[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#249784: is this pretty much it (to patch kdm 3.2.2)?



On Thu, May 20, 2004 at 12:05:52AM +1000, Russell Coker wrote:
> On Wed, 19 May 2004 17:42, Luke Kenneth Casson Leighton <lkcl@lkcl.net> wrote:
> > is this pretty much all that's required??? ?compared to the 2.4 stuff
> > it's like tiny.
> 
> In addition to the issues Steve mentioned, there is (or was) another problem.  
> There were compilation problems with the SE Linux headers last time I tried 
> to compile kdm.  As kdm is in the middle of a huge package that takes ages to 
> compile I hadn't got around to trying to compile it recently.  In your 
> message you didn't mention whether you successfully compiled the code with 
> the patch in question.  Does it compile?
 
 well, it does now, because i cheated.

 i don't have automake-1.8.3 installed and if you install automake 1.8.5
 it corrupts things (misses out a .moc file, aclocal bitches about some
 incompatibilities, and it all just goes horribly pearshaped)

 if you _don't_ run automake then any modifications to Makefile.am
 of course don't get propagated into Makefiles.in and of course
 then configure --enable-selinux doesn't work.


 ... so i cheated:

 after doing an apt-get source kdm and apt-get build-dep kdm:

 1) i installed automake 1.8.5

 2) i made the necessary patches to configure.in, configure.in.in,
 kdm/backend/Makefile.am

 3) i ran aclocal; autoheader; automake --add-missing; autoconf

 4) i made a backup of kdm/backend/Makefile.in and .am and other
    modified fils

 5) i DELETED the entire kdebase-3.2.2 tree

 6) i REINSTALLED the kdebase-3.2.2 tree

 7) i COPIED the backups BACK to their locations

 8) i ran autoconf (NOT automake and NOT aclocal)

 9) i did a dpkg-buildpackage

 repeat 9) darn it to heck because i hadn't added SessionExit at
 the appropriate points if get_default_context() failed, and
 also the username is stored in a variable curuser whereas in
 the wdm patch it's stored in a different local variable arg.

 l.

--- ../orig/kdebase-3.2.2/kdm/backend/client.c	2004-02-11 13:42:31.000000000 +0000
+++ kdm/backend/client.c	2004-05-19 13:15:20.000000000 +0000
@@ -44,6 +44,12 @@
 #include <sys/stat.h>
 #include <pwd.h>
 #include <grp.h>
+
+#ifdef WITH_SELINUX
+#include <selinux/get_context_list.h>
+#include <selinux/selinux.h>
+#endif
+
 #ifdef SECURE_RPC
 # include <rpc/rpc.h>
 # include <rpc/key_prot.h>
@@ -1085,6 +1091,28 @@
 	   systemEnviron);
 
     /*
+     * for Security Enhanced Linux,
+     * set the default security context for this user.
+     */
+#ifdef WITH_SELINUX
+   if (is_selinux_enabled() > 0)
+   {
+        security_context_t scontext;
+        if (get_default_context(curuser,NULL,&scontext))
+		{
+             LogError("Failed to get default security context for %s.", curuser);
+             SessionExit (EX_NORMAL);
+		}
+        Debug("setting security context to %s", scontext);
+        if (setexeccon(scontext)) {
+             freecon(scontext);
+             LogError("Failed to set exec security context %s for %s.", scontext, curuser);
+             SessionExit (EX_NORMAL);
+        }
+        freecon(scontext);
+   }
+#endif
+    /*
      * for user-based authorization schemes,
      * add the user to the server's allowed "hosts" list.
      */
--- ../orig/kdebase-3.2.2/configure.in.in	2004-01-09 15:20:36.000000000 +0000
+++ configure.in.in	2004-05-19 12:36:01.000000000 +0000
@@ -196,3 +196,24 @@
 #define AVOID_XKB                 /* for konsole to avoid XKB and XTEST */
 #endif
 ])
+
+AC_MSG_CHECKING(for SELinux support)
+AC_ARG_ENABLE(selinux,
+   AC_HELP_STRING([--enable-selinux], [enable SELinux support]),
+   [
+       AC_MSG_RESULT(yes)
+       AC_CHECK_LIB(selinux, is_selinux_enabled, [SELINUX_LDFLAGS="-lselinux"
+           AC_DEFINE_UNQUOTED(HAVE_SELINUX_LIB, 1, [Define if libselinux is installed])
+               AC_DEFINE(WITH_SELINUX, 1, [Define if you want wdm to be compiled with SELinux support])
+               SELINUX_CFLAGS="-DWITH_SELINUX -I/usr/include/selinux"
+               ],
+               [
+               AC_MSG_WARN([libselinux not found, compiling without SELinux support])
+               ])
+   ],
+   [
+       AC_MSG_RESULT(no)
+   ])
+AC_SUBST(SELINUX_LDFLAGS)
+AC_SUBST(SELINUX_CFLAGS)
+
--- ../orig/kdebase-3.2.2/configure.in	2004-04-09 06:43:53.000000000 +0000
+++ configure.in	2004-05-19 12:36:23.000000000 +0000
@@ -261,6 +263,27 @@
 #define AVOID_XKB                 /* for konsole to avoid XKB and XTEST */
 #endif
 ])
+
+AC_MSG_CHECKING(for SELinux support)
+AC_ARG_ENABLE(selinux,
+   AC_HELP_STRING([--enable-selinux], [enable SELinux support]),
+   [
+       AC_MSG_RESULT(yes)
+       AC_CHECK_LIB(selinux, is_selinux_enabled, [SELINUX_LDFLAGS="-lselinux"
+           AC_DEFINE_UNQUOTED(HAVE_SELINUX_LIB, 1, [Define if libselinux is installed])
+               AC_DEFINE(WITH_SELINUX, 1, [Define if you want wdm to be compiled with SELinux support])
+               SELINUX_CFLAGS="-DWITH_SELINUX -I/usr/include/selinux"
+               ],
+               [
+               AC_MSG_WARN([libselinux not found, compiling without SELinux support])
+               ])
+   ],
+   [
+       AC_MSG_RESULT(no)
+   ])
+AC_SUBST(SELINUX_LDFLAGS)
+AC_SUBST(SELINUX_CFLAGS)
+
 dnl =======================================================
 dnl FILE: ./kappfinder/configure.in.in
 dnl =======================================================
--- ../orig/kdebase-3.2.2/debian/rules	2004-02-27 22:11:15.000000000 +0000
+++ debian/rules	2004-05-19 12:45:04.000000000 +0000
@@ -72,7 +72,7 @@
 
 	# run configure with build tree $(objdir)
 	cd $(objdir) && \
-	../configure $(configkde) --enable-final \
+	../configure $(configkde) --enable-final --enable-selinux \
 	--with-shadow --without-java \
 	--with-pam=kde --with-kcp-pam=kcheckpass \
 	--with-kdm-pam=kdm --with-kss-pam=kscreensaver

Reply to: