- revert

Changed files:
    sysvinit-selinux.patch -> 1.8

diff --git a/sysvinit-selinux.patch b/sysvinit-selinux.patch
index 49bf51f7246877ddd7013ccb0f0f4d52b784823f..451f0b514b8853682195cfdf6d4917478dc288a1 100644 (file)
--- a/sysvinit-selinux.patch
+++ b/sysvinit-selinux.patch
@@ -1,7 +1,6 @@
-diff -urN sysvinit-2.86.org/src/init.c sysvinit-2.86/src/init.c
---- sysvinit-2.86.org/src/init.c       2004-07-30 14:16:20.000000000 +0200
-+++ sysvinit-2.86/src/init.c   2005-08-16 18:46:21.493714904 +0200
-@@ -42,6 +42,11 @@
+--- sysvinit-2.85/src/init.c.selinux   2004-08-11 17:48:23.000000000 -0400
++++ sysvinit-2.85/src/init.c   2004-08-12 06:25:30.166271148 -0400
+@@ -48,6 +48,11 @@
  #include <stdarg.h>
  #include <sys/syslog.h>
  #include <sys/time.h>
@@ -13,7 +12,7 @@ diff -urN sysvinit-2.86.org/src/init.c sysvinit-2.86/src/init.c
  
  #ifdef __i386__
  #  if (__GLIBC__ >= 2)
-@@ -104,6 +109,7 @@
+@@ -103,6 +108,7 @@
  int dfl_level = 0;            /* Default runlevel */
  sig_atomic_t got_cont = 0;    /* Set if we received the SIGCONT signal */
  sig_atomic_t got_signals;     /* Set if we received a signal. */
@@ -21,9 +20,9 @@ diff -urN sysvinit-2.86.org/src/init.c sysvinit-2.86/src/init.c
  int emerg_shell = 0;          /* Start emergency shell? */
  int wrote_wtmp_reboot = 1;    /* Set when we wrote the reboot record */
  int wrote_utmp_reboot = 1;    /* Set when we wrote the reboot record */
-@@ -192,6 +198,146 @@
- char *extra_env[NR_EXTRA_ENV];
- 
+@@ -187,6 +193,146 @@
+       {NULL,0}
+ };
  
 +/* Mount point for selinuxfs. */
 +#define SELINUXMNT "/selinux/"
@@ -63,10 +62,10 @@ diff -urN sysvinit-2.86.org/src/init.c sysvinit-2.86/src/init.c
 +      
 +      if (mount("none", SELINUXMNT, "selinuxfs", 0, 0) < 0) {
 +              if (errno == ENODEV) {
-+                      log(L_VB, "SELinux not supported by kernel: %s\n",SELINUXMNT,strerror(errno));
++                      initlog(L_VB, "SELinux not supported by kernel: %s\n",strerror(errno));
 +                      *enforce = 0;
 +              } else {
-+                      log(L_VB, "Failed to mount %s: %s\n",SELINUXMNT,strerror(errno));
++                      initlog(L_VB, "Failed to mount %s: %s\n",SELINUXMNT,strerror(errno));
 +              }
 +              return ret;
 +      }
@@ -75,13 +74,13 @@ diff -urN sysvinit-2.86.org/src/init.c sysvinit-2.86/src/init.c
 +
 +      policy_version=security_policyvers();
 +      if (policy_version < 0) {
-+              log(L_VB,  "Can't get policy version: %s\n", strerror(errno));
++              initlog(L_VB,  "Can't get policy version: %s\n", strerror(errno));
 +              goto UMOUNT;
 +      }
 +  
 +      orig_enforce = rc = security_getenforce();
 +      if (rc < 0) {
-+              log(L_VB,  "Can't get SELinux enforcement flag: %s\n", strerror(errno));
++              initlog(L_VB,  "Can't get SELinux enforcement flag: %s\n", strerror(errno));
 +              goto UMOUNT;
 +      }
 +      if (enforcing >= 0) {
@@ -93,7 +92,7 @@ diff -urN sysvinit-2.86.org/src/init.c sysvinit-2.86/src/init.c
 +              if (rc < 0) {
 +                      rc = security_setenforce(0);
 +                      if (rc < 0) {
-+                              log(L_VB, "Can't disable SELinux: %s\n", strerror(errno));
++                              initlog(L_VB, "Can't disable SELinux: %s\n", strerror(errno));
 +                              goto UMOUNT;
 +                      }
 +              }
@@ -104,7 +103,7 @@ diff -urN sysvinit-2.86.org/src/init.c sysvinit-2.86/src/init.c
 +              if (orig_enforce != *enforce) {
 +                      rc = security_setenforce(seconfig);
 +                      if (rc < 0) {
-+                              log(L_VB, "Can't set SELinux enforcement flag: %s\n", strerror(errno));
++                              initlog(L_VB, "Can't set SELinux enforcement flag: %s\n", strerror(errno));
 +                              goto UMOUNT;
 +                      }
 +              }
@@ -118,21 +117,21 @@ diff -urN sysvinit-2.86.org/src/init.c sysvinit-2.86/src/init.c
 +              snprintf(policy_file,sizeof(policy_file),"%s.%d",selinux_binary_policy_path(),policy_version-1);
 +              fd = open(policy_file, O_RDONLY);
 +              if (fd < 0) {
-+                      log(L_VB,  "Can't open '%s.%d':  %s\n",
++                      initlog(L_VB,  "Can't open '%s.%d':  %s\n",
 +                          selinux_binary_policy_path(),policy_version,strerror(errno));
 +                      goto UMOUNT;
 +              }
 +      }
 +  
 +      if (fstat(fd, &sb) < 0) {
-+              log(L_VB, "Can't stat '%s':  %s\n",
++              initlog(L_VB, "Can't stat '%s':  %s\n",
 +                  policy_file, strerror(errno));
 +              goto UMOUNT;
 +      }
 +  
 +      map = mmap(NULL, sb.st_size, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
 +      if (map == MAP_FAILED) {
-+              log(L_VB,  "Can't map '%s':  %s\n",
++              initlog(L_VB,  "Can't map '%s':  %s\n",
 +                  policy_file, strerror(errno));
 +              goto UMOUNT;
 +      }
@@ -143,18 +142,18 @@ diff -urN sysvinit-2.86.org/src/init.c sysvinit-2.86/src/init.c
 +      if (ret < 0) {
 +              if (errno == ENOENT || errno == EINVAL) {
 +                      /* No booleans file or stale booleans in the file; non-fatal. */
-+                      log(L_VB,"Warning!  Error while setting booleans:  %s\n"
++                      initlog(L_VB,"Warning!  Error while setting booleans:  %s\n"
 +                          , strerror(errno));
 +              } else {
-+                      log(L_VB,"Error while setting booleans:  %s\n", 
++                      initlog(L_VB,"Error while setting booleans:  %s\n", 
 +                          strerror(errno));
 +                      goto UMOUNT;
 +              }
 +      }
-+      log(L_VB, "Loading security policy\n");
++      initlog(L_VB, "Loading security policy\n");
 +      ret=security_load_policy(map, sb.st_size);
 +      if (ret < 0) {
-+              log(L_VB, "security_load_policy failed\n");
++              initlog(L_VB, "security_load_policy failed\n");
 +      }
 +
 +UMOUNT:
@@ -168,7 +167,7 @@ diff -urN sysvinit-2.86.org/src/init.c sysvinit-2.86/src/init.c
  /*
   *    Sleep a number of seconds.
   *
-@@ -2599,6 +2745,7 @@
+@@ -2513,6 +2658,7 @@
        char                    *p;
        int                     f;
        int                     isinit;
@@ -176,7 +175,7 @@ diff -urN sysvinit-2.86.org/src/init.c sysvinit-2.86/src/init.c
  
        /* Get my own name */
        if ((p = strrchr(argv[0], '/')) != NULL)
-@@ -2662,6 +2809,20 @@
+@@ -2576,6 +2722,20 @@
                maxproclen += strlen(argv[f]) + 1;
        }
  
@@ -187,7 +186,7 @@ diff -urN sysvinit-2.86.org/src/init.c sysvinit-2.86/src/init.c
 +        } else {
 +          if (enforce > 0) {
 +            /* SELinux in enforcing mode but load_policy failed */
-+            /* At this point, we probably can't open /dev/console, so log() won't work */
++            /* At this point, we probably can't open /dev/console, so initlog() won't work */
 +                  fprintf(stderr,"Enforcing mode requested but no policy loaded. Halting now.\n");
 +            exit(1);
 +          }
@@ -197,9 +196,38 @@ diff -urN sysvinit-2.86.org/src/init.c sysvinit-2.86/src/init.c
        /* Start booting. */
        argv0 = argv[0];
        argv[1] = NULL;
-diff -urN sysvinit-2.86.org/src/killall5.c sysvinit-2.86/src/killall5.c
---- sysvinit-2.86.org/src/killall5.c   2005-08-16 18:45:33.280044000 +0200
-+++ sysvinit-2.86/src/killall5.c       2005-08-16 18:49:39.851559928 +0200
+--- sysvinit-2.85/src/sulogin.c.orig   2004-07-15 21:46:46.585783085 +0000
++++ sysvinit-2.85/src/sulogin.c        2004-07-15 21:49:43.413905919 +0000
+@@ -29,6 +29,10 @@
+ #endif
+ #include "md5.h"
+ #include "blowfish.h"
++#ifdef WITH_SELINUX
++#include <selinux/selinux.h>
++#include <selinux/get_context_list.h>
++#endif
+ 
+ #define CHECK_DES     1
+ #define CHECK_MD5     1
+@@ -358,6 +362,16 @@
+       signal(SIGINT, SIG_DFL);
+       signal(SIGTSTP, SIG_DFL);
+       signal(SIGQUIT, SIG_DFL);
++#ifdef WITH_SELINUX
++      if (is_selinux_enabled > 0) {
++        security_context_t* contextlist=NULL;
++        if (get_ordered_context_list("root", 0, &contextlist) > 0) {
++          if (setexeccon(contextlist[0]) != 0) 
++            fprintf(stderr, "setexeccon failed\n");
++          freeconary(contextlist);
++        }
++      }
++#endif
+       execl(sushell, shell, NULL);
+       perror(sushell);
+ 
+--- sysvinit-2.86/src/killall5.c.orig  2004-12-26 23:22:03.520344296 +0100
++++ sysvinit-2.86/src/killall5.c       2004-12-26 23:27:39.693238248 +0100
 @@ -166,8 +166,11 @@
  
  /*
@@ -213,26 +241,24 @@ diff -urN sysvinit-2.86.org/src/killall5.c sysvinit-2.86/src/killall5.c
  {
        DIR             *dir;
        FILE            *fp;
-@@ -252,13 +255,17 @@
+@@ -252,6 +255,7 @@
                                        p->kernel = 1;
                        }
                        fclose(fp);
--                      p->sid = getsid(pid);
--                      if (p->sid < 0) {
 +                      if (needSid) {
-+                          p->sid = getsid(pid);
-+                          if (p->sid < 0) {
+                       p->sid = getsid(pid);
+                       if (p->sid < 0) {
                                p->sid = 0;
-                               nsyslog(LOG_ERR, "can't read sid for pid %d\n", pid);
-                               free(p->statname);
+@@ -260,6 +264,9 @@
                                free(p);
                                continue;
-+                          }
-+                      } else {
-+                          p->sid = 0;
                        }
++                      } else {
++                              p->sid = 0;
++                      }
                } else {
                        /* Process disappeared.. */
+                       free(p);
 @@ -531,7 +538,7 @@
        argv += optind;
  
@@ -251,9 +277,8 @@ diff -urN sysvinit-2.86.org/src/killall5.c sysvinit-2.86/src/killall5.c
                kill(-1, SIGCONT);
                exit(1);
        }
-diff -urN sysvinit-2.86.org/src/Makefile sysvinit-2.86/src/Makefile
---- sysvinit-2.86.org/src/Makefile     2005-08-16 18:45:33.271045000 +0200
-+++ sysvinit-2.86/src/Makefile 2005-08-16 18:50:59.463457080 +0200
+--- sysvinit-2.86/src/Makefile.orig    2004-12-26 23:22:03.472351592 +0100
++++ sysvinit-2.86/src/Makefile 2004-12-26 23:28:26.488124344 +0100
 @@ -58,7 +58,7 @@
  all:          $(BIN) $(SBIN) $(USRBIN)
  
@@ -276,45 +301,12 @@ diff -urN sysvinit-2.86.org/src/Makefile sysvinit-2.86/src/Makefile
  bootlogd:     bootlogd.o
                $(CC) $(LDFLAGS) -o $@ bootlogd.o -lutil
  
-+sulogin.o:    sulogin.c
++sulogin.o:    sulogin.c 
 +              $(CC) -c $(CFLAGS) -DWITH_SELINUX sulogin.c
-+      
++
  init.o:               init.c init.h set.h reboot.h initreq.h
 -              $(CC) -c $(CFLAGS) init.c
 +              $(CC) -c $(CFLAGS) -DWITH_SELINUX init.c
  
  utmp.o:               utmp.c init.h
                $(CC) -c $(CFLAGS) utmp.c
-diff -urN sysvinit-2.86.org/src/sulogin.c sysvinit-2.86/src/sulogin.c
---- sysvinit-2.86.org/src/sulogin.c    2005-08-16 18:45:33.274045000 +0200
-+++ sysvinit-2.86/src/sulogin.c        2005-08-16 18:47:36.793267632 +0200
-@@ -29,7 +29,10 @@
- #endif
- #include "md5.h"
- #include "blowfish.h"
--
-+#ifdef WITH_SELINUX
-+#include <selinux/selinux.h>
-+#include <selinux/get_context_list.h>
-+#endif
- #define CHECK_DES     1
- #define CHECK_MD5     1
- #define CHECK_BLOWFISH        1
-@@ -362,6 +365,16 @@
-       signal(SIGINT, SIG_DFL);
-       signal(SIGTSTP, SIG_DFL);
-       signal(SIGQUIT, SIG_DFL);
-+#ifdef WITH_SELINUX
-+      if (is_selinux_enabled > 0) {
-+        security_context_t* contextlist=NULL;
-+        if (get_ordered_context_list("root", 0, &contextlist) > 0) {
-+          if (setexeccon(contextlist[0]) != 0) 
-+            fprintf(stderr, "setexeccon faile\n");
-+          freeconary(contextlist);
-+        }
-+      }
-+#endif
-       execl(sushell, shell, NULL);
-       perror(sushell);
- 
-