On Tue, 2009-07-07 at 08:47 -0400, Christopher Pardy wrote:
> On 07/07/2009 07:45 AM, Stephen Smalley wrote:
> > On Mon, 2009-07-06 at 15:30 -0400, Stephen Smalley wrote:
> >> On Mon, 2009-07-06 at 15:10 -0400, Christopher Pardy wrote:
> >>> Currently any changes made to the policy which require committing a handle cause dontaudit rules to be disabled. This is confusing, and frustrating for users who want to edit policy with dontaudit rules turned off. This patch allows semanage to remember the last state of the dontaudit rules and apply them as default whenever a handle is created. Additionally other functions may check for the file semanage creates to determine if dontaudit rules are turned on. This knowledge can be useful for tools like SETroubleshoot which may want to change their behavior depending on the state of the dontaudit rules.
> >>>
> >>> Stephen Smalley: No longer attempt to create or destroy the file in the handle create, all store functionality has been moved to direct_api.c all functions now use sepol versions. The reason for needing to create the file in the commit statement is because changes to the flag in sepol directly may be reflected in the commited policy but not the flags.
> >>>
> >>> Signed-off-by: Christopher Pardy <cpardy@xxxxxxxxxx>
> >>>
> >>> ---
> >>> libsemanage/include/semanage/handle.h | 3 +++
> >>> libsemanage/src/direct_api.c | 33 +++++++++++++++++++++++++++++++++
> >>> libsemanage/src/direct_api.h | 4 ++++
> >>> libsemanage/src/handle.c | 19 +++++++++++++++++--
> >>> libsemanage/src/libsemanage.map | 2 +-
> >>> libsemanage/src/semanage_store.c | 1 +
> >>> libsemanage/src/semanage_store.h | 1 +
> >>> 7 files changed, 60 insertions(+), 3 deletions(-)
> >
> >>> +{
> >>> + const char *path;
> >>> +
> >>> + path = semanage_fname(SEMANAGE_DISABLE_DONTAUDIT);
> >>> + if(setting == 1){
> >>> + FILE *touch;
> >>> + touch = fopen(path,"w");
> >> I suspect we want to log an ERR() if this fails.
> >
> > Actually, I think we want to not only log an error (via ERR) but also
> > return an error to the caller (i.e. the function needs to return an
> > error status) so that we can ultimately indicate to semodule that
> > semodule -DB or semodule -B failed.
> >
> >>> + if (touch != NULL)
> >>> + fclose(touch);
> >>> + }else
> >>> + remove(path);
> >> Ditto.
> >
> If we're returning an error to the user should we also revert the
> disable dontaudit flag? IE. making the change of the flag and file
> creation atomic?
Oh, wait - sorry, we can't return an error to the user because the
existing semanage_set_disable_dontaudit() interface is void and we can't
change that without breaking the ABI. So I guess we're limited to
logging an error there with ERR().
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
