packages/policycoreutils
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:59d7c0ed6351e9add90396b0a81210c076e5935e
Branches Tags
packages:main
..
compare: packages:a7a0b922e027587668e0f0bf6d80ec4d4050e603
Branches Tags
packages:main

No commits in common. "59d7c0ed6351e9add90396b0a81210c076e5935e" and "a7a0b922e027587668e0f0bf6d80ec4d4050e603" have entirely different histories.
59d7c0ed63 ... a7a0b922e0

10 changed files with 1 additions and 658 deletions
Show Stats Expand all files Collapse all files

156
backport-newrole-silence-compiler-warnings.patch
View File

@ -1,156 +0,0 @@
From 29e167a448eff9aaee13d3c51c56641959d4ca7f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Tue, 22 Feb 2022 14:51:41 +0100
Subject: [PATCH] newrole: silence compiler warnings
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
newrole.c:636:12: warning: function declaration isnt a prototype [-Wstrict-prototypes]
636 | static int transition_to_caller_uid()
| ^~~~~~~~~~~~~~~~~~~~~~~~
newrole.c:103:9: warning: macro is not used [-Wunused-macros]
#define DEFAULT_CONTEXT_SIZE 255 /* first guess at context size */
^
newrole.c:862:4: warning: 'break' will never be executed [-Wunreachable-code-break]
break;
^~~~~
newrole.c:168:13: warning: no previous extern declaration for non-static variable 'service_name' [-Wmissing-variable-declarations]
const char *service_name = "newrole";
^
hashtab.c:53:11: warning: implicit conversion changes signedness: 'unsigned int' to 'int' [-Wsign-conversion]
hvalue = h->hash_value(h, key);
~ ^~~~~~~~~~~~~~~~~~~~~
hashtab.c:92:11: warning: implicit conversion changes signedness: 'unsigned int' to 'int' [-Wsign-conversion]
hvalue = h->hash_value(h, key);
~ ^~~~~~~~~~~~~~~~~~~~~
hashtab.c:124:11: warning: implicit conversion changes signedness: 'unsigned int' to 'int' [-Wsign-conversion]
hvalue = h->hash_value(h, key);
~ ^~~~~~~~~~~~~~~~~~~~~
hashtab.c:172:10: warning: implicit conversion changes signedness: 'int' to 'unsigned int' [-Wsign-conversion]
ret = apply(cur->key, cur->datum, args);
~ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
hashtab.c:174:12: warning: implicit conversion changes signedness: 'unsigned int' to 'int' [-Wsign-conversion]
return ret;
~~~~~~ ^~~
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
policycoreutils/newrole/hashtab.c | 9 +++++----
policycoreutils/newrole/newrole.c | 15 ++++++---------
2 files changed, 11 insertions(+), 13 deletions(-)
diff --git a/policycoreutils/newrole/hashtab.c b/policycoreutils/newrole/hashtab.c
index bc502836..26d4f4c7 100644
--- a/policycoreutils/newrole/hashtab.c
+++ b/policycoreutils/newrole/hashtab.c
@@ -44,7 +44,7 @@ hashtab_t hashtab_create(unsigned int (*hash_value) (hashtab_t h,
int hashtab_insert(hashtab_t h, hashtab_key_t key, hashtab_datum_t datum)
{
- int hvalue;
+ unsigned int hvalue;
hashtab_ptr_t prev, cur, newnode;
if (!h)
@@ -83,7 +83,7 @@ int hashtab_remove(hashtab_t h, hashtab_key_t key,
void (*destroy) (hashtab_key_t k,
hashtab_datum_t d, void *args), void *args)
{
- int hvalue;
+ unsigned int hvalue;
hashtab_ptr_t cur, last;
if (!h)
@@ -115,7 +115,7 @@ int hashtab_remove(hashtab_t h, hashtab_key_t key,
hashtab_datum_t hashtab_search(hashtab_t h, const_hashtab_key_t key)
{
- int hvalue;
+ unsigned int hvalue;
hashtab_ptr_t cur;
if (!h)
@@ -160,8 +160,9 @@ int hashtab_map(hashtab_t h,
int (*apply) (hashtab_key_t k,
hashtab_datum_t d, void *args), void *args)
{
- unsigned int i, ret;
+ unsigned int i;
hashtab_ptr_t cur;
+ int ret;
if (!h)
return HASHTAB_SUCCESS;
diff --git a/policycoreutils/newrole/newrole.c b/policycoreutils/newrole/newrole.c
index 9d68b6ab..c9989863 100644
--- a/policycoreutils/newrole/newrole.c
+++ b/policycoreutils/newrole/newrole.c
@@ -100,7 +100,6 @@
#endif
#define DEFAULT_PATH "/usr/bin:/bin"
-#define DEFAULT_CONTEXT_SIZE 255 /* first guess at context size */
extern char **environ;
@@ -115,7 +114,7 @@ extern char **environ;
*
* Returns malloc'd memory
*/
-static char *build_new_range(char *newlevel, const char *range)
+static char *build_new_range(const char *newlevel, const char *range)
{
char *newrangep = NULL;
const char *tmpptr;
@@ -166,7 +165,7 @@ static char *build_new_range(char *newlevel, const char *range)
#include <security/pam_appl.h> /* for PAM functions */
#include <security/pam_misc.h> /* for misc_conv PAM utility function */
-const char *service_name = "newrole";
+static const char *service_name = "newrole";
/* authenticate_via_pam()
*
@@ -230,14 +229,13 @@ static int free_hashtab_entry(hashtab_key_t key, hashtab_datum_t d,
static unsigned int reqsymhash(hashtab_t h, const_hashtab_key_t key)
{
- char *p, *keyp;
+ const char *p;
size_t size;
unsigned int val;
val = 0;
- keyp = (char *)key;
- size = strlen(keyp);
- for (p = keyp; ((size_t) (p - keyp)) < size; p++)
+ size = strlen(key);
+ for (p = key; ((size_t) (p - key)) < size; p++)
val =
(val << 4 | (val >> (8 * sizeof(unsigned int) - 4))) ^ (*p);
return val & (h->size - 1);
@@ -623,7 +621,7 @@ static inline int drop_capabilities(__attribute__ ((__unused__)) int full)
* This function will set the uid values to be that of caller's uid, and
* will drop any privilege which may have been raised.
*/
-static int transition_to_caller_uid()
+static int transition_to_caller_uid(void)
{
uid_t uid = getuid();
@@ -850,7 +848,6 @@ static int parse_command_line_arguments(int argc, char **argv, char *ttyn,
case 'V':
printf("newrole: %s version %s\n", PACKAGE, VERSION);
exit(0);
- break;
case 'p':
*preserve_environment = 1;
break;
--
2.33.0

53
backport-newrole-use-DJB2a-string-hash-function.patch
View File

@ -1,53 +0,0 @@
From 3089f1f2fd92684372e8141f1f5dbfd97b859983 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Wed, 16 Aug 2023 14:38:45 +0200
Subject: [PATCH] newrole: use DJB2a string hash function
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The hash table implementation uses `& (h->size - 1)` to truncate
generated hashes to the number of buckets. This operation is equal to
`% h->size` if and only if the size is a power of two (which seems to be
always the case). One property of the binary and with a power of two
(and probably a small one <=2048) is all higher bits are discarded.
Thus a hash function is needed with a good avalanche effect, which the
current one is not.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
---
policycoreutils/newrole/newrole.c | 17 +++++++----------
1 file changed, 7 insertions(+), 10 deletions(-)
diff --git a/policycoreutils/newrole/newrole.c b/policycoreutils/newrole/newrole.c
index d9efa68a..5a1a1129 100644
--- a/policycoreutils/newrole/newrole.c
+++ b/policycoreutils/newrole/newrole.c
@@ -229,16 +229,13 @@ static int free_hashtab_entry(hashtab_key_t key, hashtab_datum_t d,
static unsigned int reqsymhash(hashtab_t h, const_hashtab_key_t key)
{
- const char *p;
- size_t size;
- unsigned int val;
-
- val = 0;
- size = strlen(key);
- for (p = key; ((size_t) (p - key)) < size; p++)
- val =
- (val << 4 | (val >> (8 * sizeof(unsigned int) - 4))) ^ (*p);
- return val & (h->size - 1);
+ unsigned int hash = 5381;
+ unsigned char c;
+
+ while ((c = *(unsigned const char *)key++))
+ hash = ((hash << 5) + hash) ^ c;
+
+ return hash & (h->size - 1);
}
static int reqsymcmp(hashtab_t h
--
2.33.0

98
backport-python-Harden-more-tools-against-rogue-modules.patch
View File

@ -1,98 +0,0 @@
From 94389f21022be68cb048b4b76d32c0f2440b15ee Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com>
Date: Wed, 6 Dec 2023 15:31:51 +0100
Subject: [PATCH] python: Harden more tools against "rogue" modules
Python scripts present in the same directory as the tool
override regular modules.
Fixes:
#cat > /usr/bin/signal.py <<EOF
import sys
print("BAD GUY!", file=sys.stderr)
sys.exit(1)
EOF
#sandbox date
BAD GUY!
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
Acked-by: James Carter <jwcart2@gmail.com>
---
dbus/selinux_server.py | 2 +-
gui/polgengui.py | 2 +-
gui/system-config-selinux.py | 6 +++---
sandbox/sandbox | 2 +-
sandbox/start | 2 +-
5 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/dbus/selinux_server.py b/dbus/selinux_server.py
index a969f226..469c526f 100644
--- a/dbus/selinux_server.py
+++ b/dbus/selinux_server.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python3
+#!/usr/bin/python3 -EsI
import dbus
import dbus.service
diff --git a/gui/polgengui.py b/gui/polgengui.py
index 16116ba6..9c151a11 100644
--- a/gui/polgengui.py
+++ b/gui/polgengui.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python3 -Es
+#!/usr/bin/python3 -EsI
#
# polgengui.py - GUI for SELinux Config tool in system-config-selinux
#
diff --git a/gui/system-config-selinux.py b/gui/system-config-selinux.py
index 9f53b7fe..0b6ba4b5 100644
--- a/gui/system-config-selinux.py
+++ b/gui/system-config-selinux.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python3 -Es
+#!/usr/bin/python3 -EsI
#
# system-config-selinux.py - GUI for SELinux Config tool in system-config-selinux
#
@@ -32,6 +32,8 @@ except RuntimeError as e:
print("This is a graphical application and requires DISPLAY to be set.")
sys.exit(1)
+sys.path.append('/usr/share/system-config-selinux')
+
from gi.repository import GObject
import statusPage
import booleansPage
@@ -66,8 +68,6 @@ except:
version = "1.0"
-sys.path.append('/usr/share/system-config-selinux')
-
##
## Pull in the Glade file
diff --git a/sandbox/sandbox b/sandbox/sandbox
index a2762a7d..fe631a92 100644
--- a/sandbox/sandbox
+++ b/sandbox/sandbox
@@ -1,4 +1,4 @@
-#!/usr/bin/python3 -Es
+#!/usr/bin/python3 -EsI
# Authors: Dan Walsh <dwalsh@redhat.com>
# Authors: Thomas Liu <tliu@fedoraproject.org>
# Authors: Josh Cogliati
diff --git a/sandbox/start b/sandbox/start
index 4ed3cb5c..3c1a1783 100644
--- a/sandbox/start
+++ b/sandbox/start
@@ -1,4 +1,4 @@
-#!/usr/bin/python3 -Es
+#!/usr/bin/python3 -EsI
try:
from subprocess import getstatusoutput
except ImportError:
--
2.33.0

35
backport-python-Use-isinstance-instead-of-type.patch
View File

@ -1,35 +0,0 @@
From f6dc6acfa00707ce25c6357169111937f12512dd Mon Sep 17 00:00:00 2001
From: James Carter <jwcart2@gmail.com>
Date: Thu, 3 Aug 2023 09:40:24 -0400
Subject: [PATCH] python: Use isinstance() instead of type()
CI testing fails while running flake8 on python scripts with the
message "./python/semanage/seobject.py:250:16: E721 do not compare
types, for exact checks use `is` / `is not`, for instance checks use
`isinstance()`"
Use "isinstance(args, str)" instead of "type(args) == str"
Signed-off-by: James Carter <jwcart2@gmail.com>
Reference:https://github.com/SELinuxProject/selinux/commit/f6dc6acfa00707ce25c6357169111937f12512dd
Conflict:NA
---
python/semanage/seobject.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
index 361205d1..cc944ae2 100644
--- a/python/semanage/seobject.py
+++ b/python/semanage/seobject.py
@@ -247,7 +247,7 @@ class semanageRecords:
global handle
if args:
# legacy code - args was store originally
- if type(args) == str:
+ if isinstance(args, str):
self.store = args
else:
self.args = args
--
2.23.0

31
backport-restorecond-add-check-for-strdup-in-strings_list_add.patch
View File

@ -1,31 +0,0 @@
From 8730e0762e36ae214932e2a2a84aedd573462357 Mon Sep 17 00:00:00 2001
From: Huaxin Lu <luhuaxin1@huawei.com>
Date: Tue, 11 Jul 2023 06:49:33 +0800
Subject: [PATCH] restorecond: add check for strdup in strings_list_add
Check the return value of strdup() to avoid null pointer reference.
Signed-off-by: Huaxin Lu <luhuaxin1@huawei.com>
Acked-by: James Carter <jwcart2@gmail.com>
Reference:https://github.com/SELinuxProject/selinux/commit/8730e0762e36ae214932e2a2a84aedd573462357
Conflict:NA
---
restorecond/stringslist.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/restorecond/stringslist.c b/restorecond/stringslist.c
index f9404b1e..a76542a7 100644
--- a/restorecond/stringslist.c
+++ b/restorecond/stringslist.c
@@ -48,6 +48,8 @@ void strings_list_add(struct stringsList **list, const char *string)
if (!newptr)
exitApp("Out of Memory");
newptr->string = strdup(string);
+ if (!newptr->string)
+ exitApp("Out of Memory");
newptr->next = ptr;
if (prev)
prev->next = newptr;
--
2.23.0

34
backport-restorecond-compatible-with-the-use-of-EUID.patch
View File

@ -1,34 +0,0 @@
From ca76a8813e9ac9536f09b5611b09b2b21064f984 Mon Sep 17 00:00:00 2001
From: Huizhao Wang <wanghuizhao1@huawei.com>
Date: Sat, 5 Aug 2023 15:06:50 +0800
Subject: [PATCH] restorecond: compatible with the use of EUID
The `EUID` does not exist in some shell environments. To ensure compatibility,
use `id -u` instead of `EUID` when `EUID` does not exist.
Signed-off-by: Huizhao Wang <wanghuizhao1@huawei.com>
Acked-by: Petr Lautrbach <lautrbach@redhat.com>
---
restorecond/restorecond.init | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/restorecond/restorecond.init b/restorecond/restorecond.init
index c1cbb247..4e71a2c6 100644
--- a/restorecond/restorecond.init
+++ b/restorecond/restorecond.init
@@ -29,7 +29,11 @@ PATH=/sbin:/bin:/usr/bin:/usr/sbin
[ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled || exit 7
# Check that we are root ... so non-root users stop here
-test $EUID = 0 || exit 4
+if [ $EUID ]; then
+ test $EUID = 0 || exit 4
+else
+ test `id -u` = 0 || exit 4
+fi
test -x /usr/sbin/restorecond || exit 5
test -f /etc/selinux/restorecond.conf || exit 6
--
2.27.0

37
backport-sepolicy-manpage.py-make-output-deterministic.patch
View File

@ -1,37 +0,0 @@
From 84e0884260c550ef840de6d09573444d93fb209a Mon Sep 17 00:00:00 2001
From: Cathy Hu <cahu@suse.de>
Date: Wed, 25 Oct 2023 15:18:58 +0200
Subject: [PATCH] sepolicy/manpage.py: make output deterministic
The list entries in the alphabetically grouped dict are
not sorted, which results in non-deterministic output for
index.html.
Sort entries of those lists to make the output deterministic
to be able to have reproducible builds.
See https://reproducible-builds.org/ for reasoning.
This patch was done while working on reproducible builds for openSUSE.
Signed-off-by: Cathy Hu <cahu@suse.de>
Acked-by: Petr Lautrbach <lautrbach@redhat.com>
---
python/sepolicy/sepolicy/manpage.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
index a488dcbf..62999019 100755
--- a/python/sepolicy/sepolicy/manpage.py
+++ b/python/sepolicy/sepolicy/manpage.py
@@ -156,7 +156,7 @@ def get_alphabet_manpages(manpage_list):
if j.split("/")[-1][0] == i:
temp.append(j.split("/")[-1])
- alphabet_manpages[i] = temp
+ alphabet_manpages[i] = sorted(temp)
return alphabet_manpages
--
2.27.0

53
backport-setfiles-avoid-unsigned-integer-underflow.patch
View File

@ -1,53 +0,0 @@
From fc2e9318d0a1b2ec331f6af25e70358f130d003b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Tue, 19 Dec 2023 17:09:33 +0100
Subject: [PATCH] setfiles: avoid unsigned integer underflow
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
While well-defined unsigned integer underflow might signal a logic
mistake or processing of unchecked user input. Please Clang's undefined
behavior sanitizer:
restore.c:91:37: runtime error: unsigned integer overflow: 1 - 2 cannot
be represented in type 'unsigned long'
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
---
policycoreutils/setfiles/restore.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c
index 9d688c6..612cc21 100644
--- a/policycoreutils/setfiles/restore.c
+++ b/policycoreutils/setfiles/restore.c
@@ -75,8 +75,8 @@ void restore_finish(void)
int process_glob(char *name, struct restore_opts *opts)
{
glob_t globbuf;
- size_t i = 0;
- int len, rc, errors;
+ size_t i, len;
+ int rc, errors;
memset(&globbuf, 0, sizeof(globbuf));
@@ -86,10 +86,10 @@ int process_glob(char *name, struct restore_opts *opts)
return errors;
for (i = 0; i < globbuf.gl_pathc; i++) {
- len = strlen(globbuf.gl_pathv[i]) - 2;
- if (len > 0 && strcmp(&globbuf.gl_pathv[i][len--], "/.") == 0)
+ len = strlen(globbuf.gl_pathv[i]);
+ if (len > 2 && strcmp(&globbuf.gl_pathv[i][len - 2], "/.") == 0)
continue;
- if (len > 0 && strcmp(&globbuf.gl_pathv[i][len], "/..") == 0)
+ if (len > 3 && strcmp(&globbuf.gl_pathv[i][len - 3], "/..") == 0)
continue;
rc = selinux_restorecon(globbuf.gl_pathv[i],
opts->restorecon_flags);
--
2.33.0

26
policycoreutils.spec
View File

@ -3,7 +3,7 @@
Name: policycoreutils
Version: 3.3
Release: 11
Release: 6
Summary: Policy core utilities of selinux
License: GPLv2
URL: https://github.com/SELinuxProject
@ -29,15 +29,6 @@ Patch6008: backport-sepolicy-Call-os.makedirs-with-exist_ok-True.patch
Patch6009: backport-policycoreutils-fix-potential-NULL-reference-in-load_checks.patch
Patch6010: backport-python-sepolicy-add-missing-booleans-to-man-pages.patch
Patch6011: backport-python-sepolicy-Cache-conditional-rule-queries.patch
Patch6012: backport-restorecond-add-check-for-strdup-in-strings_list_add.patch
Patch6013: backport-python-Use-isinstance-instead-of-type.patch
Patch6014: backport-restorecond-compatible-with-the-use-of-EUID.patch
Patch6015: backport-sepolicy-manpage.py-make-output-deterministic.patch
Patch6016: restorecond-remove-dependency-of-glib2.patch
Patch6017: backport-newrole-silence-compiler-warnings.patch
Patch6018: backport-newrole-use-DJB2a-string-hash-function.patch
Patch6019: backport-python-Harden-more-tools-against-rogue-modules.patch
Patch6020: backport-setfiles-avoid-unsigned-integer-underflow.patch
BuildRequires: gcc
BuildRequires: pam-devel libsepol-static >= 3.3 libsemanage-static >= 3.3 libselinux-devel >= 3.3 libcap-devel audit-libs-devel gettext
@ -278,21 +269,6 @@ find %{buildroot}%{python3_sitelib} %{buildroot}%{python3_sitearch} \
%{_mandir}/*
%changelog
* Wed Mar 20 2024 yixiangzhike <yixiangzhike007@163.com> -3.3-11
- backport patch from upstream to avoid unsigned integer underflow
* Wed Jan 31 2024 zhangruifang <zhangruifang1@h-partners.com> -3.3-10
- backport patches from upstream
* Tue Dec 26 2023 wanghuizhao <wanghuizhao1@huawei.com> -3.3-9
- submit self-developed patch
* Thu Dec 14 2023 yixiangzhike <yixiangzhike007@163.com> -3.3-8
- backport patches from upstream
* Mon Sep 11 2023 zhangguangzhi <zhangguangzhi3@huawei.com> -3.3-7
- backport patches from upstream
* Wed Mar 22 2023 zhangguangzhi <zhangguangzhi3@huawei.com> -3.3-6
- backport patches from upstream

136
restorecond-remove-dependency-of-glib2.patch
View File

@ -1,136 +0,0 @@
From 2eb9db473adf885dc0361b1967edd1781ff13b1e Mon Sep 17 00:00:00 2001
From: wanghuizhao <wanghuizhao1@huawei.com>
Date: Sun, 24 Dec 2023 23:23:55 +0800
Subject: [PATCH] restorecond: remove dependency of glib2
In order to remove the dependency of glib2, and in some scenarios, it is
not necessary to use the user mode, remove the user related option.
Signed-off-by: wanghuizhao <wanghuizhao1@huawei.com>
---
.../restorecond/Makefile | 21 +++++++++++++++++++
.../restorecond/restorecond.c | 14 +++++++++++++
2 files changed, 35 insertions(+)
diff --git a/restorecond/Makefile b/restorecond/Makefile
index 8e9a5ef..bebd39e 100644
--- a/restorecond/Makefile
+++ b/restorecond/Makefile
@@ -13,21 +13,37 @@ SYSTEMDUSERUNITDIR ?= $(shell $(PKG_CONFIG) --variable=systemduserunitdir system
autostart_DATA = sealertauto.desktop
INITDIR ?= /etc/rc.d/init.d
SELINUXDIR = /etc/selinux
+CONFIG_NO_GLIB2 ?= n
+ifeq ($(CONFIG_NO_GLIB2),n)
GIO_CFLAGS = -DHAVE_DBUS $(shell $(PKG_CONFIG) --cflags gio-2.0)
GIO_LIBS = $(shell $(PKG_CONFIG) --libs gio-2.0)
+endif
CFLAGS ?= -g -Werror -Wall -W
+
+ifeq ($(CONFIG_NO_GLIB2),y)
+ override CFLAGS += -DCONFIG_NO_GLIB2
+ override LDLIBS += -lselinux
+else
override CFLAGS += $(GIO_CFLAGS)
override LDLIBS += -lselinux $(GIO_LIBS)
+endif
all: restorecond
+ifeq ($(CONFIG_NO_GLIB2),y)
+restorecond.o utmpwatcher.o stringslist.o watch.o: restorecond.h
+
+restorecond: restore.o restorecond.o utmpwatcher.o stringslist.o watch.o
+ $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS)
+else
restorecond.o utmpwatcher.o stringslist.o user.o watch.o: restorecond.h
restorecond: restore.o restorecond.o utmpwatcher.o stringslist.o user.o watch.o
$(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS)
+endif
install: all
[ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p $(DESTDIR)$(MANDIR)/man8
@@ -44,15 +60,20 @@ install: all
install -m 755 restorecond.init $(DESTDIR)$(INITDIR)/restorecond
-mkdir -p $(DESTDIR)$(SELINUXDIR)
install -m 644 restorecond.conf $(DESTDIR)$(SELINUXDIR)/restorecond.conf
+ifeq ($(CONFIG_NO_GLIB2),n)
install -m 644 restorecond_user.conf $(DESTDIR)$(SELINUXDIR)/restorecond_user.conf
-mkdir -p $(DESTDIR)$(AUTOSTARTDIR)
install -m 644 restorecond.desktop $(DESTDIR)$(AUTOSTARTDIR)/restorecond.desktop
-mkdir -p $(DESTDIR)$(DBUSSERVICEDIR)
install -m 644 org.selinux.Restorecond.service $(DESTDIR)$(DBUSSERVICEDIR)/org.selinux.Restorecond.service
+endif
-mkdir -p $(DESTDIR)$(SYSTEMDSYSTEMUNITDIR)
install -m 644 restorecond.service $(DESTDIR)$(SYSTEMDSYSTEMUNITDIR)
+ifeq ($(CONFIG_NO_GLIB2),n)
-mkdir -p $(DESTDIR)$(SYSTEMDUSERUNITDIR)
install -m 644 restorecond_user.service $(DESTDIR)$(SYSTEMDUSERUNITDIR)
+endif
+
relabel: install
/sbin/restorecon $(DESTDIR)$(SBINDIR)/restorecond
diff --git a/restorecond/restorecond.c b/restorecond/restorecond.c
index d5f70fc..fc0594b 100644
--- a/restorecond/restorecond.c
+++ b/restorecond/restorecond.c
@@ -124,7 +124,11 @@ static void term_handler(int s __attribute__ ((unused)))
static void usage(char *program)
{
+#ifndef CONFIG_NO_GLIB2
printf("%s [-d] [-f restorecond_file ] [-u] [-v] \n", program);
+#else
+ printf("%s [-d] [-f restorecond_file ] [-v] \n", program);
+#endif
}
void exitApp(const char *msg)
@@ -165,7 +169,11 @@ int main(int argc, char **argv)
sigaction(SIGTERM, &sa, NULL);
atexit( done );
+#ifndef CONFIG_NO_GLIB2
while ((opt = getopt(argc, argv, "hdf:uv")) > 0) {
+#else
+ while ((opt = getopt(argc, argv, "hdf:v")) > 0) {
+#endif
switch (opt) {
case 'd':
debug_mode = 1;
@@ -173,9 +181,11 @@ int main(int argc, char **argv)
case 'f':
watch_file = optarg;
break;
+#ifndef CONFIG_NO_GLIB2
case 'u':
run_as_user = 1;
break;
+#endif
case 'h':
usage(argv[0]);
exit(0);
@@ -200,11 +210,15 @@ int main(int argc, char **argv)
homedir = pwd->pw_dir;
if (uid != 0) {
+#ifndef CONFIG_NO_GLIB2
if (run_as_user)
return server(master_fd, user_watch_file);
if (start() != 0)
return server(master_fd, user_watch_file);
return 0;
+#else
+ exitApp("root_only");
+#endif
}
read_config(master_fd, watch_file);
--
2.21.0