[packages/SysVinit.git] / sysvinit-selinux.patch

--- sysvinit-2.85/src/init.c.selinux	2005-10-14 14:16:24.000000000 -0400
+++ sysvinit-2.85/src/init.c	2005-10-14 14:16:24.000000000 -0400
@@ -48,6 +48,8 @@
 #include <stdarg.h>
 #include <sys/syslog.h>
 #include <sys/time.h>
+#include <selinux/selinux.h>
+
 
 #ifdef __i386__
 #  if (__GLIBC__ >= 2)
@@ -2513,6 +2515,7 @@
 	char			*p;
 	int			f;
 	int			isinit;
+	int			enforce = 0;
 
 	/* Get my own name */
 	if ((p = strrchr(argv[0], '/')) != NULL)
@@ -2576,6 +2579,20 @@
 		maxproclen += strlen(argv[f]) + 1;
 	}
 
+  	if (getenv("SELINUX_INIT") == NULL) {
+	  putenv("SELINUX_INIT=YES");
+	  if (selinux_init_load_policy(&enforce) == 0 ) {
+	    execv(myname, argv);
+	  } else {
+	    if (enforce > 0) {
+	      /* SELinux in enforcing mode but load_policy failed */
+	      /* At this point, we probably can't open /dev/console, so log() won't work */
+		    printf("Unable to load SELinux Policy. Machine is in enforcing mode. Halting now.\n");
+	      exit(1);
+	    }
+	  }
+	}
+  
 	/* Start booting. */
 	argv0 = argv[0];
 	argv[1] = NULL;
--- sysvinit-2.85/src/Makefile.selinux	2005-10-14 14:16:24.000000000 -0400
+++ sysvinit-2.85/src/Makefile	2005-10-14 14:16:24.000000000 -0400
@@ -32,7 +32,7 @@
 all:		$(PROGS)
 
 init:		init.o init_utmp.o
-		$(CC) $(LDFLAGS) $(STATIC) -o $@ init.o init_utmp.o
+		$(CC) $(LDFLAGS) $(STATIC) -o $@ init.o init_utmp.o -lsepol -lselinux
 
 halt:		halt.o ifdown.o hddown.o utmp.o reboot.h
 		$(CC) $(LDFLAGS) -o $@ halt.o ifdown.o hddown.o utmp.o
@@ -50,7 +50,7 @@
 		$(CC) $(LDFLAGS) -o $@ runlevel.o
 
 sulogin:	sulogin.o md5_broken.o md5_crypt_broken.o arc4random.o bcrypt.o blowfish.o
-		$(CC) $(LDFLAGS) $(STATIC) -o $@ $^ $(LCRYPT)
+		$(CC) $(LDFLAGS) $(STATIC) -o $@ $^ $(LCRYPT) -lselinux
 
 wall:		dowall.o wall.o
 		$(CC) $(LDFLAGS) -o $@ dowall.o wall.o
--- sysvinit-2.85/src/sulogin.c.selinux	2005-10-14 14:16:24.000000000 -0400
+++ sysvinit-2.85/src/sulogin.c	2005-10-14 14:18:42.000000000 -0400
@@ -28,7 +28,9 @@
 #endif
 #include "md5.h"
 #include "blowfish.h"
+#include <selinux/selinux.h>
+#include <selinux/get_context_list.h>

 #define CHECK_DES	1
 #define CHECK_MD5	1
 
@@ -332,6 +335,19 @@
 	signal(SIGINT, SIG_DFL);
 	signal(SIGTSTP, SIG_DFL);
 	signal(SIGQUIT, SIG_DFL);
+	if (is_selinux_enabled > 0) {
+	  security_context_t scon=NULL;
+	  char *seuser=NULL;
+	  char *level=NULL;
+	  if (getseuserbyname("root", &seuser, &level) == 0)
+		  if (get_default_context_with_level(seuser, level, 0, &scon) > 0) {
+			  if (setexeccon(scon) != 0) 
+				  fprintf(stderr, "setexeccon faile\n");
+			  freecon(scon);
+		  }
+		free(seuser);
+		free(level);
+	}
 	execl(sushell, shell, NULL);
 	perror(sushell);
Commit	Line	Data
8c09d4df AM	1	--- sysvinit-2.85/src/init.c.selinux 2005-10-14 14:16:24.000000000 -0400
	2	+++ sysvinit-2.85/src/init.c 2005-10-14 14:16:24.000000000 -0400
	3	@@ -48,6 +48,8 @@
f31152bd JB	4	#include <stdarg.h>
	5	#include <sys/syslog.h>
	6	#include <sys/time.h>
437bcd41	7	+#include <selinux/selinux.h>
f31152bd JB	8	+
	9
	10	#ifdef __i386__
	11	# if (__GLIBC__ >= 2)
8c09d4df	12	@@ -2513,6 +2515,7 @@
f31152bd JB	13	char *p;
	14	int f;
	15	int isinit;
	16	+ int enforce = 0;
437bcd41	17
f31152bd JB	18	/* Get my own name */
f31152bd JB	19	if ((p = strrchr(argv[0], '/')) != NULL)
8c09d4df	20	@@ -2576,6 +2579,20 @@
437bcd41 AM	21	maxproclen += strlen(argv[f]) + 1;
	22	}
	23
437bcd41	24	+ if (getenv("SELINUX_INIT") == NULL) {
7bf76497	25	+ putenv("SELINUX_INIT=YES");
94f70ab9	26	+ if (selinux_init_load_policy(&enforce) == 0 ) {
437bcd41 AM	27	+ execv(myname, argv);
437bcd41 AM	28	+ } else {
f31152bd	29	+ if (enforce > 0) {
437bcd41	30	+ /* SELinux in enforcing mode but load_policy failed */
94f70ab9	31	+ /* At this point, we probably can't open /dev/console, so log() won't work */
8c09d4df	32	+ printf("Unable to load SELinux Policy. Machine is in enforcing mode. Halting now.\n");
437bcd41	33	+ exit(1);
f31152bd	34	+ }
437bcd41 AM	35	+ }
437bcd41 AM	36	+ }
437bcd41 AM	37	+
	38	/* Start booting. */
	39	argv0 = argv[0];
	40	argv[1] = NULL;
8c09d4df AM	41	--- sysvinit-2.85/src/Makefile.selinux 2005-10-14 14:16:24.000000000 -0400
	42	+++ sysvinit-2.85/src/Makefile 2005-10-14 14:16:24.000000000 -0400
	43	@@ -32,7 +32,7 @@
	44	all: $(PROGS)
59fa00c5 JB	45
	46	init: init.o init_utmp.o
	47	- $(CC) $(LDFLAGS) $(STATIC) -o $@ init.o init_utmp.o
ad6b8e9b	48	+ $(CC) $(LDFLAGS) $(STATIC) -o $@ init.o init_utmp.o -lsepol -lselinux
59fa00c5 JB	49
	50	halt: halt.o ifdown.o hddown.o utmp.o reboot.h
	51	$(CC) $(LDFLAGS) -o $@ halt.o ifdown.o hddown.o utmp.o
8c09d4df	52	@@ -50,7 +50,7 @@
f31152bd JB	53	$(CC) $(LDFLAGS) -o $@ runlevel.o
	54
	55	sulogin: sulogin.o md5_broken.o md5_crypt_broken.o arc4random.o bcrypt.o blowfish.o
	56	- $(CC) $(LDFLAGS) $(STATIC) -o $@ $^ $(LCRYPT)
94f70ab9	57	+ $(CC) $(LDFLAGS) $(STATIC) -o $@ $^ $(LCRYPT) -lselinux
f31152bd JB	58
	59	wall: dowall.o wall.o
	60	$(CC) $(LDFLAGS) -o $@ dowall.o wall.o
8c09d4df AM	61	--- sysvinit-2.85/src/sulogin.c.selinux 2005-10-14 14:16:24.000000000 -0400
	62	+++ sysvinit-2.85/src/sulogin.c 2005-10-14 14:18:42.000000000 -0400
	63	@@ -28,7 +28,9 @@
	64	#endif
94f70ab9 AM	65	#include "md5.h"
94f70ab9 AM	66	#include "blowfish.h"
94f70ab9 AM	67	+#include <selinux/selinux.h>
94f70ab9 AM	68	+#include <selinux/get_context_list.h>
8c09d4df	69
94f70ab9 AM	70	#define CHECK_DES 1
94f70ab9 AM	71	#define CHECK_MD5 1
8c09d4df AM	72
8c09d4df AM	73	@@ -332,6 +335,19 @@
94f70ab9 AM	74	signal(SIGINT, SIG_DFL);
	75	signal(SIGTSTP, SIG_DFL);
	76	signal(SIGQUIT, SIG_DFL);
	77	+ if (is_selinux_enabled > 0) {
	78	+ security_context_t scon=NULL;
	79	+ char *seuser=NULL;
	80	+ char *level=NULL;
	81	+ if (getseuserbyname("root", &seuser, &level) == 0)
	82	+ if (get_default_context_with_level(seuser, level, 0, &scon) > 0) {
	83	+ if (setexeccon(scon) != 0)
	84	+ fprintf(stderr, "setexeccon faile\n");
	85	+ freecon(scon);
	86	+ }
	87	+ free(seuser);
	88	+ free(level);
	89	+ }
	90	execl(sushell, shell, NULL);
	91	perror(sushell);
59fa00c5	92