522087 – semanage does not work correctly with spaces in path

Bug 522087 - semanage does not work correctly with spaces in path

Summary: semanage does not work correctly with spaces in path

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	policycoreutils
Sub Component:
Version:	5.3
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Daniel Walsh
QA Contact:	BaseOS QE Security Team
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2009-09-09 13:10 UTC by David Glaser
Modified:	2009-10-15 18:32 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2009-10-15 18:32:25 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description David Glaser 2009-09-09 13:10:53 UTC

Description of problem:

semange does not work correctly when a space appears in the path to file

Version-Release number of selected component (if applicable):

from rpm: policycoreutils-1.33.12-14.2.el5

How reproducible:

apparently always

Steps to Reproduce:
1. Create a directory with a space and two files ("/home/user/test me/file1" and "/home/user/test me/file2")
2. chcon -t <context>_t /home/user/test me/file1
3. chcon -t <context>_t /home/user/test me/file2
4. semanage fcontext -a -t <context>_t /home/user/test me/file1
5. semanage fcontext -a -t <context>_t /home/user/test me/file2 

Actual results:

Step 4 completes correctly, Step 5 produces the following error(s):

#semanage fcontext -a -t <context>_t file2
libsepol.sepol_context_from_string: malformed context "me/file1"
libsepol.sepol_context_from_string: could not construct context from string
libsemanage.fcontext_parse: invalid security context "me/file1" (/etc/selinux/targeted/modules/tmp//file_contexts.local: 4)
/home/user/test me/file1    system_u:object_r:<context>_t:s0
libsemanage.fcontext_parse: could not parse file context record
libsemanage.dbase_file_cache: could not cache file database
libsemanage.enter_rw: could not enter read-write section
/usr/sbin/semanage: Could not add file context for file2



Expected results:

Policy addition would be added to /etc/selinux/targeted/modules/tmp/file_contexts.local normally.

Additional info:

This appears to happen with any file where the path has a space in it. I've attempted quoting the string passed to semanage as well as quoting and escaping the string in /etc/selinux/targeted/modules/tmp/file_contexts.local, but since it is generated, it gets overwritten.

Comment 1 Daniel Walsh 2009-09-09 21:39:20 UTC

Sadly neither to the tools or libraries.  We do not have a good solution to this other then, dont do that.
Use a regular expression to get around it.

Comment 2 David Glaser 2009-09-09 23:12:49 UTC

Not my choice, it is a piece of software called Sassafras KeyServer that we are installing that is creating directories with spaces in it, and then has an executeable that is trying to do text relocation with libraries. 

It appears the parser of the policy files just needs to be fixed. Is this something that is in the pipeline to be one? "Just don't do that" doesn't sound like a good long term solution.

I'm not sure what exactly you mean by using a regular expression to get around it either.

Thanks,
Dave

Comment 3 Daniel Walsh 2009-09-10 12:18:33 UTC

Something like

semanage fcontext -a -t <context>_t '/home/user/.*/file1'

or

semanage fcontext -a -t <context>_t '/home/user/[^/]*/file1'

Comment 4 Daniel Walsh 2009-10-15 18:32:25 UTC

This is too difficult to fix and has an easy work around.

Note You need to log in before you can comment on or make changes to this bug.