<div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Aug 18, 2021 at 3:27 AM Rob Landley <<a href="mailto:rob@landley.net">rob@landley.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">I'm trying to implement tar --selinux and it really looks like setfscreatecon()<br>
and getfileconat() mostly boil down to simple things like "open a /proc file and<br>
read/write a blob of data", ala:<br>
<br>
int sefd = -1;<br>
...<br>
if ((FLAG(selinux) && !(FLAG(t)|FLAG(O)))<br>
&& strstart(&pp, "RHT.security.selinux="))<br></blockquote><div><br></div><div>(it's just called security.selinux where i come from... see XATTR_NAME_SELINUX in <linux/xattr.h>.)</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
{<br>
i = strlen(pp);<br>
sefd = xopen("/proc/self/attr/fscreate", O_WRONLY|WARN_ONLY);<br>
if (sefd == -1 || i!=write(sefd, pp, i))<br>
perror_msg("setfscreatecon %s", pp);<br>
}<br>
...<br>
if (sefd != -1) {<br>
write(sefd, 0, 0);<br>
close(sefd);<br>
sefd = -1;<br>
}<br>
<br>
<br>
...except that's the _raw versions of the function. The non-raw versions do a<br>
network transaction (via _iovec_???) with "setransd" and googling for that one<br>
of the first hits is <a href="https://selinuxproject.org/page/MLSStatements" rel="noreferrer" target="_blank">https://selinuxproject.org/page/MLSStatements</a> which talks<br>
about translating security context info to/from "human readable" format?<br></blockquote><div><br></div><div>(fwiw, Android builds with -DDISABLE_SETRANS, but i don't know about other systems.)</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
I'm aware this was invented by Red Hat and is thus at LEAST as insane and<br>
overengineered as systemd, but... do you know what that's all about and is there<br>
an easy way for me to NOT? (I dowanna try to do magic fallback config things to<br>
chop the --selinux help text out of the help text, I've changed my mind about<br>
that level of complexity/configurability being worth it and kind of want to<br>
eliminate that plumbing. So it's going to always DOCUMENT --selinux but can't<br>
link to the library functions without the config symbol enabled, but if I don't<br>
actually NEED the library...<br>
<br>
Yeah, I _CAN_ add a lot more "#define setfscreatecon(...)" crap to stub out the<br>
functions when it's disabled, but I don't want to? "Reach out and talk to the<br>
kernel directly" looked almost sane for a moment as long as I didn't have to<br>
care what was IN the data blob. Which none of the other implementations seems<br>
to, but they're using the "cooked" functions which go through this daemon I've<br>
never heard of which doesn't appear to have anything like a man page...<br></blockquote><div><br></div><div>yeah, i'm not sure why you're bothering with this? just let libselinux hide this cruft like you do for the rest of the selinux stuff? "not using libselinux" seems likely to upset the folks who _want_ selinux. even if it is, as you point out, pretty bad when you actually look at the implementation --- duplicating it just means now they have _two_ things that they have to audit. (similar to the libcrypto argument, though there there's FIPS that explicitly *mandates* not duplicating things, but i think the mentality is similar regardless.)</div><div><br></div><div>more practically, there's a bunch of local Android configuration in our libselinux, and i'm guessing (from your claim that RedHat doesn't even use the same name for the attribute!) that's true of the various Linux distros too... so potentially you end up needing to carry all the local cruft for every user too. doesn't seem worth it? just #define no-op variants in portability.h and let selinux users rely on their local libselinux?</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
Rob<br>
</blockquote></div></div>