From 27d9eb3aa202772f57136bc67b30329fb4839b55 Mon Sep 17 00:00:00 2001 From: Lukas Nykryn Date: Mon, 16 Feb 2015 17:36:13 +0100 Subject: [PATCH 2/6] leveldb: restore selinux context for xinetd conf files --- Makefile | 2 +- leveldb.c | 49 +++++++++++++++++++++++++++++++++---- po/chkconfig.pot | 74 ++++++++++++++++++++++++++++++++------------------------ 3 files changed, 87 insertions(+), 38 deletions(-) diff --git a/Makefile b/Makefile index 79e02da..cde8811 100644 --- a/Makefile +++ b/Makefile @@ -2,7 +2,7 @@ VERSION=$(shell awk '/Version:/ { print $$2 }' chkconfig.spec) TAG = chkconfig-$(VERSION) CFLAGS=-g -Wall $(RPM_OPT_FLAGS) -D_GNU_SOURCE -LDFLAGS+=-g +LDFLAGS+=-g -lselinux -lsepol MAN=chkconfig.8 ntsysv.8 alternatives.8 PROG=chkconfig BINDIR = /sbin diff --git a/leveldb.c b/leveldb.c index 352076c..1af3a6f 100644 --- a/leveldb.c +++ b/leveldb.c @@ -27,6 +27,9 @@ #include #include #include +#include +#include +#include /* Changes 1998-09-22 - Arnaldo Carvalho de Melo @@ -38,6 +41,36 @@ #include "leveldb.h" +int selinux_restore(const char *name) { + struct selabel_handle *hnd = NULL; + struct stat buf; + security_context_t newcon = NULL; + int r = -1; + + hnd = selabel_open(SELABEL_CTX_FILE, NULL, 0); + if (hnd == NULL) + goto out; + + r = stat(name, &buf); + if (r < 0) + goto out; + + r = selabel_lookup_raw(hnd, &newcon, name, buf.st_mode); + if (r < 0) + goto out; + + r = setfilecon_raw(name, newcon); + if (r < 0) + goto out; + + r = 0; + + out: + selabel_close(hnd); + freecon(newcon); + return r; +} + int parseLevels(char * str, int emptyOk) { char * chptr = str; int rc = 0; @@ -744,6 +777,7 @@ int setXinetdService(struct service s, int on) { char *buf, *ptr, *tmp; struct stat sb; mode_t mode; + int r; if (on == -1) { on = s.enabled ? 1 : 0; @@ -790,7 +824,11 @@ int setXinetdService(struct service s, int on) { } close(newfd); unlink(oldfname); - return(rename(newfname,oldfname)); + r = rename(newfname,oldfname); + if (selinux_restore(oldfname) != 0) + fprintf(stderr, _("Unable to set selinux context for %s: %s\n"), oldfname, + strerror(errno)); + return(r); } int doSetService(struct service s, int level, int on) { @@ -822,11 +860,12 @@ int doSetService(struct service s, int level, int on) { int systemdIsInit() { char *path = realpath("/sbin/init", NULL); - char *base; + char *base = NULL; if (!path) return 0; base = basename(path); + puts(base); if (!base) return 0; if (strcmp(base,"systemd")) @@ -1218,10 +1257,10 @@ void checkSystemdDependencies(struct service *s) { } } } - - + + finish: - + if(star) { for (i = 0; i < n_star; i++) free(star[i]); diff --git a/po/chkconfig.pot b/po/chkconfig.pot index d174fdd..2d44f2b 100644 --- a/po/chkconfig.pot +++ b/po/chkconfig.pot @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2013-08-08 17:07+0200\n" +"POT-Creation-Date: 2015-02-16 17:34+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -197,22 +197,27 @@ msgstr "" msgid "No services may be managed by ntsysv!\n" msgstr "" -#: ../leveldb.c:263 +#: ../leveldb.c:296 #, c-format msgid "failed to open %s/init.d: %s\n" msgstr "" -#: ../leveldb.c:673 +#: ../leveldb.c:706 #, c-format msgid "failed to glob pattern %s: %s\n" msgstr "" -#: ../leveldb.c:716 +#: ../leveldb.c:749 #, c-format msgid "cannot determine current run level\n" msgstr "" -#: ../leveldb.c:815 +#: ../leveldb.c:829 +#, c-format +msgid "Unable to set selinux context for %s: %s\n" +msgstr "" + +#: ../leveldb.c:853 #, c-format msgid "failed to make symlink %s: %s\n" msgstr "" @@ -375,135 +380,140 @@ msgstr "" msgid "would remove %s\n" msgstr "" -#: ../alternatives.c:383 ../alternatives.c:390 ../alternatives.c:422 +#: ../alternatives.c:383 ../alternatives.c:390 ../alternatives.c:423 #, c-format msgid "failed to remove link %s: %s\n" msgstr "" -#: ../alternatives.c:406 ../alternatives.c:419 +#: ../alternatives.c:405 ../alternatives.c:420 #, c-format msgid "would link %s -> %s\n" msgstr "" -#: ../alternatives.c:411 ../alternatives.c:428 +#: ../alternatives.c:410 ../alternatives.c:429 #, c-format msgid "failed to link %s -> %s: %s\n" msgstr "" -#: ../alternatives.c:460 +#: ../alternatives.c:416 +#, c-format +msgid "failed to link %s -> %s: %s exists and it is not a symlink\n" +msgstr "" + +#: ../alternatives.c:461 #, c-format msgid "%s already exists\n" msgstr "" -#: ../alternatives.c:462 +#: ../alternatives.c:463 #, c-format msgid "failed to create %s: %s\n" msgstr "" -#: ../alternatives.c:493 +#: ../alternatives.c:494 #, c-format msgid "failed to replace %s with %s: %s\n" msgstr "" -#: ../alternatives.c:519 ../alternatives.c:525 ../alternatives.c:536 -#: ../alternatives.c:542 +#: ../alternatives.c:520 ../alternatives.c:526 ../alternatives.c:537 +#: ../alternatives.c:543 #, c-format msgid "running %s\n" msgstr "" -#: ../alternatives.c:571 +#: ../alternatives.c:572 #, c-format msgid "the primary link for %s must be %s\n" msgstr "" -#: ../alternatives.c:651 +#: ../alternatives.c:652 #, c-format msgid "link %s incorrect for slave %s (%s %s)\n" msgstr "" -#: ../alternatives.c:692 +#: ../alternatives.c:693 #, c-format msgid "%s - status is auto.\n" msgstr "" -#: ../alternatives.c:694 +#: ../alternatives.c:695 #, c-format msgid "%s - status is manual.\n" msgstr "" -#: ../alternatives.c:696 +#: ../alternatives.c:697 #, c-format msgid " link currently points to %s\n" msgstr "" -#: ../alternatives.c:699 +#: ../alternatives.c:700 #, c-format msgid "%s - priority %d\n" msgstr "" -#: ../alternatives.c:702 +#: ../alternatives.c:703 #, c-format msgid " slave %s: %s\n" msgstr "" -#: ../alternatives.c:707 +#: ../alternatives.c:708 #, c-format msgid "Current `best' version is %s.\n" msgstr "" -#: ../alternatives.c:737 +#: ../alternatives.c:738 #, c-format msgid "There is %d program that provides '%s'.\n" msgstr "" -#: ../alternatives.c:737 +#: ../alternatives.c:738 #, c-format msgid "There are %d programs which provide '%s'.\n" msgstr "" -#: ../alternatives.c:739 +#: ../alternatives.c:740 #, c-format msgid " Selection Command\n" msgstr "" -#: ../alternatives.c:748 +#: ../alternatives.c:749 #, c-format msgid "Enter to keep the current selection[+], or type selection number: " msgstr "" -#: ../alternatives.c:751 +#: ../alternatives.c:752 #, c-format msgid "" "\n" "error reading choice\n" msgstr "" -#: ../alternatives.c:778 ../alternatives.c:804 +#: ../alternatives.c:779 ../alternatives.c:805 #, c-format msgid "%s has not been configured as an alternative for %s\n" msgstr "" -#: ../alternatives.c:820 +#: ../alternatives.c:821 #, c-format msgid "(would remove %s\n" msgstr "" -#: ../alternatives.c:822 +#: ../alternatives.c:823 #, c-format msgid "failed to remove %s: %s\n" msgstr "" -#: ../alternatives.c:973 +#: ../alternatives.c:974 #, c-format msgid "altdir %s invalid\n" msgstr "" -#: ../alternatives.c:979 +#: ../alternatives.c:980 #, c-format msgid "admindir %s invalid\n" msgstr "" -#: ../alternatives.c:989 +#: ../alternatives.c:990 #, c-format msgid "alternatives version %s\n" msgstr "" -- 1.8.3.1