]>
Commit | Line | Data |
---|---|---|
94f70ab9 AM |
1 | diff -ur sysvinit-2.86.org/src/init.c sysvinit-2.86/src/init.c |
2 | --- sysvinit-2.86.org/src/init.c 2004-07-30 14:16:20.000000000 +0200 | |
3 | +++ sysvinit-2.86/src/init.c 2005-12-24 23:22:51.000000000 +0100 | |
4 | @@ -42,6 +42,8 @@ | |
f31152bd JB |
5 | #include <stdarg.h> |
6 | #include <sys/syslog.h> | |
7 | #include <sys/time.h> | |
437bcd41 | 8 | +#include <selinux/selinux.h> |
f31152bd JB |
9 | + |
10 | ||
11 | #ifdef __i386__ | |
12 | # if (__GLIBC__ >= 2) | |
94f70ab9 | 13 | @@ -2599,6 +2601,7 @@ |
f31152bd JB |
14 | char *p; |
15 | int f; | |
16 | int isinit; | |
17 | + int enforce = 0; | |
437bcd41 | 18 | |
f31152bd JB |
19 | /* Get my own name */ |
20 | if ((p = strrchr(argv[0], '/')) != NULL) | |
94f70ab9 | 21 | @@ -2662,6 +2665,20 @@ |
437bcd41 AM |
22 | maxproclen += strlen(argv[f]) + 1; |
23 | } | |
24 | ||
437bcd41 | 25 | + if (getenv("SELINUX_INIT") == NULL) { |
7bf76497 | 26 | + putenv("SELINUX_INIT=YES"); |
94f70ab9 | 27 | + if (selinux_init_load_policy(&enforce) == 0 ) { |
437bcd41 AM |
28 | + execv(myname, argv); |
29 | + } else { | |
f31152bd | 30 | + if (enforce > 0) { |
437bcd41 | 31 | + /* SELinux in enforcing mode but load_policy failed */ |
94f70ab9 AM |
32 | + /* At this point, we probably can't open /dev/console, so log() won't work */ |
33 | + initlog(L_VB,"Unable to load SELinux Policy. Machine is in enforcing mode. Halting now."); | |
437bcd41 | 34 | + exit(1); |
f31152bd | 35 | + } |
437bcd41 AM |
36 | + } |
37 | + } | |
437bcd41 AM |
38 | + |
39 | /* Start booting. */ | |
40 | argv0 = argv[0]; | |
41 | argv[1] = NULL; | |
94f70ab9 AM |
42 | diff -ur sysvinit-2.86.org/src/Makefile sysvinit-2.86/src/Makefile |
43 | --- sysvinit-2.86.org/src/Makefile 2005-12-24 23:21:59.000000000 +0100 | |
44 | +++ sysvinit-2.86/src/Makefile 2005-12-24 23:23:14.000000000 +0100 | |
ad6b8e9b JB |
45 | @@ -58,7 +58,7 @@ |
46 | all: $(BIN) $(SBIN) $(USRBIN) | |
59fa00c5 JB |
47 | |
48 | init: init.o init_utmp.o | |
49 | - $(CC) $(LDFLAGS) $(STATIC) -o $@ init.o init_utmp.o | |
ad6b8e9b | 50 | + $(CC) $(LDFLAGS) $(STATIC) -o $@ init.o init_utmp.o -lsepol -lselinux |
59fa00c5 JB |
51 | |
52 | halt: halt.o ifdown.o hddown.o utmp.o reboot.h | |
53 | $(CC) $(LDFLAGS) -o $@ halt.o ifdown.o hddown.o utmp.o | |
ad6b8e9b | 54 | @@ -79,7 +79,7 @@ |
f31152bd JB |
55 | $(CC) $(LDFLAGS) -o $@ runlevel.o |
56 | ||
57 | sulogin: sulogin.o md5_broken.o md5_crypt_broken.o arc4random.o bcrypt.o blowfish.o | |
58 | - $(CC) $(LDFLAGS) $(STATIC) -o $@ $^ $(LCRYPT) | |
94f70ab9 | 59 | + $(CC) $(LDFLAGS) $(STATIC) -o $@ $^ $(LCRYPT) -lselinux |
f31152bd JB |
60 | |
61 | wall: dowall.o wall.o | |
62 | $(CC) $(LDFLAGS) -o $@ dowall.o wall.o | |
94f70ab9 AM |
63 | diff -ur sysvinit-2.86.org/src/sulogin.c sysvinit-2.86/src/sulogin.c |
64 | --- sysvinit-2.86.org/src/sulogin.c 2005-12-24 23:21:59.000000000 +0100 | |
65 | +++ sysvinit-2.86/src/sulogin.c 2005-12-24 23:23:33.000000000 +0100 | |
66 | @@ -30,6 +30,9 @@ | |
67 | #include "md5.h" | |
68 | #include "blowfish.h" | |
59fa00c5 | 69 | |
94f70ab9 AM |
70 | +#include <selinux/selinux.h> |
71 | +#include <selinux/get_context_list.h> | |
10e9943b | 72 | + |
94f70ab9 AM |
73 | #define CHECK_DES 1 |
74 | #define CHECK_MD5 1 | |
75 | #define CHECK_BLOWFISH 1 | |
76 | @@ -362,6 +365,19 @@ | |
77 | signal(SIGINT, SIG_DFL); | |
78 | signal(SIGTSTP, SIG_DFL); | |
79 | signal(SIGQUIT, SIG_DFL); | |
80 | + if (is_selinux_enabled > 0) { | |
81 | + security_context_t scon=NULL; | |
82 | + char *seuser=NULL; | |
83 | + char *level=NULL; | |
84 | + if (getseuserbyname("root", &seuser, &level) == 0) | |
85 | + if (get_default_context_with_level(seuser, level, 0, &scon) > 0) { | |
86 | + if (setexeccon(scon) != 0) | |
87 | + fprintf(stderr, "setexeccon faile\n"); | |
88 | + freecon(scon); | |
89 | + } | |
90 | + free(seuser); | |
91 | + free(level); | |
92 | + } | |
93 | execl(sushell, shell, NULL); | |
94 | perror(sushell); | |
59fa00c5 | 95 |