Hi,
There was a brown paper bag bug in my use of matchpathcon; I
was looking for the security context of the temporary file, not the
final destination, and these can be very different. The relevant fix
is in [EMAIL PROTECTED]/dpkg--selinux--1.13, and
relative to the previous patch is:
----------------------------------------------------------------------
--- orig/src/archives.c
+++ mod/src/archives.c
@@ -540,7 +540,7 @@
* or if it has no context; in which case the default
* context shall be applied.
*/
- if( ! ((matchpathcon(fnamenewvb.buf,
+ if( ! ((matchpathcon(fnamevb.buf,
(nifd->namenode->statoverride ?
nifd->namenode->statoverride->mode : ti->Mode)
& ~S_IFMT, &scontext) != 0) ||
----------------------------------------------------------------------
However, I am also attaching the full patch, corrected with
the above fix, below.
manoj
* looking for [EMAIL PROTECTED]/dpkg--devel--1.13--patch-43 to compare with
tla library-add --sparse [EMAIL PROTECTED]/dpkg--devel--1.13--patch-43
* comparing to [EMAIL PROTECTED]/dpkg--devel--1.13--patch-43: ................................................. done.
* modified files
--- orig/ChangeLog
+++ mod/ChangeLog
@@ -1,3 +1,23 @@
+2005-06-28 Manoj Srivastava <[EMAIL PROTECTED]>
+
+ * src/archives.c:
+ [EMAIL PROTECTED]/dpkg--selinux--1.13--patch-4
+ Get security context for the final path fnamevb.buf, not
+ the temporary path fnamenewvb.buf
+
+2005-06-18 Manoj Srivastava <[EMAIL PROTECTED]>
+
+ * src/archives.c: Include selinux/selinux.h if WITH_SELINUX is
+ defined. Before extracting the tar object, find out the initial
+ security context for the object to be extracted, as per the
+ local security policy, using matchpathcon(), and set the default
+ security context for the process using
+ setfscreatecon(). After this we proceed to process the
+ tarobject normally, setting owner and permissions, and
+ renaming it from foo.dpkg-new to foo. After that, we
+ step back in, and restore the default security context.
+
+
2005-06-15 Bastian Kleineidam <[EMAIL PROTECTED]>
* man/C/dpkg.cfg.5: Correct reference to dpkg(8) to dpkg(1).
--- orig/debian/changelog
+++ mod/debian/changelog
@@ -11,6 +11,14 @@
- Added missing word to dpkg-architecture manpage. Closes: #313554.
- Reference to dpkg manpage in dpkg.cfg corrected. Closes: #314262.
+ SELinux support (Manoj Srivastava):
+ * Also patch src/archive.c, which is the code that is actually
+ called. Use a slightly different method than what we used in
+ lib/star.c -- here we temporarily set the default security context of
+ the process to the one required to create the file being unpacked in
+ the proper initial context, and then restore the policy defined
+ default after unpacking and renaming.
+
--
dpkg (1.13.9) unstable; urgency=low
--- orig/src/archives.c
+++ mod/src/archives.c
@@ -43,6 +43,12 @@
#include <tarfn.h>
#include <myopt.h>
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+static int selinux_enabled=-1;
+static security_context_t scontext = NULL;
+#endif
+
#include "filesdb.h"
#include "main.h"
#include "archives.h"
@@ -515,6 +521,38 @@
*/
push_cleanup(cu_installnew,~ehflag_normaltidy, 0,0, 1,(void*)nifd);
+#ifdef WITH_SELINUX
+ /* Set selinux_enabled if it is not already set (singleton) */
+ if (selinux_enabled < 0)
+ selinux_enabled = (is_selinux_enabled() > 0);
+
+ /* Since selinux is enabled, try and set the context */
+ if (selinux_enabled == 1) {
+ /*
+ * well, we could use
+ * void set_matchpathcon_printf(void (*f)(const char *fmt, ...));
+ * to redirect the errors from the following bit, but that
+ * seems too much effort.
+ */
+
+ /*
+ * Do nothing if we can't figure out what the context is,
+ * or if it has no context; in which case the default
+ * context shall be applied.
+ */
+ if( ! ((matchpathcon(fnamevb.buf,
+ (nifd->namenode->statoverride ?
+ nifd->namenode->statoverride->mode : ti->Mode)
+ & ~S_IFMT, &scontext) != 0) ||
+ (strcmp(scontext, "<<none>>") == 0)))
+ {
+ if(setfscreatecon(scontext) < 0)
+ perror("Error setting security context for file object:");
+ }
+ }
+#endif /* WITH_SELINUX */
+
+
/* Extract whatever it is as .dpkg-new ... */
switch (ti->Type) {
case NormalFile0: case NormalFile1:
@@ -655,9 +693,34 @@
}
}
+#ifdef WITH_SELINUX
+ /*
+ * if selinux is enabled, try and set the defaule security context
+ * for the renamed file
+ */
+ if (selinux_enabled == 1)
+ if(scontext)
+ {
+ if(setfscreatecon(scontext) < 0)
+ perror("Error setting security context for next file object:");
+ freecon(scontext);
+ }
+
+#endif /* WITH_SELINUX */
+
if (rename(fnamenewvb.buf,fnamevb.buf))
ohshite(_("unable to install new version of `%.255s'"),ti->Name);
+#ifdef WITH_SELINUX
+ /*
+ * if selinux is enabled, restore the default security context
+ */
+ if (selinux_enabled == 1)
+ if(setfscreatecon(NULL) < 0)
+ perror("Error restoring default security context:");
+#endif /* WITH_SELINUX */
+
+
nifd->namenode->flags |= fnnf_elide_other_lists;
debug(dbg_eachfiledetail,"tarobject done and installed");
--
Friction is a drag.
Manoj Srivastava <[EMAIL PROTECTED]> <http://www.datasync.com/%7Esrivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
