/[baselayout]/branches/baselayout-1_12/src/runscript.c
Gentoo

Diff of /branches/baselayout-1_12/src/runscript.c

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1461 Revision 1462
17#include <dlfcn.h> 17#include <dlfcn.h>
18 18
19#include "core/debug.h" 19#include "core/debug.h"
20#include "core/misc.h" 20#include "core/misc.h"
21 21
22#ifndef LIBDIR
23# define LIBDIR "lib"
24#endif
25
22#define SBIN_RC "/sbin/rc" 26#define SBIN_RC "/sbin/rc"
23#define PROFILE_ENV "/etc/profile.env" 27#define PROFILE_ENV "/etc/profile.env"
28#define RCSCRIPTS_LIB "/" LIBDIR "/rcscripts"
29#define SYS_WHITELIST RCSCRIPTS_LIB "/conf.d/env_whitlist"
24#define ENV_WHITELIST "/etc/conf.d/env_whitlist" 30#define USR_WHITELIST "/etc/conf.d/env_whitlist"
31#define RCSCRIPT_HELP RCSCRIPTS_LIB "/sh/rc-help.sh"
32#define SELINUX_LIB RCSCRIPTS_LIB "/runscript_selinux.so"
25#define SOFTLEVEL "SOFTLEVEL" 33#define SOFTLEVEL "SOFTLEVEL"
26 34
27#define DEFAULT_PATH "PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/sbin" 35#define DEFAULT_PATH "PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/sbin"
28 36
29#define IS_SBIN_RC() (0 == strcmp(caller, SBIN_RC)) 37#define IS_SBIN_RC() (0 == strcmp(caller, SBIN_RC))
34extern char **environ; 42extern char **environ;
35 43
36void setup_selinux(int argc, char **argv) { 44void setup_selinux(int argc, char **argv) {
37 void *lib_handle = NULL; 45 void *lib_handle = NULL;
38 46
39 lib_handle = dlopen("/lib/rcscripts/runscript_selinux.so", RTLD_NOW | RTLD_GLOBAL); 47 lib_handle = dlopen(SELINUX_LIB, RTLD_NOW | RTLD_GLOBAL);
40 if (NULL != lib_handle) { 48 if (NULL != lib_handle) {
41 selinux_run_init_old = dlsym(lib_handle, "selinux_runscript"); 49 selinux_run_init_old = dlsym(lib_handle, "selinux_runscript");
42 selinux_run_init_new = dlsym(lib_handle, "selinux_runscript2"); 50 selinux_run_init_new = dlsym(lib_handle, "selinux_runscript2");
43 51
44 /* Use new run_init if it exists, else fall back to old */ 52 /* Use new run_init if it exists, else fall back to old */
52 exit(127); 60 exit(127);
53 } 61 }
54 } 62 }
55} 63}
56 64
57char **get_whitelist() { 65char **get_whitelist(char **whitelist, char *filename) {
58 char **whitelist = NULL;
59 char *buf = NULL; 66 char *buf = NULL;
60 char *tmp_buf = NULL; 67 char *tmp_buf = NULL;
61 char *tmp_p = NULL; 68 char *tmp_p = NULL;
62 char *token = NULL; 69 char *token = NULL;
63 size_t lenght = 0; 70 size_t lenght = 0;
64 int count = 0; 71 int count = 0;
65 int current = 0; 72 int current = 0;
66 73
67 if (-1 == file_map(ENV_WHITELIST, &buf, &lenght)) 74 if (-1 == file_map(filename, &buf, &lenght))
68 return NULL; 75 return NULL;
69 76
70 while (current < lenght) { 77 while (current < lenght) {
71 count = buf_get_line(buf, lenght, current); 78 count = buf_get_line(buf, lenght, current);
72 79
120 if (NULL != getenv(SOFTLEVEL) && !IS_SBIN_RC()) 127 if (NULL != getenv(SOFTLEVEL) && !IS_SBIN_RC())
121 /* Called from /sbin/rc, but not /sbin/rc itself, so current 128 /* Called from /sbin/rc, but not /sbin/rc itself, so current
122 * environment should be fine */ 129 * environment should be fine */
123 return environ; 130 return environ;
124 131
125 if (1 != is_file(ENV_WHITELIST, 1)) 132 if (1 == is_file(SYS_WHITELIST, 1))
133 whitelist = get_whitelist(whitelist, SYS_WHITELIST);
134 else
135 EWARN("System environment whitelist missing!\n");
136
137 if (1 == is_file(USR_WHITELIST, 1))
138 whitelist = get_whitelist(whitelist, USR_WHITELIST);
139
140 if (NULL == whitelist)
126 /* If no whitelist is present, revert to old behaviour */ 141 /* If no whitelist is present, revert to old behaviour */
127 return environ; 142 return environ;
128 143
129 if (1 != is_file(PROFILE_ENV, 1)) 144 if (1 != is_file(PROFILE_ENV, 1))
130 /* XXX: Maybe warn here? */ 145 /* XXX: Maybe warn here? */
131 check_profile = 0; 146 check_profile = 0;
132 147
133 whitelist = get_whitelist();
134 STRING_LIST_FOR_EACH(whitelist, env_name, count) { 148 STRING_LIST_FOR_EACH(whitelist, env_name, count) {
135 char *env_var = NULL; 149 char *env_var = NULL;
136 char *tmp_p = NULL; 150 char *tmp_p = NULL;
137 int env_len = 0; 151 int env_len = 0;
138 152
206 } 220 }
207 myargs[new] = NULL; 221 myargs[new] = NULL;
208 222
209 /* Do not do help for /sbin/rc */ 223 /* Do not do help for /sbin/rc */
210 if (argc < 3 && !IS_SBIN_RC()) { 224 if (argc < 3 && !IS_SBIN_RC()) {
211 execv("/lib/rcscripts/sh/rc-help.sh", myargs); 225 execv(RCSCRIPT_HELP, myargs);
212 exit(1); 226 exit(1);
213 } 227 }
214 228
215 /* Setup a filtered environment according to the whitelist */ 229 /* Setup a filtered environment according to the whitelist */
216 myenv = filter_environ(caller); 230 myenv = filter_environ(caller);

Legend:
Removed from v.1461  
changed lines
  Added in v.1462

  ViewVC Help
Powered by ViewVC 1.1.20