>>SELinux Mailing List

Contents

Overview

What's New

Frequently Asked Questions

Background

Documentation

License

Download

Participating

Mail List

Archive Summary

Archive by Thread

Archive by Author

Archive by Date

Archive by Subject

Remaining Work

Contributors

Related Work

Press Releases

Re: checkpolicy fails

From: Jan Petranek <jan.petranek_at_student.uni-tuebingen.de>
Date: Tue, 3 Jul 2001 23:21:08 +0200 (CEST)

On Tue, 3 Jul 2001, Stephen Smalley wrote:

> Date: Tue, 3 Jul 2001 08:51:01 -0400 (EDT)
> From: Stephen Smalley <sds@tislabs.com>
> To: Jan Petranek <jan.petranek@student.uni-tuebingen.de>
> Cc: NSA Selinux Mailinglist <selinux@tycho.nsa.gov>
> Subject: Re: checkpolicy fails
>
>
> On Tue, 3 Jul 2001, Jan Petranek wrote:
>
> > ./setfiles: invalid context system_u:object_r:user_netscape_rw_ti on line number 66
>
> This error has been previously reported by Hugo Martinez and by Rajan
> Ravindran, but I haven't been able to replicate it. Try using gdb
> on the setfiles program, setting a breakpoint immediately after the sscanf
> call (line 458) and a breakpoint before the security_context_to_sid call
> (line 553). Examine context at each breakpoint.

Well, I did as you told me. The program setfiles runs twice through all entries in the file_contexts file. During the first run, nothing special has happened (or if so, I must have overlooked it. But then again, the error messages would have come in twice).

In the second run, all went fine until the miraculous line 66: In the beginning, the context is not set (like always at this point).

Breakpoint 1, main (argc=3, argv=0xbffffb2c) at setfiles.c:458

458                             if (items < 2) {

2: *context = 0 '\000'
1: context = 0x8158a80 ""

As we come to the second breakpoint, the content has read the context correctly from the file:

Breakpoint 2, main (argc=3, argv=0xbffffb2c) at setfiles.c:553

553                                             len = strlen(context);

2: *context = 115 's'
1: context = 0x81586f0 "system_u:object_r:user_netscape_rw_ti" (gdb)

But then, probably as the scanf is invoked, the content doesn't seem to fit any more:

Continuing.
/slinux/policy/setfiles: invalid context system_u:object_r:user_netscape_rw_ti on line number 66

And so on...

I am not using MLS, so where does the "i" come frome? 1: context = 0x81586f0 "system_u:object_r:user_netscape_rw_ti"

BTW: the directory /home/user/.netscape doesn't exist (yet) on the system. But files like /dev/fd0, mentioned in the context of system_u:object_r:removable_device_ti
do exist on the system...

(Maybe, I should check that again.)

So long,

JanP

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Received on Tue 3 Jul 2001 - 17:32:15 EDT

This message: [ Message body ]
Next message: Stephen Smalley: "Re: checkpolicy fails"
Previous message: Stephen Smalley: "Re: checkpolicy fails - compiler probs"
In reply to: Stephen Smalley: "Re: checkpolicy fails"
Next in thread: Stephen Smalley: "Re: checkpolicy fails"
Reply: Stephen Smalley: "Re: checkpolicy fails"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

This archive was generated by hypermail 2.2.0 on Wed 11 Jun 2008 - 08:10:25 EDT