From da354830da15e6bdeec3d5f36d84e4bab6b7fedf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ji=C5=99=C3=AD=20Klime=C5=A1?= <jklimes@redhat.com>
Date: Tue, 25 Mar 2014 13:55:47 +0100
Subject: [PATCH] core: build with SELinux; don't break /etc/hostname context
 (rh #1070829)

https://bugzilla.redhat.com/show_bug.cgi?id=1070829
---
 configure.ac                           | 18 ++++++++++++++++++
 src/settings/plugins/ifcfg-rh/plugin.c | 29 ++++++++++++++++++++++++++++-
 2 files changed, 46 insertions(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index f13dc9a..2ca6aed 100644
--- a/configure.ac
+++ b/configure.ac
@@ -356,14 +356,31 @@ case $with_suspend_resume in
     *)
 	AC_MSG_ERROR(--with-suspend-resume must be one of [upower, systemd])
         ;;
 esac
 AM_CONDITIONAL(SUSPEND_RESUME_UPOWER, test "x$with_suspend_resume" = "xupower")
 AM_CONDITIONAL(SUSPEND_RESUME_SYSTEMD, test "x$with_suspend_resume" = "xsystemd")
 
+# SELinux support
+AC_ARG_WITH(selinux, AS_HELP_STRING([--with-selinux=yes|no|auto], [Build with SELinux (default: auto)]),,[with_selinux=auto])
+if test "$with_selinux" = "yes" -o "$with_selinux" = "auto"; then
+    PKG_CHECK_MODULES(SELINUX, libselinux, [have_selinux=yes], [have_selinux=no])
+else
+    have_selinux=no
+fi
+if test "$with_selinux" = "yes" -a "$have_selinux" = "no"; then
+    AC_MSG_ERROR([You must have libselinux installed to build --with-selinux=yes.])
+fi
+if test "$have_selinux" = "yes"; then
+    AC_DEFINE(HAVE_SELINUX, 1, [Define if you have SELinux support])
+else
+    AC_DEFINE(HAVE_SELINUX, 0, [Define if you have SELinux support])
+fi
+AM_CONDITIONAL(HAVE_SELINUX, test "${have_selinux}" = "yes")
+
 # libnl support for the linux platform
 PKG_CHECK_MODULES(LIBNL, libnl-3.0 >= 3.2.8 libnl-route-3.0 libnl-genl-3.0)
 AC_SUBST(LIBNL_CFLAGS)
 AC_SUBST(LIBNL_LIBS)
 
 # uuid library
 PKG_CHECK_MODULES(UUID, uuid)
@@ -844,14 +861,15 @@ if test "${enable_polkit}" = "yes"; then
 		echo "  policykit: yes (permissive modify.system)"
 	else
 		echo "  policykit: yes (restrictive modify.system)"
 	fi
 else
 	echo  "  policykit: no"
 fi
+echo "  selinux: $have_selinux"
 echo
 
 echo "Features:"
 echo "  wext: $ac_with_wext"
 echo "  wimax: $enable_wimax"
 echo "  ppp: $enable_ppp"
 echo "  modemmanager-1: $with_modem_manager_1"
diff --git a/src/settings/plugins/ifcfg-rh/plugin.c b/src/settings/plugins/ifcfg-rh/plugin.c
index 4b70813..ca92606 100644
--- a/src/settings/plugins/ifcfg-rh/plugin.c
+++ b/src/settings/plugins/ifcfg-rh/plugin.c
@@ -23,24 +23,30 @@
 
 #include <config.h>
 #include <string.h>
 #include <unistd.h>
 #include <errno.h>
 #include <net/ethernet.h>
 #include <netinet/ether.h>
+#include <sys/types.h>
+#include <sys/stat.h>
 
 #include <gmodule.h>
 #include <glib-object.h>
 #include <glib/gi18n.h>
 #include <gio/gio.h>
 
 #include <dbus/dbus.h>
 #include <dbus/dbus-glib.h>
 #include <dbus/dbus-glib-lowlevel.h>
 
+#ifdef HAVE_SELINUX
+#include <selinux/selinux.h>
+#endif
+
 #include <nm-setting-connection.h>
 
 #include "common.h"
 #include "nm-dbus-glib-types.h"
 #include "plugin.h"
 #include "nm-system-config-interface.h"
 #include "nm-settings-error.h"
@@ -663,16 +669,37 @@ plugin_get_hostname (SCPluginIfcfg *plugin)
 }
 
 static gboolean
 plugin_set_hostname (SCPluginIfcfg *plugin, const char *hostname)
 {
 	SCPluginIfcfgPrivate *priv = SC_PLUGIN_IFCFG_GET_PRIVATE (plugin);
 	shvarFile *network;
+	gboolean ret;
+#if HAVE_SELINUX
+	security_context_t se_ctx_prev, se_ctx = NULL;
+	struct stat file_stat = { .st_mode = 0 };
 
-	if (!g_file_set_contents (HOSTNAME_FILE, hostname, -1, NULL)) {
+	/* Get default context for HOSTNAME_FILE and set it for fscreate */
+	stat (HOSTNAME_FILE, &file_stat);
+	matchpathcon (HOSTNAME_FILE, file_stat.st_mode, &se_ctx);
+	matchpathcon_fini ();
+	getfscreatecon (&se_ctx_prev);
+	setfscreatecon (se_ctx);
+#endif
+
+	ret = g_file_set_contents (HOSTNAME_FILE, hostname, -1, NULL);
+
+#if HAVE_SELINUX
+	/* Restore previous context and cleanup */
+	setfscreatecon (se_ctx_prev);
+	freecon (se_ctx);
+	freecon (se_ctx_prev);
+#endif
+
+	if (!ret) {
 		PLUGIN_WARN (IFCFG_PLUGIN_NAME, "Could not save hostname: failed to create/open " HOSTNAME_FILE);
 		return FALSE;
 	}
 
 	g_free (priv->hostname);
 	priv->hostname = g_strdup (hostname);
 
-- 
1.9.0

From a2597c08168b87f5107cff6befda8b9118015ccc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ji=C5=99=C3=AD=20Klime=C5=A1?= <jklimes@redhat.com>
Date: Wed, 26 Mar 2014 16:23:54 +0100
Subject: [PATCH] ifcfg-rh: put \n after hostname when writing it to
 /etc/hostname

---
 src/settings/plugins/ifcfg-rh/plugin.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/settings/plugins/ifcfg-rh/plugin.c b/src/settings/plugins/ifcfg-rh/plugin.c
index ca92606..317c1bf 100644
--- a/src/settings/plugins/ifcfg-rh/plugin.c
+++ b/src/settings/plugins/ifcfg-rh/plugin.c
@@ -669,43 +669,47 @@ plugin_get_hostname (SCPluginIfcfg *plugin)
 }
 
 static gboolean
 plugin_set_hostname (SCPluginIfcfg *plugin, const char *hostname)
 {
 	SCPluginIfcfgPrivate *priv = SC_PLUGIN_IFCFG_GET_PRIVATE (plugin);
 	shvarFile *network;
+	char *hostname_eol;
 	gboolean ret;
 #if HAVE_SELINUX
 	security_context_t se_ctx_prev, se_ctx = NULL;
 	struct stat file_stat = { .st_mode = 0 };
 
 	/* Get default context for HOSTNAME_FILE and set it for fscreate */
 	stat (HOSTNAME_FILE, &file_stat);
 	matchpathcon (HOSTNAME_FILE, file_stat.st_mode, &se_ctx);
 	matchpathcon_fini ();
 	getfscreatecon (&se_ctx_prev);
 	setfscreatecon (se_ctx);
 #endif
 
-	ret = g_file_set_contents (HOSTNAME_FILE, hostname, -1, NULL);
+	hostname_eol = g_strdup_printf ("%s\n", hostname);
+	ret = g_file_set_contents (HOSTNAME_FILE, hostname_eol, -1, NULL);
 
 #if HAVE_SELINUX
 	/* Restore previous context and cleanup */
 	setfscreatecon (se_ctx_prev);
 	freecon (se_ctx);
 	freecon (se_ctx_prev);
 #endif
 
 	if (!ret) {
 		PLUGIN_WARN (IFCFG_PLUGIN_NAME, "Could not save hostname: failed to create/open " HOSTNAME_FILE);
+		g_free (hostname_eol);
 		return FALSE;
 	}
 
 	g_free (priv->hostname);
 	priv->hostname = g_strdup (hostname);
+	g_free (hostname_eol);
 
 	/* Remove "HOSTNAME" from SC_NETWORK_FILE, if present */
 	network = svNewFile (SC_NETWORK_FILE);
 	if (network) {
 		svSetValue (network, "HOSTNAME", NULL, FALSE);
 		svWriteFile (network, 0644);
 		svCloseFile (network);
-- 
1.9.0

From e9fdfa1700845dcac3702e8869f158d068a7d8a5 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Tue, 1 Apr 2014 23:44:06 +0200
Subject: [PATCH] ifcfg-rh: fix compile error with HAVE_SELINUX

Related: https://bugzilla.redhat.com/show_bug.cgi?id=1070829

Signed-off-by: Thomas Haller <thaller@redhat.com>
---
 src/settings/plugins/ifcfg-rh/plugin.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/settings/plugins/ifcfg-rh/plugin.c b/src/settings/plugins/ifcfg-rh/plugin.c
index 317c1bf..1f9ed47 100644
--- a/src/settings/plugins/ifcfg-rh/plugin.c
+++ b/src/settings/plugins/ifcfg-rh/plugin.c
@@ -35,15 +35,15 @@
 #include <glib/gi18n.h>
 #include <gio/gio.h>
 
 #include <dbus/dbus.h>
 #include <dbus/dbus-glib.h>
 #include <dbus/dbus-glib-lowlevel.h>
 
-#ifdef HAVE_SELINUX
+#if HAVE_SELINUX
 #include <selinux/selinux.h>
 #endif
 
 #include <nm-setting-connection.h>
 
 #include "common.h"
 #include "nm-dbus-glib-types.h"
-- 
1.9.0