rpms/glib2
6
0
Fork 0
Code Issues Pull Requests Releases Activity

- Add support for GIO to set selinux attributes (gnome #529694)

Browse Source
This commit is contained in:
Tomas Bzatek 2008-04-24 14:12:57 +00:00
parent 58ed49b93f
commit 9ac10ee4c7
2 changed files with 128 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

120
gio-2.16-selinux-set-support.diff Normal file
View File

@ -0,0 +1,120 @@
Index: gio/glocalfileinfo.c
===================================================================
--- gio/glocalfileinfo.c (revision 6871)
+++ gio/glocalfileinfo.c (working copy)
@@ -1706,6 +1706,24 @@
#endif
static gboolean
+get_string (const GFileAttributeValue *value,
+ const char **val_out,
+ GError **error)
+{
+ if (value->type != G_FILE_ATTRIBUTE_TYPE_STRING)
+ {
+ g_set_error (error, G_IO_ERROR, G_IO_ERROR_INVALID_ARGUMENT,
+ _("Invalid attribute type (byte string expected)"));
+ return FALSE;
+ }
+
+ *val_out = value->u.string;
+
+ return TRUE;
+}
+
+
+static gboolean
set_unix_mode (char *filename,
const GFileAttributeValue *value,
GError **error)
@@ -1948,6 +1966,52 @@
}
#endif
+
+static gboolean
+set_selinux_context (char *filename,
+ const GFileAttributeValue *value,
+ GError **error)
+{
+ const char *val;
+
+ if (!get_string (value, &val, error))
+ return FALSE;
+
+ if (val == NULL)
+ {
+ g_set_error (error, G_IO_ERROR, G_IO_ERROR_INVALID_ARGUMENT,
+ _("SELinux context must be non-NULL"));
+ return FALSE;
+ }
+
+#ifdef HAVE_SELINUX
+ if (is_selinux_enabled ()) {
+ security_context_t val_s;
+
+ val_s = g_strdup (val);
+
+ if (setfilecon_raw (filename, val_s) < 0)
+ {
+ int errsv = errno;
+
+ g_set_error (error, G_IO_ERROR,
+ g_io_error_from_errno (errsv),
+ _("Error setting SELinux context: %s"),
+ g_strerror (errsv));
+ return FALSE;
+ }
+ g_free (val_s);
+ } else {
+ g_set_error (error, G_IO_ERROR, G_IO_ERROR_INVALID_ARGUMENT,
+ _("SELinux is not enabled on this system"));
+ return FALSE;
+ }
+#endif
+
+ return TRUE;
+}
+
+
gboolean
_g_local_file_info_set_attribute (char *filename,
const char *attribute,
@@ -1993,6 +2057,11 @@
else if (g_str_has_prefix (attribute, "xattr-sys::"))
return set_xattr (filename, attribute, &value, error);
#endif
+
+#ifdef HAVE_SELINUX
+ else if (strcmp (attribute, G_FILE_ATTRIBUTE_SELINUX_CONTEXT) == 0)
+ return set_selinux_context (filename, &value, error);
+#endif
g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED,
_("Setting attribute %s not supported"), attribute);
@@ -2110,5 +2179,25 @@
/* xattrs are handled by default callback */
+
+ /* SELinux context */
+#ifdef HAVE_SELINUX
+ if (is_selinux_enabled ()) {
+ value = _g_file_info_get_attribute_value (info, G_FILE_ATTRIBUTE_SELINUX_CONTEXT);
+ if (value)
+ {
+ if (!set_selinux_context (filename, value, error))
+ {
+ value->status = G_FILE_ATTRIBUTE_STATUS_ERROR_SETTING;
+ res = FALSE;
+ /* Don't set error multiple times */
+ error = NULL;
+ }
+ else
+ value->status = G_FILE_ATTRIBUTE_STATUS_SET;
+ }
+ }
+#endif
+
return res;
}

9
glib2.spec
View File

@ -3,7 +3,7 @@
Summary: A library of handy utility functions Summary: A library of handy utility functions
Name: glib2 Name: glib2
Version: 2.16.3 Version: 2.16.3
Release: 4%{?dist} Release: 5%{?dist}
License: LGPLv2+ License: LGPLv2+
Group: System Environment/Libraries Group: System Environment/Libraries
URL: http://www.gtk.org URL: http://www.gtk.org
@ -29,6 +29,9 @@ Patch1: revert-316221.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=442835 # https://bugzilla.redhat.com/show_bug.cgi?id=442835
Patch2: gio-2.16-only-pass-uri-to-gio-apps.patch Patch2: gio-2.16-only-pass-uri-to-gio-apps.patch
# https://bugzilla.gnome.org/show_bug.cgi?id=529694
Patch3: gio-2.16-selinux-set-support.diff
%description %description
GLib is the low-level core library that forms the basis GLib is the low-level core library that forms the basis
for projects such as GTK+ and GNOME. It provides data structure for projects such as GTK+ and GNOME. It provides data structure
@ -63,6 +66,7 @@ of version 2 of the GLib library.
%patch0 -p1 -b .appinfo %patch0 -p1 -b .appinfo
%patch1 -R -p1 -b .revert-316221 %patch1 -R -p1 -b .revert-316221
%patch2 -p0 -b .only-pass-uri-to-gio-apps %patch2 -p0 -b .only-pass-uri-to-gio-apps
%patch3 -p0 -b .selinux
%build %build
%configure --disable-gtk-doc --enable-static %configure --disable-gtk-doc --enable-static
@ -135,6 +139,9 @@ rm -rf $RPM_BUILD_ROOT
%{_libdir}/lib*.a %{_libdir}/lib*.a
%changelog %changelog
* Thu Apr 24 2008 Tomas Bzatek <tbzatek@redhat.com> - 2.16.3-5
- Add support for GIO to set selinux attributes (gnome #529694)
* Thu Apr 17 2008 David Zeuthen <davidz@redhat.com> - 2.16.3-4 * Thu Apr 17 2008 David Zeuthen <davidz@redhat.com> - 2.16.3-4
- Only pass URI's for gio apps (#442835) - Only pass URI's for gio apps (#442835)