Age | Commit message (Collapse) | Author | Files | Lines |
|
The conflicts within the packages of equally ranked keys
must be treated usually by rpm.
Without this change, installation of conflicting packages
is not possible when msm plugin is active.
Change-Id: I909540524c7e2b43229b8aac90f66430041cbd55
Signed-off-by: José Bollo <jose.bollo@open.eurogiciel.org>
|
|
The msm plugin creates one access rule file
in SMACK_RULES_PATH=/etc/smack/accesses.d for
each RPM installed.
Since Tizen 3, the guideline for packages is
simplified and the new guideline states that
manifest files have to be as simple as:
<manifest>
<request>
<domain name="_"/>
</request>
</manifest>
It means that most access rule files are empty.
Thus, this patch removes the file if it is empty
because without any penality, it improves:
- the start time of the system
- the administration of the system
The start time is improved because at start, all
the files in /etc/smack/accesses.d are read and
loaded to the kernel. As empty files are just removed,
no time is spend to seek it, open it, read it, close it,
apply empty rule.
The administration is also improved because only meaning
access rule files are retains, avoid to have to sort what
is meaning and what is not.
Change-Id: I7b40f2b291f0c1dbcb2f033f62191c651430e3c8
Signed-off-by: José Bollo <jose.bollo@open.eurogiciel.org>
|
|
Change-Id: I5e84c913d1756320bf31442d87b797ff8b5f4633
|
|
Names of the software repositories were used as subject of
the generated smack rules. There is no mention of such
behaviour on the help pages in the wiki of tizen.
Bug-Tizen: PTREL-638
Change-Id: Iefef89492ab5c9839cb01d3b62dae4c3637f00f4
Signed-off-by: José Bollo <jose.bollo@open.eurogiciel.org>
|
|
This patch fixes three issues with access type:
- SMACK_ACCESS_TYPE_LENGHT -> SMACK_ACCESS_TYPE_LENGTH
- Changed the value of SMACK_ACCESS_TYPE_LENGTH from 5 to 6.
- String length was calculated with unsafe 'strlen()'. Changed to
use strlen(type, SMACK_LABEL_LENGTH + 1) instead.
Change-Id: I127d7b2beb8a3258ec1e4a5142f253f842b2fa7a
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
|
|
Change policy from enforcing to advisory when access is requested
from unknown domain or permitted to unknown domain. Also trunacated
lines to 80 characters, fixed grammar in the warning messages, and
removed trailing spaces and tabs.
In future, it might make sense to make this behaviour a command-line
option. Added a FIXME comment about that.
Change-Id: Iab78d79a8a28e019ec8601265a59d259fd46f9d6
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
|
|
Change-Id: Id61dd99ef2e6a673d3c66a58d71c735b07571970
|
|
Change-Id: I1da33e6e842a7f93dade78f2aebc00ed271a271c
|
|
msmconfig.c:29:25: fatal error: libxml/tree.h: No such file or directory
msmmanifest.c:37:30: fatal error: libxml/xmlreader.h: No such file or directory
Bug-Id: https://bugs.tizen.org/jira/browse/PTREL-397
Change-Id: If287d79f343ca6f6f4be9392f09e17387305fb8a
Signed-off-by: Adrian Negreanu <adrian.m.negreanu@intel.com>
|
|
Change-Id: I4d44db47865dd5c83fcf28435ffc26a70164b69d
|
|
|
|
- Removing unused code
- Changing the init hook to take care of new libsmack return code
|
|
|
|
-adding macros to configure location of default policy
-adding a default security policy to rpm-plugins dir
-adding copying of policy file to chroot dir when rpm is run with --root param
-moving policy saving to post_tsm hook
|
|
- fix to the pkg_name allocation in conflict handling
|
|
- allowing multiple domains definition per manifest
- fixing indirect include of config.h
- restricting adding new sw source with the same key info
|
|
|
|
possibility in msmXattrSupport
|
|
|
|
|
|
- stricter control over smack64exec label assigment
- strciter control over dbus interface labels
|
|
|
|
|
|
Attribute tag allows to specify the type of the package (currenlty only application or system)
that affects setting SMACK64EXEC label.
For system packages it isn't set by default and for applications it is set to requested domain.
|
|
|
|
|
|
|
|
-All post hooks take an additional rc argument that indicates general return code from operation.
-All post hooks are always called if correspoding pre hook has been called.
-The return value from post hooks is curently ignored
Signed-off-by: Panu Matilainen <pmatilai@redhat.com>
|
|
Three new hooks added:
PLUGINHOOK_SCRIPTLET_PRE_FUNC
Called before scriptlet execution
PLUGINHOOK_SCRIPTLET_FORK_POST_FUNC
Called after fork() but before scriptlet execution
PLUGINHOOK_SCRIPTLET_POST_FUNC
Called after scriptlet execution
Currently pre and post hooks are called for externals and internal lua scripts.
post hook is called even if scriptlet execution has failed and
the return code is given as an argument.
fork_post hook is only called for external scriptlets,
because for internal scriptlets no fork() is currently performed.
Signed-off-by: Panu Matilainen <pmatilai@redhat.com>
|
|
This change adds a new type of the rpm plugin, called transaction plugin
and a set of initial hooks for this plugin. The hooks are:
PLUGINHOOK_TSM_PRE
Pre-transaction hook that is called before an rpm transaction begins
PLUGINHOOK_TSM_POST
Post-transaction hook that is called after an rpm transaction ends
PLUGINHOOK_PSM_PRE
Pre-transaction-element hook that is called before an rpm
transaction-element is processed
PLUGINHOOK_PSM_POST
Post-transaction-element hook that is called after an rpm
transaction-element is processed
PLUGINHOOK_SCRIPT_SETUP
Per-script hook that is called once for each rpm mainainers script
that is present in the package
Each hook is called for every plugin that have this hook registered.
The avaliable transaction plugins can be specified in macros.in via
transaction_plugins element.
Signed-off-by: Panu Matilainen <pmatilai@redhat.com>
|
|
|
|
|
|
- It is always selinux_file_context_path() anyway.
|
|
|
|
- Base64 is present in headers and all, it's only reasonable that
our API users have access to this functionality without having
to link to other libraries. Even if we didn't want to carry the
implementation forever in our codebase, we should provide a wrapping
for this (much like the other crypto stuff) for the reason stated above.
- A bigger issue is that our dirty little (badly hidden) secret was using
non-namespaced function names, clashing with at least beecrypt. And we
couldn't have made these internal-only symbols even on platforms that
support it, because they are used all over the place outside rpmio.
So... rename the b64 functions to rpmLikeNamingStyle and make 'em public.
No functional changes, just trivial renaming despite touching numerous
places.
|
|
|
|
- Replace assignments with a memset() to blast away the contents instead,
taking care of other members too
|
|
- Having an err label which we fall through on success too seems
a bit funny, rename the label to exit
- Initialize the sepoltrans at declaration already
- Remove redundant RPMRC_FAIL assignment on sepoltransNew() fail
case, this already assumes failure
- Remove redundant jump to exit from sepoltransCommit() error
- Eliminate trailing dead NULL assignment of the local pt variable
|
|
|
|
|
|
- The sepolicy plugin needs them so the symbols can't be hidden, but
these are not something external API-users should be messing with.
- Ultimately we'll want to push the actual labeling from FSM to
the plugin, insulating rpm from all SELinux specifics, this is
just a band-aid temporary "solution" to keep this out of the API.
|
|
- Plugins are by their very nature arch specific, while /usr/lib/rpm
is a hodgepodge of all sorts of ... stuff, most of which is
arch-independent and all. Use %{_libdir}/rpm-plugins to cleanly
differentiate 32 vs 64bit plugin paths
|
|
|
|
This adds a new plugin specifically for a collection to load SELinux
policy. This implements the post_add and pre_remove plugin hooks. The
only time anything happens during the pre_remove hook is if post_add was
not called (i.e. if the transaction only removes policies).
This plugin extracts all the policy information from packages in the
sepolicy collection during the open te hook. It then determines which
policies should be installed/removed based on if the package is being
installed/removed and the type of the policy and the system policy. It
then executes semodule (or uses libsemanage if semodule cannot be
executed or installing in a chroot) to remove and install the necessary
policies. It then reloads the selinux state, reloads the file contexts,
and if necessary, relabels the file system.
|
|
This moves most of the plugin logic to a new rpmplugins file with a
struct and functions for managing plugins, allowing for plugins to carry
state. This also adds init and cleanup hooks for plugins to initialize
and cleanup their state, and a new 'open te' hook allowing plugins to
read and save information from transaction elements.
This also generalizes the plugin architecture a bit so it isn't so
specific to collections.
|
|
- the exec plugin was using a private copy of rpmchroot.c to avoid
RPM_GNUC_INTERNAL on the API, better let the plugins use librpm
state instead
- the chroot API really belongs to librpmio but for now...
|
|
This patch adds a generic plugin, exec.so, that should be sufficient for the
majority of Collection actions. After all packages in a Collection have been
installed/removed, this plugin executes the arguments by calling system(3),
allowing for a very generic and powerful method to perform many actions.
This also adds two sample macros as examples of the format, using the exec.so
plugin.
|