Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 310259 Details for
Bug 413719
sys-fs/udev-init-scripts need to set selinux context on /run/udev
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch adding selinux support to checkpatch
checkpath_selinux.patch (text/plain), 3.13 KB, created by
Amadeusz Sławiński
on 2012-04-27 12:58:00 UTC
(
hide
)
Description:
patch adding selinux support to checkpatch
Filename:
MIME Type:
Creator:
Amadeusz Sławiński
Created:
2012-04-27 12:58:00 UTC
Size:
3.13 KB
patch
obsolete
>diff --git a/src/rc/Makefile b/src/rc/Makefile >index fc6b9aa..83f8d87 100644 >--- a/src/rc/Makefile >+++ b/src/rc/Makefile >@@ -32,7 +32,7 @@ CLEANFILES+= ${ALL_LINKS} > > CPPFLAGS+= -I../includes -I../librc -I../libeinfo > LDFLAGS+= -L../librc -L../libeinfo >-LDADD+= -lutil -lrc -leinfo >+LDADD+= -lutil -lrc -leinfo -lselinux > > include ../../Makefile.inc > MK= ../../mk >diff --git a/src/rc/checkpath.c b/src/rc/checkpath.c >index 7ebbb64..d98a0ae 100644 >--- a/src/rc/checkpath.c >+++ b/src/rc/checkpath.c >@@ -46,6 +46,11 @@ > #include "einfo.h" > #include "rc-misc.h" > >+#define SELINUX 1 >+#ifdef SELINUX >+#include <selinux/selinux.h> >+#endif >+ > typedef enum { > inode_unknown = 0, > inode_file = 1, >@@ -55,10 +60,44 @@ typedef enum { > > extern const char *applet; > >-/* TODO: SELinux >- * This needs a LOT of SELinux loving >- * See systemd's src/label.c:label_mkdir >- */ >+#ifdef SELINUX >+static int selinux_set_file_context(char* path, mode_t mode) { >+ security_context_t context = NULL; >+ >+ if (is_selinux_enabled() > 0) { >+ if (matchpathcon(path, mode, &context) < 0) { >+ if (security_getenforce() != 0) { >+ eerror("%s: can't get default SELinux file context", path); >+ return -1; >+ } >+ ewarn("%s: can't get default SELinux file context", path); >+ } >+ if (setfscreatecon(context) < 0) { >+ if (security_getenforce() != 0) { >+ eerror("%s: can't set SELinux file creation context", path); >+ return -1; >+ } >+ ewarn("%s: can't set SELinux file creation context", path); >+ } >+ freecon(context); >+ } >+ return 0; >+} >+ >+static int selinux_reset_file_context() { >+ if (is_selinux_enabled() > 0) { >+ if (setfscreatecon(NULL) < 0) { >+ if (security_getenforce() != 0) { >+ eerror("can't reset SELinux context"); >+ return -1; >+ } >+ ewarn("can't reset SELinux context"); >+ } >+ } >+ return 0; >+} >+#endif >+ > static int > do_check(char *path, uid_t uid, gid_t gid, mode_t mode, inode_t type, bool trunc) > { >@@ -82,7 +121,13 @@ do_check(char *path, uid_t uid, gid_t gid, mode_t mode, inode_t type, bool trunc > if (trunc) > flags |= O_TRUNC; > u = umask(0); >+#ifdef SELINUX >+ selinux_set_file_context(path, mode); >+#endif > fd = open(path, flags, mode); >+#ifdef SELINUX >+ selinux_reset_file_context(); >+#endif > umask(u); > if (fd == -1) { > eerror("%s: open: %s", applet, strerror(errno)); >@@ -95,7 +140,13 @@ do_check(char *path, uid_t uid, gid_t gid, mode_t mode, inode_t type, bool trunc > mode = S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH; > u = umask(0); > /* We do not recursively create parents */ >+#ifdef SELINUX >+ selinux_set_file_context(path, mode); >+#endif > r = mkdir(path, mode); >+#ifdef SELINUX >+ selinux_reset_file_context(); >+#endif > umask(u); > if (r == -1 && errno != EEXIST) { > eerror("%s: mkdir: %s", applet, >@@ -108,7 +159,13 @@ do_check(char *path, uid_t uid, gid_t gid, mode_t mode, inode_t type, bool trunc > if (!mode) /* 600 */ > mode = S_IRUSR | S_IWUSR; > u = umask(0); >+#ifdef SELINUX >+ selinux_set_file_context(path, mode); >+#endif > r = mkfifo(path, mode); >+#ifdef SELINUX >+ selinux_reset_file_context(); >+#endif > umask(u); > if (r == -1 && errno != EEXIST) { > eerror("%s: mkfifo: %s", applet,
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 413719
: 310259