rpms/xorg-x11-server
5
0
Fork 0
Code Issues Pull Requests Releases Activity
dc73ba6dd5
xorg-x11-server/xserver-1.6.0-selinux-nlfd.patch
Adam Jackson 3fbffab8f3 * Thu Mar 12 2009 Adam Jackson <ajax@redhat.com> 1.6.0-13 
- xselinux-1.6.0-selinux-nlfd.patch: Acquire the netlink socket from selinux,
  check it ourselves rather than having libselinux bang on it all the time.
2009-03-12 17:34:00 +00:00

95 lines
2.9 KiB
Diff
Raw Blame History

From 0731394b205f003143ceec1bde04b6c6726f9c10 Mon Sep 17 00:00:00 2001
From: Adam Jackson <ajax@redhat.com>
Date: Mon, 2 Mar 2009 18:45:27 -0500
Subject: [PATCH] selinux netlink socket hack
---
Xext/xselinux.c | 29 +++++++++++++++++++++++++++++
configure.ac | 4 ++++
include/dix-config.h.in | 2 ++
3 files changed, 35 insertions(+), 0 deletions(-)
diff --git a/Xext/xselinux.c b/Xext/xselinux.c
index 6085983..419c0ae 100644
--- a/Xext/xselinux.c
+++ b/Xext/xselinux.c
@@ -1887,6 +1887,22 @@ SProcSELinuxDispatch(ClientPtr client)
}
}
+#ifdef HAVE_AVC_NETLINK_ACQUIRE_FD
+static int netlink_fd;
+
+static void
+SELinuxBlockHandler(void *data, struct timeval **tv, void *read_mask)
+{
+}
+
+static void
+SELinuxWakeupHandler(void *data, int err, void *read_mask)
+{
+ if (FD_ISSET(netlink_fd, (fd_set *)read_mask))
+ avc_netlink_check_nb();
+}
+#endif
+
/*
* Extension Setup / Teardown
@@ -1917,6 +1933,12 @@ SELinuxResetProc(ExtensionEntry *extEntry)
label_hnd = NULL;
audit_close(audit_fd);
+#ifdef HAVE_AVC_NETLINK_ACQUIRE_FD
+ avc_netlink_release_fd();
+ RemoveBlockAndWakeupHandlers(SELinuxBlockHandler, SELinuxWakeupHandler,
+ NULL);
+ RemoveGeneralSocket(netlink_fd);
+#endif
avc_destroy();
avc_active = 0;
@@ -2013,6 +2035,13 @@ SELinuxExtensionInit(INITARGS)
if (atom_client_ctx == BAD_RESOURCE)
FatalError("SELinux: Failed to create atom\n");
+#ifdef HAVE_AVC_NETLINK_ACQUIRE_FD
+ netlink_fd = avc_netlink_acquire_fd();
+ AddGeneralSocket(netlink_fd);
+ RegisterBlockAndWakeupHandlers(SELinuxBlockHandler, SELinuxWakeupHandler,
+ NULL);
+#endif
+
/* Register callbacks */
ret &= dixRegisterPrivateInitFunc(subjectKey, SELinuxSubjectInit, NULL);
ret &= dixRegisterPrivateDeleteFunc(subjectKey, SELinuxSubjectFree, NULL);
diff --git a/configure.ac b/configure.ac
index 72ae67e..55a880e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -920,6 +920,10 @@ if test "x$XSELINUX" = xyes; then
AC_CHECK_LIB(selinux, avc_init, [], AC_MSG_ERROR([SELinux library not found]))
AC_CHECK_HEADERS([libaudit.h], [], AC_MSG_ERROR([SELinux extension requires audit system headers]))
AC_CHECK_LIB(audit, audit_open, [], AC_MSG_ERROR([SELinux extension requires audit system library]))
+ AC_CHECK_DECL(avc_netlink_acquire_fd,
+ [AC_DEFINE(HAVE_AVC_NETLINK_ACQUIRE_FD, 1, "Have avc_netlink_acquire_fd")],
+ [],
+ [#include <selinux/avc.h>])
AC_DEFINE(XSELINUX, 1, [Build SELinux extension])
SELINUX_LIB="-lselinux -laudit"
fi
diff --git a/include/dix-config.h.in b/include/dix-config.h.in
index 3da193f..66c3008 100644
--- a/include/dix-config.h.in
+++ b/include/dix-config.h.in
@@ -442,4 +442,6 @@
#include "dix-config-apple-verbatim.h"
#endif
+#undef HAVE_AVC_NETLINK_ACQUIRE_FD
+
#endif /* _DIX_CONFIG_H_ */
--
1.6.1.3
Reference in New Issue View Git Blame Copy Permalink