[Pkg-sysvinit-commits] r1427 - in sysvinit-upstream/trunk: doc src

Petter Reinholdtsen pere at alioth.debian.org
Fri Jul 10 21:47:28 UTC 2009 

Author: pere
Date: 2009-07-10 21:47:28 +0000 (Fri, 10 Jul 2009)
New Revision: 1427

Modified:
   sysvinit-upstream/trunk/doc/Changelog
   sysvinit-upstream/trunk/src/Makefile
   sysvinit-upstream/trunk/src/init.c
   sysvinit-upstream/trunk/src/sulogin.c
Log:
Add support for SE Linux capability handling.  Patch from Manoj
Srivastava, adjusted to avoid aborting if SE policy was loaded in
the initrd with patch from Bill Nottingham and Fedora.


Modified: sysvinit-upstream/trunk/doc/Changelog
===================================================================
--- sysvinit-upstream/trunk/doc/Changelog	2009-07-10 21:44:44 UTC (rev 1426)
+++ sysvinit-upstream/trunk/doc/Changelog	2009-07-10 21:47:28 UTC (rev 1427)
@@ -33,6 +33,9 @@
   * Change install rules to make pidof an absolute symlink.  Patch from
     Thomas Hood.
   * Improve error message from init if fork() fail.  Patch found in Suse.
+  * Add support for SE Linux capability handling.  Patch from Manoj
+    Srivastava, adjusted to avoid aborting if SE policy was loaded in
+    the initrd with patch from Bill Nottingham and Fedora.
 
  -- Petter Reinholdtsen <pere at debian.org>  Fri, 30 Jul 2004 14:14:58 +0200
 

Modified: sysvinit-upstream/trunk/src/Makefile
===================================================================
--- sysvinit-upstream/trunk/src/Makefile	2009-07-10 21:44:44 UTC (rev 1426)
+++ sysvinit-upstream/trunk/src/Makefile	2009-07-10 21:47:28 UTC (rev 1427)
@@ -51,6 +51,18 @@
 INSTALL_DATA	= install -o $(BIN_OWNER) -g $(BIN_GROUP) -m 644
 MANDIR		= /usr/share/man
 
+ifeq ($(WITH_SELINUX),yes)
+  SELINUX_DEF=-DWITH_SELINUX
+  INIT_SELIBS=-lsepol -lselinux
+  SULOGIN_SELIBS=-lselinux	
+else
+  SELINUX_DEF=
+  INIT_SELIBS=
+  SULOGIN_SELIBS=
+endif
+
+
+
 # Additional libs for GNU libc.
 ifneq ($(wildcard /usr/lib/libcrypt.a),)
 LCRYPT		= -lcrypt
@@ -59,7 +71,7 @@
 all:		$(BIN) $(SBIN) $(USRBIN)
 
 init:		init.o init_utmp.o
-		$(CC) $(LDFLAGS) $(STATIC) -o $@ init.o init_utmp.o
+		$(CC) $(LDFLAGS) $(STATIC) -o $@ init.o init_utmp.o $(INIT_SELIBS)
 
 halt:		halt.o ifdown.o hddown.o utmp.o reboot.h
 		$(CC) $(LDFLAGS) -o $@ halt.o ifdown.o hddown.o utmp.o
@@ -80,7 +92,7 @@
 		$(CC) $(LDFLAGS) -o $@ runlevel.o
 
 sulogin:	sulogin.o
-		$(CC) $(LDFLAGS) $(STATIC) -o $@ sulogin.o $(LCRYPT)
+		$(CC) $(LDFLAGS) $(STATIC) $(SELINUX_DEF) -o $@ $^ $(LCRYPT) $(SULOGIN_SELIBS)
 
 wall:		dowall.o wall.o
 		$(CC) $(LDFLAGS) -o $@ dowall.o wall.o
@@ -91,8 +103,11 @@
 bootlogd:	bootlogd.o
 		$(CC) $(LDFLAGS) -o $@ bootlogd.o -lutil
 
+sulogin.o:	sulogin.c 
+		$(CC) -c $(CFLAGS) $(SELINUX_DEF) sulogin.c
+
 init.o:		init.c init.h set.h reboot.h initreq.h
-		$(CC) -c $(CFLAGS) init.c
+		$(CC) -c $(CFLAGS) $(SELINUX_DEF)  init.c
 
 utmp.o:		utmp.c init.h
 		$(CC) -c $(CFLAGS) utmp.c

Modified: sysvinit-upstream/trunk/src/init.c
===================================================================
--- sysvinit-upstream/trunk/src/init.c	2009-07-10 21:44:44 UTC (rev 1426)
+++ sysvinit-upstream/trunk/src/init.c	2009-07-10 21:47:28 UTC (rev 1427)
@@ -43,6 +43,11 @@
 #include <sys/syslog.h>
 #include <sys/time.h>
 
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#endif
+
+
 #ifdef __i386__
 #  if (__GLIBC__ >= 2)
      /* GNU libc 2.x */
@@ -2602,6 +2607,7 @@
 	char			*p;
 	int			f;
 	int			isinit;
+	int			enforce = 0;
 
 	/* Get my own name */
 	if ((p = strrchr(argv[0], '/')) != NULL)
@@ -2665,6 +2671,21 @@
 		maxproclen += strlen(argv[f]) + 1;
 	}
 
+#ifdef WITH_SELINUX
+  	if (getenv("SELINUX_INIT") == NULL && !is_selinux_enabled()) {
+	  putenv("SELINUX_INIT=YES");
+	  if (selinux_init_load_policy(&enforce) == 0 ) {
+	    execv(myname, argv);
+	  } else {
+	    if (enforce > 0) {
+	      /* SELinux in enforcing mode but load_policy failed */
+	      /* At this point, we probably can't open /dev/console, so log() won't work */
+		    fprintf(stderr,"Unable to load SELinux Policy. Machine is in enforcing mode. Halting now.\n");
+	      exit(1);
+	    }
+	  }
+	}
+#endif  
 	/* Start booting. */
 	argv0 = argv[0];
 	argv[1] = NULL;

Modified: sysvinit-upstream/trunk/src/sulogin.c
===================================================================
--- sysvinit-upstream/trunk/src/sulogin.c	2009-07-10 21:44:44 UTC (rev 1426)
+++ sysvinit-upstream/trunk/src/sulogin.c	2009-07-10 21:47:28 UTC (rev 1427)
@@ -28,6 +28,11 @@
 #  include <crypt.h>
 #endif
 
+#ifdef WITH_SELINUX
+#  include <selinux/selinux.h>
+#  include <selinux/get_context_list.h>
+#endif
+
 #define CHECK_DES	1
 #define CHECK_MD5	1
 
@@ -335,6 +340,21 @@
 	signal(SIGINT, SIG_DFL);
 	signal(SIGTSTP, SIG_DFL);
 	signal(SIGQUIT, SIG_DFL);
+#ifdef WITH_SELINUX
+	if (is_selinux_enabled > 0) {
+	  security_context_t scon=NULL;
+	  char *seuser=NULL;
+	  char *level=NULL;
+	  if (getseuserbyname("root", &seuser, &level) == 0)
+		  if (get_default_context_with_level(seuser, level, 0, &scon) > 0) {
+			  if (setexeccon(scon) != 0) 
+				  fprintf(stderr, "setexeccon faile\n");
+			  freecon(scon);
+		  }
+		free(seuser);
+		free(level);
+	}
+#endif
 	execl(sushell, shell, NULL);
 	perror(sushell);

More information about the Pkg-sysvinit-commits mailing list