On Tue, 2009-07-07 at 12:07 -0400, Christopher Pardy wrote:
> Currently any changes made to the policy which require committing a
> handle cause dontaudit rules to be disabled.
I think you mean "re-enable dontaudit rules even if they were previously
disabled."
> This is confusing, and frustrating for users who want to edit policy
> with dontaudit rules turned off. This patch allows semanage to
> remember the last state of the dontaudit rules and apply them as
> default whenever a handle is connected. Additionally other functions
> may check for the file semanage creates to determine if dontaudit
> rules are turned on.
Just to be clear: anything outside of libsemanage must use
semanage_get_disable_dontaudit() to test for the flag, not directly test
for the existence of the file, as the policy store is private to
libsemanage.
> This knowledge can be useful for tools like SETroubleshoot which may
> want to change their behavior depending on the state of the dontaudit
> rules. In the event that a the file cannot be created a call to commit
> will fail.
>
> Signed-off-by: Christopher Pardy <cpardy@xxxxxxxxxx>
>
> ---
> libsemanage/include/semanage/handle.h | 8 +++++++-
> libsemanage/src/direct_api.c | 27 +++++++++++++++++++++++++--
> libsemanage/src/handle.c | 9 ++++++++-
> libsemanage/src/libsemanage.map | 2 +-
> libsemanage/src/semanage_store.c | 1 +
> libsemanage/src/semanage_store.h | 1 +
> 6 files changed, 43 insertions(+), 5 deletions(-)
>
>
> diff -urpN selinux.orig2/libsemanage/include/semanage/handle.h selinux.orig3/libsemanage/include/semanage/handle.h
> --- selinux.orig2/libsemanage/include/semanage/handle.h 2009-07-01 21:15:17.224235939 -0400
> +++ selinux.orig3/libsemanage/include/semanage/handle.h 2009-07-07 09:37:35.888570766 -0400
> @@ -69,7 +69,13 @@ void semanage_set_rebuild(semanage_handl
> * 1 for yes, 0 for no (default) */
> void semanage_set_create_store(semanage_handle_t * handle, int create_store);
>
> -/* Set whether or not to disable dontaudits upon commit */
> +/*Get whether or not to dontaudits will be disabled upon commit */
> +int semanage_get_disable_dontaudit(semanage_handle_t * handle);
> +
> +/* Set whether or not to disable dontaudits upon commit
> + * Sets errno to 0 if successful. Otherwise sets errno
> + * to any of the errors specified by fopen,fclose, or remove.
The errno discussion is no longer relevant here and can be removed.
> + */
> void semanage_set_disable_dontaudit(semanage_handle_t * handle, int disable_dontaudit);
>
> /* Check whether policy is managed via libsemanage on this system.
> diff -urpN selinux.orig2/libsemanage/src/direct_api.c selinux.orig3/libsemanage/src/direct_api.c
> --- selinux.orig2/libsemanage/src/direct_api.c 2009-07-01 21:15:17.264236347 -0400
> +++ selinux.orig3/libsemanage/src/direct_api.c 2009-07-07 12:00:22.111349550 -0400
> @@ -641,11 +650,11 @@ static int semanage_direct_update_seuser
> * Returns commit number on success, -1 on error.
> */
> static int semanage_direct_commit(semanage_handle_t * sh)
> -{
> +{
Extraneous whitespace. Try using checkpatch.pl.
> @@ -669,6 +678,20 @@ static int semanage_direct_commit(semana
> dbase_config_t *pfcontexts = semanage_fcontext_dbase_policy(sh);
> dbase_config_t *seusers = semanage_seuser_dbase_local(sh);
>
> + /* Immediently create the disable_dontaudit flag */
> + path = semanage_fname(SEMANAGE_DISABLE_DONTAUDIT);
> + if (sepol_get_disable_dontaudit(sh->sepolh) == 1) {
> + FILE *touch;
> + touch = fopen(path,"w");
> + if (touch != NULL)
> + if(fclose(touch) != 0)
> + goto cleanup;
> + else
> + goto cleanup;
I think we still want an ERR() call here to let us know why it failed.
> + } else
> + if (remove(path) == -1 && errno != ENOENT)
> + goto cleanup;
And likewise here.
Otherwise, looks good to me.
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
