From owner-p4-projects@FreeBSD.ORG Thu Jan 25 15:18:53 2007 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 9352E16A404; Thu, 25 Jan 2007 15:18:53 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 55FB616A402 for ; Thu, 25 Jan 2007 15:18:53 +0000 (UTC) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [69.147.83.41]) by mx1.freebsd.org (Postfix) with ESMTP id 44E4613C45D for ; Thu, 25 Jan 2007 15:18:53 +0000 (UTC) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id l0PFIrwb055132 for ; Thu, 25 Jan 2007 15:18:53 GMT (envelope-from millert@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id l0PFIpju055129 for perforce@freebsd.org; Thu, 25 Jan 2007 15:18:51 GMT (envelope-from millert@freebsd.org) Date: Thu, 25 Jan 2007 15:18:51 GMT Message-Id: <200701251518.l0PFIpju055129@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to millert@freebsd.org using -f From: Todd Miller To: Perforce Change Reviews Cc: Subject: PERFORCE change 113511 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Jan 2007 15:18:53 -0000 http://perforce.freebsd.org/chv.cgi?CH=113511 Change 113511 by millert@millert_macbook on 2007/01/25 15:18:19 Update to policycoreutils-1.34.1 from the NSA web site. Affected files ... .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/ChangeLog#5 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/VERSION#5 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/audit2allow/Makefile#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/audit2allow/audit2allow#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/audit2allow/audit2allow.1#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/audit2allow/avc.py#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/load_policy/load_policy.8#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/load_policy/load_policy.c#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/newrole/Makefile#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/newrole/newrole-lspp.pamd#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/newrole/newrole.1#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/newrole/newrole.c#5 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/Makefile#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/POTFILES.in#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/af.po#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/am.po#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/ar.po#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/as.po#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/be.po#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/bg.po#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/bn.po#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/bn_IN.po#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/ca.po#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/cs.po#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/cy.po#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/da.po#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/de.po#5 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/el.po#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/en_GB.po#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/es.po#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/et.po#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/eu_ES.po#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/fa.po#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/fi.po#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/fr.po#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/gl.po#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/gu.po#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/he.po#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/hi.po#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/hr.po#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/hu.po#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/hy.po#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/id.po#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/is.po#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/it.po#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/ja.po#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/ka.po#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/kn.po#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/ko.po#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/ku.po#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/lo.po#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/lt.po#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/lv.po#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/mk.po#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/ml.po#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/mr.po#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/ms.po#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/my.po#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/nb.po#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/nl.po#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/nn.po#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/no.po#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/nso.po#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/or.po#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/pa.po#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/pl.po#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/policycoreutils.pot#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/pt.po#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/pt_BR.po#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/ro.po#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/ru.po#5 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/si.po#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/sk.po#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/sl.po#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/sq.po#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/sr%40Latn.po#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/sr.po#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/sv.po#5 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/ta.po#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/te.po#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/th.po#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/tr.po#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/uk.po#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/ur.po#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/vi.po#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/zh_CN.po#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/zh_TW.po#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/zu.po#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/restorecon/restorecon.8#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/restorecond/restorecond.8#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/restorecond/restorecond.conf#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/run_init/run_init.8#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/run_init/run_init.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/scripts/chcat.8#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/scripts/fixfiles#5 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/scripts/fixfiles.8#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/scripts/genhomedircon#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/scripts/genhomedircon.8#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/secon/secon.1#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/semanage/Makefile#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/semanage/semanage#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/semanage/semanage.8#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/semanage/seobject.py#5 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/semodule/semodule.8#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/semodule/semodule.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/semodule_deps/semodule_deps.8#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/semodule_expand/semodule_expand.8#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/setfiles/setfiles.8#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/setsebool/setsebool.c#3 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/ChangeLog#5 (text+ko) ==== @@ -1,3 +1,74 @@ +1.34.1 2007-01-22 + * Fixed newrole non-pam build. + +1.34.0 2007-01-18 + * Updated version for stable branch. + +1.33.16 2007-01-18 + * Merged po file updates from Dan Walsh. + * Removed update-po from all target in po/Makefile. + +1.33.15 2007-01-17 + * Merged unicode-to-string fix for seobject audit from Dan Walsh. + * Merged man page updates to make "apropos selinux" work from Dan Walsh. + +1.33.14 2007-01-16 + * Merged newrole man page patch from Michael Thompson. + +1.33.13 2007-01-16 + * Merged patch to fix python unicode problem from Dan Walsh. + +1.33.12 2007-01-11 + * Merged newrole securetty check from Dan Walsh. + * Merged semodule patch to generalize list support from Karl MacMillan. + +1.33.11 2007-01-09 + * Merged fixfiles and seobject fixes from Dan Walsh. + * Merged semodule support for list of modules after -i from Karl MacMillan. + +1.33.10 2007-01-08 + * Merged patch to correctly handle a failure during semanage handle + creation from Karl MacMillan. + +1.33.9 2007-01-05 + * Merged patch to fix seobject role modification from Dan Walsh. + +1.33.8 2007-01-04 + * Merged patches from Dan Walsh to: + - omit the optional name from audit2allow + - use the installed python version in the Makefiles + - re-open the tty with O_RDWR in newrole + +1.33.7 2007-01-03 + * Patch from Dan Walsh to correctly suppress warnings in load_policy. + +1.33.6 2006-11-29 + * Patch from Dan Walsh to add an pam_acct_msg call to run_init + * Patch from Dan Walsh to fix error code returns in newrole + * Patch from Dan Walsh to remove verbose flag from semanage man page + * Patch from Dan Walsh to make audit2allow use refpolicy Makefile + in /usr/share/selinux/ + +1.33.5 2006-11-27 + * Merged patch from Michael C Thompson to clean up genhomedircon + error handling. +1.33.4 2006-11-21 + * Merged po file updates from Dan Walsh. + +1.33.3 2006-11-21 + * Merged setsebool patch from Karl MacMillan. + This fixes a bug reported by Yuichi Nakamura with + always setting booleans persistently on an unmanaged system. + +1.33.2 2006-11-20 + * Merged patch from Dan Walsh (via Karl MacMillan): + * Added newrole audit message on login failure + * Add /var/log/wtmp to restorecond.conf watch list + * Fix genhomedircon, semanage, semodule_expand man pages. + +1.33.1 2006-11-13 + * Merged newrole patch set from Michael Thompson. + 1.32 2006-10-17 * Updated version for release. ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/VERSION#5 (text+ko) ==== @@ -1,1 +1,1 @@ -1.32 +1.34.1 ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/audit2allow/Makefile#4 (text+ko) ==== @@ -6,8 +6,8 @@ LIBDIR = $(PREFIX)/lib MANDIR = $(PREFIX)/share/man LOCALEDIR ?= /usr/share/locale -PYLIBVER ?= python2.3 -PYTHONLIBDIR ?= $(DESTDIR)/System/Library/Frameworks/Python.framework/Versions/2.3/lib/$(PYLIBVER) +PYLIBVER ?= $(shell python -c 'import sys;print "python%d.%d" % sys.version_info[0:2]') +PYTHONLIBDIR ?= $(DESTDIR)$(shell python -c 'import sys;print sys.path[2]') TARGETS=audit2allow ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/audit2allow/audit2allow#4 (text+ko) ==== @@ -29,6 +29,7 @@ if __name__ == '__main__': import commands, sys, os, getopt, selinux import gettext + import re try: gettext.install('policycoreutils') except: @@ -59,6 +60,11 @@ print msg sys.exit(1) + def verify_module(module): + m = re.findall("[^a-zA-Z0-9]", module) + if len(m) != 0: + usage(_("Alphanumeric Charaters Only")) + def errorExit(error): sys.stderr.write("%s: " % sys.argv[0]) sys.stderr.write("%s\n" % error) @@ -125,10 +131,12 @@ if module != "" or a[0] == "-": usage() module = a + verify_module(module) if o == "-M": if module != "" or output_ind or a[0] == "-": usage() module = a + verify_module(module) outfile = a+".te" buildPP = 1 if not os.path.exists("/usr/bin/checkmodule"): @@ -184,22 +192,27 @@ output.write(serules.out(requires, module)) output.flush() if buildPP: - cmd = "checkmodule %s -m -o %s.mod %s.te" % (get_mls_flag(), module, module) - print _("Compiling policy") - print cmd - rc = commands.getstatusoutput(cmd) - if rc[0] == 0: - cmd = "semodule_package -o %s.pp -m %s.mod" % (module, module) - if fc_file != "": - cmd = "%s -f %s" % (cmd, fc_file) - + if ref_ind: + rc, type = selinux.selinux_getpolicytype() + cmd = "make -f /usr/share/selinux/%s/include/Makefile %s.pp" % (type, module) + print _("Compiling policy") + print cmd + rc = commands.getstatusoutput(cmd) + else: + cmd = "checkmodule %s -m -o %s.mod %s.te" % (get_mls_flag(), module, module) + print _("Compiling policy") print cmd rc = commands.getstatusoutput(cmd) if rc[0] == 0: - print _("\n******************** IMPORTANT ***********************\n") - print (_("In order to load this newly created policy package into the kernel,\nyou are required to execute \n\nsemodule -i %s.pp\n\n") % module) - else: - errorExit(rc[1]) + cmd = "semodule_package -o %s.pp -m %s.mod" % (module, module) + if fc_file != "": + cmd = "%s -f %s" % (cmd, fc_file) + + print cmd + rc = commands.getstatusoutput(cmd) + if rc[0] == 0: + print _("\n******************** IMPORTANT ***********************\n") + print (_("In order to load this newly created policy package into the kernel,\nyou are required to execute \n\nsemodule -i %s.pp\n\n") % module) else: errorExit(rc[1]) ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/audit2allow/audit2allow.1#3 (text+ko) ==== @@ -24,7 +24,7 @@ .\" .TH AUDIT2ALLOW "1" "January 2005" "Security Enhanced Linux" NSA .SH NAME -audit2allow \- generate policy allow rules from logs of denied operations +audit2allow \- generate SELinux policy allow rules from logs of denied operations .SH SYNOPSIS .B audit2allow .RI [ options "] " ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/audit2allow/avc.py#3 (text+ko) ==== @@ -231,7 +231,7 @@ else: file = m[0][1] ret = "\n#%s\n"% self.out() - ret += "optional_policy(`%s', `\n" % m[0][1] + ret += "optional_policy(`\n" first = True for i in m: if file != i[1]: ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/load_policy/load_policy.8#2 (text+ko) ==== @@ -1,6 +1,6 @@ .TH LOAD_POLICY "8" "May 2003" "Security Enhanced Linux" NSA .SH NAME -load_policy \- load a new policy into the kernel +load_policy \- load a new SELinux policy into the kernel .SH SYNOPSIS .B load_policy ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/load_policy/load_policy.c#4 (text+ko) ==== @@ -51,12 +51,12 @@ nargs = argc - optind; if (nargs > 2) usage(argv[0]); - if (nargs >= 1) { - fprintf(stderr, - "%s: Warning! Policy file argument (%s) is no longer supported, installed policy is always loaded. Continuing...\n", - argv[0], argv[optind++]); + if (nargs >= 1 && !quiet) { + fprintf(stderr, + "%s: Warning! Policy file argument (%s) is no longer supported, installed policy is always loaded. Continuing...\n", + argv[0], argv[optind++]); } - if (nargs == 2) { + if (nargs == 2 && ! quiet) { fprintf(stderr, "%s: Warning! Boolean file argument (%s) is no longer supported, installed booleans file is always used. Continuing...\n", argv[0], argv[optind++]); ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/newrole/Makefile#3 (text+ko) ==== @@ -6,10 +6,18 @@ LOCALEDIR = /usr/share/locale PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null) AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null) -# If LOG_AUDIT_PRIV is y, then newrole will be made into setuid root program. -# This is so that we have the CAP_AUDIT_WRITE capability. newrole will -# shed all privileges and change to the user's uid. -LOG_AUDIT_PRIV ?= n +# Enable capabilities to permit newrole to generate audit records. +# This will make newrole a setuid root program. +# The capabilities used are: CAP_AUDIT_WRITE. +AUDIT_LOG_PRIV ?= n +# Enable capabilities to permit newrole to utilitize the pam_namespace module. +# This will make newrole a setuid root program. +# The capabilities used are: CAP_SYS_ADMIN, CAP_CHOWN, CAP_FOWNER and +# CAP_DAC_OVERRIDE. +NAMESPACE_PRIV ?= n +# If LSPP_PRIV is y, then newrole will be made into setuid root program. +# Enabling this option will force AUDIT_LOG_PRIV and NAMESPACE_PRIV to be y. +LSPP_PRIV ?= n VERSION = $(shell cat ../VERSION) CFLAGS ?= -Werror -Wall -W @@ -26,12 +34,23 @@ override CFLAGS += -DUSE_AUDIT LDLIBS += -laudit endif -ifeq (${LOG_AUDIT_PRIV},y) - override CFLAGS += -DLOG_AUDIT_PRIV +ifeq (${LSPP_PRIV},y) + override AUDIT_LOG_PRIV=y + override NAMESPACE_PRIV=y +endif +ifeq (${AUDIT_LOG_PRIV},y) + override CFLAGS += -DAUDIT_LOG_PRIV + IS_SUID=y +endif +ifeq (${NAMESPACE_PRIV},y) + override CFLAGS += -DNAMESPACE_PRIV + IS_SUID=y +endif +ifeq (${IS_SUID},y) + MODE := 4555 LDLIBS += -lcap - MODE := 4555 else - MODE := 555 + MODE := 0555 endif TARGETS=$(patsubst %.c,%,$(wildcard *.c)) @@ -46,8 +65,12 @@ install -m 644 newrole.1 $(MANDIR)/man1/ ifeq (${PAMH}, /usr/include/security/pam_appl.h) test -d $(ETCDIR)/pam.d || install -m 755 -d $(ETCDIR)/pam.d +ifeq (${LSPP_PRIV},y) + install -m 644 newrole-lspp.pamd $(ETCDIR)/pam.d/newrole +else install -m 644 newrole.pamd $(ETCDIR)/pam.d/newrole endif +endif clean: rm -f $(TARGETS) *.o ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/newrole/newrole.1#2 (text+ko) ==== @@ -1,6 +1,6 @@ .TH NEWROLE "1" "October 2000" "Security Enhanced Linux" NSA .SH NAME -newrole \- run a shell with a new role +newrole \- run a shell with a new SELinux role .SH SYNOPSIS .B newrole [\fB-r\fR|\fB--role\fR] @@ -57,16 +57,46 @@ .B --version shows the current version of newrole .PP +.SH EXAMPLE +.br +Changing role: + # id -Z + staff_u:staff_r:staff_t:SystemLow-SystemHigh + # newrole -r sysadm_r + # id -Z + staff_u:sysadm_r:sysadm_t:SystemLow-SystemHigh + +Changing sensitivity only: + # id -Z + staff_u:sysadm_r:sysadm_t:Unclassified-SystemHigh + # newrole -l Secret + # id -Z + staff_u:sysadm_r:sysadm_t:Secret-SystemHigh + +.PP +Changing sensitivity and clearance: + # id -Z + staff_u:sysadm_r:sysadm_t:Unclassified-SystemHigh + # newrole -l Secret-Secret + # id -Z + staff_u:sysadm_r:sysadm_t:Secret + .SH FILES /etc/passwd - user account information .br /etc/shadow - encrypted passwords and age information +.br +/etc/selinux//contexts/default_type - default types for roles +/etc/selinux//contexts/securetty_types - securetty types for level changes +.br .SH SEE ALSO -.B su -(1), -.B runas +.B runcon (1) .SH AUTHORS .nf -Tim Fraser (tfraser@tislabs.com) -Anthony Colatrella (amcolat@epoch.ncsc.mil) +Anthony Colatrella +Tim Fraser +Steve Grubb +Darrel Goeddel +Michael Thompson +Dan Walsh ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/newrole/newrole.c#5 (text+ko) ==== @@ -36,18 +36,25 @@ * setuid root, so that it can read the shadow passwd file. * * - * option CANTSPELLGDB: - * - * If you set CANTSPELLGDB you will turn on some debugging printfs. - * + * Authors: + * Anthony Colatrella + * Tim Fraser + * Steve Grubb + * Darrel Goeddel + * Michael Thompson + * Dan Walsh * - * Authors: Tim Fraser , - * Anthony Colatrella - * Various bug fixes by Stephen Smalley - * *************************************************************************/ #define _GNU_SOURCE + +#if defined(AUDIT_LOG_PRIV) && !defined(USE_AUDIT) +#error AUDIT_LOG_PRIV needs the USE_AUDIT option +#endif +#if defined(NAMESPACE_PRIV) && !defined(USE_PAM) +#error NAMESPACE_PRIV needs the USE_PAM option +#endif + #include #include /* for malloc(), realloc(), free() */ #include /* for getpwuid() */ @@ -64,13 +71,11 @@ #include /* for SELINUX_DEFAULTUSER */ #include #include +#include /* for getuid(), exit(), getopt() */ #ifdef USE_AUDIT #include #endif -#ifdef LOG_AUDIT_PRIV -#ifndef USE_AUDIT -#error LOG_AUDIT_PRIV needs the USE_AUDIT option -#endif +#if defined(AUDIT_LOG_PRIV) || (NAMESPACE_PRIV) #include #include #endif @@ -86,24 +91,24 @@ #endif /* USAGE_STRING describes the command-line args of this program. */ -#define USAGE_STRING "USAGE: newrole [ -r role ] [ -t type ] [ -l level ] [ -V ] [ -- args ]" +#define USAGE_STRING "USAGE: newrole [ -r role ] [ -t type ] [ -l level ] [ -p ] [ -V ] [ -- args ]" +#define DEFAULT_PATH "/usr/bin:/bin" #define DEFAULT_CONTEXT_SIZE 255 /* first guess at context size */ extern char **environ; -char *xstrdup(const char *s) -{ - char *s2; - - s2 = strdup(s); - if (!s2) { - fprintf(stderr, _("Out of memory!\n")); - exit(1); - } - return s2; -} - +/** + * Construct from the current range and specified desired level a resulting + * range. If the specified level is a range, return that. If it is not, then + * construct a range with level as the sensitivity and clearance of the current + * context. + * + * newlevel - the level specified on the command line + * range - the range in the current context + * + * Returns malloc'd memory + */ static char *build_new_range(char *newlevel, const char *range) { char *newrangep = NULL; @@ -120,9 +125,8 @@ return newrangep; } - /* look for MLS range */ + /* look for MLS range in current context */ tmpptr = strchr(range, '-'); - if (tmpptr) { /* we are inserting into a ranged MLS context */ len = strlen(newlevel) + 1 + strlen(tmpptr + 1) + 1; @@ -153,16 +157,11 @@ * All PAM code goes in this section. * ************************************************************************/ - -#include /* for getuid(), exit(), getopt() */ - #include /* for PAM functions */ #include /* for misc_conv PAM utility function */ #define SERVICE_NAME "newrole" /* the name of this program for PAM */ -int authenticate_via_pam(const struct passwd *, const char *); - /* authenticate_via_pam() * * in: pw - struct containing data from our user's line in @@ -176,63 +175,39 @@ * This function uses PAM to authenticate the user running this * program. This is the only function in this program that makes PAM * calls. - * */ - -int authenticate_via_pam(const struct passwd *pw, const char *ttyn) +int authenticate_via_pam(const char *ttyn, pam_handle_t *pam_handle) { - int result = 0; /* our result, set to 0 (not authenticated) by default */ - int rc; /* pam return code */ - pam_handle_t *pam_handle; /* opaque handle used by all PAM functions */ + int result = 0; /* set to 0 (not authenticated) by default */ + int pam_rc; /* pam return code */ const char *tty_name; - /* This is a jump table of functions for PAM to use when it wants to * - * communicate with the user. We'll be using misc_conv(), which is * - * provided for us via pam_misc.h. */ - struct pam_conv pam_conversation = { - misc_conv, - NULL - }; - - /* Make `p_pam_handle' a valid PAM handle so we can use it when * - * calling PAM functions. */ - rc = pam_start(SERVICE_NAME, - pw->pw_name, &pam_conversation, &pam_handle); - if (rc != PAM_SUCCESS) { - fprintf(stderr, _("failed to initialize PAM\n")); - exit(-1); - } - if (strncmp(ttyn, "/dev/", 5) == 0) tty_name = ttyn + 5; else tty_name = ttyn; - rc = pam_set_item(pam_handle, PAM_TTY, tty_name); - if (rc != PAM_SUCCESS) { + pam_rc = pam_set_item(pam_handle, PAM_TTY, tty_name); + if (pam_rc != PAM_SUCCESS) { fprintf(stderr, _("failed to set PAM_TTY\n")); goto out; } /* Ask PAM to authenticate the user running this program */ - rc = pam_authenticate(pam_handle, 0); - if (rc != PAM_SUCCESS) { + pam_rc = pam_authenticate(pam_handle, 0); + if (pam_rc != PAM_SUCCESS) { goto out; } /* Ask PAM to verify acct_mgmt */ - rc = pam_acct_mgmt(pam_handle, 0); - if (rc == PAM_SUCCESS) { + pam_rc = pam_acct_mgmt(pam_handle, 0); + if (pam_rc == PAM_SUCCESS) { result = 1; /* user authenticated OK! */ } - /* We're done with PAM. Free `pam_handle'. */ out: - pam_end(pam_handle, rc); - - return (result); - + return result; } /* authenticate_via_pam() */ #else /* else !USE_PAM */ @@ -242,19 +217,14 @@ * All shadow passwd code goes in this section. * ************************************************************************/ - -#include /* for getuid(), exit(), crypt() */ #include /* for shadow passwd functions */ #include /* for strlen(), memset() */ #define PASSWORD_PROMPT _("Password:") /* prompt for getpass() */ -int authenticate_via_shadow_passwd(const struct passwd *); - /* authenticate_via_shadow_passwd() * - * in: pw - struct containing data from our user's line in - * the passwd file. + * in: uname - the calling user's user name * out: nothing * return: value condition * ----- --------- @@ -264,51 +234,37 @@ * * This function uses the shadow passwd file to thenticate the user running * this program. - * */ - -int authenticate_via_shadow_passwd(const struct passwd *pw) +int authenticate_via_shadow_passwd(const char *uname) { + struct spwd *p_shadow_line; + char *unencrypted_password_s; + char *encrypted_password_s; - struct spwd *p_shadow_line; /* struct derived from shadow passwd file line */ - char *unencrypted_password_s; /* unencrypted password input by user */ - char *encrypted_password_s; /* user's password input after being crypt()ed */ - - /* Make `p_shadow_line' point to the data from the current user's * - * line in the shadow passwd file. */ - setspent(); /* Begin access to the shadow passwd file. */ - p_shadow_line = getspnam(pw->pw_name); - endspent(); /* End access to the shadow passwd file. */ + setspent(); + p_shadow_line = getspnam(uname); + endspent(); if (!(p_shadow_line)) { - fprintf(stderr, - _ - ("Cannot find your entry in the shadow passwd file.\n")); - exit(-1); + fprintf(stderr, _("Cannot find your entry in the shadow " + "passwd file.\n")); + return 0; } /* Ask user to input unencrypted password */ if (!(unencrypted_password_s = getpass(PASSWORD_PROMPT))) { fprintf(stderr, _("getpass cannot open /dev/tty\n")); - exit(-1); + return 0; } - /* Use crypt() to encrypt user's input password. Clear the * - * unencrypted password as soon as we're done, so it is not * - * visible to memory snoopers. */ + /* Use crypt() to encrypt user's input password. */ encrypted_password_s = crypt(unencrypted_password_s, p_shadow_line->sp_pwdp); memset(unencrypted_password_s, 0, strlen(unencrypted_password_s)); - - /* Return 1 (authenticated) iff the encrypted version of the user's * - * input password matches the encrypted password stored in the * - * shadow password file. */ return (!strcmp(encrypted_password_s, p_shadow_line->sp_pwdp)); - -} /* authenticate_via_shadow_passwd() */ - +} #endif /* if/else USE_PAM */ -/* +/** * This function checks to see if the shell is known in /etc/shells. * If so, it returns 1. On error or illegal shell, it returns 0. */ @@ -317,7 +273,7 @@ int found = 0; const char *buf; - if (!shell_name) + if (! (shell_name && shell_name[0])) return found; while ((buf = getusershell()) != NULL) { @@ -335,71 +291,287 @@ return found; } -/* +/** + * Determine the Linux user identity to re-authenticate. + * If supported and set, use the login uid, as this should be more stable. + * Otherwise, use the real uid. + * + * This function assigns malloc'd memory into the pw_copy struct. + * Returns zero on success, non-zero otherwise + */ +int extract_pw_data(struct passwd *pw_copy) +{ + uid_t uid; + struct passwd *pw; + +#ifdef USE_AUDIT + uid = audit_getloginuid(); + if (uid == (uid_t) - 1) + uid = getuid(); +#else + uid = getuid(); +#endif + + setpwent(); + pw = getpwuid(uid); + endpwent(); + if (!(pw && pw->pw_name && pw->pw_name[0] && pw->pw_shell + && pw->pw_shell[0] && pw->pw_dir && pw->pw_dir[0])) { + fprintf(stderr, + _("cannot find valid entry in the passwd file.\n")); + return -1; + } + + *pw_copy = *pw; + pw = pw_copy; + pw->pw_name = strdup(pw->pw_name); + pw->pw_dir = strdup(pw->pw_dir); + pw->pw_shell = strdup(pw->pw_shell); + + if (! (pw->pw_name && pw->pw_dir && pw->pw_shell)) { + fprintf(stderr, _("Out of memory!\n")); + goto out_free; + } + + if (verify_shell(pw->pw_shell) == 0) { + fprintf(stderr, _("Error! Shell is not valid.\n")); + goto out_free; + } + return 0; + +out_free: + free(pw->pw_name); + free(pw->pw_dir); + free(pw->pw_shell); + return -1; +} + +/** + * Either restore the original environment, or set up a minimal one. + * + * The minimal environment contains: + * TERM, DISPLAY and XAUTHORITY - if they are set, preserve values + * HOME, SHELL, USER and LOGNAME - set to contents of /etc/passwd + * PATH - set to default value DEFAULT_PATH + * + * Returns zero on success, non-zero otherwise + */ +static int restore_environment(int preserve_environment, + char **old_environ, const struct passwd *pw) +{ + char const *term_env; + char const *display_env; + char const *xauthority_env; + char *term = NULL; /* temporary container */ + char *display = NULL; /* temporary container */ + char *xauthority = NULL; /* temporary container */ + int rc; + + environ = old_environ; + + if (preserve_environment) + return 0; + + term_env = getenv("TERM"); + display_env = getenv("DISPLAY"); + xauthority_env = getenv("XAUTHORITY"); + + /* Save the variable values we want */ + if (term_env) + term = strdup(term_env); + if (display_env) + display = strdup(display_env); + if (xauthority_env) + xauthority = strdup(xauthority_env); + if ((term_env && !term) || (display_env && !display) || + (xauthority_env && !xauthority)) { + rc = -1; + goto out; + } + + /* Construct a new environment */ + if ((rc = clearenv())) { + fprintf(stderr, _("Unable to clear environment\n")); + goto out; + } + + /* Restore that which we saved */ + if (term) + rc |= setenv("TERM", term, 1); + if (display) + rc |= setenv("DISPLAY", display, 1); + if (xauthority) + rc |= setenv("XAUTHORITY", xauthority, 1); + rc |= setenv("HOME", pw->pw_dir, 1); + rc |= setenv("SHELL", pw->pw_shell, 1); + rc |= setenv("USER", pw->pw_name, 1); + rc |= setenv("LOGNAME", pw->pw_name, 1); + rc |= setenv("PATH", DEFAULT_PATH, 1); +out: + free(term); + free(display); + free(xauthority); + return rc; +} + +/** * This function will drop the capabilities so that we are left * only with access to the audit system. If the user is root, we leave * the capabilities alone since they already should have access to the * audit netlink socket. + * + * Returns zero on success, non-zero otherwise */ -#ifdef LOG_AUDIT_PRIV -static void drop_capabilities(void) +#if defined(AUDIT_LOG_PRIV) && !defined(NAMESPACE_PRIV) +static int drop_capabilities(void) { + int rc = 0; + cap_t new_caps, tmp_caps; + cap_value_t cap_list[] = { CAP_AUDIT_WRITE }; + cap_value_t tmp_cap_list[] = { CAP_AUDIT_WRITE, CAP_SETUID }; uid_t uid = getuid(); - if (uid) { /* Non-root path */ - cap_t new_caps, tmp_caps; - cap_value_t cap_list[] = { CAP_AUDIT_WRITE }; - cap_value_t tmp_cap_list[] = { CAP_AUDIT_WRITE, CAP_SETUID }; + if (!uid) + return 0; + + /* Non-root caller, suid root path */ + new_caps = cap_init(); + tmp_caps = cap_init(); + if (!new_caps || !tmp_caps) { + fprintf(stderr, _("Error initing capabilities, aborting.\n")); + return -1; + } + rc |= cap_set_flag(new_caps, CAP_PERMITTED, 1, cap_list, CAP_SET); + rc |= cap_set_flag(new_caps, CAP_EFFECTIVE, 1, cap_list, CAP_SET); + rc |= cap_set_flag(tmp_caps, CAP_PERMITTED, 2, tmp_cap_list, CAP_SET); + rc |= cap_set_flag(tmp_caps, CAP_EFFECTIVE, 2, tmp_cap_list, CAP_SET); + if (rc) { + fprintf(stderr, _("Error setting capabilities, aborting\n")); + goto out; + } + + /* Keep capabilities across uid change */ + if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0)) { + fprintf(stderr, _("Error setting KEEPCAPS, aborting\n")); + rc = -1; + goto out; + } + + /* Does this temporary change really buy us much? */ + /* We should still have root's caps, so drop most capabilities now */ + if ((rc = cap_set_proc(tmp_caps))) { + fprintf(stderr, _("Error dropping capabilities, aborting\n")); + goto out; + } + + /* Change uid */ + if ((rc = setresuid(uid, uid, uid))) { + fprintf(stderr, _("Error changing uid, aborting.\n")); + goto out; + } + + /* Now get rid of this ability */ + if ((rc = prctl(PR_SET_KEEPCAPS, 0, 0, 0, 0) < 0)) { + fprintf(stderr, _("Error resetting KEEPCAPS, aborting\n")); + goto out; + } + + /* Finish dropping capabilities. */ + if ((rc = cap_set_proc(new_caps))) { + fprintf(stderr, + _("Error dropping SETUID capability, aborting\n")); + goto out; + } +out: + if (cap_free(tmp_caps) || cap_free(new_caps)) + fprintf(stderr, _("Error freeing caps\n")); + return rc; +} +#elif defined(NAMESPACE_PRIV) +/** + * This function will drop the capabilities so that we are left + * only with access to the audit system and the ability to raise + * CAP_SYS_ADMIN, CAP_DAC_OVERRIDE, CAP_FOWNER and CAP_CHOWN, + * before invoking pam_namespace. These capabilities are needed + * for performing bind mounts/unmounts and to create potential new + * instance directories with appropriate DAC attributes. If the + * user is root, we leave the capabilities alone since they already + * should have access to the audit netlink socket and should have + * the ability to create/mount/unmount instance directories. + * + * Returns zero on success, non-zero otherwise + */ +static int drop_capabilities(void) +{ + int rc = 0; + cap_t new_caps; + cap_value_t cap_list[] = { CAP_AUDIT_WRITE, CAP_SETUID, + CAP_SYS_ADMIN, CAP_FOWNER, CAP_CHOWN, + CAP_DAC_OVERRIDE }; + + if (!getuid()) + return 0; + + /* Non-root caller, suid root path */ >>> TRUNCATED FOR MAIL (1000 lines) <<<