Commit 8481f8ce authored by greg@kroah.com's avatar greg@kroah.com Committed by Greg KH
Browse files

[PATCH] Add initial SELinux support for udev

Based on a patch from Daniel J Walsh <dwalsh@redhat.com>
parent 89067448
......@@ -227,6 +227,14 @@ ifeq ($(USE_DBUS), true)
OBJS += udev_dbus.o
endif
# if USE_SELINUX is enabled, then we do not strip or optimize
ifeq ($(strip $(USE_SELINUX)),true)
CFLAGS += -DUSE_SELINUX
OBJS += udev_selinux.o
LIB_OBJS += -lselinux
endif
# header files automatically generated
GEN_HEADERS = udev_version.h
......
......@@ -49,6 +49,11 @@ To use:
creates or removes a device node. This requires that DBUS
development headers and libraries be present on your system to
build properly. Default value is 'false'.
USE_SELINUX
if set to 'true', SELinux support for udev will be built in.
This requires that SELinux development headers and libraries be
present on your system to build properly. Default value is
'false'.
DEBUG
if set to 'true', debugging messages will be sent to the syslog
as udev is run. Default value is 'false'.
......@@ -97,3 +102,4 @@ greg@kroah.com
......@@ -38,6 +38,7 @@
#include "udev.h"
#include "udev_version.h"
#include "udev_dbus.h"
#include "udev_selinux.h"
#include "logging.h"
#include "namedev.h"
#include "udevdb.h"
......@@ -217,6 +218,9 @@ static int create_node(struct udevice *dev, int fake)
}
}
if (!fake)
selinux_add_node(filename);
/* create symlink if requested */
if (dev->symlink[0] != '\0') {
symlinks = dev->symlink;
......
......@@ -16,6 +16,11 @@
# 1 - DBUS support
%define dbus 0
# if we want to build SELinux support in or not.
# 0 - no SELinux support
# 1 - SELinux support
%define selinux 1
# if we want to enable debugging support in udev. If it is enabled, lots of
# stuff will get sent to the debug syslog.
# 0 - debugging disabled
......@@ -67,6 +72,11 @@ make CC="gcc $RPM_OPT_FLAGS" \
%else
USE_DBUS=false \
%endif
%if %{selinux}
USE_SELINUX=true \
%else
USE_SELINUX=false \
%endif
%if %{debug}
DEBUG=true \
%else
......@@ -85,6 +95,11 @@ make DESTDIR=$RPM_BUILD_ROOT install \
%else
USE_DBUS=false \
%endif
%if %{selinux}
USE_SELINUX=true \
%else
USE_SELINUX=false \
%endif
%if %{lsb}
USE_LSB=true \
%else
......
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
#include <fcntl.h>
#include <unistd.h>
#include <errno.h>
#include <ctype.h>
#include <selinux/selinux.h>
#include "udev.h"
#include "udev_version.h"
#include "udev_selinux.h"
#include "logging.h"
void selinux_add_node(char *filename)
{
int retval;
if (is_selinux_enabled() > 0) {
security_context_t scontext;
retval = matchpathcon(filename, 0, &scontext);
if (retval < 0) {
dbg("matchpathcon(%s) failed\n", filename);
} else {
retval=setfilecon(filename,scontext);
if (retval < 0)
dbg("setfiles %s failed with error '%s'",
filename, strerror(errno));
free(scontext);
}
}
}
#ifndef UDEV_SELINUX_H
#define UDEV_SELINUX_H
#ifdef USE_SELINUX
extern void selinux_add_node(char *filename);
#else
static void selinux_add_node(char *filename) { }
#endif
#endif
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment