]>
Commit | Line | Data |
---|---|---|
83f626c2 JR |
1 | --- Linux-PAM-0.99.7.0/modules/pam_namespace/pam_namespace.c.level 2007-01-19 08:33:11.000000000 -0500 |
2 | +++ Linux-PAM-0.99.7.0/modules/pam_namespace/pam_namespace.c 2007-01-19 08:33:11.000000000 -0500 | |
3 | @@ -244,23 +244,29 @@ | |
4 | } | |
5 | strcpy(poly.dir, dir); | |
6 | strcpy(poly.instance_prefix, instance_prefix); | |
7 | - if (strcmp(method, "user") == 0) | |
8 | - poly.method = USER; | |
9 | + | |
10 | + poly.method = NONE; | |
11 | + if (strcmp(method, "user") == 0) | |
12 | + poly.method = USER; | |
13 | + | |
14 | #ifdef WITH_SELINUX | |
15 | - else if (strcmp(method, "context") == 0) { | |
16 | + if (strcmp(method, "level") == 0) { | |
17 | if (idata->flags & PAMNS_CTXT_BASED_INST) | |
18 | - poly.method = CONTEXT; | |
19 | + poly.method = LEVEL; | |
20 | else | |
21 | poly.method = USER; | |
22 | - } else if (strcmp(method, "both") == 0) { | |
23 | + } | |
24 | + | |
25 | + if (strcmp(method, "context") == 0) { | |
26 | if (idata->flags & PAMNS_CTXT_BASED_INST) | |
27 | - poly.method = BOTH; | |
28 | + poly.method = CONTEXT; | |
29 | else | |
30 | poly.method = USER; | |
31 | } | |
32 | ||
33 | #endif | |
34 | - else { | |
35 | + | |
36 | + if ( poly.method == NONE) { | |
37 | pam_syslog(idata->pamh, LOG_NOTICE, "Illegal method"); | |
38 | goto skipping; | |
39 | } | |
40 | @@ -448,19 +454,23 @@ | |
41 | return PAM_SESSION_ERR; | |
42 | } | |
43 | ||
44 | + if (polyptr->method == USER) return PAM_SUCCESS; | |
45 | + | |
46 | + rc = getexeccon(&scon); | |
47 | + if (rc < 0 || scon == NULL) { | |
48 | + pam_syslog(idata->pamh, LOG_ERR, | |
49 | + "Error getting exec context, %m"); | |
50 | + return PAM_SESSION_ERR; | |
51 | + } | |
52 | + | |
53 | /* | |
54 | * If polyinstantiating based on security context, get current | |
55 | * process security context, get security class for directories, | |
56 | * and ask the policy to provide security context of the | |
57 | * polyinstantiated instance directory. | |
58 | */ | |
59 | - if ((polyptr->method == CONTEXT) || (polyptr->method == BOTH)) { | |
60 | - rc = getexeccon(&scon); | |
61 | - if (rc < 0 || scon == NULL) { | |
62 | - pam_syslog(idata->pamh, LOG_ERR, | |
63 | - "Error getting exec context, %m"); | |
64 | - return PAM_SESSION_ERR; | |
65 | - } | |
66 | + | |
67 | + if (polyptr->method == CONTEXT) { | |
68 | tclass = string_to_security_class("dir"); | |
69 | ||
70 | if (security_compute_member(scon, *origcon, tclass, | |
71 | @@ -473,7 +483,48 @@ | |
72 | pam_syslog(idata->pamh, LOG_DEBUG, | |
73 | "member context returned by policy %s", *i_context); | |
74 | freecon(scon); | |
75 | + return PAM_SUCCESS; | |
76 | } | |
77 | + | |
78 | + /* | |
79 | + * If polyinstantiating based on security level, get current | |
80 | + * process security context, get security class for directories, | |
81 | + * and change the directories MLS Level to match process. | |
82 | + */ | |
83 | + | |
84 | + if (polyptr->method == LEVEL) { | |
85 | + context_t scontext = NULL; | |
86 | + context_t fcontext = NULL; | |
87 | + rc = PAM_SESSION_ERR; | |
88 | + | |
89 | + scontext = context_new(scon); | |
90 | + if (! scontext) { | |
91 | + pam_syslog(idata->pamh, LOG_ERR, "out of memory"); | |
92 | + goto fail; | |
93 | + } | |
94 | + fcontext = context_new(*origcon); | |
95 | + if (! fcontext) { | |
96 | + pam_syslog(idata->pamh, LOG_ERR, "out of memory"); | |
97 | + goto fail; | |
98 | + } | |
99 | + if (context_range_set(fcontext, context_range_get(scontext)) != 0) { | |
100 | + pam_syslog(idata->pamh, LOG_ERR, "Unable to set MLS Componant of context"); | |
101 | + goto fail; | |
102 | + } | |
103 | + *i_context=strdup(context_str(fcontext)); | |
104 | + if (! *i_context) { | |
105 | + pam_syslog(idata->pamh, LOG_ERR, "out of memory"); | |
106 | + goto fail; | |
107 | + } | |
108 | + | |
109 | + rc = PAM_SUCCESS; | |
110 | + fail: | |
111 | + context_free(scontext); | |
112 | + context_free(fcontext); | |
113 | + freecon(scon); | |
114 | + return rc; | |
115 | + } | |
116 | + /* Should never get here */ | |
117 | return PAM_SUCCESS; | |
118 | } | |
119 | #endif | |
120 | @@ -514,19 +565,14 @@ | |
121 | break; | |
122 | ||
123 | #ifdef WITH_SELINUX | |
124 | + case LEVEL: | |
125 | case CONTEXT: | |
126 | - if (asprintf(i_name, "%s", *i_context) < 0) { | |
127 | - *i_name = NULL; | |
128 | - rc = PAM_SESSION_ERR; | |
129 | - } | |
130 | - break; | |
131 | - | |
132 | - case BOTH: | |
133 | if (asprintf(i_name, "%s_%s", *i_context, idata->user) < 0) { | |
134 | *i_name = NULL; | |
135 | rc = PAM_SESSION_ERR; | |
136 | } | |
137 | break; | |
138 | + | |
139 | #endif /* WITH_SELINUX */ | |
140 | ||
141 | default: | |
142 | @@ -1158,7 +1204,7 @@ | |
143 | #ifdef WITH_SELINUX | |
144 | if (is_selinux_enabled()) | |
145 | idata.flags |= PAMNS_SELINUX_ENABLED; | |
146 | - if (ctxt_based_inst_needed()) | |
147 | + if (ctxt_based_inst_needed()) | |
148 | idata.flags |= PAMNS_CTXT_BASED_INST; | |
149 | #endif | |
150 | ||
151 | --- Linux-PAM-0.99.7.0/modules/pam_namespace/namespace.conf.level 2006-06-27 09:07:43.000000000 -0400 | |
152 | +++ Linux-PAM-0.99.7.0/modules/pam_namespace/namespace.conf 2007-01-19 08:33:11.000000000 -0500 | |
153 | @@ -4,12 +4,10 @@ | |
154 | # | |
155 | # Uncommenting the following three lines will polyinstantiate | |
156 | # /tmp, /var/tmp and user's home directories. /tmp and /var/tmp will | |
157 | -# be polyinstantiated based on both security context as well as user | |
158 | -# name, whereas home directory will be polyinstantiated based on | |
159 | -# security context only. Polyinstantion will not be performed for | |
160 | -# user root and adm for directories /tmp and /var/tmp, whereas home | |
161 | -# directories will be polyinstantiated for all users. The user name | |
162 | -# and/or context is appended to the instance prefix. | |
163 | +# be polyinstantiated based on the MLS level part of the security context as well as user | |
164 | +# name, Polyinstantion will not be performed for user root and adm for directories | |
165 | +# /tmp and /var/tmp, whereas home directories will be polyinstantiated for all users. | |
166 | +# The user name and context is appended to the instance prefix. | |
167 | # | |
168 | # Note that instance directories do not have to reside inside the | |
169 | # polyinstantiated directory. In the examples below, instances of /tmp | |
170 | @@ -25,6 +23,6 @@ | |
171 | # caution, as it will reduce security and isolation achieved by | |
172 | # polyinstantiation. | |
173 | # | |
174 | -#/tmp /tmp-inst/ both root,adm | |
175 | -#/var/tmp /var/tmp/tmp-inst/ both root,adm | |
176 | -#$HOME $HOME/$USER.inst/inst- context | |
177 | +#/tmp /tmp-inst/ level root,adm | |
178 | +#/var/tmp /var/tmp/tmp-inst/ level root,adm | |
179 | +#$HOME $HOME/$USER.inst/ level | |
180 | --- Linux-PAM-0.99.7.0/modules/pam_namespace/pam_namespace.h.level 2007-01-19 08:33:11.000000000 -0500 | |
181 | +++ Linux-PAM-0.99.7.0/modules/pam_namespace/pam_namespace.h 2007-01-19 08:33:11.000000000 -0500 | |
182 | @@ -63,6 +63,7 @@ | |
183 | ||
184 | #ifdef WITH_SELINUX | |
185 | #include <selinux/selinux.h> | |
186 | +#include <selinux/context.h> | |
187 | #endif | |
188 | ||
189 | #ifndef CLONE_NEWNS | |
190 | @@ -93,9 +94,10 @@ | |
191 | * or both | |
192 | */ | |
193 | enum polymethod { | |
194 | + NONE, | |
195 | USER, | |
196 | CONTEXT, | |
197 | - BOTH, | |
198 | + LEVEL, | |
199 | }; | |
200 | ||
201 | /* | |
202 | --- Linux-PAM-0.99.7.0/modules/pam_namespace/namespace.conf.5.xml.level 2006-06-27 09:07:43.000000000 -0400 | |
203 | +++ Linux-PAM-0.99.7.0/modules/pam_namespace/namespace.conf.5.xml 2007-01-19 08:33:11.000000000 -0500 | |
204 | @@ -22,7 +22,7 @@ | |
205 | <para> | |
206 | This module allows setup of private namespaces with polyinstantiated | |
207 | directories. Directories can be polyinstantiated based on user name | |
208 | - or, in the case of SELinux, user name, security context or both. If an | |
209 | + or, in the case of SELinux, user name, sensitivity level or complete security context. If an | |
210 | executable script <filename>/etc/security/namespace.init</filename> | |
211 | exists, it is used to initialize the namespace every time a new instance | |
212 | directory is setup. The script receives the polyinstantiated | |
213 | @@ -72,10 +72,10 @@ | |
214 | <para> | |
215 | The third field, <replaceable>method</replaceable>, is the method | |
216 | used for polyinstantiation. It can take 3 different values; "user" | |
217 | - for polyinstantiation based on user name, "context" for | |
218 | - polyinstantiation based on process security context, and "both" | |
219 | - for polyinstantiation based on both user name and security context. | |
220 | - Methods "context" and "both" are only available with SELinux. This | |
221 | + for polyinstantiation based on user name, "level" for | |
222 | + polyinstantiation based on process MLS level and user name, and "context" for | |
223 | + polyinstantiation based on process security context and user name | |
224 | + Methods "context" and "level" are only available with SELinux. This | |
225 | field cannot be blank. | |
226 | </para> | |
227 | ||
228 | @@ -98,9 +98,9 @@ | |
229 | <literallayout> | |
230 | # The following three lines will polyinstantiate /tmp, | |
231 | # /var/tmp and user's home directories. /tmp and /var/tmp | |
232 | - # will be polyinstantiated based on both security context | |
233 | + # will be polyinstantiated based on the security level | |
234 | # as well as user name, whereas home directory will be | |
235 | - # polyinstantiated based on security context only. | |
236 | + # polyinstantiated based on the full security context and user name. | |
237 | # Polyinstantiation will not be performed for user root | |
238 | # and adm for directories /tmp and /var/tmp, whereas home | |
239 | # directories will be polyinstantiated for all users. | |
240 | @@ -112,8 +112,8 @@ | |
241 | # will reside within the directories that are being | |
242 | # polyinstantiated. | |
243 | # | |
244 | - /tmp /tmp-inst/ both root,adm | |
245 | - /var/tmp /var/tmp/tmp-inst/ both root,adm | |
246 | + /tmp /tmp-inst/ level root,adm | |
247 | + /var/tmp /var/tmp/tmp-inst/ level root,adm | |
248 | $HOME $HOME/$USER.inst/inst- context | |
249 | </literallayout> | |
250 |