Re: [PATCH] libsemanage: Allow tmp files to be kept if a compile fails

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, Jan 15, 2018 at 07:46:27AM -0800, William Roberts wrote:
> On Sun, Jan 14, 2018 at 7:34 AM, Richard Haines
> <richard_c_haines@xxxxxxxxxxxxxx> wrote:
> > Add new option to semanage.conf that allows the tmp build files
> > to be kept for debugging when building policy.
> 
> How do people know where the tmp files are, does something print it out or is it
> documented in a manpage somewhere?

I usually see them when I try to load a module with some problem, e.g.

# semodule -i myconfined10.cil   
neverallow check failed at /var/lib/selinux/targeted/tmp/modules/100/base/cil:13249
...


 
> >
> > Signed-off-by: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
> > ---
> >  libsemanage/man/man5/semanage.conf.5 |  8 ++++++++
> >  libsemanage/src/conf-parse.y         | 15 ++++++++++++++-
> >  libsemanage/src/conf-scan.l          |  1 +
> >  libsemanage/src/direct_api.c         | 21 ++++++++++++---------
> >  libsemanage/src/semanage_conf.h      |  1 +
> >  5 files changed, 36 insertions(+), 10 deletions(-)
> >
> > diff --git a/libsemanage/man/man5/semanage.conf.5 b/libsemanage/man/man5/semanage.conf.5
> > index 8f8de55a..10cab65a 100644
> > --- a/libsemanage/man/man5/semanage.conf.5
> > +++ b/libsemanage/man/man5/semanage.conf.5
> > @@ -121,6 +121,14 @@ and by default it is set to "false".
> >  Please note that since this option deletes all HLL files, an updated HLL compiler will not be able to recompile the original HLL file into CIL.
> >  In order to compile the original HLL file into CIL, the same HLL file will need to be reinstalled.
> >
> > +.TP
> > +.B retain-tmp
> > +When set to "true", tmp directories (the sandbox at \fBstore-root/\fR[\fIpolicy-store\fR]\fB/tmp \fRand/or the final policy at \fBstore-root/final/\fR[\fIpolicy-store\fR]) will be retained after compilation to allow debugging of any build errors. Note that on a successful build the sandbox becomes \fBstore-root/\fR[\fIpolicy-store\fR]\fB/active\fR.
> > +.br
> > +The
> > +.B retain-tmp
> > +option can be set to either "true" or "false" and by default it is set to "false".
> > +
> >  .SH "SEE ALSO"
> >  .TP
> >  semanage(8)
> > diff --git a/libsemanage/src/conf-parse.y b/libsemanage/src/conf-parse.y
> > index b527e893..f098e55d 100644
> > --- a/libsemanage/src/conf-parse.y
> > +++ b/libsemanage/src/conf-parse.y
> > @@ -61,7 +61,7 @@ static int parse_errors;
> >
> >  %token MODULE_STORE VERSION EXPAND_CHECK FILE_MODE SAVE_PREVIOUS SAVE_LINKED TARGET_PLATFORM COMPILER_DIR IGNORE_MODULE_CACHE STORE_ROOT
> >  %token LOAD_POLICY_START SETFILES_START SEFCONTEXT_COMPILE_START DISABLE_GENHOMEDIRCON HANDLE_UNKNOWN USEPASSWD IGNOREDIRS
> > -%token BZIP_BLOCKSIZE BZIP_SMALL REMOVE_HLL
> > +%token BZIP_BLOCKSIZE BZIP_SMALL REMOVE_HLL RETAIN_TMP
> >  %token VERIFY_MOD_START VERIFY_LINKED_START VERIFY_KERNEL_START BLOCK_END
> >  %token PROG_PATH PROG_ARGS
> >  %token <s> ARG
> > @@ -95,6 +95,7 @@ single_opt:     module_store
> >         |       bzip_blocksize
> >         |       bzip_small
> >         |       remove_hll
> > +       |       retain_tmp
> >          ;
> >
> >  module_store:   MODULE_STORE '=' ARG {
> > @@ -268,6 +269,17 @@ remove_hll:  REMOVE_HLL'=' ARG {
> >         free($3);
> >  }
> >
> > +retain_tmp:  RETAIN_TMP'=' ARG {
> > +       if (strcasecmp($3, "false") == 0) {
> > +               current_conf->retain_tmp = 0;
> > +       } else if (strcasecmp($3, "true") == 0) {
> > +               current_conf->retain_tmp = 1;
> > +       } else {
> > +               yyerror("retain-tmp can only be 'true' or 'false'");
> > +       }
> > +       free($3);
> > +}
> > +
> >  command_block:
> >                  command_start external_opts BLOCK_END  {
> >                          if (new_external->path == NULL) {
> > @@ -352,6 +364,7 @@ static int semanage_conf_init(semanage_conf_t * conf)
> >         conf->bzip_small = 0;
> >         conf->ignore_module_cache = 0;
> >         conf->remove_hll = 0;
> > +       conf->retain_tmp = 0;
> >
> >         conf->save_previous = 0;
> >         conf->save_linked = 0;
> > diff --git a/libsemanage/src/conf-scan.l b/libsemanage/src/conf-scan.l
> > index 607bbf0b..e26c3494 100644
> > --- a/libsemanage/src/conf-scan.l
> > +++ b/libsemanage/src/conf-scan.l
> > @@ -54,6 +54,7 @@ handle-unknown    return HANDLE_UNKNOWN;
> >  bzip-blocksize return BZIP_BLOCKSIZE;
> >  bzip-small     return BZIP_SMALL;
> >  remove-hll     return REMOVE_HLL;
> > +retain-tmp     return RETAIN_TMP;
> >  "[load_policy]"   return LOAD_POLICY_START;
> >  "[setfiles]"      return SETFILES_START;
> >  "[sefcontext_compile]"      return SEFCONTEXT_COMPILE_START;
> > diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
> > index a455612f..5d2a443c 100644
> > --- a/libsemanage/src/direct_api.c
> > +++ b/libsemanage/src/direct_api.c
> > @@ -326,7 +326,10 @@ static void semanage_direct_destroy(semanage_handle_t * sh
> >  static int semanage_direct_disconnect(semanage_handle_t * sh)
> >  {
> >         /* destroy transaction */
> > -       if (sh->is_in_transaction) {
> > +       if (sh->is_in_transaction)
> > +               semanage_release_trans_lock(sh);
> > +
> > +       if (!sh->conf->retain_tmp && sh->is_in_transaction) {
> >                 /* destroy sandbox */
> >                 if (semanage_remove_directory
> >                     (semanage_path(SEMANAGE_TMP, SEMANAGE_TOPLEVEL)) < 0) {
> > @@ -342,7 +345,6 @@ static int semanage_direct_disconnect(semanage_handle_t * sh)
> >                                                 SEMANAGE_FINAL_TOPLEVEL));
> >                         return -1;
> >                 }
> > -               semanage_release_trans_lock(sh);
> >         }
> >
> >         /* Release object databases: local modifications */
> > @@ -1639,13 +1641,14 @@ cleanup:
> >
> >         free(fc_buffer);
> >
> > -       /* regardless if the commit was successful or not, remove the
> > -          sandbox if it is still there */
> > -       semanage_remove_directory(semanage_path
> > -                                 (SEMANAGE_TMP, SEMANAGE_TOPLEVEL));
> > -       semanage_remove_directory(semanage_final_path
> > -                                 (SEMANAGE_FINAL_TMP,
> > -                                  SEMANAGE_FINAL_TOPLEVEL));
> > +       /* Delete sandbox unless requested by semanage.conf */
> > +       if (!sh->conf->retain_tmp) {
> > +               semanage_remove_directory(semanage_path
> > +                                         (SEMANAGE_TMP, SEMANAGE_TOPLEVEL));
> > +               semanage_remove_directory(semanage_final_path
> > +                                         (SEMANAGE_FINAL_TMP,
> > +                                          SEMANAGE_FINAL_TOPLEVEL));
> > +       }
> >         umask(mask);
> >
> >         return retval;
> > diff --git a/libsemanage/src/semanage_conf.h b/libsemanage/src/semanage_conf.h
> > index c99ac8c7..f7bba754 100644
> > --- a/libsemanage/src/semanage_conf.h
> > +++ b/libsemanage/src/semanage_conf.h
> > @@ -46,6 +46,7 @@ typedef struct semanage_conf {
> >         int bzip_blocksize;
> >         int bzip_small;
> >         int remove_hll;
> > +       int retain_tmp;
> >         int ignore_module_cache;
> >         char *ignoredirs;       /* ";" separated of list for genhomedircon to ignore */
> >         struct external_prog *load_policy;
> > --
> > 2.14.3
> >
> >
> 
> 
> 
> -- 
> Respectfully,
> 
> William C Roberts
> 
>

Attachment: signature.asc
Description: PGP signature

[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux