--- /dev/null
+diff -ru sysvinit-2.85/src/killall5.c sysvinit-2.85-fixed/src/killall5.c
+--- sysvinit-2.85/src/killall5.c 2003-05-23 00:24:47.000000000 -0400
++++ sysvinit-2.85-fixed/src/killall5.c 2003-05-23 00:23:57.000000000 -0400
+@@ -170,6 +170,7 @@
+ n = p->next;
+ if (p->fullname) free(p->fullname);
+ if (p->pathname) free(p->pathname);
++ if (p->statname) free(p->statname);
+ free(p);
+ }
+ plist = NULL;
+@@ -187,7 +188,7 @@
+ /* Open the status file. */
+ snprintf(path, sizeof(path), "/proc/%s/stat", d->d_name);
+
+- /* Read SID & statname from it. */
++ /* Read statname from it. */
+ if ((fp = fopen(path, "r")) != NULL) {
+ buf[0] = 0;
+ fgets(buf, 256, fp);
+@@ -200,7 +201,6 @@
+ /* Read program name. */
+ q = strrchr(buf, ')');
+ if (q == NULL) {
+- p->sid = 0;
+ nsyslog(LOG_ERR,
+ "can't get program name from %s\n",
+ path);
+@@ -213,24 +213,21 @@
+ while (*q != ' ') q++;
+ }
+ *q++ = 0;
+- while (*q == ' ') q++;
+ p->statname = (char *)xmalloc(strlen(s)+1);
+ strcpy(p->statname, s);
+-
+- /* This could be replaced by getsid(pid) */
+- if (sscanf(q, "%*c %*d %*d %d", &p->sid) != 1) {
+- p->sid = 0;
+- nsyslog(LOG_ERR, "can't read sid from %s\n",
+- path);
+- free(p);
+- continue;
+- }
+ fclose(fp);
+ } else {
+ /* Process disappeared.. */
+ free(p);
+ continue;
+ }
++ p->sid = getsid(pid);
++ if (p->sid < 0) {
++ p->sid = 0;
++ nsyslog(LOG_ERR, "can't read sid for pid %d\n", pid);
++ free(p);
++ continue;
++ }
+
+ /* Now read argv[0] */
+ snprintf(path, sizeof(path), "/proc/%s/cmdline", d->d_name);
+@@ -553,11 +550,7 @@
+ }
+
+ pid = getpid();
+- for (p = plist; p; p = p->next)
+- if (p->pid == pid) {
+- sid = p->sid;
+- break;
+- }
++ sid = getsid(0);
+
+ /* Now kill all processes except our session. */
+ for (p = plist; p; p = p->next)
--- /dev/null
+--- sysvinit-2.85/src/init.c.orig 2003-06-16 11:34:41.000000000 -0400
++++ sysvinit-2.85/src/init.c 2003-06-16 14:28:06.000000000 -0400
+@@ -701,18 +701,30 @@
+ {
+ va_list va_alist;
+ char buf[256];
++ sigset_t nmask, omask; /* For blocking SIGCHLD */
+
+ va_start(va_alist, s);
+ vsnprintf(buf, sizeof(buf), s, va_alist);
+ va_end(va_alist);
+-
++
+ if (loglevel & L_SY) {
+ /*
++ * Block signals while talking to syslog.
++ */
++ sigfillset(&nmask);
++ sigprocmask(SIG_BLOCK, &nmask, &omask);
++
++ /*
+ * Re-etablish connection with syslogd every time.
+ */
+ openlog("init", 0, LOG_DAEMON);
+ syslog(LOG_INFO, "%s", buf);
+ closelog();
++
++ /*
++ * Set signal handlers back to original state.
++ */
++ sigprocmask(SIG_SETMASK, &omask, NULL);
+ }
+
+ /*
--- /dev/null
+--- sysvinit-2.84/src/killall5.c.foo 2002-07-18 21:48:55.000000000 -0400
++++ sysvinit-2.84/src/killall5.c 2002-07-18 22:00:14.000000000 -0400
+@@ -45,6 +45,7 @@
+ /* Info about a process. */
+ typedef struct _proc_
+ {
++ char *pathname; /* full path to executable */
+ char *fullname; /* Name as found out from argv[0] */
+ char *basename; /* Only the part after the last / */
+ char *statname; /* the statname without braces */
+@@ -165,6 +166,7 @@
+ for (p = plist; n; p = n) {
+ n = p->next;
+ if (p->fullname) free(p->fullname);
++ if (p->pathname) free(p->pathname);
+ free(p);
+ }
+ plist = NULL;
+@@ -256,6 +258,8 @@
+ if (stat(path, &st) == 0) {
+ p->dev = st.st_dev;
+ p->ino = st.st_ino;
++ p->pathname = (char *)xmalloc(PATH_MAX);
++ readlink(path, p->pathname, PATH_MAX);
+ }
+
+ /* Link it into the list. */
+@@ -360,6 +364,9 @@
+ strchr(p->fullname, ' ') ||
+ scripts_too)
+ ok += (strcmp(p->statname, s) == 0);
++
++ if (prog[0] == '/' && p->pathname && strcmp(prog,p->pathname))
++ ok = 0;
+
+ if (ok) add_pid_to_q(q, p);
+ }
--- /dev/null
+--- sysvinit-2.85/src/Makefile.selinux 2003-12-18 10:59:15.000000000 -0500
++++ sysvinit-2.85/src/Makefile 2003-12-18 10:59:15.000000000 -0500
+@@ -32,7 +32,7 @@
+ all: $(PROGS)
+
+ init: init.o init_utmp.o
+- $(CC) $(LDFLAGS) $(STATIC) -o $@ init.o init_utmp.o
++ $(CC) $(LDFLAGS) $(STATIC) -o $@ init.o init_utmp.o -lselinux
+
+ halt: halt.o ifdown.o hddown.o utmp.o reboot.h
+ $(CC) $(LDFLAGS) -o $@ halt.o ifdown.o hddown.o utmp.o
+@@ -62,7 +62,7 @@
+ $(CC) $(LDFLAGS) -o $@ bootlogd.o
+
+ init.o: init.c init.h set.h reboot.h
+- $(CC) -c $(CFLAGS) init.c
++ $(CC) -c $(CFLAGS) -DWITH_SELINUX init.c
+
+ utmp.o: utmp.c init.h
+ $(CC) -c $(CFLAGS) utmp.c
+--- sysvinit-2.85/src/init.c.selinux 2003-12-18 10:59:15.000000000 -0500
++++ sysvinit-2.85/src/init.c 2003-12-18 11:01:06.000000000 -0500
+@@ -78,6 +78,81 @@
+ sigemptyset(&sa.sa_mask); \
+ sigaction(sig, &sa, NULL); \
+ } while(0)
++#ifdef WITH_SELINUX
++#include <sys/mman.h>
++#include <selinux/selinux.h>
++#include <sys/mount.h>
++
++static int load_policy(int *enforce)
++{
++ int fd=-1,ret=-1;
++ int rc=0;
++ struct stat sb;
++ void *map;
++ char policy_file[PATH_MAX];
++ int policy_version=0;
++ extern char *selinux_mnt;
++
++ log(L_VB, "Loading security policy\n");
++ if (mount("none", SELINUXMNT, "selinuxfs", 0, 0) < 0) {
++ if (errno == ENODEV) {
++ log(L_VB, "SELinux not supported by kernel: %s\n",SELINUXMNT,strerror(errno));
++ }
++ else {
++ log(L_VB, "Failed to mount %s: %s\n",SELINUXMNT,strerror(errno));
++ return ret;
++ }
++ return ret; /* Never gets here */
++ }
++
++ selinux_mnt = SELINUXMNT; /* set manually since we mounted it */
++
++ policy_version=security_policyvers();
++ if (policy_version < 0) {
++ log(L_VB, "Can't get policy version: %s\n", strerror(errno));
++ goto UMOUNT;
++ }
++
++ rc=security_getenforce();
++ if (rc < 0) {
++ log(L_VB, "Can't get SELinux enforcement flag: %s\n", strerror(errno));
++ goto UMOUNT;
++ }
++ *enforce=rc;
++
++ snprintf(policy_file,sizeof(policy_file),"%s.%d",SELINUXPOLICY,policy_version);
++ fd = open(policy_file, O_RDONLY);
++ if (fd < 0) {
++ log(L_VB, "Can't open '%s': %s\n",
++ policy_file, strerror(errno));
++ goto UMOUNT;
++ }
++
++ if (fstat(fd, &sb) < 0) {
++ log(L_VB, "Can't stat '%s': %s\n",
++ policy_file, strerror(errno));
++ goto UMOUNT;
++ }
++
++ map = mmap(NULL, sb.st_size, PROT_READ, MAP_SHARED, fd, 0);
++ if (map == MAP_FAILED) {
++ log(L_VB, "Can't map '%s': %s\n",
++ policy_file, strerror(errno));
++ goto UMOUNT;
++ }
++ ret=security_load_policy(map, sb.st_size);
++ if (ret < 0) {
++ log(L_VB, "security_load_policy failed\n");
++ }
++
++ UMOUNT:
++ /*umount(SELINUXMNT); */
++ if ( fd >= 0) {
++ close(fd);
++ }
++ return(ret);
++}
++#endif
+
+ /* Version information */
+ char *Version = "@(#) init " VERSION " " DATE " miquels@cistron.nl";
+@@ -2576,6 +2651,20 @@
+ maxproclen += strlen(argv[f]) + 1;
+ }
+
++#ifdef WITH_SELINUX
++ if (getenv("SELINUX_INIT") == NULL) {
++ putenv("SELINUX_INIT=YES");
++ int enforce=0;
++ if (load_policy(&enforce) == 0 ) {
++ execv(myname, argv);
++ } else {
++ if (enforce)
++ /* SELinux in enforcing mode but load_policy failed */
++ exit(1);
++ }
++ }
++#endif
++
+ /* Start booting. */
+ argv0 = argv[0];
+ argv[1] = NULL;
+--- sysvinit-2.85/src/killall5.c.selinux 2003-12-18 10:59:15.000000000 -0500
++++ sysvinit-2.85/src/killall5.c 2003-12-22 17:25:56.959018239 -0500
+@@ -144,8 +144,11 @@
+
+ /*
+ * Read the proc filesystem.
++ * since pidOf does not use process sid added a needSid flag to eliminate
++ * the need of this privs for SELinux
++ *
+ */
+-int readproc()
++int readproc(int needSid)
+ {
+ DIR *dir;
+ struct dirent *d;
+@@ -221,12 +224,16 @@
+ free(p);
+ continue;
+ }
+- p->sid = getsid(pid);
+- if (p->sid < 0) {
+- p->sid = 0;
+- nsyslog(LOG_ERR, "can't read sid for pid %d\n", pid);
+- free(p);
+- continue;
++ if (needSid) {
++ p->sid = getsid(pid);
++ if (p->sid < 0) {
++ p->sid = 0;
++ nsyslog(LOG_ERR, "can't read sid for pid %d\n", pid);
++ free(p);
++ continue;
++ }
++ } else {
++ p->sid = 0;
+ }
+
+ /* Now read argv[0] */
+@@ -463,7 +470,7 @@
+ argv += optind;
+
+ /* Print out process-ID's one by one. */
+- readproc();
++ readproc(0);
+ for(f = 0; f < argc; f++) {
+ if ((q = pidof(argv[f])) != NULL) {
+ spid = 0;
+@@ -544,7 +551,7 @@
+ stopped = 1;
+
+ /* Find out our own 'sid'. */
+- if (readproc() < 0) {
++ if (readproc(1) < 0) {
+ kill(-1, SIGCONT);
+ exit(1);
+ }
projects / packages / SysVinit.git / commitdiff