Re: [RFC PATCH] libsemanage: Do not change file context when copying files

Stephen Smalley <stephen.smalley.work@xxxxxxxxx> · Fri, 12 Jul 2024 08:14:25 -0400



On Fri, Jul 12, 2024 at 5:36 AM Christian Göttsche
<cgzones@xxxxxxxxxxxxxx> wrote:
>
> On Thu, 11 Jul 2024 at 16:53, Vit Mojzis <vmojzis@xxxxxxxxxx> wrote:
> >
> > Issue:
> >   # semodule -B
> >   # ls -lZ  /etc/selinux/targeted/contexts/files
> >
> > -rw-r--r--. 1 root root unconfined_u:object_r:file_context_t:s0 421397 Jul 11 09:57 file_contexts
> > -rw-r--r--. 1 root root unconfined_u:object_r:file_context_t:s0 593470 Jul 11 09:57 file_contexts.bin
> > -rw-r--r--. 1 root root unconfined_u:object_r:file_context_t:s0  14704 Jul 11 09:57 file_contexts.homedirs
> > -rw-r--r--. 1 root root unconfined_u:object_r:file_context_t:s0  20289 Jul 11 09:57 file_contexts.homedirs.bin
> >
> >   SELinux user changed from system_u to the user used to execute semodule
> >
> > Signed-off-by: Vit Mojzis <vmojzis@xxxxxxxxxx>
> > ---
> >  libsemanage/src/semanage_store.c | 24 +++++++++++++++++++++++-
> >  libsemanage/src/semanage_store.h |  1 +
> >  2 files changed, 24 insertions(+), 1 deletion(-)
> >
> > diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c
> > index 27c5d349..694c1519 100644
> > --- a/libsemanage/src/semanage_store.c
> > +++ b/libsemanage/src/semanage_store.c
> > @@ -731,7 +731,9 @@ int semanage_copy_file(const char *src, const char *dst, mode_t mode,
> >
> >         if (!mode)
> >                 mode = S_IRUSR | S_IWUSR;
> > -
> > +
> > +       semanage_setfscreatecon(src);
> > +
> >         mask = umask(0);
> >         if ((out = open(tmp, O_WRONLY | O_CREAT | O_TRUNC, mode)) == -1) {
>
> The setfscreatecon context should be reset directly after the creating
> syscall (also in the failure case), e.g. via
>
> void semanage_reset_setfscreatecon(void) {
>     int saved_errno = errno;
>     setfscreatecon_raw(NULL);
>     errno = saved_errno;
> }

Yes, agreed if you retain this approach instead of just using
name-based type transitions to label these files automatically.
Other options in addition to name-based type transitions:
- Call selinux_restorecon(3) after creating to label in accordance
with file_contexts configuration, OR
- Use selabel_lookup(3) prior to creating to obtain the correct label
rather than relying on the source label as authoritative.