Bug 1828855 - Please remove use of hardcoded SELinux security class
Summary: Please remove use of hardcoded SELinux security class
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: oddjob
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-04-28 13:33 UTC by Petr Lautrbach
Modified: 2020-05-21 02:50 UTC (History)
1 user (show)

Fixed In Version: oddjob-0.34.6-1.fc32 oddjob-0.34.6-1.fc31
Clone Of:
Environment:
Last Closed: 2020-05-14 02:36:07 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Petr Lautrbach 2020-04-28 13:33:20 UTC 
Description of problem:
https://pagure.io/oddjob/issue/5


oddjob is using hardcoded SELinux classes, this is deprecated in libselinux for about 5 years and flask.h header file will be removed in the next selinux userspace release.

Please port to the new API (string_to_security_class()) and remove selinux/flask.h include


There's a PR - https://pagure.io/oddjob/pull-request/4 with a patch which solves this issue:



From 9648f39b2e38d8d908b9cda1f0145a9f57d19572 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy>
Date: Oct 08 2019 09:31:54 +0000
Subject: [PATCH 2/2] Remove reference to selinux/flask.h


---

diff --git a/src/oddjobd.c b/src/oddjobd.c
index 32d309c..ca78550 100644
--- a/src/oddjobd.c
+++ b/src/oddjobd.c
@@ -51,7 +51,6 @@
 #ifdef SELINUX_ACLS
 #include <selinux/selinux.h>
 #include <selinux/context.h>
-#include <selinux/flask.h>
 #endif
 #include "buffer.h"
 #include "common.h"
@@ -1973,7 +1972,7 @@ oddjobd_exec_method(struct oddjob_dbus_context *ctx,
 			}
 			if (security_compute_create((char *) client_secontext,
 						    helper_context,
-						    SECCLASS_PROCESS,
+						    string_to_security_class("process"),
 						    &exec_context) != 0) {
 				/* Failed to compute exec context? */
 				exec_errno = 0xfe;
Comment 1 Fedora Update System 2020-05-12 14:45:29 UTC 
FEDORA-2020-238bbf85d8 has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-238bbf85d8
Comment 2 Fedora Update System 2020-05-12 14:45:30 UTC 
FEDORA-2020-b1fa09aa64 has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2020-b1fa09aa64
Comment 3 Fedora Update System 2020-05-13 03:55:45 UTC 
FEDORA-2020-238bbf85d8 has been pushed to the Fedora 32 testing repository.
In short time you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-238bbf85d8`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-238bbf85d8

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 4 Fedora Update System 2020-05-13 05:51:44 UTC 
FEDORA-2020-b1fa09aa64 has been pushed to the Fedora 31 testing repository.
In short time you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-b1fa09aa64`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-b1fa09aa64

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 5 Fedora Update System 2020-05-14 02:36:07 UTC 
FEDORA-2020-238bbf85d8 has been pushed to the Fedora 32 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 6 Fedora Update System 2020-05-21 02:50:08 UTC 
FEDORA-2020-b1fa09aa64 has been pushed to the Fedora 31 stable repository.
If problem still persists, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.