From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 34EFD139694 for ; Thu, 18 May 2017 17:03:38 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 60A7EE0EA3; Thu, 18 May 2017 17:03:31 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 287F4E0EA3 for ; Thu, 18 May 2017 17:03:31 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 162DE3416BE for ; Thu, 18 May 2017 17:03:30 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id D728C745F for ; Thu, 18 May 2017 17:03:28 +0000 (UTC) From: "Sven Vermeulen" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" Message-ID: <1495126846.a2905af973f935e826ee973a5ec5895d6a848fc8.swift@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/system/selinuxutil.te X-VCS-Directories: policy/modules/system/ X-VCS-Committer: swift X-VCS-Committer-Name: Sven Vermeulen X-VCS-Revision: a2905af973f935e826ee973a5ec5895d6a848fc8 X-VCS-Branch: master Date: Thu, 18 May 2017 17:03:28 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 101dd1b0-6f62-4560-8063-0050a01aeb2e X-Archives-Hash: 6b6bfa99210bae20c71de56e2f3bcf6d commit: a2905af973f935e826ee973a5ec5895d6a848fc8 Author: Luis Ressel aixah de> AuthorDate: Mon May 8 17:02:14 2017 +0000 Commit: Sven Vermeulen gentoo org> CommitDate: Thu May 18 17:00:46 2017 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=a2905af9 system/selinuxutil: Allow semanage to execute its tmp files Since app-admin/setools-4.1.0, some python internals try to create and execute a file in /tmp during semanage initalization, causing semanage to crash. Here's the backtrace (with the path "/usr/lib64/python3.4/site-packages" replaced by "py" for brevity): Traceback (most recent call last): File "/usr/lib/python-exec/python3.4/semanage", line 28, in import seobject File "py/seobject.py", line 34, in import sepolicy File "py/sepolicy/__init__.py", line 8, in import setools File "py/setools/__init__.py", line 77, in from .infoflow import InfoFlowAnalysis File "py/setools/infoflow.py", line 22, in import networkx as nx File "py/networkx/__init__.py", line 93, in import networkx.linalg File "py/networkx/linalg/__init__.py", line 9, in from networkx.linalg.algebraicconnectivity import * File "py/networkx/linalg/algebraicconnectivity.py", line 18, in from numpy import (array, asmatrix, asarray, dot, matrix, ndarray, ones, File "py/numpy/__init__.py", line 180, in from . import add_newdocs File "py/numpy/add_newdocs.py", line 13, in from numpy.lib import add_newdoc File "py/numpy/lib/__init__.py", line 8, in from .type_check import * File "py/numpy/lib/type_check.py", line 11, in import numpy.core.numeric as _nx File "py/numpy/core/__init__.py", line 22, in from . import _internal # for freeze programs File "py/numpy/core/_internal.py", line 14, in import ctypes File "/usr/lib64/python3.4/ctypes/__init__.py", line 541, in _reset_cache() File "/usr/lib64/python3.4/ctypes/__init__.py", line 280, in _reset_cache CFUNCTYPE(c_int)(lambda: None) MemoryError policy/modules/system/selinuxutil.te | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te index 748e4acf..487bceca 100644 --- a/policy/modules/system/selinuxutil.te +++ b/policy/modules/system/selinuxutil.te @@ -488,7 +488,7 @@ allow semanage_t policy_src_t:dir search; filetrans_pattern(semanage_t, selinux_config_t, semanage_store_t, dir, "modules") allow semanage_t semanage_tmp_t:dir manage_dir_perms; -allow semanage_t semanage_tmp_t:file manage_file_perms; +allow semanage_t semanage_tmp_t:file { manage_file_perms mmap_file_perms }; files_tmp_filetrans(semanage_t, semanage_tmp_t, { file dir }) kernel_read_system_state(semanage_t) From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 7DF15139695 for ; Thu, 18 May 2017 17:02:41 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 1D400E0EAC; Thu, 18 May 2017 17:02:40 +0000 (UTC) Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id D90B0E0EEC for ; Thu, 18 May 2017 17:02:39 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id ECF273416A5 for ; Thu, 18 May 2017 17:02:38 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 8B71C745F for ; Thu, 18 May 2017 17:02:37 +0000 (UTC) From: "Sven Vermeulen" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" Message-ID: <1495126846.a2905af973f935e826ee973a5ec5895d6a848fc8.swift@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:swift commit in: policy/modules/system/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/system/selinuxutil.te X-VCS-Directories: policy/modules/system/ X-VCS-Committer: swift X-VCS-Committer-Name: Sven Vermeulen X-VCS-Revision: a2905af973f935e826ee973a5ec5895d6a848fc8 X-VCS-Branch: swift Date: Thu, 18 May 2017 17:02:37 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 42d5c165-bd63-4e34-92a0-8b5056f8c9b5 X-Archives-Hash: 4c4a4e4e0a7c2c5c03a2e6b3d7fdacfd Message-ID: <20170518170237.2BOGEAAMGkv0aIeuHTJESiBFt-Y_tODEERlL2grIRv8@z> commit: a2905af973f935e826ee973a5ec5895d6a848fc8 Author: Luis Ressel aixah de> AuthorDate: Mon May 8 17:02:14 2017 +0000 Commit: Sven Vermeulen gentoo org> CommitDate: Thu May 18 17:00:46 2017 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=a2905af9 system/selinuxutil: Allow semanage to execute its tmp files Since app-admin/setools-4.1.0, some python internals try to create and execute a file in /tmp during semanage initalization, causing semanage to crash. Here's the backtrace (with the path "/usr/lib64/python3.4/site-packages" replaced by "py" for brevity): Traceback (most recent call last): File "/usr/lib/python-exec/python3.4/semanage", line 28, in import seobject File "py/seobject.py", line 34, in import sepolicy File "py/sepolicy/__init__.py", line 8, in import setools File "py/setools/__init__.py", line 77, in from .infoflow import InfoFlowAnalysis File "py/setools/infoflow.py", line 22, in import networkx as nx File "py/networkx/__init__.py", line 93, in import networkx.linalg File "py/networkx/linalg/__init__.py", line 9, in from networkx.linalg.algebraicconnectivity import * File "py/networkx/linalg/algebraicconnectivity.py", line 18, in from numpy import (array, asmatrix, asarray, dot, matrix, ndarray, ones, File "py/numpy/__init__.py", line 180, in from . import add_newdocs File "py/numpy/add_newdocs.py", line 13, in from numpy.lib import add_newdoc File "py/numpy/lib/__init__.py", line 8, in from .type_check import * File "py/numpy/lib/type_check.py", line 11, in import numpy.core.numeric as _nx File "py/numpy/core/__init__.py", line 22, in from . import _internal # for freeze programs File "py/numpy/core/_internal.py", line 14, in import ctypes File "/usr/lib64/python3.4/ctypes/__init__.py", line 541, in _reset_cache() File "/usr/lib64/python3.4/ctypes/__init__.py", line 280, in _reset_cache CFUNCTYPE(c_int)(lambda: None) MemoryError policy/modules/system/selinuxutil.te | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te index 748e4acf..487bceca 100644 --- a/policy/modules/system/selinuxutil.te +++ b/policy/modules/system/selinuxutil.te @@ -488,7 +488,7 @@ allow semanage_t policy_src_t:dir search; filetrans_pattern(semanage_t, selinux_config_t, semanage_store_t, dir, "modules") allow semanage_t semanage_tmp_t:dir manage_dir_perms; -allow semanage_t semanage_tmp_t:file manage_file_perms; +allow semanage_t semanage_tmp_t:file { manage_file_perms mmap_file_perms }; files_tmp_filetrans(semanage_t, semanage_tmp_t, { file dir }) kernel_read_system_state(semanage_t)