Re: [PATCH] libsemanage: set selinux policy root to match semanage root or storename

Nicolas Iooss <nicolas.iooss@xxxxxxx> · Wed, 7 Nov 2018 21:45:00 +0100

On Tue, Nov 6, 2018 at 8:18 PM Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
>
> As reported in #109, semodule -p /path/to/policyroot -s minimum -n -B
> tries to use /etc/selinux/targeted/booleans.subs_dist.  This is because
> it invokes the libselinux selinux_boolean_sub() interface, which uses
> the active/installed policy files rather than the libsemanage ones.
>
> To fix, we need to set the selinux policy root when either the semanage
> root or the semanage storename is set.  When setting the semanage root,
> we need to prepend the semanage root to the selinux policy root.  When
> setting the semanage storename, we need to replace the last component
> of the selinux policy root with the new storename.
>
> Test:
> strace semodule -p ~/policy-root -s minimum -n -B
>
> Before:
> openat(AT_FDCWD, "/etc/selinux/targeted/booleans.subs_dist", O_RDONLY|O_CLOEXEC) = 5
>
> After:
> openat(AT_FDCWD, "/home/sds/policy-root/etc/selinux/minimum/booleans.subs_dist", O_RDONLY|O_CLOEXEC) = 5
>
> Fixes https://github.com/SELinuxProject/selinux/issues/109
>
> Signed-off-by: Stephen Smalley <sds@xxxxxxxxxxxxx>
> ---
>  libsemanage/src/handle.c | 29 ++++++++++++++++++++++++++++-
>  1 file changed, 28 insertions(+), 1 deletion(-)
>
> diff --git a/libsemanage/src/handle.c b/libsemanage/src/handle.c
> index a6567bd4..c163e553 100644
> --- a/libsemanage/src/handle.c
> +++ b/libsemanage/src/handle.c
> @@ -43,8 +43,21 @@ static char *private_semanage_root = NULL;
>
>  int semanage_set_root(const char *root)
>  {
> +       char *new_selinux_root = NULL;
> +
> +       asprintf(&new_selinux_root, "%s%s", root, selinux_policy_root());
> +       if (!new_selinux_root)
> +               return -1;

https://travis-ci.org/SELinuxProject/selinux/builds/451528669 failed
because the return value of asprintf needs to be checked instead of
new_selinux_root. http://man7.org/linux/man-pages/man3/asprintf.3.html
states:

    If memory allocation wasn't possible, or some other error occurs,
these functions will return -1, and the contents of strp are
undefined.

[...]

> +
> +       char *newroot = NULL;
> +       asprintf(&newroot, "%s%s", root, storename);
> +       assert(newroot);

Same here.

Nicolas