From patchwork Tue May 3 08:23:22 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Laszlo Ersek X-Patchwork-Id: 12835263 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 11602C433EF for ; Tue, 3 May 2022 08:23:35 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232725AbiECI1E (ORCPT ); Tue, 3 May 2022 04:27:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35468 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231240AbiECI1D (ORCPT ); Tue, 3 May 2022 04:27:03 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 28EE329800 for ; Tue, 3 May 2022 01:23:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1651566211; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=r/taJ9sE0u0byJCX8Eni1IyaMwiCBepL38AsaKItU+M=; b=T1dGFpa30N0qS9yDUGqeY6yaHkFl7UBhQ4/XpUnrEyC5j8yPuX6ZDxDaJHG/677tiF2nkg qBAkc97NaQz/kLQLcsOdNizeDsy3uQbRzSlscM+az00Vgo/xf4hDgi4fjR4QHbNzCA7mSR zzQNB3NuavJhUvXhg/NmX1zQt4YioUk= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-605-DU14Ls9PMcmspjwsah5qNg-1; Tue, 03 May 2022 04:23:29 -0400 X-MC-Unique: DU14Ls9PMcmspjwsah5qNg-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 78FA71C01E83 for ; Tue, 3 May 2022 08:23:29 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (unknown [10.39.192.166]) by smtp.corp.redhat.com (Postfix) with ESMTP id 95C9940CFD29; Tue, 3 May 2022 08:23:28 +0000 (UTC) From: Laszlo Ersek To: SELinux List , Laszlo Ersek Cc: "Richard W.M. Jones" , Petr Lautrbach Subject: [PATCH v2 1/5] setfiles: fix up inconsistent indentation Date: Tue, 3 May 2022 10:23:22 +0200 Message-Id: <20220503082326.11621-2-lersek@redhat.com> In-Reply-To: <20220503082326.11621-1-lersek@redhat.com> References: <20220503082326.11621-1-lersek@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.11.54.1 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Commit 7ad84e7c8d4f ("Add restorecon -x option to not cross FS boundaries", 2020-06-18) used spaces vs. TABs inconsistently; run "unexpand" on the affected lines to make the indentation conform to the rest of the source code. Cc: "Richard W.M. Jones" Cc: Petr Lautrbach Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1794518 Signed-off-by: Laszlo Ersek --- policycoreutils/setfiles/setfiles.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/policycoreutils/setfiles/setfiles.c b/policycoreutils/setfiles/setfiles.c index ab7016aca9a6..be88be5d5497 100644 --- a/policycoreutils/setfiles/setfiles.c +++ b/policycoreutils/setfiles/setfiles.c @@ -368,13 +368,13 @@ int main(int argc, char **argv) case '0': null_terminated = 1; break; - case 'x': - if (iamrestorecon) { + case 'x': + if (iamrestorecon) { r_opts.xdev = SELINUX_RESTORECON_XDEV; - } else { + } else { usage(argv[0]); - } - break; + } + break; case 'T': nthreads = strtoull(optarg, &endptr, 10); if (*optarg == '\0' || *endptr != '\0') From patchwork Tue May 3 08:23:23 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Laszlo Ersek X-Patchwork-Id: 12835265 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B3BB2C433F5 for ; Tue, 3 May 2022 08:23:35 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232752AbiECI1F (ORCPT ); Tue, 3 May 2022 04:27:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35490 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232750AbiECI1E (ORCPT ); Tue, 3 May 2022 04:27:04 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id CE38F2A266 for ; Tue, 3 May 2022 01:23:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1651566211; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=13LIhIH8ENFwdPN6Fw6ExK/xjeONIgl/fIJM5yJ7c7Q=; b=Ot66y3fupU8LfeutWM524++gf8B0KxOx6salyY97CSjIOHCPbacjvTG8Dt24Oeh4wuwa64 SpJcgVzK9j0gvPIUXQbvvCVoibM490J1aryQyV8s/7NnfKKtvI+MREIPT77Re14KfZIU1L O52Dh8khOgM5Zo+07P9I0L3zKBrsUnw= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-596-hXGeRQElPiCxsc7nUG_jqw-1; Tue, 03 May 2022 04:23:30 -0400 X-MC-Unique: hXGeRQElPiCxsc7nUG_jqw-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id A710185A5A8 for ; Tue, 3 May 2022 08:23:30 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (unknown [10.39.192.166]) by smtp.corp.redhat.com (Postfix) with ESMTP id BF21340CF8F9; Tue, 3 May 2022 08:23:29 +0000 (UTC) From: Laszlo Ersek To: SELinux List , Laszlo Ersek Cc: "Richard W.M. Jones" , Petr Lautrbach Subject: [PATCH v2 2/5] setfiles: remove useless assignment and comment (after RHBZ#1926386) Date: Tue, 3 May 2022 10:23:23 +0200 Message-Id: <20220503082326.11621-3-lersek@redhat.com> In-Reply-To: <20220503082326.11621-1-lersek@redhat.com> References: <20220503082326.11621-1-lersek@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.11.54.1 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Commit 9207823c8ff0 ("setfiles: Do not abort on labeling error", 2021-02-01) hoisted the zeroing of "r_opts.abort_on_error" above the branching on "setfiles vs. restorecon". Clean up two aspects: - "r_opts" is altogether zeroed a bit higher up, so remove the explicit zero-assignment; - neither "setfiles" nor "restorecon" aborts on errors during the file tree walk now, so remove the comment "Do not abort on errors during the file tree walk" from the "restorecon" branch as well. Cc: "Richard W.M. Jones" Cc: Petr Lautrbach Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1794518 Signed-off-by: Laszlo Ersek --- policycoreutils/setfiles/setfiles.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/policycoreutils/setfiles/setfiles.c b/policycoreutils/setfiles/setfiles.c index be88be5d5497..cf504618d38f 100644 --- a/policycoreutils/setfiles/setfiles.c +++ b/policycoreutils/setfiles/setfiles.c @@ -162,7 +162,6 @@ int main(int argc, char **argv) request_digest = 0; policyfile = NULL; - r_opts.abort_on_error = 0; if (!argv[0]) { fprintf(stderr, "Called without required program name!\n"); exit(-1); @@ -197,7 +196,6 @@ int main(int argc, char **argv) * restorecon: * No recursive descent unless -r/-R, * Expands paths via realpath, - * Do not abort on errors during the file tree walk, * Do not try to track inode associations for conflict detection, * Follows mounts, * Does lazy validation of contexts upon use. From patchwork Tue May 3 08:23:24 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Laszlo Ersek X-Patchwork-Id: 12835266 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1305FC433EF for ; Tue, 3 May 2022 08:23:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232739AbiECI1G (ORCPT ); Tue, 3 May 2022 04:27:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35506 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231240AbiECI1F (ORCPT ); Tue, 3 May 2022 04:27:05 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 1F64529800 for ; Tue, 3 May 2022 01:23:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1651566213; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=JkB2byG/+RiO8UzmhxFyDyj62m+Q0hOEl8imykBOP0Q=; b=XNhWZfUHskU0IiezHvNIeByuWTofrt3AtoOsC/ap78pzdXGTFJZINbjbPpEclo0ueC5guY yLsj16b5hRYrWKb8GtUpM+cZbt6jVDQwSFAcHLzuHvZnRsxkKbMLMnyO8lzAQ6SXEM8oFB rtQ8n9MoqBPIvQPlvykczycrbq6mNxY= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-640-JaEnwrD9OfS4ZpXvumhxcw-1; Tue, 03 May 2022 04:23:32 -0400 X-MC-Unique: JaEnwrD9OfS4ZpXvumhxcw-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id E66D0833965 for ; Tue, 3 May 2022 08:23:31 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (unknown [10.39.192.166]) by smtp.corp.redhat.com (Postfix) with ESMTP id F058A40CFD29; Tue, 3 May 2022 08:23:30 +0000 (UTC) From: Laszlo Ersek To: SELinux List , Laszlo Ersek Cc: "Richard W.M. Jones" , Petr Lautrbach Subject: [PATCH v2 3/5] setfiles: remove useless "iamrestorecon" checks in option parsing Date: Tue, 3 May 2022 10:23:24 +0200 Message-Id: <20220503082326.11621-4-lersek@redhat.com> In-Reply-To: <20220503082326.11621-1-lersek@redhat.com> References: <20220503082326.11621-1-lersek@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.11.54.1 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Commit 219eea83cea9 ("policycoreutils: setfiles/restorecon: fix -r/-R option", 2015-04-16) split the option strings between "setfiles" and "restorecon". Since that commit, an "iamrestorecon" check has only been necessary for an option that is (a) accepted by both "setfiles" and "restorecon", but (b) behaves differently between "setfiles" and "restorecon". Currently, the only such options are "-r" and "-R". Remove the "iamrestorecon" checks from the "setfiles"-only "-c" and "-d" options, and from the "restorecon"-only "-x" option. Cc: "Richard W.M. Jones" Cc: Petr Lautrbach Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1794518 Signed-off-by: Laszlo Ersek Reviewed-By: Daniel Burgener --- Notes: v2: - pick up Daniel Burgener's R-b policycoreutils/setfiles/setfiles.c | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/policycoreutils/setfiles/setfiles.c b/policycoreutils/setfiles/setfiles.c index cf504618d38f..aeec1fdcc2ab 100644 --- a/policycoreutils/setfiles/setfiles.c +++ b/policycoreutils/setfiles/setfiles.c @@ -227,9 +227,6 @@ int main(int argc, char **argv) { FILE *policystream; - if (iamrestorecon) - usage(argv[0]); - policyfile = optarg; policystream = fopen(policyfile, "r"); @@ -267,8 +264,6 @@ int main(int argc, char **argv) input_filename = optarg; break; case 'd': - if (iamrestorecon) - usage(argv[0]); r_opts.debug = 1; r_opts.log_matches = SELINUX_RESTORECON_LOG_MATCHES; @@ -367,11 +362,7 @@ int main(int argc, char **argv) null_terminated = 1; break; case 'x': - if (iamrestorecon) { - r_opts.xdev = SELINUX_RESTORECON_XDEV; - } else { - usage(argv[0]); - } + r_opts.xdev = SELINUX_RESTORECON_XDEV; break; case 'T': nthreads = strtoull(optarg, &endptr, 10); From patchwork Tue May 3 08:23:25 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Laszlo Ersek X-Patchwork-Id: 12835268 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5A0D8C433EF for ; Tue, 3 May 2022 08:23:41 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232750AbiECI1L (ORCPT ); Tue, 3 May 2022 04:27:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35546 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231240AbiECI1J (ORCPT ); Tue, 3 May 2022 04:27:09 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 850A029836 for ; Tue, 3 May 2022 01:23:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1651566216; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=V7yXeqfsNGufcpWM9m+tG1HLEB4WtEucZ49o4ySwv3M=; b=ZKJWWGhTuPFLiry3Y5+3uFimYjN6f+tprP4D9ckgNsh7d4CsJSVUoAGWH/sIApeNrYxU99 WTnjZZpaWSQtQJmMyv+UrhxRtf336H11eeN/ZGsfIOD1zWFARbT7Jk6SC6Q0TUsvlnuzsz w8DfNn4ZBctXnTvBV/7EsPRPSlQBfpI= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-114-xaBJ2AICMT-KXCog5Rfb7Q-1; Tue, 03 May 2022 04:23:33 -0400 X-MC-Unique: xaBJ2AICMT-KXCog5Rfb7Q-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 4FCE3299E747 for ; Tue, 3 May 2022 08:23:33 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (unknown [10.39.192.166]) by smtp.corp.redhat.com (Postfix) with ESMTP id 36196400F75F; Tue, 3 May 2022 08:23:32 +0000 (UTC) From: Laszlo Ersek To: SELinux List , Laszlo Ersek Cc: "Richard W.M. Jones" , Petr Lautrbach Subject: [PATCH v2 4/5] selinux_restorecon: introduce SELINUX_RESTORECON_COUNT_ERRORS Date: Tue, 3 May 2022 10:23:25 +0200 Message-Id: <20220503082326.11621-5-lersek@redhat.com> In-Reply-To: <20220503082326.11621-1-lersek@redhat.com> References: <20220503082326.11621-1-lersek@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.11.54.1 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Currently, if the SELINUX_RESTORECON_ABORT_ON_ERROR flag is clear, then selinux_restorecon[_parallel]() does not abort the file tree walk upon an error, but the function itself fails the same, with the same (-1) return value. This in turn is reported by the setfiles(8) utility to its parent process with the same exit code (255). In libguestfs we want to proceed after setfiles(8) fails *at most* with such errors that occur during the file tree walk. We need setfiles(8) to exit with a distinct exit status in that situation. For this, introduce the SELINUX_RESTORECON_COUNT_ERRORS flag, and the corresponding selinux_restorecon_get_skipped_errors() function, for selinux_restorecon[_parallel]() to count, but otherwise ignore, errors during the file tree walk. When no other kind of error occurs, the relabeling functions will return zero, and the caller can fetch the number of errors ignored during the file tree walk with selinux_restorecon_get_skipped_errors(). Importantly, when at least one such error is skipped, we don't write partial match digests for subdirectories, as any masked error means that any subdirectory may not have been completely relabeled. Cc: "Richard W.M. Jones" Cc: Petr Lautrbach Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1794518 Signed-off-by: Laszlo Ersek --- Notes: v2: - introduce the "selinux_restorecon_get_skipped_errors" symbol in the LIBSELINUX_3.4 section of "libselinux.map"; do not create the LIBSELINUX_3.5 section [Petr Lautrbach] libselinux/include/selinux/restorecon.h | 15 +++++++++ libselinux/src/selinux_restorecon.c | 34 +++++++++++++++++--- libselinux/man/man3/selinux_restorecon.3 | 22 ++++++++++++- libselinux/man/man3/selinux_restorecon_get_skipped_errors.3 | 28 ++++++++++++++++ libselinux/src/libselinux.map | 1 + 5 files changed, 94 insertions(+), 6 deletions(-) diff --git a/libselinux/include/selinux/restorecon.h b/libselinux/include/selinux/restorecon.h index 1821a3dc596c..b10fe684eff9 100644 --- a/libselinux/include/selinux/restorecon.h +++ b/libselinux/include/selinux/restorecon.h @@ -121,6 +121,11 @@ extern int selinux_restorecon_parallel(const char *pathname, */ #define SELINUX_RESTORECON_CONFLICT_ERROR 0x10000 +/* + * Count, but otherwise ignore, errors during the file tree walk. + */ +#define SELINUX_RESTORECON_COUNT_ERRORS 0x20000 + /** * selinux_restorecon_set_sehandle - Set the global fc handle. * @hndl: specifies handle to set as the global fc handle. @@ -205,6 +210,16 @@ extern int selinux_restorecon_xattr(const char *pathname, /* Do not read /proc/mounts. */ #define SELINUX_RESTORECON_XATTR_IGNORE_MOUNTS 0x0008 +/* selinux_restorecon_get_skipped_errors - Get the number of errors ignored + * during re-labeling. + * + * If SELINUX_RESTORECON_COUNT_ERRORS was passed to selinux_restorecon(3) or + * selinux_restorecon_parallel(3), and that function returned successfully + * (i.e., with a zero return value), then this function returns the number of + * errors ignored during the file tree walk. + */ +extern long unsigned selinux_restorecon_get_skipped_errors(void); + #ifdef __cplusplus } #endif diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c index 72f4fb462e34..e61929120a74 100644 --- a/libselinux/src/selinux_restorecon.c +++ b/libselinux/src/selinux_restorecon.c @@ -66,6 +66,9 @@ static pthread_mutex_t progress_mutex = PTHREAD_MUTEX_INITIALIZER; static struct dir_xattr *dir_xattr_list; static struct dir_xattr *dir_xattr_last; +/* Number of errors ignored during the file tree walk. */ +static long unsigned skipped_errors; + /* restorecon_flags for passing to restorecon_sb() */ struct rest_flags { bool nochange; @@ -83,6 +86,7 @@ struct rest_flags { bool ignore_noent; bool warnonnomatch; bool conflicterror; + bool count_errors; }; static void restorecon_init(void) @@ -827,6 +831,7 @@ struct rest_state { struct dir_hash_node *head, *current; bool abort; int error; + long unsigned skipped_errors; int saved_errno; pthread_mutex_t mutex; }; @@ -949,11 +954,17 @@ loop_body: goto unlock; } - state->error |= error; first = false; - if (error && state->flags.abort_on_error) { - state->abort = true; - goto finish; + if (error) { + if (state->flags.abort_on_error) { + state->error = error; + state->abort = true; + goto finish; + } + if (state->flags.count_errors) + state->skipped_errors++; + else + state->error = error; } break; } @@ -1007,12 +1018,15 @@ static int selinux_restorecon_common(const char *pathname_orig, SELINUX_RESTORECON_IGNORE_MOUNTS) ? true : false; state.ignore_digest = (restorecon_flags & SELINUX_RESTORECON_IGNORE_DIGEST) ? true : false; + state.flags.count_errors = (restorecon_flags & + SELINUX_RESTORECON_COUNT_ERRORS) ? true : false; state.setrestorecondigest = true; state.head = NULL; state.current = NULL; state.abort = false; state.error = 0; + state.skipped_errors = 0; state.saved_errno = 0; struct stat sb; @@ -1225,8 +1239,11 @@ static int selinux_restorecon_common(const char *pathname_orig, /* * Labeling successful. Write partial match digests for subdirectories. * TODO: Write digest upon FTS_DP if no error occurs in its descents. + * Note: we can't ignore errors here that we've masked due to + * SELINUX_RESTORECON_COUNT_ERRORS. */ - if (state.setrestorecondigest && !state.flags.nochange && !error) { + if (state.setrestorecondigest && !state.flags.nochange && !error && + state.skipped_errors == 0) { current = state.head; while (current != NULL) { if (setxattr(current->path, @@ -1241,6 +1258,8 @@ static int selinux_restorecon_common(const char *pathname_orig, } } + skipped_errors = state.skipped_errors; + out: if (state.flags.progress && state.flags.mass_relabel) fprintf(stdout, "\r%s 100.0%%\n", pathname); @@ -1520,3 +1539,8 @@ cleanup: } return -1; } + +long unsigned selinux_restorecon_get_skipped_errors(void) +{ + return skipped_errors; +} diff --git a/libselinux/man/man3/selinux_restorecon.3 b/libselinux/man/man3/selinux_restorecon.3 index 334d2930bb4f..218aaf6d2ae5 100644 --- a/libselinux/man/man3/selinux_restorecon.3 +++ b/libselinux/man/man3/selinux_restorecon.3 @@ -78,7 +78,10 @@ specfile entries SHA1 digest. The specfile entries digest will be written to the .IR security.sehash extended attribute once relabeling has been completed successfully provided the .B SELINUX_RESTORECON_NOCHANGE -flag has not been set. +flag has not been set, and no errors have been skipped during the file tree walk +due to the +.B SELINUX_RESTORECON_COUNT_ERRORS +flag. .sp .B SELINUX_RESTORECON_NOCHANGE don't change any file labels (passive check) or update the digest in the @@ -164,6 +167,21 @@ on a directory below this. .B SELINUX_RESTORECON_CONFLICT_ERROR to treat conflicting specifications, such as where two hardlinks for the same inode have different contexts, as errors. +.sp +.B SELINUX_RESTORECON_COUNT_ERRORS +Count, but otherwise ignore, errors during the file tree walk. Only makes a +difference if the +.B SELINUX_RESTORECON_ABORT_ON_ERROR +flag is clear. Call +.BR selinux_restorecon_get_skipped_errors (3) +for fetching the ignored (skipped) error count after +.BR selinux_restorecon (3) +or +.BR selinux_restorecon_parallel (3) +completes with success. In case any errors were skipped during the file tree +walk, the specfile entries SHA1 digest will not have been written to the +.IR security.sehash +extended attribute. .RE .sp The behavior regarding the checking and updating of the SHA1 digest described @@ -279,6 +297,8 @@ option. .br .BR selinux_restorecon_default_handle (3), .br +.BR selinux_restorecon_get_skipped_errors (3), +.br .BR selinux_restorecon_set_exclude_list (3), .br .BR selinux_restorecon_set_alt_rootpath (3), diff --git a/libselinux/man/man3/selinux_restorecon_get_skipped_errors.3 b/libselinux/man/man3/selinux_restorecon_get_skipped_errors.3 new file mode 100644 index 000000000000..d1757b7612ab --- /dev/null +++ b/libselinux/man/man3/selinux_restorecon_get_skipped_errors.3 @@ -0,0 +1,28 @@ +.TH "selinux_restorecon_get_skipped_errors" "3" "27 Apr 2022" "Security Enhanced Linux" "SELinux API documentation" + +.SH "NAME" +selinux_restorecon_get_skipped_errors \- get the number of errors ignored by +.BR selinux_restorecon (3) +or +.BR selinux_restorecon_parallel (3) +during the file tree walk +. +.SH "SYNOPSIS" +.B #include +.sp +.BI "long unsigned selinux_restorecon_get_skipped_errors(void);" +.in +\w'long unsigned selinux_restorecon_get_skipped_errors('u +. +.SH "DESCRIPTION" +If +.B SELINUX_RESTORECON_COUNT_ERRORS +was passed to +.BR selinux_restorecon (3) +or +.BR selinux_restorecon_parallel (3) +and that function returned successfully (i.e., with a zero return value), then +.BR selinux_restorecon_get_skipped_errors () +returns the number of errors ignored during the file tree walk. +. +.SH "SEE ALSO" +.BR selinux_restorecon (3) diff --git a/libselinux/src/libselinux.map b/libselinux/src/libselinux.map index 4acf1caacb55..6e04eb61c0c5 100644 --- a/libselinux/src/libselinux.map +++ b/libselinux/src/libselinux.map @@ -243,5 +243,6 @@ LIBSELINUX_1.0 { LIBSELINUX_3.4 { global: + selinux_restorecon_get_skipped_errors; selinux_restorecon_parallel; } LIBSELINUX_1.0; From patchwork Tue May 3 08:23:26 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Laszlo Ersek X-Patchwork-Id: 12835267 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 446BAC433EF for ; Tue, 3 May 2022 08:23:39 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231926AbiECI1I (ORCPT ); Tue, 3 May 2022 04:27:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35518 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231240AbiECI1I (ORCPT ); Tue, 3 May 2022 04:27:08 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 908EF29800 for ; Tue, 3 May 2022 01:23:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1651566215; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=kIz0Cu4Ol620es4MTJLbyzZp+QPTEI2gwSpjPd+S0kY=; b=Ep4JcY5U16/QRFJKOlc1yR8CYyBxAvgmsOpA44NToxefPTBo2wHFqmVQ14iZed4sJMyoRP t2CdzsN0t07krrW1k1JLnXrbqP1tLPn77i+p6pb/e0jIv/i2X3ciI3JYR/KpJ14Z3ENZoM 8mAmMPND6L5Uwogi2lLW37V1QcecRqQ= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-652-gNm7vGJ4P9OjRINiG40keQ-1; Tue, 03 May 2022 04:23:34 -0400 X-MC-Unique: gNm7vGJ4P9OjRINiG40keQ-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 787A9811E81 for ; Tue, 3 May 2022 08:23:34 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (unknown [10.39.192.166]) by smtp.corp.redhat.com (Postfix) with ESMTP id 9374B40CFD29; Tue, 3 May 2022 08:23:33 +0000 (UTC) From: Laszlo Ersek To: SELinux List , Laszlo Ersek Cc: "Richard W.M. Jones" , Petr Lautrbach Subject: [PATCH v2 5/5] setfiles: introduce the -C option for distinguishing file tree walk errors Date: Tue, 3 May 2022 10:23:26 +0200 Message-Id: <20220503082326.11621-6-lersek@redhat.com> In-Reply-To: <20220503082326.11621-1-lersek@redhat.com> References: <20220503082326.11621-1-lersek@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.11.54.1 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org setfiles(8) exits with status 255 if it encounters any error. Introduce the "-C" option: if the only errors that setfiles(8) encounters are labeling errors seen during the file tree walk(s), then let setfiles(8) exit with status 1. Cc: "Richard W.M. Jones" Cc: Petr Lautrbach Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1794518 Signed-off-by: Laszlo Ersek --- policycoreutils/setfiles/restore.h | 4 +++- policycoreutils/setfiles/restore.c | 8 +++++-- policycoreutils/setfiles/setfiles.c | 19 +++++++++++------ policycoreutils/setfiles/setfiles.8 | 22 ++++++++++++++++++++ 4 files changed, 44 insertions(+), 9 deletions(-) diff --git a/policycoreutils/setfiles/restore.h b/policycoreutils/setfiles/restore.h index bb35a1db9e34..a5af81fe3bb4 100644 --- a/policycoreutils/setfiles/restore.h +++ b/policycoreutils/setfiles/restore.h @@ -35,6 +35,7 @@ struct restore_opts { unsigned int ignore_noent; unsigned int ignore_mounts; unsigned int conflict_error; + unsigned int count_errors; /* restorecon_flags holds | of above for restore_init() */ unsigned int restorecon_flags; char *rootpath; @@ -49,7 +50,8 @@ struct restore_opts { void restore_init(struct restore_opts *opts); void restore_finish(void); void add_exclude(const char *directory); -int process_glob(char *name, struct restore_opts *opts, size_t nthreads); +int process_glob(char *name, struct restore_opts *opts, size_t nthreads, + long unsigned *skipped_errors); extern char **exclude_list; #endif diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c index e9ae33ad039a..6131f46a7523 100644 --- a/policycoreutils/setfiles/restore.c +++ b/policycoreutils/setfiles/restore.c @@ -41,7 +41,8 @@ void restore_init(struct restore_opts *opts) opts->xdev | opts->abort_on_error | opts->syslog_changes | opts->log_matches | opts->ignore_noent | opts->ignore_mounts | - opts->mass_relabel | opts->conflict_error; + opts->mass_relabel | opts->conflict_error | + opts->count_errors; /* Use setfiles, restorecon and restorecond own handles */ selinux_restorecon_set_sehandle(opts->hnd); @@ -72,7 +73,8 @@ void restore_finish(void) } } -int process_glob(char *name, struct restore_opts *opts, size_t nthreads) +int process_glob(char *name, struct restore_opts *opts, size_t nthreads, + long unsigned *skipped_errors) { glob_t globbuf; size_t i = 0; @@ -96,6 +98,8 @@ int process_glob(char *name, struct restore_opts *opts, size_t nthreads) nthreads); if (rc < 0) errors = rc; + else if (opts->restorecon_flags & SELINUX_RESTORECON_COUNT_ERRORS) + *skipped_errors += selinux_restorecon_get_skipped_errors(); } globfree(&globbuf); diff --git a/policycoreutils/setfiles/setfiles.c b/policycoreutils/setfiles/setfiles.c index aeec1fdcc2ab..4dd0d0dc3835 100644 --- a/policycoreutils/setfiles/setfiles.c +++ b/policycoreutils/setfiles/setfiles.c @@ -40,8 +40,8 @@ static __attribute__((__noreturn__)) void usage(const char *const name) name, name); } else { fprintf(stderr, - "usage: %s [-diIDlmnpqvEFWT] [-e excludedir] [-r alt_root_path] [-c policyfile] spec_file pathname...\n" - "usage: %s [-diIDlmnpqvEFWT] [-e excludedir] [-r alt_root_path] [-c policyfile] spec_file -f filename\n" + "usage: %s [-diIDlmnpqvCEFWT] [-e excludedir] [-r alt_root_path] [-c policyfile] spec_file pathname...\n" + "usage: %s [-diIDlmnpqvCEFWT] [-e excludedir] [-r alt_root_path] [-c policyfile] spec_file -f filename\n" "usage: %s -s [-diIDlmnpqvFWT] spec_file\n", name, name, name); } @@ -150,9 +150,10 @@ int main(int argc, char **argv) const char *base; int errors = 0; const char *ropts = "e:f:hiIDlmno:pqrsvFRW0xT:"; - const char *sopts = "c:de:f:hiIDlmno:pqr:svEFR:W0T:"; + const char *sopts = "c:de:f:hiIDlmno:pqr:svCEFR:W0T:"; const char *opts; union selinux_callback cb; + long unsigned skipped_errors; /* Initialize variables */ memset(&r_opts, 0, sizeof(r_opts)); @@ -161,6 +162,7 @@ int main(int argc, char **argv) warn_no_match = 0; request_digest = 0; policyfile = NULL; + skipped_errors = 0; if (!argv[0]) { fprintf(stderr, "Called without required program name!\n"); @@ -288,6 +290,9 @@ int main(int argc, char **argv) r_opts.syslog_changes = SELINUX_RESTORECON_SYSLOG_CHANGES; break; + case 'C': + r_opts.count_errors = SELINUX_RESTORECON_COUNT_ERRORS; + break; case 'E': r_opts.conflict_error = SELINUX_RESTORECON_CONFLICT_ERROR; @@ -447,13 +452,15 @@ int main(int argc, char **argv) buf[len - 1] = 0; if (!strcmp(buf, "/")) r_opts.mass_relabel = SELINUX_RESTORECON_MASS_RELABEL; - errors |= process_glob(buf, &r_opts, nthreads) < 0; + errors |= process_glob(buf, &r_opts, nthreads, + &skipped_errors) < 0; } if (strcmp(input_filename, "-") != 0) fclose(f); } else { for (i = optind; i < argc; i++) - errors |= process_glob(argv[i], &r_opts, nthreads) < 0; + errors |= process_glob(argv[i], &r_opts, nthreads, + &skipped_errors) < 0; } maybe_audit_mass_relabel(r_opts.mass_relabel, errors); @@ -467,5 +474,5 @@ int main(int argc, char **argv) if (r_opts.progress) fprintf(stdout, "\n"); - exit(errors ? -1 : 0); + exit(errors ? -1 : skipped_errors ? 1 : 0); } diff --git a/policycoreutils/setfiles/setfiles.8 b/policycoreutils/setfiles/setfiles.8 index 19b59a2cc90d..bf26e161a71d 100644 --- a/policycoreutils/setfiles/setfiles.8 +++ b/policycoreutils/setfiles/setfiles.8 @@ -6,6 +6,7 @@ setfiles \- set SELinux file security contexts. .B setfiles .RB [ \-c .IR policy ] +.RB [ \-C ] .RB [ \-d ] .RB [ \-l ] .RB [ \-m ] @@ -58,6 +59,13 @@ option will force a replacement of the entire context. .B \-c check the validity of the contexts against the specified binary policy. .TP +.B \-C +If only relabeling errors are encountered during the file tree walks, +exit with status +.B 1 +rather than +.BR 255 . +.TP .B \-d show what specification matched each file. .TP @@ -219,6 +227,20 @@ or the .B \-s option is used. +.SH "EXIT STATUS" +.B setfiles +exits with status +.B 0 +if it encounters no errors. Fatal errors result in status +.BR 255 . +Labeling errors encountered during file tree walk(s) result in status +.B 1 +if the +.B -C +option is specified and no other kind of error is encountered, and in status +.B 255 +otherwise. + .SH "NOTES" .IP "1." 4 .B setfiles