James Antill | 1 Oct 08:46 2007
Picon

[PATCH] ustr cleanups (policyrep branch)


 Here are two cleanups for ustr usage within libsemanage on the
policyrep branch.

 The first is a corner case where you have two or more replacements in
the "replace_all" function of genhomedircon, previously one of those
multiple replacements (in theory) could fail due to malloc() returning
NULL and that would be missed. The fix probably makes the free test more
readable too.

 The second is that semanage_is_prefix() was previously defined by
calling ustr functions (inefficiently, even), and so had to allocate a
ustr to do it's work ... the fix just calls strncmp() directly.

--

-- 
James Antill <jantill@...>
Christopher J. PeBenito | 1 Oct 14:36 2007

Re: m4 help

On Fri, 2007-09-28 at 17:52 -0700, Clarkson, Mike R (US SSA) wrote:
> I need help with m4 macros.
> 
> I'm using m4 macros in my file context files to define common paths, so
> that I only have to define them once. Here's an example of what I'm
> doing:
> 
> define(`SDK_HOME',`/opt/oracle/product/AccessServerSDK')
> SDK_HOME/oblix/lib/lib.+\.so.* --
> gen_context(system_u:object_r:shlib_t,s0)
> 
> The above statement works fine. But the below statement does NOT:
> 
> SDK_HOME(/.*)?  gen_context(system_u:object_r:oracle_sp_file_t,s0)
> 
> This expands to:
> /opt/oracle/product/AccessServerSDK?
> gen_context(system_u:object_r:oracle_sp_file_t,s0)
> 
> rather than
> 
> /opt/oracle/product/AccessServerSDK(/.*)?
> gen_context(system_u:object_r:oracle_sp_file_t,s0)
> 
> How can I get m4 to handle this case properly?

To get this to not treat the () as a parameter list for the macro
invocation, you have to insert an empty string:

SDK_HOME`'(/.*)? gen_context(system_u:object_r:oracle_sp_file_t,s0)
(Continue reading)

Christopher J. PeBenito | 1 Oct 14:56 2007

Re: problem with ftpd

On Sat, 2007-09-29 at 15:11 -0400, Michael Klinosky wrote:
> Hello.
> I just subscribed, hoping to get help with an SElinux issue. However, it 
> seems that this isn't quite a discussion list - correct?
> 
> If it can be discussed here, I want to figure out how to get SElinux to 
> allow the application pure-ftpd to run properly. I get 2 alerts, and the 
> suggestions didn't help.
> 
> If this isn't the place, is there another list? Or, could someone email 
> me directly?

Go ahead and ask.  Audit messages or messages from setroubleshoot, in
addition to any error messages from ftpd will be useful.

--

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150

Christopher J. PeBenito | 1 Oct 14:52 2007

Re: policyd module

On Sun, 2007-09-30 at 01:10 +0200, Jan-Frode Myklebust wrote:
> Here's a module for the postfix policy server "policyd",
> http://policyd.org/. It also needs the port 10031/tcp labeled as
> policyd_port_t, but I don't know how to code that in a module. So I've
> added it manually with "semanage port -a -t policyd_port_t -p tcp 10031"
> on my systems.

It is a limitation of modules, ports can only be defined in the base
module or via semanage.

--

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150

Subrata Modak | 1 Oct 15:57 2007
Picon

[ANNOUNCE] The Linux Test Project has been Released for SEPTEMBER 2007

Dear All,

The Linux Test Project test suite has been released for the month of
SEPTEMBER 2007. The latest version of the test-suite contains 3000+
tests for the Linux OS and can be found at http://ltp.sourceforge.net/.
Latest happenings in LTP can also be found at:
http://ltp.sourceforge.net/wiki/,
http://ltp.sourceforge.net/wikiArchives.php, and,
IRC: irc.freenode.org #ltp.

Our web site also contains other information such as:
- A Linux test tools matrix
- Technical papers
- How To's on Linux testing
- Code coverage analysis tool.

Release Highlights:

* Enabling Kernel Version Comparisns for Lots of Testcase(s),
* Removal of Connectathon Testcases for want of GPLV2 license,
* Patching of NUMA Testcases for better Statistics Collection,
* Fixes for KDUMP scripts errors,
* Mandatory generation of failed testcases file,
* Fix of LTP output format as pointed out by Andrew Morton,
* Update of OPENHPI testsuite to 2.10.0,

Note(s) from the Maintainer:
LTP output will see new formats in the coming days. This will make
interpreting output more easily and conceptually. Hope that Real Time
Linux Testcases will see the light of the day by this month end.
(Continue reading)

Ted X Toth | 1 Oct 16:06 2007
Picon

file names with spaces, file contexts and matchpathcon problems

I've been trying to figure out how to write fcglob expressions for file 
names with spaces which will work in an fc file but haven't succeeded 
yet, can anyone help me? I can use wildcarding (?) but I'd prefer being 
specific like "[ ]" which doesn't work. If I do use a wildcard I can 
then use the matchpathcon  command to retrieve the default context but 
code calling the matchpathcon api with the same path fails claiming that 
the file/directory doesn't exist.

Daniel J Walsh | 1 Oct 18:31 2007
Picon

Re: [patch 0/4] libsemanage: genhomedircon regressions


This patch makes sure /root gets labeled even if it is using the default
context.
diff --exclude-from=exclude -N -u -r nsalibsemanage/src/genhomedircon.c libsemanage-2.0.11/src/genhomedircon.c
--- nsalibsemanage/src/genhomedircon.c	2007-10-01 09:54:35.000000000 -0400
+++ libsemanage-2.0.11/src/genhomedircon.c	2007-10-01 12:24:39.000000000 -0400
 <at>  <at>  -668,12 +668,11  <at>  <at> 

 	for (i = 0; i < nseusers; i++) {
 		seuname = semanage_seuser_get_sename(seuser_list[i]);
+		name = semanage_seuser_get_name(seuser_list[i]);

-		if (strcmp(seuname, s->fallback_user) == 0)
+		if (strcmp(name,"root") && strcmp(seuname, s->fallback_user) == 0)
 			continue;

-		name = semanage_seuser_get_name(seuser_list[i]);
-
 		if (strcmp(name, DEFAULT_LOGIN) == 0)
 			continue;

Attachment (diff.sig): application/octet-stream, 89 bytes
Todd Miller | 1 Oct 19:35 2007

RE: [PATCH] ustr cleanups (policyrep branch)

James Antill wrote:
>  Here are two cleanups for ustr usage within libsemanage on the
> policyrep branch.
> 
>  The first is a corner case where you have two or more replacements in
> the "replace_all" function of genhomedircon, previously one of those
> multiple replacements (in theory) could fail due to malloc() returning
> NULL and that would be missed. The fix probably makes the free test
> more readable too.
> 
>  The second is that semanage_is_prefix() was previously defined by
> calling ustr functions (inefficiently, even), and so had to allocate a
> ustr to do it's work ... the fix just calls strncmp() directly.

That looks sane to me.  Is there a reason you based this off of
policyrep instead of trunk?

 - todd

Todd Miller | 1 Oct 19:43 2007

RE: [patch 0/4] libsemanage: genhomedircon regressions

Daniel J Walsh wrote:
> This patch makes sure /root gets labeled even if it is using the
> default context.

That looks reasonable to me.

 - todd

James Antill | 1 Oct 20:40 2007
Picon

RE: [PATCH] ustr cleanups (policyrep branch)

On Mon, 2007-10-01 at 13:35 -0400, Todd Miller wrote:

> That looks sane to me.  Is there a reason you based this off of
> policyrep instead of trunk?

 Just me not having used SVN much, I did a search for ustr in the
branches directory and went from there ... didn't even notice the top
level trunk directory.
 The patch seems to apply without conflicts with -p3 from inside the
trunk dir.

--

-- 
James Antill <jantill@...>

Gmane