run_shell and selinux

Denys Vlasenko vda.linux at googlemail.com
Mon Sep 10 12:42:37 UTC 2007


Hi,

void run_shell(const char *shell, int loginshell, const char *command, const char **additional_args)
{
        const char **args;
        int argno = 1;
        int additional_args_cnt = 0;
...
        args[argno] = NULL;
#if ENABLE_SELINUX
        if (current_sid && !setexeccon(current_sid)) {
                freecon(current_sid);
                execve(shell, (char **) args, environ);
        } else
#endif
        execv(shell, (char **) args);
        bb_perror_msg_and_die("cannot run %s", shell);
}


I don't understand in full what is the intent of the above
#if/#endif block. IIRC these are equivalent:
execve(shell, (char **) args, environ);
execv(shell, (char **) args);
Can it be rewritten this way?

#if ENABLE_SELINUX
        if (current_sid && !setexeccon(current_sid))
                freecon(current_sid);
#endif
        execv(shell, (char **) args);

If not, we need to add a comment which explains why not.
--
vda



More information about the busybox mailing list