On Thu, Sep 20, 2018 at 9:48 AM Vit Mojzis wrote:
>
>
> On 19/09/2018 22:51, Nicolas Iooss wrote:
> > When testing sepolicy gui with setools 4.2.0-beta, the following error
> > happened:
> >
> >File "python/sepolicy/sepolicy/__init__.py&quo
cy already retrieves all boolean states in
get_all_bools(), put them in a dict which can be used by
rule.conditional.evaluate().
This code has been tested with setools 4.1.1 and setools 4.2.0-beta.
Signed-off-by: Nicolas Iooss
---
python/sepolicy/sepolicy/__init__.py | 30 +++---
On Mon, Sep 10, 2018 at 2:46 PM 李 武刚 wrote:
> Hi, ALL
>
> There is one bug which has not checking the result value of hashtab_search
> in the function define_level of policydb_define.c. If the category is not
> defined, a null-pointer dereference will be taken place.
>
> The patch is attached.
n.
While at it, remove many spaces from the helptext of option --roles. I
do not know where they came from, but they were reduced to a single
space when displayed anyway.
Signed-off-by: Nicolas Iooss
---
python/semanage/semanage| 4 ++--
python/semanage/semanage-user.8 | 2 +-
2 files change
) ]
... a space is missing between "RANGE" and "( port )" in the usage of
--delete. Add it by splitting the string correctly in the usage line
definition.
Signed-off-by: Nicolas Iooss
---
python/semanage/semanage | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --g
I missed this bug in commit 9ec0ea143ab5 ("libsemanage: use previous
seuser when getting the previous name").
Signed-off-by: Nicolas Iooss
---
libsemanage/src/seusers_local.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libsemanage/src/seusers_local.c b/libse
On Wed, Sep 5, 2018 at 10:01 PM Nicolas Iooss wrote:
>
> On Fri, Aug 24, 2018 at 1:16 PM Vit Mojzis wrote:
> >
> > Use "previous" user name when no new user is available in
> > semanage_seuser_audit. Otherwise "id=0" is logged instead of
>
On Fri, Aug 24, 2018 at 1:16 PM Vit Mojzis wrote:
>
> Use "previous" user name when no new user is available in
> semanage_seuser_audit. Otherwise "id=0" is logged instead of
> "acct=user_name" ("id=0" is hard coded value).
>
> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1622045
Hi,
Hello,
While reviewing the last patch sent by Vit Mojzis, I stumbled upon
something that does not feel right in "semanage user". Both "semanage
user --help" and "man 8 semanage-user" state:
usage: semanage user [-h] [-n] [-N] [-S STORE] [ --add ( -L LEVEL -R
ROLES -r RANGE -s SEUSER
On Tue, Aug 14, 2018 at 2:02 PM Hollis Blanchard
wrote:
>
> On 08/13/2018 02:18 PM, Tom Cherry wrote:
> > On Mon, Aug 13, 2018 at 1:49 PM Hollis Blanchard
> > wrote:
> >> On 08/13/2018 01:45 PM, Tom Cherry wrote:
> >>> On Mon, Aug 13, 2018 at 12:43 PM Hollis Blanchard
> >>> wrote:
> The
On Tue, Aug 21, 2018 at 3:18 PM Vit Mojzis wrote:
>
> Restrictive umask may cause creating directories with with unintended
> access mode. Reset umask before creating directories to avoid this
> issue.
>
> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1186422
>
> Signed-off-by: Vit Mojzis
On Mon, Aug 20, 2018 at 11:51 PM William Roberts
wrote:
>
> Ack on these as well
Thanks, I applied these patches and the previous ones I sent.
Nicolas
>
> On Sun, Aug 19, 2018 at 11:49 AM, Nicolas Iooss wrote:
>>
>> Python does not need to end a statement with a semic
build matrix is therefore another
reason to upgrade .travis.yml to Ubuntu 16.04. As this new template does
not support Python 3.4 nor 3.5, and does not support PyPy2.7 yet, drop
them from the build matrix.
Signed-off-by: Nicolas Iooss
---
.travis.yml | 36 +---
1
Python does not need to end a statement with a semicolon. Doing this
gets reported by linters such as flake8 ("E703 statement ends with a
semicolon").
Remove such semicolons in the code and enable this warning in
scripts/run-flake8.
Signed-off-by: Nicolas Iooss
---
python/sepolgen/sr
Wdiscarded-qualifiers]
permstr = _PyUnicode_AsString( strObj );
^
Make permstr "const char *" in order to suppress this warning.
Signed-off-by: Nicolas Iooss
---
libselinux/src/audit2why.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libselin
On Sat, Aug 18, 2018 at 8:43 PM William Roberts
wrote:
>
> Im assuming with your attention on the python side of the house we're going
> to see a lot of
> formatting change patches heading the mailing list. I don't have any problems
> with them.
>
> Are you using some formatter for these, if so
Only use spaces to indent Python code. This reduces the number of
warnings reported by Python linters.
Signed-off-by: Nicolas Iooss
---
libsemanage/src/pywrap-test.py | 2301 +---
1 file changed, 1200 insertions(+), 1101 deletions(-)
diff --git a/libsemanage/src
This program can be useful in order to test the Python API of
libsemanage. Make it usable in Python 3 using 2to3 and some tweaks.
While at it, fix warnings reported by flake8 linter.
Signed-off-by: Nicolas Iooss
---
libsemanage/src/pywrap-test.py | 680 ++---
1 file
15, 2018 at 2:08 PM, Nicolas Iooss wrote:
>>
>> flake8 is a Python linter which is able to detect issues in Python code
>> (syntax errors, undefined variables, etc.). It has been used to find
>> bugs in the project. In order to prevent the introduction of new bugs
>> wh
ings which are introduced by code generated by SWIG 3.0.12,
which would require patches in SWIG in order to be activated (there
is right now only one such warning).
Signed-off-by: Nicolas Iooss
---
.travis.yml| 6
scripts/run-flake8 | 79 ++
2 fil
On Mon, Aug 13, 2018 at 5:21 PM William Roberts
wrote:
> On Sun, Aug 12, 2018 at 1:25 PM, Nicolas Iooss wrote:
>>
>> Here is the second revision of this patchset. The changes were:
>>
>> * I removed the buggy code instead of commenting it, in python/se
On Wed, Aug 8, 2018 at 1:51 PM Vit Mojzis wrote:
>
> Restrictive umask may cause creating directories with with unintended
> access mode. Reset umask before creating directories to avoid this
> issue.
>
> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1186422
Thanks for your patch. I agree
procotol -> protocol
This issue has been found using flake8. This Python linter reported:
python/sepolicy/sepolicy/gui.py:2525:132: F821 undefined name 'procotol'
Signed-off-by: Nicolas Iooss
---
python/sepolicy/sepolicy/gui.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
d
p_permissive() uses an undefined variable t, which is buggy. In order to
ignore permissive statements, the function only needs to "pass".
flake8 reported the following error:
python/sepolgen/src/sepolgen/refparser.py:789:5: F821 undefined name 't'
Signed-off-by: Nicolas Iooss
-
Here is the second revision of this patchset. The changes were:
* I removed the buggy code instead of commenting it, in python/sepolgen.
* I fixed a typo in the description of a patch.
Nicolas Iooss (13):
libselinux: fix flake8 warnings in SWIG-generated code
python/sepolgen: do not import
indentation is not a multiple of four
libselinux/src/selinux.py:130:45: E231 missing whitespace after ','
Signed-off-by: Nicolas Iooss
---
libselinux/src/selinuxswig_python.i | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/libselinux/src/selinuxswig_python.i
b/libselinux
.py:190:27: F821 undefined name 'v'
Signed-off-by: Nicolas Iooss
---
python/sepolicy/sepolicy.py | 10 --
1 file changed, 10 deletions(-)
diff --git a/python/sepolicy/sepolicy.py b/python/sepolicy/sepolicy.py
index 141f64ecd15f..24631b51ee37 100755
--- a/python/sepolicy/sepolicy.py
++
This module is not used and its name conflicts with variable "types".
This issue has been found using flake8. This Python linter reported:
python/sepolicy/sepolicy/generate.py:657:5: F811 redefinition of
unused 'types' from line 31
Signed-off-by: Nicolas Iooss
---
pytho
-off-by: Nicolas Iooss
---
python/sepolgen/src/sepolgen/refpolicy.py | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/python/sepolgen/src/sepolgen/refpolicy.py
b/python/sepolgen/src/sepolgen/refpolicy.py
index c30a8c70f9ca..e3dd33a21935 100644
--- a/python/sepolgen/src
has been found using flake8. This Python linter reported:
python/sepolgen/src/sepolgen/util.py:128:9: F901 'raise
NotImplemented' should be 'raise NotImplementedError'
Signed-off-by: Nicolas Iooss
---
python/sepolgen/src/sepolgen/util.py | 2 +-
1 file changed, 1 insertion(+), 1 del
This issue has been found using flake8. This Python linter reported:
python/sepolicy/sepolicy.py:582:5: F811 redefinition of unused
'DAEMON' from line 582
Signed-off-by: Nicolas Iooss
---
python/sepolicy/sepolicy.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
quot;#
noqa".
Signed-off-by: Nicolas Iooss
---
python/sepolgen/src/sepolgen/refparser.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/python/sepolgen/src/sepolgen/refparser.py
b/python/sepolgen/src/sepolgen/refparser.py
index 3415aff9b48f..97e2342c4693 100644
---
SELinuxGui.files_initial_data_insert() uses both "seLinux_label" and
"selinux_label", which leads to using an undefined variable, as reported
by flake8:
python/sepolicy/sepolicy/gui.py:1191:42: F821 undefined name 'selinux_label'
Signed-off-by: Nicolas Iooss
---
pyth
hon linter reported:
python/sepolgen/src/sepolgen/interfaces.py:158:37: F821 undefined
name 'PERM'
While at it, fix a typo in a comment.
Signed-off-by: Nicolas Iooss
---
python/sepolgen/src/sepolgen/interfaces.py | 7 +--
1 file changed, 1 insertion(+), 6 deletions(-)
diff --gi
'oldsetype'
python/sepolicy/sepolicy/gui.py:2020:122: F821 undefined name 'oldmls'
python/sepolicy/sepolicy/gui.py:2020:142: F821 undefined name 'oldclass'
python/sepolicy/sepolicy/gui.py:2050:133: F821 undefined name 'oldmls'
Signed-off-by: Nicolas Iooss
---
python/sepolicy/sepolicy
Signed-off-by: Nicolas Iooss
---
python/sepolicy/sepolicy/help/ports_inbound.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/python/sepolicy/sepolicy/help/ports_inbound.txt
b/python/sepolicy/sepolicy/help/ports_inbound.txt
index 1325abfeef1b..be16034462b2 100644
On Mon, Aug 6, 2018 at 5:05 PM, William Roberts
wrote:
>
> On Sat, Aug 4, 2018 at 12:47 PM, Nicolas Iooss
> wrote:
>>
>> Hi,
>>
>> I have been working on a script which uses flake8 to discover issues in
>> Python code. This led me to discover several iss
On Sat, Aug 4, 2018 at 2:16 PM, Nicolas Iooss wrote:
> On Sat, Aug 4, 2018 at 11:34 AM, Jason Zaman wrote:
>> On Sat, Aug 04, 2018 at 11:11:47AM +0200, Nicolas Iooss wrote:
>>> "except OSError, ImportError:" does not perform what it says: it is the
>>>
This issue has been found using flake8. This Python linter reported:
python/sepolicy/sepolicy.py:582:5: F811 redefinition of unused
'DAEMON' from line 582
Signed-off-by: Nicolas Iooss
---
python/sepolicy/sepolicy.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
.py:190:27: F821 undefined name 'v'
Signed-off-by: Nicolas Iooss
---
python/sepolicy/sepolicy.py | 10 --
1 file changed, 10 deletions(-)
diff --git a/python/sepolicy/sepolicy.py b/python/sepolicy/sepolicy.py
index 141f64ecd15f..24631b51ee37 100755
--- a/python/sepolicy/sepolicy.py
++
hon linter reported:
python/sepolgen/src/sepolgen/interfaces.py:158:37: F821 undefined
name 'PERM'
While at it, fix a typo in a comment.
Signed-off-by: Nicolas Iooss
---
python/sepolgen/src/sepolgen/interfaces.py | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
diff --gi
This module is not used and its name conflicts with variable "types".
This issue has been found using flake8. This Python linter reported:
python/sepolicy/sepolicy/generate.py:657:5: F811 redefinition of
unused 'types' from line 31
Signed-off-by: Nicolas Iooss
---
pytho
'oldsetype'
python/sepolicy/sepolicy/gui.py:2020:122: F821 undefined name 'oldmls'
python/sepolicy/sepolicy/gui.py:2020:142: F821 undefined name 'oldclass'
python/sepolicy/sepolicy/gui.py:2050:133: F821 undefined name 'oldmls'
Signed-off-by: Nicolas Iooss
---
python/sepolicy/sepolicy
SELinuxGui.files_initial_data_insert() uses both "seLinux_label" and
"selinux_label", which leads to using an undefined variable, as reported
by flake8:
python/sepolicy/sepolicy/gui.py:1191:42: F821 undefined name 'selinux_label'
Signed-off-by: Nicolas Iooss
---
pyth
util.py starts by importing "locale" and "sys", so there is no need to
import these modules again in the functions.
Signed-off-by: Nicolas Iooss
---
python/sepolgen/src/sepolgen/util.py | 4
1 file changed, 4 deletions(-)
diff --git a/python/sepolgen/src/sepolg
p_permissive() uses an undefined variable t, which is buggy. In order to
ignore permissive statements, the function only needs to "pass".
flake8 reported the following error:
python/sepolgen/src/sepolgen/refparser.py:789:5: F821 undefined name 't'
Signed-off-by: Nicolas Iooss
-
-off-by: Nicolas Iooss
---
python/sepolgen/src/sepolgen/refpolicy.py | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/python/sepolgen/src/sepolgen/refpolicy.py
b/python/sepolgen/src/sepolgen/refpolicy.py
index c30a8c70f9ca..e3dd33a21935 100644
--- a/python/sepolgen/src
procotol -> protocol
This issue has been found using flake8. This Python linter reported:
python/sepolicy/sepolicy/gui.py:2525:132: F821 undefined name 'procotol'
Signed-off-by: Nicolas Iooss
---
python/sepolicy/sepolicy/gui.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
d
indentation is not a multiple of four
libselinux/src/selinux.py:130:45: E231 missing whitespace after ','
Signed-off-by: Nicolas Iooss
---
libselinux/src/selinuxswig_python.i | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/libselinux/src/selinuxswig_python.i
b/libselinux
has been found using flake8. This Python linter reported:
python/sepolgen/src/sepolgen/util.py:128:9: F901 'raise
NotImplemented' should be 'raise NotImplementedError'
Signed-off-by: Nicolas Iooss
---
python/sepolgen/src/sepolgen/util.py | 2 +-
1 file changed, 1 insertion(+), 1 del
t;git format-patch --cover":
Nicolas Iooss (13):
libselinux: fix flake8 warnings in SWIG-generated code
python/sepolgen: do not import twice the modules
python/sepolgen: return NotImplemented instead of raising it
python/sepolicy: drop unused CheckPolicyType
python/sepolicy: use
quot;#
noqa".
Signed-off-by: Nicolas Iooss
---
python/sepolgen/src/sepolgen/refparser.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/python/sepolgen/src/sepolgen/refparser.py
b/python/sepolgen/src/sepolgen/refparser.py
index 3415aff9b48f..97e2342c4693 100644
---
On Sat, Aug 4, 2018 at 11:34 AM, Jason Zaman wrote:
> On Sat, Aug 04, 2018 at 11:11:47AM +0200, Nicolas Iooss wrote:
>> "except OSError, ImportError:" does not perform what it says: it is the
>> Python 2 syntax of catching OSError exceptions as "ImportErro
143
except OSError, ImportError:
^
SyntaxError: invalid syntax
The correct syntax consists in using parentheses.
Signed-off-by: Nicolas Iooss
---
For the record, I found this while playing with flake8 Python's linter.
I am currently working on upstreaming a scri
On Wed, Jul 11, 2018 at 2:36 AM, Chris PeBenito via refpolicy
wrote:
>
> An SETools 4.2.0-beta release is now available:
>
> https://github.com/SELinuxProject/setools/releases/tag/4.2.0-beta
>
> Changes since v4.1.1:
>
> * Replaced the Python/SWIG/static-linked-libsepol policyrep module with
> a
7/18 à 17:58, Stephen Smalley a écrit :
>>>>>
>>>>> On 07/10/2018 11:40 AM, Stephen Smalley wrote:
>>>>>>
>>>>>> On 07/09/2018 04:20 PM, Nicolas Iooss wrote:
>>>>>>>
>>>>>>> Hello,
>>>
Hello,
While testing a systemd update on Arch Linux, I encountered the
following message (in a Vagrant virtual machine):
# semanage fcontext -m -s sysadm_u -t user_home_t '/vagrant(/.*)?'
libsemanage.get_home_dirs: Error while fetching users. Returning list so far.
A quick debugging of
On Tue, Jul 3, 2018 at 12:49 AM, William Roberts
wrote:
> On Mon, Jul 2, 2018 at 11:38 AM, Nicolas Iooss wrote:
>> On Sun, Jul 1, 2018 at 10:51 PM, William Roberts
>> wrote:
>>> I see lots of repeating blocks, would it make more sense to goto an
>>> error l
On Sat, Jun 30, 2018 at 1:22 PM, Yuri Chornoivan wrote:
> субота, 30 червня 2018 р. 12:55:42 EEST ви написали:
>> On Sat, Jun 30, 2018 at 10:46 AM, Yuri Chornoivan wrote:
>> > Hi,
>> >
>> > Attached is a minor fix for the typos in selinux's git/master. Many thanks
>> > for fixing them.
>> >
>> >
On Sun, Jul 1, 2018 at 10:51 PM, William Roberts
wrote:
> I see lots of repeating blocks, would it make more sense to goto an
> error label and free them then return -1?
Both trans_context() and untrans_context() currently define "char
*ltrans = NULL, *utrans = NULL;" and "char *lrange = NULL,
write_pid_file() leaks a file descriptor to /var/run/restorecond.pid if
it fails to write the PID to it. Close the file before returning.
Signed-off-by: Nicolas Iooss
---
restorecond/restorecond.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/restorecond/restorecond.c b/restorecond
refpolicy moved from github.com/TresysTechnology to
github.com/SELinuxProject. It is still used in sepolgen tests (they
build modules using Makefile.devel and build.conf) so update the
location of the repository.
Signed-off-by: Nicolas Iooss
---
.travis.yml | 4 ++--
1 file changed, 2
There are many memory leaks in mcstrans. Clean them up in order to
reduce the noise in clang's static analyzer report. Some are remaining,
because they are more complex to fix.
Signed-off-by: Nicolas Iooss
---
mcstrans/src/mcstrans.c | 68 +
1 file
On Sat, Jun 30, 2018 at 10:46 AM, Yuri Chornoivan wrote:
> Hi,
>
> Attached is a minor fix for the typos in selinux's git/master. Many thanks for
> fixing them.
>
> The patch is also available here:
>
> https://github.com/fedora-selinux/selinux/pull/52/commits/
>
2018-06-12 11:06 GMT+02:00 Jan Zarsky :
> Add support for extended permissions to audit2allow. Extend AuditParser
> to parse the 'ioctlcmd' field in AVC message. Extend PolicyGenerator to
> generate allowxperm rules. Add the '-x'/'--xperms' option to audit2allow
> to turn on generating of extended
quot;make test"
in order to install the dependencies needed for the tests, and running
these tests with the newly-built libraries requires a specific
LD_LIBRARY_PATH. This new script takes care of setting up everything
which is needed.
Signed-off-by: Nicolas Iooss
---
scripts/.gitignore
Signed-off-by: Nicolas Iooss
---
libsepol/cil/src/cil_resolve_ast.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libsepol/cil/src/cil_resolve_ast.c
b/libsepol/cil/src/cil_resolve_ast.c
index 02259241ddfe..fb9d91745629 100644
--- a/libsepol/cil/src/cil_resolve_ast.c
+++ b
When write_binary_policy() fails to open the binary policy, it calls
sepol_handle_destroy(f.handle) but structure f has not been initialized
at this point. Use variable handle instead.
This issue has been found using clang's static analyzer.
Signed-off-by: Nicolas Iooss
---
libsepol/tests/test
f.handle is never set in read_binary_policy() so there is no need to
call sepol_handle_destroy() on it. Moreover clang's static analyzer
warns about an uninitialized argument value in the first call.
Signed-off-by: Nicolas Iooss
---
libsepol/tests/test-downgrade.c | 2 --
1 file changed, 2
2018-06-05 16:34 GMT+02:00 Jan Zarsky :
> Add support for extended permissions to audit2allow. Extend AuditParser
> to parse the 'ioctlcmd' field in AVC message. Extend PolicyGenerator to
> generate allowxperm rules. Add the '-x'/'--xperms' option to audit2allow
> to turn on generating of extended
disp_con() leaks scon_trans if it returns early.
Signed-off-by: Nicolas Iooss
---
policycoreutils/secon/secon.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/policycoreutils/secon/secon.c b/policycoreutils/secon/secon.c
index 6078139422ab..477057a6896b 100644
--- a/policycoreutils/secon
Signed-off-by: Nicolas Iooss
---
python/sepolgen/src/sepolgen/defaults.py | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/python/sepolgen/src/sepolgen/defaults.py
b/python/sepolgen/src/sepolgen/defaults.py
index 9591063989ad..199acfafe4cf 100644
--- a/python/sepolgen
Signed-off-by: Nicolas Iooss
---
policycoreutils/secon/secon.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policycoreutils/secon/secon.c b/policycoreutils/secon/secon.c
index c29d9fb67fa5..6078139422ab 100644
--- a/policycoreutils/secon/secon.c
+++ b/policycoreutils/secon
pp's main() never set outfd to anything else than -1 so there is no
point in closing it.
Signed-off-by: Nicolas Iooss
---
policycoreutils/hll/pp/pp.c | 7 ---
1 file changed, 7 deletions(-)
diff --git a/policycoreutils/hll/pp/pp.c b/policycoreutils/hll/pp/pp.c
index b97a9b34816a
On Thu, May 31, 2018 at 5:34 PM, Nicolas Iooss wrote:
> On Thu, May 31, 2018 at 3:18 PM, Laurent Bigonville wrote:
>> From: Laurent Bigonville
>>
>> ---
>> restorecond/Makefile | 14 +++---
>> 1 file changed, 7 insertions(+), 7 deletions(-)
>>
On Thu, May 31, 2018 at 3:18 PM, Laurent Bigonville wrote:
> From: Laurent Bigonville
>
> ---
> restorecond/Makefile | 14 +++---
> 1 file changed, 7 insertions(+), 7 deletions(-)
>
> diff --git a/restorecond/Makefile b/restorecond/Makefile
> index 25be18d4..8a0ada1f 100644
> ---
On Mon, May 28, 2018 at 11:46 PM, Laurent Bigonville wrote:
> From: Laurent Bigonville
>
> Fix line wrapping with limited to 80 columns
>
> Fix lintian error:
> W: selinux-utils: manpage-has-errors-from-man
> usr/share/man/man5/selabel_file.5.gz 104: warning [p 2, 10.0i]: cannot adjust
> line
On Mon, May 28, 2018 at 4:30 PM, Laurent Bigonville wrote:
> From: Laurent Bigonville
>
> Thanks to Russell Coker
>
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=899083
>
> Signed-off-by: Laurent Bigonville
> ---
> secilc/Makefile | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git
On Tue, May 29, 2018 at 9:29 AM, Laurent Bigonville wrote:
> From: Laurent Bigonville
>
> ---
> restorecond/Makefile | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/restorecond/Makefile b/restorecond/Makefile
> index 25be18d4..fed65bba 100644
> ---
On Mon, May 28, 2018 at 6:42 AM, Jason Zaman wrote:
> On Sat, May 26, 2018 at 08:42:06PM +0200, Nicolas Iooss wrote:
>> Hi,
>> As you may have noticed, I have been using clang's static analyzer for
>> a few months and submitted fixes for bugs that it found. There are also
bugs (like a missing call to va_end(), in the last patch).
This explains why there are other files which are modified.
Here is the git shortlog:
Nicolas Iooss (7):
libsepol: cil: silence clang analyzer false positive
libsepol: do not leak memory if list_prepend fails
libsepol: remove some dead a
clang's static analyzer warns about dead assignments to local variables.
In module_to_cil.c, there are some which are quite straightforward to
review. Remove them.
Signed-off-by: Nicolas Iooss <nicolas.io...@m4x.org>
---
libsepol/src/module_to_cil.c | 4
1 file changed, 4 deletions(-)
clang's static analyzer reports that ebitmap_to_names() can call
malloc(0) when the bitmap is empty. If malloc() returns NULL, this
triggers a misleading "Out of memory" error.
Work around this by treating empty bitmaps as appropriate.
Signed-off-by: Nicolas Iooss <nicolas.
understanding why typealiases_gather_map() does not need to strdup(key)
or free(key) when calling list_prepend(..., key) even though "key" comes
from pdb->p_types.table: because typealias_list_destroy() does not free
the inserted items. Add a comment to make this clearer in the code.
Signed-of
va_copy()'s manpage [1] states:
Each invocation of va_copy() must be matched by a corresponding
invocation of va_end() in the same function.
create_str_helper() is using va_copy() without va_end(). Add the missing
call.
[1] https://linux.die.net/man/3/va_copy
Signed-off-by: Nicolas
es (.pp) to CIL").
Signed-off-by: Nicolas Iooss <nicolas.io...@m4x.org>
---
libsepol/src/module_to_cil.c | 4
1 file changed, 4 deletions(-)
diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c
index 56887366707a..dcf6ebb10b60 100644
--- a/libsepol/src/module_t
require_class() allocate memory for its variable "class_datum_t *datum"
and calls symtab_init(>permissions, PERM_SYMTAB_SIZE). If this
second call fails, datum is not freed.
Fix this memory leak.
Signed-off-by: Nicolas Iooss <nicolas.io...@m4x.org>
---
checkpolicy/module_
In cil_tree_print_expr(), "rc < 0" is equivalent to "rc != 0" but
clang's static analyzer does not know about this. Help it.
Signed-off-by: Nicolas Iooss <nicolas.io...@m4x.org>
---
libsepol/cil/src/cil_tree.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
sion, which is why I
do not upstream these modifications). For the record, clang did not
like the "__error__" attribute used by some Ruby headers (cf.
https://travis-ci.org/fishilico/selinux/builds/381760812) and this is
not an issue related to the project.
Acked-by: Nicolas Iooss <nicolas.io...@m4x.org>
Thanks,
Nicolas
On Mon, May 14, 2018 at 4:19 PM, Jason Zaman <ja...@perfinion.com> wrote:
> On Mon, May 14, 2018 at 09:30:41AM -0400, Stephen Smalley wrote:
>> On 05/13/2018 07:43 AM, Nicolas Iooss wrote:
>> > On Sat, May 12, 2018 at 2:53 PM, Matěj Cepl <mc...@cepl.eu> wrote:
>&
On Thu, May 17, 2018 at 7:11 AM, Jason Zaman wrote:
> This series fixes compiling and running on musl libc.
>
> patches 1-2 are fairly trivial.
>
> patches 3-4 are a feature change on that platform since it does not
> support GLOB_TILDE and GLOB_BRACE. tilde is coming in musl
On Sat, May 12, 2018 at 2:53 PM, Matěj Cepl wrote:
> Hi,
>
> I am changing jobs (Red Hat -> SUSE; R, but not a security
> related job), and although I will be switching my workstation to
> OpenSUSE, I would love to keep SELinux working. Which meant I had
> to dig into the current
On Thu, Apr 19, 2018 at 5:07 PM, Stephen Smalley wrote:
> A 2.8-rc1 release candidate for the SELinux userspace is now available at:
> https://github.com/SELinuxProject/selinux/wiki/Releases
>
> Please give it a test and let us know if there are any issues.
>
> If there are
= append_arg(, _args, arg);
^~
semanage_store.c:1368:3: warning: Value stored to 'rc' is never read
rc = append_arg(, _args, arg);
^~
Signed-off-by: Nicolas Iooss <nicolas.io...@m4x.
; show the
expected result:
Process contexts:
Current context:sysadm_u:sysadm_r:sysadm_t
Init context: system_u:system_r:init_t
/sbin/agettysystem_u:system_r:getty_t
/usr/sbin/sshd system_u:system_r:sshd_t
Sig
clang's static analyzer reports a potential memory leak because the
buffers allocated in pc and fc are not freed in main(), in sestatus.c.
Free these buffers properly.
Signed-off-by: Nicolas Iooss <nicolas.io...@m4x.org>
---
policycoreutils/sestatus/sestatus.c | 2 ++
1 file chan
On Sat, Apr 14, 2018 at 2:40 AM, William Roberts
wrote:
> In general this series looks fine.
>
> However, checkpatch.pl is complaining about DOS line endings in your patches:
>
> For example:
> ERROR: DOS line endings
> #325: FILE: libselinux/src/label_file.h:281:
>
ollowing
message:
genusers.c:222:11: warning: Use of zero-allocated memory
*r++ = *s;
^
genusers.c:225:7: warning: Use of zero-allocated memory
*r = 0;
uot;
block.
This issue is reported by clang's static analyzer with the following
message:
module_to_cil.c:463:6: warning: Access to field 'pos' results in a
dereference of a null pointer (loaded from variable 'stack')
if (stack->pos == -1) {
^~~~~~
Signed-off-by:
In getconlist.c's main(), "level" is duplicated from an optional
argument without being ever freed. clang's static analyzer warns about
this memory leak.
Free the allocated memory properly in order to remove a warning reported
by clang's static analyzer.
Signed-off-by: Nicolas Iooss &
1 - 100 of 331 matches
Mail list logo