X Strike Force X.Org X11 SVN commit: r299 - in trunk/debian: . patches

Sat, 02 Jul 2005 13:31:01 -0700 

Author: dnusinow
Date: 2005-07-02 15:30:49 -0500 (Sat, 02 Jul 2005)
New Revision: 299

Added:
   trunk/debian/patches/099s_selinux_support.diff
Modified:
   trunk/debian/TODO
Log:
- Update TODO. I sent out the mail notifying developers about the
  xlibs-static-* transition. Thanks to Daniel Stone for letting me know
  about it and checking the mail beforehand.
- Patch audit.  
  - Port 099s_selinux_support.diff from xfree86 tree


Modified: trunk/debian/TODO
===================================================================
--- trunk/debian/TODO   2005-07-02 19:29:51 UTC (rev 298)
+++ trunk/debian/TODO   2005-07-02 20:30:49 UTC (rev 299)
@@ -22,7 +22,6 @@
   -- Upstream says that it's incorrect and due to a toolchain bug.
      Have to see whether it's still needed for GNU/kFreeBSD, and if so,
      fix the bug.  See Freedesktop Bugzilla #1902.
-099s_selinux_support.diff -- needs porting
 099t_xkb_remove_hidden_attributes.diff -- needs porting
 099u_mkdirhier_rewrite.diff -- needs porting
 099v_fontserver_fix_SEGV.diff -- needs porting
@@ -55,9 +54,6 @@
 * Change x-common to x11-common to reflect that it provides symlinks with that
   name [dnusinow]
 
-* Notify maintainers of packages with issues from the transition as found by
-  Ubuntu already [dnusinow]
-
 * Fix upgrade issue with xfree86-common
 
 * Make sure xdm upgrades work properly

Added: trunk/debian/patches/099s_selinux_support.diff
===================================================================
--- trunk/debian/patches/099s_selinux_support.diff      2005-07-02 19:29:51 UTC 
(rev 298)
+++ trunk/debian/patches/099s_selinux_support.diff      2005-07-02 20:30:49 UTC 
(rev 299)
@@ -0,0 +1,158 @@
+diff -ruN xc-old/config/cf/Imake.tmpl xc/config/cf/Imake.tmpl
+--- xc-old/config/cf/Imake.tmpl        2005-07-02 15:45:07.000000000 -0400
++++ xc/config/cf/Imake.tmpl    2005-07-02 15:56:55.000000000 -0400
+@@ -2134,17 +2134,21 @@
+  * EXTRA_INCLUDES contains project-specific includes set in project incfiles
+  * INCLUDES contains client-specific includes set in Imakefile
+  * LOCAL_LDFLAGS contains client-specific ld flags flags set in Imakefile
++ * SELINUX_INCLUDES contains SELinux-specific includes set in the appropriate 
.cf file
++ * SELINUX_LDFLAGS contains SELinux-specific ld flags set in the appropriate 
. cf file
++ * SELINUX_CFLAGS contains SELinux-specific compiler flags set in the .cf file
++ * SELINUX_LIBS contains SELinux-specific libraries to link with set in the . 
cf file
+  */
+-      ALLINCLUDES = $(INCLUDES) $(EXTRA_INCLUDES) $(TOP_INCLUDES) 
$(INSTALLED_INCLUDES) $(STD_INCLUDES)
++      ALLINCLUDES = $(INCLUDES) $(EXTRA_INCLUDES) $(TOP_INCLUDES) 
$(INSTALLED_INCLUDES) $(STD_INCLUDES) $(SELINUX_INCLUDES)
+        ALLDEFINES = $(ALLINCLUDES) $(STD_DEFINES) $(PROTO_DEFINES) 
$(THREADS_DEFINES) $(MODULE_DEFINES) $(DEFINES) $(EXTRA_DEFINES)
+-           CFLAGS = $(CDEBUGFLAGS) $(CCOPTIONS) $(THREADS_CFLAGS) 
$(MODULE_CFLAGS) $(ALLDEFINES)
++           CFLAGS = $(CDEBUGFLAGS) $(CCOPTIONS) $(THREADS_CFLAGS) 
$(SELINUX_CFLAGS) $(MODULE_CFLAGS) $(ALLDEFINES)
+         LINTFLAGS = $(LINTOPTS) -DLINT $(ALLDEFINES) $(DEPEND_DEFINES)
+          LDPRELIB = LdPreLib $(INSTALLED_LIBS)
+         LDPOSTLIB = LdPostLib
+-        LDOPTIONS = $(CDEBUGFLAGS) $(CCOPTIONS)  $(EXTRA_LDOPTIONS) 
$(THREADS_LDFLAGS) $(LOCAL_LDFLAGS) $(LDPRELIBS)
++        LDOPTIONS = $(CDEBUGFLAGS) $(CCOPTIONS)  $(EXTRA_LDOPTIONS) 
$(THREADS_LDFLAGS) $(SELINUX_LDFLAGS) $(LOCAL_LDFLAGS) $(LDPRELIBS)
+      CXXLDOPTIONS = $(CXXDEBUGFLAGS) $(CXXOPTIONS) $(EXTRA_LDOPTIONS) 
$(THREADS_CXXLDFLAGS) $(LOCAL_LDFLAGS) $(LDPRELIBS)
+ 
+-           LDLIBS = $(LDPOSTLIBS) $(THREADS_LIBS) $(SYS_LIBRARIES) 
$(EXTRA_LIBRARIES)
++           LDLIBS = $(LDPOSTLIBS) $(THREADS_LIBS) $(SELINUX_LIBS) 
$(SYS_LIBRARIES) $(EXTRA_LIBRARIES)
+ #if HasBrokenCCForLink
+            CCLINK = LdCmd
+ #else
+diff -ruN xc-old/config/cf/linux.cf xc/config/cf/linux.cf
+--- xc-old/config/cf/linux.cf  2005-07-02 15:45:19.000000000 -0400
++++ xc/config/cf/linux.cf      2005-07-02 16:01:00.000000000 -0400
+@@ -1105,3 +1105,57 @@
+ #ifndef XFree86ServerOSDefines
+ # define XFree86ServerOSDefines
+ #endif
++
++/*
++ *     SELinux support
++ */
++#ifndef HasSELinux
++# define HasSELinux NO
++#endif
++
++#ifndef SELinuxDefines
++# if HasSELinux
++#  define SELinuxDefines -DHAVE_SELINUX
++# else
++#  define SELinuxDefines /**/
++# endif
++#endif
++
++#ifndef SELinuxIncludeFlags
++# if HasSELinux
++#   define SELinuxIncludeFlags -I/usr/include/selinux
++# else
++#   define SELinuxIncludeFlags /**/
++# endif
++#endif
++
++#ifndef SELinuxCompileFlags
++# define SELinuxCompileFlags /**/
++#endif
++
++#ifndef SELinuxLoadFlags
++# define SELinuxLoadFlags SELinuxCompileFlags
++#endif
++
++#ifndef SELinuxLibraries
++# if HasSELinux
++#  define SELinuxLibraries -lselinux
++# else
++#  define SELinuxLibraries /**/
++# endif
++#endif
++
++#if HasSELinux
++# ifndef SELINUX_LDFLAGS
++   SELINUX_LDFLAGS = SELinuxLoadFlags
++# endif
++# ifndef SELINUX_INCLUDES
++   SELINUX_INCLUDES = SELinuxIncludeFlags
++# endif
++# ifndef SELINUX_CFLAGS
++   SELINUX_CFLAGS = SELinuxCompileFlags SELinuxDefines
++# endif
++# ifndef SELINUX_LIBS
++   SELINUX_LIBS = SELinuxLibraries
++# endif
++#endif
+diff -ruN xc-old/programs/xdm/session.c xc/programs/xdm/session.c
+--- xc-old/programs/xdm/session.c      2005-07-02 15:45:16.000000000 -0400
++++ xc/programs/xdm/session.c  2005-07-02 16:07:45.000000000 -0400
+@@ -61,6 +61,11 @@
+ # include <krb5/krb5.h>
+ #endif
+ 
++#ifdef HAVE_SELINUX
++#include <selinux/selinux.h>
++#include <selinux/get_context_list.h>
++#endif /* HAVE_SELINUX */
++
+ #ifndef GREET_USER_STATIC
+ # include <dlfcn.h>
+ # ifndef RTLD_NOW
+@@ -68,6 +73,34 @@
+ # endif
+ #endif
+ 
++#ifdef HAVE_SELINUX
++/* This should be run just before we exec the user session. */
++static int
++xdm_selinux_setup (const char *login)
++  {
++      security_context_t scontext;
++      /* If SELinux is not enabled, then we don't do anything. */
++      if ( ! is_selinux_enabled ())
++      return TRUE;
++      
++      if (get_default_context((char*) login,0, &scontext) < 0) {
++      LogError ("SELinux: unable to obtain default security context for %s\n",
++               login);
++      return FALSE;
++      }
++              
++      if (setexeccon (scontext) != 0) {
++      freecon (scontext);
++      LogError ("SELinux: unable to set executable context %s\n",
++            (char *)scontext);
++      return FALSE;
++      }
++              
++      freecon (scontext);
++      return TRUE;
++}
++#endif /* HAVE_SELINUX */
++                              
+ static        int     runAndWait (char **args, char **environ);
+ 
+ #if defined(CSRG_BASED) || defined(__osf__) || defined(__DARWIN__) || 
defined(__QNXNTO__) || defined(sun) || defined(__GLIBC__)
+@@ -726,6 +759,17 @@
+ #endif /* K5AUTH */
+       bzero(passwd, strlen(passwd));
+       SetUserAuthorization (d, verify);
++#ifdef HAVE_SELINUX
++   /*
++    * For Security Enhanced Linux:
++    * set the default security context for this user.
++    */
++   if ( ! xdm_selinux_setup (name)) {
++      LogError ("failed to set security context\n");
++       exit (UNMANAGE_DISPLAY);
++       return (0);
++   }
++#endif /* HAVE_SELINUX */
+       home = getEnv (verify->userEnviron, "HOME");
+       if (home)
+           if (chdir (home) == -1) {


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to