int matchpathcon_main(int argc, char **argv) { int error = 0; unsigned opts; char *fcontext, *prefix, *path; opt_complementary = "-1" /* at least one param reqd */ ":?:f--p:p--f"; /* mutually exclusive */ opts = getopt32(argc, argv, "nNf:p:V", &fcontext, &prefix); argv += optind; if (opts & OPT_NOT_TRANS) { set_matchpathcon_flags(MATCHPATHCON_NOTRANS); } if (opts & OPT_FCONTEXT) { if (matchpathcon_init(fcontext)) bb_perror_msg_and_die("error while processing %s", fcontext); } if (opts & OPT_PREFIX) { if (matchpathcon_init_prefix(NULL, prefix)) bb_perror_msg_and_die("error while processing %s", prefix); } while ((path = *argv++) != NULL) { security_context_t con; int rc; if (!(opts & OPT_VERIFY)) { error += print_matchpathcon(path, opts & OPT_NOT_PRINT); continue; } if (selinux_file_context_verify(path, 0)) { printf("%s verified\n", path); continue; } if (opts & OPT_NOT_TRANS) rc = lgetfilecon_raw(path, &con); else rc = lgetfilecon(path, &con); if (rc >= 0) { printf("%s has context %s, should be ", path, con); error += print_matchpathcon(path, 1); freecon(con); continue; } printf("actual context unknown: %s, should be ", strerror(errno)); error += print_matchpathcon(path, 1); } matchpathcon_fini(); return error; }
static void rpmsxFini(void * _sx) /*@globals fileSystem @*/ /*@modifies *_sx, fileSystem @*/ { rpmsx sx = _sx; #if defined(WITH_SELINUX) if (sx->fn) matchpathcon_fini(); #endif sx->flags = 0; sx->fn = _free(sx->fn); }
static void set_default_file_context(const gchar *path, const gchar *target) { #ifdef HAVE_SELINUX security_context_t con; if (!is_selinux_enabled()) return; if (matchpathcon_init_prefix(NULL, target)) return; if (!matchpathcon(LOCALTIME_PATH, 0, &con)) { lsetfilecon(path, con); freecon(con); } matchpathcon_fini(); #endif }
int main(int argc, char **argv) { int i, init = 0, force_mode = 0; int header = 1, opt; int verify = 0; int notrans = 0; int error = 0; int quiet = 0; if (argc < 2) usage(argv[0]); while ((opt = getopt(argc, argv, "m:Nnf:P:p:Vq")) > 0) { switch (opt) { case 'n': header = 0; break; case 'm': force_mode = string_to_mode(optarg); if (force_mode < 0) { fprintf(stderr, "%s: mode %s is invalid\n", argv[0], optarg); exit(1); } break; case 'V': verify = 1; break; case 'N': notrans = 1; set_matchpathcon_flags(MATCHPATHCON_NOTRANS); break; case 'f': if (init) { fprintf(stderr, "%s: -f and -p are exclusive\n", argv[0]); exit(1); } init = 1; if (matchpathcon_init(optarg)) { fprintf(stderr, "Error while processing %s: %s\n", optarg, errno ? strerror(errno) : "invalid"); exit(1); } break; case 'P': if (selinux_set_policy_root(optarg) < 0 ) { fprintf(stderr, "Error setting policy root %s: %s\n", optarg, errno ? strerror(errno) : "invalid"); exit(1); } break; case 'p': if (init) { fprintf(stderr, "%s: -f and -p are exclusive\n", argv[0]); exit(1); } init = 1; if (matchpathcon_init_prefix(NULL, optarg)) { fprintf(stderr, "Error while processing %s: %s\n", optarg, errno ? strerror(errno) : "invalid"); exit(1); } break; case 'q': quiet = 1; break; default: usage(argv[0]); } } for (i = optind; i < argc; i++) { int rc, mode = 0; struct stat buf; char *path = argv[i]; int len = strlen(path); if (len > 1 && path[len - 1 ] == '/') path[len - 1 ] = '\0'; if (lstat(path, &buf) == 0) mode = buf.st_mode; if (force_mode) mode = force_mode; if (verify) { rc = selinux_file_context_verify(path, mode); if (quiet) { if (rc == 1) continue; else exit(1); } if (rc == -1) { printf("%s error: %s\n", path, strerror(errno)); exit(1); } else if (rc == 1) { printf("%s verified.\n", path); } else { char * con; error = 1; if (notrans) rc = lgetfilecon_raw(path, &con); else rc = lgetfilecon(path, &con); if (rc >= 0) { printf("%s has context %s, should be ", path, con); printmatchpathcon(path, 0, mode); freecon(con); } else { printf ("actual context unknown: %s, should be ", strerror(errno)); printmatchpathcon(path, 0, mode); } } } else { error |= printmatchpathcon(path, header, mode); } } matchpathcon_fini(); return error; }
static gboolean plugin_set_hostname (SCPluginIfcfg *plugin, const char *hostname) { SCPluginIfcfgPrivate *priv = SC_PLUGIN_IFCFG_GET_PRIVATE (plugin); shvarFile *network; char *hostname_eol; gboolean ret; #if HAVE_SELINUX security_context_t se_ctx_prev = NULL, se_ctx = NULL; struct stat file_stat = { .st_mode = 0 }; mode_t st_mode = 0; /* Get default context for HOSTNAME_FILE and set it for fscreate */ if (stat (HOSTNAME_FILE, &file_stat) == 0) st_mode = file_stat.st_mode; matchpathcon (HOSTNAME_FILE, st_mode, &se_ctx); matchpathcon_fini (); getfscreatecon (&se_ctx_prev); setfscreatecon (se_ctx); #endif hostname_eol = g_strdup_printf ("%s\n", hostname); ret = g_file_set_contents (HOSTNAME_FILE, hostname_eol, -1, NULL); #if HAVE_SELINUX /* Restore previous context and cleanup */ setfscreatecon (se_ctx_prev); freecon (se_ctx); freecon (se_ctx_prev); #endif if (!ret) { _LOGW ("Could not save hostname: failed to create/open " HOSTNAME_FILE); g_free (hostname_eol); return FALSE; } g_free (priv->hostname); priv->hostname = g_strdup (hostname); g_free (hostname_eol); /* Remove "HOSTNAME" from SC_NETWORK_FILE, if present */ network = svOpenFile (SC_NETWORK_FILE, NULL); if (network) { svSetValue (network, "HOSTNAME", NULL, FALSE); svWriteFile (network, 0644, NULL); svCloseFile (network); } return TRUE; } static void hostname_maybe_changed (SCPluginIfcfg *plugin) { SCPluginIfcfgPrivate *priv = SC_PLUGIN_IFCFG_GET_PRIVATE (plugin); char *new_hostname; new_hostname = plugin_get_hostname (plugin); if ( (new_hostname && !priv->hostname) || (!new_hostname && priv->hostname) || (priv->hostname && new_hostname && strcmp (priv->hostname, new_hostname))) { g_free (priv->hostname); priv->hostname = new_hostname; g_object_notify (G_OBJECT (plugin), NM_SYSTEM_CONFIG_INTERFACE_HOSTNAME); } else g_free (new_hostname); }
int rpmtsRun(rpmts ts, rpmps okProbs, rpmprobFilterFlags ignoreSet) { rpm_color_t tscolor = rpmtsColor(ts); int i; int rc = 0; int totalFileCount = 0; rpmfi fi; fingerPrintCache fpc; rpmps ps; rpmtsi pi; rpmte p; int numAdded; int numRemoved; void * lock = NULL; int xx; /* XXX programmer error segfault avoidance. */ if (rpmtsNElements(ts) <= 0) return -1; /* If we are in test mode, then there's no need for transaction lock. */ if (!(rpmtsFlags(ts) & RPMTRANS_FLAG_TEST)) { lock = rpmtsAcquireLock(ts); if (lock == NULL) return -1; /* XXX W2DO? */ } if (rpmtsFlags(ts) & RPMTRANS_FLAG_NOSCRIPTS) (void) rpmtsSetFlags(ts, (rpmtsFlags(ts) | _noTransScripts | _noTransTriggers)); if (rpmtsFlags(ts) & RPMTRANS_FLAG_NOTRIGGERS) (void) rpmtsSetFlags(ts, (rpmtsFlags(ts) | _noTransTriggers)); if (rpmtsFlags(ts) & RPMTRANS_FLAG_JUSTDB) (void) rpmtsSetFlags(ts, (rpmtsFlags(ts) | _noTransScripts | _noTransTriggers)); /* if SELinux isn't enabled or init fails, don't bother... */ if (!rpmtsSELinuxEnabled(ts)) { rpmtsSetFlags(ts, (rpmtsFlags(ts) | RPMTRANS_FLAG_NOCONTEXTS)); } if (!(rpmtsFlags(ts) & RPMTRANS_FLAG_NOCONTEXTS)) { char *fn = rpmGetPath("%{?_install_file_context_path}", NULL); if (matchpathcon_init(fn) == -1) { rpmtsSetFlags(ts, (rpmtsFlags(ts) | RPMTRANS_FLAG_NOCONTEXTS)); } free(fn); } ts->probs = rpmpsFree(ts->probs); ts->probs = rpmpsCreate(); /* XXX Make sure the database is open RDWR for package install/erase. */ { int dbmode = (rpmtsFlags(ts) & RPMTRANS_FLAG_TEST) ? O_RDONLY : (O_RDWR|O_CREAT); /* Open database RDWR for installing packages. */ if (rpmtsOpenDB(ts, dbmode)) { rpmtsFreeLock(lock); return -1; /* XXX W2DO? */ } } ts->ignoreSet = ignoreSet; { char * currDir = rpmGetCwd(); rpmtsSetCurrDir(ts, currDir); currDir = _free(currDir); } (void) rpmtsSetChrootDone(ts, 0); { rpm_tid_t tid = (rpm_tid_t) time(NULL); (void) rpmtsSetTid(ts, tid); } /* Get available space on mounted file systems. */ xx = rpmtsInitDSI(ts); /* =============================================== * For packages being installed: * - verify package arch/os. * - verify package epoch:version-release is newer. * - count files. * For packages being removed: * - count files. */ rpmlog(RPMLOG_DEBUG, "sanity checking %d elements\n", rpmtsNElements(ts)); ps = rpmtsProblems(ts); /* The ordering doesn't matter here */ pi = rpmtsiInit(ts); /* XXX Only added packages need be checked. */ while ((p = rpmtsiNext(pi, TR_ADDED)) != NULL) { rpmdbMatchIterator mi; int fc; if ((fi = rpmteFI(p)) == NULL) continue; /* XXX can't happen */ fc = rpmfiFC(fi); if (!(rpmtsFilterFlags(ts) & RPMPROB_FILTER_IGNOREARCH)) if (!archOkay(rpmteA(p))) rpmpsAppend(ps, RPMPROB_BADARCH, rpmteNEVRA(p), rpmteKey(p), rpmteA(p), NULL, NULL, 0); if (!(rpmtsFilterFlags(ts) & RPMPROB_FILTER_IGNOREOS)) if (!osOkay(rpmteO(p))) rpmpsAppend(ps, RPMPROB_BADOS, rpmteNEVRA(p), rpmteKey(p), rpmteO(p), NULL, NULL, 0); if (!(rpmtsFilterFlags(ts) & RPMPROB_FILTER_OLDPACKAGE)) { Header h; mi = rpmtsInitIterator(ts, RPMTAG_NAME, rpmteN(p), 0); while ((h = rpmdbNextIterator(mi)) != NULL) xx = ensureOlder(ts, p, h); mi = rpmdbFreeIterator(mi); } if (!(rpmtsFilterFlags(ts) & RPMPROB_FILTER_REPLACEPKG)) { mi = rpmtsInitIterator(ts, RPMTAG_NAME, rpmteN(p), 0); xx = rpmdbSetIteratorRE(mi, RPMTAG_EPOCH, RPMMIRE_STRCMP, rpmteE(p)); xx = rpmdbSetIteratorRE(mi, RPMTAG_VERSION, RPMMIRE_STRCMP, rpmteV(p)); xx = rpmdbSetIteratorRE(mi, RPMTAG_RELEASE, RPMMIRE_STRCMP, rpmteR(p)); if (tscolor) { xx = rpmdbSetIteratorRE(mi, RPMTAG_ARCH, RPMMIRE_STRCMP, rpmteA(p)); xx = rpmdbSetIteratorRE(mi, RPMTAG_OS, RPMMIRE_STRCMP, rpmteO(p)); } while (rpmdbNextIterator(mi) != NULL) { rpmpsAppend(ps, RPMPROB_PKG_INSTALLED, rpmteNEVRA(p), rpmteKey(p), NULL, NULL, NULL, 0); break; } mi = rpmdbFreeIterator(mi); } /* Count no. of files (if any). */ totalFileCount += fc; } pi = rpmtsiFree(pi); ps = rpmpsFree(ps); /* The ordering doesn't matter here */ pi = rpmtsiInit(ts); while ((p = rpmtsiNext(pi, TR_REMOVED)) != NULL) { int fc; if ((fi = rpmteFI(p)) == NULL) continue; /* XXX can't happen */ fc = rpmfiFC(fi); totalFileCount += fc; } pi = rpmtsiFree(pi); /* Run pre-transaction scripts, but only if there are no known * problems up to this point and not disabled otherwise. */ if (!((rpmtsFlags(ts) & (RPMTRANS_FLAG_BUILD_PROBS|RPMTRANS_FLAG_TEST|RPMTRANS_FLAG_NOPRE)) || (rpmpsNumProblems(ts->probs) && (okProbs == NULL || rpmpsTrim(ts->probs, okProbs))))) { rpmlog(RPMLOG_DEBUG, "running pre-transaction scripts\n"); runTransScripts(ts, RPMTAG_PRETRANS); } /* =============================================== * Initialize transaction element file info for package: */ /* * FIXME?: we'd be better off assembling one very large file list and * calling fpLookupList only once. I'm not sure that the speedup is * worth the trouble though. */ rpmlog(RPMLOG_DEBUG, "computing %d file fingerprints\n", totalFileCount); numAdded = numRemoved = 0; pi = rpmtsiInit(ts); while ((p = rpmtsiNext(pi, 0)) != NULL) { int fc; if ((fi = rpmteFI(p)) == NULL) continue; /* XXX can't happen */ fc = rpmfiFC(fi); switch (rpmteType(p)) { case TR_ADDED: numAdded++; /* Skip netshared paths, not our i18n files, and excluded docs */ if (fc > 0) skipFiles(ts, p); break; case TR_REMOVED: numRemoved++; break; } } pi = rpmtsiFree(pi); if (!rpmtsChrootDone(ts)) { const char * rootDir = rpmtsRootDir(ts); xx = chdir("/"); if (rootDir != NULL && strcmp(rootDir, "/") && *rootDir == '/') { /* opening db before chroot not optimal, see rhbz#103852 c#3 */ xx = rpmdbOpenAll(ts->rdb); if (chroot(rootDir) == -1) { rpmlog(RPMLOG_ERR, _("Unable to change root directory: %m\n")); return -1; } } (void) rpmtsSetChrootDone(ts, 1); } ts->ht = rpmFpHashCreate(totalFileCount/2+1, fpHashFunction, fpEqual, NULL, NULL); rpmFpHash symlinks = rpmFpHashCreate(totalFileCount/16+16, fpHashFunction, fpEqual, NULL, NULL); fpc = fpCacheCreate(totalFileCount/2 + 10001); /* =============================================== * Add fingerprint for each file not skipped. */ pi = rpmtsiInit(ts); while ((p = rpmtsiNext(pi, 0)) != NULL) { int fc; (void) rpmdbCheckSignals(); if ((fi = rpmteFI(p)) == NULL) continue; /* XXX can't happen */ fc = rpmfiFC(fi); (void) rpmswEnter(rpmtsOp(ts, RPMTS_OP_FINGERPRINT), 0); rpmfiFpLookup(fi, fpc); /* collect symbolic links */ fi = rpmfiInit(fi, 0); if (fi != NULL) /* XXX lclint */ while ((i = rpmfiNext(fi)) >= 0) { struct rpmffi_s ffi; char const *linktarget; linktarget = rpmfiFLink(fi); if (!(linktarget && *linktarget != '\0')) continue; if (XFA_SKIPPING(rpmfsGetAction(rpmteGetFileStates(p), i))) continue; ffi.p = p; ffi.fileno = i; rpmFpHashAddEntry(symlinks, rpmfiFpsIndex(fi, i), ffi); } (void) rpmswExit(rpmtsOp(ts, RPMTS_OP_FINGERPRINT), fc); } pi = rpmtsiFree(pi); /* =============================================== * Check fingerprints if they contain symlinks * and add them to the ts->ht hash table */ pi = rpmtsiInit(ts); while ((p = rpmtsiNext(pi, 0)) != NULL) { (void) rpmdbCheckSignals(); if ((fi = rpmteFI(p)) == NULL) continue; /* XXX can't happen */ fi = rpmfiInit(fi, 0); (void) rpmswEnter(rpmtsOp(ts, RPMTS_OP_FINGERPRINT), 0); if (fi != NULL) /* XXX lclint */ while ((i = rpmfiNext(fi)) >= 0) { if (XFA_SKIPPING(rpmfsGetAction(rpmteGetFileStates(p), i))) continue; fpLookupSubdir(symlinks, ts->ht, fpc, p, i); } (void) rpmswExit(rpmtsOp(ts, RPMTS_OP_FINGERPRINT), 0); } pi = rpmtsiFree(pi); rpmFpHashFree(symlinks); /* =============================================== * Compute file disposition for each package in transaction set. */ rpmtsNotify(ts, NULL, RPMCALLBACK_TRANS_START, 6, ts->orderCount); /* check against files in the rpmdb */ checkInstalledFiles(ts, fpc); pi = rpmtsiInit(ts); while ((p = rpmtsiNext(pi, 0)) != NULL) { if ((fi = rpmteFI(p)) == NULL) continue; /* XXX can't happen */ (void) rpmswEnter(rpmtsOp(ts, RPMTS_OP_FINGERPRINT), 0); /* check files in ts against each other and update disk space needs on each partition for this package. */ handleOverlappedFiles(ts, p, fi); /* Check added package has sufficient space on each partition used. */ if (rpmteType(p) == TR_ADDED) { rpmtsCheckDSIProblems(ts, p); } (void) rpmswExit(rpmtsOp(ts, RPMTS_OP_FINGERPRINT), 0); } pi = rpmtsiFree(pi); if (rpmtsChrootDone(ts)) { const char * rootDir = rpmtsRootDir(ts); const char * currDir = rpmtsCurrDir(ts); if (rootDir != NULL && strcmp(rootDir, "/") && *rootDir == '/') xx = chroot("."); (void) rpmtsSetChrootDone(ts, 0); if (currDir != NULL) xx = chdir(currDir); } rpmtsNotify(ts, NULL, RPMCALLBACK_TRANS_STOP, 6, ts->orderCount); /* =============================================== * Free unused memory as soon as possible. */ pi = rpmtsiInit(ts); while ((p = rpmtsiNext(pi, 0)) != NULL) { rpmteSetFI(p, NULL); } pi = rpmtsiFree(pi); fpc = fpCacheFree(fpc); ts->ht = rpmFpHashFree(ts->ht); /* =============================================== * If unfiltered problems exist, free memory and return. */ if ((rpmtsFlags(ts) & RPMTRANS_FLAG_BUILD_PROBS) || (rpmpsNumProblems(ts->probs) && (okProbs == NULL || rpmpsTrim(ts->probs, okProbs))) ) { rpmtsFreeLock(lock); return ts->orderCount; } /* Actually install and remove packages */ rc = rpmtsProcess(ts); if (!(rpmtsFlags(ts) & (RPMTRANS_FLAG_TEST|RPMTRANS_FLAG_NOPOST))) { rpmlog(RPMLOG_DEBUG, "running post-transaction scripts\n"); runTransScripts(ts, RPMTAG_POSTTRANS); } if (!(rpmtsFlags(ts) & RPMTRANS_FLAG_NOCONTEXTS)) { matchpathcon_fini(); } rpmtsFreeLock(lock); /* FIX: ts->flList may be NULL */ if (rc) return -1; else return 0; }
int matchpathcon_main(int argc, char **argv) { int i; int header = 1; int verify = 0; int notrans = 0; int error = 0; unsigned long opts; char *fcontext, *prefix; if (argc < 2) bb_show_usage(); opts = bb_getopt_ulflags(argc, argv, "nNf:p:V", &fcontext, &prefix); if (opts & BB_GETOPT_ERROR) bb_show_usage(); if (opts & MATCHPATHCON_OPT_NOT_PRINT) header = 0; if (opts & MATCHPATHCON_OPT_NOT_TRANS) { notrans = 1; set_matchpathcon_flags(MATCHPATHCON_NOTRANS); } if ((opts & MATCHPATHCON_OPT_FCONTEXT) && (opts & MATCHPATHCON_OPT_PREFIX)) bb_error_msg_and_die("-f and -p are exclusive"); if (opts & MATCHPATHCON_OPT_FCONTEXT) { if (matchpathcon_init(fcontext)) bb_error_msg_and_die("Error while processing %s: %s", fcontext, errno ? strerror(errno) : "invalid"); } if (opts & MATCHPATHCON_OPT_PREFIX) { if (matchpathcon_init_prefix(NULL, prefix)) bb_error_msg_and_die("Error while processing %s: %s", prefix, errno ? strerror(errno) : "invalid"); } if (opts & MATCHPATHCON_OPT_VERIFY) verify = 1; for (i = optind; i < argc; i++) { if (verify) { if (selinux_file_context_verify(argv[i], 0)) { printf("%s verified.\n", argv[i]); } else { security_context_t con; int rc; if (notrans) rc = lgetfilecon_raw(argv[i], &con); else rc = lgetfilecon(argv[i], &con); if (rc >= 0) { printf("%s has context %s, should be ", argv[i], con); error += printmatchpathcon(argv[i], 0); freecon(con); } else { printf ("actual context unknown: %s, should be ", strerror(errno)); error += printmatchpathcon(argv[i], 0); } } } else { error += printmatchpathcon(argv[i], header); } } matchpathcon_fini(); return error; }