aboutsummaryrefslogtreecommitdiff
path: root/libbb
diff options
context:
space:
mode:
Diffstat (limited to 'libbb')
-rw-r--r--libbb/find_pid_by_name.c7
-rw-r--r--libbb/procps.c15
-rw-r--r--libbb/run_shell.c43
3 files changed, 37 insertions, 28 deletions
diff --git a/libbb/find_pid_by_name.c b/libbb/find_pid_by_name.c
index 930710f32..570e7bd93 100644
--- a/libbb/find_pid_by_name.c
+++ b/libbb/find_pid_by_name.c
@@ -45,11 +45,8 @@ extern long* find_pid_by_name( const char* pidName)
procps_status_t * p;
pidList = xmalloc(sizeof(long));
-#ifdef CONFIG_SELINUX
- while ((p = procps_scan(0, 0, NULL)) != 0) {
-#else
- while ((p = procps_scan(0)) != 0) {
-#endif
+ while ((p = procps_scan(0)) != 0)
+ {
if (strncmp(p->short_cmd, pidName, COMM_LEN-1) == 0) {
pidList=xrealloc( pidList, sizeof(long) * (i+2));
pidList[i++]=p->pid;
diff --git a/libbb/procps.c b/libbb/procps.c
index e405fb7ef..72f627f15 100644
--- a/libbb/procps.c
+++ b/libbb/procps.c
@@ -16,11 +16,7 @@
#include "libbb.h"
-extern procps_status_t * procps_scan(int save_user_arg0
-#ifdef CONFIG_SELINUX
- , int use_selinux , security_id_t *sid
-#endif
- )
+extern procps_status_t * procps_scan(int save_user_arg0)
{
static DIR *dir;
struct dirent *entry;
@@ -60,16 +56,9 @@ extern procps_status_t * procps_scan(int save_user_arg0
my_getpwuid(curstatus.user, sb.st_uid, sizeof(curstatus.user));
sprintf(status, "/proc/%d/stat", pid);
+
if((fp = fopen(status, "r")) == NULL)
continue;
-#ifdef CONFIG_SELINUX
- if(use_selinux)
- {
- if(fstat_secure(fileno(fp), &sb, sid))
- continue;
- }
- else
-#endif
name = fgets(buf, sizeof(buf), fp);
fclose(fp);
if(name == NULL)
diff --git a/libbb/run_shell.c b/libbb/run_shell.c
index 993b4e711..67ff2a5f8 100644
--- a/libbb/run_shell.c
+++ b/libbb/run_shell.c
@@ -37,7 +37,33 @@
#include <ctype.h>
#include "libbb.h"
#ifdef CONFIG_SELINUX
-#include <proc_secure.h>
+#include <selinux/selinux.h> /* for setexeccon */
+#endif
+
+#ifdef CONFIG_SELINUX
+static security_context_t current_sid=NULL;
+
+void
+renew_current_security_context(void)
+{
+ if (current_sid)
+ freecon(current_sid); /* Release old context */
+
+ getcon(&current_sid); /* update */
+
+ return;
+}
+void
+set_current_security_context(security_context_t sid)
+{
+ if (current_sid)
+ freecon(current_sid); /* Release old context */
+
+ current_sid=sid;
+
+ return;
+}
+
#endif
/* Run SHELL, or DEFAULT_SHELL if SHELL is empty.
@@ -45,11 +71,7 @@
If ADDITIONAL_ARGS is nonzero, pass it to the shell as more
arguments. */
-void run_shell ( const char *shell, int loginshell, const char *command, const char **additional_args
-#ifdef CONFIG_SELINUX
- , security_id_t sid
-#endif
-)
+void run_shell ( const char *shell, int loginshell, const char *command, const char **additional_args)
{
const char **args;
int argno = 1;
@@ -78,10 +100,11 @@ void run_shell ( const char *shell, int loginshell, const char *command, const c
}
args [argno] = 0;
#ifdef CONFIG_SELINUX
- if(sid)
- execve_secure(shell, (char **) args, environ, sid);
- else
+ if ( (current_sid) && (!setexeccon(current_sid)) ) {
+ freecon(current_sid);
+ execve(shell, (char **) args, environ);
+ } else
#endif
- execv ( shell, (char **) args );
+ execv ( shell, (char **) args );
bb_perror_msg_and_die ( "cannot run %s", shell );
}