aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAvatar Stephen P. Bennett <spb@exherbo.org> 2006-07-04 20:56:07 +0000
committerAvatar Stephen P. Bennett <spb@exherbo.org> 2006-07-04 20:56:07 +0000
commit49dd64c4e70790b3144182cce2581d61539e6fc8 (patch)
treede32e5074d387af659304dfbf738a6bec4e6870c
parent95fdc9e0cb05b912aa2299700e57ee88cc1f145b (diff)
downloadpaludis-49dd64c4e70790b3144182cce2581d61539e6fc8.tar.gz
paludis-49dd64c4e70790b3144182cce2581d61539e6fc8.tar.xz
Initial SELinux support in merge.
-rw-r--r--configure.ac47
-rwxr-xr-xebuild/ebuild.bash1
-rw-r--r--ebuild/utils/Makefile.am4
-rw-r--r--ebuild/utils/merge.cc38
-rw-r--r--paludis/Makefile.am.m42
-rw-r--r--paludis/selinux/Makefile.am23
-rw-r--r--paludis/selinux/security_context.cc227
-rw-r--r--paludis/selinux/security_context.hh153
8 files changed, 493 insertions, 2 deletions
diff --git a/configure.ac b/configure.ac
index d1718c3..ed35ff9 100644
--- a/configure.ac
+++ b/configure.ac
@@ -355,6 +355,52 @@ else
fi
dnl }}}
+dnl {{{ Check for dlopen symbol and set DYNAMIC_LD_LIBS.
+dnl
+dnl AM_DL()
+dnl
+
+AC_CHECK_LIB(c, dlopen,
+[DYNAMIC_LD_LIBS=""
+have_dl=yes])
+
+if test x$have_dl != "xyes"; then
+AC_CHECK_LIB(dl, dlopen,
+ [DYNAMIC_LD_LIBS="-ldl"
+ have_dl=yes])
+fi
+
+if test x$have_dl != "xyes"; then
+AC_MSG_ERROR(dynamic linker needed)
+fi
+
+AC_SUBST(DYNAMIC_LD_LIBS)
+
+dnl }}}
+
+dnl {{{ selinux support
+AC_MSG_CHECKING([whether to enable selinux support])
+AC_ARG_ENABLE([selinux],
+ AS_HELP_STRING([--enable-selinux], [Enable selinux support (default: check)]),
+ enable_selinux=$enableval,
+ enable_selinux=autodetect)
+AC_MSG_RESULT($enable_selinux)
+
+if test "x$enable_selinux" != "xno"; then
+ AC_CHECK_LIB([selinux],
+ [is_selinux_enabled],
+ found_selinux=yes,
+ found_selinux=no)
+ if test "x$enable_selinux" = "xyes" && test "x$found_selinux" != "xyes"; then
+ AC_MSG_ERROR([SElinux support requested but not found])
+ fi
+fi
+
+if test "x$found_selinux" = "xyes"; then
+ AC_DEFINE([HAVE_SELINUX], [1], [Build selinux support])
+fi
+dnl }}}
+
dnl {{{ is sed gnu sed
AC_MSG_CHECKING([if we need a sed wrapper])
AC_SUBST([NEED_SED_WRAPPER])
@@ -408,6 +454,7 @@ AC_OUTPUT(
paludis/hashed_containers.hh
paludis/qa/Makefile
paludis/util/Makefile
+ paludis/selinux/Makefile
src/Makefile
src/qualudis/Makefile
test/Makefile
diff --git a/ebuild/ebuild.bash b/ebuild/ebuild.bash
index 187035c..76d5ca5 100755
--- a/ebuild/ebuild.bash
+++ b/ebuild/ebuild.bash
@@ -30,6 +30,7 @@ export SANDBOX_PREDICT="${SANDBOX_PREDICT}/proc/self/maps:/dev/console:/dev/rand
export SANDBOX_WRITE="${SANDBOX_WRITE+${SANDBOX_WRITE}:}"
export SANDBOX_WRITE="${SANDBOX_WRITE}/dev/shm:/dev/stdout:/dev/stderr:/dev/null:/dev/tty"
export SANDBOX_WRITE="${SANDBOX_WRITE}:${PALUDIS_TMPDIR}:/var/cache"
+export SANDBOX_WRITE="${SANDBOX_WRITE}:/proc/self/attr:/selinux/context"
export SANDBOX_ON="1"
shopt -s expand_aliases
diff --git a/ebuild/utils/Makefile.am b/ebuild/utils/Makefile.am
index 5c88641..8a1f295 100644
--- a/ebuild/utils/Makefile.am
+++ b/ebuild/utils/Makefile.am
@@ -52,7 +52,9 @@ AM_CXXFLAGS = -I$(top_srcdir)
merge_SOURCES = merge.cc merge_common.cc merge_common.hh
merge_LDADD = \
$(top_builddir)/paludis/util/libpaludisutil.a \
- $(top_builddir)/paludis/digests/libpaludisdigests.a
+ $(top_builddir)/paludis/digests/libpaludisdigests.a \
+ $(top_builddir)/paludis/selinux/libpaludisselinux.a \
+ $(DYNAMIC_LD_LIBS)
unmerge_SOURCES = unmerge.cc merge_common.cc merge_common.hh
unmerge_LDADD = \
diff --git a/ebuild/utils/merge.cc b/ebuild/utils/merge.cc
index abcd966..ea076fc 100644
--- a/ebuild/utils/merge.cc
+++ b/ebuild/utils/merge.cc
@@ -28,6 +28,7 @@
#include <paludis/util/strip.hh>
#include <paludis/util/system.hh>
#include <paludis/util/tokeniser.hh>
+#include <paludis/selinux/security_context.hh>
#include <algorithm>
#include <fstream>
@@ -44,6 +45,8 @@
#include <sys/stat.h>
#include <sys/types.h>
+#include "config.h"
+
using namespace paludis;
using namespace merge;
@@ -218,6 +221,17 @@ namespace
else
{
mode_t mode(src_dir.permissions());
+
+#ifdef HAVE_SELINUX
+ CountedPtr<FSCreateCon, count_policy::ExternalCountTag> createcon(0);
+ if (MatchPathCon::get_instance()->good())
+ {
+ FSCreateCon *p = new FSCreateCon(MatchPathCon::get_instance()->match(dst_dir_str.substr(root_str.length()),
+ mode));
+ createcon.assign(p);
+ }
+#endif
+
FSEntry(dst_dir).mkdir(mode);
FSEntry(stringify(dst_dir)).chown(src_dir.owner(), src_dir.group());
/* the chmod is needed to pick up fancy set*id bits */
@@ -276,6 +290,13 @@ namespace
/* FDHolder must be destroyed before we do the md5 thing, or the
* disk write may not have synced. */
{
+#ifdef HAVE_SELINUX
+ CountedPtr<FSCreateCon, count_policy::ExternalCountTag> createcon(0);
+ if (MatchPathCon::get_instance()->good())
+ createcon.assign(new
+ FSCreateCon(MatchPathCon::get_instance()->match(dst_dir_str.substr(root_str.length()) + "/"
+ + dst.basename(), src.permissions())));
+#endif
FDHolder fd(::open(stringify(real_dst).c_str(), O_WRONLY | O_CREAT, src.permissions()));
if (-1 == fd)
throw Failure("Cannot open '" + stringify(real_dst) + "' for write");
@@ -334,6 +355,16 @@ namespace
FSEntry(dst).unlink();
}
+#ifdef HAVE_SELINUX
+ // permissions() on a symlink does weird things, but matchpathcon only cares about the file type,
+ // so just pass S_IFLNK.
+ CountedPtr<FSCreateCon, count_policy::ExternalCountTag> createcon(0);
+ if (MatchPathCon::get_instance()->good())
+ createcon.assign(new
+ FSCreateCon(MatchPathCon::get_instance()->match(dst_dir_str.substr(root_str.length()) + "/"
+ + dst.basename(), S_IFLNK)));
+#endif
+
if (0 != ::symlink(src.readlink().c_str(), stringify(dst).c_str()))
{
Log::get_instance()->message(ll_warning, "Couldn't create symlink '"
@@ -381,6 +412,13 @@ int
main(int argc, char * argv[])
{
Context context("In main program:");
+
+#ifdef HAVE_SELINUX
+ // If the MatchPathCon initialisation fails, don't attempt to match contexts when merging.
+ if (! MatchPathCon::get_instance()->good())
+ Log::get_instance()->message(ll_warning, "matchpathcon_init failed; not setting security contexts");
+#endif
+
exit_status = 0;
try
{
diff --git a/paludis/Makefile.am.m4 b/paludis/Makefile.am.m4
index f872a4c..7117e16 100644
--- a/paludis/Makefile.am.m4
+++ b/paludis/Makefile.am.m4
@@ -40,7 +40,7 @@ DEFS= \
-DDATADIR=\"$(datadir)\"
EXTRA_DIST = about.hh.in Makefile.am.m4 paludis.hh.m4 files.m4 \
hashed_containers.hh.in testscriptlist
-SUBDIRS = digests util . args qa
+SUBDIRS = digests util . args qa selinux
libpaludis_a_SOURCES = filelist
diff --git a/paludis/selinux/Makefile.am b/paludis/selinux/Makefile.am
new file mode 100644
index 0000000..fdcf568
--- /dev/null
+++ b/paludis/selinux/Makefile.am
@@ -0,0 +1,23 @@
+MAINTAINERCLEANFILES = Makefile.in
+CLEANFILES = *~
+SUBDIRS = .
+
+paludis_selinux_includedir = $(includedir)/paludis/selinux/
+
+paludis_selinux_include_HEADERS = \
+ security_context.hh
+
+libpaludisselinux_a_SOURCES = \
+ $(paludis_selinux_include_HEADERS) \
+ security_context.cc
+
+lib_LIBRARIES = libpaludisselinux.a
+
+TESTS =
+EXTRA_DIST =
+
+check_PROGRAMS = $(TESTS)
+
+AM_CXXFLAGS = -I$(top_srcdir)
+
+
diff --git a/paludis/selinux/security_context.cc b/paludis/selinux/security_context.cc
new file mode 100644
index 0000000..c307989
--- /dev/null
+++ b/paludis/selinux/security_context.cc
@@ -0,0 +1,227 @@
+/* vim: set sw=4 sts=4 et foldmethod=syntax : */
+
+/*
+ * Copyright (c) 2006 Stephen Bennett <spb@gentoo.org>
+ *
+ * This file is part of the Paludis package manager. Paludis is free software;
+ * you can redistribute it and/or modify it under the terms of the GNU General
+ * Public License as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ * Paludis is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+#include <paludis/util/log.hh>
+#include <paludis/selinux/security_context.hh>
+
+#include "config.h"
+
+#ifdef HAVE_SELINUX
+
+#include <dlfcn.h>
+#include <selinux/selinux.h>
+
+// I think the name explains it. C++ is picky about casting to function pointers.
+#define STUPID_CAST(type, val) reinterpret_cast<type>(reinterpret_cast<uintptr_t>(val))
+
+namespace {
+ class _libselinux {
+ private:
+ void *_handle;
+
+ void (*_freecon)(security_context_t);
+ int (*_getcon)(security_context_t*);
+ int (*_getfscreatecon)(security_context_t*);
+ int (*_setfscreatecon)(security_context_t);
+ int (*_matchpathcon)(const char *, mode_t, security_context_t*);
+ int (*_matchpathcon_init)(const char *);
+
+ public:
+ _libselinux() :
+ _handle(NULL), _freecon(NULL), _getcon(NULL),
+ _getfscreatecon(NULL), _setfscreatecon(NULL),
+ _matchpathcon(NULL), _matchpathcon_init(NULL)
+ {
+ _handle = dlopen("libselinux.so", RTLD_LAZY | RTLD_LOCAL);
+ if (NULL != _handle)
+ {
+ _freecon = STUPID_CAST(void (*)(security_context_t), dlsym(_handle, "freecon"));
+ _getcon = STUPID_CAST(int (*)(security_context_t*), dlsym(_handle, "getcon"));
+ _getfscreatecon = STUPID_CAST(int (*) (security_context_t*), dlsym(_handle, "getfscreatecon"));
+ _setfscreatecon = STUPID_CAST(int (*) (security_context_t), dlsym(_handle, "setfscreatecon"));
+ _matchpathcon = STUPID_CAST(int (*) (const char *, mode_t, security_context_t *),
+ dlsym(_handle, "matchpathcon"));
+ _matchpathcon_init = STUPID_CAST(int (*) (const char *), dlsym(_handle, "matchpathcon_init"));
+ }
+ }
+
+ ~_libselinux()
+ {
+ if (NULL != _handle)
+ dlclose(_handle);
+ }
+
+ void freecon(security_context_t c)
+ {
+ if (NULL != _freecon)
+ _freecon(c);
+ }
+
+ int getcon(security_context_t *c)
+ {
+ if (NULL != _getcon)
+ return _getcon(c);
+ return 0;
+ }
+
+ int getfscreatecon(security_context_t *c)
+ {
+ if (NULL != _getfscreatecon)
+ return _getfscreatecon(c);
+ return 0;
+ }
+
+ int setfscreatecon(security_context_t c)
+ {
+ if (NULL != _setfscreatecon)
+ return _setfscreatecon(c);
+ return 0;
+ }
+
+ int matchpathcon(const char *path, mode_t mode, security_context_t *con)
+ {
+ if (NULL != _matchpathcon)
+ return _matchpathcon(path, mode, con);
+ return 0;
+ }
+
+ int matchpathcon_init(const char *path)
+ {
+ if (NULL != _matchpathcon_init)
+ return _matchpathcon_init(path);
+ return 0;
+ }
+ } libselinux;
+}
+
+using namespace paludis;
+
+namespace paludis
+{
+ template<>
+ struct Implementation<SecurityContext> : InternalCounted<Implementation<SecurityContext> >
+ {
+ security_context_t _context;
+
+ Implementation(security_context_t con)
+ : _context(con)
+ { }
+
+ ~Implementation()
+ {
+ if (NULL != _context)
+ libselinux.freecon(_context);
+ }
+
+ void set(security_context_t newcon)
+ {
+ if (NULL != _context)
+ libselinux.freecon(_context);
+
+ _context = newcon;
+ }
+ };
+}
+
+SecurityContext::SecurityContext()
+ : PrivateImplementationPattern<SecurityContext>(new Implementation<SecurityContext>(NULL))
+{
+}
+
+SecurityContext::~SecurityContext()
+{
+}
+
+SecurityContext::ConstPointer SecurityContext::current_context()
+{
+ SecurityContext::Pointer p(new SecurityContext);
+ security_context_t con;
+ if (0 != libselinux.getcon(&con))
+ throw SELinuxException("Couldn't get current security context.");
+ p->_imp->set(con);
+ return p;
+}
+
+SecurityContext::ConstPointer SecurityContext::fs_create_context()
+{
+ SecurityContext::Pointer p(new SecurityContext);
+ security_context_t con;
+ if (0 != libselinux.getfscreatecon(&con))
+ throw SELinuxException("Couldn't get current filesystem creation context.");
+ p->_imp->set(con);
+ return p;
+}
+
+std::ostream & paludis::operator<<(std::ostream & os, const SecurityContext & context)
+{
+ os << static_cast<const char *>(context._imp->_context);
+ return os;
+}
+
+FSCreateCon::FSCreateCon(SecurityContext::ConstPointer newfscreatecon)
+ : _context(newfscreatecon), _prev_context(SecurityContext::fs_create_context())
+{
+ if (0 != libselinux.setfscreatecon(_context->_imp->_context))
+ throw SELinuxException("Couldn't set filesystem creation context to '" + stringify(*_context) + "'.");
+}
+
+FSCreateCon::~FSCreateCon()
+{
+ if (0 != libselinux.setfscreatecon(_prev_context->_imp->_context))
+ throw SELinuxException("Couldn't reset filesystem creation context to '" + stringify(*_prev_context) + "'.");
+}
+
+MatchPathCon::MatchPathCon()
+{
+ if (0 != libselinux.matchpathcon_init(NULL))
+ {
+ _good=false;
+// throw SELinuxException("Failed running matchpathcon_init.");
+ }
+ else
+ _good=true;
+}
+
+MatchPathCon::~MatchPathCon()
+{
+}
+
+bool MatchPathCon::good() const
+{
+ return _good;
+}
+
+SecurityContext::ConstPointer MatchPathCon::match(const std::string & path, mode_t mode) const
+{
+ SecurityContext::Pointer p(new SecurityContext);
+ security_context_t context;
+ if (0 != libselinux.matchpathcon(path.c_str(), mode, &context))
+ {
+ Log::get_instance()->message(ll_warning, "Couldn't get default security context for '" + path + "'.");
+// throw SELinuxException("Couldn't get default security context for '" + path + "'.");
+ }
+ else
+ {
+ p->_imp->set(context);
+ }
+ return p;
+}
+
+#endif
diff --git a/paludis/selinux/security_context.hh b/paludis/selinux/security_context.hh
new file mode 100644
index 0000000..8f7b4ef
--- /dev/null
+++ b/paludis/selinux/security_context.hh
@@ -0,0 +1,153 @@
+/* vim: set sw=4 sts=4 et foldmethod=syntax : */
+
+/*
+ * Copyright (c) 2006 Stephen Bennett <spb@gentoo.org>
+ *
+ * This file is part of the Paludis package manager. Paludis is free software;
+ * you can redistribute it and/or modify it under the terms of the GNU General
+ * Public License as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ * Paludis is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+#ifndef PALUDIS_GUARD_PALUDIS_UTIL_SECURITY_CONTEXT_HH
+#define PALUDIS_GUARD_PALUDIS_UTIL_SECURITY_CONTEXT_HH 1
+
+#include <string>
+#include <paludis/util/exception.hh>
+#include <paludis/util/counted_ptr.hh>
+#include <paludis/util/instantiation_policy.hh>
+#include <paludis/util/private_implementation_pattern.hh>
+
+/** \file
+ * Declarations for SecurityContext and associated classes.
+ *
+ * \ingroup grpfilesystem
+ */
+
+namespace paludis {
+ class FSCreateCon;
+ class MatchPathCon;
+
+ /**
+ * Error class for SELinux-related functions
+ */
+ class SELinuxException : public Exception
+ {
+ public:
+ SELinuxException(const std::string & message)
+ : Exception(message)
+ { }
+ };
+
+ /**
+ * Security context class. Wraps security_context_t.
+ */
+ class SecurityContext : private PrivateImplementationPattern<SecurityContext>,
+ private InstantiationPolicy<SecurityContext, instantiation_method::NonCopyableTag>,
+ public InternalCounted<SecurityContext>
+ {
+ public:
+ /**
+ * Constructor
+ */
+ SecurityContext();
+
+ /**
+ * Can be constructed from a string.
+ */
+ SecurityContext(const std::string &);
+
+ /**
+ * Destructor
+ */
+ ~SecurityContext();
+
+ friend std::ostream& paludis::operator<<(std::ostream&, const SecurityContext &);
+ friend class paludis::FSCreateCon;
+ friend class paludis::MatchPathCon;
+
+ /**
+ * Returns a SecurityContext referring to the current process's context
+ */
+ static SecurityContext::ConstPointer current_context();
+
+ /**
+ * Returns a SecurityContext referring to the current filesystem creation context
+ */
+ static SecurityContext::ConstPointer fs_create_context();
+ };
+
+ /**
+ * A SecurityContext can be written to a stream.
+ */
+ std::ostream& operator<<(std::ostream&, const SecurityContext &);
+
+ /**
+ * RAII-style wrapper for setfscreatecon().
+ *
+ * Create an FSCreateCon object to set the security context of newly created file objects.
+ * When destroyed, it will revert to the previous creation context.
+ *
+ * Note that this operation is not thread-safe. Any multi-threaded code calling it must use a
+ * critical section to ensure the desired behaviour.
+ */
+ class FSCreateCon
+ {
+ private:
+ SecurityContext::ConstPointer _context;
+ SecurityContext::ConstPointer _prev_context;
+
+ public:
+ /**
+ * Constructor
+ */
+ FSCreateCon(SecurityContext::ConstPointer);
+
+ /**
+ * Destructor
+ */
+ ~FSCreateCon();
+ };
+
+ /**
+ * Wrapper class around matchpathcon().
+ */
+ class MatchPathCon : public InstantiationPolicy<MatchPathCon, instantiation_method::SingletonAsNeededTag>
+ {
+ private:
+ bool _good;
+
+ public:
+ /**
+ * Constructor. Optional parameter is the path to the file_contexts to use.
+ */
+ MatchPathCon();
+
+ /**
+ * Destructor
+ */
+ ~MatchPathCon();
+
+ /**
+ * Retrieve the default context for a given pathname
+ */
+ SecurityContext::ConstPointer match(const std::string &, mode_t = 0) const;
+
+ /**
+ * Did the initialisation succeed?
+ */
+ bool good() const;
+ };
+
+}
+
+#endif