Merge20251007 #495
Closed
Merge20251007 #495
+130
−47
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some errors previously were not using gettext for translations, hence wrap them with the _ macro. Signed-off-by: Rahul Sandhu <[email protected]> Acked-by: Stephen Smalley <[email protected]>
Invert the checks for fp and con. Signed-off-by: Rahul Sandhu <[email protected]> Acked-by: Stephen Smalley <[email protected]>
On macOS (Darwin), shared libraries have the extension .dylib and the soversion is between the basename and the extension, e.g. libfoo.1.2.3.dylib, which differs from the usual libfoo.so.1.2.3 scheme in Linux. This change sets the TARGET and LIBSO variables appropriately in the Makefile for libsepol when building on macOS. Signed-off-by: Caleb Xu <[email protected]> Acked-by: Stephen Smalley <[email protected]>
atoi (3) is... bugprone. It's virtually impossible to differentiate an invalid value (e.g. the string "foo") from a valid value such as "0" as 0 is returned on error! From the manual page: > except that atoi() does not detect errors. > RETURN VALUE > The converted value or 0 on error. In the case of get_home_dirs, atoi is downright wrong. We are parsing UID_MIN, UID_MAX, and LU_UIDNUMBER, which all have a numerical value, without any validation that what we are parsing is actually a number. This is especially problematic as that means that in the case of an invalid value (e.g. UID_MIN=foo), UID_MIN is incorrectly parsed as 0. Instead, use strtoul (3) to parse these values. If parsing fails, such as in the case where UID_MIN=foo, warn that parsing failed, and use the default values for each key as specified by the manual page. Signed-off-by: Rahul Sandhu <[email protected]> Acked-by: Stephen Smalley <[email protected]>
Currently, removal of boolean local customizations leaves their current (active) value untouched. After the removal is complete, semanage_bool_query will return the default value. But it needs to be called in a separate transaction. This makes the fix a bit awkward, but I have not found a way to query the default value before the first transation is committed. Fixes: # getsebool smbd_anon_write smbd_anon_write --> off # semanage boolean -m1 smbd_anon_write # semanage boolean -D # getsebool smbd_anon_write smbd_anon_write --> on # manage boolean -l isemanage boolean --list | grep smbd_anon_write smbd_anon_write (on , off) Allow smbd to anon write Signed-off-by: Vit Mojzis <[email protected]> Acked-by: Stephen Smalley <[email protected]>
The context_*_range () family of functions return less than zero on failure[1][2]. [1] https://github.com/SELinuxProject/selinux/blob/main/libselinux/src/context.c#L184 [2] https://github.com/SELinuxProject/selinux/blob/main/libselinux/src/context.c#L190 Signed-off-by: Rahul Sandhu <[email protected]> Acked-by: Stephen Smalley <[email protected]>
Member
Author
|
Pull request only for triggering CI tests, will merge manually. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Please read CONTRIBUTING.md
Contributing Code
Post the patch for the review to the
SELinux mailing list at
[email protected].
When preparing patches, please follow these guidelines:
code meets the Developer's certificate of origin, see below.