|
 |
488ce5 |
From 9bf63bb85d4d2cab73181ee1d8d0b07961ce4a80 Mon Sep 17 00:00:00 2001
|
|
|
488ce5 |
From: Vit Mojzis <vmojzis@redhat.com>
|
|
|
488ce5 |
Date: Thu, 17 Feb 2022 14:14:15 +0100
|
|
|
488ce5 |
Subject: [PATCH] libselinux: Strip spaces before values in config
|
|
|
488ce5 |
|
|
|
488ce5 |
Spaces before values in /etc/selinux/config should be ignored just as
|
|
|
488ce5 |
spaces after them are.
|
|
|
488ce5 |
|
|
|
488ce5 |
E.g. "SELINUXTYPE= targeted" should be a valid value.
|
|
|
488ce5 |
|
|
|
488ce5 |
Fixes:
|
|
|
488ce5 |
# sed -i 's/^SELINUXTYPE=/SELINUXTYPE= /g' /etc/selinux/config
|
|
|
488ce5 |
# dnf install <any_package>
|
|
|
488ce5 |
...
|
|
|
488ce5 |
RPM: error: selabel_open: (/etc/selinux/ targeted/contexts/files/file_contexts) No such file or directory
|
|
|
488ce5 |
RPM: error: Plugin selinux: hook tsm_pre failed
|
|
|
488ce5 |
...
|
|
|
488ce5 |
Error: Could not run transaction.
|
|
|
488ce5 |
|
|
|
488ce5 |
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
|
|
488ce5 |
---
|
|
|
488ce5 |
libselinux/src/selinux_config.c | 17 +++++++++++++----
|
|
|
488ce5 |
1 file changed, 13 insertions(+), 4 deletions(-)
|
|
|
488ce5 |
|
|
|
488ce5 |
diff --git a/libselinux/src/selinux_config.c b/libselinux/src/selinux_config.c
|
|
|
488ce5 |
index b06cb63b..0892b87c 100644
|
|
|
488ce5 |
--- a/libselinux/src/selinux_config.c
|
|
|
488ce5 |
+++ b/libselinux/src/selinux_config.c
|
|
|
488ce5 |
@@ -91,6 +91,7 @@ int selinux_getenforcemode(int *enforce)
|
|
|
488ce5 |
FILE *cfg = fopen(SELINUXCONFIG, "re");
|
|
|
488ce5 |
if (cfg) {
|
|
|
488ce5 |
char *buf;
|
|
|
488ce5 |
+ char *tag;
|
|
|
488ce5 |
int len = sizeof(SELINUXTAG) - 1;
|
|
|
488ce5 |
buf = malloc(selinux_page_size);
|
|
|
488ce5 |
if (!buf) {
|
|
|
488ce5 |
@@ -100,21 +101,24 @@ int selinux_getenforcemode(int *enforce)
|
|
|
488ce5 |
while (fgets_unlocked(buf, selinux_page_size, cfg)) {
|
|
|
488ce5 |
if (strncmp(buf, SELINUXTAG, len))
|
|
|
488ce5 |
continue;
|
|
|
488ce5 |
+ tag = buf+len;
|
|
|
488ce5 |
+ while (isspace(*tag))
|
|
|
488ce5 |
+ tag++;
|
|
|
488ce5 |
if (!strncasecmp
|
|
|
488ce5 |
- (buf + len, "enforcing", sizeof("enforcing") - 1)) {
|
|
|
488ce5 |
+ (tag, "enforcing", sizeof("enforcing") - 1)) {
|
|
|
488ce5 |
*enforce = 1;
|
|
|
488ce5 |
ret = 0;
|
|
|
488ce5 |
break;
|
|
|
488ce5 |
} else
|
|
|
488ce5 |
if (!strncasecmp
|
|
|
488ce5 |
- (buf + len, "permissive",
|
|
|
488ce5 |
+ (tag, "permissive",
|
|
|
488ce5 |
sizeof("permissive") - 1)) {
|
|
|
488ce5 |
*enforce = 0;
|
|
|
488ce5 |
ret = 0;
|
|
|
488ce5 |
break;
|
|
|
488ce5 |
} else
|
|
|
488ce5 |
if (!strncasecmp
|
|
|
488ce5 |
- (buf + len, "disabled",
|
|
|
488ce5 |
+ (tag, "disabled",
|
|
|
488ce5 |
sizeof("disabled") - 1)) {
|
|
|
488ce5 |
*enforce = -1;
|
|
|
488ce5 |
ret = 0;
|
|
|
488ce5 |
@@ -177,7 +181,10 @@ static void init_selinux_config(void)
|
|
|
488ce5 |
|
|
|
488ce5 |
if (!strncasecmp(buf_p, SELINUXTYPETAG,
|
|
|
488ce5 |
sizeof(SELINUXTYPETAG) - 1)) {
|
|
|
488ce5 |
- type = strdup(buf_p + sizeof(SELINUXTYPETAG) - 1);
|
|
|
488ce5 |
+ buf_p += sizeof(SELINUXTYPETAG) - 1;
|
|
|
488ce5 |
+ while (isspace(*buf_p))
|
|
|
488ce5 |
+ buf_p++;
|
|
|
488ce5 |
+ type = strdup(buf_p);
|
|
|
488ce5 |
if (!type)
|
|
|
488ce5 |
return;
|
|
|
488ce5 |
end = type + strlen(type) - 1;
|
|
|
488ce5 |
@@ -199,6 +206,8 @@ static void init_selinux_config(void)
|
|
|
488ce5 |
} else if (!strncmp(buf_p, REQUIRESEUSERS,
|
|
|
488ce5 |
sizeof(REQUIRESEUSERS) - 1)) {
|
|
|
488ce5 |
value = buf_p + sizeof(REQUIRESEUSERS) - 1;
|
|
|
488ce5 |
+ while (isspace(*value))
|
|
|
488ce5 |
+ value++;
|
|
|
488ce5 |
intptr = &require_seusers;
|
|
|
488ce5 |
} else {
|
|
|
488ce5 |
continue;
|
|
|
488ce5 |
--
|
|
|
488ce5 |
2.35.3
|
|
|
488ce5 |
|