The attached patch fixes the matter. It seems to me this matter was enbuged at r25210.
| r25210 | vda | 2009-02-02 09:15:00 +0900 (Mon, 02 Feb 2009) | 3 lines | | login: cleanup work by Walter Harms. No logic changes. % svn log -c 25210 loginutils/login.c : +#if ENABLE_SELINUX +static void initselinux(char *username, char *full_tty, + security_context_t *user_sid) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +{ + security_context_t old_tty_sid, new_tty_sid; + + if (!is_selinux_enabled()) + return; + + if (get_default_context(username, NULL, user_sid)) { ^^^^^^^^ security_context_t *, correct + bb_error_msg_and_die("cannot get SID for %s", username); + } + if (getfilecon(full_tty, &old_tty_sid) < 0) { + bb_perror_msg_and_die("getfilecon(%s) failed", full_tty); + } + if (security_compute_relabel(user_sid, old_tty_sid, ^^^^^^^^ security_context_t *, incorrect + SECCLASS_CHR_FILE, &new_tty_sid) != 0) { + bb_perror_msg_and_die("security_change_sid(%s) failed", full_tty); + } + if (setfilecon(full_tty, new_tty_sid) != 0) { + bb_perror_msg_and_die("chsid(%s, %s) failed", full_tty, new_tty_sid); + } +} +#endif : -#if ENABLE_SELINUX - if (is_selinux_enabled()) { - security_context_t old_tty_sid, new_tty_sid; + USE_SELINUX(initselinux(username, full_tty, &user_sid)); - if (get_default_context(username, NULL, &user_sid)) { ^^^^^^^^^ security_context_t * - bb_error_msg_and_die("cannot get SID for %s", - username); - } - if (getfilecon(full_tty, &old_tty_sid) < 0) { - bb_perror_msg_and_die("getfilecon(%s) failed", - full_tty); - } - if (security_compute_relabel(user_sid, old_tty_sid, ^^^^^^^^ security_context_t - SECCLASS_CHR_FILE, &new_tty_sid) != 0) { - bb_perror_msg_and_die("security_change_sid(%s) failed", - full_tty); - } - if (setfilecon(full_tty, new_tty_sid) != 0) { - bb_perror_msg_and_die("chsid(%s, %s) failed", - full_tty, new_tty_sid); - } - } -#endif Thanks, Robert P. J. Day wrote: > ... > loginutils/login.c: In function ‘initselinux’: > loginutils/login.c:184: error: passing argument 1 of > ‘security_compute_relabel’ from incompatible pointer type > make[1]: *** [loginutils/login.o] Error 1 > make: *** [loginutils] Error 2 > ... > > the problem? here's loginutils/login.c: > > static void initselinux(char *username, char *full_tty, > security_context_t *user_sid) > { > security_context_t old_tty_sid, new_tty_sid; > > ... > > if (security_compute_relabel(user_sid, old_tty_sid, > SECCLASS_CHR_FILE, &new_tty_sid) != 0) { > bb_perror_msg_and_die("security_change_sid(%s) failed", full_tty); > ... > > > as you can see, the first arg to security_computer_relabel is a > *pointer* to a security_context_t, but that routine is defined in > selinux as: > > int security_compute_relabel(security_context_t scon, > security_context_t tcon, security_class_t tclass, security_context_t > *newcon); > > that is, accepting a security_context_t (not a pointer to one). or > am i misreading this? > > rday > -- > > > ======================================================================== > Robert P. J. Day > Linux Consulting, Training and Annoying Kernel Pedantry: > Have classroom, will lecture. > > http://crashcourse.ca Waterloo, Ontario, CANADA > ======================================================================== > > > ------------------------------------------------------------------------ > > _______________________________________________ > busybox mailing list > busybox@busybox.net > http://lists.busybox.net/mailman/listinfo/busybox -- OSS Platform Development Division, NEC KaiGai Kohei <kai...@ak.jp.nec.com>
Index: loginutils/login.c =================================================================== --- loginutils/login.c (revision 25413) +++ loginutils/login.c (working copy) @@ -180,7 +180,7 @@ if (getfilecon(full_tty, &old_tty_sid) < 0) { bb_perror_msg_and_die("getfilecon(%s) failed", full_tty); } - if (security_compute_relabel(user_sid, old_tty_sid, + if (security_compute_relabel(*user_sid, old_tty_sid, SECCLASS_CHR_FILE, &new_tty_sid) != 0) { bb_perror_msg_and_die("security_change_sid(%s) failed", full_tty); }
_______________________________________________ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox