[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

X Strike Force X.Org X11 SVN commit: r299 - in trunk/debian: . patches

Author: dnusinow
Date: 2005-07-02 15:30:49 -0500 (Sat, 02 Jul 2005)
New Revision: 299

Added:
   trunk/debian/patches/099s_selinux_support.diff
Modified:
   trunk/debian/TODO
Log:
- Update TODO. I sent out the mail notifying developers about the
  xlibs-static-* transition. Thanks to Daniel Stone for letting me know
  about it and checking the mail beforehand.
- Patch audit.  
  - Port 099s_selinux_support.diff from xfree86 tree


Modified: trunk/debian/TODO
===================================================================
--- trunk/debian/TODO	2005-07-02 19:29:51 UTC (rev 298)
+++ trunk/debian/TODO	2005-07-02 20:30:49 UTC (rev 299)
@@ -22,7 +22,6 @@
   -- Upstream says that it's incorrect and due to a toolchain bug.
      Have to see whether it's still needed for GNU/kFreeBSD, and if so,
      fix the bug.  See Freedesktop Bugzilla #1902.
-099s_selinux_support.diff -- needs porting
 099t_xkb_remove_hidden_attributes.diff -- needs porting
 099u_mkdirhier_rewrite.diff -- needs porting
 099v_fontserver_fix_SEGV.diff -- needs porting
@@ -55,9 +54,6 @@
 * Change x-common to x11-common to reflect that it provides symlinks with that
   name [dnusinow]
 
-* Notify maintainers of packages with issues from the transition as found by
-  Ubuntu already [dnusinow]
-
 * Fix upgrade issue with xfree86-common
 
 * Make sure xdm upgrades work properly

Added: trunk/debian/patches/099s_selinux_support.diff
===================================================================
--- trunk/debian/patches/099s_selinux_support.diff	2005-07-02 19:29:51 UTC (rev 298)
+++ trunk/debian/patches/099s_selinux_support.diff	2005-07-02 20:30:49 UTC (rev 299)
@@ -0,0 +1,158 @@
+diff -ruN xc-old/config/cf/Imake.tmpl xc/config/cf/Imake.tmpl
+--- xc-old/config/cf/Imake.tmpl	2005-07-02 15:45:07.000000000 -0400
++++ xc/config/cf/Imake.tmpl	2005-07-02 15:56:55.000000000 -0400
+@@ -2134,17 +2134,21 @@
+  * EXTRA_INCLUDES contains project-specific includes set in project incfiles
+  * INCLUDES contains client-specific includes set in Imakefile
+  * LOCAL_LDFLAGS contains client-specific ld flags flags set in Imakefile
++ * SELINUX_INCLUDES contains SELinux-specific includes set in the appropriate .cf file
++ * SELINUX_LDFLAGS contains SELinux-specific ld flags set in the appropriate . cf file
++ * SELINUX_CFLAGS contains SELinux-specific compiler flags set in the .cf file
++ * SELINUX_LIBS contains SELinux-specific libraries to link with set in the . cf file
+  */
+-      ALLINCLUDES = $(INCLUDES) $(EXTRA_INCLUDES) $(TOP_INCLUDES) $(INSTALLED_INCLUDES) $(STD_INCLUDES)
++      ALLINCLUDES = $(INCLUDES) $(EXTRA_INCLUDES) $(TOP_INCLUDES) $(INSTALLED_INCLUDES) $(STD_INCLUDES) $(SELINUX_INCLUDES)
+        ALLDEFINES = $(ALLINCLUDES) $(STD_DEFINES) $(PROTO_DEFINES) $(THREADS_DEFINES) $(MODULE_DEFINES) $(DEFINES) $(EXTRA_DEFINES)
+-           CFLAGS = $(CDEBUGFLAGS) $(CCOPTIONS) $(THREADS_CFLAGS) $(MODULE_CFLAGS) $(ALLDEFINES)
++           CFLAGS = $(CDEBUGFLAGS) $(CCOPTIONS) $(THREADS_CFLAGS) $(SELINUX_CFLAGS) $(MODULE_CFLAGS) $(ALLDEFINES)
+         LINTFLAGS = $(LINTOPTS) -DLINT $(ALLDEFINES) $(DEPEND_DEFINES)
+          LDPRELIB = LdPreLib $(INSTALLED_LIBS)
+         LDPOSTLIB = LdPostLib
+-        LDOPTIONS = $(CDEBUGFLAGS) $(CCOPTIONS)  $(EXTRA_LDOPTIONS) $(THREADS_LDFLAGS) $(LOCAL_LDFLAGS) $(LDPRELIBS)
++        LDOPTIONS = $(CDEBUGFLAGS) $(CCOPTIONS)  $(EXTRA_LDOPTIONS) $(THREADS_LDFLAGS) $(SELINUX_LDFLAGS) $(LOCAL_LDFLAGS) $(LDPRELIBS)
+      CXXLDOPTIONS = $(CXXDEBUGFLAGS) $(CXXOPTIONS) $(EXTRA_LDOPTIONS) $(THREADS_CXXLDFLAGS) $(LOCAL_LDFLAGS) $(LDPRELIBS)
+ 
+-           LDLIBS = $(LDPOSTLIBS) $(THREADS_LIBS) $(SYS_LIBRARIES) $(EXTRA_LIBRARIES)
++           LDLIBS = $(LDPOSTLIBS) $(THREADS_LIBS) $(SELINUX_LIBS) $(SYS_LIBRARIES) $(EXTRA_LIBRARIES)
+ #if HasBrokenCCForLink
+            CCLINK = LdCmd
+ #else
+diff -ruN xc-old/config/cf/linux.cf xc/config/cf/linux.cf
+--- xc-old/config/cf/linux.cf	2005-07-02 15:45:19.000000000 -0400
++++ xc/config/cf/linux.cf	2005-07-02 16:01:00.000000000 -0400
+@@ -1105,3 +1105,57 @@
+ #ifndef XFree86ServerOSDefines
+ # define XFree86ServerOSDefines
+ #endif
++
++/*
++ *     SELinux support
++ */
++#ifndef HasSELinux
++# define HasSELinux NO
++#endif
++
++#ifndef SELinuxDefines
++# if HasSELinux
++#  define SELinuxDefines -DHAVE_SELINUX
++# else
++#  define SELinuxDefines /**/
++# endif
++#endif
++
++#ifndef SELinuxIncludeFlags
++# if HasSELinux
++#   define SELinuxIncludeFlags -I/usr/include/selinux
++# else
++#   define SELinuxIncludeFlags /**/
++# endif
++#endif
++
++#ifndef SELinuxCompileFlags
++# define SELinuxCompileFlags /**/
++#endif
++
++#ifndef SELinuxLoadFlags
++# define SELinuxLoadFlags SELinuxCompileFlags
++#endif
++
++#ifndef SELinuxLibraries
++# if HasSELinux
++#  define SELinuxLibraries -lselinux
++# else
++#  define SELinuxLibraries /**/
++# endif
++#endif
++
++#if HasSELinux
++# ifndef SELINUX_LDFLAGS
++   SELINUX_LDFLAGS = SELinuxLoadFlags
++# endif
++# ifndef SELINUX_INCLUDES
++   SELINUX_INCLUDES = SELinuxIncludeFlags
++# endif
++# ifndef SELINUX_CFLAGS
++   SELINUX_CFLAGS = SELinuxCompileFlags SELinuxDefines
++# endif
++# ifndef SELINUX_LIBS
++   SELINUX_LIBS = SELinuxLibraries
++# endif
++#endif
+diff -ruN xc-old/programs/xdm/session.c xc/programs/xdm/session.c
+--- xc-old/programs/xdm/session.c	2005-07-02 15:45:16.000000000 -0400
++++ xc/programs/xdm/session.c	2005-07-02 16:07:45.000000000 -0400
+@@ -61,6 +61,11 @@
+ # include <krb5/krb5.h>
+ #endif
+ 
++#ifdef HAVE_SELINUX
++#include <selinux/selinux.h>
++#include <selinux/get_context_list.h>
++#endif /* HAVE_SELINUX */
++
+ #ifndef GREET_USER_STATIC
+ # include <dlfcn.h>
+ # ifndef RTLD_NOW
+@@ -68,6 +73,34 @@
+ # endif
+ #endif
+ 
++#ifdef HAVE_SELINUX
++/* This should be run just before we exec the user session. */
++static int
++xdm_selinux_setup (const char *login)
++  {
++	security_context_t scontext;
++	/* If SELinux is not enabled, then we don't do anything. */
++	if ( ! is_selinux_enabled ())
++	return TRUE;
++	
++	if (get_default_context((char*) login,0, &scontext) < 0) {
++	LogError ("SELinux: unable to obtain default security context for %s\n",
++	         login);
++	return FALSE;
++	}
++		
++	if (setexeccon (scontext) != 0) {
++	freecon (scontext);
++	LogError ("SELinux: unable to set executable context %s\n",
++	      (char *)scontext);
++	return FALSE;
++	}
++		
++	freecon (scontext);
++	return TRUE;
++}
++#endif /* HAVE_SELINUX */
++				
+ static	int	runAndWait (char **args, char **environ);
+ 
+ #if defined(CSRG_BASED) || defined(__osf__) || defined(__DARWIN__) || defined(__QNXNTO__) || defined(sun) || defined(__GLIBC__)
+@@ -726,6 +759,17 @@
+ #endif /* K5AUTH */
+ 	bzero(passwd, strlen(passwd));
+ 	SetUserAuthorization (d, verify);
++#ifdef HAVE_SELINUX
++   /*
++    * For Security Enhanced Linux:
++    * set the default security context for this user.
++    */
++   if ( ! xdm_selinux_setup (name)) {
++      LogError ("failed to set security context\n");
++       exit (UNMANAGE_DISPLAY);
++       return (0);
++   }
++#endif /* HAVE_SELINUX */
+ 	home = getEnv (verify->userEnviron, "HOME");
+ 	if (home)
+ 	    if (chdir (home) == -1) {
Reply to: