[Merge] lp:~jpds/upstart/selinux-support into lp:upstart

[Jonathan Davies]

Jonathan Davies has proposed merging lp:~jpds/upstart/selinux-support into 
lp:upstart.

Requested reviews:
  Upstart Reviewers (upstart-reviewers)
Related bugs:
  Bug #595774 in upstart : "init: add SELinux support"
  https://bugs.launchpad.net/upstart/+bug/595774

For more details, see:
https://code.launchpad.net/~jpds/upstart/selinux-support/+merge/193679

Adds SELinux support to Upstart using the patch that exists in Debian.
-- 
https://code.launchpad.net/~jpds/upstart/selinux-support/+merge/193679
Your team Upstart Reviewers is requested to review the proposed merge of 
lp:~jpds/upstart/selinux-support into lp:upstart.

=== modified file 'configure.ac'
--- configure.ac	2013-09-12 23:44:17 +0000
+++ configure.ac	2013-11-02 16:22:09 +0000
@@ -34,6 +34,15 @@
 PKG_CHECK_MODULES([UDEV], [libudev >= 146], [have_udev=yes], [have_udev=no])
 PKG_CHECK_MODULES([DCONF], [dconf >= 0.14], [have_dconf=yes], [have_dconf=no])
 
+AC_ARG_ENABLE(selinux,
+	AS_HELP_STRING([--enable-selinux], [enable SELinux support]),
+	[], [enable_selinux=no])
+
+if test "x$enable_selinux" = "xyes" ; then
+	PKG_CHECK_MODULES(SELINUX, [libselinux])
+	AC_DEFINE(HAVE_SELINUX, 1, [Define if we have SELinux])
+fi
+
 AC_ARG_ENABLE([udev-bridge],
 	AS_HELP_STRING([--disable-udev-bridge],
 		[Disable building of upstart-udev-bridge even if required dependencies available]),

=== modified file 'init/Makefile.am'
--- init/Makefile.am	2013-08-23 09:22:32 +0000
+++ init/Makefile.am	2013-11-02 16:22:09 +0000
@@ -8,7 +8,8 @@
 	$(NIH_CFLAGS) \
 	$(NIH_DBUS_CFLAGS) \
 	$(DBUS_CFLAGS) \
-	$(JSON_CFLAGS)
+	$(JSON_CFLAGS) \
+	$(SELINUX_CFLAGS)
 
 AM_CPPFLAGS = \
 	-DLOCALEDIR="\"$(localedir)\"" \
@@ -71,6 +72,7 @@
 	$(NIH_DBUS_LIBS) \
 	$(DBUS_LIBS) \
 	$(JSON_LIBS) \
+	$(SELINUX_LIBS) \
 	-lrt
 
 

=== modified file 'init/main.c'
--- init/main.c	2013-07-31 09:28:48 +0000
+++ init/main.c	2013-11-02 16:22:09 +0000
@@ -46,6 +46,10 @@
 #include <syslog.h>
 #include <unistd.h>
 
+#ifdef HAVE_SELINUX
+#include <selinux/selinux.h>
+#endif
+
 #include <linux/kd.h>
 
 #include <nih/macros.h>
@@ -190,6 +194,25 @@
 {
 	char **args = NULL;
 	int    ret;
+	int    enforce = 0;
+
+#ifdef HAVE_SELINUX
+	if (getenv ("SELINUX_INIT") == NULL) {
+		putenv ("SELINUX_INIT=YES");
+		if (selinux_init_load_policy (&enforce) == 0 ) {
+			execv (argv[0], argv);
+		} else {
+			if (enforce > 0) {
+				/* SELinux in enforcing mode but load_policy
+				 * failed. At this point, we probably can't
+				 * open /dev/console, so log() won't work.
+				 */
+				fprintf (stderr, "Unable to load SELinux Policy. Machine is in enforcing mode. Halting now.\n");
+				exit (1);
+			}
+		}
+	}
+#endif /* HAVE_SELINUX */
 
 	conf_dirs = NIH_MUST (nih_str_array_new (NULL));
 


-- 
upstart-devel mailing list
upstart-devel@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/upstart-devel