Re: [PATCH 1/1] python/sepolicy: fix compatibility with setools 4.2.0

On Thu, Sep 20, 2018 at 9:48 AM Vit Mojzis wrote: > > > On 19/09/2018 22:51, Nicolas Iooss wrote: > > When testing sepolicy gui with setools 4.2.0-beta, the following error > > happened: > > > >File "python/sepolicy/sepolicy/__init__.py&quo

[PATCH 1/1] python/sepolicy: fix compatibility with setools 4.2.0

cy already retrieves all boolean states in get_all_bools(), put them in a dict which can be used by rule.conditional.evaluate(). This code has been tested with setools 4.1.1 and setools 4.2.0-beta. Signed-off-by: Nicolas Iooss --- python/sepolicy/sepolicy/__init__.py | 30 +++---

Re: Bug report

On Mon, Sep 10, 2018 at 2:46 PM 李 武刚 wrote: > Hi, ALL > > There is one bug which has not checking the result value of hashtab_search > in the function define_level of policydb_define.c. If the category is not > defined, a null-pointer dereference will be taken place. > > The patch is attached.

[PATCH 1/2] semanage: "semanage user" does not use -s, fix documentation

n. While at it, remove many spaces from the helptext of option --roles. I do not know where they came from, but they were reduced to a single space when displayed anyway. Signed-off-by: Nicolas Iooss --- python/semanage/semanage| 4 ++-- python/semanage/semanage-user.8 | 2 +- 2 files change

[PATCH 2/2] semanage: add a missing space in ibendport help

) ] ... a space is missing between "RANGE" and "( port )" in the usage of --delete. Add it by splitting the string correctly in the usage line definition. Signed-off-by: Nicolas Iooss --- python/semanage/semanage | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --g

[PATCH 1/1] libsemanage: use previous seuser when getting the previous name

I missed this bug in commit 9ec0ea143ab5 ("libsemanage: use previous seuser when getting the previous name"). Signed-off-by: Nicolas Iooss --- libsemanage/src/seusers_local.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libsemanage/src/seusers_local.c b/libse

Re: [PATCH] libsemanage: Include user name in ROLE_REMOVE audit events

On Wed, Sep 5, 2018 at 10:01 PM Nicolas Iooss wrote: > > On Fri, Aug 24, 2018 at 1:16 PM Vit Mojzis wrote: > > > > Use "previous" user name when no new user is available in > > semanage_seuser_audit. Otherwise "id=0" is logged instead of >

Re: [PATCH] libsemanage: Include user name in ROLE_REMOVE audit events

On Fri, Aug 24, 2018 at 1:16 PM Vit Mojzis wrote: > > Use "previous" user name when no new user is available in > semanage_seuser_audit. Otherwise "id=0" is logged instead of > "acct=user_name" ("id=0" is hard coded value). > > Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1622045 Hi,

"semanage user" and -s option

Hello, While reviewing the last patch sent by Vit Mojzis, I stumbled upon something that does not feel right in "semanage user". Both "semanage user --help" and "man 8 semanage-user" state: usage: semanage user [-h] [-n] [-N] [-S STORE] [ --add ( -L LEVEL -R ROLES -r RANGE -s SEUSER

Re: [PATCH] Fix build break around __atomic_*() with GCC<4.7

On Tue, Aug 14, 2018 at 2:02 PM Hollis Blanchard wrote: > > On 08/13/2018 02:18 PM, Tom Cherry wrote: > > On Mon, Aug 13, 2018 at 1:49 PM Hollis Blanchard > > wrote: > >> On 08/13/2018 01:45 PM, Tom Cherry wrote: > >>> On Mon, Aug 13, 2018 at 12:43 PM Hollis Blanchard > >>> wrote: > The

Re: [PATCH] libsemanage: reset umask before creating directories

On Tue, Aug 21, 2018 at 3:18 PM Vit Mojzis wrote: > > Restrictive umask may cause creating directories with with unintended > access mode. Reset umask before creating directories to avoid this > issue. > > Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1186422 > > Signed-off-by: Vit Mojzis

Re: [PATCH 3/3] python: remove semicolon from end of lines

On Mon, Aug 20, 2018 at 11:51 PM William Roberts wrote: > > Ack on these as well Thanks, I applied these patches and the previous ones I sent. Nicolas > > On Sun, Aug 19, 2018 at 11:49 AM, Nicolas Iooss wrote: >> >> Python does not need to end a statement with a semic

[PATCH 2/3] Travis-CI: upgrade to Ubuntu 16.04 LTS Xenial Xerus

build matrix is therefore another reason to upgrade .travis.yml to Ubuntu 16.04. As this new template does not support Python 3.4 nor 3.5, and does not support PyPy2.7 yet, drop them from the build matrix. Signed-off-by: Nicolas Iooss --- .travis.yml | 36 +--- 1

[PATCH 3/3] python: remove semicolon from end of lines

Python does not need to end a statement with a semicolon. Doing this gets reported by linters such as flake8 ("E703 statement ends with a semicolon"). Remove such semicolons in the code and enable this warning in scripts/run-flake8. Signed-off-by: Nicolas Iooss --- python/sepolgen/sr

[PATCH 1/3] libselinux: add a const to suppress a build warning with Python 3.7

Wdiscarded-qualifiers] permstr = _PyUnicode_AsString( strObj ); ^ Make permstr "const char *" in order to suppress this warning. Signed-off-by: Nicolas Iooss --- libselinux/src/audit2why.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libselin

Re: [PATCH 2/2] libsemanage: make pywrap-test.py compatible with Python 3

On Sat, Aug 18, 2018 at 8:43 PM William Roberts wrote: > > Im assuming with your attention on the python side of the house we're going > to see a lot of > formatting change patches heading the mailing list. I don't have any problems > with them. > > Are you using some formatter for these, if so

[PATCH 1/2] libsemanage: reindent pywrap-test.py with spaces

Only use spaces to indent Python code. This reduces the number of warnings reported by Python linters. Signed-off-by: Nicolas Iooss --- libsemanage/src/pywrap-test.py | 2301 +--- 1 file changed, 1200 insertions(+), 1101 deletions(-) diff --git a/libsemanage/src

[PATCH 2/2] libsemanage: make pywrap-test.py compatible with Python 3

This program can be useful in order to test the Python API of libsemanage. Make it usable in Python 3 using 2to3 and some tweaks. While at it, fix warnings reported by flake8 linter. Signed-off-by: Nicolas Iooss --- libsemanage/src/pywrap-test.py | 680 ++--- 1 file

Re: [PATCH 1/1] Travis-CI: run flake8 on Python code

15, 2018 at 2:08 PM, Nicolas Iooss wrote: >> >> flake8 is a Python linter which is able to detect issues in Python code >> (syntax errors, undefined variables, etc.). It has been used to find >> bugs in the project. In order to prevent the introduction of new bugs >> wh

[PATCH 1/1] Travis-CI: run flake8 on Python code

ings which are introduced by code generated by SWIG 3.0.12, which would require patches in SWIG in order to be activated (there is right now only one such warning). Signed-off-by: Nicolas Iooss --- .travis.yml| 6 scripts/run-flake8 | 79 ++ 2 fil

Re: [PATCH v2 00/13] Fix some issues found by flake8

On Mon, Aug 13, 2018 at 5:21 PM William Roberts wrote: > On Sun, Aug 12, 2018 at 1:25 PM, Nicolas Iooss wrote: >> >> Here is the second revision of this patchset. The changes were: >> >> * I removed the buggy code instead of commenting it, in python/se

Re: [PATCH] libsemanage: reset umask before creating directories

On Wed, Aug 8, 2018 at 1:51 PM Vit Mojzis wrote: > > Restrictive umask may cause creating directories with with unintended > access mode. Reset umask before creating directories to avoid this > issue. > > Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1186422 Thanks for your patch. I agree

[PATCH v2 10/13] python/sepolicy: fix "procotol" misspelling

procotol -> protocol This issue has been found using flake8. This Python linter reported: python/sepolicy/sepolicy/gui.py:2525:132: F821 undefined name 'procotol' Signed-off-by: Nicolas Iooss --- python/sepolicy/sepolicy/gui.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) d

[PATCH v2 06/13] python/sepolgen: fix refpolicy parsing of "permissive"

p_permissive() uses an undefined variable t, which is buggy. In order to ignore permissive statements, the function only needs to "pass". flake8 reported the following error: python/sepolgen/src/sepolgen/refparser.py:789:5: F821 undefined name 't' Signed-off-by: Nicolas Iooss -

[PATCH v2 00/13] Fix some issues found by flake8

Here is the second revision of this patchset. The changes were: * I removed the buggy code instead of commenting it, in python/sepolgen. * I fixed a typo in the description of a patch. Nicolas Iooss (13): libselinux: fix flake8 warnings in SWIG-generated code python/sepolgen: do not import

[PATCH v2 01/13] libselinux: fix flake8 warnings in SWIG-generated code

indentation is not a multiple of four libselinux/src/selinux.py:130:45: E231 missing whitespace after ',' Signed-off-by: Nicolas Iooss --- libselinux/src/selinuxswig_python.i | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libselinux/src/selinuxswig_python.i b/libselinux

[PATCH v2 04/13] python/sepolicy: drop unused CheckPolicyType

.py:190:27: F821 undefined name 'v' Signed-off-by: Nicolas Iooss --- python/sepolicy/sepolicy.py | 10 -- 1 file changed, 10 deletions(-) diff --git a/python/sepolicy/sepolicy.py b/python/sepolicy/sepolicy.py index 141f64ecd15f..24631b51ee37 100755 --- a/python/sepolicy/sepolicy.py ++

[PATCH v2 13/13] python/sepolicy: do not import types

This module is not used and its name conflicts with variable "types". This issue has been found using flake8. This Python linter reported: python/sepolicy/sepolicy/generate.py:657:5: F811 redefinition of unused 'types' from line 31 Signed-off-by: Nicolas Iooss --- pytho

[PATCH v2 09/13] python/sepolgen: use self when accessing members in FilesystemUse

-off-by: Nicolas Iooss --- python/sepolgen/src/sepolgen/refpolicy.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/python/sepolgen/src/sepolgen/refpolicy.py b/python/sepolgen/src/sepolgen/refpolicy.py index c30a8c70f9ca..e3dd33a21935 100644 --- a/python/sepolgen/src

[PATCH v2 03/13] python/sepolgen: return NotImplemented instead of raising it

has been found using flake8. This Python linter reported: python/sepolgen/src/sepolgen/util.py:128:9: F901 'raise NotImplemented' should be 'raise NotImplementedError' Signed-off-by: Nicolas Iooss --- python/sepolgen/src/sepolgen/util.py | 2 +- 1 file changed, 1 insertion(+), 1 del

[PATCH v2 12/13] python/sepolicy: do not import sepolicy.generate.DAEMON twice

This issue has been found using flake8. This Python linter reported: python/sepolicy/sepolicy.py:582:5: F811 redefinition of unused 'DAEMON' from line 582 Signed-off-by: Nicolas Iooss --- python/sepolicy/sepolicy.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git

[PATCH v2 07/13] python/sepolgen: silence linter warning about has_key

quot;# noqa". Signed-off-by: Nicolas Iooss --- python/sepolgen/src/sepolgen/refparser.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/sepolgen/src/sepolgen/refparser.py b/python/sepolgen/src/sepolgen/refparser.py index 3415aff9b48f..97e2342c4693 100644 ---

[PATCH v2 05/13] python/sepolicy: use lowercase variable name

SELinuxGui.files_initial_data_insert() uses both "seLinux_label" and "selinux_label", which leads to using an undefined variable, as reported by flake8: python/sepolicy/sepolicy/gui.py:1191:42: F821 undefined name 'selinux_label' Signed-off-by: Nicolas Iooss --- pyth

[PATCH v2 08/13] python/sepolgen: remove buggy code

hon linter reported: python/sepolgen/src/sepolgen/interfaces.py:158:37: F821 undefined name 'PERM' While at it, fix a typo in a comment. Signed-off-by: Nicolas Iooss --- python/sepolgen/src/sepolgen/interfaces.py | 7 +-- 1 file changed, 1 insertion(+), 6 deletions(-) diff --gi

[PATCH v2 11/13] python/sepolicy: use variables which exist in the gui.py

'oldsetype' python/sepolicy/sepolicy/gui.py:2020:122: F821 undefined name 'oldmls' python/sepolicy/sepolicy/gui.py:2020:142: F821 undefined name 'oldclass' python/sepolicy/sepolicy/gui.py:2050:133: F821 undefined name 'oldmls' Signed-off-by: Nicolas Iooss --- python/sepolicy/sepolicy

[PATCH 1/1] python/sepolicy: add missing % in network tab help text

Signed-off-by: Nicolas Iooss --- python/sepolicy/sepolicy/help/ports_inbound.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/sepolicy/sepolicy/help/ports_inbound.txt b/python/sepolicy/sepolicy/help/ports_inbound.txt index 1325abfeef1b..be16034462b2 100644

Re: [PATCH 00/13] Fix some issues found by flake8

On Mon, Aug 6, 2018 at 5:05 PM, William Roberts wrote: > > On Sat, Aug 4, 2018 at 12:47 PM, Nicolas Iooss > wrote: >> >> Hi, >> >> I have been working on a script which uses flake8 to discover issues in >> Python code. This led me to discover several iss

Re: [PATCH 1/1] python/semanage: fix Python syntax of catching several exceptions

On Sat, Aug 4, 2018 at 2:16 PM, Nicolas Iooss wrote: > On Sat, Aug 4, 2018 at 11:34 AM, Jason Zaman wrote: >> On Sat, Aug 04, 2018 at 11:11:47AM +0200, Nicolas Iooss wrote: >>> "except OSError, ImportError:" does not perform what it says: it is the >>>

[PATCH 12/13] python/sepolicy: do not import sepolicy.generate.DAEMON twice

This issue has been found using flake8. This Python linter reported: python/sepolicy/sepolicy.py:582:5: F811 redefinition of unused 'DAEMON' from line 582 Signed-off-by: Nicolas Iooss --- python/sepolicy/sepolicy.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git

[PATCH 04/13] python/sepolicy: drop unused CheckPolicyType

.py:190:27: F821 undefined name 'v' Signed-off-by: Nicolas Iooss --- python/sepolicy/sepolicy.py | 10 -- 1 file changed, 10 deletions(-) diff --git a/python/sepolicy/sepolicy.py b/python/sepolicy/sepolicy.py index 141f64ecd15f..24631b51ee37 100755 --- a/python/sepolicy/sepolicy.py ++

[PATCH 08/13] python/sepolgen: comment buggy code

hon linter reported: python/sepolgen/src/sepolgen/interfaces.py:158:37: F821 undefined name 'PERM' While at it, fix a typo in a comment. Signed-off-by: Nicolas Iooss --- python/sepolgen/src/sepolgen/interfaces.py | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --gi

[PATCH 13/13] python/sepolicy: do not import types

This module is not used and its name conflicts with variable "types". This issue has been found using flake8. This Python linter reported: python/sepolicy/sepolicy/generate.py:657:5: F811 redefinition of unused 'types' from line 31 Signed-off-by: Nicolas Iooss --- pytho

[PATCH 11/13] python/sepolicy: use variables which exists in the gui.py

'oldsetype' python/sepolicy/sepolicy/gui.py:2020:122: F821 undefined name 'oldmls' python/sepolicy/sepolicy/gui.py:2020:142: F821 undefined name 'oldclass' python/sepolicy/sepolicy/gui.py:2050:133: F821 undefined name 'oldmls' Signed-off-by: Nicolas Iooss --- python/sepolicy/sepolicy

[PATCH 05/13] python/sepolicy: use lowercase variable name

SELinuxGui.files_initial_data_insert() uses both "seLinux_label" and "selinux_label", which leads to using an undefined variable, as reported by flake8: python/sepolicy/sepolicy/gui.py:1191:42: F821 undefined name 'selinux_label' Signed-off-by: Nicolas Iooss --- pyth

[PATCH 02/13] python/sepolgen: do not import twice the modules

util.py starts by importing "locale" and "sys", so there is no need to import these modules again in the functions. Signed-off-by: Nicolas Iooss --- python/sepolgen/src/sepolgen/util.py | 4 1 file changed, 4 deletions(-) diff --git a/python/sepolgen/src/sepolg

[PATCH 06/13] python/sepolgen: fix refpolicy parsing of "permissive"

p_permissive() uses an undefined variable t, which is buggy. In order to ignore permissive statements, the function only needs to "pass". flake8 reported the following error: python/sepolgen/src/sepolgen/refparser.py:789:5: F821 undefined name 't' Signed-off-by: Nicolas Iooss -

[PATCH 09/13] python/sepolgen: use self when accessing members in FilesystemUse

-off-by: Nicolas Iooss --- python/sepolgen/src/sepolgen/refpolicy.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/python/sepolgen/src/sepolgen/refpolicy.py b/python/sepolgen/src/sepolgen/refpolicy.py index c30a8c70f9ca..e3dd33a21935 100644 --- a/python/sepolgen/src

[PATCH 10/13] python/sepolicy: fix "procotol" misspelling

procotol -> protocol This issue has been found using flake8. This Python linter reported: python/sepolicy/sepolicy/gui.py:2525:132: F821 undefined name 'procotol' Signed-off-by: Nicolas Iooss --- python/sepolicy/sepolicy/gui.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) d

[PATCH 01/13] libselinux: fix flake8 warnings in SWIG-generated code

indentation is not a multiple of four libselinux/src/selinux.py:130:45: E231 missing whitespace after ',' Signed-off-by: Nicolas Iooss --- libselinux/src/selinuxswig_python.i | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libselinux/src/selinuxswig_python.i b/libselinux

[PATCH 03/13] python/sepolgen: return NotImplemented instead of raising it

has been found using flake8. This Python linter reported: python/sepolgen/src/sepolgen/util.py:128:9: F901 'raise NotImplemented' should be 'raise NotImplementedError' Signed-off-by: Nicolas Iooss --- python/sepolgen/src/sepolgen/util.py | 2 +- 1 file changed, 1 insertion(+), 1 del

[PATCH 00/13] Fix some issues found by flake8

t;git format-patch --cover": Nicolas Iooss (13): libselinux: fix flake8 warnings in SWIG-generated code python/sepolgen: do not import twice the modules python/sepolgen: return NotImplemented instead of raising it python/sepolicy: drop unused CheckPolicyType python/sepolicy: use

[PATCH 07/13] python/sepolgen: silence linter warning about has_key

quot;# noqa". Signed-off-by: Nicolas Iooss --- python/sepolgen/src/sepolgen/refparser.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/sepolgen/src/sepolgen/refparser.py b/python/sepolgen/src/sepolgen/refparser.py index 3415aff9b48f..97e2342c4693 100644 ---

Re: [PATCH 1/1] python/semanage: fix Python syntax of catching several exceptions

On Sat, Aug 4, 2018 at 11:34 AM, Jason Zaman wrote: > On Sat, Aug 04, 2018 at 11:11:47AM +0200, Nicolas Iooss wrote: >> "except OSError, ImportError:" does not perform what it says: it is the >> Python 2 syntax of catching OSError exceptions as "ImportErro

[PATCH 1/1] python/semanage: fix Python syntax of catching several exceptions

143 except OSError, ImportError: ^ SyntaxError: invalid syntax The correct syntax consists in using parentheses. Signed-off-by: Nicolas Iooss --- For the record, I found this while playing with flake8 Python's linter. I am currently working on upstreaming a scri

Re: [refpolicy] ANN: SETools 4.2.0-beta

On Wed, Jul 11, 2018 at 2:36 AM, Chris PeBenito via refpolicy wrote: > > An SETools 4.2.0-beta release is now available: > > https://github.com/SELinuxProject/setools/releases/tag/4.2.0-beta > > Changes since v4.1.1: > > * Replaced the Python/SWIG/static-linked-libsepol policyrep module with > a

Re: libsemanage getpwent and nss-systemd incompability

7/18 à 17:58, Stephen Smalley a écrit : >>>>> >>>>> On 07/10/2018 11:40 AM, Stephen Smalley wrote: >>>>>> >>>>>> On 07/09/2018 04:20 PM, Nicolas Iooss wrote: >>>>>>> >>>>>>> Hello, >>>

libsemanage getpwent and nss-systemd incompability

Hello, While testing a systemd update on Arch Linux, I encountered the following message (in a Vagrant virtual machine): # semanage fcontext -m -s sysadm_u -t user_home_t '/vagrant(/.*)?' libsemanage.get_home_dirs: Error while fetching users. Returning list so far. A quick debugging of

Re: [PATCH 1/1] mcstrans: fix memory leaks reported by clang's static analyzer

On Tue, Jul 3, 2018 at 12:49 AM, William Roberts wrote: > On Mon, Jul 2, 2018 at 11:38 AM, Nicolas Iooss wrote: >> On Sun, Jul 1, 2018 at 10:51 PM, William Roberts >> wrote: >>> I see lots of repeating blocks, would it make more sense to goto an >>> error l

Re: [PATCH] Fix minor typos

On Sat, Jun 30, 2018 at 1:22 PM, Yuri Chornoivan wrote: > субота, 30 червня 2018 р. 12:55:42 EEST ви написали: >> On Sat, Jun 30, 2018 at 10:46 AM, Yuri Chornoivan wrote: >> > Hi, >> > >> > Attached is a minor fix for the typos in selinux's git/master. Many thanks >> > for fixing them. >> > >> >

Re: [PATCH 1/1] mcstrans: fix memory leaks reported by clang's static analyzer

On Sun, Jul 1, 2018 at 10:51 PM, William Roberts wrote: > I see lots of repeating blocks, would it make more sense to goto an > error label and free them then return -1? Both trans_context() and untrans_context() currently define "char *ltrans = NULL, *utrans = NULL;" and "char *lrange = NULL,

[PATCH 1/1] restorecond: close the PID file if writing to it failed

write_pid_file() leaks a file descriptor to /var/run/restorecond.pid if it fails to write the PID to it. Close the file before returning. Signed-off-by: Nicolas Iooss --- restorecond/restorecond.c | 1 + 1 file changed, 1 insertion(+) diff --git a/restorecond/restorecond.c b/restorecond

[PATCH 1/1] Travis-CI: use new location of refpolicy repository

refpolicy moved from github.com/TresysTechnology to github.com/SELinuxProject. It is still used in sepolgen tests (they build modules using Makefile.devel and build.conf) so update the location of the repository. Signed-off-by: Nicolas Iooss --- .travis.yml | 4 ++-- 1 file changed, 2

[PATCH 1/1] mcstrans: fix memory leaks reported by clang's static analyzer

There are many memory leaks in mcstrans. Clean them up in order to reduce the noise in clang's static analyzer report. Some are remaining, because they are more complex to fix. Signed-off-by: Nicolas Iooss --- mcstrans/src/mcstrans.c | 68 + 1 file

Re: [PATCH] Fix minor typos

On Sat, Jun 30, 2018 at 10:46 AM, Yuri Chornoivan wrote: > Hi, > > Attached is a minor fix for the typos in selinux's git/master. Many thanks for > fixing them. > > The patch is also available here: > > https://github.com/fedora-selinux/selinux/pull/52/commits/ >

Re: [PATCH V2 3/3] python: add xperms support to audit2allow

2018-06-12 11:06 GMT+02:00 Jan Zarsky : > Add support for extended permissions to audit2allow. Extend AuditParser > to parse the 'ioctlcmd' field in AVC message. Extend PolicyGenerator to > generate allowxperm rules. Add the '-x'/'--xperms' option to audit2allow > to turn on generating of extended

[PATCH 1/1] scripts: add a helper script to run clang's static analyzer

quot;make test" in order to install the dependencies needed for the tests, and running these tests with the newly-built libraries requires a specific LD_LIBRARY_PATH. This new script takes care of setting up everything which is needed. Signed-off-by: Nicolas Iooss --- scripts/.gitignore

[PATCH 3/3] libsepol/cil: use a colon instead of a semicolon to report rc

Signed-off-by: Nicolas Iooss --- libsepol/cil/src/cil_resolve_ast.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c index 02259241ddfe..fb9d91745629 100644 --- a/libsepol/cil/src/cil_resolve_ast.c +++ b

[PATCH 2/3] libsepol/tests: fix use of unitialized variable

When write_binary_policy() fails to open the binary policy, it calls sepol_handle_destroy(f.handle) but structure f has not been initialized at this point. Use variable handle instead. This issue has been found using clang's static analyzer. Signed-off-by: Nicolas Iooss --- libsepol/tests/test

[PATCH 1/3] libsepol/tests: read_binary_policy() does not use f.handle

f.handle is never set in read_binary_policy() so there is no need to call sepol_handle_destroy() on it. Moreover clang's static analyzer warns about an uninitialized argument value in the first call. Signed-off-by: Nicolas Iooss --- libsepol/tests/test-downgrade.c | 2 -- 1 file changed, 2

Re: [PATCH 3/3] python: add xperms support to audit2allow

2018-06-05 16:34 GMT+02:00 Jan Zarsky : > Add support for extended permissions to audit2allow. Extend AuditParser > to parse the 'ioctlcmd' field in AVC message. Extend PolicyGenerator to > generate allowxperm rules. Add the '-x'/'--xperms' option to audit2allow > to turn on generating of extended

[PATCH 3/4] policycoreutils/secon: free scon_trans before returning

disp_con() leaks scon_trans if it returns early. Signed-off-by: Nicolas Iooss --- policycoreutils/secon/secon.c | 1 + 1 file changed, 1 insertion(+) diff --git a/policycoreutils/secon/secon.c b/policycoreutils/secon/secon.c index 6078139422ab..477057a6896b 100644 --- a/policycoreutils/secon

[PATCH 1/4] python/sepolgen: fix typo in PathChoooser name

Signed-off-by: Nicolas Iooss --- python/sepolgen/src/sepolgen/defaults.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/python/sepolgen/src/sepolgen/defaults.py b/python/sepolgen/src/sepolgen/defaults.py index 9591063989ad..199acfafe4cf 100644 --- a/python/sepolgen

[PATCH 2/4] policycoreutils/secon: fix typo in comment

Signed-off-by: Nicolas Iooss --- policycoreutils/secon/secon.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/policycoreutils/secon/secon.c b/policycoreutils/secon/secon.c index c29d9fb67fa5..6078139422ab 100644 --- a/policycoreutils/secon/secon.c +++ b/policycoreutils/secon

[PATCH 4/4] policycoreutils/hll/pp: remove unused variable

pp's main() never set outfd to anything else than -1 so there is no point in closing it. Signed-off-by: Nicolas Iooss --- policycoreutils/hll/pp/pp.c | 7 --- 1 file changed, 7 deletions(-) diff --git a/policycoreutils/hll/pp/pp.c b/policycoreutils/hll/pp/pp.c index b97a9b34816a

Re: [PATCH] restorecond: Fix consistancy of DESTDIR usage

On Thu, May 31, 2018 at 5:34 PM, Nicolas Iooss wrote: > On Thu, May 31, 2018 at 3:18 PM, Laurent Bigonville wrote: >> From: Laurent Bigonville >> >> --- >> restorecond/Makefile | 14 +++--- >> 1 file changed, 7 insertions(+), 7 deletions(-) >>

Re: [PATCH] restorecond: Fix consistancy of DESTDIR usage

On Thu, May 31, 2018 at 3:18 PM, Laurent Bigonville wrote: > From: Laurent Bigonville > > --- > restorecond/Makefile | 14 +++--- > 1 file changed, 7 insertions(+), 7 deletions(-) > > diff --git a/restorecond/Makefile b/restorecond/Makefile > index 25be18d4..8a0ada1f 100644 > ---

Re: [PATCH 2/3] libselinux: Fix line wrapping in selabel_file.5

On Mon, May 28, 2018 at 11:46 PM, Laurent Bigonville wrote: > From: Laurent Bigonville > > Fix line wrapping with limited to 80 columns > > Fix lintian error: > W: selinux-utils: manpage-has-errors-from-man > usr/share/man/man5/selabel_file.5.gz 104: warning [p 2, 10.0i]: cannot adjust > line

Re: [PATCH] secilc: Make the clean target call the clean target of docs/

On Mon, May 28, 2018 at 4:30 PM, Laurent Bigonville wrote: > From: Laurent Bigonville > > Thanks to Russell Coker > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=899083 > > Signed-off-by: Laurent Bigonville > --- > secilc/Makefile | 1 + > 1 file changed, 1 insertion(+) > > diff --git

Re: [PATCH] restorecond: Fix consistancy of DESTDIR usage

On Tue, May 29, 2018 at 9:29 AM, Laurent Bigonville wrote: > From: Laurent Bigonville > > --- > restorecond/Makefile | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/restorecond/Makefile b/restorecond/Makefile > index 25be18d4..fed65bba 100644 > ---

Re: [PATCH 0/7] Fix some issues spotted by static analyzers

On Mon, May 28, 2018 at 6:42 AM, Jason Zaman wrote: > On Sat, May 26, 2018 at 08:42:06PM +0200, Nicolas Iooss wrote: >> Hi, >> As you may have noticed, I have been using clang's static analyzer for >> a few months and submitted fixes for bugs that it found. There are also

[PATCH 0/7] Fix some issues spotted by static analyzers

bugs (like a missing call to va_end(), in the last patch). This explains why there are other files which are modified. Here is the git shortlog: Nicolas Iooss (7): libsepol: cil: silence clang analyzer false positive libsepol: do not leak memory if list_prepend fails libsepol: remove some dead a

[PATCH 3/7] libsepol: remove some dead assignments

clang's static analyzer warns about dead assignments to local variables. In module_to_cil.c, there are some which are quite straightforward to review. Remove them. Signed-off-by: Nicolas Iooss <nicolas.io...@m4x.org> --- libsepol/src/module_to_cil.c | 4 1 file changed, 4 deletions(-)

[PATCH 4/7] libsepol: do not call malloc with 0 byte

clang's static analyzer reports that ebitmap_to_names() can call malloc(0) when the bitmap is empty. If malloc() returns NULL, this triggers a misleading "Out of memory" error. Work around this by treating empty bitmaps as appropriate. Signed-off-by: Nicolas Iooss <nicolas.

[PATCH 2/7] libsepol: do not leak memory if list_prepend fails

understanding why typealiases_gather_map() does not need to strdup(key) or free(key) when calling list_prepend(..., key) even though "key" comes from pdb->p_types.table: because typealias_list_destroy() does not free the inserted items. Add a comment to make this clearer in the code. Signed-of

[PATCH 7/7] libsepol: destroy the copied va_list

va_copy()'s manpage [1] states: Each invocation of va_copy() must be matched by a corresponding invocation of va_end() in the same function. create_str_helper() is using va_copy() without va_end(). Add the missing call. [1] https://linux.die.net/man/3/va_copy Signed-off-by: Nicolas

[PATCH 5/7] libsepol: remove unused variable

es (.pp) to CIL"). Signed-off-by: Nicolas Iooss <nicolas.io...@m4x.org> --- libsepol/src/module_to_cil.c | 4 1 file changed, 4 deletions(-) diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c index 56887366707a..dcf6ebb10b60 100644 --- a/libsepol/src/module_t

[PATCH 6/7] checkpolicy: destroy the class datum if it fails to initialize

require_class() allocate memory for its variable "class_datum_t *datum" and calls symtab_init(>permissions, PERM_SYMTAB_SIZE). If this second call fails, datum is not freed. Fix this memory leak. Signed-off-by: Nicolas Iooss <nicolas.io...@m4x.org> --- checkpolicy/module_

[PATCH 1/7] libsepol: cil: silence clang analyzer false positive

In cil_tree_print_expr(), "rc < 0" is equivalent to "rc != 0" but clang's static analyzer does not know about this. Help it. Signed-off-by: Nicolas Iooss <nicolas.io...@m4x.org> --- libsepol/cil/src/cil_tree.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

Re: [PATCH] travis.yml: add ruby 2.5 to the test matrix

sion, which is why I do not upstream these modifications). For the record, clang did not like the "__error__" attribute used by some Ruby headers (cf. https://travis-ci.org/fishilico/selinux/builds/381760812) and this is not an issue related to the project. Acked-by: Nicolas Iooss <nicolas.io...@m4x.org> Thanks, Nicolas

Re: Packaging policycoreutils for OpenSUSE

On Mon, May 14, 2018 at 4:19 PM, Jason Zaman <ja...@perfinion.com> wrote: > On Mon, May 14, 2018 at 09:30:41AM -0400, Stephen Smalley wrote: >> On 05/13/2018 07:43 AM, Nicolas Iooss wrote: >> > On Sat, May 12, 2018 at 2:53 PM, Matěj Cepl <mc...@cepl.eu> wrote: >&

Re: SELinux musl support

On Thu, May 17, 2018 at 7:11 AM, Jason Zaman wrote: > This series fixes compiling and running on musl libc. > > patches 1-2 are fairly trivial. > > patches 3-4 are a feature change on that platform since it does not > support GLOB_TILDE and GLOB_BRACE. tilde is coming in musl

Re: Packaging policycoreutils for OpenSUSE

On Sat, May 12, 2018 at 2:53 PM, Matěj Cepl wrote: > Hi, > > I am changing jobs (Red Hat -> SUSE; R, but not a security > related job), and although I will be switching my workstation to > OpenSUSE, I would love to keep SELinux working. Which meant I had > to dig into the current

Re: ANN: SELinux userspace 2.8-rc1 release candidate

On Thu, Apr 19, 2018 at 5:07 PM, Stephen Smalley wrote: > A 2.8-rc1 release candidate for the SELinux userspace is now available at: > https://github.com/SELinuxProject/selinux/wiki/Releases > > Please give it a test and let us know if there are any issues. > > If there are

[PATCH 1/1] libsemanage: always check append_arg return value

= append_arg(, _args, arg); ^~ semanage_store.c:1368:3: warning: Value stored to 'rc' is never read rc = append_arg(, _args, arg); ^~ Signed-off-by: Nicolas Iooss <nicolas.io...@m4x.

[PATCH 1/2] sestatus: resolve symlinks in path when looking for a process

; show the expected result: Process contexts: Current context:sysadm_u:sysadm_r:sysadm_t Init context: system_u:system_r:init_t /sbin/agettysystem_u:system_r:getty_t /usr/sbin/sshd system_u:system_r:sshd_t Sig

[PATCH 2/2] sestatus: free process and file contexts which are checked

clang's static analyzer reports a potential memory leak because the buffers allocated in pc and fc are not freed in main(), in sestatus.c. Free these buffers properly. Signed-off-by: Nicolas Iooss <nicolas.io...@m4x.org> --- policycoreutils/sestatus/sestatus.c | 2 ++ 1 file chan

Re: [PATCH 5/5] libselinux: remove unused variable usercon

On Sat, Apr 14, 2018 at 2:40 AM, William Roberts wrote: > In general this series looks fine. > > However, checkpatch.pl is complaining about DOS line endings in your patches: > > For example: > ERROR: DOS line endings > #325: FILE: libselinux/src/label_file.h:281: >

[PATCH 2/5] libsepol: ensure the level context is not empty

ollowing message: genusers.c:222:11: warning: Use of zero-allocated memory *r++ = *s; ^ genusers.c:225:7: warning: Use of zero-allocated memory *r = 0;

[PATCH 1/5] libsepol: do not dereference NULL if stack_init fails

uot; block. This issue is reported by clang's static analyzer with the following message: module_to_cil.c:463:6: warning: Access to field 'pos' results in a dereference of a null pointer (loaded from variable 'stack') if (stack->pos == -1) { ^~~~~~ Signed-off-by:

[PATCH 4/5] libselinux: fix memory leak in getconlist

In getconlist.c's main(), "level" is duplicated from an optional argument without being ever freed. clang's static analyzer warns about this memory leak. Free the allocated memory properly in order to remove a warning reported by clang's static analyzer. Signed-off-by: Nicolas Iooss &

  1   2   3   4   >