1
From: Manoj Srivastava <srivasta@golden-gryphon.com>
2
Subject: xdm: add SELinux support
5
Initial patch submitted in Debian bug#233551
6
Forward-ported to modular X by Eugene Konev (changes: remove Imakefile hunks,
7
add --with-selinux flag to configure.ac).
8
Updated to latest SE Linux code by Russell Coker 3rd Aug 2008, with bugfix from
9
Julien Cristau (Debian bug#493524).
11
Index: xdm/configure.ac
12
===================================================================
13
--- xdm.orig/configure.ac
19
+use_selinux_default=no
20
+# Check for selinux support
21
+AC_ARG_WITH(selinux, AC_HELP_STRING([--with-selinux],[Add support for selinux]),
22
+ [USE_SELINUX=$withval], [USE_SELINUX=$use_selinux_default])
23
+if test "x$USE_SELINUX" != "xno" ; then
26
+ AC_SEARCH_LIBS(is_selinux_enabled,[selinux])
27
+ AC_CHECK_FUNC(is_selinux_enabled,
28
+ [AC_DEFINE(HAVE_SELINUX,1,[Add support for selinux])],
29
+ [if test "x$USE_SELINUX" != "xtry" ; then
30
+ AC_MSG_ERROR(["selinux support requested, but is_selinux_enabled not found."])
32
+ XDM_LIBS="$XDM_LIBS $LIBS"
36
# FIXME: Find better test for which OS'es use su -m - for now, just try to
37
# mirror the Imakefile setting of:
38
# if defined(OpenBSDArchitecture) || defined(NetBSDArchitecture) || defined(FreeBSDArchitecture) || defined(DarwinArchitecture)
40
===================================================================
41
--- xdm.orig/session.c
59
+#include <selinux/selinux.h>
60
+#include <selinux/get_context_list.h>
61
+#endif /* HAVE_SELINUX */
63
#ifndef GREET_USER_STATIC
71
+/* This should be run just before we exec the user session. */
73
+xdm_selinux_setup (const char *login)
75
+ security_context_t scontext;
80
+ /* If SELinux is not enabled, then we don't do anything. */
81
+ if ( is_selinux_enabled () <= 0)
84
+ if (getseuserbyname(login, &seuser, &level) == 0) {
85
+ ret=get_default_context_with_level(seuser, level, 0, &scontext);
89
+ if (ret < 0 || scontext == NULL) {
90
+ LogError ("SELinux: unable to obtain default security context for %s\n", login);
94
+ if (setexeccon (scontext) != 0) {
96
+ LogError ("SELinux: unable to set executable context %s\n",
101
+ freecon (scontext);
104
+#endif /* HAVE_SELINUX */
106
static int runAndWait (char **args, char **environ);
110
bzero(passwd, strlen(passwd));
112
SetUserAuthorization (d, verify);
115
+ * For Security Enhanced Linux:
116
+ * set the default security context for this user.
118
+ if ( ! xdm_selinux_setup (name)) {
119
+ LogError ("failed to set security context\n");
120
+ exit (UNMANAGE_DISPLAY);
123
+#endif /* HAVE_SELINUX */
124
home = getEnv (verify->userEnviron, "HOME");
126
if (chdir (home) == -1) {