On Mon, Feb 28, 2022 at 3:22 PM James Carter <jwcart2@xxxxxxxxx> wrote:
>
> On Thu, Feb 17, 2022 at 1:24 PM Vit Mojzis <vmojzis@xxxxxxxxxx> wrote:
> >
> > Spaces before values in /etc/selinux/config should be ignored just as
> > spaces after them are.
> >
> > E.g. "SELINUXTYPE= targeted" should be a valid value.
> >
> > Fixes:
> > # sed -i 's/^SELINUXTYPE=/SELINUXTYPE= /g' /etc/selinux/config
> > # dnf install <any_package>
> > ...
> > RPM: error: selabel_open: (/etc/selinux/ targeted/contexts/files/file_contexts) No such file or directory
> > RPM: error: Plugin selinux: hook tsm_pre failed
> > ...
> > Error: Could not run transaction.
> >
> > Signed-off-by: Vit Mojzis <vmojzis@xxxxxxxxxx>
>
> Acked-by: James Carter <jwcart2@xxxxxxxxx>
>
Merged.
Thanks,
Jim
> > ---
> >
> > Sorry for the delay. I sent the fixed patch to a wrong mailing list.
> >
> > libselinux/src/selinux_config.c | 17 +++++++++++++----
> > 1 file changed, 13 insertions(+), 4 deletions(-)
> >
> > diff --git a/libselinux/src/selinux_config.c b/libselinux/src/selinux_config.c
> > index 97f81a8b..d2e49ee1 100644
> > --- a/libselinux/src/selinux_config.c
> > +++ b/libselinux/src/selinux_config.c
> > @@ -92,6 +92,7 @@ int selinux_getenforcemode(int *enforce)
> > FILE *cfg = fopen(SELINUXCONFIG, "re");
> > if (cfg) {
> > char *buf;
> > + char *tag;
> > int len = sizeof(SELINUXTAG) - 1;
> > buf = malloc(selinux_page_size);
> > if (!buf) {
> > @@ -101,21 +102,24 @@ int selinux_getenforcemode(int *enforce)
> > while (fgets_unlocked(buf, selinux_page_size, cfg)) {
> > if (strncmp(buf, SELINUXTAG, len))
> > continue;
> > + tag = buf+len;
> > + while (isspace(*tag))
> > + tag++;
> > if (!strncasecmp
> > - (buf + len, "enforcing", sizeof("enforcing") - 1)) {
> > + (tag, "enforcing", sizeof("enforcing") - 1)) {
> > *enforce = 1;
> > ret = 0;
> > break;
> > } else
> > if (!strncasecmp
> > - (buf + len, "permissive",
> > + (tag, "permissive",
> > sizeof("permissive") - 1)) {
> > *enforce = 0;
> > ret = 0;
> > break;
> > } else
> > if (!strncasecmp
> > - (buf + len, "disabled",
> > + (tag, "disabled",
> > sizeof("disabled") - 1)) {
> > *enforce = -1;
> > ret = 0;
> > @@ -176,7 +180,10 @@ static void init_selinux_config(void)
> >
> > if (!strncasecmp(buf_p, SELINUXTYPETAG,
> > sizeof(SELINUXTYPETAG) - 1)) {
> > - type = strdup(buf_p + sizeof(SELINUXTYPETAG) - 1);
> > + buf_p += sizeof(SELINUXTYPETAG) - 1;
> > + while (isspace(*buf_p))
> > + buf_p++;
> > + type = strdup(buf_p);
> > if (!type) {
> > free(line_buf);
> > fclose(fp);
> > @@ -199,6 +206,8 @@ static void init_selinux_config(void)
> > } else if (!strncmp(buf_p, REQUIRESEUSERS,
> > sizeof(REQUIRESEUSERS) - 1)) {
> > value = buf_p + sizeof(REQUIRESEUSERS) - 1;
> > + while (isspace(*value))
> > + value++;
> > intptr = &require_seusers;
> > } else {
> > continue;
> > --
> > 2.30.2
> >
