Skip to content

Merge20251008 #497

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

Merge20251008 #497

wants to merge 2 commits into from

Conversation

@stephensmalley
Copy link
Member

@stephensmalley stephensmalley commented Oct 7, 2025

Please read CONTRIBUTING.md

Contributing Code

Post the patch for the review to the
SELinux mailing list at
[email protected].

When preparing patches, please follow these guidelines:

  • Patches should apply with git am
  • Must apply against HEAD of the main branch
  • Separate large patches into logical patches
  • Patch descriptions must end with your "Signed-off-by" line. This means your
    code meets the Developer's certificate of origin, see below.

pranlawate and others added 2 commits October 7, 2025 13:45
@pranlawate @stephensmalley
improve semanage man pages: Add examples for -r RANGE flag usage
ac5e012 
This patch adds missing examples to the semanage-port and
semanage-fcontext man pages showing the correct usage of the -r RANGE
flag for MLS/MCS systems. Currently, users who try to use the -r flag
without proper examples often encounter unclear error messages when
they provide invalid range formats.

For example, here is a command with wrong range string value:
libsepol.mls_from_string: invalid MLS context s0.c0 (No such file or directory)
[...error output...]

The added examples demonstrate:
  - Correct MLS range format: s0:c0.c255
  - Complete command syntax with the -r flag for both port and
    fcontext operations
  - Clear indication that this is for MLS/MCS systems only
  - Verification method using seinfo for port changes (semanage port -l
    only shows type, not MLS range)
  - Use -F flag to restorecon in fcontext example (required to force
    relabeling)

Signed-off-by: Pranav Lawate <[email protected]>
Acked-by: Stephen Smalley <[email protected]>
@WavyEbuilder @stephensmalley
seunshare: fix the frail tmpdir cleanup
ceb5b22 
For some reason, rm is invoked via system (3) to cleanup the runtime
temp directory.  This really isn't all that robust, *especially* given
that seunshare is supposed to be a security boundary.  Instead do this
using libc, the API designed to be used within C programs.

Also make sure that we don't follow symbolic links; the input being
deleted is untrusted, and hence a malicious symbolic link may be placed
outside of the sandbox.

Signed-off-by: Rahul Sandhu <[email protected]>
Acked-by: Stephen Smalley <[email protected]>
@stephensmalley
Copy link
Member Author

stephensmalley commented Oct 7, 2025

PR for CI testing only

@stephensmalley stephensmalley deleted the merge20251008 branch October 8, 2025 13:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@stephensmalley @pranlawate @WavyEbuilder