[packages/pam.git] / pam-namespace-level.patch

--- Linux-PAM-0.99.7.0/modules/pam_namespace/pam_namespace.c.level	2007-01-19 08:33:11.000000000 -0500
+++ Linux-PAM-0.99.7.0/modules/pam_namespace/pam_namespace.c	2007-01-19 08:33:11.000000000 -0500
@@ -244,23 +244,29 @@
     }
     strcpy(poly.dir, dir);
     strcpy(poly.instance_prefix, instance_prefix);
-    if (strcmp(method, "user") == 0)
-        poly.method = USER;
+
+    poly.method = NONE;
+    if (strcmp(method, "user") == 0) 
+	    poly.method = USER;
+
 #ifdef WITH_SELINUX
-    else if (strcmp(method, "context") == 0) {
+    if (strcmp(method, "level") == 0) {
         if (idata->flags & PAMNS_CTXT_BASED_INST)
-            poly.method = CONTEXT;
+            poly.method = LEVEL;
 	else
             poly.method = USER;
-    } else if (strcmp(method, "both") == 0) {
+    }
+
+    if (strcmp(method, "context") == 0) {
         if (idata->flags & PAMNS_CTXT_BASED_INST)
-            poly.method = BOTH;
+            poly.method = CONTEXT;
 	else
             poly.method = USER;
     }
 
 #endif
-    else {
+
+    if ( poly.method == NONE) {
         pam_syslog(idata->pamh, LOG_NOTICE, "Illegal method");
         goto skipping;
     }
@@ -448,19 +454,23 @@
 		return PAM_SESSION_ERR;
 	}
 
+	if (polyptr->method == USER) return PAM_SUCCESS;
+
+	rc = getexeccon(&scon);
+	if (rc < 0 || scon == NULL) {
+		pam_syslog(idata->pamh, LOG_ERR, 
+			   "Error getting exec context, %m");
+		return PAM_SESSION_ERR;
+	}
+
 	/*
 	 * If polyinstantiating based on security context, get current
 	 * process security context, get security class for directories,
 	 * and ask the policy to provide security context of the
 	 * polyinstantiated instance directory.
 	 */
-	if ((polyptr->method == CONTEXT) || (polyptr->method == BOTH)) {
-		rc = getexeccon(&scon);
-		if (rc < 0 || scon == NULL) {
-			pam_syslog(idata->pamh, LOG_ERR,
-					"Error getting exec context, %m");
-			return PAM_SESSION_ERR;
-		}
+
+	if (polyptr->method == CONTEXT) {
 		tclass = string_to_security_class("dir");
 
 		if (security_compute_member(scon, *origcon, tclass,
@@ -473,7 +483,48 @@
 			pam_syslog(idata->pamh, LOG_DEBUG,
 					"member context returned by policy %s", *i_context);
 		freecon(scon);
+		return PAM_SUCCESS;
 	}
+
+	/*
+	 * If polyinstantiating based on security level, get current
+	 * process security context, get security class for directories,
+	 * and change the directories MLS Level to match process.
+	 */
+
+	if (polyptr->method == LEVEL) {
+		context_t scontext = NULL;
+		context_t fcontext = NULL;
+		rc = PAM_SESSION_ERR;
+
+		scontext = context_new(scon);
+		if (! scontext) {
+			pam_syslog(idata->pamh, LOG_ERR, "out of memory");
+			goto fail;
+		}
+		fcontext = context_new(*origcon);
+		if (! fcontext) {
+			pam_syslog(idata->pamh, LOG_ERR, "out of memory");
+			goto fail;
+		}
+		if (context_range_set(fcontext, context_range_get(scontext)) != 0) {
+			pam_syslog(idata->pamh, LOG_ERR, "Unable to set MLS Componant of context");
+			goto fail;
+		}
+		*i_context=strdup(context_str(fcontext));
+		if (! *i_context) {
+			pam_syslog(idata->pamh, LOG_ERR, "out of memory");
+			goto fail;
+		}
+
+		rc = PAM_SUCCESS;
+ fail:
+		context_free(scontext);
+		context_free(fcontext);
+		freecon(scon);
+		return rc;
+	}
+	/* Should never get here */
 	return PAM_SUCCESS;
 }
 #endif
@@ -514,19 +565,14 @@
     	    break;
 
 #ifdef WITH_SELINUX
+    	case LEVEL:
         case CONTEXT:
-	    if (asprintf(i_name, "%s", *i_context) < 0) {
-		*i_name = NULL;
-		rc = PAM_SESSION_ERR;
-	    }
-    	    break;
-
-    	case BOTH:
 	    if (asprintf(i_name, "%s_%s", *i_context, idata->user) < 0) {
 		*i_name = NULL;
 		rc = PAM_SESSION_ERR;
 	    }
     	    break;
+
 #endif /* WITH_SELINUX */
 
     	default:
@@ -1158,7 +1204,7 @@
 #ifdef WITH_SELINUX
     if (is_selinux_enabled())
         idata.flags |= PAMNS_SELINUX_ENABLED;
-    if (ctxt_based_inst_needed())
+    if (ctxt_based_inst_needed()) 
         idata.flags |= PAMNS_CTXT_BASED_INST;
 #endif
 
--- Linux-PAM-0.99.7.0/modules/pam_namespace/namespace.conf.level	2006-06-27 09:07:43.000000000 -0400
+++ Linux-PAM-0.99.7.0/modules/pam_namespace/namespace.conf	2007-01-19 08:33:11.000000000 -0500
@@ -4,12 +4,10 @@
 #
 # Uncommenting the following three lines will polyinstantiate
 # /tmp, /var/tmp and user's home directories. /tmp and /var/tmp will
-# be polyinstantiated based on both security context as well as user
-# name, whereas home directory will be polyinstantiated based on
-# security context only. Polyinstantion will not be performed for
-# user root and adm for directories /tmp and /var/tmp, whereas home
-# directories will be polyinstantiated for all users. The user name
-# and/or context is appended to the instance prefix.
+# be polyinstantiated based on the MLS level part of the security context as well as user
+# name, Polyinstantion will not be performed for user root and adm for directories 
+# /tmp and /var/tmp, whereas home directories will be polyinstantiated for all users. 
+# The user name and context is appended to the instance prefix.
 #
 # Note that instance directories do not have to reside inside the
 # polyinstantiated directory. In the examples below, instances of /tmp
@@ -25,6 +23,6 @@
 # caution, as it will reduce security and isolation achieved by
 # polyinstantiation.
 #
-#/tmp     /tmp-inst/       	both      root,adm
-#/var/tmp /var/tmp/tmp-inst/   	both      root,adm
-#$HOME    $HOME/$USER.inst/inst- context
+#/tmp     /tmp-inst/       	level      root,adm
+#/var/tmp /var/tmp/tmp-inst/   	level      root,adm
+#$HOME    $HOME/$USER.inst/     level
--- Linux-PAM-0.99.7.0/modules/pam_namespace/pam_namespace.h.level	2007-01-19 08:33:11.000000000 -0500
+++ Linux-PAM-0.99.7.0/modules/pam_namespace/pam_namespace.h	2007-01-19 08:33:11.000000000 -0500
@@ -63,6 +63,7 @@
 
 #ifdef WITH_SELINUX
 #include <selinux/selinux.h>
+#include <selinux/context.h>
 #endif
 
 #ifndef CLONE_NEWNS
@@ -93,9 +94,10 @@
  * or both
  */
 enum polymethod {
+    NONE,
     USER,
     CONTEXT,
-    BOTH,
+    LEVEL,
 };
 
 /*
--- Linux-PAM-0.99.7.0/modules/pam_namespace/namespace.conf.5.xml.level	2006-06-27 09:07:43.000000000 -0400
+++ Linux-PAM-0.99.7.0/modules/pam_namespace/namespace.conf.5.xml	2007-01-19 08:33:11.000000000 -0500
@@ -22,7 +22,7 @@
     <para>
       This module allows setup of private namespaces with polyinstantiated
       directories. Directories can be polyinstantiated based on user name
-      or, in the case of SELinux, user name, security context or both.  If an
+      or, in the case of SELinux, user name, sensitivity level or complete security context.  If an
       executable script <filename>/etc/security/namespace.init</filename>
       exists, it is used to initialize the namespace every time a new instance
       directory is setup. The script receives the polyinstantiated
@@ -72,10 +72,10 @@
     <para>
       The third field, <replaceable>method</replaceable>, is the method
       used for polyinstantiation. It can take 3 different values; "user"
-      for polyinstantiation based on user name, "context" for
-      polyinstantiation based on process security context, and "both"
-      for polyinstantiation based on both user name and security context.
-      Methods "context" and "both" are only available with SELinux. This
+      for polyinstantiation based on user name, "level" for 
+      polyinstantiation based on process MLS level and user name, and "context" for
+      polyinstantiation based on process security context and user name
+      Methods "context" and "level" are only available with SELinux. This
       field cannot be blank.
     </para>
 
@@ -98,9 +98,9 @@
     <literallayout>
       # The following three lines will polyinstantiate /tmp,
       # /var/tmp and user's home directories. /tmp and /var/tmp
-      # will be polyinstantiated based on both security context
+      # will be polyinstantiated based on the security level
       # as well as user name, whereas home directory will be
-      # polyinstantiated based on security context only.
+      # polyinstantiated based on the full security context and user name.
       # Polyinstantiation will not be performed for user root
       # and adm for directories /tmp and /var/tmp, whereas home
       # directories will be polyinstantiated for all users.
@@ -112,8 +112,8 @@
       # will reside within the directories that are being
       # polyinstantiated.
       #
-      /tmp     /tmp-inst/       	both      root,adm
-      /var/tmp /var/tmp/tmp-inst/   	both      root,adm
+      /tmp     /tmp-inst/               level      root,adm
+      /var/tmp /var/tmp/tmp-inst/   	level      root,adm
       $HOME    $HOME/$USER.inst/inst- context
     </literallayout>
Commit	Line	Data
83f626c2 JR	1	--- Linux-PAM-0.99.7.0/modules/pam_namespace/pam_namespace.c.level 2007-01-19 08:33:11.000000000 -0500
	2	+++ Linux-PAM-0.99.7.0/modules/pam_namespace/pam_namespace.c 2007-01-19 08:33:11.000000000 -0500
	3	@@ -244,23 +244,29 @@
	4	}
	5	strcpy(poly.dir, dir);
	6	strcpy(poly.instance_prefix, instance_prefix);
	7	- if (strcmp(method, "user") == 0)
	8	- poly.method = USER;
	9	+
	10	+ poly.method = NONE;
	11	+ if (strcmp(method, "user") == 0)
	12	+ poly.method = USER;
	13	+
	14	#ifdef WITH_SELINUX
	15	- else if (strcmp(method, "context") == 0) {
	16	+ if (strcmp(method, "level") == 0) {
	17	if (idata->flags & PAMNS_CTXT_BASED_INST)
	18	- poly.method = CONTEXT;
	19	+ poly.method = LEVEL;
	20	else
	21	poly.method = USER;
	22	- } else if (strcmp(method, "both") == 0) {
	23	+ }
	24	+
	25	+ if (strcmp(method, "context") == 0) {
	26	if (idata->flags & PAMNS_CTXT_BASED_INST)
	27	- poly.method = BOTH;
	28	+ poly.method = CONTEXT;
	29	else
	30	poly.method = USER;
	31	}
	32
	33	#endif
	34	- else {
	35	+
	36	+ if ( poly.method == NONE) {
	37	pam_syslog(idata->pamh, LOG_NOTICE, "Illegal method");
	38	goto skipping;
	39	}
	40	@@ -448,19 +454,23 @@
	41	return PAM_SESSION_ERR;
	42	}
	43
	44	+ if (polyptr->method == USER) return PAM_SUCCESS;
	45	+
	46	+ rc = getexeccon(&scon);
	47	+ if (rc < 0 \|\| scon == NULL) {
	48	+ pam_syslog(idata->pamh, LOG_ERR,
	49	+ "Error getting exec context, %m");
	50	+ return PAM_SESSION_ERR;
	51	+ }
	52	+
	53	/*
	54	* If polyinstantiating based on security context, get current
	55	* process security context, get security class for directories,
	56	* and ask the policy to provide security context of the
	57	* polyinstantiated instance directory.
	58	*/
	59	- if ((polyptr->method == CONTEXT) \|\| (polyptr->method == BOTH)) {
	60	- rc = getexeccon(&scon);
	61	- if (rc < 0 \|\| scon == NULL) {
	62	- pam_syslog(idata->pamh, LOG_ERR,
	63	- "Error getting exec context, %m");
	64	- return PAM_SESSION_ERR;
65	- }
66	+
67	+ if (polyptr->method == CONTEXT) {
68	tclass = string_to_security_class("dir");
69
70	if (security_compute_member(scon, *origcon, tclass,
71	@@ -473,7 +483,48 @@
72	pam_syslog(idata->pamh, LOG_DEBUG,
73	"member context returned by policy %s", *i_context);
74	freecon(scon);
75	+ return PAM_SUCCESS;
76	}
77	+
78	+ /*
79	+ * If polyinstantiating based on security level, get current
80	+ * process security context, get security class for directories,
81	+ * and change the directories MLS Level to match process.
82	+ */
83	+
84	+ if (polyptr->method == LEVEL) {
85	+ context_t scontext = NULL;
86	+ context_t fcontext = NULL;
87	+ rc = PAM_SESSION_ERR;
88	+
89	+ scontext = context_new(scon);
90	+ if (! scontext) {
91	+ pam_syslog(idata->pamh, LOG_ERR, "out of memory");
92	+ goto fail;
93	+ }
94	+ fcontext = context_new(*origcon);
95	+ if (! fcontext) {
96	+ pam_syslog(idata->pamh, LOG_ERR, "out of memory");
97	+ goto fail;
98	+ }
99	+ if (context_range_set(fcontext, context_range_get(scontext)) != 0) {
100	+ pam_syslog(idata->pamh, LOG_ERR, "Unable to set MLS Componant of context");
101	+ goto fail;
102	+ }
103	+ *i_context=strdup(context_str(fcontext));
104	+ if (! *i_context) {
105	+ pam_syslog(idata->pamh, LOG_ERR, "out of memory");
106	+ goto fail;
107	+ }
108	+
109	+ rc = PAM_SUCCESS;
110	+ fail:
111	+ context_free(scontext);
112	+ context_free(fcontext);
113	+ freecon(scon);
114	+ return rc;
115	+ }
116	+ /* Should never get here */
117	return PAM_SUCCESS;
118	}
119	#endif
120	@@ -514,19 +565,14 @@
121	break;
122
123	#ifdef WITH_SELINUX
124	+ case LEVEL:
125	case CONTEXT:
126	- if (asprintf(i_name, "%s", *i_context) < 0) {
127	- *i_name = NULL;
128	- rc = PAM_SESSION_ERR;
129	- }
130	- break;
131	-
132	- case BOTH:
133	if (asprintf(i_name, "%s_%s", *i_context, idata->user) < 0) {
134	*i_name = NULL;
135	rc = PAM_SESSION_ERR;
136	}
137	break;
138	+
139	#endif /* WITH_SELINUX */
140
141	default:
142	@@ -1158,7 +1204,7 @@
143	#ifdef WITH_SELINUX
144	if (is_selinux_enabled())
145	idata.flags \|= PAMNS_SELINUX_ENABLED;
146	- if (ctxt_based_inst_needed())
147	+ if (ctxt_based_inst_needed())
148	idata.flags \|= PAMNS_CTXT_BASED_INST;
149	#endif
150
151	--- Linux-PAM-0.99.7.0/modules/pam_namespace/namespace.conf.level 2006-06-27 09:07:43.000000000 -0400
152	+++ Linux-PAM-0.99.7.0/modules/pam_namespace/namespace.conf 2007-01-19 08:33:11.000000000 -0500
153	@@ -4,12 +4,10 @@
154	#
155	# Uncommenting the following three lines will polyinstantiate
156	# /tmp, /var/tmp and user's home directories. /tmp and /var/tmp will
157	-# be polyinstantiated based on both security context as well as user
158	-# name, whereas home directory will be polyinstantiated based on
159	-# security context only. Polyinstantion will not be performed for
160	-# user root and adm for directories /tmp and /var/tmp, whereas home
161	-# directories will be polyinstantiated for all users. The user name
162	-# and/or context is appended to the instance prefix.
163	+# be polyinstantiated based on the MLS level part of the security context as well as user
164	+# name, Polyinstantion will not be performed for user root and adm for directories
165	+# /tmp and /var/tmp, whereas home directories will be polyinstantiated for all users.
166	+# The user name and context is appended to the instance prefix.
167	#
168	# Note that instance directories do not have to reside inside the
169	# polyinstantiated directory. In the examples below, instances of /tmp
170	@@ -25,6 +23,6 @@
171	# caution, as it will reduce security and isolation achieved by
172	# polyinstantiation.
173	#
174	-#/tmp /tmp-inst/ both root,adm
175	-#/var/tmp /var/tmp/tmp-inst/ both root,adm
176	-#$HOME $HOME/$USER.inst/inst- context
177	+#/tmp /tmp-inst/ level root,adm
178	+#/var/tmp /var/tmp/tmp-inst/ level root,adm
179	+#$HOME $HOME/$USER.inst/ level
180	--- Linux-PAM-0.99.7.0/modules/pam_namespace/pam_namespace.h.level 2007-01-19 08:33:11.000000000 -0500
181	+++ Linux-PAM-0.99.7.0/modules/pam_namespace/pam_namespace.h 2007-01-19 08:33:11.000000000 -0500
182	@@ -63,6 +63,7 @@
183
184	#ifdef WITH_SELINUX
185	#include <selinux/selinux.h>
186	+#include <selinux/context.h>
187	#endif
188
189	#ifndef CLONE_NEWNS
190	@@ -93,9 +94,10 @@
191	* or both
192	*/
193	enum polymethod {
194	+ NONE,
195	USER,
196	CONTEXT,
197	- BOTH,
198	+ LEVEL,
199	};
200
201	/*
202	--- Linux-PAM-0.99.7.0/modules/pam_namespace/namespace.conf.5.xml.level 2006-06-27 09:07:43.000000000 -0400
203	+++ Linux-PAM-0.99.7.0/modules/pam_namespace/namespace.conf.5.xml 2007-01-19 08:33:11.000000000 -0500
204	@@ -22,7 +22,7 @@
205	<para>
206	This module allows setup of private namespaces with polyinstantiated
207	directories. Directories can be polyinstantiated based on user name
208	- or, in the case of SELinux, user name, security context or both. If an
209	+ or, in the case of SELinux, user name, sensitivity level or complete security context. If an
210	executable script <filename>/etc/security/namespace.init</filename>
211	exists, it is used to initialize the namespace every time a new instance
212	directory is setup. The script receives the polyinstantiated
213	@@ -72,10 +72,10 @@
214	<para>
215	The third field, <replaceable>method</replaceable>, is the method
216	used for polyinstantiation. It can take 3 different values; "user"
217	- for polyinstantiation based on user name, "context" for
218	- polyinstantiation based on process security context, and "both"
219	- for polyinstantiation based on both user name and security context.
220	- Methods "context" and "both" are only available with SELinux. This
221	+ for polyinstantiation based on user name, "level" for
222	+ polyinstantiation based on process MLS level and user name, and "context" for
223	+ polyinstantiation based on process security context and user name
224	+ Methods "context" and "level" are only available with SELinux. This
225	field cannot be blank.
226	</para>
227
228	@@ -98,9 +98,9 @@
229	<literallayout>
230	# The following three lines will polyinstantiate /tmp,
231	# /var/tmp and user's home directories. /tmp and /var/tmp
232	- # will be polyinstantiated based on both security context
233	+ # will be polyinstantiated based on the security level
234	# as well as user name, whereas home directory will be
235	- # polyinstantiated based on security context only.
236	+ # polyinstantiated based on the full security context and user name.
237	# Polyinstantiation will not be performed for user root
238	# and adm for directories /tmp and /var/tmp, whereas home
239	# directories will be polyinstantiated for all users.
240	@@ -112,8 +112,8 @@
241	# will reside within the directories that are being
242	# polyinstantiated.
243	#
244	- /tmp /tmp-inst/ both root,adm
245	- /var/tmp /var/tmp/tmp-inst/ both root,adm
246	+ /tmp /tmp-inst/ level root,adm
247	+ /var/tmp /var/tmp/tmp-inst/ level root,adm
248	$HOME $HOME/$USER.inst/inst- context
249	</literallayout>
250