diff options
| author | Eugene Syromyatnikov <evgsyr@gmail.com> | 2022-07-01 10:45:48 +0200 |
|---|---|---|
| committer | Eugene Syromyatnikov <evgsyr@gmail.com> | 2022-07-04 19:12:08 +0200 |
| commit | 3f0e5340b651da98251a58cc7923525d69f96032 (patch) | |
| tree | cb7ae3edd32231b692081df86230c47f24087de2 /src/defs.h | |
| parent | 676979fa9cc7920e5e4d547814f9c0edb597fa0d (diff) | |
| download | strace-3f0e5340b651da98251a58cc7923525d69f96032.tar.gz | |
secontext: fix expected SELinux context check for unlinked FDs
selinux_getfdcon open-coded a part of getfdpath_pid since it tries
to do the same job, figure out a path associated with an FD, for slightly
different purpose: to get the expected SELinux context for it. As the previous
commit shows, it's a bit more complicated in cases when the path ends
with the " (deleted)" string, which is also used for designated unlinked paths
in procfs. Otherwise, it may manifest in test failures such as this:
--- exp 2022-05-18 04:29:13.311710593 -0400
+++ out 2022-05-18 04:29:13.311710593 -0400
@@ -1,4 +1,4 @@
[unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023] fchmod(4</root/rpmbuild/BUILD/strace-5.13/tests/fchmod-y--secontext_full_mismatch.dir/fchmod_subdir/fchmod_sample_file> [unconfined_u:object_r:admin_home_t:s0!!system_u:object_r:admin_home_t:s0], 0600) = 0
-[unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023] fchmod(4</root/rpmbuild/BUILD/strace-5.13/tests/fchmod-y--secontext_full_mismatch.dir/fchmod_subdir/fchmod_sample_file (deleted)> [unconfined_u:object_r:admin_home_t:s0!!system_u:object_r:admin_home_t:s0], 051) = 0
-[unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023] fchmod(4</root/rpmbuild/BUILD/strace-5.13/tests/fchmod-y--secontext_full_mismatch.dir/fchmod_subdir/fchmod_sample_file (deleted)> [unconfined_u:object_r:admin_home_t:s0!!system_u:object_r:admin_home_t:s0], 004) = 0
+[unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023] fchmod(4</root/rpmbuild/BUILD/strace-5.13/tests/fchmod-y--secontext_full_mismatch.dir/fchmod_subdir/fchmod_sample_file (deleted)> [unconfined_u:object_r:admin_home_t:s0], 051) = 0
+[unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023] fchmod(4</root/rpmbuild/BUILD/strace-5.13/tests/fchmod-y--secontext_full_mismatch.dir/fchmod_subdir/fchmod_sample_file (deleted)> [unconfined_u:object_r:admin_home_t:s0], 004) = 0
+++ exited with 0 +++
+ fail_ '../../src/strace -a15 -y --secontext=full,mismatch -e trace=fchmod ../fchmod-y--secontext_full_mismatch output mismatch'
+ warn_ 'fchmod-y--secontext_full_mismatch.gen.test: failed test: ../../src/strace -a15 -y --secontext=full,mismatch -e trace=fchmod ../fchmod-y--secontext_full_mismatch output mismatch'
+ printf '%s\n' 'fchmod-y--secontext_full_mismatch.gen.test: failed test: ../../src/strace -a15 -y --secontext=full,mismatch -e trace=fchmod ../fchmod-y--secontext_full_mismatch output mismatch'
fchmod-y--secontext_full_mismatch.gen.test: failed test: ../../src/strace -a15 -y --secontext=full,mismatch -e trace=fchmod ../fchmod-y--secontext_full_mismatch output mismatch
+ exit 1
FAIL fchmod-y--secontext_full_mismatch.gen.test (exit status: 1)
that happens due to the fact that the get_expected_filecontext() call
is made against the path with the " (deleted)" part, which is wrong (it
is more wrong than shown above when a file with the path that ends with
" (deleted)" exists). Moreover, it would be incorrect to call stat()
on that path.
Let's factor out the common part of the code and simply call it
from selinux_getfdcon, then use the st_mode from the procfs link.
* src/defs.h (get_proc_pid_fd_path): New declaration.
* src/pathtrace.c (get)proc_pid_fd_path): New function, part
of getfdpath_pid that performs link resolution and processing
of the result.
(getfdpath_pid): Call get_proc_pid_fd_path after PID resolution.
* src/secontext.c (get_expected_filecontext): Add mode parameter, use
it in selabel_lookup call instead of retrieveing file mode using stat()
if it is not -1.
(selinux_getfdcon): Call get_proc_pid_fd_path instead
of open-coding path resolution code, call stat() on the procfs link
and pass the retrieved st_mode to the get_expected_filecontext call.
(selinux_getfilecon): Pass -1 as mode in the get_expected_filecontext
call.
Reported-by: Václav Kadlčík <vkadlcik@redhat.com>
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2087693
Diffstat (limited to 'src/defs.h')
| -rw-r--r-- | src/defs.h | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/src/defs.h b/src/defs.h index b9c2a1586..884b65b61 100644 --- a/src/defs.h +++ b/src/defs.h @@ -785,6 +785,21 @@ pathtrace_match(struct tcb *tcp) return pathtrace_match_set(tcp, &global_path_set); } +/** + * Resolves a path for a fd procfs PID proc_pid (the one got from + * get_proc_pid()). + * + * @param proc_pid PID number in /proc, obtained with get_proc_pid(). + * @param fd FD to resolve path for. + * @param buf Buffer to store the resolved path in. + * @param bufsize The size of buf. + * @param deleted If non-NULL, set to true if the path associated with the FD + * seems to have been unlinked and to false otherwise. + * @return Number of bytes written including terminating '\0'. + */ +extern int get_proc_pid_fd_path(int proc_pid, int fd, char *buf, + unsigned bufsize, bool *deleted); + extern int getfdpath_pid(pid_t pid, int fd, char *buf, unsigned bufsize, bool *deleted); |