Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

libselinux: selabel_digest -b x/media/db error #427

Open
stillyger opened this issue Mar 13, 2024 · 1 comment
Open

libselinux: selabel_digest -b x/media/db error #427

stillyger opened this issue Mar 13, 2024 · 1 comment

Comments

@stillyger
Copy link

After the commit 65c8fd4, the following error is reported:

[root@localhost ~]# selabel_digest -b db
ERROR: selabel_open: Invalid argument
[root@localhost ~]# 
[root@localhost ~]# selabel_digest -b x
ERROR: selabel_open: Invalid argument
[root@localhost ~]# 
[root@localhost ~]# 
[root@localhost ~]# selabel_digest -b media
ERROR: selabel_open: Invalid argument
[root@localhost ~]#

libselinux/utils/selabel_digest.c +74
The main function sets the type to SELABEL_OPT_PATH, SELABEL_OPT_BASEONLY and SELABEL_OPT_DIGEST.

	struct selinux_opt selabel_option[] = {
		{ SELABEL_OPT_PATH, file },
		{ SELABEL_OPT_BASEONLY, baseonly },
		{ SELABEL_OPT_DIGEST, digest }
	};

libselinux/src/label_media.c +85
In init, the supported types are SELABEL_OPT_PATH, SELABEL_OPT_UNUSED, SELABEL_OPT_VALIDATE and SELABEL_OPT_DIGEST.
Type SELABEL_OPT_BASEONLY is not supported.

	/* Process arguments */
	while (n) {
		n--;
		switch(opts[n].type) {
		case SELABEL_OPT_PATH:
			path = opts[n].value;
			break;
		case SELABEL_OPT_UNUSED:
		case SELABEL_OPT_VALIDATE:
		case SELABEL_OPT_DIGEST:
			break;
		default:
			errno = EINVAL;
			return -1;
		}
}

So when we go to type SELABEL_OPT_BASEONLY, the init func return failure.
@stillyger stillyger mentioned this issue Mar 14, 2024
Closed
@bachradsusi
Copy link
Member

Proposed fix - https://lore.kernel.org/selinux/[email protected]/T/#m750850db6e78d2e6b4c80d5e4fe95bd45e8eafc0

jwcart2 pushed a commit to jwcart2/selinux that referenced this issue Mar 20, 2024
@cgzones @jwcart2
libselinux/utils/selabel_digest: pass BASEONLY only for file backend
48277c5 
Since commit 65c8fd4 ("libselinux: fail selabel_open(3) on invalid
option") selabel_open(3) rejects options not supported for the
respective backend.  Pass SELABEL_OPT_BASEONLY only if the file backend
is selected.

Reported-by: zgzxx (SELinuxProject#427)
Fixes: 65c8fd4 ("libselinux: fail selabel_open(3) on invalid option")
Signed-off-by: Christian Göttsche <[email protected]>
Acked-by: James Carter <[email protected]>
jwcart2 pushed a commit that referenced this issue Mar 20, 2024
@cgzones @jwcart2
libselinux/utils/selabel_digest: pass BASEONLY only for file backend
fb49789 
Since commit 65c8fd4 ("libselinux: fail selabel_open(3) on invalid
option") selabel_open(3) rejects options not supported for the
respective backend.  Pass SELABEL_OPT_BASEONLY only if the file backend
is selected.

Reported-by: zgzxx (#427)
Fixes: 65c8fd4 ("libselinux: fail selabel_open(3) on invalid option")
Signed-off-by: Christian Göttsche <[email protected]>
Acked-by: James Carter <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bachradsusi @stillyger