diff mbox

libselinux: If autorelabel, force permissive mode.

Message ID 1467798202-6412-2-git-send-email-rjones@redhat.com (mailing list archive)
State Not Applicable
Headers show

Commit Message

Richard W.M. Jones July 6, 2016, 9:43 a.m. UTC 
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
---
 libselinux/src/load_policy.c | 30 +++++++++++++++++++++++++-----
 1 file changed, 25 insertions(+), 5 deletions(-)
diff mbox

Patch

diff --git a/libselinux/src/load_policy.c b/libselinux/src/load_policy.c
index 4f39fc7..337a8a9 100644
--- a/libselinux/src/load_policy.c
+++ b/libselinux/src/load_policy.c
@@ -315,7 +315,8 @@  hidden_def(selinux_mkload_policy)
  */
 int selinux_init_load_policy(int *enforce)
 {
-	int rc = 0, orig_enforce = 0, seconfig = -2, secmdline = -1;
+	int rc = 0, orig_enforce = 0, seconfig = -2, secmdline = -1,
+		seautorelabel = -1;
 	FILE *cfg;
 	char *buf;
 
@@ -332,6 +333,17 @@  int selinux_init_load_policy(int *enforce)
 	 */
 	selinux_getenforcemode(&seconfig);
 
+	/*
+	 * If /.autorelabel exists then we should start in permissive
+	 * mode because (a) the labels on the filesystem are known to
+	 * be bogus and so should not be trusted to make security
+	 * decisions, but more practically (b) mislabelled files may
+	 * cause services & processes required for relabelling to fail.
+	 */
+	if (access("/.autorelabel", F_OK) == 0) {
+		seautorelabel = 0;
+	}
+
 	/* Check for an override of the mode via the kernel command line. */
 	rc = mount("proc", "/proc", "proc", 0, 0);
 	cfg = fopen("/proc/cmdline", "r");
@@ -342,12 +354,18 @@  int selinux_init_load_policy(int *enforce)
 			fclose(cfg);
 			return -1;
 		}
-		if (fgets(buf, selinux_page_size, cfg) &&
-		    (tmp = strstr(buf, "enforcing="))) {
-			if (tmp == buf || isspace(*(tmp - 1))) {
+		if (fgets(buf, selinux_page_size, cfg)) {
+			if ((tmp = strstr(buf, "enforcing=")) &&
+			    (tmp == buf || isspace(*(tmp - 1)))) {
 				secmdline =
 				    atoi(tmp + sizeof("enforcing=") - 1);
 			}
+			else if ((tmp = strstr(buf, "autorelabel")) &&
+				 (tmp == buf || isspace(*(tmp - 1))) &&
+				 (tmp + sizeof("autorelabel") - 1 == '\0' ||
+				  isspace(tmp + sizeof("autorelabel") - 1))) {
+				seautorelabel = 0;
+			}
 		}
 		fclose(cfg);
 		free(buf);
@@ -357,7 +375,9 @@  int selinux_init_load_policy(int *enforce)
 	 * Determine the final desired mode.
 	 * Command line argument takes precedence, then config file. 
 	 */
-	if (secmdline >= 0)
+	if (seautorelabel >= 0)
+		*enforce = seautorelabel;
+	else if (secmdline >= 0)
 		*enforce = secmdline;
 	else if (seconfig >= 0)
 		*enforce = seconfig;