run_shell and selinux
Denys Vlasenko
vda.linux at googlemail.com
Mon Sep 10 12:42:37 UTC 2007
Hi,
void run_shell(const char *shell, int loginshell, const char *command, const char **additional_args)
{
const char **args;
int argno = 1;
int additional_args_cnt = 0;
...
args[argno] = NULL;
#if ENABLE_SELINUX
if (current_sid && !setexeccon(current_sid)) {
freecon(current_sid);
execve(shell, (char **) args, environ);
} else
#endif
execv(shell, (char **) args);
bb_perror_msg_and_die("cannot run %s", shell);
}
I don't understand in full what is the intent of the above
#if/#endif block. IIRC these are equivalent:
execve(shell, (char **) args, environ);
execv(shell, (char **) args);
Can it be rewritten this way?
#if ENABLE_SELINUX
if (current_sid && !setexeccon(current_sid))
freecon(current_sid);
#endif
execv(shell, (char **) args);
If not, we need to add a comment which explains why not.
--
vda
More information about the busybox
mailing list