94 lines
2.3 KiB
Diff
94 lines
2.3 KiB
Diff
--- src/Makefile
|
|
+++ src/Makefile
|
|
@@ -57,7 +57,7 @@
|
|
all: $(BIN) $(SBIN) $(USRBIN)
|
|
|
|
init: init.o init_utmp.o
|
|
- $(CC) $(LDFLAGS) $(STATIC) -o $@ init.o init_utmp.o
|
|
+ $(CC) $(LDFLAGS) $(STATIC) -o $@ init.o init_utmp.o -lselinux -lsepol
|
|
|
|
halt: halt.o ifdown.o hddown.o utmp.o reboot.h
|
|
$(CC) $(LDFLAGS) -o $@ halt.o ifdown.o hddown.o utmp.o
|
|
@@ -78,7 +78,7 @@
|
|
$(CC) $(LDFLAGS) -o $@ runlevel.o
|
|
|
|
sulogin: sulogin.o
|
|
- $(CC) $(LDFLAGS) $(STATIC) -o $@ sulogin.o $(LCRYPT)
|
|
+ $(CC) $(LDFLAGS) $(STATIC) -o $@ sulogin.o $(LCRYPT) -lselinux
|
|
|
|
wall: dowall.o wall.o
|
|
$(CC) $(LDFLAGS) -o $@ dowall.o wall.o
|
|
--- src/init.c
|
|
+++ src/init.c
|
|
@@ -50,6 +50,8 @@
|
|
#include <stdarg.h>
|
|
#include <sys/syslog.h>
|
|
#include <sys/time.h>
|
|
+#include <selinux/selinux.h>
|
|
+#include <sepol/sepol.h>
|
|
|
|
#ifdef __i386__
|
|
# if (__GLIBC__ >= 2)
|
|
@@ -2643,6 +2645,7 @@
|
|
char *p;
|
|
int f;
|
|
int isinit;
|
|
+ int enforce = 0;
|
|
|
|
/* Get my own name */
|
|
if ((p = strrchr(argv[0], '/')) != NULL)
|
|
@@ -2706,6 +2709,20 @@
|
|
maxproclen += strlen(argv[f]) + 1;
|
|
}
|
|
|
|
+ if (getenv("SELINUX_INIT") == NULL && !is_selinux_enabled()) {
|
|
+ putenv("SELINUX_INIT=YES");
|
|
+ if (selinux_init_load_policy(&enforce) == 0 ) {
|
|
+ execv(myname, argv);
|
|
+ } else {
|
|
+ if (enforce > 0) {
|
|
+ /* SELinux in enforcing mode but load_policy failed */
|
|
+ /* At this point, we probably can't open /dev/console, so log() won't work */
|
|
+ printf("Unable to load SELinux Policy. Machine is in enforcing mode. Halting now.\n");
|
|
+ exit(1);
|
|
+ }
|
|
+ }
|
|
+ }
|
|
+
|
|
/* Start booting. */
|
|
argv0 = argv[0];
|
|
argv[1] = NULL;
|
|
--- src/sulogin.c
|
|
+++ src/sulogin.c
|
|
@@ -29,6 +29,8 @@
|
|
#if defined(__GLIBC__)
|
|
# include <crypt.h>
|
|
#endif
|
|
+#include <selinux/selinux.h>
|
|
+#include <selinux/get_context_list.h>
|
|
|
|
#define CHECK_DES 1
|
|
#define CHECK_MD5 1
|
|
@@ -374,6 +376,21 @@
|
|
signal(SIGINT, saved_sigint);
|
|
signal(SIGTSTP, saved_sigtstp);
|
|
signal(SIGQUIT, saved_sigquit);
|
|
+
|
|
+ if (is_selinux_enabled > 0) {
|
|
+ security_context_t scon=NULL;
|
|
+ char *seuser=NULL;
|
|
+ char *level=NULL;
|
|
+ if (getseuserbyname("root", &seuser, &level) == 0)
|
|
+ if (get_default_context_with_level(seuser, level, 0, &scon) > 0) {
|
|
+ if (setexeccon(scon) != 0)
|
|
+ fprintf(stderr, "setexeccon faile\n");
|
|
+ freecon(scon);
|
|
+ }
|
|
+ free(seuser);
|
|
+ free(level);
|
|
+ }
|
|
+
|
|
execl(sushell, shell, NULL);
|
|
perror(sushell);
|
|
|