Hi, according to the auto reply from Po-Chun, he left itri. So don't expect a response from him.
Joerg Am 7/28/2022 um 8:26 AM schrieb Joerg Vehlow: > Hi, > > @maintainers: Is this ignored, because it is not formatted correctly? > > This seems to be a real bug, that makes login unusable, if selinux is > enabled. > > @Po-Chun: Maybe try re-sending the patch using git send-email and with a > clean commit message, that describes the problem and gives a hint to why > your solution is correct. > > Joerg > > Am 1/16/2020 um 7:31 AM schrieb [email protected]: >> Hi, >> >> >> The previous mail is missing in the wild, so I resend the same patch again. >> >> >> We are working on enabling SELinux for BusyBox. >> >> We thought login should use the seuser for the SELinux default >> context, but the Linux username. >> >> >> Reference and example: >> >> getseuserbyname on https://selinuxproject.org/page/LibselinuxAPISummary >> <https://selinuxproject.org/page/LibselinuxAPISummary> >> >> >> /https://github.com/SELinuxProject/selinux/blob/master/libselinux/utils/getseuser.c >> <https://github.com/SELinuxProject/selinux/blob/master/libselinux/utils/getseuser.c> >> / >> >> Signed-off-by: Po-Chun Chang <[email protected]> >> --- >> loginutils/login.c | 11 ++++++++++- >> 1 file changed, 10 insertions(+), 1 deletion(-) >> >> diff --git a/loginutils/login.c b/loginutils/login.c >> index 4e65b3a19..11a82421b 100644 >> --- a/loginutils/login.c >> +++ b/loginutils/login.c >> @@ -178,12 +178,16 @@ static void die_if_nologin(void) >> static void initselinux(char *username, char *full_tty, >> security_context_t >> *user_sid) >> { >> + char *seuser = NULL, *level = NULL; >> security_context_t old_tty_sid, new_tty_sid; >> >> if (!is_selinux_enabled()) >> return; >> >> - if (get_default_context(username, NULL, user_sid)) { >> + if (getseuserbyname(username, &seuser, &level)) { >> + bb_error_msg_and_die("can't get seuser for %s", username); >> + } >> + if (get_default_context(seuser, NULL, user_sid)) { >> bb_error_msg_and_die("can't get SID for %s", username); >> } >> if (getfilecon(full_tty, &old_tty_sid) < 0) { >> @@ -196,6 +200,11 @@ static void initselinux(char *username, char *full_tty, >> if (setfilecon(full_tty, new_tty_sid) != 0) { >> bb_perror_msg_and_die("chsid(%s, %s) failed", full_tty, >> new_tty_sid); >> } >> + >> + if (ENABLE_FEATURE_CLEAN_UP) { >> + free(seuser); >> + free(level); >> + } >> } >> #endif >> --- >> >> // >> >> >> >> >> -- >> 本信件可能包含工研院機密資訊,非指定之收件者,請勿使用或揭露本信件內容, >> 並請銷毀此信件。 This email may contain confidential information. Please >> do not use or disclose it in any way and delete it if you are not the >> intended recipient. >> >> _______________________________________________ >> busybox mailing list >> [email protected] >> http://lists.busybox.net/mailman/listinfo/busybox > _______________________________________________ > busybox mailing list > [email protected] > http://lists.busybox.net/mailman/listinfo/busybox _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
