ferdnyc / rpms / smartmontools

Forked from rpms/smartmontools 3 years ago
Clone
Source Code
GIT

Files

f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f7 f8 f9 fix-sysconf-statedir master no-config-gen
  1.   f14
  2.   smartmontools-5.38-selinux.patch
Blob Blame History Raw 
diff -up sm5.mine/configure.in.selinux sm5.mine/configure.in
--- sm5.mine/configure.in.selinux	2008-04-01 09:01:02.000000000 +0200
+++ sm5.mine/configure.in	2008-03-28 11:06:05.000000000 +0100
@@ -136,6 +136,16 @@ AC_ARG_ENABLE(sample,[AC_HELP_STRING([--
 AC_SUBST(smartd_suffix)
 AM_CONDITIONAL(SMARTD_SUFFIX, test $smartd_suffix)
 
+AC_ARG_WITH(selinux,[AC_HELP_STRING([--with-selinux],[Enables SELinux support])],
+	[
+		AC_CHECK_HEADERS([selinux/selinux.h], [], [echo "*** Error: Missing SELinux header files";exit 1])
+		AC_CHECK_LIB(selinux, matchpathcon, [with_selinux=yes], [echo "*** Error: Missing or incorrect SELinux library files"; exit 1],)
+	],[])
+AC_SUBST(with_selinux)
+if test "$with_selinux" = "yes"; then
+	AC_DEFINE(WITH_SELINUX, [1], [Define to 1 if SELinux support is enabled])
+fi
+
 if test "$prefix" = "NONE"; then
     dnl no prefix and no mandir, so use ${prefix}/share/man as default
     if test "$mandir" = '${prefix}/man'; then
@@ -151,7 +161,11 @@ dnl if OS not recognized, then use the o
 case "${host}" in
 	*-*-linux*)
 		AC_SUBST([os_deps], ['os_linux.o cciss.o']) 
-		AC_SUBST([os_libs], ['']) ;;
+		if test "$with_selinux" = "yes"; then
+			AC_SUBST([os_libs], ['-lselinux'])
+		else
+			AC_SUBST([os_libs], [''])
+		fi;;
 	*-*-freebsd*|*-*-dragonfly*|*-*-kfreebsd*-gnu*)
 		AC_SUBST([os_deps], ['os_freebsd.o cciss.o']) 
 		AC_SUBST([os_libs], ['-lcam']);;
diff -up sm5.mine/os_linux.cpp.selinux sm5.mine/os_linux.cpp
--- sm5.mine/os_linux.cpp.selinux	2008-04-01 09:01:14.000000000 +0200
+++ sm5.mine/os_linux.cpp	2008-04-01 12:28:04.000000000 +0200
@@ -60,6 +60,9 @@
 #ifndef makedev // old versions of types.h do not include sysmacros.h
 #include <sys/sysmacros.h>
 #endif
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#endif
 
 #include "int64.h"
 #include "atacmds.h"
@@ -105,6 +108,14 @@ int setup_3ware_nodes(const char *nodena
   char             nodestring[NODE_STRING_LENGTH];
   struct stat      stat_buf;
   FILE             *file;
+  int              retval = 0;
+#ifdef WITH_SELINUX
+  security_context_t orig_context = NULL;
+  security_context_t node_context = NULL;
+  int                selinux_enabled  = is_selinux_enabled();
+  int                selinux_enforced = security_getenforce();
+#endif
+
 
   /* First try to open up /proc/devices */
   if (!(file = fopen("/proc/devices", "r"))) {
@@ -129,18 +140,50 @@ int setup_3ware_nodes(const char *nodena
     pout("No major number for /dev/%s listed in /proc/devices. Is the %s driver loaded?\n", nodename, driver_name);
     return 2;
   }
-
+#ifdef WITH_SELINUX
+  /* Prepare a database of contexts for files in /dev
+   * and save the current context */
+  if (selinux_enabled) {
+    if (matchpathcon_init_prefix(NULL, "/dev") < 0)
+      pout("Error initializing contexts database for /dev");
+    if (getfscreatecon(&orig_context) < 0) {
+      pout("Error retrieving original SELinux fscreate context");
+      if (selinux_enforced)
+        matchpathcon_fini();
+        return 6;
+      }
+  }
+#endif
   /* Now check if nodes are correct */
   for (index=0; index<16; index++) {
     sprintf(nodestring, "/dev/%s%d", nodename, index);
-
+#ifdef WITH_SELINUX
+    /* Get context of the node and set it as the default */
+    if (selinux_enabled) {
+      if (matchpathcon(nodestring, S_IRUSR | S_IWUSR, &node_context) < 0) {
+        pout("Could not retreive context for %s", nodestring);
+        if (selinux_enforced) {
+          retval = 6;
+          break;
+        }
+      }
+      if (setfscreatecon(node_context) < 0) {
+        pout ("Error setting default fscreate context");
+        if (selinux_enforced) {
+          retval = 6;
+          break;
+        }
+      }
+    }
+#endif
     /* Try to stat the node */
     if ((stat(nodestring, &stat_buf))) {
       /* Create a new node if it doesn't exist */
       if (mknod(nodestring, S_IFCHR|0600, makedev(tw_major, index))) {
         pout("problem creating 3ware device nodes %s", nodestring);
         syserror("mknod");
-        return 3;
+        retval = 3;
+        break;
       }
     }
 
@@ -153,18 +196,41 @@ int setup_3ware_nodes(const char *nodena
       if (unlink(nodestring)) {
         pout("problem unlinking stale 3ware device node %s", nodestring);
         syserror("unlink");
-        return 4;
+        retval = 4;
+        break;
       }
 
       /* Make a new node */
       if (mknod(nodestring, S_IFCHR|0600, makedev(tw_major, index))) {
         pout("problem creating 3ware device nodes %s", nodestring);
         syserror("mknod");
-        return 5;
+        retval = 5;
+        break;
       }
     }
+#ifdef WITH_SELINUX
+    if (selinux_enabled && node_context) {
+      freecon(node_context);
+      node_context = NULL;
+    }
+#endif
   }
-  return 0;
+
+#ifdef WITH_SELINUX
+  if (selinux_enabled) {
+    if(setfscreatecon(orig_context) < 0) {
+      pout("Error re-setting original fscreate context");
+      if (selinux_enforced)
+        retval = 6;
+    }
+    if(orig_context)
+      freecon(orig_context);
+    if(node_context)
+      freecon(node_context);
+    matchpathcon_fini();
+  }
+#endif
+  return retval;
 }
 
 static char prev_scsi_dev[128];
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.