On 1/24/08 11:48 AM, "Bill Nottingham" <notting@xxxxxxxxxx> wrote:
> Peter Jones (pjones@xxxxxxxxxx) said:
>> int loadPolicyCommand(char *cmd, char *end)
>> {
>> int enforce = 0;
>> int rootfd;
>>
>> rootfd = open("/", O_DIRECTORY|O_RDONLY);
>> if (rootfd < 0) {
>> eprintf("loadpolicy: could not open directory: %m\n");
>> exit(1);
>> }
>> if (chroot("/sysroot") != 0) {
>> eprintf("loadpolicy: chroot failed: %m\n");
>> exit(1);
>> }
>> if (selinux_init_policy(&enforce) != 0) {
>> eprintf("Unable to load SELinux policy (%m). Halting now.\n");
>> exit(1);
>> }
>
> selinux_init_load_policy is what handles enforcing=0/selinux=0 on the
> commandline - you only want to halt if you get back that it failed
> and you're in enforcing mode. (Similarly, not sure if chdir/chroot
> should be fatal errors.)
>
A good point. I handle this (in my script from the other post) by only dying
if the return code is 3 (meaning we're supposed to be enforcing and loading
policy failed). I didn't consider all the error conditions due to chroot
itself. I believe the list of return codes to consider (thanks to Steve) is:
chroot:
0 success
1 (various failures, including usage, failure to chroot, failure to
chdir)
126 (any failure on exec except for ENOENT)
127 (ENOENT on the exec, i.e. couldn't find load_policy)
load_policy -i:
0 success
1 usage
2 can't load policy but proceed
3 can't load policy and die
The security guy in me says die on ay return value besides 0 or 2, but
that's probably too draconian. At the very least, we should continue on 127
(if load_policy is not installed).
Thoughts?
Thanks,
Chad
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
