| Message ID | 20220113204353.185947-1-vmojzis@redhat.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | libselinux: Strip spaces before values in config | expand |
On Thu, 13 Jan 2022 at 21:44, Vit Mojzis <vmojzis@redhat.com> wrote: > > Spaces before values in /etc/selinux/config should be ignored just as > spaces after them are. > > E.g. "SELINUXTYPE= targeted" should be a valid value. > > Fixes: > # sed -i 's/^SELINUXTYPE=/SELINUXTYPE= /g' /etc/selinux/config > # dnf install <any_package> > ... > RPM: error: selabel_open: (/etc/selinux/ targeted/contexts/files/file_contexts) No such file or directory > RPM: error: Plugin selinux: hook tsm_pre failed > ... > Error: Could not run transaction. > > Signed-off-by: Vit Mojzis <vmojzis@redhat.com> > --- > libselinux/src/selinux_config.c | 17 +++++++++++++---- > 1 file changed, 13 insertions(+), 4 deletions(-) > > diff --git a/libselinux/src/selinux_config.c b/libselinux/src/selinux_config.c > index 97f81a8b..99cd6124 100644 > --- a/libselinux/src/selinux_config.c > +++ b/libselinux/src/selinux_config.c > @@ -92,6 +92,7 @@ int selinux_getenforcemode(int *enforce) > FILE *cfg = fopen(SELINUXCONFIG, "re"); > if (cfg) { > char *buf; > + char *tag; > int len = sizeof(SELINUXTAG) - 1; > buf = malloc(selinux_page_size); > if (!buf) { > @@ -101,21 +102,24 @@ int selinux_getenforcemode(int *enforce) > while (fgets_unlocked(buf, selinux_page_size, cfg)) { > if (strncmp(buf, SELINUXTAG, len)) > continue; > + tag = buf+len; > + while (isspace(*tag)) > + tag++; > if (!strncasecmp > - (buf + len, "enforcing", sizeof("enforcing") - 1)) { > + (tag, "enforcing", sizeof("enforcing") - 1)) { > *enforce = 1; > ret = 0; > break; > } else > if (!strncasecmp > - (buf + len, "permissive", > + (tag, "permissive", > sizeof("permissive") - 1)) { > *enforce = 0; > ret = 0; > break; > } else > if (!strncasecmp > - (buf + len, "disabled", > + (tag, "disabled", > sizeof("disabled") - 1)) { > *enforce = -1; > ret = 0; > @@ -176,7 +180,10 @@ static void init_selinux_config(void) > > if (!strncasecmp(buf_p, SELINUXTYPETAG, > sizeof(SELINUXTYPETAG) - 1)) { > - type = strdup(buf_p + sizeof(SELINUXTYPETAG) - 1); > + buf_p += sizeof(SELINUXTYPETAG) - 1; > + while (isspace(*buf_p)) > + buf_p++; > + type = strdup(buf_p); > if (!type) { > free(line_buf); > fclose(fp); > @@ -199,6 +206,8 @@ static void init_selinux_config(void) > } else if (!strncmp(buf_p, REQUIRESEUSERS, > sizeof(REQUIRESEUSERS) - 1)) { > value = buf_p + sizeof(REQUIRESEUSERS) - 1; > + while (isspace(*value)) > + buf_p++; This looks wrong. > intptr = &require_seusers; > } else { > continue; > -- > 2.34.1 >
On 15. 01. 22 18:28, Christian Göttsche wrote: > On Thu, 13 Jan 2022 at 21:44, Vit Mojzis <vmojzis@redhat.com> wrote: >> Spaces before values in /etc/selinux/config should be ignored just as >> spaces after them are. >> >> E.g. "SELINUXTYPE= targeted" should be a valid value. >> >> Fixes: >> # sed -i 's/^SELINUXTYPE=/SELINUXTYPE= /g' /etc/selinux/config >> # dnf install <any_package> >> ... >> RPM: error: selabel_open: (/etc/selinux/ targeted/contexts/files/file_contexts) No such file or directory >> RPM: error: Plugin selinux: hook tsm_pre failed >> ... >> Error: Could not run transaction. >> >> Signed-off-by: Vit Mojzis <vmojzis@redhat.com> >> --- >> libselinux/src/selinux_config.c | 17 +++++++++++++---- >> 1 file changed, 13 insertions(+), 4 deletions(-) >> >> diff --git a/libselinux/src/selinux_config.c b/libselinux/src/selinux_config.c >> index 97f81a8b..99cd6124 100644 >> --- a/libselinux/src/selinux_config.c >> +++ b/libselinux/src/selinux_config.c >> @@ -92,6 +92,7 @@ int selinux_getenforcemode(int *enforce) >> FILE *cfg = fopen(SELINUXCONFIG, "re"); >> if (cfg) { >> char *buf; >> + char *tag; >> int len = sizeof(SELINUXTAG) - 1; >> buf = malloc(selinux_page_size); >> if (!buf) { >> @@ -101,21 +102,24 @@ int selinux_getenforcemode(int *enforce) >> while (fgets_unlocked(buf, selinux_page_size, cfg)) { >> if (strncmp(buf, SELINUXTAG, len)) >> continue; >> + tag = buf+len; >> + while (isspace(*tag)) >> + tag++; >> if (!strncasecmp >> - (buf + len, "enforcing", sizeof("enforcing") - 1)) { >> + (tag, "enforcing", sizeof("enforcing") - 1)) { >> *enforce = 1; >> ret = 0; >> break; >> } else >> if (!strncasecmp >> - (buf + len, "permissive", >> + (tag, "permissive", >> sizeof("permissive") - 1)) { >> *enforce = 0; >> ret = 0; >> break; >> } else >> if (!strncasecmp >> - (buf + len, "disabled", >> + (tag, "disabled", >> sizeof("disabled") - 1)) { >> *enforce = -1; >> ret = 0; >> @@ -176,7 +180,10 @@ static void init_selinux_config(void) >> >> if (!strncasecmp(buf_p, SELINUXTYPETAG, >> sizeof(SELINUXTYPETAG) - 1)) { >> - type = strdup(buf_p + sizeof(SELINUXTYPETAG) - 1); >> + buf_p += sizeof(SELINUXTYPETAG) - 1; >> + while (isspace(*buf_p)) >> + buf_p++; >> + type = strdup(buf_p); >> if (!type) { >> free(line_buf); >> fclose(fp); >> @@ -199,6 +206,8 @@ static void init_selinux_config(void) >> } else if (!strncmp(buf_p, REQUIRESEUSERS, >> sizeof(REQUIRESEUSERS) - 1)) { >> value = buf_p + sizeof(REQUIRESEUSERS) - 1; >> + while (isspace(*value)) >> + buf_p++; > This looks wrong. Yes, sorry, stupid mistake. > >> intptr = &require_seusers; >> } else { >> continue; >> -- >> 2.34.1 >>
diff --git a/libselinux/src/selinux_config.c b/libselinux/src/selinux_config.c index 97f81a8b..99cd6124 100644 --- a/libselinux/src/selinux_config.c +++ b/libselinux/src/selinux_config.c @@ -92,6 +92,7 @@ int selinux_getenforcemode(int *enforce) FILE *cfg = fopen(SELINUXCONFIG, "re"); if (cfg) { char *buf; + char *tag; int len = sizeof(SELINUXTAG) - 1; buf = malloc(selinux_page_size); if (!buf) { @@ -101,21 +102,24 @@ int selinux_getenforcemode(int *enforce) while (fgets_unlocked(buf, selinux_page_size, cfg)) { if (strncmp(buf, SELINUXTAG, len)) continue; + tag = buf+len; + while (isspace(*tag)) + tag++; if (!strncasecmp - (buf + len, "enforcing", sizeof("enforcing") - 1)) { + (tag, "enforcing", sizeof("enforcing") - 1)) { *enforce = 1; ret = 0; break; } else if (!strncasecmp - (buf + len, "permissive", + (tag, "permissive", sizeof("permissive") - 1)) { *enforce = 0; ret = 0; break; } else if (!strncasecmp - (buf + len, "disabled", + (tag, "disabled", sizeof("disabled") - 1)) { *enforce = -1; ret = 0; @@ -176,7 +180,10 @@ static void init_selinux_config(void) if (!strncasecmp(buf_p, SELINUXTYPETAG, sizeof(SELINUXTYPETAG) - 1)) { - type = strdup(buf_p + sizeof(SELINUXTYPETAG) - 1); + buf_p += sizeof(SELINUXTYPETAG) - 1; + while (isspace(*buf_p)) + buf_p++; + type = strdup(buf_p); if (!type) { free(line_buf); fclose(fp); @@ -199,6 +206,8 @@ static void init_selinux_config(void) } else if (!strncmp(buf_p, REQUIRESEUSERS, sizeof(REQUIRESEUSERS) - 1)) { value = buf_p + sizeof(REQUIRESEUSERS) - 1; + while (isspace(*value)) + buf_p++; intptr = &require_seusers; } else { continue;
Spaces before values in /etc/selinux/config should be ignored just as spaces after them are. E.g. "SELINUXTYPE= targeted" should be a valid value. Fixes: # sed -i 's/^SELINUXTYPE=/SELINUXTYPE= /g' /etc/selinux/config # dnf install <any_package> ... RPM: error: selabel_open: (/etc/selinux/ targeted/contexts/files/file_contexts) No such file or directory RPM: error: Plugin selinux: hook tsm_pre failed ... Error: Could not run transaction. Signed-off-by: Vit Mojzis <vmojzis@redhat.com> --- libselinux/src/selinux_config.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-)