[PATCH] Add initial SELinux support for udev
Based on a patch from Daniel J Walsh <dwalsh@redhat.com>
This commit is contained in:
parent
89067448b9
commit
8481f8ce2b
8
Makefile
8
Makefile
|
@ -227,6 +227,14 @@ ifeq ($(USE_DBUS), true)
|
||||||
OBJS += udev_dbus.o
|
OBJS += udev_dbus.o
|
||||||
endif
|
endif
|
||||||
|
|
||||||
|
# if USE_SELINUX is enabled, then we do not strip or optimize
|
||||||
|
ifeq ($(strip $(USE_SELINUX)),true)
|
||||||
|
CFLAGS += -DUSE_SELINUX
|
||||||
|
OBJS += udev_selinux.o
|
||||||
|
LIB_OBJS += -lselinux
|
||||||
|
endif
|
||||||
|
|
||||||
|
|
||||||
# header files automatically generated
|
# header files automatically generated
|
||||||
GEN_HEADERS = udev_version.h
|
GEN_HEADERS = udev_version.h
|
||||||
|
|
||||||
|
|
6
README
6
README
|
@ -49,6 +49,11 @@ To use:
|
||||||
creates or removes a device node. This requires that DBUS
|
creates or removes a device node. This requires that DBUS
|
||||||
development headers and libraries be present on your system to
|
development headers and libraries be present on your system to
|
||||||
build properly. Default value is 'false'.
|
build properly. Default value is 'false'.
|
||||||
|
USE_SELINUX
|
||||||
|
if set to 'true', SELinux support for udev will be built in.
|
||||||
|
This requires that SELinux development headers and libraries be
|
||||||
|
present on your system to build properly. Default value is
|
||||||
|
'false'.
|
||||||
DEBUG
|
DEBUG
|
||||||
if set to 'true', debugging messages will be sent to the syslog
|
if set to 'true', debugging messages will be sent to the syslog
|
||||||
as udev is run. Default value is 'false'.
|
as udev is run. Default value is 'false'.
|
||||||
|
@ -97,3 +102,4 @@ greg@kroah.com
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -38,6 +38,7 @@
|
||||||
#include "udev.h"
|
#include "udev.h"
|
||||||
#include "udev_version.h"
|
#include "udev_version.h"
|
||||||
#include "udev_dbus.h"
|
#include "udev_dbus.h"
|
||||||
|
#include "udev_selinux.h"
|
||||||
#include "logging.h"
|
#include "logging.h"
|
||||||
#include "namedev.h"
|
#include "namedev.h"
|
||||||
#include "udevdb.h"
|
#include "udevdb.h"
|
||||||
|
@ -217,6 +218,9 @@ static int create_node(struct udevice *dev, int fake)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!fake)
|
||||||
|
selinux_add_node(filename);
|
||||||
|
|
||||||
/* create symlink if requested */
|
/* create symlink if requested */
|
||||||
if (dev->symlink[0] != '\0') {
|
if (dev->symlink[0] != '\0') {
|
||||||
symlinks = dev->symlink;
|
symlinks = dev->symlink;
|
||||||
|
|
15
udev.spec
15
udev.spec
|
@ -16,6 +16,11 @@
|
||||||
# 1 - DBUS support
|
# 1 - DBUS support
|
||||||
%define dbus 0
|
%define dbus 0
|
||||||
|
|
||||||
|
# if we want to build SELinux support in or not.
|
||||||
|
# 0 - no SELinux support
|
||||||
|
# 1 - SELinux support
|
||||||
|
%define selinux 1
|
||||||
|
|
||||||
# if we want to enable debugging support in udev. If it is enabled, lots of
|
# if we want to enable debugging support in udev. If it is enabled, lots of
|
||||||
# stuff will get sent to the debug syslog.
|
# stuff will get sent to the debug syslog.
|
||||||
# 0 - debugging disabled
|
# 0 - debugging disabled
|
||||||
|
@ -67,6 +72,11 @@ make CC="gcc $RPM_OPT_FLAGS" \
|
||||||
%else
|
%else
|
||||||
USE_DBUS=false \
|
USE_DBUS=false \
|
||||||
%endif
|
%endif
|
||||||
|
%if %{selinux}
|
||||||
|
USE_SELINUX=true \
|
||||||
|
%else
|
||||||
|
USE_SELINUX=false \
|
||||||
|
%endif
|
||||||
%if %{debug}
|
%if %{debug}
|
||||||
DEBUG=true \
|
DEBUG=true \
|
||||||
%else
|
%else
|
||||||
|
@ -85,6 +95,11 @@ make DESTDIR=$RPM_BUILD_ROOT install \
|
||||||
%else
|
%else
|
||||||
USE_DBUS=false \
|
USE_DBUS=false \
|
||||||
%endif
|
%endif
|
||||||
|
%if %{selinux}
|
||||||
|
USE_SELINUX=true \
|
||||||
|
%else
|
||||||
|
USE_SELINUX=false \
|
||||||
|
%endif
|
||||||
%if %{lsb}
|
%if %{lsb}
|
||||||
USE_LSB=true \
|
USE_LSB=true \
|
||||||
%else
|
%else
|
||||||
|
|
|
@ -0,0 +1,34 @@
|
||||||
|
#include <stdlib.h>
|
||||||
|
#include <string.h>
|
||||||
|
#include <stdio.h>
|
||||||
|
#include <fcntl.h>
|
||||||
|
#include <unistd.h>
|
||||||
|
#include <errno.h>
|
||||||
|
#include <ctype.h>
|
||||||
|
#include <selinux/selinux.h>
|
||||||
|
|
||||||
|
#include "udev.h"
|
||||||
|
#include "udev_version.h"
|
||||||
|
#include "udev_selinux.h"
|
||||||
|
#include "logging.h"
|
||||||
|
|
||||||
|
|
||||||
|
void selinux_add_node(char *filename)
|
||||||
|
{
|
||||||
|
int retval;
|
||||||
|
|
||||||
|
if (is_selinux_enabled() > 0) {
|
||||||
|
security_context_t scontext;
|
||||||
|
retval = matchpathcon(filename, 0, &scontext);
|
||||||
|
if (retval < 0) {
|
||||||
|
dbg("matchpathcon(%s) failed\n", filename);
|
||||||
|
} else {
|
||||||
|
retval=setfilecon(filename,scontext);
|
||||||
|
if (retval < 0)
|
||||||
|
dbg("setfiles %s failed with error '%s'",
|
||||||
|
filename, strerror(errno));
|
||||||
|
free(scontext);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
@ -0,0 +1,10 @@
|
||||||
|
#ifndef UDEV_SELINUX_H
|
||||||
|
#define UDEV_SELINUX_H
|
||||||
|
|
||||||
|
#ifdef USE_SELINUX
|
||||||
|
extern void selinux_add_node(char *filename);
|
||||||
|
#else
|
||||||
|
static void selinux_add_node(char *filename) { }
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#endif
|
Loading…
Reference in New Issue