mirror of
https://gitlab.freedesktop.org/NetworkManager/NetworkManager
synced 2024-09-06 09:04:55 +00:00
core: build with SELinux; don't break /etc/hostname context (rh #1070829)
https://bugzilla.redhat.com/show_bug.cgi?id=1070829
This commit is contained in:
Jiří Klimeš
parent
0d1bdffe91
commit
da354830da
18
configure.ac
18
configure.ac
|
|
@ -360,6 +360,23 @@ esac
|
|||
AM_CONDITIONAL(SUSPEND_RESUME_UPOWER, test "x$with_suspend_resume" = "xupower")
|
||||
AM_CONDITIONAL(SUSPEND_RESUME_SYSTEMD, test "x$with_suspend_resume" = "xsystemd")
|
||||
|
||||
# SELinux support
|
||||
AC_ARG_WITH(selinux, AS_HELP_STRING([--with-selinux=yes|no|auto], [Build with SELinux (default: auto)]),,[with_selinux=auto])
|
||||
if test "$with_selinux" = "yes" -o "$with_selinux" = "auto"; then
|
||||
PKG_CHECK_MODULES(SELINUX, libselinux, [have_selinux=yes], [have_selinux=no])
|
||||
else
|
||||
have_selinux=no
|
||||
fi
|
||||
if test "$with_selinux" = "yes" -a "$have_selinux" = "no"; then
|
||||
AC_MSG_ERROR([You must have libselinux installed to build --with-selinux=yes.])
|
||||
fi
|
||||
if test "$have_selinux" = "yes"; then
|
||||
AC_DEFINE(HAVE_SELINUX, 1, [Define if you have SELinux support])
|
||||
else
|
||||
AC_DEFINE(HAVE_SELINUX, 0, [Define if you have SELinux support])
|
||||
fi
|
||||
AM_CONDITIONAL(HAVE_SELINUX, test "${have_selinux}" = "yes")
|
||||
|
||||
# libnl support for the linux platform
|
||||
PKG_CHECK_MODULES(LIBNL, libnl-3.0 >= 3.2.8 libnl-route-3.0 libnl-genl-3.0)
|
||||
AC_SUBST(LIBNL_CFLAGS)
|
||||
|
|
@ -848,6 +865,7 @@ if test "${enable_polkit}" = "yes"; then
|
|||
else
|
||||
echo " policykit: no"
|
||||
fi
|
||||
echo " selinux: $have_selinux"
|
||||
echo
|
||||
|
||||
echo "Features:"
|
||||
|
|
|
|||
|
|
@ -27,6 +27,8 @@
|
|||
#include <errno.h>
|
||||
#include <net/ethernet.h>
|
||||
#include <netinet/ether.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
|
||||
#include <gmodule.h>
|
||||
#include <glib-object.h>
|
||||
|
|
@ -37,6 +39,10 @@
|
|||
#include <dbus/dbus-glib.h>
|
||||
#include <dbus/dbus-glib-lowlevel.h>
|
||||
|
||||
#ifdef HAVE_SELINUX
|
||||
#include <selinux/selinux.h>
|
||||
#endif
|
||||
|
||||
#include <nm-setting-connection.h>
|
||||
|
||||
#include "common.h"
|
||||
|
|
@ -667,8 +673,29 @@ plugin_set_hostname (SCPluginIfcfg *plugin, const char *hostname)
|
|||
{
|
||||
SCPluginIfcfgPrivate *priv = SC_PLUGIN_IFCFG_GET_PRIVATE (plugin);
|
||||
shvarFile *network;
|
||||
gboolean ret;
|
||||
#if HAVE_SELINUX
|
||||
security_context_t se_ctx_prev, se_ctx = NULL;
|
||||
struct stat file_stat = { .st_mode = 0 };
|
||||
|
||||
if (!g_file_set_contents (HOSTNAME_FILE, hostname, -1, NULL)) {
|
||||
/* Get default context for HOSTNAME_FILE and set it for fscreate */
|
||||
stat (HOSTNAME_FILE, &file_stat);
|
||||
matchpathcon (HOSTNAME_FILE, file_stat.st_mode, &se_ctx);
|
||||
matchpathcon_fini ();
|
||||
getfscreatecon (&se_ctx_prev);
|
||||
setfscreatecon (se_ctx);
|
||||
#endif
|
||||
|
||||
ret = g_file_set_contents (HOSTNAME_FILE, hostname, -1, NULL);
|
||||
|
||||
#if HAVE_SELINUX
|
||||
/* Restore previous context and cleanup */
|
||||
setfscreatecon (se_ctx_prev);
|
||||
freecon (se_ctx);
|
||||
freecon (se_ctx_prev);
|
||||
#endif
|
||||
|
||||
if (!ret) {
|
||||
PLUGIN_WARN (IFCFG_PLUGIN_NAME, "Could not save hostname: failed to create/open " HOSTNAME_FILE);
|
||||
return FALSE;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue