run_shell and selinux
Denys Vlasenko
vda.linux at googlemail.com
Mon Sep 10 16:56:28 UTC 2007
On Monday 10 September 2007 14:30, Yuichi Nakamura wrote:
> > I don't understand in full what is the intent of the above
> > #if/#endif block. IIRC these are equivalent:
> > execve(shell, (char **) args, environ);
> > execv(shell, (char **) args);
> > Can it be rewritten this way?
> >
> > #if ENABLE_SELINUX
> > if (current_sid && !setexeccon(current_sid))
> > freecon(current_sid);
> > #endif
> > execv(shell, (char **) args);
>
> I think you can do it.
> And as you said in next email,
> You can write:
> if (ENABLE_FEATURE_CLEAN_UP)
> freecon(...)
I am committing it in this form:
#if ENABLE_SELINUX
if (current_sid)
setexeccon(current_sid);
if (ENABLE_FEATURE_CLEAN_UP)
freecon(current_sid);
#endif
execv(shell, (char **) args);
I am also removing if() from free calls like this:
- if (current_sid)
- freecon(current_sid); /* Release old context */
+ freecon(current_sid); /* Release old context */
Yell if it's not ok.
--
vda
More information about the busybox
mailing list