diff options
author | Jiří Klimeš <jklimes@redhat.com> | 2014-03-25 13:55:47 +0100 |
---|---|---|
committer | Jiří Klimeš <jklimes@redhat.com> | 2014-03-31 17:44:15 +0200 |
commit | da354830da15e6bdeec3d5f36d84e4bab6b7fedf (patch) | |
tree | ac757c38a219090d16238797fe82fc91232e6854 | |
parent | 0d1bdffe91e7693a6eec5be97fbef6c9e287bf05 (diff) | |
download | NetworkManager-da354830da15e6bdeec3d5f36d84e4bab6b7fedf.tar.gz |
core: build with SELinux; don't break /etc/hostname context (rh #1070829)
https://bugzilla.redhat.com/show_bug.cgi?id=1070829
-rw-r--r-- | configure.ac | 18 | ||||
-rw-r--r-- | src/settings/plugins/ifcfg-rh/plugin.c | 31 |
2 files changed, 47 insertions, 2 deletions
diff --git a/configure.ac b/configure.ac index f13dc9aea4..2ca6aed586 100644 --- a/configure.ac +++ b/configure.ac @@ -360,6 +360,23 @@ esac AM_CONDITIONAL(SUSPEND_RESUME_UPOWER, test "x$with_suspend_resume" = "xupower") AM_CONDITIONAL(SUSPEND_RESUME_SYSTEMD, test "x$with_suspend_resume" = "xsystemd") +# SELinux support +AC_ARG_WITH(selinux, AS_HELP_STRING([--with-selinux=yes|no|auto], [Build with SELinux (default: auto)]),,[with_selinux=auto]) +if test "$with_selinux" = "yes" -o "$with_selinux" = "auto"; then + PKG_CHECK_MODULES(SELINUX, libselinux, [have_selinux=yes], [have_selinux=no]) +else + have_selinux=no +fi +if test "$with_selinux" = "yes" -a "$have_selinux" = "no"; then + AC_MSG_ERROR([You must have libselinux installed to build --with-selinux=yes.]) +fi +if test "$have_selinux" = "yes"; then + AC_DEFINE(HAVE_SELINUX, 1, [Define if you have SELinux support]) +else + AC_DEFINE(HAVE_SELINUX, 0, [Define if you have SELinux support]) +fi +AM_CONDITIONAL(HAVE_SELINUX, test "${have_selinux}" = "yes") + # libnl support for the linux platform PKG_CHECK_MODULES(LIBNL, libnl-3.0 >= 3.2.8 libnl-route-3.0 libnl-genl-3.0) AC_SUBST(LIBNL_CFLAGS) @@ -848,6 +865,7 @@ if test "${enable_polkit}" = "yes"; then else echo " policykit: no" fi +echo " selinux: $have_selinux" echo echo "Features:" diff --git a/src/settings/plugins/ifcfg-rh/plugin.c b/src/settings/plugins/ifcfg-rh/plugin.c index 4b70813221..ca92606630 100644 --- a/src/settings/plugins/ifcfg-rh/plugin.c +++ b/src/settings/plugins/ifcfg-rh/plugin.c @@ -27,6 +27,8 @@ #include <errno.h> #include <net/ethernet.h> #include <netinet/ether.h> +#include <sys/types.h> +#include <sys/stat.h> #include <gmodule.h> #include <glib-object.h> @@ -37,6 +39,10 @@ #include <dbus/dbus-glib.h> #include <dbus/dbus-glib-lowlevel.h> +#ifdef HAVE_SELINUX +#include <selinux/selinux.h> +#endif + #include <nm-setting-connection.h> #include "common.h" @@ -667,8 +673,29 @@ plugin_set_hostname (SCPluginIfcfg *plugin, const char *hostname) { SCPluginIfcfgPrivate *priv = SC_PLUGIN_IFCFG_GET_PRIVATE (plugin); shvarFile *network; - - if (!g_file_set_contents (HOSTNAME_FILE, hostname, -1, NULL)) { + gboolean ret; +#if HAVE_SELINUX + security_context_t se_ctx_prev, se_ctx = NULL; + struct stat file_stat = { .st_mode = 0 }; + + /* Get default context for HOSTNAME_FILE and set it for fscreate */ + stat (HOSTNAME_FILE, &file_stat); + matchpathcon (HOSTNAME_FILE, file_stat.st_mode, &se_ctx); + matchpathcon_fini (); + getfscreatecon (&se_ctx_prev); + setfscreatecon (se_ctx); +#endif + + ret = g_file_set_contents (HOSTNAME_FILE, hostname, -1, NULL); + +#if HAVE_SELINUX + /* Restore previous context and cleanup */ + setfscreatecon (se_ctx_prev); + freecon (se_ctx); + freecon (se_ctx_prev); +#endif + + if (!ret) { PLUGIN_WARN (IFCFG_PLUGIN_NAME, "Could not save hostname: failed to create/open " HOSTNAME_FILE); return FALSE; } |