Yes, I'll read it :)
Here is the patch. I'm still working on the policy files. I will finish
them when I'm graduated in a few weeks.
The patch contains a function I got from gdm.
Harrie Hoogeveen
John Kraal wrote:
I believe he is very busy finishing school at the moment ;)
He'll read this though.
Essien Ita Essien wrote:
John Kraal wrote:
Great,
The guy already made it, but he has no idea of how to make it optional
(for use in Makefile.am, configure.in, etc). Nevertheless I'll let him
submit.
awesome.
If somebody could do the makefile / configure.in, please do
Let him mail it to me directly [EMAIL PROTECTED], I'll do the
autoKUNGfoo and send it back to him to test. And uhhh... why is _he_ not
on the mailing list directly himself? Entrance needs more love :), if he
could hack in SELinux support, we can use some more hands _if_ he's
interested in helping out more.
Cheers,
Essien
Regards,
John
Essien Ita Essien wrote:
John Kraal wrote:
Hello,
Are there any plans for integrating SELinux in Entrance-login as of yet?
If not, somebody here is thinking about doing it..
Hiya John,
Its not on the current todo list.
However, please go ahead and do this, much appreciated. Once then send
the patch to the mailing list for review, I'm not the maintainer, just a
cleaner-upper with cvs access. That said, if you send this patch in,
also copy xcomp at [EMAIL PROTECTED] (he finds it hard to follow the
patches on the ml, since its sooo long).
One way or the other, the other, the friggin patch will go in :)
*hint* Entrance need more ppl to show it more love *end hint*
Cheers,
Essien
Regards,
John
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
enlightenment-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
enlightenment-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
enlightenment-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
diff -Nau
/usr/portage/distfiles/cvs-src/e17/apps/entrance/src/client/entrance_session.c
./entrance_session.c
---
/usr/portage/distfiles/cvs-src/e17/apps/entrance/src/client/entrance_session.c
2006-08-02 00:02:35.000000000 +0200
+++ ./entrance_session.c 2006-08-02 00:58:49.000000000 +0200
@@ -11,6 +11,10 @@
#include "entrance_x_session.h"
#include "entrance_ipc.h"
+#include <selinux/selinux.h>
+#include <selinux/get_context_list.h>
+
+
/**
@file entrance_session.c
@brief Variables and Data relating to an instance of the application as a whole
@@ -458,6 +462,9 @@
if (initgroups(pwent->pw_name, pwent->pw_gid))
syslog(LOG_CRIT,
"Unable to initialize group (is entrance running as
root?).");
+ //SELinux login
+ selinux_setup(pwent->pw_name);
+
if (setgid(pwent->pw_gid))
syslog(LOG_CRIT, "Unable to set group id.");
if (setuid(pwent->pw_uid))
@@ -797,3 +804,39 @@
}
}
}
+
+//from gdm
+selinux_setup (const char *login)
+{
+ security_context_t scontext;
+ int ret=-1;
+ char *seuser=NULL;
+ char *level=NULL;
+
+ /* If selinux is not enabled, then we don't do anything */
+ if (is_selinux_enabled () <= 0)
+ return TRUE;
+
+ if (getseuserbyname(login, &seuser, &level) == 0)
+ ret=get_default_context_with_level(seuser, level, 0,
&scontext);
+
+ if (ret < 0) {
+ syslog(LOG_CRIT, sprintf("SELinux entrance login: unable to
obtain default security context for %s.", login));
+ /* note that this will be run when the .xsession-errors
+ is already being logged, so we can use stderr */
+ syslog(LOG_CRIT, sprintf("SELinux entrance login: unable to
obtain default security context for %s.", login));
+ return (security_getenforce()==0);
+ }
+
+ if (setexeccon (scontext) != 0) {
+ syslog(LOG_CRIT, sprintf("SELinux entrance login: unable to
set executable context %s.",(char *)scontext));
+ syslog(LOG_CRIT, sprintf("SELinux entrance login: unable to
set executable context %s.",(char *)scontext));
+ freecon (scontext);
+ return (security_getenforce()==0);
+ }
+
+ freecon (scontext);
+
+ return TRUE;
+}
+
diff -Nau
/usr/portage/distfiles/cvs-src/e17/apps/entrance/src/client/entrance_session.h
./entrance_session.h
---
/usr/portage/distfiles/cvs-src/e17/apps/entrance/src/client/entrance_session.h
2006-08-02 00:02:35.000000000 +0200
+++ ./entrance_session.h 2006-08-02 00:06:03.000000000 +0200
@@ -70,5 +70,6 @@
e);
void entrance_session_x_session_set(Entrance_Session * e,
Entrance_X_Session * exs);
+int selinux_setup(const char *);
#endif
diff -Nau
/usr/portage/distfiles/cvs-src/e17/apps/entrance/src/client/Makefile.am
./Makefile.am
--- /usr/portage/distfiles/cvs-src/e17/apps/entrance/src/client/Makefile.am
2006-08-02 00:02:35.000000000 +0200
+++ ./Makefile.am 2006-08-02 00:06:03.000000000 +0200
@@ -21,7 +21,7 @@
entrance.h main.c
entrance_LDADD = @EDJE_LIBS@ @ECORE_LIBS@ @EVAS_LIBS@ \
[EMAIL PROTECTED]@ -lesmart_container -lesmart_text_entry
[EMAIL PROTECTED]@ -lesmart_container -lesmart_text_entry -lselinux
entrance_login_SOURCES = \
entrance_login.c \
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
enlightenment-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
