[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Libguestfs] [PATCH V3] NEW API: add a new api restorecon



On 10/25/2012 02:14 AM, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 10/24/2012 11:42 AM, Richard W.M. Jones wrote:
>> Dan & Dan,
>>
>> Any comments on the design of this restorecon interface?  As implemented
>> here, it is merely a simple encoding of the restorecon command line tool
>> and arguments.
>>
>> My main worry is that it'll use the wrong policy file, or perhaps no policy
>> file, or if SELinux isn't enabled properly it'll end up destroying labels
>> instead of setting them.
>>
>> Also I've no idea if it's legit to run restorecon on a filesystem from one
>> guest, using the restorecon command from another system (the host in this
>> case).
>>
>> Rich.
>>
> The restorecon inside the guest will attempt to read
> /etc/selinux/context/POLICYTYPE/files/file_context  If it exists.

So, Rich, we have some problems here?

Thanks,
Wanlong Gao

> 
> - From restorecons point of view does this file exists?  And is it in the container.
> 
> Also restorecon will only work if it thinks SELinux is enabled and the kernel
> undestands the labels.  If from the restorecon point of view SELinux is not
> enabled or /proc/fs/selinux points to the hosts /proc/fs/selinux then there is
> a chance that the host will reject labels in the guest.
> 
> If you want to fix labels in a guest where the process thinks SELinux is
> disabled, then setfiles would be a better tool.
> 
> 
>> On Wed, Oct 24, 2012 at 10:00:53PM +0800, Wanlong Gao wrote:
>>> Add a new api restorecon to restore file(s) default SELinux security
>>> contexts.
>>>
>>> Signed-off-by: Wanlong Gao <gaowanlong cn fujitsu com> --- 
>>> daemon/selinux.c     | 52
>>> ++++++++++++++++++++++++++++++++++++++++++++++++++++ generator/actions.ml
>>> | 26 ++++++++++++++++++++++++++ gobject/Makefile.inc |  6 ++++-- 
>>> po/POTFILES          |  1 + src/MAX_PROC_NR      |  2 +- 5 files changed,
>>> 84 insertions(+), 3 deletions(-)
>>>
>>> diff --git a/daemon/selinux.c b/daemon/selinux.c index 40590e1..f5e8cb2
>>> 100644 --- a/daemon/selinux.c +++ b/daemon/selinux.c @@ -31,6 +31,10 @@ 
>>> #include "actions.h" #include "optgroups.h"
>>>
>>> +#define MAX_ARGS 128 + +GUESTFSD_EXT_CMD(str_restorecon, restorecon); + 
>>> #if defined(HAVE_LIBSELINUX)
>>>
>>> int @@ -106,3 +110,51 @@ do_getcon (void) }
>>>
>>> #endif /* !HAVE_LIBSELINUX */ + +int +do_restorecon (const char
>>> *pathname, +               const char *labelprefix, +               int
>>> recursion, +               int force) +{ +  int r; +  size_t i = 0; +
>>> char *buf; +  char *err; +  const char *argv[MAX_ARGS]; + +  buf =
>>> sysroot_path (pathname); +  if (!buf) { +    reply_with_error
>>> ("malloc"); +    return -1; +  } + +  ADD_ARG (argv, i, str_restorecon); 
>>> + +  if (optargs_bitmask & GUESTFS_RESTORECON_LABELPREFIX_BITMASK) { +
>>> ADD_ARG (argv, i, "-L"); +    ADD_ARG (argv, i, labelprefix); +  } + +
>>> if (optargs_bitmask & GUESTFS_RESTORECON_RECURSION_BITMASK) +    if
>>> (recursion) +      ADD_ARG (argv, i, "-R"); + +  if (optargs_bitmask &
>>> GUESTFS_RESTORECON_FORCE_BITMASK) +    if (force) +      ADD_ARG (argv,
>>> i, "-F"); + +  ADD_ARG (argv, i, buf); +  ADD_ARG (argv, i, NULL); + +  r
>>> = commandv (NULL, &err, argv); +  free (buf); +  if (r == -1) { +
>>> reply_with_error ("%s: %s", pathname, err); +    free (err); +    return
>>> -1; +  } + +  free (err); +  return 0; +} diff --git
>>> a/generator/actions.ml b/generator/actions.ml index 71aee37..786c229
>>> 100644 --- a/generator/actions.ml +++ b/generator/actions.ml @@ -10241,6
>>> +10241,32 @@ If the optional C<suffix> parameter is given, then the
>>> suffix
>>>
>>> See also: C<guestfs_mkdtemp>." };
>>>
>>> +  { defaults with +    name = "restorecon"; +    style = RErr, [Pathname
>>> "pathname"], [OString "labelprefix"; OBool "recursion"; OBool "force"]; +
>>> proc_nr = Some 374; +    optional = Some "selinux"; +    tests = [ +
>>> InitScratchFS, IfAvailable "selinux", TestRun ( +        [["mkdir";
>>> "/a"]; +         ["mkdir"; "/a/b"]; +         ["touch"; "/a/b/c"]; +
>>> ["mkdir"; "/a/d"]; +         ["touch"; "/a/d/e"]; +
>>> ["restorecon"; "/a"; "NOARG"; "true"; "true"]]) +    ]; +    shortdesc =
>>> "restore file(s) default SELinux security contexts"; +    longdesc = "\ 
>>> +This program is primarily used to reset the security context (type) 
>>> +(extended attributes) on one or more files. + +It can be run at any time
>>> to correct errors, to add support for new policy. + +If a file object
>>> does not have a context, restorecon will write the default +context to
>>> the file object's extended attributes. If a file object has a +context,
>>> C<restorecon> will only modify the type portion of the security +context.
>>> The C<force> option will force a replacement of the entire context."}; + 
>>> ]
>>>
>>> (* Non-API meta-commands available only in guestfish. diff --git
>>> a/gobject/Makefile.inc b/gobject/Makefile.inc index 95a4b6b..7451d8e
>>> 100644 --- a/gobject/Makefile.inc +++ b/gobject/Makefile.inc @@ -82,7
>>> +82,8 @@ guestfs_gobject_headers= \ 
>>> include/guestfs-gobject/optargs-hivex_open.h \ 
>>> include/guestfs-gobject/optargs-xfs_repair.h \ 
>>> include/guestfs-gobject/optargs-mke2fs.h \ -
>>> include/guestfs-gobject/optargs-mktemp.h +
>>> include/guestfs-gobject/optargs-mktemp.h \ +
>>> include/guestfs-gobject/optargs-restorecon.h
>>>
>>> guestfs_gobject_sources= \ src/session.c \ @@ -146,4 +147,5 @@
>>> guestfs_gobject_sources= \ src/optargs-hivex_open.c \ 
>>> src/optargs-xfs_repair.c \ src/optargs-mke2fs.c \ -
>>> src/optargs-mktemp.c +  src/optargs-mktemp.c \ +
>>> src/optargs-restorecon.c diff --git a/po/POTFILES b/po/POTFILES index
>>> a73377d..8d6656b 100644 --- a/po/POTFILES +++ b/po/POTFILES @@ -167,6
>>> +167,7 @@ gobject/src/optargs-mount_local.c 
>>> gobject/src/optargs-ntfsclone_out.c gobject/src/optargs-ntfsfix.c 
>>> gobject/src/optargs-ntfsresize.c +gobject/src/optargs-restorecon.c 
>>> gobject/src/optargs-rsync.c gobject/src/optargs-rsync_in.c 
>>> gobject/src/optargs-rsync_out.c diff --git a/src/MAX_PROC_NR
>>> b/src/MAX_PROC_NR index a5c3fde..38a45c3 100644 --- a/src/MAX_PROC_NR +++
>>> b/src/MAX_PROC_NR @@ -1 +1 @@ -373 +374 -- 1.8.0
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.12 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
> 
> iEYEARECAAYFAlCIMB0ACgkQrlYvE4MpobOgTwCfewHzhAC3w5uT1RkWZnKAc2jB
> xfEAn2WKpX59+s59qQnNGUkjju6RIRtC
> =jnlO
> -----END PGP SIGNATURE-----
> 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]