rpms / tigervnc

Clone
Source Code
GIT

Blame SOURCES/tigervnc-selinux-restore-context-in-case-of-different-policies.patch

c4 c5 c5-plus c6 c6-plus c7 c7-aarch64 c7-alt c7-beta c7-ppc64le c8 c8-beta c8s c9 c9-beta
  1.   601a16951644c39d6d9eb0248a79bd53a03699dd
  2.   SOURCES
  3.   tigervnc-selinux-restore-context-in-case-of-different-policies.patch
Blob History Raw
601a16 
From d2d52704624ce841f4a392fccd82079d87ff13b6 Mon Sep 17 00:00:00 2001
601a16 
From: Jan Grulich <jgrulich@redhat.com>
601a16 
Date: Thu, 11 Nov 2021 13:52:41 +0100
601a16 
Subject: [PATCH] SELinux: restore SELinux context in case of different
601a16 
 policies
601a16
601a16 
---
601a16 
 CMakeLists.txt                | 13 +++++++++++++
601a16 
 unix/vncserver/CMakeLists.txt |  2 +-
601a16 
 unix/vncserver/vncsession.c   | 16 ++++++++++++++++
601a16 
 3 files changed, 30 insertions(+), 1 deletion(-)
601a16
601a16 
diff --git a/CMakeLists.txt b/CMakeLists.txt
601a16 
index 7bf9944..85be468 100644
601a16 
--- a/CMakeLists.txt
601a16 
+++ b/CMakeLists.txt
601a16 
@@ -276,6 +276,19 @@ if(UNIX AND NOT APPLE)
601a16 
   endif()
601a16 
 endif()
601a16
601a16 
+# Check for SELinux library
601a16 
+if(UNIX AND NOT APPLE)
601a16 
+  check_include_files(selinux/selinux.h HAVE_SELINUX_H)
601a16 
+  if(HAVE_SELINUX_H)
601a16 
+    set(CMAKE_REQUIRED_LIBRARIES -lselinux)
601a16 
+    set(CMAKE_REQUIRED_LIBRARIES)
601a16 
+    set(SELINUX_LIBS selinux)
601a16 
+    add_definitions("-DHAVE_SELINUX")
601a16 
+  else()
601a16 
+    message(WARNING "Could not find SELinux development files")
601a16 
+  endif()
601a16 
+endif()
601a16 
+
601a16 
 # Generate config.h and make sure the source finds it
601a16 
 configure_file(config.h.in config.h)
601a16 
 add_definitions(-DHAVE_CONFIG_H)
601a16 
diff --git a/unix/vncserver/CMakeLists.txt b/unix/vncserver/CMakeLists.txt
601a16 
index eeb4b7b..bce1c3e 100644
601a16 
--- a/unix/vncserver/CMakeLists.txt
601a16 
+++ b/unix/vncserver/CMakeLists.txt
601a16 
@@ -1,5 +1,5 @@
601a16 
 add_executable(vncsession vncsession.c)
601a16 
-target_link_libraries(vncsession ${PAM_LIBS})
601a16 
+target_link_libraries(vncsession ${PAM_LIBS} ${SELINUX_LIBS})
601a16
601a16 
 configure_file(vncserver@.service.in vncserver@.service @ONLY)
601a16 
 configure_file(vncsession-start.in vncsession-start @ONLY)
601a16 
diff --git a/unix/vncserver/vncsession.c b/unix/vncserver/vncsession.c
601a16 
index f78c096..141f689 100644
601a16 
--- a/unix/vncserver/vncsession.c
601a16 
+++ b/unix/vncserver/vncsession.c
601a16 
@@ -37,6 +37,11 @@
601a16 
 #include <sys/types.h>
601a16 
 #include <sys/wait.h>
601a16
601a16 
+#ifdef HAVE_SELINUX
601a16 
+#include <selinux/selinux.h>
601a16 
+#include <selinux/restorecon.h>
601a16 
+#endif
601a16 
+
601a16 
 extern char **environ;
601a16
601a16 
 // PAM service name
601a16 
@@ -359,6 +364,17 @@ redir_stdio(const char *homedir, const char *display)
601a16 
             perror("mkdir");
601a16 
             _exit(EX_OSERR);
601a16 
         }
601a16 
+
601a16 
+#ifdef HAVE_SELINUX
601a16 
+        int result;
601a16 
+        if (selinux_file_context_verify(logfile, 0) == 0) {
601a16 
+            result = selinux_restorecon(logfile, SELINUX_RESTORECON_RECURSE);
601a16 
+
601a16 
+            if (result < 0) {
601a16 
+                syslog(LOG_WARNING, "Failure restoring SELinux context for \"%s\": %s", logfile, strerror(errno));
601a16 
+            }
601a16 
+        }
601a16 
+#endif
601a16 
     }
601a16
601a16 
     if (gethostname(hostname, sizeof(hostname)) == -1) {

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation