[packages/SysVinit.git] / sysvinit-selinux.patch

diff -ur sysvinit-2.86.org/src/init.c sysvinit-2.86/src/init.c
--- sysvinit-2.86.org/src/init.c	2004-07-30 14:16:20.000000000 +0200
+++ sysvinit-2.86/src/init.c	2005-12-24 23:22:51.000000000 +0100
@@ -42,6 +42,8 @@
 #include <stdarg.h>
 #include <sys/syslog.h>
 #include <sys/time.h>
+#include <selinux/selinux.h>
+
 
 #ifdef __i386__
 #  if (__GLIBC__ >= 2)
@@ -2599,6 +2601,7 @@
 	char			*p;
 	int			f;
 	int			isinit;
+	int			enforce = 0;
 
 	/* Get my own name */
 	if ((p = strrchr(argv[0], '/')) != NULL)
@@ -2662,6 +2665,20 @@
 		maxproclen += strlen(argv[f]) + 1;
 	}
 
+  	if (getenv("SELINUX_INIT") == NULL) {
+	  putenv("SELINUX_INIT=YES");
+	  if (selinux_init_load_policy(&enforce) == 0 ) {
+	    execv(myname, argv);
+	  } else {
+	    if (enforce > 0) {
+	      /* SELinux in enforcing mode but load_policy failed */
+	      /* At this point, we probably can't open /dev/console, so log() won't work */
+		    initlog(L_VB,"Unable to load SELinux Policy. Machine is in enforcing mode. Halting now.");
+	      exit(1);
+	    }
+	  }
+	}
+  
 	/* Start booting. */
 	argv0 = argv[0];
 	argv[1] = NULL;
Tylko w sysvinit-2.86/src: init.c.orig
diff -ur sysvinit-2.86.org/src/Makefile sysvinit-2.86/src/Makefile
--- sysvinit-2.86.org/src/Makefile	2005-12-24 23:21:59.000000000 +0100
+++ sysvinit-2.86/src/Makefile	2005-12-24 23:23:14.000000000 +0100
@@ -58,7 +58,7 @@
 all:		$(BIN) $(SBIN) $(USRBIN)
 
 init:		init.o init_utmp.o
-		$(CC) $(LDFLAGS) $(STATIC) -o $@ init.o init_utmp.o
+		$(CC) $(LDFLAGS) $(STATIC) -o $@ init.o init_utmp.o -lsepol -lselinux
 
 halt:		halt.o ifdown.o hddown.o utmp.o reboot.h
 		$(CC) $(LDFLAGS) -o $@ halt.o ifdown.o hddown.o utmp.o
@@ -79,7 +79,7 @@
 		$(CC) $(LDFLAGS) -o $@ runlevel.o
 
 sulogin:	sulogin.o md5_broken.o md5_crypt_broken.o arc4random.o bcrypt.o blowfish.o
-		$(CC) $(LDFLAGS) $(STATIC) -o $@ $^ $(LCRYPT)
+		$(CC) $(LDFLAGS) $(STATIC) -o $@ $^ $(LCRYPT) -lselinux
 
 wall:		dowall.o wall.o
 		$(CC) $(LDFLAGS) -o $@ dowall.o wall.o
Tylko w sysvinit-2.86.org/src: Makefile.orig
diff -ur sysvinit-2.86.org/src/sulogin.c sysvinit-2.86/src/sulogin.c
--- sysvinit-2.86.org/src/sulogin.c	2005-12-24 23:21:59.000000000 +0100
+++ sysvinit-2.86/src/sulogin.c	2005-12-24 23:23:33.000000000 +0100
@@ -30,6 +30,9 @@
 #include "md5.h"
 #include "blowfish.h"
 
+#include <selinux/selinux.h>
+#include <selinux/get_context_list.h>
+
 #define CHECK_DES	1
 #define CHECK_MD5	1
 #define CHECK_BLOWFISH	1
@@ -362,6 +365,19 @@
 	signal(SIGINT, SIG_DFL);
 	signal(SIGTSTP, SIG_DFL);
 	signal(SIGQUIT, SIG_DFL);
+	if (is_selinux_enabled > 0) {
+	  security_context_t scon=NULL;
+	  char *seuser=NULL;
+	  char *level=NULL;
+	  if (getseuserbyname("root", &seuser, &level) == 0)
+		  if (get_default_context_with_level(seuser, level, 0, &scon) > 0) {
+			  if (setexeccon(scon) != 0) 
+				  fprintf(stderr, "setexeccon faile\n");
+			  freecon(scon);
+		  }
+		free(seuser);
+		free(level);
+	}
 	execl(sushell, shell, NULL);
 	perror(sushell);
 
Tylko w sysvinit-2.86.org/src: sulogin.c.orig
Commit	Line	Data
94f70ab9 AM	1	diff -ur sysvinit-2.86.org/src/init.c sysvinit-2.86/src/init.c
	2	--- sysvinit-2.86.org/src/init.c 2004-07-30 14:16:20.000000000 +0200
	3	+++ sysvinit-2.86/src/init.c 2005-12-24 23:22:51.000000000 +0100
	4	@@ -42,6 +42,8 @@
f31152bd JB	5	#include <stdarg.h>
	6	#include <sys/syslog.h>
	7	#include <sys/time.h>
437bcd41	8	+#include <selinux/selinux.h>
f31152bd JB	9	+
	10
	11	#ifdef __i386__
	12	# if (__GLIBC__ >= 2)
94f70ab9	13	@@ -2599,6 +2601,7 @@
f31152bd JB	14	char *p;
	15	int f;
	16	int isinit;
	17	+ int enforce = 0;
437bcd41	18
f31152bd JB	19	/* Get my own name */
f31152bd JB	20	if ((p = strrchr(argv[0], '/')) != NULL)
94f70ab9	21	@@ -2662,6 +2665,20 @@
437bcd41 AM	22	maxproclen += strlen(argv[f]) + 1;
	23	}
	24
437bcd41	25	+ if (getenv("SELINUX_INIT") == NULL) {
7bf76497	26	+ putenv("SELINUX_INIT=YES");
94f70ab9	27	+ if (selinux_init_load_policy(&enforce) == 0 ) {
437bcd41 AM	28	+ execv(myname, argv);
437bcd41 AM	29	+ } else {
f31152bd	30	+ if (enforce > 0) {
437bcd41	31	+ /* SELinux in enforcing mode but load_policy failed */
94f70ab9 AM	32	+ /* At this point, we probably can't open /dev/console, so log() won't work */
94f70ab9 AM	33	+ initlog(L_VB,"Unable to load SELinux Policy. Machine is in enforcing mode. Halting now.");
437bcd41	34	+ exit(1);
f31152bd	35	+ }
437bcd41 AM	36	+ }
437bcd41 AM	37	+ }
437bcd41 AM	38	+
	39	/* Start booting. */
	40	argv0 = argv[0];
	41	argv[1] = NULL;
94f70ab9 AM	42	Tylko w sysvinit-2.86/src: init.c.orig
	43	diff -ur sysvinit-2.86.org/src/Makefile sysvinit-2.86/src/Makefile
	44	--- sysvinit-2.86.org/src/Makefile 2005-12-24 23:21:59.000000000 +0100
	45	+++ sysvinit-2.86/src/Makefile 2005-12-24 23:23:14.000000000 +0100
ad6b8e9b JB	46	@@ -58,7 +58,7 @@
ad6b8e9b JB	47	all: $(BIN) $(SBIN) $(USRBIN)
59fa00c5 JB	48
	49	init: init.o init_utmp.o
	50	- $(CC) $(LDFLAGS) $(STATIC) -o $@ init.o init_utmp.o
ad6b8e9b	51	+ $(CC) $(LDFLAGS) $(STATIC) -o $@ init.o init_utmp.o -lsepol -lselinux
59fa00c5 JB	52
	53	halt: halt.o ifdown.o hddown.o utmp.o reboot.h
	54	$(CC) $(LDFLAGS) -o $@ halt.o ifdown.o hddown.o utmp.o
ad6b8e9b	55	@@ -79,7 +79,7 @@
f31152bd JB	56	$(CC) $(LDFLAGS) -o $@ runlevel.o
	57
	58	sulogin: sulogin.o md5_broken.o md5_crypt_broken.o arc4random.o bcrypt.o blowfish.o
	59	- $(CC) $(LDFLAGS) $(STATIC) -o $@ $^ $(LCRYPT)
94f70ab9	60	+ $(CC) $(LDFLAGS) $(STATIC) -o $@ $^ $(LCRYPT) -lselinux
f31152bd JB	61
	62	wall: dowall.o wall.o
	63	$(CC) $(LDFLAGS) -o $@ dowall.o wall.o
94f70ab9 AM	64	Tylko w sysvinit-2.86.org/src: Makefile.orig
	65	diff -ur sysvinit-2.86.org/src/sulogin.c sysvinit-2.86/src/sulogin.c
	66	--- sysvinit-2.86.org/src/sulogin.c 2005-12-24 23:21:59.000000000 +0100
	67	+++ sysvinit-2.86/src/sulogin.c 2005-12-24 23:23:33.000000000 +0100
	68	@@ -30,6 +30,9 @@
	69	#include "md5.h"
	70	#include "blowfish.h"
59fa00c5	71
94f70ab9 AM	72	+#include <selinux/selinux.h>
94f70ab9 AM	73	+#include <selinux/get_context_list.h>
10e9943b	74	+
94f70ab9 AM	75	#define CHECK_DES 1
	76	#define CHECK_MD5 1
	77	#define CHECK_BLOWFISH 1
	78	@@ -362,6 +365,19 @@
	79	signal(SIGINT, SIG_DFL);
	80	signal(SIGTSTP, SIG_DFL);
	81	signal(SIGQUIT, SIG_DFL);
	82	+ if (is_selinux_enabled > 0) {
	83	+ security_context_t scon=NULL;
	84	+ char *seuser=NULL;
	85	+ char *level=NULL;
	86	+ if (getseuserbyname("root", &seuser, &level) == 0)
	87	+ if (get_default_context_with_level(seuser, level, 0, &scon) > 0) {
	88	+ if (setexeccon(scon) != 0)
	89	+ fprintf(stderr, "setexeccon faile\n");
	90	+ freecon(scon);
	91	+ }
	92	+ free(seuser);
	93	+ free(level);
	94	+ }
	95	execl(sushell, shell, NULL);
	96	perror(sushell);
59fa00c5	97
94f70ab9	98	Tylko w sysvinit-2.86.org/src: sulogin.c.orig