shaba/lvm2
1
0
Fork 0
mirror of git://sourceware.org/git/lvm2.git synced 2025-01-04 09:18:36 +03:00
Code Releases Activity

Basic selinux support

Browse Source
This commit is contained in:
Alasdair Kergon 2004-04-07 14:08:22 +00:00
parent ae69d47087
commit 036f273ad0
7 changed files with 161 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
configure vendored
View File

@ -309,7 +309,7 @@ ac_includes_default="\
#endif" #endif"
ac_default_prefix=/usr ac_default_prefix=/usr
ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS AWK CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA LN_S SET_MAKE RANLIB ac_ct_RANLIB CPP EGREP build build_cpu build_vendor build_os host host_cpu host_vendor host_os target target_cpu target_vendor target_os MSGFMT JOBS STATIC_LINK LVM1 OWNER GROUP CLDFLAGS CLDWHOLEARCHIVE CLDNOWHOLEARCHIVE LD_DEPS LD_FLAGS SOFLAG LVM_VERSION DEBUG DEVMAPPER HAVE_LIBDL CMDLIB LOCALEDIR INTL_PACKAGE INTL LIBOBJS LTLIBOBJS' ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS AWK CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA LN_S SET_MAKE RANLIB ac_ct_RANLIB CPP EGREP build build_cpu build_vendor build_os host host_cpu host_vendor host_os target target_cpu target_vendor target_os MSGFMT JOBS STATIC_LINK LVM1 OWNER GROUP CLDFLAGS CLDWHOLEARCHIVE CLDNOWHOLEARCHIVE LD_DEPS LD_FLAGS SOFLAG LVM_VERSION DEBUG DEVMAPPER HAVE_LIBDL HAVE_SELINUX CMDLIB LOCALEDIR INTL_PACKAGE INTL LIBOBJS LTLIBOBJS'
ac_subst_files='' ac_subst_files=''
# Initialize some variables set by options. # Initialize some variables set by options.
@ -4592,13 +4592,79 @@ else
fi fi
if [ "x$LVM1" = xshared -a "x$STATIC_LINK" = xyes ]; if [ "x$LVM1" = xshared -a "x$STATIC_LINK" = xyes ];
then { { echo "$as_me:$LINENO: error: Features cannot be \"shared\" when building statically then { { echo "$as_me:$LINENO: error: Features cannot be 'shared' when building statically
" >&5 " >&5
echo "$as_me: error: Features cannot be \"shared\" when building statically echo "$as_me: error: Features cannot be 'shared' when building statically
" >&2;} " >&2;}
{ (exit 1); exit 1; }; } { (exit 1); exit 1; }; }
exit exit
fi; fi
echo "$as_me:$LINENO: checking for is_selinux_enabled in -lselinux" >&5
echo $ECHO_N "checking for is_selinux_enabled in -lselinux... $ECHO_C" >&6
if test "${ac_cv_lib_selinux_is_selinux_enabled+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
ac_check_lib_save_LIBS=$LIBS
LIBS="-lselinux $LIBS"
cat >conftest.$ac_ext <<_ACEOF
#line $LINENO "configure"
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
/* Override any gcc2 internal prototype to avoid an error. */
#ifdef __cplusplus
extern "C"
#endif
/* We use char because int might match the return type of a gcc2
builtin and then its argument prototype would still apply. */
char is_selinux_enabled ();
int
main ()
{
is_selinux_enabled ();
;
return 0;
}
_ACEOF
rm -f conftest.$ac_objext conftest$ac_exeext
if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
(eval $ac_link) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } &&
{ ac_try='test -s conftest$ac_exeext'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; }; then
ac_cv_lib_selinux_is_selinux_enabled=yes
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
ac_cv_lib_selinux_is_selinux_enabled=no
fi
rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
echo "$as_me:$LINENO: result: $ac_cv_lib_selinux_is_selinux_enabled" >&5
echo "${ECHO_T}$ac_cv_lib_selinux_is_selinux_enabled" >&6
if test $ac_cv_lib_selinux_is_selinux_enabled = yes; then
HAVE_SELINUX=yes
else
HAVE_SELINUX=no
fi
if test x$HAVE_SELINUX = xyes; then
CFLAGS="$CFLAGS -DHAVE_SELINUX"
LIBS="-lselinux $LIBS"
fi
for ac_header in getopt.h for ac_header in getopt.h
@ -5003,6 +5069,7 @@ fi
ac_config_files="$ac_config_files Makefile make.tmpl include/Makefile lib/Makefile lib/format1/Makefile man/Makefile po/Makefile tools/Makefile tools/version.h test/mm/Makefile test/device/Makefile test/format1/Makefile test/regex/Makefile test/filters/Makefile" ac_config_files="$ac_config_files Makefile make.tmpl include/Makefile lib/Makefile lib/format1/Makefile man/Makefile po/Makefile tools/Makefile tools/version.h test/mm/Makefile test/device/Makefile test/format1/Makefile test/regex/Makefile test/filters/Makefile"
@ -5698,6 +5765,7 @@ s,@LVM_VERSION@,$LVM_VERSION,;t t
s,@DEBUG@,$DEBUG,;t t s,@DEBUG@,$DEBUG,;t t
s,@DEVMAPPER@,$DEVMAPPER,;t t s,@DEVMAPPER@,$DEVMAPPER,;t t
s,@HAVE_LIBDL@,$HAVE_LIBDL,;t t s,@HAVE_LIBDL@,$HAVE_LIBDL,;t t
s,@HAVE_SELINUX@,$HAVE_SELINUX,;t t
s,@CMDLIB@,$CMDLIB,;t t s,@CMDLIB@,$CMDLIB,;t t
s,@LOCALEDIR@,$LOCALEDIR,;t t s,@LOCALEDIR@,$LOCALEDIR,;t t
s,@INTL_PACKAGE@,$INTL_PACKAGE,;t t s,@INTL_PACKAGE@,$INTL_PACKAGE,;t t

13
configure.in
View File

@ -195,10 +195,18 @@ fi
dnl Check for shared/static conflicts dnl Check for shared/static conflicts
if [[ "x$LVM1" = xshared -a "x$STATIC_LINK" = xyes ]]; if [[ "x$LVM1" = xshared -a "x$STATIC_LINK" = xyes ]];
then AC_MSG_ERROR( then AC_MSG_ERROR(
Features cannot be \"shared\" when building statically Features cannot be 'shared' when building statically
) )
exit exit
fi; fi
dnl Check for is_selinux_enabled
AC_CHECK_LIB(selinux, is_selinux_enabled, HAVE_SELINUX=yes, HAVE_SELINUX=no)
if test x$HAVE_SELINUX = xyes; then
CFLAGS="$CFLAGS -DHAVE_SELINUX"
LIBS="-lselinux $LIBS"
fi
dnl Check for getopt dnl Check for getopt
AC_CHECK_HEADERS(getopt.h, CFLAGS="$CFLAGS -DHAVE_GETOPTLONG") AC_CHECK_HEADERS(getopt.h, CFLAGS="$CFLAGS -DHAVE_GETOPTLONG")
@ -265,6 +273,7 @@ AC_SUBST(LVM_VERSION)
AC_SUBST(DEBUG) AC_SUBST(DEBUG)
AC_SUBST(DEVMAPPER) AC_SUBST(DEVMAPPER)
AC_SUBST(HAVE_LIBDL) AC_SUBST(HAVE_LIBDL)
AC_SUBST(HAVE_SELINUX)
AC_SUBST(CMDLIB) AC_SUBST(CMDLIB)
AC_SUBST(MSGFMT) AC_SUBST(MSGFMT)
AC_SUBST(LOCALEDIR) AC_SUBST(LOCALEDIR)

1
include/.symlinks
View File

@ -34,6 +34,7 @@
../lib/misc/lib.h ../lib/misc/lib.h
../lib/misc/lvm-file.h ../lib/misc/lvm-file.h
../lib/misc/lvm-string.h ../lib/misc/lvm-string.h
../lib/misc/selinux.h
../lib/misc/sharedlib.h ../lib/misc/sharedlib.h
../lib/regex/matcher.h ../lib/regex/matcher.h
../lib/report/report.h ../lib/report/report.h

4
lib/Makefile.in
View File

@ -95,6 +95,10 @@ ifeq ("@HAVE_LIBDL@", "yes")
misc/sharedlib.c misc/sharedlib.c
endif endif
ifeq ("@HAVE_SELINUX@", "yes")
SOURCES += misc/selinux.c
endif
LIB_STATIC = liblvm.a LIB_STATIC = liblvm.a
$(SUBDIRS): $(LIB_STATIC) $(SUBDIRS): $(LIB_STATIC)

11
lib/activate/fs.c
View File

@ -20,6 +20,10 @@
#include "lvm-file.h" #include "lvm-file.h"
#include "memlock.h" #include "memlock.h"
#ifdef HAVE_SELINUX
# include "selinux.h"
#endif
#include <sys/stat.h> #include <sys/stat.h>
#include <fcntl.h> #include <fcntl.h>
#include <unistd.h> #include <unistd.h>
@ -175,6 +179,13 @@ static int _mk_link(const char *dev_dir, const char *vg_name,
return 0; return 0;
} }
#ifdef HAVE_SELINUX
if (set_selinux_context(lv_path)) {
log_sys_error("set_selinux_context", lv_path);
return 0;
}
#endif
return 1; return 1;
} }

42
lib/misc/selinux.c Normal file
View File

@ -0,0 +1,42 @@
/*
* Copyright (C) 2002-2004 Sistina Software, Inc. All rights reserved.
* Copyright (C) 2004 Red Hat, Inc. All rights reserved.
*
* This file is part of LVM2.
*
* This copyrighted material is made available to anyone wishing to use,
* modify, copy, or redistribute it subject to the terms and conditions
* of the GNU General Public License v.2.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software Foundation,
* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#include "lib.h"
#include "selinux.h"
#include <selinux/selinux.h>
int set_selinux_context(const char *path)
{
security_context_t scontext;
log_very_verbose("Setting SELinux context for %s", path);
if (is_selinux_enabled() <= 0)
return 0;
if (matchpathcon(path, 0, &scontext) < 0) {
log_sys_error("matchpathcon", path);
return 0;
}
if (lsetfilecon(path, scontext) < 0) {
log_sys_error("lsetfilecon", path);
free(scontext);
return 0;
}
free(scontext);
return 1;
}

20
lib/misc/selinux.h Normal file
View File

@ -0,0 +1,20 @@
/*
* Copyright (C) 2004 Red Hat, Inc. All rights reserved.
*
* This file is part of LVM2.
*
* This copyrighted material is made available to anyone wishing to use,
* modify, copy, or redistribute it subject to the terms and conditions
* of the GNU General Public License v.2.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software Foundation,
* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef _LVM_SELINUX_H
#define _LVM_SELINUX_H
int set_selinux_context(const char * path);
#endif