Hi, @maintainers: Is this ignored, because it is not formatted correctly?
This seems to be a real bug, that makes login unusable, if selinux is enabled. @Po-Chun: Maybe try re-sending the patch using git send-email and with a clean commit message, that describes the problem and gives a hint to why your solution is correct. Joerg Am 1/16/2020 um 7:31 AM schrieb pcha...@itri.org.tw: > Hi, > > > The previous mail is missing in the wild, so I resend the same patch again. > > > We are working on enabling SELinux for BusyBox. > > We thought login should use the seuser for the SELinux default > context, but the Linux username. > > > Reference and example: > > getseuserbyname on https://selinuxproject.org/page/LibselinuxAPISummary > <https://selinuxproject.org/page/LibselinuxAPISummary> > > > /https://github.com/SELinuxProject/selinux/blob/master/libselinux/utils/getseuser.c > <https://github.com/SELinuxProject/selinux/blob/master/libselinux/utils/getseuser.c> > / > > Signed-off-by: Po-Chun Chang <pcha...@itri.org.tw> > --- > loginutils/login.c | 11 ++++++++++- > 1 file changed, 10 insertions(+), 1 deletion(-) > > diff --git a/loginutils/login.c b/loginutils/login.c > index 4e65b3a19..11a82421b 100644 > --- a/loginutils/login.c > +++ b/loginutils/login.c > @@ -178,12 +178,16 @@ static void die_if_nologin(void) > static void initselinux(char *username, char *full_tty, > security_context_t > *user_sid) > { > + char *seuser = NULL, *level = NULL; > security_context_t old_tty_sid, new_tty_sid; > > if (!is_selinux_enabled()) > return; > > - if (get_default_context(username, NULL, user_sid)) { > + if (getseuserbyname(username, &seuser, &level)) { > + bb_error_msg_and_die("can't get seuser for %s", username); > + } > + if (get_default_context(seuser, NULL, user_sid)) { > bb_error_msg_and_die("can't get SID for %s", username); > } > if (getfilecon(full_tty, &old_tty_sid) < 0) { > @@ -196,6 +200,11 @@ static void initselinux(char *username, char *full_tty, > if (setfilecon(full_tty, new_tty_sid) != 0) { > bb_perror_msg_and_die("chsid(%s, %s) failed", full_tty, > new_tty_sid); > } > + > + if (ENABLE_FEATURE_CLEAN_UP) { > + free(seuser); > + free(level); > + } > } > #endif > --- > > // > > > > > -- > 本信件可能包含工研院機密資訊,非指定之收件者,請勿使用或揭露本信件內容, > 並請銷毀此信件。 This email may contain confidential information. Please > do not use or disclose it in any way and delete it if you are not the > intended recipient. > > _______________________________________________ > busybox mailing list > busybox@busybox.net > http://lists.busybox.net/mailman/listinfo/busybox _______________________________________________ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
