From patchwork Mon Aug 15 08:44:58 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Miroslav Vadkerti X-Patchwork-Id: 9280439 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id B2096607FD for ; Mon, 15 Aug 2016 08:48:36 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9944D28BD0 for ; Mon, 15 Aug 2016 08:48:36 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8E15928BD9; Mon, 15 Aug 2016 08:48:36 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from emsm-gh1-uea11.nsa.gov (smtp.nsa.gov [8.44.101.9]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D676028BD0 for ; Mon, 15 Aug 2016 08:48:35 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.28,524,1464652800"; d="scan'208";a="18459733" IronPort-PHdr: =?us-ascii?q?9a23=3AFXzl2BbpPcjcg9xRivRZIjT/LSx+4OfEezUN459i?= =?us-ascii?q?sYplN5qZpcu7bnLW6fgltlLVR4KTs6sC0LuP9fm9ESxYuNDa4ShEKMQNHzY+yu?= =?us-ascii?q?wu1zQ6B8CEDUCpZNXLVAcdWPp4aVl+4nugOlJUEsutL3fbo3m18CJAUk6nbVk9?= =?us-ascii?q?GO35F8bogtit0KjqotuIMlwO3Wf1Iesrak7n9UOJ7oheqLAhA5558gHOrHpMdr?= =?us-ascii?q?Ye7kJTDnXXoSzB4Nyt9oVo6SVatqFp3cdBVaLnY/ZwFuQAX3wbKWR92OnH/VmG?= =?us-ascii?q?FFPOtTMgVTANnx5JBRXVxA3rVZf29C3hv6xy3zfJE9fxSOURWC6l9KNiVlfWgS?= =?us-ascii?q?sEOiQl8SmDj9J5gKFWug6JvRFzw4fIJoqSMawtLevmYdoGSD8ZDY5qXCtbD9b5?= =?us-ascii?q?NtMC?= X-IPAS-Result: =?us-ascii?q?A2FICgAhgbFX/wHyM5BeHAEBgydWfKc0AZN1IwOBdoVJTAE?= =?us-ascii?q?BAQEBAQECAQJbJ4IyBAMRfVs9AgQBAjcUIA4DCQEBFykICAMBKQQVEQ4LBRgEi?= =?us-ascii?q?BDBfAEkhiqGF4JIEQFohQ8FmT6GHoh4AoI3hzOFV5AvVIN8bIVZgTYBAQE?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea11.nsa.gov with ESMTP; 15 Aug 2016 08:48:32 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u7F8mOTI019530; Mon, 15 Aug 2016 04:48:30 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id u7F8j9WU191302 for ; Mon, 15 Aug 2016 04:45:09 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u7F8j85J019368 for ; Mon, 15 Aug 2016 04:45:09 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1DaAADUf7FXhhy3hNFeHAEBg318pgyRHIQMHIYBAoE7TAEBAQEBAQECEwEBAQoJCwkZhQ4CAQN5EFEtKhmIMcFuAQEBByeGKoYXg0KFDwWZPoYeiHgCgjeNCpAvgneBWToyhw8BAQE X-IPAS-Result: A1DaAADUf7FXhhy3hNFeHAEBg318pgyRHIQMHIYBAoE7TAEBAQEBAQECEwEBAQoJCwkZhQ4CAQN5EFEtKhmIMcFuAQEBByeGKoYXg0KFDwWZPoYeiHgCgjeNCpAvgneBWToyhw8BAQE X-IronPort-AV: E=Sophos;i="5.28,524,1464667200"; d="scan'208";a="5644616" Received: from emsm-gh1-uea10.corp.nsa.gov (HELO emsm-gh1-uea10.nsa.gov) ([10.208.41.36]) by goalie.tycho.ncsc.mil with ESMTP; 15 Aug 2016 04:45:08 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3ANksLgxQu/3WWusLQb1VCHXEM4tpsv+yvbD5Q0YIu?= =?us-ascii?q?jvd0So/mwa64YRKN2/xhgRfzUJnB7Loc0qyN4vmmADFIoc7Y9itTKNoUD15NoP?= =?us-ascii?q?5VtjRoONSCB0z/IayiRA0BN+MGamVY+WqmO1NeAsf0ag6aiHSz6TkPBke3blIt?= =?us-ascii?q?dazLE4Lfx/66y/q1s8WKJV4Z3XzkPPsydEzw9lSJ8JFOwMNLEeUY8lPxuHxGeu?= =?us-ascii?q?BblytDBGm4uFLC3Pq254Np6C9KuvgspIZqWKT+eLkkH/QDVGx1ezN92Mq+rhTH?= =?us-ascii?q?TA2S9lMAQ24WlVxOGAGD4xbkDbnrtS6vk+tn3zKeNNO+c7k4Wjm486YjHBr2gS?= =?us-ascii?q?sEOiQl2Hvahsx5kORQpxf39E83+JLdfIzAbKk2RajaZ95PHWc=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0GpAQDyf7FXhhy3hNFeHAEBg318pgyBK?= =?us-ascii?q?Y9zhAwcgXaECwKBO0wBAQEBAQEBAgECEAEBAQoJCwkZL4IyFn9bPQIBA3kQUS0?= =?us-ascii?q?qGYgxwXABAQEHAgEkhiqGF4NChQ8FmT6GHoh4AoI3jQqQL4J3gVk6MocPAQEB?= X-IPAS-Result: =?us-ascii?q?A0GpAQDyf7FXhhy3hNFeHAEBg318pgyBKY9zhAwcgXaECwK?= =?us-ascii?q?BO0wBAQEBAQEBAgECEAEBAQoJCwkZL4IyFn9bPQIBA3kQUS0qGYgxwXABAQEHA?= =?us-ascii?q?gEkhiqGF4NChQ8FmT6GHoh4AoI3jQqQL4J3gVk6MocPAQEB?= X-IronPort-AV: E=Sophos;i="5.28,524,1464652800"; d="scan'208";a="16582977" Received: from mx1.redhat.com ([209.132.183.28]) by emsm-gh1-uea10.nsa.gov with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Aug 2016 08:45:07 +0000 Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 322664E330 for ; Mon, 15 Aug 2016 08:45:07 +0000 (UTC) Received: from crude.brq.redhat.com (crude.brq.redhat.com [10.34.24.82]) by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u7F8j0dc007009; Mon, 15 Aug 2016 04:45:06 -0400 From: Miroslav Vadkerti To: selinux@tycho.nsa.gov Subject: [PATCH 2/2] semanage: default to "s0" if serange empty for port modify Date: Mon, 15 Aug 2016 10:44:58 +0200 Message-Id: <1471250698-16573-2-git-send-email-mvadkert@redhat.com> In-Reply-To: <1471250698-16573-1-git-send-email-mvadkert@redhat.com> References: <1471250698-16573-1-git-send-email-mvadkert@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.24 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Mon, 15 Aug 2016 08:45:07 +0000 (UTC) X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: MIME-Version: 1.0 Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP In case serange is empty, but the record is beeing modified (setype was supplied), use default "s0" range. With the original code the audit event would be printed with no range (i.e. "system_u:object_r:ssh_port_t:") Note that default "s0" is currently used in other places of seobject.py. Signed-off-by: Miroslav Vadkerti --- policycoreutils/semanage/seobject.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py index 538ff0a..a6681f0 100644 --- a/policycoreutils/semanage/seobject.py +++ b/policycoreutils/semanage/seobject.py @@ -1161,8 +1161,11 @@ class portRecords(semanageRecords): con = semanage_port_get_con(p) - if (is_mls_enabled == 1) and (serange != ""): - semanage_context_set_mls(self.sh, con, untranslate(serange)) + if is_mls_enabled == 1: + if serange == "": + serange = "s0" + else: + semanage_context_set_mls(self.sh, con, untranslate(serange)) if setype != "": semanage_context_set_type(self.sh, con, setype)