From da354830da15e6bdeec3d5f36d84e4bab6b7fedf Mon Sep 17 00:00:00 2001

From: =?UTF-8?q?Ji=C5=99=C3=AD=20Klime=C5=A1?= <jklimes@redhat.com>

Date: Tue, 25 Mar 2014 13:55:47 +0100

Subject: [PATCH] core: build with SELinux; don't break /etc/hostname context

 (rh #1070829)

https://bugzilla.redhat.com/show_bug.cgi?id=1070829

---

 configure.ac                           | 18 ++++++++++++++++++

 src/settings/plugins/ifcfg-rh/plugin.c | 29 ++++++++++++++++++++++++++++-

 2 files changed, 46 insertions(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac

index f13dc9a..2ca6aed 100644

--- a/configure.ac

+++ b/configure.ac

@@ -356,14 +356,31 @@ case $with_suspend_resume in

     *)

 	AC_MSG_ERROR(--with-suspend-resume must be one of [upower, systemd])

         ;;

 esac

 AM_CONDITIONAL(SUSPEND_RESUME_UPOWER, test "x$with_suspend_resume" = "xupower")

 AM_CONDITIONAL(SUSPEND_RESUME_SYSTEMD, test "x$with_suspend_resume" = "xsystemd")

+# SELinux support

+AC_ARG_WITH(selinux, AS_HELP_STRING([--with-selinux=yes|no|auto], [Build with SELinux (default: auto)]),,[with_selinux=auto])

+if test "$with_selinux" = "yes" -o "$with_selinux" = "auto"; then

+    PKG_CHECK_MODULES(SELINUX, libselinux, [have_selinux=yes], [have_selinux=no])

+else

+    have_selinux=no

+fi

+if test "$with_selinux" = "yes" -a "$have_selinux" = "no"; then

+    AC_MSG_ERROR([You must have libselinux installed to build --with-selinux=yes.])

+fi

+if test "$have_selinux" = "yes"; then

+    AC_DEFINE(HAVE_SELINUX, 1, [Define if you have SELinux support])

+else

+    AC_DEFINE(HAVE_SELINUX, 0, [Define if you have SELinux support])

+fi

+AM_CONDITIONAL(HAVE_SELINUX, test "${have_selinux}" = "yes")

+

 # libnl support for the linux platform

 PKG_CHECK_MODULES(LIBNL, libnl-3.0 >= 3.2.8 libnl-route-3.0 libnl-genl-3.0)

 AC_SUBST(LIBNL_CFLAGS)

 AC_SUBST(LIBNL_LIBS)

 # uuid library

 PKG_CHECK_MODULES(UUID, uuid)

@@ -844,14 +861,15 @@ if test "${enable_polkit}" = "yes"; then

 		echo "  policykit: yes (permissive modify.system)"

 	else

 		echo "  policykit: yes (restrictive modify.system)"

 	fi

 else

 	echo  "  policykit: no"

 fi

+echo "  selinux: $have_selinux"

 echo

 echo "Features:"

 echo "  wext: $ac_with_wext"

 echo "  wimax: $enable_wimax"

 echo "  ppp: $enable_ppp"

 echo "  modemmanager-1: $with_modem_manager_1"

diff --git a/src/settings/plugins/ifcfg-rh/plugin.c b/src/settings/plugins/ifcfg-rh/plugin.c

index 4b70813..ca92606 100644

--- a/src/settings/plugins/ifcfg-rh/plugin.c

+++ b/src/settings/plugins/ifcfg-rh/plugin.c

@@ -23,24 +23,30 @@

 #include <config.h>

 #include <string.h>

 #include <unistd.h>

 #include <errno.h>

 #include <net/ethernet.h>

 #include <netinet/ether.h>

+#include <sys/types.h>

+#include <sys/stat.h>

 #include <gmodule.h>

 #include <glib-object.h>

 #include <glib/gi18n.h>

 #include <gio/gio.h>

 #include <dbus/dbus.h>

 #include <dbus/dbus-glib.h>

 #include <dbus/dbus-glib-lowlevel.h>

+#ifdef HAVE_SELINUX

+#include <selinux/selinux.h>

+#endif

+

 #include <nm-setting-connection.h>

 #include "common.h"

 #include "nm-dbus-glib-types.h"

 #include "plugin.h"

 #include "nm-system-config-interface.h"

 #include "nm-settings-error.h"

@@ -663,16 +669,37 @@ plugin_get_hostname (SCPluginIfcfg *plugin)

 }

 static gboolean

 plugin_set_hostname (SCPluginIfcfg *plugin, const char *hostname)

 {

 	SCPluginIfcfgPrivate *priv = SC_PLUGIN_IFCFG_GET_PRIVATE (plugin);

 	shvarFile *network;

+	gboolean ret;

+#if HAVE_SELINUX

+	security_context_t se_ctx_prev, se_ctx = NULL;

+	struct stat file_stat = { .st_mode = 0 };

-	if (!g_file_set_contents (HOSTNAME_FILE, hostname, -1, NULL)) {

+	/* Get default context for HOSTNAME_FILE and set it for fscreate */

+	stat (HOSTNAME_FILE, &file_stat);

+	matchpathcon (HOSTNAME_FILE, file_stat.st_mode, &se_ctx);

+	matchpathcon_fini ();

+	getfscreatecon (&se_ctx_prev);

+	setfscreatecon (se_ctx);

+#endif

+

+	ret = g_file_set_contents (HOSTNAME_FILE, hostname, -1, NULL);

+

+#if HAVE_SELINUX

+	/* Restore previous context and cleanup */

+	setfscreatecon (se_ctx_prev);

+	freecon (se_ctx);

+	freecon (se_ctx_prev);

+#endif

+

+	if (!ret) {

 		PLUGIN_WARN (IFCFG_PLUGIN_NAME, "Could not save hostname: failed to create/open " HOSTNAME_FILE);

 		return FALSE;

 	}

 	g_free (priv->hostname);

 	priv->hostname = g_strdup (hostname);

-- 

1.9.0

From a2597c08168b87f5107cff6befda8b9118015ccc Mon Sep 17 00:00:00 2001

From: =?UTF-8?q?Ji=C5=99=C3=AD=20Klime=C5=A1?= <jklimes@redhat.com>

Date: Wed, 26 Mar 2014 16:23:54 +0100

Subject: [PATCH] ifcfg-rh: put \n after hostname when writing it to

 /etc/hostname

---

 src/settings/plugins/ifcfg-rh/plugin.c | 6 +++++-

 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/settings/plugins/ifcfg-rh/plugin.c b/src/settings/plugins/ifcfg-rh/plugin.c

index ca92606..317c1bf 100644

--- a/src/settings/plugins/ifcfg-rh/plugin.c

+++ b/src/settings/plugins/ifcfg-rh/plugin.c

@@ -669,43 +669,47 @@ plugin_get_hostname (SCPluginIfcfg *plugin)

 }

 static gboolean

 plugin_set_hostname (SCPluginIfcfg *plugin, const char *hostname)

 {

 	SCPluginIfcfgPrivate *priv = SC_PLUGIN_IFCFG_GET_PRIVATE (plugin);

 	shvarFile *network;

+	char *hostname_eol;

 	gboolean ret;

 #if HAVE_SELINUX

 	security_context_t se_ctx_prev, se_ctx = NULL;

 	struct stat file_stat = { .st_mode = 0 };

 	/* Get default context for HOSTNAME_FILE and set it for fscreate */

 	stat (HOSTNAME_FILE, &file_stat);

 	matchpathcon (HOSTNAME_FILE, file_stat.st_mode, &se_ctx);

 	matchpathcon_fini ();

 	getfscreatecon (&se_ctx_prev);

 	setfscreatecon (se_ctx);

 #endif

-	ret = g_file_set_contents (HOSTNAME_FILE, hostname, -1, NULL);

+	hostname_eol = g_strdup_printf ("%s\n", hostname);

+	ret = g_file_set_contents (HOSTNAME_FILE, hostname_eol, -1, NULL);

 #if HAVE_SELINUX

 	/* Restore previous context and cleanup */

 	setfscreatecon (se_ctx_prev);

 	freecon (se_ctx);

 	freecon (se_ctx_prev);

 #endif

 	if (!ret) {

 		PLUGIN_WARN (IFCFG_PLUGIN_NAME, "Could not save hostname: failed to create/open " HOSTNAME_FILE);

+		g_free (hostname_eol);

 		return FALSE;

 	}

 	g_free (priv->hostname);

 	priv->hostname = g_strdup (hostname);

+	g_free (hostname_eol);

 	/* Remove "HOSTNAME" from SC_NETWORK_FILE, if present */

 	network = svNewFile (SC_NETWORK_FILE);

 	if (network) {

 		svSetValue (network, "HOSTNAME", NULL, FALSE);

 		svWriteFile (network, 0644);

 		svCloseFile (network);

-- 

1.9.0

From e9fdfa1700845dcac3702e8869f158d068a7d8a5 Mon Sep 17 00:00:00 2001

From: Thomas Haller <thaller@redhat.com>

Date: Tue, 1 Apr 2014 23:44:06 +0200

Subject: [PATCH] ifcfg-rh: fix compile error with HAVE_SELINUX

Related: https://bugzilla.redhat.com/show_bug.cgi?id=1070829

Signed-off-by: Thomas Haller <thaller@redhat.com>

---

 src/settings/plugins/ifcfg-rh/plugin.c | 2 +-

 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/settings/plugins/ifcfg-rh/plugin.c b/src/settings/plugins/ifcfg-rh/plugin.c

index 317c1bf..1f9ed47 100644

--- a/src/settings/plugins/ifcfg-rh/plugin.c

+++ b/src/settings/plugins/ifcfg-rh/plugin.c

@@ -35,15 +35,15 @@

 #include <glib/gi18n.h>

 #include <gio/gio.h>

 #include <dbus/dbus.h>

 #include <dbus/dbus-glib.h>

 #include <dbus/dbus-glib-lowlevel.h>

-#ifdef HAVE_SELINUX

+#if HAVE_SELINUX

 #include <selinux/selinux.h>

 #endif

 #include <nm-setting-connection.h>

 #include "common.h"

 #include "nm-dbus-glib-types.h"

-- 

1.9.0