diff options
author | Mike Frysinger <vapier@gentoo.org> | 2004-12-22 03:25:20 +0000 |
---|---|---|
committer | Mike Frysinger <vapier@gentoo.org> | 2004-12-22 03:25:20 +0000 |
commit | ccca10aaea38f831eb0d0eb15d5636be158a2321 (patch) | |
tree | afa6538b365c0016df8e360aab9f7539a0629f4c /sys-apps | |
parent | Stable on sparc (diff) | |
download | historical-ccca10aaea38f831eb0d0eb15d5636be158a2321.tar.gz historical-ccca10aaea38f831eb0d0eb15d5636be158a2321.tar.bz2 historical-ccca10aaea38f831eb0d0eb15d5636be158a2321.zip |
Version bump #75007.
Diffstat (limited to 'sys-apps')
-rw-r--r-- | sys-apps/sysvinit/ChangeLog | 9 | ||||
-rw-r--r-- | sys-apps/sysvinit/Manifest | 17 | ||||
-rw-r--r-- | sys-apps/sysvinit/files/2.86-gentoo.patch | 25 | ||||
-rw-r--r-- | sys-apps/sysvinit/files/2.86-selinux.patch | 219 | ||||
-rw-r--r-- | sys-apps/sysvinit/files/digest-sysvinit-2.86 | 1 | ||||
-rw-r--r-- | sys-apps/sysvinit/files/inittab | 7 | ||||
-rw-r--r-- | sys-apps/sysvinit/files/sysvinit-2.86-selinux.patch | 242 | ||||
-rw-r--r-- | sys-apps/sysvinit/sysvinit-2.86.ebuild | 64 |
8 files changed, 575 insertions, 9 deletions
diff --git a/sys-apps/sysvinit/ChangeLog b/sys-apps/sysvinit/ChangeLog index d2824aeb3458..fdc2e48373cc 100644 --- a/sys-apps/sysvinit/ChangeLog +++ b/sys-apps/sysvinit/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for sys-apps/sysvinit # Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-apps/sysvinit/ChangeLog,v 1.14 2004/08/24 03:37:25 swegener Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-apps/sysvinit/ChangeLog,v 1.15 2004/12/22 03:25:20 vapier Exp $ + +*sysvinit-2.86 (21 Dec 2004) + + 21 Dec 2004; Mike Frysinger <vapier@gentoo.org> +files/2.86-gentoo.patch, + +files/2.86-selinux.patch, files/inittab, + +files/sysvinit-2.86-selinux.patch, +sysvinit-2.86.ebuild: + Version bump #75007. 24 Aug 2004; Sven Wegener <swegener@gentoo.org> sysvinit-2.85-r1.ebuild: Sync IUSE (build and bootstrap missing) diff --git a/sys-apps/sysvinit/Manifest b/sys-apps/sysvinit/Manifest index d418ce8e756c..345686225383 100644 --- a/sys-apps/sysvinit/Manifest +++ b/sys-apps/sysvinit/Manifest @@ -1,16 +1,21 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -MD5 0d7c267c0c504f5e5a322ae34f402552 ChangeLog 1943 +MD5 0301c1434f0e57f5c56b1f9fdd6fb794 ChangeLog 2176 MD5 9a09f8d531c582e78977dbfd96edc1f2 metadata.xml 164 +MD5 72a2318164da922dc920eba3e69efc80 sysvinit-2.86.ebuild 1962 MD5 4bb35af95759582d45324cdf3bc237b7 sysvinit-2.85-r1.ebuild 2545 -MD5 6e4627df68938fb6fd18afb1aea2bb8a files/inittab 1561 -MD5 38c0059ecfaa1b09e59a75cc2780aa94 files/digest-sysvinit-2.85-r1 64 +MD5 64af9a15df244a29ebd5d09307f21a9b files/digest-sysvinit-2.86 64 +MD5 5f94105e0b503a39fda5fb65d885e16c files/2.86-gentoo.patch 641 +MD5 ee95909bb06edb0cb0ffcb6800ce3226 files/2.86-selinux.patch 5706 +MD5 eb3296226618c9805517b4fca35c242e files/inittab 1672 +MD5 3c171d9c843284ce606663e4e6da26e9 files/sysvinit-2.86-selinux.patch 6448 MD5 3c171d9c843284ce606663e4e6da26e9 files/sysvinit-2.85-selinux.patch 6448 +MD5 38c0059ecfaa1b09e59a75cc2780aa94 files/digest-sysvinit-2.85-r1 64 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.9.10 (GNU/Linux) -iD8DBQFBxvD7roRuSHgZdywRAv48AJ4zU5TGLKHzyoTn47VjahfjRBg+PQCfaflc -phe7xGKxGrRh5w+6PN3AF48= -=QvwE +iD8DBQFByOk8roRuSHgZdywRAsWjAJ9zPDNjtnK63FjQDbUV76OqoQWdmQCZAW8x +wx/26inoU2GrElDyhfv1m/I= +=Bjww -----END PGP SIGNATURE----- diff --git a/sys-apps/sysvinit/files/2.86-gentoo.patch b/sys-apps/sysvinit/files/2.86-gentoo.patch new file mode 100644 index 000000000000..c3322a8e2e00 --- /dev/null +++ b/sys-apps/sysvinit/files/2.86-gentoo.patch @@ -0,0 +1,25 @@ +--- src/Makefile.orig 2004-12-21 22:08:42.607088800 -0500 ++++ src/Makefile 2004-12-21 22:12:56.409504968 -0500 +@@ -10,5 +10,3 @@ + +-CC = gcc +-CFLAGS = -Wall -O2 -fomit-frame-pointer -D_GNU_SOURCE +-LDFLAGS = -s ++CFLAGS += -Wall -D_GNU_SOURCE + STATIC = +@@ -33,2 +31,9 @@ + ++ifeq ($(DISTRO),Gentoo) ++SBIN += sulogin bootlogd ++USRBIN += utmpdump wall ++MAN1 += wall.1 ++MAN8 += sulogin.8 bootlogd.8 ++endif ++ + ifeq ($(DISTRO),Debian) +@@ -112,2 +117,5 @@ + install: ++ $(INSTALL) -d $(ROOT)/bin $(ROOT)/sbin $(ROOT)/usr/bin \ ++ $(ROOT)/usr/include $(ROOT)/$(MANDIR)/man1 $(ROOT)/$(MANDIR)/man5 \ ++ $(ROOT)/$(MANDIR)/man8 + for i in $(BIN); do \ diff --git a/sys-apps/sysvinit/files/2.86-selinux.patch b/sys-apps/sysvinit/files/2.86-selinux.patch new file mode 100644 index 000000000000..9bda14ef63a7 --- /dev/null +++ b/sys-apps/sysvinit/files/2.86-selinux.patch @@ -0,0 +1,219 @@ +--- sysvinit-2.85/src/Makefile.selinux 2004-06-09 15:28:47.439412648 -0400 ++++ sysvinit-2.85/src/Makefile 2004-06-09 15:28:47.517400792 -0400 +@@ -12,2 +12,4 @@ + STATIC = ++CFLAGS += -DWITH_SELINUX ++LDFLAGS += -lselinux + +--- sysvinit-2.85/src/init.c.selinux 2004-06-09 15:28:47.478406720 -0400 ++++ sysvinit-2.85/src/init.c 2004-06-09 15:29:03.208015456 -0400 +@@ -48,6 +48,10 @@ + #include <stdarg.h> + #include <sys/syslog.h> + #include <sys/time.h> ++#include <sys/mman.h> ++#include <selinux/selinux.h> ++#include <sys/mount.h> ++ + + #ifdef __i386__ + # if (__GLIBC__ >= 2) +@@ -103,6 +107,7 @@ + int dfl_level = 0; /* Default runlevel */ + sig_atomic_t got_cont = 0; /* Set if we received the SIGCONT signal */ + sig_atomic_t got_signals; /* Set if we received a signal. */ ++int enforcing = -1; /* SELinux enforcing mode */ + int emerg_shell = 0; /* Start emergency shell? */ + int wrote_wtmp_reboot = 1; /* Set when we wrote the reboot record */ + int wrote_utmp_reboot = 1; /* Set when we wrote the reboot record */ +@@ -187,6 +192,130 @@ + {NULL,0} + }; + ++/* Mount point for selinuxfs. */ ++#define SELINUXMNT "/selinux/" ++ ++static int load_policy(int *enforce) ++{ ++ int fd=-1,ret=-1; ++ int rc=0; ++ struct stat sb; ++ void *map; ++ char policy_file[PATH_MAX]; ++ int policy_version=0; ++ extern char *selinux_mnt; ++ FILE *cfg; ++ char buf[4096]; ++ int seconfig = -2; ++ ++ selinux_getenforcemode(&seconfig); ++ ++ mount("none", "/proc", "proc", 0, 0); ++ cfg = fopen("/proc/cmdline","r"); ++ if (cfg) { ++ char *tmp; ++ if (fgets(buf,4096,cfg) && (tmp = strstr(buf,"enforcing="))) { ++ if (tmp == buf || isspace(*(tmp-1))) { ++ enforcing=atoi(tmp+10); ++ } ++ } ++ fclose(cfg); ++ } ++#define MNT_DETACH 2 ++ umount2("/proc",MNT_DETACH); ++ ++ if (enforcing >=0) ++ *enforce = enforcing; ++ else if (seconfig == 1) ++ *enforce = 1; ++ ++ if (mount("none", SELINUXMNT, "selinuxfs", 0, 0) < 0) { ++ if (errno == ENODEV) { ++ log(L_VB, "SELinux not supported by kernel: %s\n",SELINUXMNT,strerror(errno)); ++ *enforce = 0; ++ } else { ++ log(L_VB, "Failed to mount %s: %s\n",SELINUXMNT,strerror(errno)); ++ } ++ return ret; ++ } ++ ++ selinux_mnt = SELINUXMNT; /* set manually since we mounted it */ ++ ++ policy_version=security_policyvers(); ++ if (policy_version < 0) { ++ log(L_VB, "Can't get policy version: %s\n", strerror(errno)); ++ goto UMOUNT; ++ } ++ ++ rc = security_getenforce(); ++ if (rc < 0) { ++ log(L_VB, "Can't get SELinux enforcement flag: %s\n", strerror(errno)); ++ goto UMOUNT; ++ } ++ if (enforcing >= 0) { ++ *enforce = enforcing; ++ } else if (seconfig == -1) { ++ *enforce = 0; ++ rc = security_disable(); ++ if (rc == 0) umount(SELINUXMNT); ++ if (rc < 0) { ++ rc = security_setenforce(0); ++ if (rc < 0) { ++ log(L_VB, "Can't disable SELinux: %s\n", strerror(errno)); ++ goto UMOUNT; ++ } ++ } ++ ret = 0; ++ goto UMOUNT; ++ } else if (seconfig >= 0) { ++ *enforce = seconfig; ++ rc = security_setenforce(seconfig); ++ if (rc < 0) { ++ log(L_VB, "Can't set SELinux enforcement flag: %s\n", strerror(errno)); ++ goto UMOUNT; ++ } ++ } ++ ++ snprintf(policy_file,sizeof(policy_file),"%s.%d",selinux_binary_policy_path(),policy_version); ++ fd = open(policy_file, O_RDONLY); ++ if (fd < 0) { ++ /* Check previous version to see if old policy is available ++ */ ++ snprintf(policy_file,sizeof(policy_file),"%s.%d",selinux_binary_policy_path(),policy_version-1); ++ fd = open(policy_file, O_RDONLY); ++ if (fd < 0) { ++ log(L_VB, "Can't open '%s.%d': %s\n", ++ selinux_binary_policy_path(),policy_version,strerror(errno)); ++ goto UMOUNT; ++ } ++ } ++ ++ if (fstat(fd, &sb) < 0) { ++ log(L_VB, "Can't stat '%s': %s\n", ++ policy_file, strerror(errno)); ++ goto UMOUNT; ++ } ++ ++ map = mmap(NULL, sb.st_size, PROT_READ, MAP_SHARED, fd, 0); ++ if (map == MAP_FAILED) { ++ log(L_VB, "Can't map '%s': %s\n", ++ policy_file, strerror(errno)); ++ goto UMOUNT; ++ } ++ log(L_VB, "Loading security policy\n"); ++ ret=security_load_policy(map, sb.st_size); ++ if (ret < 0) { ++ log(L_VB, "security_load_policy failed\n"); ++ } ++ ++UMOUNT: ++ /*umount(SELINUXMNT); */ ++ if ( fd >= 0) { ++ close(fd); ++ } ++ return(ret); ++} ++ + /* + * Sleep a number of seconds. + * +@@ -2513,6 +2642,7 @@ + char *p; + int f; + int isinit; ++ int enforce = 0; + + /* Get my own name */ + if ((p = strrchr(argv[0], '/')) != NULL) +@@ -2576,6 +2706,20 @@ + maxproclen += strlen(argv[f]) + 1; + } + ++ if (getenv("SELINUX_INIT") == NULL) { ++ putenv("SELINUX_INIT=YES"); ++ if (load_policy(&enforce) == 0 ) { ++ execv(myname, argv); ++ } else { ++ if (enforce > 0) { ++ /* SELinux in enforcing mode but load_policy failed */ ++ /* At this point, we probably can't open /dev/console, so log() won't work */ ++ printf("Enforcing mode requested but no policy loaded. Halting now.\n"); ++ exit(1); ++ } ++ } ++ } ++ + /* Start booting. */ + argv0 = argv[0]; + argv[1] = NULL; +--- sysvinit-2.85/src/sulogin.c.selinux 2004-06-09 15:28:47.321430584 -0400 ++++ sysvinit-2.85/src/sulogin.c 2004-06-09 15:28:47.523399880 -0400 +@@ -28,7 +28,10 @@ + #if defined(__GLIBC__) + # include <crypt.h> + #endif +- ++#ifdef WITH_SELINUX ++#include <selinux/selinux.h> ++#include <selinux/get_context_list.h> ++#endif + #define CHECK_DES 1 + #define CHECK_MD5 1 + +@@ -332,6 +335,16 @@ + signal(SIGINT, SIG_DFL); + signal(SIGTSTP, SIG_DFL); + signal(SIGQUIT, SIG_DFL); ++#ifdef WITH_SELINUX ++ if (is_selinux_enabled > 0) { ++ security_context_t* contextlist=NULL; ++ if (get_ordered_context_list("root", 0, &contextlist) > 0) { ++ if (setexeccon(contextlist[0]) != 0) ++ fprintf(stderr, "setexeccon faile\n"); ++ freeconary(contextlist); ++ } ++ } ++#endif + execl(sushell, shell, NULL); + perror(sushell); + diff --git a/sys-apps/sysvinit/files/digest-sysvinit-2.86 b/sys-apps/sysvinit/files/digest-sysvinit-2.86 new file mode 100644 index 000000000000..54a6379cb3f0 --- /dev/null +++ b/sys-apps/sysvinit/files/digest-sysvinit-2.86 @@ -0,0 +1 @@ +MD5 7d5d61c026122ab791ac04c8a84db967 sysvinit-2.86.tar.gz 99009 diff --git a/sys-apps/sysvinit/files/inittab b/sys-apps/sysvinit/files/inittab index 95be8f10ca95..ab1baf3da7c2 100644 --- a/sys-apps/sysvinit/files/inittab +++ b/sys-apps/sysvinit/files/inittab @@ -7,9 +7,8 @@ # Modified by: Daniel Robbins, <drobbins@gentoo.org> # Modified by: Martin Schlemmer, <azarah@gentoo.org> # -# $Header: /var/cvsroot/gentoo-x86/sys-apps/sysvinit/files/inittab,v 1.1 2004/06/29 19:32:50 agriffis Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-apps/sysvinit/files/inittab,v 1.2 2004/12/22 03:25:20 vapier Exp $ -# # Default runlevel. id:3:initdefault: @@ -36,6 +35,10 @@ c4:12345:respawn:/sbin/agetty 38400 tty4 linux c5:12345:respawn:/sbin/agetty 38400 tty5 linux c6:12345:respawn:/sbin/agetty 38400 tty6 linux +# SERIAL CONSOLES +#s0:12345:respawn:/sbin/agetty 9600 ttyS0 vt100 +#s1:12345:respawn:/sbin/agetty 9600 ttyS1 vt100 + # What to do at the "Three Finger Salute". ca:12345:ctrlaltdel:/sbin/shutdown -r now diff --git a/sys-apps/sysvinit/files/sysvinit-2.86-selinux.patch b/sys-apps/sysvinit/files/sysvinit-2.86-selinux.patch new file mode 100644 index 000000000000..4ba08b635071 --- /dev/null +++ b/sys-apps/sysvinit/files/sysvinit-2.86-selinux.patch @@ -0,0 +1,242 @@ +--- sysvinit-2.85/src/Makefile.selinux 2004-06-09 15:28:47.439412648 -0400 ++++ sysvinit-2.85/src/Makefile 2004-06-09 15:28:47.517400792 -0400 +@@ -35,7 +35,7 @@ + all: $(PROGS) + + init: init.o init_utmp.o +- $(CC) $(LDFLAGS) $(STATIC) -o $@ init.o init_utmp.o ++ $(CC) $(LDFLAGS) $(STATIC) -o $@ init.o init_utmp.o -lselinux + + halt: halt.o ifdown.o hddown.o utmp.o reboot.h + $(CC) $(LDFLAGS) -o $@ halt.o ifdown.o hddown.o utmp.o +@@ -53,7 +53,7 @@ + $(CC) $(LDFLAGS) -o $@ runlevel.o + + sulogin: sulogin.o +- $(CC) $(LDFLAGS) $(STATIC) -o $@ sulogin.o $(LCRYPT) ++ $(CC) $(LDFLAGS) $(STATIC) -DWITH_SELINUX -o $@ sulogin.o $(LCRYPT) -lselinux + + wall: dowall.o wall.o + $(CC) $(LDFLAGS) -o $@ dowall.o wall.o +@@ -64,7 +64,7 @@ + bootlogd: bootlogd.o + $(CC) $(LDFLAGS) -o $@ bootlogd.o + + init.o: init.c init.h set.h reboot.h +- $(CC) -c $(CFLAGS) init.c ++ $(CC) -c $(CFLAGS) -DWITH_SELINUX init.c + + utmp.o: utmp.c init.h + $(CC) -c $(CFLAGS) utmp.c +--- sysvinit-2.85/src/init.c.selinux 2004-06-09 15:28:47.478406720 -0400 ++++ sysvinit-2.85/src/init.c 2004-06-09 15:29:03.208015456 -0400 +@@ -48,6 +48,10 @@ + #include <stdarg.h> + #include <sys/syslog.h> + #include <sys/time.h> ++#include <sys/mman.h> ++#include <selinux/selinux.h> ++#include <sys/mount.h> ++ + + #ifdef __i386__ + # if (__GLIBC__ >= 2) +@@ -103,6 +107,7 @@ + int dfl_level = 0; /* Default runlevel */ + sig_atomic_t got_cont = 0; /* Set if we received the SIGCONT signal */ + sig_atomic_t got_signals; /* Set if we received a signal. */ ++int enforcing = -1; /* SELinux enforcing mode */ + int emerg_shell = 0; /* Start emergency shell? */ + int wrote_wtmp_reboot = 1; /* Set when we wrote the reboot record */ + int wrote_utmp_reboot = 1; /* Set when we wrote the reboot record */ +@@ -187,6 +192,130 @@ + {NULL,0} + }; + ++/* Mount point for selinuxfs. */ ++#define SELINUXMNT "/selinux/" ++ ++static int load_policy(int *enforce) ++{ ++ int fd=-1,ret=-1; ++ int rc=0; ++ struct stat sb; ++ void *map; ++ char policy_file[PATH_MAX]; ++ int policy_version=0; ++ extern char *selinux_mnt; ++ FILE *cfg; ++ char buf[4096]; ++ int seconfig = -2; ++ ++ selinux_getenforcemode(&seconfig); ++ ++ mount("none", "/proc", "proc", 0, 0); ++ cfg = fopen("/proc/cmdline","r"); ++ if (cfg) { ++ char *tmp; ++ if (fgets(buf,4096,cfg) && (tmp = strstr(buf,"enforcing="))) { ++ if (tmp == buf || isspace(*(tmp-1))) { ++ enforcing=atoi(tmp+10); ++ } ++ } ++ fclose(cfg); ++ } ++#define MNT_DETACH 2 ++ umount2("/proc",MNT_DETACH); ++ ++ if (enforcing >=0) ++ *enforce = enforcing; ++ else if (seconfig == 1) ++ *enforce = 1; ++ ++ if (mount("none", SELINUXMNT, "selinuxfs", 0, 0) < 0) { ++ if (errno == ENODEV) { ++ log(L_VB, "SELinux not supported by kernel: %s\n",SELINUXMNT,strerror(errno)); ++ *enforce = 0; ++ } else { ++ log(L_VB, "Failed to mount %s: %s\n",SELINUXMNT,strerror(errno)); ++ } ++ return ret; ++ } ++ ++ selinux_mnt = SELINUXMNT; /* set manually since we mounted it */ ++ ++ policy_version=security_policyvers(); ++ if (policy_version < 0) { ++ log(L_VB, "Can't get policy version: %s\n", strerror(errno)); ++ goto UMOUNT; ++ } ++ ++ rc = security_getenforce(); ++ if (rc < 0) { ++ log(L_VB, "Can't get SELinux enforcement flag: %s\n", strerror(errno)); ++ goto UMOUNT; ++ } ++ if (enforcing >= 0) { ++ *enforce = enforcing; ++ } else if (seconfig == -1) { ++ *enforce = 0; ++ rc = security_disable(); ++ if (rc == 0) umount(SELINUXMNT); ++ if (rc < 0) { ++ rc = security_setenforce(0); ++ if (rc < 0) { ++ log(L_VB, "Can't disable SELinux: %s\n", strerror(errno)); ++ goto UMOUNT; ++ } ++ } ++ ret = 0; ++ goto UMOUNT; ++ } else if (seconfig >= 0) { ++ *enforce = seconfig; ++ rc = security_setenforce(seconfig); ++ if (rc < 0) { ++ log(L_VB, "Can't set SELinux enforcement flag: %s\n", strerror(errno)); ++ goto UMOUNT; ++ } ++ } ++ ++ snprintf(policy_file,sizeof(policy_file),"%s.%d",selinux_binary_policy_path(),policy_version); ++ fd = open(policy_file, O_RDONLY); ++ if (fd < 0) { ++ /* Check previous version to see if old policy is available ++ */ ++ snprintf(policy_file,sizeof(policy_file),"%s.%d",selinux_binary_policy_path(),policy_version-1); ++ fd = open(policy_file, O_RDONLY); ++ if (fd < 0) { ++ log(L_VB, "Can't open '%s.%d': %s\n", ++ selinux_binary_policy_path(),policy_version,strerror(errno)); ++ goto UMOUNT; ++ } ++ } ++ ++ if (fstat(fd, &sb) < 0) { ++ log(L_VB, "Can't stat '%s': %s\n", ++ policy_file, strerror(errno)); ++ goto UMOUNT; ++ } ++ ++ map = mmap(NULL, sb.st_size, PROT_READ, MAP_SHARED, fd, 0); ++ if (map == MAP_FAILED) { ++ log(L_VB, "Can't map '%s': %s\n", ++ policy_file, strerror(errno)); ++ goto UMOUNT; ++ } ++ log(L_VB, "Loading security policy\n"); ++ ret=security_load_policy(map, sb.st_size); ++ if (ret < 0) { ++ log(L_VB, "security_load_policy failed\n"); ++ } ++ ++UMOUNT: ++ /*umount(SELINUXMNT); */ ++ if ( fd >= 0) { ++ close(fd); ++ } ++ return(ret); ++} ++ + /* + * Sleep a number of seconds. + * +@@ -2513,6 +2642,7 @@ + char *p; + int f; + int isinit; ++ int enforce = 0; + + /* Get my own name */ + if ((p = strrchr(argv[0], '/')) != NULL) +@@ -2576,6 +2706,20 @@ + maxproclen += strlen(argv[f]) + 1; + } + ++ if (getenv("SELINUX_INIT") == NULL) { ++ putenv("SELINUX_INIT=YES"); ++ if (load_policy(&enforce) == 0 ) { ++ execv(myname, argv); ++ } else { ++ if (enforce > 0) { ++ /* SELinux in enforcing mode but load_policy failed */ ++ /* At this point, we probably can't open /dev/console, so log() won't work */ ++ printf("Enforcing mode requested but no policy loaded. Halting now.\n"); ++ exit(1); ++ } ++ } ++ } ++ + /* Start booting. */ + argv0 = argv[0]; + argv[1] = NULL; +--- sysvinit-2.85/src/sulogin.c.selinux 2004-06-09 15:28:47.321430584 -0400 ++++ sysvinit-2.85/src/sulogin.c 2004-06-09 15:28:47.523399880 -0400 +@@ -28,7 +28,10 @@ + #if defined(__GLIBC__) + # include <crypt.h> + #endif +- ++#ifdef WITH_SELINUX ++#include <selinux/selinux.h> ++#include <selinux/get_context_list.h> ++#endif + #define CHECK_DES 1 + #define CHECK_MD5 1 + +@@ -332,6 +335,16 @@ + signal(SIGINT, SIG_DFL); + signal(SIGTSTP, SIG_DFL); + signal(SIGQUIT, SIG_DFL); ++#ifdef WITH_SELINUX ++ if (is_selinux_enabled > 0) { ++ security_context_t* contextlist=NULL; ++ if (get_ordered_context_list("root", 0, &contextlist) > 0) { ++ if (setexeccon(contextlist[0]) != 0) ++ fprintf(stderr, "setexeccon faile\n"); ++ freeconary(contextlist); ++ } ++ } ++#endif + execl(sushell, shell, NULL); + perror(sushell); + diff --git a/sys-apps/sysvinit/sysvinit-2.86.ebuild b/sys-apps/sysvinit/sysvinit-2.86.ebuild new file mode 100644 index 000000000000..dd3e1cd19272 --- /dev/null +++ b/sys-apps/sysvinit/sysvinit-2.86.ebuild @@ -0,0 +1,64 @@ +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-apps/sysvinit/sysvinit-2.86.ebuild,v 1.1 2004/12/22 03:25:20 vapier Exp $ + +inherit eutils toolchain-funcs + +DESCRIPTION="/sbin/init - parent of all processes" +HOMEPAGE="http://freshmeat.net/projects/sysvinit/" +SRC_URI="ftp://ftp.cistron.nl/pub/people/miquels/software/${P}.tar.gz + ftp://sunsite.unc.edu/pub/Linux/system/daemons/init/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +KEYWORDS="-*" +IUSE="selinux bootstrap build" + +RDEPEND="selinux? ( >=sys-libs/libselinux-1.14 )" +DEPEND="${RDEPEND} + virtual/os-headers" + +src_unpack() { + unpack ${A} + cd ${S}/src + + epatch ${FILESDIR}/${PV}-gentoo.patch + use selinux && epatch ${FILESDIR}/${PV}-selinux.patch +} + +src_compile() { + # Note: The LCRYPT define below overrides the test in + # sysvinit's Makefile. This is because sulogin must be linked + # to libcrypt in any case, but when building stage2 in + # catalyst, /usr/lib/libcrypt.a isn't available. In truth + # this doesn't change how sulogin is built since ld would use + # the shared obj by default anyway! The other option is to + # refrain from building sulogin, but that isn't a good option. + # (09 Jul 2004 agriffis) + emake -C src \ + CC=$(tc-getCC) \ + DISTRO="Gentoo" \ + LCRYPT="-lcrypt" \ + || die +} + +src_install() { + dodoc README doc/* + + cd src + make install DISTRO="Gentoo" ROOT="${D}" || die "make install" + + insinto /etc + doins ${FILESDIR}/inittab || die "inittab" +} + +pkg_postinst() { + # Reload init to fix unmounting problems of / on next reboot. + # This is really needed, as without the new version of init cause init + # not to quit properly on reboot, and causes a fsck of / on next reboot. + if [[ ${ROOT} == / ]] && ! use build && ! use bootstrap; then + # Do not return an error if this fails + /sbin/init U &>/dev/null + fi +} |