[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [E-devel] [Entrance] SELinux integration



Yes, I'll read it :)
Here is the patch. I'm still working on the policy files. I will finish them when I'm graduated in a few weeks.
The patch contains a function I got from gdm.

Harrie Hoogeveen

John Kraal wrote:
I believe he is very busy finishing school at the moment ;)

He'll read this though.

Essien Ita Essien wrote:
John Kraal wrote:
Great,

The guy already made it, but he has no idea of how to make it optional (for use in Makefile.am, configure.in, etc). Nevertheless I'll let him submit.
awesome.
If somebody could do the makefile / configure.in, please do
Let him mail it to me directly me@essienitaessien.com, I'll do the autoKUNGfoo and send it back to him to test. And uhhh... why is _he_ not on the mailing list directly himself? Entrance needs more love :), if he could hack in SELinux support, we can use some more hands _if_ he's interested in helping out more.

Cheers,
Essien

Regards,
John

Essien Ita Essien wrote:
John Kraal wrote:
Hello,

Are there any plans for integrating SELinux in Entrance-login as of yet? If not, somebody here is thinking about doing it..
Hiya John,

Its not on the current todo list.

However, please go ahead and do this, much appreciated. Once then send the patch to the mailing list for review, I'm not the maintainer, just a cleaner-upper with cvs access. That said, if you send this patch in, also copy xcomp at ibukun@gmail.com (he finds it hard to follow the patches on the ml, since its sooo long).

One way or the other, the other, the friggin patch will go in :)

*hint* Entrance need more ppl to show it more love *end hint*

Cheers,
Essien
Regards,

John
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
enlightenment-devel mailing list
enlightenment-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
enlightenment-devel mailing list
enlightenment-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel



-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
enlightenment-devel mailing list
enlightenment-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel


diff -Nau /usr/portage/distfiles/cvs-src/e17/apps/entrance/src/client/entrance_session.c ./entrance_session.c
--- /usr/portage/distfiles/cvs-src/e17/apps/entrance/src/client/entrance_session.c	2006-08-02 00:02:35.000000000 +0200
+++ ./entrance_session.c	2006-08-02 00:58:49.000000000 +0200
@@ -11,6 +11,10 @@
 #include "entrance_x_session.h"
 #include "entrance_ipc.h"
 
+#include <selinux/selinux.h>
+#include <selinux/get_context_list.h>
+
+
 /**
 @file entrance_session.c
 @brief Variables and Data relating to an instance of the application as a whole
@@ -458,6 +462,9 @@
         if (initgroups(pwent->pw_name, pwent->pw_gid))
            syslog(LOG_CRIT,
                   "Unable to initialize group (is entrance running as root?).");
+        //SELinux login
+        selinux_setup(pwent->pw_name);	
+
         if (setgid(pwent->pw_gid))
            syslog(LOG_CRIT, "Unable to set group id.");
         if (setuid(pwent->pw_uid))
@@ -797,3 +804,39 @@
       }
    }
 }
+
+//from gdm
+selinux_setup (const char *login)
+{
+        security_context_t scontext;
+        int ret=-1;
+        char *seuser=NULL;
+        char *level=NULL;
+
+        /* If selinux is not enabled, then we don't do anything */
+        if (is_selinux_enabled () <= 0)
+                return TRUE;
+
+        if (getseuserbyname(login, &seuser, &level) == 0)
+                ret=get_default_context_with_level(seuser, level, 0, &scontext);
+
+        if (ret < 0) {
+                syslog(LOG_CRIT, sprintf("SELinux entrance login: unable to obtain default security context for  %s.", login));
+                /* note that this will be run when the .xsession-errors
+                   is already being logged, so we can use stderr */
+                syslog(LOG_CRIT, sprintf("SELinux entrance login: unable to obtain default security context for %s.", login));
+                return (security_getenforce()==0);
+        }
+
+        if (setexeccon (scontext) != 0) {
+                syslog(LOG_CRIT, sprintf("SELinux entrance login: unable to set executable context %s.",(char *)scontext));
+                syslog(LOG_CRIT, sprintf("SELinux entrance login: unable to set executable context %s.",(char *)scontext));
+                freecon (scontext);
+                return (security_getenforce()==0);
+        }
+
+        freecon (scontext);
+
+        return TRUE;
+}
+
diff -Nau /usr/portage/distfiles/cvs-src/e17/apps/entrance/src/client/entrance_session.h ./entrance_session.h
--- /usr/portage/distfiles/cvs-src/e17/apps/entrance/src/client/entrance_session.h	2006-08-02 00:02:35.000000000 +0200
+++ ./entrance_session.h	2006-08-02 00:06:03.000000000 +0200
@@ -70,5 +70,6 @@
                                                            e);
 void entrance_session_x_session_set(Entrance_Session * e,
                                     Entrance_X_Session * exs);
+int selinux_setup(const char *);
 
 #endif
diff -Nau /usr/portage/distfiles/cvs-src/e17/apps/entrance/src/client/Makefile.am ./Makefile.am
--- /usr/portage/distfiles/cvs-src/e17/apps/entrance/src/client/Makefile.am	2006-08-02 00:02:35.000000000 +0200
+++ ./Makefile.am	2006-08-02 00:06:03.000000000 +0200
@@ -21,7 +21,7 @@
 	entrance.h main.c 
 
 entrance_LDADD = @EDJE_LIBS@ @ECORE_LIBS@ @EVAS_LIBS@ \
-@ESMART_LIBS@ -lesmart_container -lesmart_text_entry
+@ESMART_LIBS@ -lesmart_container -lesmart_text_entry -lselinux
 
 entrance_login_SOURCES = \
 	entrance_login.c \