LinuxLists.cc - [refpolicy] A likewise.te bug?

2011-05-25 09:38:32

by harrytaurus2002

Subject: [refpolicy] A likewise.te bug?

Hi Chris,

I happened to find the likewise.te calls the seutils_run_semanage() interface in the below way:

seutil_run_semanage(lsassd_t, lsassd_t)

Clearly the 2nd argument should be of some role, rather than the lsassd_t type.

I am not familiar with this module, just raise this potential issue here.

Thanks,
Harry

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20110525/2eb657b6/attachment.html

2011-05-25 12:38:21

by cpebenito

[permalink] [raw]

Subject: [refpolicy] A likewise.te bug?

On 05/25/11 05:38, HarryCiao wrote:
> I happened to find the likewise.te calls the seutils_run_semanage()
> interface in the below way:
>
> seutil_run_semanage(lsassd_t, lsassd_t)
>
> Clearly the 2nd argument should be of some role, rather than the
> lsassd_t type.
>
> I am not familiar with this module, just raise this potential issue here.

Yes, its a bug. I've fixed it.

--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com

2011-05-25 12:39:39

by Daniel Walsh

[permalink] [raw]

Subject: [refpolicy] A likewise.te bug?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/25/2011 08:38 AM, Christopher J. PeBenito wrote:
> On 05/25/11 05:38, HarryCiao wrote:
>> I happened to find the likewise.te calls the seutils_run_semanage()
>> interface in the below way:
>>
>> seutil_run_semanage(lsassd_t, lsassd_t)
>>
>> Clearly the 2nd argument should be of some role, rather than the
>> lsassd_t type.
>>
>> I am not familiar with this module, just raise this potential issue here.
>
> Yes, its a bug. I've fixed it.
>

Here is the Fedora patch for likewise with a couple of other minor fixes.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk3c+IsACgkQrlYvE4MpobO26wCgiktg/GODjpKTSTrAA2WyiD+0
GaYAoOrxEchgFl4btlXsCBRGNCJN14Lc
=yr14
-----END PGP SIGNATURE-----
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: services_likewise.patch
Url: http://oss.tresys.com/pipermail/refpolicy/attachments/20110525/b0bf1965/attachment.pl
-------------- next part --------------
A non-text attachment was scrubbed...
Name: services_likewise.patch.sig
Type: application/pgp-signature
Size: 72 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20110525/b0bf1965/attachment.bin