diff options
| author | Colin Walters <walters@verbum.org> | 2004-08-23 16:09:54 +0000 |
|---|---|---|
| committer | Colin Walters <walters@verbum.org> | 2004-08-23 16:09:54 +0000 |
| commit | ee78f2800f2642b4fff962b736296d87a7f12a17 (patch) | |
| tree | 6ea2949c889f80ae4a4f0f72dee53f277056b0b7 /bus/config-parser.c | |
| parent | a7291aee0e12b9b6abe90f835ef9cb3e158a96c4 (diff) | |
2004-08-23 Colin Walters <walters@redhat.com>
* bus/selinux.h: Prototype bus_selinux_get_policy_root.
* bus/selinux.c: Create a thread for policy reload notification.
(bus_selinux_get_policy_root): Implement.
Updated SELinux support from Matthew Rickard <mjricka@epoch.ncsc.mil>
* bus/config-parser.c (start_busconfig_child)
(bus_config_parser_content): Support SELinux-root relative
inclusion.
* configure.in <HAVE_SELINUX>: Add -lpthread.
* bus/test-main.c (test_pre_hook, test_post_hook): New.
(test_post_hook): Move memory checking into here.
(test_pre_hook, test_post_hook): Move SELinux checks in
here, but conditional on a DBUS_TEST_SELINUX environment
variable. Unfortunately we can't run the SELinux checks
as a normal user, since they won't have any permissions
for /selinux. So this will have to be tested manually
for now, until we have virtualization for most of
libselinux.
Diffstat (limited to 'bus/config-parser.c')
| -rw-r--r-- | bus/config-parser.c | 46 |
1 files changed, 41 insertions, 5 deletions
diff --git a/bus/config-parser.c b/bus/config-parser.c index 73d99418..f276fb52 100644 --- a/bus/config-parser.c +++ b/bus/config-parser.c @@ -73,6 +73,7 @@ typedef struct struct { unsigned int ignore_missing : 1; + unsigned int selinux_root_relative : 1; } include; struct @@ -717,6 +718,7 @@ start_busconfig_child (BusConfigParser *parser, { Element *e; const char *ignore_missing; + const char *selinux_root_relative; if ((e = push_element (parser, ELEMENT_INCLUDE)) == NULL) { @@ -725,12 +727,14 @@ start_busconfig_child (BusConfigParser *parser, } e->d.include.ignore_missing = FALSE; + e->d.include.selinux_root_relative = FALSE; if (!locate_attributes (parser, "include", attribute_names, attribute_values, error, "ignore_missing", &ignore_missing, + "selinux_root_relative", &selinux_root_relative, NULL)) return FALSE; @@ -747,6 +751,21 @@ start_busconfig_child (BusConfigParser *parser, return FALSE; } } + + if (selinux_root_relative != NULL) + { + if (strcmp (selinux_root_relative, "yes") == 0) + e->d.include.selinux_root_relative = TRUE; + else if (strcmp (selinux_root_relative, "no") == 0) + e->d.include.selinux_root_relative = FALSE; + else + { + dbus_set_error (error, DBUS_ERROR_FAILED, + "selinux_root_relative attribute must have value" + " \"yes\" or \"no\""); + return FALSE; + } + } return TRUE; } @@ -1994,19 +2013,36 @@ bus_config_parser_content (BusConfigParser *parser, case ELEMENT_INCLUDE: { - DBusString full_path; - + DBusString full_path, selinux_policy_root; + e->had_content = TRUE; if (!_dbus_string_init (&full_path)) goto nomem; - - if (!make_full_path (&parser->basedir, content, &full_path)) + + if (e->d.include.selinux_root_relative) + { + if (!bus_selinux_get_policy_root ()) + { + dbus_set_error (error, DBUS_ERROR_FAILED, + "Could not determine SELinux policy root for relative inclusion"); + _dbus_string_free (&full_path); + return FALSE; + } + _dbus_string_init_const (&selinux_policy_root, + bus_selinux_get_policy_root ()); + if (!make_full_path (&selinux_policy_root, content, &full_path)) + { + _dbus_string_free (&full_path); + goto nomem; + } + } + else if (!make_full_path (&parser->basedir, content, &full_path)) { _dbus_string_free (&full_path); goto nomem; } - + if (!include_file (parser, &full_path, e->d.include.ignore_missing, error)) { |