upstart

Merge lp:~jpds/upstart/selinux-support into lp:upstart

  1. selinux-support
  2. Merge into trunk
Proposed by Jonathan Davies
Status: Rejected
Rejected by: Steve Langasek
Proposed branch: lp:~jpds/upstart/selinux-support
Merge into: lp:upstart
Diff against target: 81 lines (+35/-1)
3 files modified
configure.ac (+9/-0)
init/Makefile.am (+3/-1)
init/main.c (+23/-0)
To merge this branch: bzr merge lp:~jpds/upstart/selinux-support
Reviewer Review Type Date Requested Status
Steve Langasek Disapprove
Review via email: mp+193679@code.launchpad.net

Description of the change

Adds SELinux support to Upstart using the patch that exists in Debian.

To post a comment you must log in.
lp:~jpds/upstart/selinux-support updated
1548. By Jonathan Davies

Incorporated SELinux support patch from Russell Coker from bug #595774.

1549. By Jonathan Davies

configure.ac: Added --enable-selinux option.

1550. By Jonathan Davies

init/Makefile.am: Added SELinux flags and libraries for init binary.

Revision history for this message
Dimitri John Ledkov (xnox) wrote :

These patches are also in the Ubuntu Upstart package.

Checking https://launchpad.net/~contributor-agreement-canonical/+members it doesn't look like Russell has completed CLA at http://www.canonical.com/contributors yet. Has this been completed now by him?

Revision history for this message
Jonathan Davies (jpds) wrote :

> These patches are also in the Ubuntu Upstart package.

Then, we really should be building the package with --enable-selinux (as we do for ls and everything else)...

> Checking https://launchpad.net/~contributor-agreement-canonical/+members it doesn't
> look like Russell has completed CLA at http://www.canonical.com/contributors yet.
> Has this been completed now by him?

The patch is from 2009 and included in Debian and Ubuntu as is. I say we just commit this into trunk and move on.

Revision history for this message
Steve Langasek (vorlon) wrote :

> The patch is from 2009 and included in Debian and Ubuntu as is. I say we just
> commit this into trunk and move on.

Not how it works. The CLA policy doesn't cease to apply just because a patch is old.

review: Disapprove

Unmerged revisions

1550. By Jonathan Davies

init/Makefile.am: Added SELinux flags and libraries for init binary.

1549. By Jonathan Davies

configure.ac: Added --enable-selinux option.

1548. By Jonathan Davies

Incorporated SELinux support patch from Russell Coker from bug #595774.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'configure.ac'
--- configure.ac 2013-09-12 23:44:17 +0000
+++ configure.ac 2013-11-02 16:26:24 +0000
@@ -34,6 +34,15 @@
34PKG_CHECK_MODULES([UDEV], [libudev >= 146], [have_udev=yes], [have_udev=no])34PKG_CHECK_MODULES([UDEV], [libudev >= 146], [have_udev=yes], [have_udev=no])
35PKG_CHECK_MODULES([DCONF], [dconf >= 0.14], [have_dconf=yes], [have_dconf=no])35PKG_CHECK_MODULES([DCONF], [dconf >= 0.14], [have_dconf=yes], [have_dconf=no])
3636
37AC_ARG_ENABLE(selinux,
38 AS_HELP_STRING([--enable-selinux], [enable SELinux support]),
39 [], [enable_selinux=no])
40
41if test "x$enable_selinux" = "xyes" ; then
42 PKG_CHECK_MODULES(SELINUX, [libselinux])
43 AC_DEFINE(HAVE_SELINUX, 1, [Define if we have SELinux])
44fi
45
37AC_ARG_ENABLE([udev-bridge],46AC_ARG_ENABLE([udev-bridge],
38 AS_HELP_STRING([--disable-udev-bridge],47 AS_HELP_STRING([--disable-udev-bridge],
39 [Disable building of upstart-udev-bridge even if required dependencies available]),48 [Disable building of upstart-udev-bridge even if required dependencies available]),
4049
=== modified file 'init/Makefile.am'
--- init/Makefile.am 2013-08-23 09:22:32 +0000
+++ init/Makefile.am 2013-11-02 16:26:24 +0000
@@ -8,7 +8,8 @@
8 $(NIH_CFLAGS) \8 $(NIH_CFLAGS) \
9 $(NIH_DBUS_CFLAGS) \9 $(NIH_DBUS_CFLAGS) \
10 $(DBUS_CFLAGS) \10 $(DBUS_CFLAGS) \
11 $(JSON_CFLAGS)11 $(JSON_CFLAGS) \
12 $(SELINUX_CFLAGS)
1213
13AM_CPPFLAGS = \14AM_CPPFLAGS = \
14 -DLOCALEDIR="\"$(localedir)\"" \15 -DLOCALEDIR="\"$(localedir)\"" \
@@ -71,6 +72,7 @@
71 $(NIH_DBUS_LIBS) \72 $(NIH_DBUS_LIBS) \
72 $(DBUS_LIBS) \73 $(DBUS_LIBS) \
73 $(JSON_LIBS) \74 $(JSON_LIBS) \
75 $(SELINUX_LIBS) \
74 -lrt76 -lrt
7577
7678
7779
=== modified file 'init/main.c'
--- init/main.c 2013-07-31 09:28:48 +0000
+++ init/main.c 2013-11-02 16:26:24 +0000
@@ -46,6 +46,10 @@
46#include <syslog.h>46#include <syslog.h>
47#include <unistd.h>47#include <unistd.h>
4848
49#ifdef HAVE_SELINUX
50#include <selinux/selinux.h>
51#endif
52
49#include <linux/kd.h>53#include <linux/kd.h>
5054
51#include <nih/macros.h>55#include <nih/macros.h>
@@ -190,6 +194,25 @@
190{194{
191 char **args = NULL;195 char **args = NULL;
192 int ret;196 int ret;
197 int enforce = 0;
198
199#ifdef HAVE_SELINUX
200 if (getenv ("SELINUX_INIT") == NULL) {
201 putenv ("SELINUX_INIT=YES");
202 if (selinux_init_load_policy (&enforce) == 0 ) {
203 execv (argv[0], argv);
204 } else {
205 if (enforce > 0) {
206 /* SELinux in enforcing mode but load_policy
207 * failed. At this point, we probably can't
208 * open /dev/console, so log() won't work.
209 */
210 fprintf (stderr, "Unable to load SELinux Policy. Machine is in enforcing mode. Halting now.\n");
211 exit (1);
212 }
213 }
214 }
215#endif /* HAVE_SELINUX */
193216
194 conf_dirs = NIH_MUST (nih_str_array_new (NULL));217 conf_dirs = NIH_MUST (nih_str_array_new (NULL));
195218

Subscribers

People subscribed via source and target branches