PERFORCE change 113511 for review

Todd Miller millert at FreeBSD.org
Thu Jan 25 15:19:11 UTC 2007


http://perforce.freebsd.org/chv.cgi?CH=113511

Change 113511 by millert at millert_macbook on 2007/01/25 15:18:19

	Update to policycoreutils-1.34.1 from the NSA web site.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/ChangeLog#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/VERSION#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/audit2allow/Makefile#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/audit2allow/audit2allow#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/audit2allow/audit2allow.1#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/audit2allow/avc.py#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/load_policy/load_policy.8#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/load_policy/load_policy.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/newrole/Makefile#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/newrole/newrole-lspp.pamd#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/newrole/newrole.1#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/newrole/newrole.c#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/Makefile#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/POTFILES.in#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/af.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/am.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/ar.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/as.po#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/be.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/bg.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/bn.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/bn_IN.po#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/ca.po#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/cs.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/cy.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/da.po#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/de.po#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/el.po#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/en_GB.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/es.po#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/et.po#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/eu_ES.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/fa.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/fi.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/fr.po#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/gl.po#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/gu.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/he.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/hi.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/hr.po#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/hu.po#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/hy.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/id.po#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/is.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/it.po#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/ja.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/ka.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/kn.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/ko.po#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/ku.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/lo.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/lt.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/lv.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/mk.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/ml.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/mr.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/ms.po#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/my.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/nb.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/nl.po#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/nn.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/no.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/nso.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/or.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/pa.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/pl.po#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/policycoreutils.pot#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/pt.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/pt_BR.po#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/ro.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/ru.po#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/si.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/sk.po#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/sl.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/sq.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/sr%40Latn.po#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/sr.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/sv.po#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/ta.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/te.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/th.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/tr.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/uk.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/ur.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/vi.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/zh_CN.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/zh_TW.po#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/po/zu.po#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/restorecon/restorecon.8#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/restorecond/restorecond.8#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/restorecond/restorecond.conf#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/run_init/run_init.8#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/run_init/run_init.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/scripts/chcat.8#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/scripts/fixfiles#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/scripts/fixfiles.8#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/scripts/genhomedircon#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/scripts/genhomedircon.8#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/secon/secon.1#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/semanage/Makefile#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/semanage/semanage#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/semanage/semanage.8#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/semanage/seobject.py#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/semodule/semodule.8#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/semodule/semodule.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/semodule_deps/semodule_deps.8#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/semodule_expand/semodule_expand.8#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/setfiles/setfiles.8#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/setsebool/setsebool.c#3 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/ChangeLog#5 (text+ko) ====

@@ -1,3 +1,74 @@
+1.34.1 2007-01-22
+	* Fixed newrole non-pam build.
+
+1.34.0 2007-01-18
+	* Updated version for stable branch.
+
+1.33.16 2007-01-18
+	* Merged po file updates from Dan Walsh.
+	* Removed update-po from all target in po/Makefile.
+
+1.33.15 2007-01-17
+	* Merged unicode-to-string fix for seobject audit from Dan Walsh.
+	* Merged man page updates to make "apropos selinux" work from Dan Walsh.
+
+1.33.14 2007-01-16
+	* Merged newrole man page patch from Michael Thompson.
+
+1.33.13 2007-01-16
+	* Merged patch to fix python unicode problem from Dan Walsh.
+	
+1.33.12 2007-01-11
+	* Merged newrole securetty check from Dan Walsh.
+	* Merged semodule patch to generalize list support from Karl MacMillan.
+
+1.33.11 2007-01-09
+	* Merged fixfiles and seobject fixes from Dan Walsh.
+	* Merged semodule support for list of modules after -i from Karl MacMillan. 
+
+1.33.10 2007-01-08
+	* Merged patch to correctly handle a failure during semanage handle
+	  creation from Karl MacMillan.
+
+1.33.9 2007-01-05
+	* Merged patch to fix seobject role modification from Dan Walsh.
+
+1.33.8 2007-01-04
+	* Merged patches from Dan Walsh to:
+	  - omit the optional name from audit2allow
+	  - use the installed python version in the Makefiles
+	  - re-open the tty with O_RDWR in newrole
+
+1.33.7 2007-01-03
+	* Patch from Dan Walsh to correctly suppress warnings in load_policy.
+	
+1.33.6 2006-11-29
+	* Patch from Dan Walsh to add an pam_acct_msg call to run_init
+	* Patch from Dan Walsh to fix error code returns in newrole
+	* Patch from Dan Walsh to remove verbose flag from semanage man page
+	* Patch from Dan Walsh to make audit2allow use refpolicy Makefile
+	  in /usr/share/selinux/<SELINUXTYPE>
+
+1.33.5 2006-11-27
+	* Merged patch from Michael C Thompson to clean up genhomedircon
+	  error handling.
+1.33.4 2006-11-21
+	* Merged po file updates from Dan Walsh.
+
+1.33.3 2006-11-21
+	* Merged setsebool patch from Karl MacMillan. 
+	  This fixes a bug reported by Yuichi Nakamura with
+	  always setting booleans persistently on an unmanaged system.
+
+1.33.2 2006-11-20
+	* Merged patch from Dan Walsh (via Karl MacMillan):
+	  * Added newrole audit message on login failure
+	  * Add /var/log/wtmp to restorecond.conf watch list
+	  * Fix genhomedircon, semanage, semodule_expand man pages.
+	
+1.33.1 2006-11-13
+	* Merged newrole patch set from Michael Thompson.
+
 1.32 2006-10-17
 	* Updated version for release.
 

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/VERSION#5 (text+ko) ====

@@ -1,1 +1,1 @@
-1.32
+1.34.1

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/audit2allow/Makefile#4 (text+ko) ====

@@ -6,8 +6,8 @@
 LIBDIR = $(PREFIX)/lib
 MANDIR = $(PREFIX)/share/man
 LOCALEDIR ?= /usr/share/locale
-PYLIBVER ?= python2.3
-PYTHONLIBDIR ?= $(DESTDIR)/System/Library/Frameworks/Python.framework/Versions/2.3/lib/$(PYLIBVER)
+PYLIBVER ?= $(shell python -c 'import sys;print "python%d.%d" % sys.version_info[0:2]')
+PYTHONLIBDIR ?= $(DESTDIR)$(shell python -c 'import sys;print sys.path[2]')
 
 TARGETS=audit2allow
 

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/audit2allow/audit2allow#4 (text+ko) ====

@@ -29,6 +29,7 @@
 if __name__ == '__main__':
 	import commands, sys, os, getopt, selinux
         import gettext
+	import re
         try:
                 gettext.install('policycoreutils')
         except:
@@ -59,6 +60,11 @@
 			print msg
 		sys.exit(1)
 		
+	def verify_module(module):
+		m = re.findall("[^a-zA-Z0-9]", module)
+		if len(m) != 0:
+			usage(_("Alphanumeric Charaters Only"))
+		
 	def errorExit(error):
 		sys.stderr.write("%s: " % sys.argv[0])
 		sys.stderr.write("%s\n" % error)
@@ -125,10 +131,12 @@
 				if module != "" or a[0] == "-":
 					usage()
 				module = a
+				verify_module(module)
 			if o == "-M":
 				if module != "" or output_ind  or a[0] == "-":
 					usage()
 				module = a
+				verify_module(module)
 				outfile = a+".te"
 				buildPP = 1
 				if not os.path.exists("/usr/bin/checkmodule"):
@@ -184,22 +192,27 @@
 		output.write(serules.out(requires, module))
 		output.flush()
 		if buildPP:
-			cmd = "checkmodule %s -m -o %s.mod %s.te" % (get_mls_flag(), module, module)
-			print _("Compiling policy")
-			print cmd
-			rc = commands.getstatusoutput(cmd)
-			if rc[0] == 0:
-				cmd = "semodule_package -o %s.pp -m %s.mod" % (module, module)
-				if fc_file != "":
-					cmd = "%s -f %s" % (cmd, fc_file)
-					
+			if ref_ind:
+				rc, type = selinux.selinux_getpolicytype()
+				cmd = "make -f /usr/share/selinux/%s/include/Makefile %s.pp" % (type, module)
+				print _("Compiling policy")
+				print cmd
+				rc = commands.getstatusoutput(cmd)
+			else:
+				cmd = "checkmodule %s -m -o %s.mod %s.te" % (get_mls_flag(), module, module)
+				print _("Compiling policy")
 				print cmd
 				rc = commands.getstatusoutput(cmd)
 				if rc[0] == 0:
-					print _("\n******************** IMPORTANT ***********************\n")
-					print (_("In order to load this newly created policy package into the kernel,\nyou are required to execute \n\nsemodule -i %s.pp\n\n") % module)
-				else:
-					errorExit(rc[1])
+					cmd = "semodule_package -o %s.pp -m %s.mod" % (module, module)
+					if fc_file != "":
+						cmd = "%s -f %s" % (cmd, fc_file)
+					
+					print cmd
+					rc = commands.getstatusoutput(cmd)
+			if rc[0] == 0:
+				print _("\n******************** IMPORTANT ***********************\n")
+				print (_("In order to load this newly created policy package into the kernel,\nyou are required to execute \n\nsemodule -i %s.pp\n\n") % module)
 			else:
 				errorExit(rc[1])
 

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/audit2allow/audit2allow.1#3 (text+ko) ====

@@ -24,7 +24,7 @@
 .\"
 .TH AUDIT2ALLOW "1" "January 2005" "Security Enhanced Linux" NSA
 .SH NAME
-audit2allow \- generate policy allow rules from logs of denied operations
+audit2allow \- generate SELinux policy allow rules from logs of denied operations
 .SH SYNOPSIS
 .B audit2allow
 .RI [ options "] "

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/audit2allow/avc.py#3 (text+ko) ====

@@ -231,7 +231,7 @@
 		else:
 			file = m[0][1]
 			ret = "\n#%s\n"% self.out()
-			ret += "optional_policy(`%s', `\n" % m[0][1]
+			ret += "optional_policy(`\n" 
 			first = True
 			for i in m:
 				if file != i[1]:

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/load_policy/load_policy.8#2 (text+ko) ====

@@ -1,6 +1,6 @@
 .TH LOAD_POLICY "8" "May 2003" "Security Enhanced Linux" NSA
 .SH NAME
-load_policy \- load a new policy into the kernel
+load_policy \- load a new SELinux policy into the kernel
 
 .SH SYNOPSIS
 .B load_policy 

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/load_policy/load_policy.c#4 (text+ko) ====

@@ -51,12 +51,12 @@
 	nargs = argc - optind;
 	if (nargs > 2)
 		usage(argv[0]);
-	if (nargs >= 1) {
-		fprintf(stderr,
-			"%s:  Warning!  Policy file argument (%s) is no longer supported, installed policy is always loaded.  Continuing...\n",
-			argv[0], argv[optind++]);
+	if (nargs >= 1 && !quiet) {
+			fprintf(stderr,
+				"%s:  Warning!  Policy file argument (%s) is no longer supported, installed policy is always loaded.  Continuing...\n",
+				argv[0], argv[optind++]);
 	}
-	if (nargs == 2) {
+	if (nargs == 2 && ! quiet) {
 		fprintf(stderr,
 			"%s:  Warning!  Boolean file argument (%s) is no longer supported, installed booleans file is always used.  Continuing...\n",
 			argv[0], argv[optind++]);

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/newrole/Makefile#3 (text+ko) ====

@@ -6,10 +6,18 @@
 LOCALEDIR = /usr/share/locale
 PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null)
 AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
-# If LOG_AUDIT_PRIV is y, then newrole will be made into setuid root program.
-# This is so that we have the CAP_AUDIT_WRITE capability. newrole will
-# shed all privileges and change to the user's uid.
-LOG_AUDIT_PRIV ?= n
+# Enable capabilities to permit newrole to generate audit records.
+# This will make newrole a setuid root program.
+# The capabilities used are: CAP_AUDIT_WRITE.
+AUDIT_LOG_PRIV ?= n
+# Enable capabilities to permit newrole to utilitize the pam_namespace module.
+# This will make newrole a setuid root program.
+# The capabilities used are: CAP_SYS_ADMIN, CAP_CHOWN, CAP_FOWNER and
+# CAP_DAC_OVERRIDE. 
+NAMESPACE_PRIV ?= n
+# If LSPP_PRIV is y, then newrole will be made into setuid root program.
+# Enabling this option will force AUDIT_LOG_PRIV and NAMESPACE_PRIV to be y.
+LSPP_PRIV ?= n
 VERSION = $(shell cat ../VERSION)
 
 CFLAGS ?= -Werror -Wall -W
@@ -26,12 +34,23 @@
 	override CFLAGS += -DUSE_AUDIT
 	LDLIBS += -laudit
 endif
-ifeq (${LOG_AUDIT_PRIV},y)
-	override CFLAGS += -DLOG_AUDIT_PRIV
+ifeq (${LSPP_PRIV},y)
+	override AUDIT_LOG_PRIV=y
+	override NAMESPACE_PRIV=y
+endif
+ifeq (${AUDIT_LOG_PRIV},y)
+	override CFLAGS += -DAUDIT_LOG_PRIV
+	IS_SUID=y
+endif
+ifeq (${NAMESPACE_PRIV},y)
+	override CFLAGS += -DNAMESPACE_PRIV
+	IS_SUID=y
+endif
+ifeq (${IS_SUID},y)
+	MODE := 4555
 	LDLIBS += -lcap
-	MODE := 4555
 else
-	MODE := 555
+	MODE := 0555
 endif
 
 TARGETS=$(patsubst %.c,%,$(wildcard *.c))
@@ -46,8 +65,12 @@
 	install -m 644 newrole.1 $(MANDIR)/man1/
 ifeq (${PAMH}, /usr/include/security/pam_appl.h)
 	test -d $(ETCDIR)/pam.d || install -m 755 -d $(ETCDIR)/pam.d
+ifeq (${LSPP_PRIV},y)
+	install -m 644 newrole-lspp.pamd $(ETCDIR)/pam.d/newrole
+else
 	install -m 644 newrole.pamd $(ETCDIR)/pam.d/newrole
 endif
+endif
 
 clean:
 	rm -f $(TARGETS) *.o 

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/newrole/newrole.1#2 (text+ko) ====

@@ -1,6 +1,6 @@
 .TH NEWROLE "1" "October 2000" "Security Enhanced Linux" NSA
 .SH NAME
-newrole \- run a shell with a new role
+newrole \- run a shell with a new SELinux role
 .SH SYNOPSIS
 .B newrole
 [\fB-r\fR|\fB--role\fR]
@@ -57,16 +57,46 @@
 .B --version
 shows the current version of newrole
 .PP
+.SH EXAMPLE
+.br
+Changing role:
+   # id -Z
+   staff_u:staff_r:staff_t:SystemLow-SystemHigh
+   # newrole -r sysadm_r
+   # id -Z
+   staff_u:sysadm_r:sysadm_t:SystemLow-SystemHigh
+
+Changing sensitivity only:
+   # id -Z
+   staff_u:sysadm_r:sysadm_t:Unclassified-SystemHigh
+   # newrole -l Secret
+   # id -Z
+   staff_u:sysadm_r:sysadm_t:Secret-SystemHigh
+
+.PP
+Changing sensitivity and clearance:
+   # id -Z
+   staff_u:sysadm_r:sysadm_t:Unclassified-SystemHigh
+   # newrole -l Secret-Secret
+   # id -Z
+   staff_u:sysadm_r:sysadm_t:Secret
+
 .SH FILES
 /etc/passwd - user account information
 .br
 /etc/shadow - encrypted passwords and age information
+.br
+/etc/selinux/<policy>/contexts/default_type - default types for roles
+/etc/selinux/<policy>/contexts/securetty_types - securetty types for level changes
+.br
 .SH SEE ALSO
-.B su
-(1),
-.B runas
+.B runcon
 (1)
 .SH AUTHORS
 .nf
-Tim Fraser (tfraser at tislabs.com) 
-Anthony Colatrella (amcolat at epoch.ncsc.mil)
+Anthony Colatrella
+Tim Fraser
+Steve Grubb <sgrubb at redhat.com>
+Darrel Goeddel <DGoeddel at trustedcs.com>
+Michael Thompson <mcthomps at us.ibm.com>
+Dan Walsh <dwalsh at redhat.com>

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/newrole/newrole.c#5 (text+ko) ====

@@ -36,18 +36,25 @@
  * setuid root, so that it can read the shadow passwd file.
  * 
  *
- * option CANTSPELLGDB:
- *
- * If you set CANTSPELLGDB you will turn on some debugging printfs.
- *
+ * Authors:
+ *      Anthony Colatrella
+ *	Tim Fraser
+ *	Steve Grubb <sgrubb at redhat.com>
+ *	Darrel Goeddel <DGoeddel at trustedcs.com>
+ *	Michael Thompson <mcthomps at us.ibm.com>
+ *	Dan Walsh <dwalsh at redhat.com>
  *
- * Authors:  Tim Fraser , 
- *           Anthony Colatrella <amcolat at epoch.ncsc.mil>
- * Various bug fixes by Stephen Smalley <sds at epoch.ncsc.mil>
- *
  *************************************************************************/
 
 #define _GNU_SOURCE
+
+#if defined(AUDIT_LOG_PRIV) && !defined(USE_AUDIT)
+#error AUDIT_LOG_PRIV needs the USE_AUDIT option
+#endif
+#if defined(NAMESPACE_PRIV) && !defined(USE_PAM)
+#error NAMESPACE_PRIV needs the USE_PAM option
+#endif
+
 #include <stdio.h>
 #include <stdlib.h>		/* for malloc(), realloc(), free() */
 #include <pwd.h>		/* for getpwuid() */
@@ -64,13 +71,11 @@
 #include <selinux/get_context_list.h>	/* for SELINUX_DEFAULTUSER */
 #include <security/mac.h>
 #include <signal.h>
+#include <unistd.h>		/* for getuid(), exit(), getopt() */
 #ifdef USE_AUDIT
 #include <libaudit.h>
 #endif
-#ifdef LOG_AUDIT_PRIV
-#ifndef USE_AUDIT
-#error LOG_AUDIT_PRIV needs the USE_AUDIT option
-#endif
+#if defined(AUDIT_LOG_PRIV) || (NAMESPACE_PRIV)
 #include <sys/prctl.h>
 #include <sys/capability.h>
 #endif
@@ -86,24 +91,24 @@
 #endif
 
 /* USAGE_STRING describes the command-line args of this program. */
-#define USAGE_STRING "USAGE: newrole [ -r role ] [ -t type ] [ -l level ] [ -V ] [ -- args ]"
+#define USAGE_STRING "USAGE: newrole [ -r role ] [ -t type ] [ -l level ] [ -p ] [ -V ] [ -- args ]"
 
+#define DEFAULT_PATH "/usr/bin:/bin"
 #define DEFAULT_CONTEXT_SIZE 255	/* first guess at context size */
 
 extern char **environ;
 
-char *xstrdup(const char *s)
-{
-	char *s2;
-
-	s2 = strdup(s);
-	if (!s2) {
-		fprintf(stderr, _("Out of memory!\n"));
-		exit(1);
-	}
-	return s2;
-}
-
+/**
+ * Construct from the current range and specified desired level a resulting
+ * range. If the specified level is a range, return that. If it is not, then
+ * construct a range with level as the sensitivity and clearance of the current
+ * context.
+ *
+ * newlevel - the level specified on the command line
+ * range    - the range in the current context
+ *
+ * Returns malloc'd memory
+ */
 static char *build_new_range(char *newlevel, const char *range)
 {
 	char *newrangep = NULL;
@@ -120,9 +125,8 @@
 		return newrangep;
 	}
 
-	/* look for MLS range */
+	/* look for MLS range in current context */
 	tmpptr = strchr(range, '-');
-
 	if (tmpptr) {
 		/* we are inserting into a ranged MLS context */
 		len = strlen(newlevel) + 1 + strlen(tmpptr + 1) + 1;
@@ -153,16 +157,11 @@
  * All PAM code goes in this section.
  *
  ************************************************************************/
-
-#include <unistd.h>		/* for getuid(), exit(), getopt() */
-
 #include <pam/pam_appl.h>	/* for PAM functions */
 #include <pam/pam_misc.h>	/* for misc_conv PAM utility function */
 
 #define SERVICE_NAME "newrole"	/* the name of this program for PAM */
 
-int authenticate_via_pam(const struct passwd *, const char *);
-
 /* authenticate_via_pam()
  *
  * in:     pw - struct containing data from our user's line in 
@@ -176,63 +175,39 @@
  * This function uses PAM to authenticate the user running this
  * program.  This is the only function in this program that makes PAM
  * calls.
- *
  */
-
-int authenticate_via_pam(const struct passwd *pw, const char *ttyn)
+int authenticate_via_pam(const char *ttyn, pam_handle_t *pam_handle)
 {
 
-	int result = 0;		/* our result, set to 0 (not authenticated) by default */
-	int rc;			/* pam return code */
-	pam_handle_t *pam_handle;	/* opaque handle used by all PAM functions */
+	int result = 0;		/* set to 0 (not authenticated) by default */
+	int pam_rc;		/* pam return code */
 	const char *tty_name;
 
-	/* This is a jump table of functions for PAM to use when it wants to *
-	 * communicate with the user.  We'll be using misc_conv(), which is  *
-	 * provided for us via pam_misc.h.                                   */
-	struct pam_conv pam_conversation = {
-		misc_conv,
-		NULL
-	};
-
-	/* Make `p_pam_handle' a valid PAM handle so we can use it when *
-	 * calling PAM functions.                                       */
-	rc = pam_start(SERVICE_NAME,
-		       pw->pw_name, &pam_conversation, &pam_handle);
-	if (rc != PAM_SUCCESS) {
-		fprintf(stderr, _("failed to initialize PAM\n"));
-		exit(-1);
-	}
-
 	if (strncmp(ttyn, "/dev/", 5) == 0)
 		tty_name = ttyn + 5;
 	else
 		tty_name = ttyn;
 
-	rc = pam_set_item(pam_handle, PAM_TTY, tty_name);
-	if (rc != PAM_SUCCESS) {
+	pam_rc = pam_set_item(pam_handle, PAM_TTY, tty_name);
+	if (pam_rc != PAM_SUCCESS) {
 		fprintf(stderr, _("failed to set PAM_TTY\n"));
 		goto out;
 	}
 
 	/* Ask PAM to authenticate the user running this program */
-	rc = pam_authenticate(pam_handle, 0);
-	if (rc != PAM_SUCCESS) {
+	pam_rc = pam_authenticate(pam_handle, 0);
+	if (pam_rc != PAM_SUCCESS) {
 		goto out;
 	}
 
 	/* Ask PAM to verify acct_mgmt */
-	rc = pam_acct_mgmt(pam_handle, 0);
-	if (rc == PAM_SUCCESS) {
+	pam_rc = pam_acct_mgmt(pam_handle, 0);
+	if (pam_rc == PAM_SUCCESS) {
 		result = 1;	/* user authenticated OK! */
 	}
 
-	/* We're done with PAM.  Free `pam_handle'. */
       out:
-	pam_end(pam_handle, rc);
-
-	return (result);
-
+	return result;
 }				/* authenticate_via_pam() */
 
 #else				/* else !USE_PAM */
@@ -242,19 +217,14 @@
  * All shadow passwd code goes in this section.
  *
  ************************************************************************/
-
-#include <unistd.h>		/* for getuid(), exit(), crypt() */
 #include <shadow.h>		/* for shadow passwd functions */
 #include <string.h>		/* for strlen(), memset() */
 
 #define PASSWORD_PROMPT _("Password:")	/* prompt for getpass() */
 
-int authenticate_via_shadow_passwd(const struct passwd *);
-
 /* authenticate_via_shadow_passwd()
  *
- * in:     pw - struct containing data from our user's line in 
- *                         the passwd file.
+ * in:     uname - the calling user's user name
  * out:    nothing
  * return: value   condition
  *         -----   ---------
@@ -264,51 +234,37 @@
  *
  * This function uses the shadow passwd file to thenticate the user running
  * this program.
- *
  */
-
-int authenticate_via_shadow_passwd(const struct passwd *pw)
+int authenticate_via_shadow_passwd(const char *uname)
 {
+	struct spwd *p_shadow_line;
+	char *unencrypted_password_s;
+	char *encrypted_password_s;
 
-	struct spwd *p_shadow_line;	/* struct derived from shadow passwd file line */
-	char *unencrypted_password_s;	/* unencrypted password input by user */
-	char *encrypted_password_s;	/* user's password input after being crypt()ed */
-
-	/* Make `p_shadow_line' point to the data from the current user's *
-	 * line in the shadow passwd file.                                */
-	setspent();		/* Begin access to the shadow passwd file. */
-	p_shadow_line = getspnam(pw->pw_name);
-	endspent();		/* End access to the shadow passwd file. */
+	setspent();
+	p_shadow_line = getspnam(uname);
+	endspent();
 	if (!(p_shadow_line)) {
-		fprintf(stderr,
-			_
-			("Cannot find your entry in the shadow passwd file.\n"));
-		exit(-1);
+		fprintf(stderr, _("Cannot find your entry in the shadow "
+			"passwd file.\n"));
+		return 0;
 	}
 
 	/* Ask user to input unencrypted password */
 	if (!(unencrypted_password_s = getpass(PASSWORD_PROMPT))) {
 		fprintf(stderr, _("getpass cannot open /dev/tty\n"));
-		exit(-1);
+		return 0;
 	}
 
-	/* Use crypt() to encrypt user's input password.  Clear the *
-	 * unencrypted password as soon as we're done, so it is not * 
-	 * visible to memory snoopers.                              */
+	/* Use crypt() to encrypt user's input password. */
 	encrypted_password_s = crypt(unencrypted_password_s,
 				     p_shadow_line->sp_pwdp);
 	memset(unencrypted_password_s, 0, strlen(unencrypted_password_s));
-
-	/* Return 1 (authenticated) iff the encrypted version of the user's *
-	 * input password matches the encrypted password stored in the      *
-	 * shadow password file.                                            */
 	return (!strcmp(encrypted_password_s, p_shadow_line->sp_pwdp));
-
-}				/* authenticate_via_shadow_passwd() */
-
+}
 #endif				/* if/else USE_PAM */
 
-/*
+/**
  * This function checks to see if the shell is known in /etc/shells.
  * If so, it returns 1. On error or illegal shell, it returns 0.
  */
@@ -317,7 +273,7 @@
 	int found = 0;
 	const char *buf;
 
-	if (!shell_name)
+	if (! (shell_name && shell_name[0]))
 		return found;
 
 	while ((buf = getusershell()) != NULL) {
@@ -335,71 +291,287 @@
 	return found;
 }
 
-/*
+/**
+ * Determine the Linux user identity to re-authenticate.
+ * If supported and set, use the login uid, as this should be more stable.
+ * Otherwise, use the real uid.
+ *
+ * This function assigns malloc'd memory into the pw_copy struct.
+ * Returns zero on success, non-zero otherwise
+ */
+int extract_pw_data(struct passwd *pw_copy)
+{
+	uid_t uid;
+	struct passwd *pw;
+
+#ifdef USE_AUDIT
+	uid = audit_getloginuid();
+	if (uid == (uid_t) - 1)
+		uid = getuid();
+#else
+	uid = getuid();
+#endif
+
+	setpwent();
+	pw = getpwuid(uid);
+	endpwent();
+	if (!(pw && pw->pw_name && pw->pw_name[0] && pw->pw_shell
+	      && pw->pw_shell[0] && pw->pw_dir && pw->pw_dir[0])) {
+		fprintf(stderr,
+			_("cannot find valid entry in the passwd file.\n"));
+		return -1;
+	}
+
+	*pw_copy = *pw;
+	pw = pw_copy;
+	pw->pw_name = strdup(pw->pw_name);
+	pw->pw_dir = strdup(pw->pw_dir);
+	pw->pw_shell = strdup(pw->pw_shell);
+
+	if (! (pw->pw_name && pw->pw_dir && pw->pw_shell)) {
+		fprintf(stderr, _("Out of memory!\n"));
+		goto out_free;
+	}
+
+	if (verify_shell(pw->pw_shell) == 0) {
+		fprintf(stderr, _("Error!  Shell is not valid.\n"));
+		goto out_free;
+	}
+	return 0;
+
+out_free:
+	free(pw->pw_name);
+	free(pw->pw_dir);
+	free(pw->pw_shell);
+	return -1;
+}
+
+/**
+ * Either restore the original environment, or set up a minimal one.
+ *
+ * The minimal environment contains:
+ * TERM, DISPLAY and XAUTHORITY - if they are set, preserve values
+ * HOME, SHELL, USER and LOGNAME - set to contents of /etc/passwd
+ * PATH - set to default value DEFAULT_PATH
+ *
+ * Returns zero on success, non-zero otherwise
+ */
+static int restore_environment(int preserve_environment,
+			       char **old_environ, const struct passwd *pw)
+{
+	char const *term_env;
+	char const *display_env;
+	char const *xauthority_env;
+	char *term = NULL;		/* temporary container */
+	char *display = NULL;		/* temporary container */
+	char *xauthority = NULL;	/* temporary container */
+	int rc;
+
+	environ = old_environ;
+
+	if (preserve_environment)
+		return 0;
+
+	term_env = getenv("TERM");
+	display_env = getenv("DISPLAY");
+	xauthority_env = getenv("XAUTHORITY");
+
+	/* Save the variable values we want */
+	if (term_env)
+		term = strdup(term_env);
+	if (display_env)
+		display = strdup(display_env);
+	if (xauthority_env)
+		xauthority = strdup(xauthority_env);
+	if ((term_env && !term) || (display_env && !display) ||
+	     (xauthority_env && !xauthority)) {
+		rc = -1;
+		goto out;
+	}
+
+	/* Construct a new environment */
+	if ((rc = clearenv())) {
+		fprintf(stderr, _("Unable to clear environment\n"));
+		goto out;
+	}
+
+	/* Restore that which we saved */
+	if (term)
+		rc |= setenv("TERM", term, 1);
+	if (display)
+		rc |= setenv("DISPLAY", display, 1);
+	if (xauthority)
+		rc |= setenv("XAUTHORITY", xauthority, 1);
+	rc |= setenv("HOME", pw->pw_dir, 1);
+	rc |= setenv("SHELL", pw->pw_shell, 1);
+	rc |= setenv("USER", pw->pw_name, 1);
+	rc |= setenv("LOGNAME", pw->pw_name, 1);
+	rc |= setenv("PATH", DEFAULT_PATH, 1);
+out:
+	free(term);
+	free(display);
+	free(xauthority);
+	return rc;
+}
+
+/**
  * This function will drop the capabilities so that we are left
  * only with access to the audit system. If the user is root, we leave
  * the capabilities alone since they already should have access to the
  * audit netlink socket.
+ *
+ * Returns zero on success, non-zero otherwise
  */
-#ifdef LOG_AUDIT_PRIV
-static void drop_capabilities(void)
+#if defined(AUDIT_LOG_PRIV) && !defined(NAMESPACE_PRIV)
+static int drop_capabilities(void)
 {
+	int rc = 0;
+	cap_t new_caps, tmp_caps;
+	cap_value_t cap_list[] = { CAP_AUDIT_WRITE };
+	cap_value_t tmp_cap_list[] = { CAP_AUDIT_WRITE, CAP_SETUID };
 	uid_t uid = getuid();
 
-	if (uid) {		/* Non-root path */
-		cap_t new_caps, tmp_caps;
-		cap_value_t cap_list[] = { CAP_AUDIT_WRITE };
-		cap_value_t tmp_cap_list[] = { CAP_AUDIT_WRITE, CAP_SETUID };
+	if (!uid)
+		return 0;
+
+	/* Non-root caller, suid root path */
+	new_caps = cap_init();
+	tmp_caps = cap_init();
+	if (!new_caps || !tmp_caps) {
+		fprintf(stderr, _("Error initing capabilities, aborting.\n"));
+		return -1;
+	}
+	rc |= cap_set_flag(new_caps, CAP_PERMITTED, 1, cap_list, CAP_SET);
+	rc |= cap_set_flag(new_caps, CAP_EFFECTIVE, 1, cap_list, CAP_SET);
+	rc |= cap_set_flag(tmp_caps, CAP_PERMITTED, 2, tmp_cap_list, CAP_SET);
+	rc |= cap_set_flag(tmp_caps, CAP_EFFECTIVE, 2, tmp_cap_list, CAP_SET);
+	if (rc) {
+		fprintf(stderr, _("Error setting capabilities, aborting\n"));
+		goto out;
+	}
+
+	/* Keep capabilities across uid change */
+	if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0)) {
+		fprintf(stderr, _("Error setting KEEPCAPS, aborting\n"));
+		rc = -1;
+		goto out;
+	}
+
+	/* Does this temporary change really buy us much? */
+	/* We should still have root's caps, so drop most capabilities now */
+	if ((rc = cap_set_proc(tmp_caps))) {
+		fprintf(stderr, _("Error dropping capabilities, aborting\n"));
+		goto out;
+	}
+
+	/* Change uid */
+	if ((rc = setresuid(uid, uid, uid))) {
+		fprintf(stderr, _("Error changing uid, aborting.\n"));
+		goto out;
+	}
+
+	/* Now get rid of this ability */
+	if ((rc = prctl(PR_SET_KEEPCAPS, 0, 0, 0, 0) < 0)) {
+		fprintf(stderr, _("Error resetting KEEPCAPS, aborting\n"));
+		goto out;
+	}
+
+	/* Finish dropping capabilities. */
+	if ((rc = cap_set_proc(new_caps))) {
+		fprintf(stderr,
+			_("Error dropping SETUID capability, aborting\n"));
+		goto out;
+	}
+out:
+	if (cap_free(tmp_caps) || cap_free(new_caps))
+		fprintf(stderr, _("Error freeing caps\n"));
+	return rc;
+}
+#elif defined(NAMESPACE_PRIV)
+/**
+ * This function will drop the capabilities so that we are left
+ * only with access to the audit system and the ability to raise
+ * CAP_SYS_ADMIN, CAP_DAC_OVERRIDE, CAP_FOWNER and CAP_CHOWN,
+ * before invoking pam_namespace.  These capabilities are needed
+ * for performing bind mounts/unmounts and to create potential new
+ * instance directories with appropriate DAC attributes. If the
+ * user is root, we leave the capabilities alone since they already
+ * should have access to the audit netlink socket and should have
+ * the ability to create/mount/unmount instance directories.
+ *
+ * Returns zero on success, non-zero otherwise
+ */
+static int drop_capabilities(void)
+{
+	int rc = 0;
+	cap_t new_caps;
+	cap_value_t cap_list[] = { CAP_AUDIT_WRITE, CAP_SETUID,
+				   CAP_SYS_ADMIN, CAP_FOWNER, CAP_CHOWN,
+				   CAP_DAC_OVERRIDE };
+
+	if (!getuid())
+		return 0;
+
+	/* Non-root caller, suid root path */

>>> TRUNCATED FOR MAIL (1000 lines) <<<


More information about the trustedbsd-cvs mailing list