This commit is contained in:
OBS User unknown
Git OBS Bridge
parent
f3962fe242
commit
f408547696
93
sysvinit-2.86-selinux.patch
Normal file
93
sysvinit-2.86-selinux.patch
Normal file
@ -0,0 +1,93 @@
|
||||
--- src/Makefile
|
||||
+++ src/Makefile
|
||||
@@ -57,7 +57,7 @@
|
||||
all: $(BIN) $(SBIN) $(USRBIN)
|
||||
|
||||
init: init.o init_utmp.o
|
||||
- $(CC) $(LDFLAGS) $(STATIC) -o $@ init.o init_utmp.o
|
||||
+ $(CC) $(LDFLAGS) $(STATIC) -o $@ init.o init_utmp.o -lselinux -lsepol
|
||||
|
||||
halt: halt.o ifdown.o hddown.o utmp.o reboot.h
|
||||
$(CC) $(LDFLAGS) -o $@ halt.o ifdown.o hddown.o utmp.o
|
||||
@@ -78,7 +78,7 @@
|
||||
$(CC) $(LDFLAGS) -o $@ runlevel.o
|
||||
|
||||
sulogin: sulogin.o
|
||||
- $(CC) $(LDFLAGS) $(STATIC) -o $@ sulogin.o $(LCRYPT)
|
||||
+ $(CC) $(LDFLAGS) $(STATIC) -o $@ sulogin.o $(LCRYPT) -lselinux
|
||||
|
||||
wall: dowall.o wall.o
|
||||
$(CC) $(LDFLAGS) -o $@ dowall.o wall.o
|
||||
--- src/init.c
|
||||
+++ src/init.c
|
||||
@@ -50,6 +50,8 @@
|
||||
#include <stdarg.h>
|
||||
#include <sys/syslog.h>
|
||||
#include <sys/time.h>
|
||||
+#include <selinux/selinux.h>
|
||||
+#include <sepol/sepol.h>
|
||||
|
||||
#ifdef __i386__
|
||||
# if (__GLIBC__ >= 2)
|
||||
@@ -2643,6 +2645,7 @@
|
||||
char *p;
|
||||
int f;
|
||||
int isinit;
|
||||
+ int enforce = 0;
|
||||
|
||||
/* Get my own name */
|
||||
if ((p = strrchr(argv[0], '/')) != NULL)
|
||||
@@ -2706,6 +2709,20 @@
|
||||
maxproclen += strlen(argv[f]) + 1;
|
||||
}
|
||||
|
||||
+ if (getenv("SELINUX_INIT") == NULL && !is_selinux_enabled()) {
|
||||
+ putenv("SELINUX_INIT=YES");
|
||||
+ if (selinux_init_load_policy(&enforce) == 0 ) {
|
||||
+ execv(myname, argv);
|
||||
+ } else {
|
||||
+ if (enforce > 0) {
|
||||
+ /* SELinux in enforcing mode but load_policy failed */
|
||||
+ /* At this point, we probably can't open /dev/console, so log() won't work */
|
||||
+ printf("Unable to load SELinux Policy. Machine is in enforcing mode. Halting now.\n");
|
||||
+ exit(1);
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
/* Start booting. */
|
||||
argv0 = argv[0];
|
||||
argv[1] = NULL;
|
||||
--- src/sulogin.c
|
||||
+++ src/sulogin.c
|
||||
@@ -29,6 +29,8 @@
|
||||
#if defined(__GLIBC__)
|
||||
# include <crypt.h>
|
||||
#endif
|
||||
+#include <selinux/selinux.h>
|
||||
+#include <selinux/get_context_list.h>
|
||||
|
||||
#define CHECK_DES 1
|
||||
#define CHECK_MD5 1
|
||||
@@ -374,6 +376,21 @@
|
||||
signal(SIGINT, saved_sigint);
|
||||
signal(SIGTSTP, saved_sigtstp);
|
||||
signal(SIGQUIT, saved_sigquit);
|
||||
+
|
||||
+ if (is_selinux_enabled > 0) {
|
||||
+ security_context_t scon=NULL;
|
||||
+ char *seuser=NULL;
|
||||
+ char *level=NULL;
|
||||
+ if (getseuserbyname("root", &seuser, &level) == 0)
|
||||
+ if (get_default_context_with_level(seuser, level, 0, &scon) > 0) {
|
||||
+ if (setexeccon(scon) != 0)
|
||||
+ fprintf(stderr, "setexeccon faile\n");
|
||||
+ freecon(scon);
|
||||
+ }
|
||||
+ free(seuser);
|
||||
+ free(level);
|
||||
+ }
|
||||
+
|
||||
execl(sushell, shell, NULL);
|
||||
perror(sushell);
|
||||
|
||||
@ -88,8 +88,8 @@
|
||||
$(CC) $(LDFLAGS) -o $@ runlevel.o
|
||||
|
||||
sulogin: sulogin.o
|
||||
- $(CC) $(LDFLAGS) $(STATIC) -o $@ sulogin.o $(LCRYPT)
|
||||
+ $(CC) $(LDFLAGS) -o $@ sulogin.o $(LCRYPT)
|
||||
- $(CC) $(LDFLAGS) $(STATIC) -o $@ sulogin.o $(LCRYPT) -lselinux
|
||||
+ $(CC) $(LDFLAGS) -o $@ sulogin.o $(LCRYPT) -lselinux
|
||||
|
||||
wall: dowall.o wall.o
|
||||
$(CC) $(LDFLAGS) -o $@ dowall.o wall.o
|
||||
@ -197,9 +197,9 @@
|
||||
if (strstr(term, "/../")) continue;
|
||||
|
||||
--- src/init.c
|
||||
+++ src/init.c 2006-08-18 14:45:28.000000000 +0200
|
||||
@@ -52,12 +52,12 @@
|
||||
#include <sys/time.h>
|
||||
+++ src/init.c
|
||||
@@ -53,12 +53,12 @@
|
||||
#include <selinux/selinux.h>
|
||||
|
||||
#ifdef __i386__
|
||||
-# if (__GLIBC__ >= 2)
|
||||
|
||||
@ -1,3 +1,8 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Aug 25 14:46:12 CEST 2008 - prusnak@suse.cz
|
||||
|
||||
- enabled SELinux support [Fate#303662]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Aug 13 16:40:49 CEST 2008 - werner@suse.de
|
||||
|
||||
|
||||
@ -30,9 +30,10 @@ Group: System/Base
|
||||
PreReq: coreutils
|
||||
AutoReqProv: on
|
||||
Version: 2.86
|
||||
Release: 167
|
||||
Release: 173
|
||||
Summary: SysV-Style init
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
BuildRequires: libselinux-devel libsepol-devel
|
||||
Source: sysvinit-2.86.tar.bz2
|
||||
Source2: killproc-2.13.tar.bz2
|
||||
Source3: powerd-2.0.2.tar.bz2
|
||||
@ -60,6 +61,7 @@ Patch14: startpar-0.52.dif
|
||||
Patch15: sysvinit-2.86-usage-message.patch
|
||||
Patch16: sysvinit-2.86-full-time.patch
|
||||
Patch17: sysvinit-2.86-hddown.patch
|
||||
Patch18: sysvinit-2.86-selinux.patch
|
||||
|
||||
%description
|
||||
System V style init programs by Miquel van Smoorenburg that control the
|
||||
@ -93,6 +95,7 @@ Authors:
|
||||
%patch -P 15 -b .usage
|
||||
%patch -P 16 -b .fulltime
|
||||
%patch -P 17 -b .hddown
|
||||
%patch -P 18 -b .selinux
|
||||
%patch
|
||||
pushd ../powerd-%{PDVER}
|
||||
%patch -P 2
|
||||
@ -307,6 +310,8 @@ rm -rf ${RPM_BUILD_ROOT}
|
||||
%doc %{_mandir}/man8/startpar.8.gz
|
||||
|
||||
%changelog
|
||||
* Mon Aug 25 2008 prusnak@suse.cz
|
||||
- enabled SELinux support [Fate#303662]
|
||||
* Wed Aug 13 2008 werner@suse.de
|
||||
- Startpar: give posix_fadvise a try on boot scripts even if most
|
||||
of them are very small
|
||||
|
||||
Loading…
Reference in New Issue
Block a user