[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [E-devel] [Entrance] SELinux integration



Mivz wrote:
Yes, I'll read it :)
;)
Here is the patch. I'm still working on the policy files. I will finish them when I'm graduated in a few weeks.
wish you all the best in them exams right there. *cough* we have a vacancy on our Entrance enterprise architecture and coporate solution provision team, do send us your CV as soon as you are able *end cough* :)
The patch contains a function I got from gdm.
sweet. I'll add the conditional compilation boohaa to this, and send back to you to test properly, I don't have/use selinux so I can't test it well on my box. Once you're good with it, i'll apply it finally.

thnx again.

Essien

Harrie Hoogeveen

John Kraal wrote:
I believe he is very busy finishing school at the moment ;)

He'll read this though.

Essien Ita Essien wrote:
John Kraal wrote:
Great,

The guy already made it, but he has no idea of how to make it optional (for use in Makefile.am, configure.in, etc). Nevertheless I'll let him submit.
awesome.
If somebody could do the makefile / configure.in, please do
Let him mail it to me directly me@essienitaessien.com, I'll do the autoKUNGfoo and send it back to him to test. And uhhh... why is _he_ not on the mailing list directly himself? Entrance needs more love :), if he could hack in SELinux support, we can use some more hands _if_ he's interested in helping out more.

Cheers,
Essien

Regards,
John

Essien Ita Essien wrote:
John Kraal wrote:
Hello,

Are there any plans for integrating SELinux in Entrance-login as of yet? If not, somebody here is thinking about doing it..
Hiya John,

Its not on the current todo list.

However, please go ahead and do this, much appreciated. Once then send the patch to the mailing list for review, I'm not the maintainer, just a cleaner-upper with cvs access. That said, if you send this patch in, also copy xcomp at ibukun@gmail.com (he finds it hard to follow the patches on the ml, since its sooo long).

One way or the other, the other, the friggin patch will go in :)

*hint* Entrance need more ppl to show it more love *end hint*

Cheers,
Essien
Regards,

John
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
enlightenment-devel mailing list
enlightenment-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
enlightenment-devel mailing list
enlightenment-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel



-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
enlightenment-devel mailing list
enlightenment-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel


------------------------------------------------------------------------

diff -Nau /usr/portage/distfiles/cvs-src/e17/apps/entrance/src/client/entrance_session.c ./entrance_session.c
--- /usr/portage/distfiles/cvs-src/e17/apps/entrance/src/client/entrance_session.c	2006-08-02 00:02:35.000000000 +0200
+++ ./entrance_session.c	2006-08-02 00:58:49.000000000 +0200
@@ -11,6 +11,10 @@
 #include "entrance_x_session.h"
 #include "entrance_ipc.h"
+#include <selinux/selinux.h>
+#include <selinux/get_context_list.h>
+
+
 /**
 @file entrance_session.c
 @brief Variables and Data relating to an instance of the application as a whole
@@ -458,6 +462,9 @@
         if (initgroups(pwent->pw_name, pwent->pw_gid))
            syslog(LOG_CRIT,
                   "Unable to initialize group (is entrance running as root?).");
+        //SELinux login
+        selinux_setup(pwent->pw_name);	
+
         if (setgid(pwent->pw_gid))
            syslog(LOG_CRIT, "Unable to set group id.");
         if (setuid(pwent->pw_uid))
@@ -797,3 +804,39 @@
       }
    }
 }
+
+//from gdm
+selinux_setup (const char *login)
+{
+        security_context_t scontext;
+        int ret=-1;
+        char *seuser=NULL;
+        char *level=NULL;
+
+        /* If selinux is not enabled, then we don't do anything */
+        if (is_selinux_enabled () <= 0)
+                return TRUE;
+
+        if (getseuserbyname(login, &seuser, &level) == 0)
+                ret=get_default_context_with_level(seuser, level, 0, &scontext);
+
+        if (ret < 0) {
+                syslog(LOG_CRIT, sprintf("SELinux entrance login: unable to obtain default security context for  %s.", login));
+                /* note that this will be run when the .xsession-errors
+                   is already being logged, so we can use stderr */
+                syslog(LOG_CRIT, sprintf("SELinux entrance login: unable to obtain default security context for %s.", login));
+                return (security_getenforce()==0);
+        }
+
+        if (setexeccon (scontext) != 0) {
+                syslog(LOG_CRIT, sprintf("SELinux entrance login: unable to set executable context %s.",(char *)scontext));
+                syslog(LOG_CRIT, sprintf("SELinux entrance login: unable to set executable context %s.",(char *)scontext));
+                freecon (scontext);
+                return (security_getenforce()==0);
+        }
+
+        freecon (scontext);
+
+        return TRUE;
+}
+
diff -Nau /usr/portage/distfiles/cvs-src/e17/apps/entrance/src/client/entrance_session.h ./entrance_session.h
--- /usr/portage/distfiles/cvs-src/e17/apps/entrance/src/client/entrance_session.h	2006-08-02 00:02:35.000000000 +0200
+++ ./entrance_session.h	2006-08-02 00:06:03.000000000 +0200
@@ -70,5 +70,6 @@
                                                            e);
 void entrance_session_x_session_set(Entrance_Session * e,
                                     Entrance_X_Session * exs);
+int selinux_setup(const char *);
#endif
diff -Nau /usr/portage/distfiles/cvs-src/e17/apps/entrance/src/client/Makefile.am ./Makefile.am
--- /usr/portage/distfiles/cvs-src/e17/apps/entrance/src/client/Makefile.am	2006-08-02 00:02:35.000000000 +0200
+++ ./Makefile.am	2006-08-02 00:06:03.000000000 +0200
@@ -21,7 +21,7 @@
entrance.h main.c entrance_LDADD = @EDJE_LIBS@ @ECORE_LIBS@ @EVAS_LIBS@ \
-@ESMART_LIBS@ -lesmart_container -lesmart_text_entry
+@ESMART_LIBS@ -lesmart_container -lesmart_text_entry -lselinux
entrance_login_SOURCES = \
 	entrance_login.c \
------------------------------------------------------------------------

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
------------------------------------------------------------------------

_______________________________________________
enlightenment-devel mailing list
enlightenment-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel