Follow-up of: 9eb9c93275 ("Get rid of security_context_t and fix const declarations.")
Acked-by: William Roberts <william.c.roberts@intel.com>
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
According to [1], crypt() support in POSIX is optional, so include
also <crypt.h> when _XOPEN_CRYPT is not defined or is defined to -1.
Without this I can't build run_init from source out-of-the-box on
Fedora 29.
[1] http://man7.org/linux/man-pages/man3/crypt.3.html#NOTES
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Making stdin/stdout non-blocking causes open_init_pty to hang if
they are closed, ala
./open_init_pty bash -c 'echo hello; exec >&- 2>&- <&-; sleep 1; '
and per
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=474956#10
This reverts commit fb081eb64b.
Reported-by: Laurent Bigonville <bigon@debian.org>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
There were several places in the makefiles where LDLIBS or CFLAGS were
supposed to include options to build. They were missing the override
keyword so would be skipped if these vars were set on the make cmdline.
Add the override directive to fix this.
Signed-off-by: Jason Zaman <jason@perfinion.com>
when building packages (e.g. for openSUSE Linux)
(random) filesystem order of input files
influences ordering of functions in the output,
thus without the patch, builds (in disposable VMs) would usually differ.
See https://reproducible-builds.org/ for why this matters.
The toolchain automatically handles them and they break cross compiling.
LDFLAGS should also come before object files, some flags (eg,
-Wl,as-needed) can break things if they are in the wrong place)
Gentoo-Bug: https://bugs.gentoo.org/500674
Signed-off-by: Jason Zaman <jason@perfinion.com>
Fix missing and surplus commas. Fix the following formatting errors:
.BR selinux(8)
renders the the "(8)" in bold as well as the "selinux". This is wrong.
.B selinux
(8)
renders with a space between "selinux" and "(8)", this is wrong.
.B selinux (8)
commits both of the above mistakes.
.BR selinux (8), apparmor (8)
omits the space separating "selinux(8)," and "apparmor(8)", this is wrong.
Correct all the above using the following markup:
.BR selinux (8),
.BR apparmor (8)
Signed-off-by: Alan Jenkins <alan.christopher.jenkins@gmail.com>
There is a signal handler so that the select returns EINTR when the
child exits. EINTR is used to then clean up and flush the remaining
buffers. It should not error.
Signed-off-by: Jason Zaman <jason@perfinion.com>
open_init_pty uses select() to handle all the file descriptors. There is
a very high CPU usage due to select() always returning immediately with
the fd is available for write. This uses a ring buffer and only calls
select on the read/write fds that have data that needs to be
read/written which eliminates the high CPU usage.
This also correctly returns the exit code from the child process.
This was originally from debian where they have been carrying it as a
patch for a long time. Then we got a bug report in gentoo which this
also happens to fix. The original debian patch had the ring buffer
written in C++ so I modified the class into a struct and some static
methods so it is C-only at the request of Steve Lawrence.
Debian bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=474956
Gentoo bug: https://bugs.gentoo.org/show_bug.cgi?id=532616
Signed-off-by: Jason Zaman <jason@perfinion.com>
Tested-by: Laurent Bigonville <bigon@bigon.be>
If /usr/sbin/open_init_pty is not found or is not executable,
access("/usr/sbin/open_init_pty", X_OK) returns -1, not zero.
Use "!= 0" like in other places in SELinux userland libraries and tools.
In C, defining a function with () means "any number of parameters", not
"no parameter". Use (void) instead where applicable and add unused
parameters when needed.
Acked-by: Steve Lawrence <slawrence@tresys.com>
Sometimes using open_init_pty isn't possible. So just call exec() if
that is the case. We no longer ship open_init_pty in Fedora or RHEL6
since it was causing more problems then it was worth. This fix makes
it optional to use the open_init_pty.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
This is purely personal preference. Most of the Makefiles use $() for
Makefile variables, but a couple of places use ${}. Since this obscured
some later Makefile changes I figured I'd just make them all the same up
front.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
It's a very minor thing really, but I believe (on the basis of an
off-list question) that the manual page for policycoreutils/run_init can
be improved by the following short patch which aims to further clarify
the intended usage of such tool and mention that it caters for one
(somewhat hidden) compile-time option.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Email: srivasta@golden-gryphon.com
Subject: policycoreutils: The error message on forkpty() failure is not clear or useful.
Date: Sun, 23 Aug 2009 09:40:58 -0500
Hi,
This has been reported against the Debian BTS.
The current error message when forkpty() fails is not clear or
useful. (Arguably, the erro message in the child branch cold also be
improved) The following patch makes indicate what went wrong. Probably
something better than this could be devised, but this is still a lot
better than the current code.
Signed-off-by: Joshua Brindle <method@manicmethod.com>