1 --- sysvinit-2.85/src/Makefile.selinux 2003-12-18 10:59:15.000000000 -0500
2 +++ sysvinit-2.85/src/Makefile 2003-12-18 10:59:15.000000000 -0500
6 init: init.o init_utmp.o
7 - $(CC) $(LDFLAGS) $(STATIC) -o $@ init.o init_utmp.o
8 + $(CC) $(LDFLAGS) $(STATIC) -o $@ init.o init_utmp.o -lselinux
10 halt: halt.o ifdown.o hddown.o utmp.o reboot.h
11 $(CC) $(LDFLAGS) -o $@ halt.o ifdown.o hddown.o utmp.o
13 $(CC) $(LDFLAGS) -o $@ bootlogd.o
15 init.o: init.c init.h set.h reboot.h
16 - $(CC) -c $(CFLAGS) init.c
17 + $(CC) -c $(CFLAGS) -DWITH_SELINUX init.c
20 $(CC) -c $(CFLAGS) utmp.c
21 --- sysvinit-2.85/src/init.c.selinux 2003-12-18 10:59:15.000000000 -0500
22 +++ sysvinit-2.85/src/init.c 2003-12-18 11:01:06.000000000 -0500
24 sigemptyset(&sa.sa_mask); \
25 sigaction(sig, &sa, NULL); \
28 +#include <sys/mman.h>
29 +#include <selinux/selinux.h>
30 +#include <sys/mount.h>
32 +static int load_policy(int *enforce)
38 + char policy_file[PATH_MAX];
39 + int policy_version=0;
40 + extern char *selinux_mnt;
42 + log(L_VB, "Loading security policy\n");
43 + if (mount("none", SELINUXMNT, "selinuxfs", 0, 0) < 0) {
44 + if (errno == ENODEV) {
45 + log(L_VB, "SELinux not supported by kernel: %s\n",SELINUXMNT,strerror(errno));
48 + log(L_VB, "Failed to mount %s: %s\n",SELINUXMNT,strerror(errno));
51 + return ret; /* Never gets here */
54 + selinux_mnt = SELINUXMNT; /* set manually since we mounted it */
56 + policy_version=security_policyvers();
57 + if (policy_version < 0) {
58 + log(L_VB, "Can't get policy version: %s\n", strerror(errno));
62 + rc=security_getenforce();
64 + log(L_VB, "Can't get SELinux enforcement flag: %s\n", strerror(errno));
69 + snprintf(policy_file,sizeof(policy_file),"%s.%d",SELINUXPOLICY,policy_version);
70 + fd = open(policy_file, O_RDONLY);
72 + log(L_VB, "Can't open '%s': %s\n",
73 + policy_file, strerror(errno));
77 + if (fstat(fd, &sb) < 0) {
78 + log(L_VB, "Can't stat '%s': %s\n",
79 + policy_file, strerror(errno));
83 + map = mmap(NULL, sb.st_size, PROT_READ, MAP_SHARED, fd, 0);
84 + if (map == MAP_FAILED) {
85 + log(L_VB, "Can't map '%s': %s\n",
86 + policy_file, strerror(errno));
89 + ret=security_load_policy(map, sb.st_size);
91 + log(L_VB, "security_load_policy failed\n");
95 + /*umount(SELINUXMNT); */
103 /* Version information */
104 char *Version = "@(#) init " VERSION " " DATE " miquels@cistron.nl";
105 @@ -2576,6 +2651,20 @@
106 maxproclen += strlen(argv[f]) + 1;
110 + if (getenv("SELINUX_INIT") == NULL) {
111 + putenv("SELINUX_INIT=YES");
113 + if (load_policy(&enforce) == 0 ) {
114 + execv(myname, argv);
117 + /* SELinux in enforcing mode but load_policy failed */
126 --- sysvinit-2.85/src/killall5.c.selinux 2003-12-18 10:59:15.000000000 -0500
127 +++ sysvinit-2.85/src/killall5.c 2003-12-22 17:25:56.959018239 -0500
131 * Read the proc filesystem.
132 + * since pidOf does not use process sid added a needSid flag to eliminate
133 + * the need of this privs for SELinux
137 +int readproc(int needSid)
141 @@ -221,12 +224,16 @@
145 - p->sid = getsid(pid);
148 - nsyslog(LOG_ERR, "can't read sid for pid %d\n", pid);
152 + p->sid = getsid(pid);
155 + nsyslog(LOG_ERR, "can't read sid for pid %d\n", pid);
163 /* Now read argv[0] */
167 /* Print out process-ID's one by one. */
170 for(f = 0; f < argc; f++) {
171 if ((q = pidof(argv[f])) != NULL) {
176 /* Find out our own 'sid'. */
177 - if (readproc() < 0) {
178 + if (readproc(1) < 0) {