mirror of
git://sourceware.org/git/lvm2.git
synced 2025-01-02 01:18:26 +03:00
Basic selinux support
This commit is contained in:
Alasdair Kergon
parent
ae69d47087
commit
036f273ad0
76
configure
vendored
76
configure
vendored
@ -309,7 +309,7 @@ ac_includes_default="\
|
||||
#endif"
|
||||
|
||||
ac_default_prefix=/usr
|
||||
ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS AWK CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA LN_S SET_MAKE RANLIB ac_ct_RANLIB CPP EGREP build build_cpu build_vendor build_os host host_cpu host_vendor host_os target target_cpu target_vendor target_os MSGFMT JOBS STATIC_LINK LVM1 OWNER GROUP CLDFLAGS CLDWHOLEARCHIVE CLDNOWHOLEARCHIVE LD_DEPS LD_FLAGS SOFLAG LVM_VERSION DEBUG DEVMAPPER HAVE_LIBDL CMDLIB LOCALEDIR INTL_PACKAGE INTL LIBOBJS LTLIBOBJS'
|
||||
ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS AWK CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA LN_S SET_MAKE RANLIB ac_ct_RANLIB CPP EGREP build build_cpu build_vendor build_os host host_cpu host_vendor host_os target target_cpu target_vendor target_os MSGFMT JOBS STATIC_LINK LVM1 OWNER GROUP CLDFLAGS CLDWHOLEARCHIVE CLDNOWHOLEARCHIVE LD_DEPS LD_FLAGS SOFLAG LVM_VERSION DEBUG DEVMAPPER HAVE_LIBDL HAVE_SELINUX CMDLIB LOCALEDIR INTL_PACKAGE INTL LIBOBJS LTLIBOBJS'
|
||||
ac_subst_files=''
|
||||
|
||||
# Initialize some variables set by options.
|
||||
@ -4592,13 +4592,79 @@ else
|
||||
fi
|
||||
|
||||
if [ "x$LVM1" = xshared -a "x$STATIC_LINK" = xyes ];
|
||||
then { { echo "$as_me:$LINENO: error: Features cannot be \"shared\" when building statically
|
||||
then { { echo "$as_me:$LINENO: error: Features cannot be 'shared' when building statically
|
||||
" >&5
|
||||
echo "$as_me: error: Features cannot be \"shared\" when building statically
|
||||
echo "$as_me: error: Features cannot be 'shared' when building statically
|
||||
" >&2;}
|
||||
{ (exit 1); exit 1; }; }
|
||||
exit
|
||||
fi;
|
||||
fi
|
||||
|
||||
echo "$as_me:$LINENO: checking for is_selinux_enabled in -lselinux" >&5
|
||||
echo $ECHO_N "checking for is_selinux_enabled in -lselinux... $ECHO_C" >&6
|
||||
if test "${ac_cv_lib_selinux_is_selinux_enabled+set}" = set; then
|
||||
echo $ECHO_N "(cached) $ECHO_C" >&6
|
||||
else
|
||||
ac_check_lib_save_LIBS=$LIBS
|
||||
LIBS="-lselinux $LIBS"
|
||||
cat >conftest.$ac_ext <<_ACEOF
|
||||
#line $LINENO "configure"
|
||||
/* confdefs.h. */
|
||||
_ACEOF
|
||||
cat confdefs.h >>conftest.$ac_ext
|
||||
cat >>conftest.$ac_ext <<_ACEOF
|
||||
/* end confdefs.h. */
|
||||
|
||||
/* Override any gcc2 internal prototype to avoid an error. */
|
||||
#ifdef __cplusplus
|
||||
extern "C"
|
||||
#endif
|
||||
/* We use char because int might match the return type of a gcc2
|
||||
builtin and then its argument prototype would still apply. */
|
||||
char is_selinux_enabled ();
|
||||
int
|
||||
main ()
|
||||
{
|
||||
is_selinux_enabled ();
|
||||
;
|
||||
return 0;
|
||||
}
|
||||
_ACEOF
|
||||
rm -f conftest.$ac_objext conftest$ac_exeext
|
||||
if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
|
||||
(eval $ac_link) 2>&5
|
||||
ac_status=$?
|
||||
echo "$as_me:$LINENO: \$? = $ac_status" >&5
|
||||
(exit $ac_status); } &&
|
||||
{ ac_try='test -s conftest$ac_exeext'
|
||||
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
|
||||
(eval $ac_try) 2>&5
|
||||
ac_status=$?
|
||||
echo "$as_me:$LINENO: \$? = $ac_status" >&5
|
||||
(exit $ac_status); }; }; then
|
||||
ac_cv_lib_selinux_is_selinux_enabled=yes
|
||||
else
|
||||
echo "$as_me: failed program was:" >&5
|
||||
sed 's/^/| /' conftest.$ac_ext >&5
|
||||
|
||||
ac_cv_lib_selinux_is_selinux_enabled=no
|
||||
fi
|
||||
rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
|
||||
LIBS=$ac_check_lib_save_LIBS
|
||||
fi
|
||||
echo "$as_me:$LINENO: result: $ac_cv_lib_selinux_is_selinux_enabled" >&5
|
||||
echo "${ECHO_T}$ac_cv_lib_selinux_is_selinux_enabled" >&6
|
||||
if test $ac_cv_lib_selinux_is_selinux_enabled = yes; then
|
||||
HAVE_SELINUX=yes
|
||||
else
|
||||
HAVE_SELINUX=no
|
||||
fi
|
||||
|
||||
|
||||
if test x$HAVE_SELINUX = xyes; then
|
||||
CFLAGS="$CFLAGS -DHAVE_SELINUX"
|
||||
LIBS="-lselinux $LIBS"
|
||||
fi
|
||||
|
||||
|
||||
for ac_header in getopt.h
|
||||
@ -5003,6 +5069,7 @@ fi
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
ac_config_files="$ac_config_files Makefile make.tmpl include/Makefile lib/Makefile lib/format1/Makefile man/Makefile po/Makefile tools/Makefile tools/version.h test/mm/Makefile test/device/Makefile test/format1/Makefile test/regex/Makefile test/filters/Makefile"
|
||||
@ -5698,6 +5765,7 @@ s,@LVM_VERSION@,$LVM_VERSION,;t t
|
||||
s,@DEBUG@,$DEBUG,;t t
|
||||
s,@DEVMAPPER@,$DEVMAPPER,;t t
|
||||
s,@HAVE_LIBDL@,$HAVE_LIBDL,;t t
|
||||
s,@HAVE_SELINUX@,$HAVE_SELINUX,;t t
|
||||
s,@CMDLIB@,$CMDLIB,;t t
|
||||
s,@LOCALEDIR@,$LOCALEDIR,;t t
|
||||
s,@INTL_PACKAGE@,$INTL_PACKAGE,;t t
|
||||
|
||||
13
configure.in
13
configure.in
@ -195,10 +195,18 @@ fi
|
||||
dnl Check for shared/static conflicts
|
||||
if [[ "x$LVM1" = xshared -a "x$STATIC_LINK" = xyes ]];
|
||||
then AC_MSG_ERROR(
|
||||
Features cannot be \"shared\" when building statically
|
||||
Features cannot be 'shared' when building statically
|
||||
)
|
||||
exit
|
||||
fi;
|
||||
fi
|
||||
|
||||
dnl Check for is_selinux_enabled
|
||||
AC_CHECK_LIB(selinux, is_selinux_enabled, HAVE_SELINUX=yes, HAVE_SELINUX=no)
|
||||
|
||||
if test x$HAVE_SELINUX = xyes; then
|
||||
CFLAGS="$CFLAGS -DHAVE_SELINUX"
|
||||
LIBS="-lselinux $LIBS"
|
||||
fi
|
||||
|
||||
dnl Check for getopt
|
||||
AC_CHECK_HEADERS(getopt.h, CFLAGS="$CFLAGS -DHAVE_GETOPTLONG")
|
||||
@ -265,6 +273,7 @@ AC_SUBST(LVM_VERSION)
|
||||
AC_SUBST(DEBUG)
|
||||
AC_SUBST(DEVMAPPER)
|
||||
AC_SUBST(HAVE_LIBDL)
|
||||
AC_SUBST(HAVE_SELINUX)
|
||||
AC_SUBST(CMDLIB)
|
||||
AC_SUBST(MSGFMT)
|
||||
AC_SUBST(LOCALEDIR)
|
||||
|
||||
@ -34,6 +34,7 @@
|
||||
../lib/misc/lib.h
|
||||
../lib/misc/lvm-file.h
|
||||
../lib/misc/lvm-string.h
|
||||
../lib/misc/selinux.h
|
||||
../lib/misc/sharedlib.h
|
||||
../lib/regex/matcher.h
|
||||
../lib/report/report.h
|
||||
|
||||
@ -95,6 +95,10 @@ ifeq ("@HAVE_LIBDL@", "yes")
|
||||
misc/sharedlib.c
|
||||
endif
|
||||
|
||||
ifeq ("@HAVE_SELINUX@", "yes")
|
||||
SOURCES += misc/selinux.c
|
||||
endif
|
||||
|
||||
LIB_STATIC = liblvm.a
|
||||
|
||||
$(SUBDIRS): $(LIB_STATIC)
|
||||
|
||||
@ -20,6 +20,10 @@
|
||||
#include "lvm-file.h"
|
||||
#include "memlock.h"
|
||||
|
||||
#ifdef HAVE_SELINUX
|
||||
# include "selinux.h"
|
||||
#endif
|
||||
|
||||
#include <sys/stat.h>
|
||||
#include <fcntl.h>
|
||||
#include <unistd.h>
|
||||
@ -175,6 +179,13 @@ static int _mk_link(const char *dev_dir, const char *vg_name,
|
||||
return 0;
|
||||
}
|
||||
|
||||
#ifdef HAVE_SELINUX
|
||||
if (set_selinux_context(lv_path)) {
|
||||
log_sys_error("set_selinux_context", lv_path);
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
42
lib/misc/selinux.c
Normal file
42
lib/misc/selinux.c
Normal file
@ -0,0 +1,42 @@
|
||||
/*
|
||||
* Copyright (C) 2002-2004 Sistina Software, Inc. All rights reserved.
|
||||
* Copyright (C) 2004 Red Hat, Inc. All rights reserved.
|
||||
*
|
||||
* This file is part of LVM2.
|
||||
*
|
||||
* This copyrighted material is made available to anyone wishing to use,
|
||||
* modify, copy, or redistribute it subject to the terms and conditions
|
||||
* of the GNU General Public License v.2.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software Foundation,
|
||||
* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
*/
|
||||
|
||||
#include "lib.h"
|
||||
#include "selinux.h"
|
||||
|
||||
#include <selinux/selinux.h>
|
||||
|
||||
int set_selinux_context(const char *path)
|
||||
{
|
||||
security_context_t scontext;
|
||||
|
||||
log_very_verbose("Setting SELinux context for %s", path);
|
||||
if (is_selinux_enabled() <= 0)
|
||||
return 0;
|
||||
|
||||
if (matchpathcon(path, 0, &scontext) < 0) {
|
||||
log_sys_error("matchpathcon", path);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (lsetfilecon(path, scontext) < 0) {
|
||||
log_sys_error("lsetfilecon", path);
|
||||
free(scontext);
|
||||
return 0;
|
||||
}
|
||||
|
||||
free(scontext);
|
||||
return 1;
|
||||
}
|
||||
20
lib/misc/selinux.h
Normal file
20
lib/misc/selinux.h
Normal file
@ -0,0 +1,20 @@
|
||||
/*
|
||||
* Copyright (C) 2004 Red Hat, Inc. All rights reserved.
|
||||
*
|
||||
* This file is part of LVM2.
|
||||
*
|
||||
* This copyrighted material is made available to anyone wishing to use,
|
||||
* modify, copy, or redistribute it subject to the terms and conditions
|
||||
* of the GNU General Public License v.2.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software Foundation,
|
||||
* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
*/
|
||||
|
||||
#ifndef _LVM_SELINUX_H
|
||||
#define _LVM_SELINUX_H
|
||||
|
||||
int set_selinux_context(const char * path);
|
||||
|
||||
#endif
|
||||
Loading…
Reference in New Issue
Block a user