compile error in trunk -- selinux, loginutils/login.c
KaiGai Kohei
kaigai at ak.jp.nec.com
Mon Feb 23 01:36:30 UTC 2009
The attached patch fixes the matter.
It seems to me this matter was enbuged at r25210.
| r25210 | vda | 2009-02-02 09:15:00 +0900 (Mon, 02 Feb 2009) | 3 lines
|
| login: cleanup work by Walter Harms. No logic changes.
% svn log -c 25210 loginutils/login.c
:
+#if ENABLE_SELINUX
+static void initselinux(char *username, char *full_tty,
+ security_context_t *user_sid)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+{
+ security_context_t old_tty_sid, new_tty_sid;
+
+ if (!is_selinux_enabled())
+ return;
+
+ if (get_default_context(username, NULL, user_sid)) {
^^^^^^^^ security_context_t *, correct
+ bb_error_msg_and_die("cannot get SID for %s", username);
+ }
+ if (getfilecon(full_tty, &old_tty_sid) < 0) {
+ bb_perror_msg_and_die("getfilecon(%s) failed", full_tty);
+ }
+ if (security_compute_relabel(user_sid, old_tty_sid,
^^^^^^^^ security_context_t *, incorrect
+ SECCLASS_CHR_FILE, &new_tty_sid) != 0) {
+ bb_perror_msg_and_die("security_change_sid(%s) failed", full_tty);
+ }
+ if (setfilecon(full_tty, new_tty_sid) != 0) {
+ bb_perror_msg_and_die("chsid(%s, %s) failed", full_tty, new_tty_sid);
+ }
+}
+#endif
:
-#if ENABLE_SELINUX
- if (is_selinux_enabled()) {
- security_context_t old_tty_sid, new_tty_sid;
+ USE_SELINUX(initselinux(username, full_tty, &user_sid));
- if (get_default_context(username, NULL, &user_sid)) {
^^^^^^^^^ security_context_t *
- bb_error_msg_and_die("cannot get SID for %s",
- username);
- }
- if (getfilecon(full_tty, &old_tty_sid) < 0) {
- bb_perror_msg_and_die("getfilecon(%s) failed",
- full_tty);
- }
- if (security_compute_relabel(user_sid, old_tty_sid,
^^^^^^^^ security_context_t
- SECCLASS_CHR_FILE, &new_tty_sid) != 0) {
- bb_perror_msg_and_die("security_change_sid(%s) failed",
- full_tty);
- }
- if (setfilecon(full_tty, new_tty_sid) != 0) {
- bb_perror_msg_and_die("chsid(%s, %s) failed",
- full_tty, new_tty_sid);
- }
- }
-#endif
Thanks,
Robert P. J. Day wrote:
> ...
> loginutils/login.c: In function ‘initselinux’:
> loginutils/login.c:184: error: passing argument 1 of
> ‘security_compute_relabel’ from incompatible pointer type
> make[1]: *** [loginutils/login.o] Error 1
> make: *** [loginutils] Error 2
> ...
>
> the problem? here's loginutils/login.c:
>
> static void initselinux(char *username, char *full_tty,
> security_context_t *user_sid)
> {
> security_context_t old_tty_sid, new_tty_sid;
>
> ...
>
> if (security_compute_relabel(user_sid, old_tty_sid,
> SECCLASS_CHR_FILE, &new_tty_sid) != 0) {
> bb_perror_msg_and_die("security_change_sid(%s) failed", full_tty);
> ...
>
>
> as you can see, the first arg to security_computer_relabel is a
> *pointer* to a security_context_t, but that routine is defined in
> selinux as:
>
> int security_compute_relabel(security_context_t scon,
> security_context_t tcon, security_class_t tclass, security_context_t
> *newcon);
>
> that is, accepting a security_context_t (not a pointer to one). or
> am i misreading this?
>
> rday
> --
>
>
> ========================================================================
> Robert P. J. Day
> Linux Consulting, Training and Annoying Kernel Pedantry:
> Have classroom, will lecture.
>
> http://crashcourse.ca Waterloo, Ontario, CANADA
> ========================================================================
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> busybox mailing list
> busybox at busybox.net
> http://lists.busybox.net/mailman/listinfo/busybox
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai at ak.jp.nec.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: busybox-loginutils-fix-type-mismatch.patch
Type: text/x-patch
Size: 534 bytes
Desc: not available
URL: <http://lists.busybox.net/pipermail/busybox/attachments/20090223/1ab5c65c/attachment-0001.bin>
More information about the busybox
mailing list