passwd *, const char *);
-
/* authenticate_via_pam()
*
* in: pw - struct containing data from our user's line in
@@ -176,63 +175,39 @@
* This function uses PAM to authenticate the user running this
* program. This is the only function in this program that makes PAM
* calls.
- *
*/
-
-int authenticate_via_pam(const struct passwd *pw, const char *ttyn)
+int authenticate_via_pam(const char *ttyn, pam_handle_t *pam_handle)
{
- int result = 0; /* our result, set to 0 (not authenticated) by default */
- int rc; /* pam return code */
- pam_handle_t *pam_handle; /* opaque handle used by all PAM functions */
+ int result = 0; /* set to 0 (not authenticated) by default */
+ int pam_rc; /* pam return code */
const char *tty_name;
- /* This is a jump table of functions for PAM to use when it wants to *
- * communicate with the user. We'll be using misc_conv(), which is *
- * provided for us via pam_misc.h. */
- struct pam_conv pam_conversation = {
- misc_conv,
- NULL
- };
-
- /* Make `p_pam_handle' a valid PAM handle so we can use it when *
- * calling PAM functions. */
- rc = pam_start(SERVICE_NAME,
- pw->pw_name, &pam_conversation, &pam_handle);
- if (rc != PAM_SUCCESS) {
- fprintf(stderr, _("failed to initialize PAM\n"));
- exit(-1);
- }
-
if (strncmp(ttyn, "/dev/", 5) == 0)
tty_name = ttyn + 5;
else
tty_name = ttyn;
- rc = pam_set_item(pam_handle, PAM_TTY, tty_name);
- if (rc != PAM_SUCCESS) {
+ pam_rc = pam_set_item(pam_handle, PAM_TTY, tty_name);
+ if (pam_rc != PAM_SUCCESS) {
fprintf(stderr, _("failed to set PAM_TTY\n"));
goto out;
}
/* Ask PAM to authenticate the user running this program */
- rc = pam_authenticate(pam_handle, 0);
- if (rc != PAM_SUCCESS) {
+ pam_rc = pam_authenticate(pam_handle, 0);
+ if (pam_rc != PAM_SUCCESS) {
goto out;
}
/* Ask PAM to verify acct_mgmt */
- rc = pam_acct_mgmt(pam_handle, 0);
- if (rc == PAM_SUCCESS) {
+ pam_rc = pam_acct_mgmt(pam_handle, 0);
+ if (pam_rc == PAM_SUCCESS) {
result = 1; /* user authenticated OK! */
}
- /* We're done with PAM. Free `pam_handle'. */
out:
- pam_end(pam_handle, rc);
-
- return (result);
-
+ return result;
} /* authenticate_via_pam() */
#else /* else !USE_PAM */
@@ -242,19 +217,14 @@
* All shadow passwd code goes in this section.
*
************************************************************************/
-
-#include <unistd.h> /* for getuid(), exit(), crypt() */
#include <shadow.h> /* for shadow passwd functions */
#include <string.h> /* for strlen(), memset() */
#define PASSWORD_PROMPT _("Password:") /* prompt for getpass() */
-int authenticate_via_shadow_passwd(const struct passwd *);
-
/* authenticate_via_shadow_passwd()
*
- * in: pw - struct containing data from our user's line in
- * the passwd file.
+ * in: uname - the calling user's user name
* out: nothing
* return: value condition
* ----- ---------
@@ -264,51 +234,37 @@
*
* This function uses the shadow passwd file to thenticate the user running
* this program.
- *
*/
-
-int authenticate_via_shadow_passwd(const struct passwd *pw)
+int authenticate_via_shadow_passwd(const char *uname)
{
+ struct spwd *p_shadow_line;
+ char *unencrypted_password_s;
+ char *encrypted_password_s;
- struct spwd *p_shadow_line; /* struct derived from shadow passwd file line */
- char *unencrypted_password_s; /* unencrypted password input by user */
- char *encrypted_password_s; /* user's password input after being crypt()ed */
-
- /* Make `p_shadow_line' point to the data from the current user's *
- * line in the shadow passwd file. */
- setspent(); /* Begin access to the shadow passwd file. */
- p_shadow_line = getspnam(pw->pw_name);
- endspent(); /* End access to the shadow passwd file. */
+ setspent();
+ p_shadow_line = getspnam(uname);
+ endspent();
if (!(p_shadow_line)) {
- fprintf(stderr,
- _
- ("Cannot find your entry in the shadow passwd file.\n"));
- exit(-1);
+ fprintf(stderr, _("Cannot find your entry in the shadow "
+ "passwd file.\n"));
+ return 0;
}
/* Ask user to input unencrypted password */
if (!(unencrypted_password_s = getpass(PASSWORD_PROMPT))) {
fprintf(stderr, _("getpass cannot open /dev/tty\n"));
- exit(-1);
+ return 0;
}
- /* Use crypt() to encrypt user's input password. Clear the *
- * unencrypted password as soon as we're done, so it is not *
- * visible to memory snoopers. */
+ /* Use crypt() to encrypt user's input password. */
encrypted_password_s = crypt(unencrypted_password_s,
p_shadow_line->sp_pwdp);
memset(unencrypted_password_s, 0, strlen(unencrypted_password_s));
-
- /* Return 1 (authenticated) iff the encrypted version of the user's *
- * input password matches the encrypted password stored in the *
- * shadow password file. */
return (!strcmp(encrypted_password_s, p_shadow_line->sp_pwdp));
-
-} /* authenticate_via_shadow_passwd() */
-
+}
#endif /* if/else USE_PAM */
-/*
+/**
* This function checks to see if the shell is known in /etc/shells.
* If so, it returns 1. On error or illegal shell, it returns 0.
*/
@@ -317,7 +273,7 @@
int found = 0;
const char *buf;
- if (!shell_name)
+ if (! (shell_name && shell_name[0]))
return found;
while ((buf = getusershell()) != NULL) {
@@ -335,71 +291,287 @@
return found;
}
-/*
+/**
+ * Determine the Linux user identity to re-authenticate.
+ * If supported and set, use the login uid, as this should be more stable.
+ * Otherwise, use the real uid.
+ *
+ * This function assigns malloc'd memory into the pw_copy struct.
+ * Returns zero on success, non-zero otherwise
+ */
+int extract_pw_data(struct passwd *pw_copy)
+{
+ uid_t uid;
+ struct passwd *pw;
+
+#ifdef USE_AUDIT
+ uid = audit_getloginuid();
+ if (uid == (uid_t) - 1)
+ uid = getuid();
+#else
+ uid = getuid();
+#endif
+
+ setpwent();
+ pw = getpwuid(uid);
+ endpwent();
+ if (!(pw && pw->pw_name && pw->pw_name[0] && pw->pw_shell
+ && pw->pw_shell[0] && pw->pw_dir && pw->pw_dir[0])) {
+ fprintf(stderr,
+ _("cannot find valid entry in the passwd file.\n"));
+ return -1;
+ }
+
+ *pw_copy = *pw;
+ pw = pw_copy;
+ pw->pw_name = strdup(pw->pw_name);
+ pw->pw_dir = strdup(pw->pw_dir);
+ pw->pw_shell = strdup(pw->pw_shell);
+
+ if (! (pw->pw_name && pw->pw_dir && pw->pw_shell)) {
+ fprintf(stderr, _("Out of memory!\n"));
+ goto out_free;
+ }
+
+ if (verify_shell(pw->pw_shell) == 0) {
+ fprintf(stderr, _("Error! Shell is not valid.\n"));
+ goto out_free;
+ }
+ return 0;
+
+out_free:
+ free(pw->pw_name);
+ free(pw->pw_dir);
+ free(pw->pw_shell);
+ return -1;
+}
+
+/**
+ * Either restore the original environment, or set up a minimal one.
+ *
+ * The minimal environment contains:
+ * TERM, DISPLAY and XAUTHORITY - if they are set, preserve values
+ * HOME, SHELL, USER and LOGNAME - set to contents of /etc/passwd
+ * PATH - set to default value DEFAULT_PATH
+ *
+ * Returns zero on success, non-zero otherwise
+ */
+static int restore_environment(int preserve_environment,
+ char **old_environ, const struct passwd *pw)
+{
+ char const *term_env;
+ char const *display_env;
+ char const *xauthority_env;
+ char *term = NULL; /* temporary container */
+ char *display = NULL; /* temporary container */
+ char *xauthority = NULL; /* temporary container */
+ int rc;
+
+ environ = old_environ;
+
+ if (preserve_environment)
+ return 0;
+
+ term_env = getenv("TERM");
+ display_env = getenv("DISPLAY");
+ xauthority_env = getenv("XAUTHORITY");
+
+ /* Save the variable values we want */
+ if (term_env)
+ term = strdup(term_env);
+ if (display_env)
+ display = strdup(display_env);
+ if (xauthority_env)
+ xauthority = strdup(xauthority_env);
+ if ((term_env && !term) || (display_env && !display) ||
+ (xauthority_env && !xauthority)) {
+ rc = -1;
+ goto out;
+ }
+
+ /* Construct a new environment */
+ if ((rc = clearenv())) {
+ fprintf(stderr, _("Unable to clear environment\n"));
+ goto out;
+ }
+
+ /* Restore that which we saved */
+ if (term)
+ rc |= setenv("TERM", term, 1);
+ if (display)
+ rc |= setenv("DISPLAY", display, 1);
+ if (xauthority)
+ rc |= setenv("XAUTHORITY", xauthority, 1);
+ rc |= setenv("HOME", pw->pw_dir, 1);
+ rc |= setenv("SHELL", pw->pw_shell, 1);
+ rc |= setenv("USER", pw->pw_name, 1);
+ rc |= setenv("LOGNAME", pw->pw_name, 1);
+ rc |= setenv("PATH", DEFAULT_PATH, 1);
+out:
+ free(term);
+ free(display);
+ free(xauthority);
+ return rc;
+}
+
+/**
* This function will drop the capabilities so that we are left
* only with access to the audit system. If the user is root, we leave
* the capabilities alone since they already should have access to the
* audit netlink socket.
+ *
+ * Returns zero on success, non-zero otherwise
*/
-#ifdef LOG_AUDIT_PRIV
-static void drop_capabilities(void)
+#if defined(AUDIT_LOG_PRIV) && !defined(NAMESPACE_PRIV)
+static int drop_capabilities(void)
{
+ int rc = 0;
+ cap_t new_caps, tmp_caps;
+ cap_value_t cap_list[] = { CAP_AUDIT_WRITE };
+ cap_value_t tmp_cap_list[] = { CAP_AUDIT_WRITE, CAP_SETUID };
uid_t uid = getuid();
- if (uid) { /* Non-root path */
- cap_t new_caps, tmp_caps;
- cap_value_t cap_list[] = { CAP_AUDIT_WRITE };
- cap_value_t tmp_cap_list[] = { CAP_AUDIT_WRITE, CAP_SETUID };
+ if (!uid)
+ return 0;
+
+ /* Non-root caller, suid root path */
+ new_caps = cap_init();
+ tmp_caps = cap_init();
+ if (!new_caps || !tmp_caps) {
+ fprintf(stderr, _("Error initing capabilities, aborting.\n"));
+ return -1;
+ }
+ rc |= cap_set_flag(new_caps, CAP_PERMITTED, 1, cap_list, CAP_SET);
+ rc |= cap_set_flag(new_caps, CAP_EFFECTIVE, 1, cap_list, CAP_SET);
+ rc |= cap_set_flag(tmp_caps, CAP_PERMITTED, 2, tmp_cap_list, CAP_SET);
+ rc |= cap_set_flag(tmp_caps, CAP_EFFECTIVE, 2, tmp_cap_list, CAP_SET);
+ if (rc) {
+ fprintf(stderr, _("Error setting capabilities, aborting\n"));
+ goto out;
+ }
+
+ /* Keep capabilities across uid change */
+ if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0)) {
+ fprintf(stderr, _("Error setting KEEPCAPS, aborting\n"));
+ rc = -1;
+ goto out;
+ }
+
+ /* Does this temporary change really buy us much? */
+ /* We should still have root's caps, so drop most capabilities now */
+ if ((rc = cap_set_proc(tmp_caps))) {
+ fprintf(stderr, _("Error dropping capabilities, aborting\n"));
+ goto out;
+ }
+
+ /* Change uid */
+ if ((rc = setresuid(uid, uid, uid))) {
+ fprintf(stderr, _("Error changing uid, aborting.\n"));
+ goto out;
+ }
+
+ /* Now get rid of this ability */
+ if ((rc = prctl(PR_SET_KEEPCAPS, 0, 0, 0, 0) < 0)) {
+ fprintf(stderr, _("Error resetting KEEPCAPS, aborting\n"));
+ goto out;
+ }
+
+ /* Finish dropping capabilities. */
+ if ((rc = cap_set_proc(new_caps))) {
+ fprintf(stderr,
+ _("Error dropping SETUID capability, aborting\n"));
+ goto out;
+ }
+out:
+ if (cap_free(tmp_caps) || cap_free(new_caps))
+ fprintf(stderr, _("Error freeing caps\n"));
+ return rc;
+}
+#elif defined(NAMESPACE_PRIV)
+/**
+ * This function will drop the capabilities so that we are left
+ * only with access to the audit system and the ability to raise
+ * CAP_SYS_ADMIN, CAP_DAC_OVERRIDE, CAP_FOWNER and CAP_CHOWN,
+ * before invoking pam_namespace. These capabilities are needed
+ * for performing bind mounts/unmounts and to create potential new
+ * instance directories with appropriate DAC attributes. If the
+ * user is root, we leave the capabilities alone since they already
+ * should have access to the audit netlink socket and should have
+ * the ability to create/mount/unmount instance directories.
+ *
+ * Returns zero on success, non-zero otherwise
+ */
+static int drop_capabilities(void)
+{
+ int rc = 0;
+ cap_t new_caps;
+ cap_value_t cap_list[] = { CAP_AUDIT_WRITE, CAP_SETUID,
+ CAP_SYS_ADMIN, CAP_FOWNER, CAP_CHOWN,
+ CAP_DAC_OVERRIDE };
+
+ if (!getuid())
+ return 0;
+
+ /* Non-root caller, suid root path */
>>> TRUNCATED FOR MAIL (1000 lines) <<<
More information about the trustedbsd-cvs
mailing list