From 60158cb93eb0b3207dd1084cdf5bdd9226bd9e89 Mon Sep 17 00:00:00 2001 From: Rob Landley Date: Tue, 3 May 2005 06:25:50 +0000 Subject: A patch from Takeharu KATO to update/fix SE-Linux support. --- libbb/run_shell.c | 43 +++++++++++++++++++++++++++++++++---------- 1 file changed, 33 insertions(+), 10 deletions(-) (limited to 'libbb/run_shell.c') diff --git a/libbb/run_shell.c b/libbb/run_shell.c index 993b4e711..67ff2a5f8 100644 --- a/libbb/run_shell.c +++ b/libbb/run_shell.c @@ -37,7 +37,33 @@ #include #include "libbb.h" #ifdef CONFIG_SELINUX -#include +#include /* for setexeccon */ +#endif + +#ifdef CONFIG_SELINUX +static security_context_t current_sid=NULL; + +void +renew_current_security_context(void) +{ + if (current_sid) + freecon(current_sid); /* Release old context */ + + getcon(¤t_sid); /* update */ + + return; +} +void +set_current_security_context(security_context_t sid) +{ + if (current_sid) + freecon(current_sid); /* Release old context */ + + current_sid=sid; + + return; +} + #endif /* Run SHELL, or DEFAULT_SHELL if SHELL is empty. @@ -45,11 +71,7 @@ If ADDITIONAL_ARGS is nonzero, pass it to the shell as more arguments. */ -void run_shell ( const char *shell, int loginshell, const char *command, const char **additional_args -#ifdef CONFIG_SELINUX - , security_id_t sid -#endif -) +void run_shell ( const char *shell, int loginshell, const char *command, const char **additional_args) { const char **args; int argno = 1; @@ -78,10 +100,11 @@ void run_shell ( const char *shell, int loginshell, const char *command, const c } args [argno] = 0; #ifdef CONFIG_SELINUX - if(sid) - execve_secure(shell, (char **) args, environ, sid); - else + if ( (current_sid) && (!setexeccon(current_sid)) ) { + freecon(current_sid); + execve(shell, (char **) args, environ); + } else #endif - execv ( shell, (char **) args ); + execv ( shell, (char **) args ); bb_perror_msg_and_die ( "cannot run %s", shell ); } -- cgit v1.2.3