Mivz wrote: > Yes, I'll read it :) ;) > Here is the patch. I'm still working on the policy files. I will > finish them when I'm graduated in a few weeks. wish you all the best in them exams right there. *cough* we have a vacancy on our Entrance enterprise architecture and coporate solution provision team, do send us your CV as soon as you are able *end cough* :) > The patch contains a function I got from gdm. sweet. I'll add the conditional compilation boohaa to this, and send back to you to test properly, I don't have/use selinux so I can't test it well on my box. Once you're good with it, i'll apply it finally.
thnx again. Essien > > Harrie Hoogeveen > > John Kraal wrote: >> I believe he is very busy finishing school at the moment ;) >> >> He'll read this though. >> >> Essien Ita Essien wrote: >>> John Kraal wrote: >>>> Great, >>>> >>>> The guy already made it, but he has no idea of how to make it >>>> optional (for use in Makefile.am, configure.in, etc). Nevertheless >>>> I'll let him submit. >>>> >>> awesome. >>>> If somebody could do the makefile / configure.in, please do >>>> >>> Let him mail it to me directly [EMAIL PROTECTED], I'll do the >>> autoKUNGfoo and send it back to him to test. And uhhh... why is _he_ >>> not on the mailing list directly himself? Entrance needs more love >>> :), if he could hack in SELinux support, we can use some more hands >>> _if_ he's interested in helping out more. >>> >>> Cheers, >>> Essien >>> >>>> Regards, >>>> John >>>> >>>> Essien Ita Essien wrote: >>>> >>>>> John Kraal wrote: >>>>> >>>>>> Hello, >>>>>> >>>>>> Are there any plans for integrating SELinux in Entrance-login as >>>>>> of yet? If not, somebody here is thinking about doing it.. >>>>>> >>>>> Hiya John, >>>>> >>>>> Its not on the current todo list. >>>>> >>>>> However, please go ahead and do this, much appreciated. Once then >>>>> send the patch to the mailing list for review, I'm not the >>>>> maintainer, just a cleaner-upper with cvs access. That said, if >>>>> you send this patch in, also copy xcomp at [EMAIL PROTECTED] (he >>>>> finds it hard to follow the patches on the ml, since its sooo long). >>>>> >>>>> One way or the other, the other, the friggin patch will go in :) >>>>> >>>>> *hint* Entrance need more ppl to show it more love *end hint* >>>>> >>>>> Cheers, >>>>> Essien >>>>> >>>>>> Regards, >>>>>> >>>>>> John >>>>>> >>>>> ------------------------------------------------------------------------- >>>>> >>>>> Take Surveys. Earn Cash. Influence the Future of IT >>>>> Join SourceForge.net's Techsay panel and you'll get the chance to >>>>> share your >>>>> opinions on IT & business topics through brief surveys -- and earn >>>>> cash >>>>> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV >>>>> >>>>> _______________________________________________ >>>>> enlightenment-devel mailing list >>>>> [email protected] >>>>> https://lists.sourceforge.net/lists/listinfo/enlightenment-devel >>>>> >>>> >>> >>> ------------------------------------------------------------------------- >>> >>> Take Surveys. Earn Cash. Influence the Future of IT >>> Join SourceForge.net's Techsay panel and you'll get the chance to >>> share your >>> opinions on IT & business topics through brief surveys -- and earn cash >>> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV >>> >>> _______________________________________________ >>> enlightenment-devel mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/enlightenment-devel >>> >>> >> >> ------------------------------------------------------------------------- >> >> Take Surveys. Earn Cash. Influence the Future of IT >> Join SourceForge.net's Techsay panel and you'll get the chance to >> share your >> opinions on IT & business topics through brief surveys -- and earn cash >> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV >> >> _______________________________________________ >> enlightenment-devel mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/enlightenment-devel >> > > ------------------------------------------------------------------------ > > diff -Nau > /usr/portage/distfiles/cvs-src/e17/apps/entrance/src/client/entrance_session.c > ./entrance_session.c > --- > /usr/portage/distfiles/cvs-src/e17/apps/entrance/src/client/entrance_session.c > 2006-08-02 00:02:35.000000000 +0200 > +++ ./entrance_session.c 2006-08-02 00:58:49.000000000 +0200 > @@ -11,6 +11,10 @@ > #include "entrance_x_session.h" > #include "entrance_ipc.h" > > +#include <selinux/selinux.h> > +#include <selinux/get_context_list.h> > + > + > /** > @file entrance_session.c > @brief Variables and Data relating to an instance of the application as a > whole > @@ -458,6 +462,9 @@ > if (initgroups(pwent->pw_name, pwent->pw_gid)) > syslog(LOG_CRIT, > "Unable to initialize group (is entrance running as > root?)."); > + //SELinux login > + selinux_setup(pwent->pw_name); > + > if (setgid(pwent->pw_gid)) > syslog(LOG_CRIT, "Unable to set group id."); > if (setuid(pwent->pw_uid)) > @@ -797,3 +804,39 @@ > } > } > } > + > +//from gdm > +selinux_setup (const char *login) > +{ > + security_context_t scontext; > + int ret=-1; > + char *seuser=NULL; > + char *level=NULL; > + > + /* If selinux is not enabled, then we don't do anything */ > + if (is_selinux_enabled () <= 0) > + return TRUE; > + > + if (getseuserbyname(login, &seuser, &level) == 0) > + ret=get_default_context_with_level(seuser, level, 0, > &scontext); > + > + if (ret < 0) { > + syslog(LOG_CRIT, sprintf("SELinux entrance login: unable to > obtain default security context for %s.", login)); > + /* note that this will be run when the .xsession-errors > + is already being logged, so we can use stderr */ > + syslog(LOG_CRIT, sprintf("SELinux entrance login: unable to > obtain default security context for %s.", login)); > + return (security_getenforce()==0); > + } > + > + if (setexeccon (scontext) != 0) { > + syslog(LOG_CRIT, sprintf("SELinux entrance login: unable to > set executable context %s.",(char *)scontext)); > + syslog(LOG_CRIT, sprintf("SELinux entrance login: unable to > set executable context %s.",(char *)scontext)); > + freecon (scontext); > + return (security_getenforce()==0); > + } > + > + freecon (scontext); > + > + return TRUE; > +} > + > diff -Nau > /usr/portage/distfiles/cvs-src/e17/apps/entrance/src/client/entrance_session.h > ./entrance_session.h > --- > /usr/portage/distfiles/cvs-src/e17/apps/entrance/src/client/entrance_session.h > 2006-08-02 00:02:35.000000000 +0200 > +++ ./entrance_session.h 2006-08-02 00:06:03.000000000 +0200 > @@ -70,5 +70,6 @@ > e); > void entrance_session_x_session_set(Entrance_Session * e, > Entrance_X_Session * exs); > +int selinux_setup(const char *); > > #endif > diff -Nau > /usr/portage/distfiles/cvs-src/e17/apps/entrance/src/client/Makefile.am > ./Makefile.am > --- /usr/portage/distfiles/cvs-src/e17/apps/entrance/src/client/Makefile.am > 2006-08-02 00:02:35.000000000 +0200 > +++ ./Makefile.am 2006-08-02 00:06:03.000000000 +0200 > @@ -21,7 +21,7 @@ > entrance.h main.c > > entrance_LDADD = @EDJE_LIBS@ @ECORE_LIBS@ @EVAS_LIBS@ \ > [EMAIL PROTECTED]@ -lesmart_container -lesmart_text_entry > [EMAIL PROTECTED]@ -lesmart_container -lesmart_text_entry -lselinux > > entrance_login_SOURCES = \ > entrance_login.c \ > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > ------------------------------------------------------------------------ > > _______________________________________________ > enlightenment-devel mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/enlightenment-devel > ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ enlightenment-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
