diff options
author | greg@kroah.com <greg@kroah.com> | 2004-02-28 00:52:20 -0800 |
---|---|---|
committer | Greg KH <gregkh@suse.de> | 2005-04-26 21:32:31 -0700 |
commit | 8481f8ce2bd2b19ebcf3cb96ac6825093f626b0f (patch) | |
tree | 9311b5e7fe1b85b1d5645d1b3dd4a4cfc0ab7737 | |
parent | 89067448b935d580496555f257dd5512c4c39098 (diff) |
[PATCH] Add initial SELinux support for udev
Based on a patch from Daniel J Walsh <dwalsh@redhat.com>
-rw-r--r-- | Makefile | 8 | ||||
-rw-r--r-- | README | 6 | ||||
-rw-r--r-- | udev-add.c | 4 | ||||
-rw-r--r-- | udev.spec | 15 | ||||
-rw-r--r-- | udev_selinux.c | 34 | ||||
-rw-r--r-- | udev_selinux.h | 10 |
6 files changed, 77 insertions, 0 deletions
@@ -227,6 +227,14 @@ ifeq ($(USE_DBUS), true) OBJS += udev_dbus.o endif +# if USE_SELINUX is enabled, then we do not strip or optimize +ifeq ($(strip $(USE_SELINUX)),true) + CFLAGS += -DUSE_SELINUX + OBJS += udev_selinux.o + LIB_OBJS += -lselinux +endif + + # header files automatically generated GEN_HEADERS = udev_version.h @@ -49,6 +49,11 @@ To use: creates or removes a device node. This requires that DBUS development headers and libraries be present on your system to build properly. Default value is 'false'. + USE_SELINUX + if set to 'true', SELinux support for udev will be built in. + This requires that SELinux development headers and libraries be + present on your system to build properly. Default value is + 'false'. DEBUG if set to 'true', debugging messages will be sent to the syslog as udev is run. Default value is 'false'. @@ -97,3 +102,4 @@ greg@kroah.com + diff --git a/udev-add.c b/udev-add.c index 0d3131300f..2f64b4375a 100644 --- a/udev-add.c +++ b/udev-add.c @@ -38,6 +38,7 @@ #include "udev.h" #include "udev_version.h" #include "udev_dbus.h" +#include "udev_selinux.h" #include "logging.h" #include "namedev.h" #include "udevdb.h" @@ -217,6 +218,9 @@ static int create_node(struct udevice *dev, int fake) } } + if (!fake) + selinux_add_node(filename); + /* create symlink if requested */ if (dev->symlink[0] != '\0') { symlinks = dev->symlink; @@ -16,6 +16,11 @@ # 1 - DBUS support %define dbus 0 +# if we want to build SELinux support in or not. +# 0 - no SELinux support +# 1 - SELinux support +%define selinux 1 + # if we want to enable debugging support in udev. If it is enabled, lots of # stuff will get sent to the debug syslog. # 0 - debugging disabled @@ -67,6 +72,11 @@ make CC="gcc $RPM_OPT_FLAGS" \ %else USE_DBUS=false \ %endif +%if %{selinux} + USE_SELINUX=true \ +%else + USE_SELINUX=false \ +%endif %if %{debug} DEBUG=true \ %else @@ -85,6 +95,11 @@ make DESTDIR=$RPM_BUILD_ROOT install \ %else USE_DBUS=false \ %endif +%if %{selinux} + USE_SELINUX=true \ +%else + USE_SELINUX=false \ +%endif %if %{lsb} USE_LSB=true \ %else diff --git a/udev_selinux.c b/udev_selinux.c new file mode 100644 index 0000000000..3728fd0b50 --- /dev/null +++ b/udev_selinux.c @@ -0,0 +1,34 @@ +#include <stdlib.h> +#include <string.h> +#include <stdio.h> +#include <fcntl.h> +#include <unistd.h> +#include <errno.h> +#include <ctype.h> +#include <selinux/selinux.h> + +#include "udev.h" +#include "udev_version.h" +#include "udev_selinux.h" +#include "logging.h" + + +void selinux_add_node(char *filename) +{ + int retval; + + if (is_selinux_enabled() > 0) { + security_context_t scontext; + retval = matchpathcon(filename, 0, &scontext); + if (retval < 0) { + dbg("matchpathcon(%s) failed\n", filename); + } else { + retval=setfilecon(filename,scontext); + if (retval < 0) + dbg("setfiles %s failed with error '%s'", + filename, strerror(errno)); + free(scontext); + } + } +} + diff --git a/udev_selinux.h b/udev_selinux.h new file mode 100644 index 0000000000..77a1f36bd9 --- /dev/null +++ b/udev_selinux.h @@ -0,0 +1,10 @@ +#ifndef UDEV_SELINUX_H +#define UDEV_SELINUX_H + +#ifdef USE_SELINUX +extern void selinux_add_node(char *filename); +#else +static void selinux_add_node(char *filename) { } +#endif + +#endif |