setfiles: rootpath logic breaks on absolute symlinks #248
Comments
|
Regression introduced by e016502 |
stephensmalley
added a commit
to stephensmalley/selinux
that referenced
this issue
Jun 4, 2020
As reported in SELinuxProject#248, setfiles -r (rootpath) fails when the alternate root contains a symlink that is correct relative to the alternate root but not in the current root. This is a regression introduced by commit e016502 ("libselinux: Save digest of all partial matches for directory"). Do not call statfs(2) here if acting on a symbolic link. Unfortunately there is no lstatfs() call. Ensure that we initialize the statfs buffer always. If the supplied file is a symlink, then we don't need to worry about the later tests of filesystem type because we wouldn't be setting the digest anyway and we are not performing a full sysfs relabel. While here, fix the earlier test for a directory to use the correct test. Reproducer: $ mkdir /root/my-chroot && echo foo > /root/my-chroot/link-target && ln -s /link-target /root/my-chroot/symlink $ echo "/root/my-chroot/symlink" | setfiles -vFi -r /root/my-chroot -f - /etc/selinux/targeted/contexts/files/file_contexts Before: setfiles: statfs(/root/my-chroot/symlink) failed: No such file or directory After: Relabeled /root/my-chroot/symlink from unconfined_u:object_r:admin_home_t:s0 to system_u:object_r:default_t:s0 Fixes: SELinuxProject#248 Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
stephensmalley
pushed a commit
to stephensmalley/selinux
that referenced
this issue
Jun 9, 2020
One thing that confused me when investigating SELinuxProject#248 (i.e. coreos/fedora-coreos-tracker#512) was that the manual page for `setfiles` seemed to imply that paths were fully resolved. This was consistent with the issues above where `setfiles` was failing because the target of the symbolic link didn't exist. But in fact, the wording around symbolic links in `setfiles`/`restorecon` refers actually to whether the parent directories are canonicalized via `realpath(3)` before labeling. Clarify the man pages to explain this.
bachradsusi
pushed a commit
to bachradsusi/SELinuxProject-selinux
that referenced
this issue
Jun 11, 2020
As reported in SELinuxProject#248, setfiles -r (rootpath) fails when the alternate root contains a symlink that is correct relative to the alternate root but not in the current root. This is a regression introduced by commit e016502 ("libselinux: Save digest of all partial matches for directory"). Do not call statfs(2) here if acting on a symbolic link. Unfortunately there is no lstatfs() call. Ensure that we initialize the statfs buffer always. If the supplied file is a symlink, then we don't need to worry about the later tests of filesystem type because we wouldn't be setting the digest anyway and we are not performing a full sysfs relabel. While here, fix the earlier test for a directory to use the correct test. Reproducer: $ mkdir /root/my-chroot && echo foo > /root/my-chroot/link-target && ln -s /link-target /root/my-chroot/symlink $ echo "/root/my-chroot/symlink" | setfiles -vFi -r /root/my-chroot -f - /etc/selinux/targeted/contexts/files/file_contexts Before: setfiles: statfs(/root/my-chroot/symlink) failed: No such file or directory After: Relabeled /root/my-chroot/symlink from unconfined_u:object_r:admin_home_t:s0 to system_u:object_r:default_t:s0 Fixes: SELinuxProject#248 Fixes: e016502 ("libselinux: Save digest of all partial matches for directory") Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com> Tested-by: Jonathan Lebon <jlebon@redhat.com> Acked-by: Petr Lautrbach <plautrba@redhat.com>
bachradsusi
pushed a commit
to bachradsusi/SELinuxProject-selinux
that referenced
this issue
Jun 11, 2020
As reported in SELinuxProject#248, setfiles -r (rootpath) fails when the alternate root contains a symlink that is correct relative to the alternate root but not in the current root. This is a regression introduced by commit e016502 ("libselinux: Save digest of all partial matches for directory"). Do not call statfs(2) here if acting on a symbolic link. Unfortunately there is no lstatfs() call. Ensure that we initialize the statfs buffer always. If the supplied file is a symlink, then we don't need to worry about the later tests of filesystem type because we wouldn't be setting the digest anyway and we are not performing a full sysfs relabel. While here, fix the earlier test for a directory to use the correct test. Reproducer: $ mkdir /root/my-chroot && echo foo > /root/my-chroot/link-target && ln -s /link-target /root/my-chroot/symlink $ echo "/root/my-chroot/symlink" | setfiles -vFi -r /root/my-chroot -f - /etc/selinux/targeted/contexts/files/file_contexts Before: setfiles: statfs(/root/my-chroot/symlink) failed: No such file or directory After: Relabeled /root/my-chroot/symlink from unconfined_u:object_r:admin_home_t:s0 to system_u:object_r:default_t:s0 Fixes: SELinuxProject#248 Fixes: e016502 ("libselinux: Save digest of all partial matches for directory") Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com> Tested-by: Jonathan Lebon <jlebon@redhat.com> Acked-by: Petr Lautrbach <plautrba@redhat.com>
stephensmalley
pushed a commit
that referenced
this issue
Jun 25, 2020
One thing that confused me when investigating #248 (i.e. coreos/fedora-coreos-tracker#512) was that the manual page for `setfiles` seemed to imply that paths were fully resolved. This was consistent with the issues above where `setfiles` was failing because the target of the symbolic link didn't exist. But in fact, the wording around symbolic links in `setfiles`/`restorecon` refers actually to whether the parent directories are canonicalized via `realpath(3)` before labeling. Clarify the man pages to explain this. Signed-off-by: Jonathan Lebon <jlebon@redhat.com> Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
bachradsusi
pushed a commit
to fedora-selinux/selinux
that referenced
this issue
Jul 27, 2020
As reported in SELinuxProject/selinux#248, setfiles -r (rootpath) fails when the alternate root contains a symlink that is correct relative to the alternate root but not in the current root. This is a regression introduced by commit e016502 ("libselinux: Save digest of all partial matches for directory"). Do not call statfs(2) here if acting on a symbolic link. Unfortunately there is no lstatfs() call. Ensure that we initialize the statfs buffer always. If the supplied file is a symlink, then we don't need to worry about the later tests of filesystem type because we wouldn't be setting the digest anyway and we are not performing a full sysfs relabel. While here, fix the earlier test for a directory to use the correct test. Reproducer: $ mkdir /root/my-chroot && echo foo > /root/my-chroot/link-target && ln -s /link-target /root/my-chroot/symlink $ echo "/root/my-chroot/symlink" | setfiles -vFi -r /root/my-chroot -f - /etc/selinux/targeted/contexts/files/file_contexts Before: setfiles: statfs(/root/my-chroot/symlink) failed: No such file or directory After: Relabeled /root/my-chroot/symlink from unconfined_u:object_r:admin_home_t:s0 to system_u:object_r:default_t:s0 Fixes: SELinuxProject/selinux#248 Fixes: e016502 ("libselinux: Save digest of all partial matches for directory") Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com> Tested-by: Jonathan Lebon <jlebon@redhat.com> Acked-by: Petr Lautrbach <plautrba@redhat.com>
bachradsusi
pushed a commit
to fedora-selinux/selinux
that referenced
this issue
Jul 27, 2020
One thing that confused me when investigating SELinuxProject/selinux#248 (i.e. coreos/fedora-coreos-tracker#512) was that the manual page for `setfiles` seemed to imply that paths were fully resolved. This was consistent with the issues above where `setfiles` was failing because the target of the symbolic link didn't exist. But in fact, the wording around symbolic links in `setfiles`/`restorecon` refers actually to whether the parent directories are canonicalized via `realpath(3)` before labeling. Clarify the man pages to explain this. Signed-off-by: Jonathan Lebon <jlebon@redhat.com> Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
chenyt9
pushed a commit
to MotorolaMobilityLLC/external-selinux
that referenced
this issue
Mar 6, 2023
As reported in SELinuxProject/selinux#248, setfiles -r (rootpath) fails when the alternate root contains a symlink that is correct relative to the alternate root but not in the current root. This is a regression introduced by commit e016502 ("libselinux: Save digest of all partial matches for directory"). Do not call statfs(2) here if acting on a symbolic link. Unfortunately there is no lstatfs() call. Ensure that we initialize the statfs buffer always. If the supplied file is a symlink, then we don't need to worry about the later tests of filesystem type because we wouldn't be setting the digest anyway and we are not performing a full sysfs relabel. While here, fix the earlier test for a directory to use the correct test. Reproducer: $ mkdir /root/my-chroot && echo foo > /root/my-chroot/link-target && ln -s /link-target /root/my-chroot/symlink $ echo "/root/my-chroot/symlink" | setfiles -vFi -r /root/my-chroot -f - /etc/selinux/targeted/contexts/files/file_contexts Before: setfiles: statfs(/root/my-chroot/symlink) failed: No such file or directory After: Relabeled /root/my-chroot/symlink from unconfined_u:object_r:admin_home_t:s0 to system_u:object_r:default_t:s0 Fixes: SELinuxProject/selinux#248 Fixes: e016502 ("libselinux: Save digest of all partial matches for directory") Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com> Tested-by: Jonathan Lebon <jlebon@redhat.com> Acked-by: Petr Lautrbach <plautrba@redhat.com>
chenyt9
pushed a commit
to MotorolaMobilityLLC/external-selinux
that referenced
this issue
Mar 6, 2023
One thing that confused me when investigating SELinuxProject/selinux#248 (i.e. coreos/fedora-coreos-tracker#512) was that the manual page for `setfiles` seemed to imply that paths were fully resolved. This was consistent with the issues above where `setfiles` was failing because the target of the symbolic link didn't exist. But in fact, the wording around symbolic links in `setfiles`/`restorecon` refers actually to whether the parent directories are canonicalized via `realpath(3)` before labeling. Clarify the man pages to explain this. Signed-off-by: Jonathan Lebon <jlebon@redhat.com> Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is a followup from coreos/fedora-coreos-tracker#512.
This affects the latest released version, as packaged in Fedora (package NEVRA is
policycoreutils-3.0-2.module_f32+7989+651e8914.x86_64).When using the
-rlogic to relabel files under a different rootpath, symlinks to absolute paths seem to break the relabeling logic:However, from the point of view of the new rootpath, paths and symlinks are setup properly:
So this sounds like a bug in
setfilesrelabeling logic.The text was updated successfully, but these errors were encountered: