]>
Commit | Line | Data |
---|---|---|
8c09d4df AM |
1 | --- sysvinit-2.85/src/init.c.selinux 2005-10-14 14:16:24.000000000 -0400 |
2 | +++ sysvinit-2.85/src/init.c 2005-10-14 14:16:24.000000000 -0400 | |
3 | @@ -48,6 +48,8 @@ | |
f31152bd JB |
4 | #include <stdarg.h> |
5 | #include <sys/syslog.h> | |
6 | #include <sys/time.h> | |
437bcd41 | 7 | +#include <selinux/selinux.h> |
f31152bd JB |
8 | + |
9 | ||
10 | #ifdef __i386__ | |
11 | # if (__GLIBC__ >= 2) | |
8c09d4df | 12 | @@ -2513,6 +2515,7 @@ |
f31152bd JB |
13 | char *p; |
14 | int f; | |
15 | int isinit; | |
16 | + int enforce = 0; | |
437bcd41 | 17 | |
f31152bd JB |
18 | /* Get my own name */ |
19 | if ((p = strrchr(argv[0], '/')) != NULL) | |
8c09d4df | 20 | @@ -2576,6 +2579,20 @@ |
437bcd41 AM |
21 | maxproclen += strlen(argv[f]) + 1; |
22 | } | |
23 | ||
437bcd41 | 24 | + if (getenv("SELINUX_INIT") == NULL) { |
7bf76497 | 25 | + putenv("SELINUX_INIT=YES"); |
94f70ab9 | 26 | + if (selinux_init_load_policy(&enforce) == 0 ) { |
437bcd41 AM |
27 | + execv(myname, argv); |
28 | + } else { | |
f31152bd | 29 | + if (enforce > 0) { |
437bcd41 | 30 | + /* SELinux in enforcing mode but load_policy failed */ |
94f70ab9 | 31 | + /* At this point, we probably can't open /dev/console, so log() won't work */ |
8c09d4df | 32 | + printf("Unable to load SELinux Policy. Machine is in enforcing mode. Halting now.\n"); |
437bcd41 | 33 | + exit(1); |
f31152bd | 34 | + } |
437bcd41 AM |
35 | + } |
36 | + } | |
437bcd41 AM |
37 | + |
38 | /* Start booting. */ | |
39 | argv0 = argv[0]; | |
40 | argv[1] = NULL; | |
8c09d4df AM |
41 | --- sysvinit-2.85/src/Makefile.selinux 2005-10-14 14:16:24.000000000 -0400 |
42 | +++ sysvinit-2.85/src/Makefile 2005-10-14 14:16:24.000000000 -0400 | |
43 | @@ -32,7 +32,7 @@ | |
44 | all: $(PROGS) | |
59fa00c5 JB |
45 | |
46 | init: init.o init_utmp.o | |
47 | - $(CC) $(LDFLAGS) $(STATIC) -o $@ init.o init_utmp.o | |
ad6b8e9b | 48 | + $(CC) $(LDFLAGS) $(STATIC) -o $@ init.o init_utmp.o -lsepol -lselinux |
59fa00c5 JB |
49 | |
50 | halt: halt.o ifdown.o hddown.o utmp.o reboot.h | |
51 | $(CC) $(LDFLAGS) -o $@ halt.o ifdown.o hddown.o utmp.o | |
8c09d4df | 52 | @@ -50,7 +50,7 @@ |
f31152bd JB |
53 | $(CC) $(LDFLAGS) -o $@ runlevel.o |
54 | ||
55 | sulogin: sulogin.o md5_broken.o md5_crypt_broken.o arc4random.o bcrypt.o blowfish.o | |
56 | - $(CC) $(LDFLAGS) $(STATIC) -o $@ $^ $(LCRYPT) | |
94f70ab9 | 57 | + $(CC) $(LDFLAGS) $(STATIC) -o $@ $^ $(LCRYPT) -lselinux |
f31152bd JB |
58 | |
59 | wall: dowall.o wall.o | |
60 | $(CC) $(LDFLAGS) -o $@ dowall.o wall.o | |
8c09d4df AM |
61 | --- sysvinit-2.85/src/sulogin.c.selinux 2005-10-14 14:16:24.000000000 -0400 |
62 | +++ sysvinit-2.85/src/sulogin.c 2005-10-14 14:18:42.000000000 -0400 | |
63 | @@ -28,7 +28,9 @@ | |
64 | #endif | |
94f70ab9 AM |
65 | #include "md5.h" |
66 | #include "blowfish.h" | |
94f70ab9 AM |
67 | +#include <selinux/selinux.h> |
68 | +#include <selinux/get_context_list.h> | |
8c09d4df | 69 | |
94f70ab9 AM |
70 | #define CHECK_DES 1 |
71 | #define CHECK_MD5 1 | |
8c09d4df AM |
72 | |
73 | @@ -332,6 +335,19 @@ | |
94f70ab9 AM |
74 | signal(SIGINT, SIG_DFL); |
75 | signal(SIGTSTP, SIG_DFL); | |
76 | signal(SIGQUIT, SIG_DFL); | |
77 | + if (is_selinux_enabled > 0) { | |
78 | + security_context_t scon=NULL; | |
79 | + char *seuser=NULL; | |
80 | + char *level=NULL; | |
81 | + if (getseuserbyname("root", &seuser, &level) == 0) | |
82 | + if (get_default_context_with_level(seuser, level, 0, &scon) > 0) { | |
83 | + if (setexeccon(scon) != 0) | |
84 | + fprintf(stderr, "setexeccon faile\n"); | |
85 | + freecon(scon); | |
86 | + } | |
87 | + free(seuser); | |
88 | + free(level); | |
89 | + } | |
90 | execl(sushell, shell, NULL); | |
91 | perror(sushell); | |
59fa00c5 | 92 |