[Pkg-sysvinit-commits] r234 - sysvinit/trunk/src
Thomas Hood
jdthood-guest at costa.debian.org
Thu Nov 24 12:50:43 UTC 2005
Author: jdthood-guest
Date: 2005-11-24 12:50:43 +0000 (Thu, 24 Nov 2005)
New Revision: 234
Modified:
sysvinit/trunk/src/Makefile
sysvinit/trunk/src/bootlogd.c
sysvinit/trunk/src/dowall.c
sysvinit/trunk/src/ifdown.c
sysvinit/trunk/src/init.c
sysvinit/trunk/src/killall5.c
sysvinit/trunk/src/shutdown.c
sysvinit/trunk/src/sulogin.c
Log:
Restore killall5.c to upstream version; put differences in dpatch 20
Modified: sysvinit/trunk/src/Makefile
===================================================================
--- sysvinit/trunk/src/Makefile 2005-11-24 12:18:10 UTC (rev 233)
+++ sysvinit/trunk/src/Makefile 2005-11-24 12:50:43 UTC (rev 234)
@@ -9,7 +9,7 @@
#
CC = gcc
-CFLAGS = -Wall -O2 -fomit-frame-pointer -D_GNU_SOURCE
+CFLAGS = -ansi -W -Wall -O2 -fomit-frame-pointer -D_GNU_SOURCE
LDFLAGS = -s
STATIC =
@@ -46,9 +46,22 @@
BIN_OWNER = root
BIN_GROUP = root
BIN_COMBO = $(BIN_OWNER):$(BIN_GROUP)
-INSTALL = install -o $(BIN_OWNER) -g $(BIN_GROUP)
+INSTALL = install -o $(BIN_OWNER) -g $(BIN_GROUP) -m 755 -s
+INSTALL_DATA = install -o $(BIN_OWNER) -g $(BIN_GROUP) -m 644
MANDIR = /usr/share/man
+ifeq ($(WITH_SELINUX),yes)
+ SELINUX_DEF=-DWITH_SELINUX
+ INIT_SELIBS=-lsepol -lselinux
+ SULOGIN_SELIBS=-lselinux
+else
+ SELINUX_DEF=
+ INIT_SELIBS=
+ SULOGIN_SELIBS=
+endif
+
+
+
# Additional libs for GNU libc.
ifneq ($(wildcard /usr/lib/libcrypt.a),)
LCRYPT = -lcrypt
@@ -57,7 +70,7 @@
all: $(BIN) $(SBIN) $(USRBIN)
init: init.o init_utmp.o
- $(CC) $(LDFLAGS) $(STATIC) -o $@ init.o init_utmp.o
+ $(CC) $(LDFLAGS) $(STATIC) -o $@ init.o init_utmp.o $(INIT_SELIBS)
halt: halt.o ifdown.o hddown.o utmp.o reboot.h
$(CC) $(LDFLAGS) -o $@ halt.o ifdown.o hddown.o utmp.o
@@ -78,7 +91,7 @@
$(CC) $(LDFLAGS) -o $@ runlevel.o
sulogin: sulogin.o
- $(CC) $(LDFLAGS) $(STATIC) -o $@ sulogin.o $(LCRYPT)
+ $(CC) $(LDFLAGS) $(STATIC) $(SELINUX_DEF) -o $@ $^ $(LCRYPT) $(SULOGIN_SELIBS)
wall: dowall.o wall.o
$(CC) $(LDFLAGS) -o $@ dowall.o wall.o
@@ -89,8 +102,11 @@
bootlogd: bootlogd.o
$(CC) $(LDFLAGS) -o $@ bootlogd.o -lutil
+sulogin.o: sulogin.c
+ $(CC) -c $(CFLAGS) $(SELINUX_DEF) sulogin.c
+
init.o: init.c init.h set.h reboot.h initreq.h
- $(CC) -c $(CFLAGS) init.c
+ $(CC) -c $(CFLAGS) $(SELINUX_DEF) init.c
utmp.o: utmp.c init.h
$(CC) -c $(CFLAGS) utmp.c
@@ -127,15 +143,15 @@
if [ ! -f $(ROOT)/usr/bin/lastb ]; then \
ln -sf last $(ROOT)/usr/bin/lastb; \
fi
- $(INSTALL) -m 644 initreq.h $(ROOT)/usr/include/
+ $(INSTALL_DATA) initreq.h $(ROOT)/usr/include/
for i in $(MAN1); do \
- $(INSTALL) -m 644 ../man/$$i $(ROOT)$(MANDIR)/man1/; \
+ $(INSTALL_DATA) ../man/$$i $(ROOT)$(MANDIR)/man1/; \
done
for i in $(MAN5); do \
- $(INSTALL) -m 644 ../man/$$i $(ROOT)$(MANDIR)/man5/; \
+ $(INSTALL_DATA) ../man/$$i $(ROOT)$(MANDIR)/man5/; \
done
for i in $(MAN8); do \
- $(INSTALL) -m 644 ../man/$$i $(ROOT)$(MANDIR)/man8/; \
+ $(INSTALL_DATA) ../man/$$i $(ROOT)$(MANDIR)/man8/; \
done
ifeq ($(ROOT),)
#
Modified: sysvinit/trunk/src/bootlogd.c
===================================================================
--- sysvinit/trunk/src/bootlogd.c 2005-11-24 12:18:10 UTC (rev 233)
+++ sysvinit/trunk/src/bootlogd.c 2005-11-24 12:50:43 UTC (rev 234)
@@ -523,8 +523,19 @@
* Fork and write pidfile if needed.
*/
if (!dontfork) {
- if (fork())
+ pid_t child_pid = fork();
+ switch (child_pid) {
+ case -1: /* error */
+ fprintf(stderr, "bootlogd: fork failed: %s\n",
+ strerror(errno));
exit(1);
+ break;
+ case 0: /* child, ignore */
+ break;
+ default: /* parend with child pid returned from fork() */
+ exit(0);
+ break;
+ }
setsid();
}
if (pidfile) {
Modified: sysvinit/trunk/src/dowall.c
===================================================================
--- sysvinit/trunk/src/dowall.c 2005-11-24 12:18:10 UTC (rev 233)
+++ sysvinit/trunk/src/dowall.c 2005-11-24 12:50:43 UTC (rev 234)
@@ -65,7 +65,7 @@
uid_t uid;
char *tty;
static char uidbuf[32];
- static char ttynm[32];
+ static char ttynm[UT_LINESIZE + 4];
static int init = 0;
if (!init) {
@@ -131,6 +131,7 @@
time_t t;
char term[UT_LINESIZE+6];
char line[81];
+ char hostname[256]; /* HOST_NAME_MAX+1 */
char *date, *p;
char *user, *tty;
int fd, flags;
@@ -144,6 +145,16 @@
getuidtty(&user, &tty);
+ /* Get and report current hostname, to make it easier to find
+ out which machine is being shut down. */
+ if (0 != gethostname(hostname, sizeof(hostname))) {
+ strncpy(hostname, "[unknown]", sizeof(hostname)-1);
+ }
+ /* If hostname is truncated, it is unspecified if the string
+ is null terminated or not. Make sure we know it is null
+ terminated. */
+ hostname[sizeof(hostname)-1] = 0;
+
/* Get the time */
time(&t);
date = ctime(&t);
@@ -157,8 +168,8 @@
date);
} else {
snprintf(line, sizeof(line),
- "\007\r\nBroadcast message from %s %s(%s):\r\n\r\n",
- user, tty, date);
+ "\007\r\nBroadcast message from %s@%s %s(%s):\r\n\r\n",
+ user, hostname, tty, date);
}
/*
@@ -180,7 +191,7 @@
utmp->ut_user[0] == 0) continue;
if (strncmp(utmp->ut_line, "/dev/", 5) == 0) {
term[0] = 0;
- strncat(term, utmp->ut_line, UT_LINESIZE);
+ strncat(term, utmp->ut_line, sizeof(term)-1);
} else
snprintf(term, sizeof(term), "/dev/%.*s",
UT_LINESIZE, utmp->ut_line);
Modified: sysvinit/trunk/src/ifdown.c
===================================================================
--- sysvinit/trunk/src/ifdown.c 2005-11-24 12:18:10 UTC (rev 233)
+++ sysvinit/trunk/src/ifdown.c 2005-11-24 12:50:43 UTC (rev 234)
@@ -61,10 +61,19 @@
continue;
if (strchr(ifr[i].ifr_name, ':') != NULL)
continue;
- ifr[i].ifr_flags &= ~(IFF_UP);
- if (ioctl(fd, SIOCSIFFLAGS, &ifr[i]) < 0) {
- fprintf(stderr, "ifdown: shutdown ");
- perror(ifr[i].ifr_name);
+/* Expected in <net/if.h> according to "UNIX Network Programming". */
+#ifdef ifr_flags
+#define FLAGS ifr_flags
+#else
+/* Present on kFreeBSD, fixes bug #327031. */
+#define FLAGS ifr_flagshigh
+#endif
+ if (ifr[i].FLAGS & IFF_UP) {
+ ifr[i].FLAGS &= ~(IFF_UP);
+ if (ioctl(fd, SIOCSIFFLAGS, &ifr[i]) < 0) {
+ fprintf(stderr, "ifdown: shutdown ");
+ perror(ifr[i].ifr_name);
+ }
}
}
}
Modified: sysvinit/trunk/src/init.c
===================================================================
--- sysvinit/trunk/src/init.c 2005-11-24 12:18:10 UTC (rev 233)
+++ sysvinit/trunk/src/init.c 2005-11-24 12:50:43 UTC (rev 234)
@@ -80,6 +80,157 @@
sigaction(sig, &sa, NULL); \
} while(0)
+
+#ifdef WITH_SELINUX
+#include <sys/mman.h>
+#include <selinux/selinux.h>
+#include <sepol/sepol.h>
+#include <sys/mount.h>
+
+/* Mount point for selinuxfs. */
+#define SELINUXMNT "/selinux/"
+int enforcing = -1; /* SELinux enforcing mode */
+
+static int load_policy(int *enforce)
+{
+ int fd=-1,ret=-1;
+ int rc=0, orig_enforce;
+ struct stat sb;
+ void *map;
+ char policy_file[PATH_MAX];
+ int policy_version=0;
+ extern char *selinux_mnt;
+ FILE *cfg;
+ char buf[4096];
+ int seconfig = -2;
+
+ selinux_getenforcemode(&seconfig);
+
+ mount("none", "/proc", "proc", 0, 0);
+ cfg = fopen("/proc/cmdline","r");
+ if (cfg) {
+ char *tmp;
+ if (fgets(buf,4096,cfg) && (tmp = strstr(buf,"enforcing="))) {
+ if (tmp == buf || isspace(*(tmp-1))) {
+ enforcing=atoi(tmp+10);
+ }
+ }
+ fclose(cfg);
+ }
+#define MNT_DETACH 2
+ umount2("/proc",MNT_DETACH);
+
+ if (enforcing >=0)
+ *enforce = enforcing;
+ else if (seconfig == 1)
+ *enforce = 1;
+
+ if (mount("none", SELINUXMNT, "selinuxfs", 0, 0) < 0) {
+ if (errno == ENODEV) {
+ printf("SELinux not supported by kernel: %s\n",SELINUXMNT,strerror(errno));
+ *enforce = 0;
+ } else {
+ printf("Failed to mount %s: %s\n",SELINUXMNT,strerror(errno));
+ }
+ return ret;
+ }
+
+ selinux_mnt = SELINUXMNT; /* set manually since we mounted it */
+
+ policy_version=security_policyvers();
+ if (policy_version < 0) {
+ printf( "Can't get policy version: %s\n", strerror(errno));
+ goto UMOUNT;
+ }
+
+ orig_enforce = rc = security_getenforce();
+ if (rc < 0) {
+ printf( "Can't get SELinux enforcement flag: %s\n", strerror(errno));
+ goto UMOUNT;
+ }
+ if (enforcing >= 0) {
+ *enforce = enforcing;
+ } else if (seconfig == -1) {
+ *enforce = 0;
+ rc = security_disable();
+ if (rc == 0) umount(SELINUXMNT);
+ if (rc < 0) {
+ rc = security_setenforce(0);
+ if (rc < 0) {
+ printf("Can't disable SELinux: %s\n", strerror(errno));
+ goto UMOUNT;
+ }
+ }
+ ret = 0;
+ goto UMOUNT;
+ } else if (seconfig >= 0) {
+ *enforce = seconfig;
+ if (orig_enforce != *enforce) {
+ rc = security_setenforce(seconfig);
+ if (rc < 0) {
+ printf("Can't set SELinux enforcement flag: %s\n", strerror(errno));
+ goto UMOUNT;
+ }
+ }
+ }
+
+ snprintf(policy_file,sizeof(policy_file),"%s.%d",selinux_binary_policy_path(),policy_version);
+ fd = open(policy_file, O_RDONLY);
+ if (fd < 0) {
+ /* Check previous version to see if old policy is available
+ */
+ snprintf(policy_file,sizeof(policy_file),"%s.%d",selinux_binary_policy_path(),policy_version-1);
+ fd = open(policy_file, O_RDONLY);
+ if (fd < 0) {
+ printf( "Can't open '%s.%d': %s\n",
+ selinux_binary_policy_path(),policy_version,strerror(errno));
+ goto UMOUNT;
+ }
+ }
+
+ if (fstat(fd, &sb) < 0) {
+ printf("Can't stat '%s': %s\n",
+ policy_file, strerror(errno));
+ goto UMOUNT;
+ }
+
+ map = mmap(NULL, sb.st_size, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
+ if (map == MAP_FAILED) {
+ printf( "Can't map '%s': %s\n",
+ policy_file, strerror(errno));
+ goto UMOUNT;
+ }
+
+
+ /* Set booleans based on a booleans configuration file. */
+ ret = sepol_genbools(map, sb.st_size, selinux_booleans_path());
+ if (ret < 0) {
+ if (errno == ENOENT || errno == EINVAL) {
+ /* No booleans file or stale booleans in the file; non-fatal. */
+ printf("Warning! Error while setting booleans: %s\n"
+ , strerror(errno));
+ } else {
+ printf("Error while setting booleans: %s\n",
+ strerror(errno));
+ goto UMOUNT;
+ }
+ }
+ printf("Loading security policy\n");
+ ret=security_load_policy(map, sb.st_size);
+ if (ret < 0) {
+ printf("security_load_policy failed\n");
+ }
+
+ UMOUNT:
+ /*umount(SELINUXMNT); */
+ if ( fd >= 0) {
+ close(fd);
+ }
+ return(ret);
+}
+#endif
+
+
/* Version information */
char *Version = "@(#) init " VERSION " " DATE " miquels at cistron.nl";
char *bootmsg = "version " VERSION " %s";
@@ -685,6 +836,14 @@
return;
}
+#ifdef __FreeBSD_kernel__
+ /* The kernel of FreeBSD expects userland to set TERM. Usualy, we want
+ "cons25". Later, gettys might disagree on this (i.e. we're not using
+ syscons) but some boot scripts, like /etc/init.d/xserver-xorg, still
+ need a non-dumb terminal. */
+ putenv ("TERM=cons25");
+#endif
+
(void) tcgetattr(fd, &tty);
tty.c_cflag &= CBAUD|CBAUDEX|CSIZE|CSTOPB|PARENB|PARODD;
@@ -966,8 +1125,10 @@
dup(f);
dup(f);
}
+ SETSIG(sa, SIGCHLD, SIG_DFL, SA_RESTART);
if ((pid = fork()) < 0) {
- initlog(L_VB, "cannot fork");
+ initlog(L_VB, "cannot fork: %s",
+ strerror(errno));
exit(1);
}
if (pid > 0) {
@@ -978,7 +1139,6 @@
SETSIG(sa, SIGINT, SIG_IGN, SA_RESTART);
SETSIG(sa, SIGTSTP, SIG_IGN, SA_RESTART);
SETSIG(sa, SIGQUIT, SIG_IGN, SA_RESTART);
- SETSIG(sa, SIGCHLD, SIG_DFL, SA_RESTART);
while ((rc = waitpid(pid, &st, 0)) != pid)
if (rc < 0 && errno == ECHILD)
@@ -997,7 +1157,8 @@
* this with a temporary process.
*/
if ((pid = fork()) < 0) {
- initlog(L_VB, "cannot fork");
+ initlog(L_VB, "cannot fork: %s",
+ strerror(errno));
exit(1);
}
if (pid == 0) {
@@ -2495,7 +2656,7 @@
*/
void usage(char *s)
{
- fprintf(stderr, "Usage: %s 0123456SsQqAaBbCcUu\n", s);
+ fprintf(stderr, "Usage: %s [-e env ] [-t seconds] 0123456SsQqAaBbCcUu\n", s);
exit(1);
}
@@ -2599,6 +2760,7 @@
char *p;
int f;
int isinit;
+ int enforce = 0;
/* Get my own name */
if ((p = strrchr(argv[0], '/')) != NULL)
@@ -2662,6 +2824,21 @@
maxproclen += strlen(argv[f]) + 1;
}
+#ifdef WITH_SELINUX
+ if (getenv("SELINUX_INIT") == NULL) {
+ putenv("SELINUX_INIT=YES");
+ if (load_policy(&enforce) == 0 ) {
+ execv(myname, argv);
+ } else {
+ if (enforce > 0) {
+ /* SELinux in enforcing mode but load_policy failed */
+ /* At this point, we probably can't open /dev/console, so log() won't work */
+ fprintf(stderr,"Enforcing mode requested but no policy loaded. Halting now.\n");
+ exit(1);
+ }
+ }
+ }
+#endif
/* Start booting. */
argv0 = argv[0];
argv[1] = NULL;
Modified: sysvinit/trunk/src/killall5.c
===================================================================
--- sysvinit/trunk/src/killall5.c 2005-11-24 12:18:10 UTC (rev 233)
+++ sysvinit/trunk/src/killall5.c 2005-11-24 12:50:43 UTC (rev 234)
@@ -378,8 +378,8 @@
int foundone = 0;
int ok = 0;
- if (! prog)
- return NULL;
+ /* Try to stat the executable. */
+ if (prog[0] == '/' && stat(prog, &st) == 0) dostat++;
/* Get basename of program. */
if ((s = strrchr(prog, '/')) == NULL)
@@ -387,16 +387,9 @@
else
s++;
- if (! *s)
- return NULL;
-
q = (PIDQ_HEAD *)xmalloc(sizeof(PIDQ_HEAD));
q = init_pid_q(q);
- /* Try to stat the executable. */
- if (prog[0] == '/' && stat(prog, &st) == 0)
- dostat++;
-
/* First try to find a match based on dev/ino pair. */
if (dostat) {
for (p = plist; p; p = p->next) {
@@ -411,35 +404,15 @@
if (!foundone) for (p = plist; p; p = p->next) {
ok = 0;
- /* matching nonmatching
- * proc name prog name prog name
- * --- ----------- ------------
- * b b, p/b, q/b
- * p/b b, p/b q/b
- *
- * Algorithm: Match if:
- * cmd = arg
- * or cmd = base(arg)
- * or base(cmd) = arg
- *
- * Specifically, do not match just because base(cmd) = base(arg)
- * as was done in earlier versions of this program, since this
- * allows /aaa/foo to match /bbb/foo .
- */
- ok |=
- (p->argv0 && strcmp(p->argv0, prog) == 0)
- || (p->argv0 && s != prog && strcmp(p->argv0, s) == 0)
- || (p->argv0base && strcmp(p->argv0base, prog) == 0);
+ /* Compare name (both basename and full path) */
+ ok += (p->argv0 && strcmp(p->argv0, prog) == 0);
+ ok += (p->argv0 && strcmp(p->argv0base, s) == 0);
/* For scripts, compare argv[1] as well. */
- if (
- scripts_too && p->statname && p->argv1base
- && !strncmp(p->statname, p->argv1base, STATNAMELEN)
- ) {
- ok |=
- (p->argv1 && strcmp(p->argv1, prog) == 0)
- || (p->argv1 && s != prog && strcmp(p->argv1, s) == 0)
- || (p->argv1base && strcmp(p->argv1base, prog) == 0);
+ if (scripts_too && p->argv1 &&
+ !strncmp(p->statname, p->argv1base, STATNAMELEN)) {
+ ok += (strcmp(p->argv1, prog) == 0);
+ ok += (strcmp(p->argv1base, s) == 0);
}
/*
@@ -450,7 +423,7 @@
(p->argv0 == NULL ||
p->argv0[0] == 0 ||
strchr(p->argv0, ' '))) {
- ok |= (strcmp(p->statname, s) == 0);
+ ok += (strcmp(p->statname, s) == 0);
}
if (ok) add_pid_to_q(q, p);
}
Modified: sysvinit/trunk/src/shutdown.c
===================================================================
--- sysvinit/trunk/src/shutdown.c 2005-11-24 12:18:10 UTC (rev 233)
+++ sysvinit/trunk/src/shutdown.c 2005-11-24 12:50:43 UTC (rev 234)
@@ -521,6 +521,12 @@
}
}
+ if (NULL != halttype && down_level[0] != '0') {
+ fprintf(stderr, "shutdown: -H and -P flags needs -h flag.\n");
+ usage();
+ exit(1);
+ }
+
/* Do we need to use the shutdown.allow file ? */
if (useacl && (fp = fopen(SDALLOW, "r")) != NULL) {
Modified: sysvinit/trunk/src/sulogin.c
===================================================================
--- sysvinit/trunk/src/sulogin.c 2005-11-24 12:18:10 UTC (rev 233)
+++ sysvinit/trunk/src/sulogin.c 2005-11-24 12:50:43 UTC (rev 234)
@@ -28,6 +28,10 @@
# include <crypt.h>
#endif
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#include <selinux/get_context_list.h>
+#endif
#define CHECK_DES 1
#define CHECK_MD5 1
@@ -234,7 +238,11 @@
fprintf(stderr, "%s: no entry for root\n", F_SHADOW);
strcpy(pwd.pw_passwd, "");
}
- if (!valid(pwd.pw_passwd)) {
+
+ /* disabled passwords are valid too */
+ if (!(strcmp(pwd.pw_passwd, "*") == 0) ||
+ !(strcmp(pwd.pw_passwd, "!") == 0) ||
+ !valid(pwd.pw_passwd)) {
fprintf(stderr, "%s: root password garbled\n", F_SHADOW);
strcpy(pwd.pw_passwd, ""); }
return &pwd;
@@ -335,6 +343,16 @@
signal(SIGINT, SIG_DFL);
signal(SIGTSTP, SIG_DFL);
signal(SIGQUIT, SIG_DFL);
+#ifdef WITH_SELINUX
+ if (is_selinux_enabled > 0) {
+ security_context_t* contextlist=NULL;
+ if (get_ordered_context_list("root", 0, &contextlist) > 0) {
+ if (setexeccon(contextlist[0]) != 0)
+ fprintf(stderr, "setexeccon faile\n");
+ freeconary(contextlist);
+ }
+ }
+#endif
execl(sushell, shell, NULL);
perror(sushell);
@@ -436,6 +454,14 @@
fprintf(stderr, "sulogin: cannot open password database!\n");
sleep(2);
}
+ /*
+ * If the root password is locked, fire up a shell
+ */
+ if ((strcmp(pwd->pw_passwd, "*") == 0) ||
+ (strcmp(pwd->pw_passwd, "!") == 0)) {
+ fprintf(stderr, "sulogin: root accound is locked, starting shell\n");
+ sushell(pwd);
+ }
/*
* Ask for the password.
More information about the Pkg-sysvinit-commits
mailing list