From 14adc9b875fe8093e08f7c427d060b18826a01b4 Mon Sep 17 00:00:00 2001
From: Alasdair Kergon <agk@redhat.com>
Date: Wed, 7 Apr 2004 14:08:22 +0000
Subject: [PATCH] Basic selinux support

---
 configure          | 76 +++++++++++++++++++++++++++++++++++++++++++---
 configure.in       | 13 ++++++--
 include/.symlinks  |  1 +
 lib/Makefile.in    |  4 +++
 lib/activate/fs.c  | 11 +++++++
 lib/misc/selinux.c | 42 +++++++++++++++++++++++++
 lib/misc/selinux.h | 20 ++++++++++++
 7 files changed, 161 insertions(+), 6 deletions(-)
 create mode 100644 lib/misc/selinux.c
 create mode 100644 lib/misc/selinux.h

diff --git a/configure b/configure
index d3305e399..2ad376a0f 100755
--- a/configure
+++ b/configure
@@ -309,7 +309,7 @@ ac_includes_default="\
 #endif"
 
 ac_default_prefix=/usr
-ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS AWK CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA LN_S SET_MAKE RANLIB ac_ct_RANLIB CPP EGREP build build_cpu build_vendor build_os host host_cpu host_vendor host_os target target_cpu target_vendor target_os MSGFMT JOBS STATIC_LINK LVM1 OWNER GROUP CLDFLAGS CLDWHOLEARCHIVE CLDNOWHOLEARCHIVE LD_DEPS LD_FLAGS SOFLAG LVM_VERSION DEBUG DEVMAPPER HAVE_LIBDL CMDLIB LOCALEDIR INTL_PACKAGE INTL LIBOBJS LTLIBOBJS'
+ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS AWK CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA LN_S SET_MAKE RANLIB ac_ct_RANLIB CPP EGREP build build_cpu build_vendor build_os host host_cpu host_vendor host_os target target_cpu target_vendor target_os MSGFMT JOBS STATIC_LINK LVM1 OWNER GROUP CLDFLAGS CLDWHOLEARCHIVE CLDNOWHOLEARCHIVE LD_DEPS LD_FLAGS SOFLAG LVM_VERSION DEBUG DEVMAPPER HAVE_LIBDL HAVE_SELINUX CMDLIB LOCALEDIR INTL_PACKAGE INTL LIBOBJS LTLIBOBJS'
 ac_subst_files=''
 
 # Initialize some variables set by options.
@@ -4592,13 +4592,79 @@ else
 fi
 
 if [ "x$LVM1" = xshared -a "x$STATIC_LINK" = xyes ];
- then  { { echo "$as_me:$LINENO: error: Features cannot be \"shared\" when building statically
+ then  { { echo "$as_me:$LINENO: error: Features cannot be 'shared' when building statically
 " >&5
-echo "$as_me: error: Features cannot be \"shared\" when building statically
+echo "$as_me: error: Features cannot be 'shared' when building statically
 " >&2;}
    { (exit 1); exit 1; }; }
  exit
-fi;
+fi
+
+echo "$as_me:$LINENO: checking for is_selinux_enabled in -lselinux" >&5
+echo $ECHO_N "checking for is_selinux_enabled in -lselinux... $ECHO_C" >&6
+if test "${ac_cv_lib_selinux_is_selinux_enabled+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lselinux  $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+#line $LINENO "configure"
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+/* Override any gcc2 internal prototype to avoid an error.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+   builtin and then its argument prototype would still apply.  */
+char is_selinux_enabled ();
+int
+main ()
+{
+is_selinux_enabled ();
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+         { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_lib_selinux_is_selinux_enabled=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_selinux_is_selinux_enabled=no
+fi
+rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_selinux_is_selinux_enabled" >&5
+echo "${ECHO_T}$ac_cv_lib_selinux_is_selinux_enabled" >&6
+if test $ac_cv_lib_selinux_is_selinux_enabled = yes; then
+  HAVE_SELINUX=yes
+else
+  HAVE_SELINUX=no
+fi
+
+
+if test x$HAVE_SELINUX = xyes; then
+	CFLAGS="$CFLAGS -DHAVE_SELINUX"
+	LIBS="-lselinux $LIBS"
+fi
 
 
 for ac_header in getopt.h
@@ -5003,6 +5069,7 @@ fi
 
 
 
+
 
 
                                                                                                                                             ac_config_files="$ac_config_files Makefile make.tmpl include/Makefile lib/Makefile lib/format1/Makefile man/Makefile po/Makefile tools/Makefile tools/version.h test/mm/Makefile test/device/Makefile test/format1/Makefile test/regex/Makefile test/filters/Makefile"
@@ -5698,6 +5765,7 @@ s,@LVM_VERSION@,$LVM_VERSION,;t t
 s,@DEBUG@,$DEBUG,;t t
 s,@DEVMAPPER@,$DEVMAPPER,;t t
 s,@HAVE_LIBDL@,$HAVE_LIBDL,;t t
+s,@HAVE_SELINUX@,$HAVE_SELINUX,;t t
 s,@CMDLIB@,$CMDLIB,;t t
 s,@LOCALEDIR@,$LOCALEDIR,;t t
 s,@INTL_PACKAGE@,$INTL_PACKAGE,;t t
diff --git a/configure.in b/configure.in
index a2e1ef301..14a106825 100644
--- a/configure.in
+++ b/configure.in
@@ -195,10 +195,18 @@ fi
 dnl Check for shared/static conflicts
 if [[ "x$LVM1" = xshared -a "x$STATIC_LINK" = xyes ]];
  then  AC_MSG_ERROR(
-Features cannot be \"shared\" when building statically
+Features cannot be 'shared' when building statically
 )
  exit
-fi;
+fi
+
+dnl Check for is_selinux_enabled
+AC_CHECK_LIB(selinux, is_selinux_enabled, HAVE_SELINUX=yes, HAVE_SELINUX=no)
+
+if test x$HAVE_SELINUX = xyes; then
+	CFLAGS="$CFLAGS -DHAVE_SELINUX"
+	LIBS="-lselinux $LIBS"
+fi
 
 dnl Check for getopt
 AC_CHECK_HEADERS(getopt.h, CFLAGS="$CFLAGS -DHAVE_GETOPTLONG")
@@ -265,6 +273,7 @@ AC_SUBST(LVM_VERSION)
 AC_SUBST(DEBUG)
 AC_SUBST(DEVMAPPER)
 AC_SUBST(HAVE_LIBDL)
+AC_SUBST(HAVE_SELINUX)
 AC_SUBST(CMDLIB)
 AC_SUBST(MSGFMT)
 AC_SUBST(LOCALEDIR)
diff --git a/include/.symlinks b/include/.symlinks
index b1cee5505..a79ec97ea 100644
--- a/include/.symlinks
+++ b/include/.symlinks
@@ -34,6 +34,7 @@
 ../lib/misc/lib.h
 ../lib/misc/lvm-file.h
 ../lib/misc/lvm-string.h
+../lib/misc/selinux.h
 ../lib/misc/sharedlib.h
 ../lib/regex/matcher.h
 ../lib/report/report.h
diff --git a/lib/Makefile.in b/lib/Makefile.in
index 4ed7eba0d..f9ceb114c 100644
--- a/lib/Makefile.in
+++ b/lib/Makefile.in
@@ -95,6 +95,10 @@ ifeq ("@HAVE_LIBDL@", "yes")
 	misc/sharedlib.c
 endif
 
+ifeq ("@HAVE_SELINUX@", "yes")
+  SOURCES += misc/selinux.c
+endif
+
 LIB_STATIC = liblvm.a
 
 $(SUBDIRS): $(LIB_STATIC)
diff --git a/lib/activate/fs.c b/lib/activate/fs.c
index 4a93e92a5..61c5043fd 100644
--- a/lib/activate/fs.c
+++ b/lib/activate/fs.c
@@ -20,6 +20,10 @@
 #include "lvm-file.h"
 #include "memlock.h"
 
+#ifdef HAVE_SELINUX
+#  include "selinux.h"
+#endif
+
 #include <sys/stat.h>
 #include <fcntl.h>
 #include <unistd.h>
@@ -175,6 +179,13 @@ static int _mk_link(const char *dev_dir, const char *vg_name,
 		return 0;
 	}
 
+#ifdef HAVE_SELINUX
+        if (set_selinux_context(lv_path)) {
+                log_sys_error("set_selinux_context", lv_path);
+                return 0;
+        }
+#endif
+
 	return 1;
 }
 
diff --git a/lib/misc/selinux.c b/lib/misc/selinux.c
new file mode 100644
index 000000000..15fe66104
--- /dev/null
+++ b/lib/misc/selinux.c
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2002-2004 Sistina Software, Inc. All rights reserved.  
+ * Copyright (C) 2004 Red Hat, Inc. All rights reserved.
+ *
+ * This file is part of LVM2.
+ *
+ * This copyrighted material is made available to anyone wishing to use,
+ * modify, copy, or redistribute it subject to the terms and conditions
+ * of the GNU General Public License v.2.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#include "lib.h"
+#include "selinux.h"
+
+#include <selinux/selinux.h>
+
+int set_selinux_context(const char *path)
+{
+	security_context_t scontext;
+
+	log_very_verbose("Setting SELinux context for %s", path);
+	if (is_selinux_enabled() <= 0)
+		return 0;
+
+	if (matchpathcon(path, 0, &scontext) < 0) {
+		log_sys_error("matchpathcon", path);
+		return 0;
+	}
+
+	if (lsetfilecon(path, scontext) < 0) {
+		log_sys_error("lsetfilecon", path);
+		free(scontext);
+		return 0;
+	}
+
+	free(scontext);
+	return 1;
+}
diff --git a/lib/misc/selinux.h b/lib/misc/selinux.h
new file mode 100644
index 000000000..1ce5d35a0
--- /dev/null
+++ b/lib/misc/selinux.h
@@ -0,0 +1,20 @@
+/*
+ * Copyright (C) 2004 Red Hat, Inc. All rights reserved.
+ *
+ * This file is part of LVM2.
+ *
+ * This copyrighted material is made available to anyone wishing to use,
+ * modify, copy, or redistribute it subject to the terms and conditions
+ * of the GNU General Public License v.2.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#ifndef _LVM_SELINUX_H
+#define _LVM_SELINUX_H
+
+int set_selinux_context(const char * path);
+
+#endif