diff -up gdm-2.19.6/configure.ac.selinux gdm-2.19.6/configure.ac --- gdm-2.19.6/configure.ac.selinux 2007-08-24 11:25:38.000000000 -0400 +++ gdm-2.19.6/configure.ac 2007-08-24 11:25:54.000000000 -0400 @@ -72,8 +72,6 @@ AC_ARG_WITH(dmx, [ --with-dmx=[auto/yes/no] Add DMX (Distributed Multihead X) support [default=auto]],, with_dmx=auto) -AC_ARG_WITH(selinux, [ --with-selinux Add SELinux support]) - AC_ARG_WITH(console-kit, [ --with-console-kit=[auto/yes/no] Add ConsoleKit support [default=auto]],, with_console_kit=auto) @@ -805,30 +803,6 @@ fi # -# SELinux stuff -# -if test "x$with_selinux" = "xyes" ; then - echo "SELinux support requested (--with-selinux was given), checking prerequisites" - if test -d /usr/local/selinux/include ; then - echo "Found /usr/local/selinux/include, will look there for SELinux stuff as well" - CFLAGS="$CFLAGS -I/usr/local/selinux/include" - LDFLAGS="$LDFLAGS -L/usr/local/selinux/lib" - fi - AC_CHECK_HEADER(selinux/selinux.h) - AC_CHECK_HEADER(selinux/get_context_list.h) - AC_CHECK_LIB(attr,attr_get,/bin/true) - # I'm anal and I don't know which versions have which symbols, - # so I check for all the ones we use - AC_CHECK_LIB(selinux,get_ordered_context_list,/bin/true) - AC_CHECK_LIB(selinux,freecon,/bin/true) - AC_CHECK_LIB(selinux,freeconary,/bin/true) - AC_CHECK_LIB(selinux,setexeccon,/bin/true) - AC_CHECK_LIB(selinux,is_selinux_enabled,/bin/true) - AC_DEFINE(HAVE_SELINUX) - EXTRA_DAEMON_LIBS="$EXTRA_DAEMON_LIBS -lselinux -lattr" -fi - -# # ConsoleKit support # use_console_kit=no @@ -1447,13 +1421,6 @@ else echo "Console helper : NO" fi -dnl <= SELinux support => -if test "x$with_selinux" = "xyes" ; then - echo "SELinux support : YES" -else - echo "SELinux support : NO" -fi - dnl <= Solaris Trusted Extensions support => if test "x$found_tsol" = "xyes" ; then echo "Solaris Trusted Extensions support : YES" diff -up gdm-2.19.6/daemon/slave.c.selinux gdm-2.19.6/daemon/slave.c --- gdm-2.19.6/daemon/slave.c.selinux 2007-08-24 11:24:34.000000000 -0400 +++ gdm-2.19.6/daemon/slave.c 2007-08-24 11:24:52.000000000 -0400 @@ -87,11 +87,6 @@ #include #endif -#ifdef HAVE_SELINUX -#include -#include -#endif /* HAVE_SELINUX */ - #include #include #include @@ -3521,48 +3516,6 @@ open_xsession_errors (struct passwd *pwe return logfd; } -#ifdef HAVE_SELINUX -/* This should be run just before we exec the user session */ -static gboolean -gdm_selinux_setup (const char *login) -{ - security_context_t scontext; - int ret=-1; - char *seuser=NULL; - char *level=NULL; - - /* If selinux is not enabled, then we don't do anything */ - if (is_selinux_enabled () <= 0) - return TRUE; - - if (getseuserbyname(login, &seuser, &level) == 0) - ret=get_default_context_with_level(seuser, level, 0, &scontext); - - if (ret < 0) { - gdm_error ("SELinux gdm login: unable to obtain default security context for %s.", login); - /* note that this will be run when the .xsession-errors - is already being logged, so we can use stderr */ - gdm_fdprintf (2, "SELinux gdm login: unable to obtain default security context for %s.", login); - return (security_getenforce()==0); - } - - gdm_assert (scontext != NULL); - - if (setexeccon (scontext) != 0) { - gdm_error ("SELinux gdm login: unable to set executable context %s.", - (char *)scontext); - gdm_fdprintf (2, "SELinux gdm login: unable to set executable context %s.", - (char *)scontext); - freecon (scontext); - return (security_getenforce()==0); - } - - freecon (scontext); - - return TRUE; -} -#endif /* HAVE_SELINUX */ - static void session_child_run (struct passwd *pwent, int logfd, @@ -4048,16 +4001,6 @@ session_child_run (struct passwd *pwent, } #endif -#ifdef HAVE_SELINUX - if ( ! gdm_selinux_setup (pwent->pw_name)) { - /* 66 means no "session crashed" examine .xsession-errors - dialog */ - gdm_errorgui_error_box (d, GTK_MESSAGE_ERROR, - _("Error! Unable to set executable context.")); - _exit (66); - } -#endif - g_shell_parse_argv (fullexec->str, NULL, &argv, NULL); VE_IGNORE_EINTR (execv (argv[0], argv)); g_strfreev (argv);