[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Adding a booleans.subs file to selinux policy.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/30/2012 08:07 PM, Jeffrey Walton wrote:
> On Fri, Mar 30, 2012 at 11:58 AM, Daniel J Walsh <dwalsh@xxxxxxxxxx>
> wrote:
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>> 
>> Basically I am sick of some of the bad names we chose for booleans when
>> we were first writing policy, so I want a mechanism to allow us to change
>> the names but still support the old names.
>> 
>> This patch will allow policy developers to ship a 
>> /etc/selinux/targeted/contexts/booleans.subs
>> 
>> Then libselinux will check if a boolean name exists, if not it will see
>> if there is a substitute name and attempt to use that.
>> 
>> I have attached the libselinux_bools-subs.patch and the first pass at
>> what a booleans.subs file will look like in Fedora 18.
> +static int bool_open(const char *name, int flag) { ... + +	len =
> strlen(name) + strlen(selinux_mnt) + sizeof(SELINUX_BOOL_DIR); Calling
> strlen() on NULL is not valid C, IIRC.
> 
> +	snprintf(fname, len, "%s%s%s", selinux_mnt, SELINUX_BOOL_DIR, name); 
> Silent truncation?
> 
> Should work under benign conditions. Will probably fail in a hostile 
> environment.
> 
> Jeff
> 
> -- This message was distributed to subscribers of the selinux mailing
> list. If you no longer wish to subscribe, send mail to
> majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes
> as the message.

Ok adding


	if (!name) {
		errno = EINVAL;
		return fd;
	}

At the beginning of bool_open.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk95wqAACgkQrlYvE4MpobOW1gCfWqW9HitmVXgRBG5CVMJRi8U6
AqUAmwT5g4X4Q5TNWAjwdvTuXe/+7Fgn
=L56v
-----END PGP SIGNATURE-----

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.

[Fedora Users]     [Fedora Legacy]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

Powered by Linux