psmisc/psmisc-22.20-selinux-scontext.patch

260 lines
8.7 KiB
Diff
Raw Permalink Normal View History

commit 89fa40f0a55096a62809e852244d7db3f445b0cd
Author: Craig Small <csmall@enc.com.au>
Date: Sun Oct 7 10:52:46 2012 +1100
pstree compiles with SE Linux
pstree failed to compile with SE Linux enabled because one of the
scontext was missed and without it enabled the bug doesn't appear.
pstree is now re-worked so scontext is defined as a dummy meaning
most of the code except the reall SE Linux specific stuff is compilied
meaning this sort of thing shouldn't happen too much again.
Bug-Gentoo: https://bugs.gentoo.org/show_bug.cgi?id=437332
Bug-Sourceforge: https://sourceforge.net/p/psmisc/bugs/54/
diff --git a/src/pstree.c b/src/pstree.c
index db57244..b9a01cf 100644
--- a/src/pstree.c
+++ b/src/pstree.c
@@ -47,6 +47,8 @@
#ifdef WITH_SELINUX
#include <selinux/selinux.h>
+#else
+typedef void* security_context_t; /* DUMMY to remove most ifdefs */
#endif /*WITH_SELINUX */
extern const char *__progname;
@@ -81,9 +83,7 @@ typedef struct _proc {
pid_t pid;
pid_t pgid;
uid_t uid;
-#ifdef WITH_SELINUX
security_context_t scontext;
-#endif /*WITH_SELINUX */
char flags;
struct _child *children;
struct _proc *parent;
@@ -131,16 +131,14 @@ static int *more = NULL;
static int print_args = 0, compact = 1, user_change = 0, pids = 0, pgids = 0,
show_parents = 0, by_pid = 0, trunc = 1, wait_end = 0;
-#ifdef WITH_SELINUX
static int show_scontext = 0;
-#endif /*WITH_SELINUX */
static int output_width = 132;
static int cur_x = 1;
static char last_char = 0;
static int dumped = 0; /* used by dump_by_user */
static int charlen = 0; /* length of character */
-static void fix_orphans(void);
+static void fix_orphans(security_context_t scontext);
/*
* Allocates additional buffer space for width and more as needed.
* The first call will allocate the first buffer.
@@ -229,15 +227,12 @@ static int out_int(int x)
return digits;
}
-#ifdef WITH_SELINUX
static void out_scontext(security_context_t scontext)
{
out_string("`");
out_string(scontext);
out_string("'");
}
-#endif /*WITH_SELINUX */
-
static void out_newline(void)
{
@@ -259,12 +254,8 @@ static PROC *find_proc(pid_t pid)
return NULL;
}
-#ifdef WITH_SELINUX
static PROC *new_proc(const char *comm, pid_t pid, uid_t uid,
security_context_t scontext)
-#else /*WITH_SELINUX */
-static PROC *new_proc(const char *comm, pid_t pid, uid_t uid)
-#endif /*WITH_SELINUX */
{
PROC *new;
@@ -279,9 +270,7 @@ static PROC *new_proc(const char *comm, pid_t pid, uid_t uid)
new->flags = 0;
new->argc = 0;
new->argv = NULL;
-#ifdef WITH_SELINUX
new->scontext = scontext;
-#endif /*WITH_SELINUX */
new->children = NULL;
new->parent = NULL;
new->next = list;
@@ -364,24 +353,14 @@ rename_proc(PROC *this, const char *comm, uid_t uid)
}
}
}
-#ifdef WITH_SELINUX
static void
add_proc(const char *comm, pid_t pid, pid_t ppid, pid_t pgid, uid_t uid,
const char *args, int size, char isthread, security_context_t scontext)
-#else /*WITH_SELINUX */
-static void
-add_proc(const char *comm, pid_t pid, pid_t ppid, pid_t pgid, uid_t uid,
- const char *args, int size, char isthread)
-#endif /*WITH_SELINUX */
{
PROC *this, *parent;
if (!(this = find_proc(pid)))
-#ifdef WITH_SELINUX
this = new_proc(comm, pid, uid, scontext);
-#else /*WITH_SELINUX */
- this = new_proc(comm, pid, uid);
-#endif /*WITH_SELINUX */
else {
rename_proc(this, comm, uid);
}
@@ -393,11 +372,7 @@ add_proc(const char *comm, pid_t pid, pid_t ppid, pid_t pgid, uid_t uid,
if (isthread)
this->flags |= PFLAG_THREAD;
if (!(parent = find_proc(ppid))) {
-#ifdef WITH_SELINUX
parent = new_proc("?", ppid, 0, scontext);
-#else /*WITH_SELINUX */
- parent = new_proc("?", ppid, 0);
-#endif
}
if (pid != 0) {
add_child(parent, this);
@@ -494,12 +469,10 @@ dump_tree(PROC * current, int level, int rep, int leaf, int last,
else
(void) out_int(current->uid);
}
-#ifdef WITH_SELINUX
if (show_scontext) {
out_char(info++ ? ',' : '(');
out_scontext(current->scontext);
}
-#endif /*WITH_SELINUX */
if ((swapped && print_args && current->argc < 0) || (!swapped && info))
out_char(')');
if ((current->flags & PFLAG_HILIGHT) && (tmp = tgetstr("me", NULL)))
@@ -520,11 +493,7 @@ dump_tree(PROC * current, int level, int rep, int leaf, int last,
}
}
}
-#ifdef WITH_SELINUX
if (show_scontext || print_args || !current->children)
-#else /*WITH_SELINUX */
- if (print_args || !current->children)
-#endif /*WITH_SELINUX */
{
while (closing--)
out_char(']');
@@ -533,11 +502,7 @@ dump_tree(PROC * current, int level, int rep, int leaf, int last,
ensure_buffer_capacity(level);
more[level] = !last;
-#ifdef WITH_SELINUX
if (show_scontext || print_args)
-#else /*WITH_SELINUX */
- if (print_args)
-#endif /*WITH_SELINUX */
{
width[level] = swapped + (comm_len > 1 ? 0 : -1);
count=0;
@@ -653,8 +618,8 @@ static void read_proc(void)
pid_t pid, ppid, pgid;
int fd, size;
int empty;
-#ifdef WITH_SELINUX
security_context_t scontext = NULL;
+#ifdef WITH_SELINUX
int selinux_enabled = is_selinux_enabled() > 0;
#endif /*WITH_SELINUX */
@@ -726,21 +691,12 @@ static void read_proc(void)
while ((dt = readdir(taskdir)) != NULL) {
if ((thread = atoi(dt->d_name)) != 0) {
if (thread != pid) {
-#ifdef WITH_SELINUX
if (print_args)
add_proc(threadname, thread, pid, pgid, st.st_uid,
threadname, strlen (threadname) + 1, 1,scontext);
else
add_proc(threadname, thread, pid, pgid, st.st_uid,
NULL, 0, 1, scontext);
-#else /*WITH_SELINUX */
- if (print_args)
- add_proc(threadname, thread, pid, pgid, st.st_uid,
- threadname, strlen (threadname) + 1, 1);
- else
- add_proc(threadname, thread, pid, pgid, st.st_uid,
- NULL, 0, 1);
-#endif /*WITH_SELINUX */
}
}
}
@@ -749,11 +705,7 @@ static void read_proc(void)
}
free(taskpath);
if (!print_args)
-#ifdef WITH_SELINUX
add_proc(comm, pid, ppid, pgid, st.st_uid, NULL, 0, 0, scontext);
-#else /*WITH_SELINUX */
- add_proc(comm, pid, ppid, pgid, st.st_uid, NULL, 0, 0);
-#endif /*WITH_SELINUX */
else {
sprintf(path, "%s/%d/cmdline", PROC_BASE, pid);
if ((fd = open(path, O_RDONLY)) < 0) {
@@ -770,13 +722,8 @@ static void read_proc(void)
size--;
if (size)
buffer[size++] = 0;
-#ifdef WITH_SELINUX
add_proc(comm, pid, ppid, pgid, st.st_uid,
buffer, size, 0, scontext);
-#else /*WITH_SELINUX */
- add_proc(comm, pid, ppid, pgid, st.st_uid,
- buffer, size, 0);
-#endif /*WITH_SELINUX */
}
}
}
@@ -787,7 +734,7 @@ static void read_proc(void)
}
}
(void) closedir(dir);
- fix_orphans();
+ fix_orphans(scontext);
if (print_args)
free(buffer);
if (empty) {
@@ -796,7 +743,7 @@ static void read_proc(void)
}
}
-static void fix_orphans(void)
+static void fix_orphans(security_context_t scontext)
{
/* When using kernel 3.3 with hidepid feature enabled on /proc
* then we need fake root pid and gather all the orphan processes
@@ -807,11 +754,7 @@ static void fix_orphans(void)
PROC *root, *walk;
if (!(root = find_proc(ROOT_PID))) {
-#ifdef WITH_SELINUX
root = new_proc("?", ROOT_PID, 0, scontext);
-#else /*WITH_SELINUX */
- root = new_proc("?", ROOT_PID, 0);
-#endif
}
for (walk = list; walk; walk = walk->next) {
if (walk->pid == 1 || walk->pid == 0)