From patchwork Fri Sep 30 15:07:31 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stephen Smalley X-Patchwork-Id: 9358505 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id F00526075E for ; Fri, 30 Sep 2016 15:05:49 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DEC4629ACA for ; Fri, 30 Sep 2016 15:05:49 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id CFB7C2A099; Fri, 30 Sep 2016 15:05:49 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00 autolearn=ham version=3.3.1 Received: from emsm-gh1-uea10.nsa.gov (emsm-gh1-uea10.nsa.gov [8.44.101.8]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id C129529ACA for ; Fri, 30 Sep 2016 15:05:45 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.31,273,1473120000"; d="scan'208";a="18151584" IronPort-PHdr: =?us-ascii?q?9a23=3AI4sPAxYVqVRQJEER0MwMuHv/LSx+4OfEezUN459i?= =?us-ascii?q?sYplN5qZpcizbnLW6fgltlLVR4KTs6sC0LuM9fq5EjNbqb+681k6OKRWUBEEjc?= =?us-ascii?q?hE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i760zceF13FOBZv?= =?us-ascii?q?IaytQ8iJ3p7xjbn5pMabSj4LrQL1Wal1IhSyoFeZnegtqqwmFJwMzADUqGBDYe?= =?us-ascii?q?VcyDAgD1uSmxHh+pX4p8Y7oGxtofZpy+psGeW/Jfx5HvRkC2E9PmQ04tD7nQXS?= =?us-ascii?q?RguIoH0HWyMZlQQbLRLC6UTBQprpsib8/tF40S2eMNy+Gas4Qhy+/qxrT1nuky?= =?us-ascii?q?5BODknpjKEwvdshb5W9Ury7yd0xJTZNcTPbPc=3D?= X-IPAS-Result: =?us-ascii?q?A2GtAwB8fu5X/wHyM5BdGgEBAQECAQEBAQgBAQEBFwEBBAE?= =?us-ascii?q?BCgEBgxQBAQEBAR6BRA+6UyCHZEwBAQEBAQEBAQIBAlsngjIEAxMFghgCNxQgC?= =?us-ascii?q?wMDCQIXKQgIAwEtFR8LBRgEiCy9SCWPIxEBhV0dBZl4j3ECgWyIEQyFZQKHC4l?= =?us-ascii?q?hVIMeHYFsVoVGeIEoAQEB?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea10.nsa.gov with ESMTP; 30 Sep 2016 15:05:31 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u8UF5K1q031444; Fri, 30 Sep 2016 11:05:24 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id u8UF5Ig3045073 for ; Fri, 30 Sep 2016 11:05:18 -0400 Received: from moss-pluto.infosec.tycho.ncsc.mil (moss-pluto [192.168.25.131]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u8UF5Gfu031438; Fri, 30 Sep 2016 11:05:16 -0400 From: Stephen Smalley To: selinux@tycho.nsa.gov Subject: [PATCH] policycoreutils: setfiles: reverse the sense of -D Date: Fri, 30 Sep 2016 11:07:31 -0400 Message-Id: <1475248051-14729-1-git-send-email-sds@tycho.nsa.gov> X-Mailer: git-send-email 2.7.4 X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Cc: Stephen Smalley MIME-Version: 1.0 Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP Reverse the sense of the -D option, from disabling setting/use of security.restorecon_last to enabling it, making disabled the default state. Rationale: 1) Users often use restorecon to fix labels on files whose labels are wrong even through nothing has changed in file_contexts, e.g. after copying/moving files to a different location. They won't expect restorecon to suddenly stop relabeling by default because the hash of file_contexts hasn't changed. 2) Only processes running with CAP_SYS_ADMIN can set security.restorecon_last, so this will fail for non-root users anyway. Signed-off-by: Stephen Smalley --- policycoreutils/setfiles/restorecon.8 | 16 +++++++++------- policycoreutils/setfiles/setfiles.8 | 18 ++++++++++-------- policycoreutils/setfiles/setfiles.c | 9 +++++---- 3 files changed, 24 insertions(+), 19 deletions(-) diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8 index f996467..fdb468b 100644 --- a/policycoreutils/setfiles/restorecon.8 +++ b/policycoreutils/setfiles/restorecon.8 @@ -92,12 +92,10 @@ there are no errors. See the section for further details. .TP .B \-D -do not set or update any directory SHA1 digests. Use this option to -effectively disable usage of the +Set or update any directory SHA1 digests. Use this option to +enable usage of the .IR security.restorecon_last -extended attribute. Note that using this option will override the -.B \-I -option. +extended attribute. .TP .B \-m do not read @@ -174,15 +172,19 @@ To improve performance when relabeling file systems recursively (i.e. the or .B \-r option is set), +the +.B \-D +option to .B restorecon -will write an SHA1 digest of the default specfiles set to an extended +will cause it to store a SHA1 digest of the default specfiles set in an extended attribute named .IR security.restorecon_last -to the directory specified in each +on the directory specified in each .IR pathname \ ... once the relabeling has been completed successfully. This digest will be checked should .B restorecon +.B \-D be rerun with the same .I pathname parameters. See diff --git a/policycoreutils/setfiles/setfiles.8 b/policycoreutils/setfiles/setfiles.8 index 11bc335..6901e13 100644 --- a/policycoreutils/setfiles/setfiles.8 +++ b/policycoreutils/setfiles/setfiles.8 @@ -88,12 +88,10 @@ there are no errors. See the section for further details. .TP .B \-D -do not set or update any directory SHA1 digests. Use this option to -effectively disable usage of the +Set or update any directory SHA1 digests. Use this option to +enable usage of the .IR security.restorecon_last -extended attribute. Note that using this option will override the -.B \-I -option. +extended attribute. .TP .B \-l log changes in file labels to syslog. @@ -223,16 +221,20 @@ message label .BR FS_RELABEL . .IP "3." 4 To improve performance when relabeling file systems recursively +the +.B \-D +option to .B setfiles -will write an SHA1 digest of the +will cause it to store a SHA1 digest of the .B spec_file -set to an extended attribute named +set in an extended attribute named .IR security.restorecon_last -to the directory specified in each +on the directory specified in each .IR pathname \ ... once the relabeling has been completed successfully. This digest will be checked should .B setfiles +.B \-D be rerun with the same .I spec_file diff --git a/policycoreutils/setfiles/setfiles.c b/policycoreutils/setfiles/setfiles.c index 520866e..22eba0f 100644 --- a/policycoreutils/setfiles/setfiles.c +++ b/policycoreutils/setfiles/setfiles.c @@ -157,7 +157,7 @@ int main(int argc, char **argv) altpath = NULL; null_terminated = 0; warn_no_match = 0; - request_digest = 1; + request_digest = 0; policyfile = NULL; nerr = 0; @@ -281,11 +281,12 @@ int main(int argc, char **argv) SELINUX_RESTORECON_IGNORE_DIGEST; break; case 'D': /* - * Don't request file_contexts digest in selabel_open - * This will effectively disable usage of the + * Request file_contexts digest in selabel_open + * This will effectively enable usage of the * security.restorecon_last extended attribute. */ - request_digest = 0; + request_digest = 1; + break; case 'l': r_opts.syslog_changes = SELINUX_RESTORECON_SYSLOG_CHANGES;