diff options
| author | Aaron Plattner <aplattner@nvidia.com> | 2008-02-13 10:20:38 -0800 |
|---|---|---|
| committer | Aaron Plattner <aplattner@nvidia.com> | 2008-02-13 10:20:38 -0800 |
| commit | 30f54717116fe314c559326af8efd0a775944a41 (patch) | |
| tree | 46f6fbf5693c5de0f44dfa106124835afdd30d0b | |
| parent | da0b9b2b01971f73d0dc072f538ef43aac0ee49d (diff) | |
1.0-96291.0-9629
| -rw-r--r-- | DRIVER_VERSION | 2 | ||||
| -rw-r--r-- | command-list.c | 4 | ||||
| -rw-r--r-- | files.c | 4 | ||||
| -rw-r--r-- | kernel.c | 6 | ||||
| -rw-r--r-- | misc.c | 51 | ||||
| -rw-r--r-- | nvidia-installer.c | 2 | ||||
| -rw-r--r-- | nvidia-installer.h | 1 | ||||
| -rw-r--r-- | option_table.h | 12 |
8 files changed, 71 insertions, 11 deletions
diff --git a/DRIVER_VERSION b/DRIVER_VERSION index fef6dba..472088d 100644 --- a/DRIVER_VERSION +++ b/DRIVER_VERSION @@ -1 +1 @@ -1.0-9626 +1.0-9629 diff --git a/command-list.c b/command-list.c index f8412a1..e604a20 100644 --- a/command-list.c +++ b/command-list.c @@ -228,8 +228,8 @@ CommandList *build_command_list(Options *op, Package *p) if (op->selinux_enabled && ((p->entries[i].flags & FILE_TYPE_SHARED_LIB) || (p->entries[i].flags & FILE_TYPE_XMODULE_SHARED_LIB))) { - tmp = nvstrcat(op->utils[CHCON], " -t shlib_t ", p->entries[i].dst, - NULL); + tmp = nvstrcat(op->utils[CHCON], " -t ", op->selinux_chcon_type, + " ", p->entries[i].dst, NULL); add_command(c, RUN_CMD, tmp); nvfree(tmp); } @@ -1864,8 +1864,8 @@ int set_security_context(Options *op, const char *filename) return TRUE; } - cmd = nvstrcat(op->utils[CHCON], " -t shlib_t ", filename, - NULL); + cmd = nvstrcat(op->utils[CHCON], " -t ", op->selinux_chcon_type, " ", + filename, NULL); ret = run_command(op, cmd, NULL, FALSE, 0, TRUE); @@ -75,9 +75,9 @@ static const char install_your_kernel_source[] = "Please make sure you have installed the kernel source files for " "your kernel and that they are properly configured; on Red Hat " "Linux systems, for example, be sure you have the 'kernel-source' " -"RPM installed. If you know the correct kernel source files are " -"installed, you may specify the kernel source path with the " -"'--kernel-source-path' command line option."; +"or 'kernel-devel' RPM installed. If you know the correct kernel " +"source files are installed, you may specify the kernel source " +"path with the '--kernel-source-path' command line option."; @@ -2166,7 +2166,56 @@ int check_selinux(Options *op) } break; } - + + /* Figure out which chcon type we need if the user didn't supply one. */ + if (op->selinux_enabled && !op->selinux_chcon_type) { + unsigned char foo = 0; + char *tmpfile; + static const char* chcon_types[] = { + "textrel_shlib_t", /* Shared library with text relocations */ + "texrel_shlib_t", /* Obsolete synonym for the above */ + "shlib_t", /* Generic shared library */ + NULL + }; + + /* Create a temporary file */ + tmpfile = write_temp_file(op, 1, &foo, S_IRUSR); + if (!tmpfile) { + ui_warn(op, "Couldn't test chcon. Assuming shlib_t."); + op->selinux_chcon_type = "shlib_t"; + } else { + int i, ret; + char *cmd; + + /* Try each chcon command */ + for (i = 0; chcon_types[i]; i++) { + cmd = nvstrcat(op->utils[CHCON], " -t ", chcon_types[i], " ", + tmpfile, NULL); + ret = run_command(op, cmd, NULL, FALSE, 0, TRUE); + nvfree(cmd); + + if (ret == 0) break; + } + + if (!chcon_types[i]) { + /* None of them work! */ + ui_warn(op, "Couldn't find a working chcon argument. " + "Defaulting to shlib_t."); + op->selinux_chcon_type = "shlib_t"; + } else { + op->selinux_chcon_type = chcon_types[i]; + } + + unlink(tmpfile); + nvfree(tmpfile); + } + } + + if (op->selinux_enabled) { + ui_log(op, "Tagging shared libraries with chcon -t %s.", + op->selinux_chcon_type); + } + return TRUE; } /* check_selinux */ diff --git a/nvidia-installer.c b/nvidia-installer.c index af787fc..ee6e65b 100644 --- a/nvidia-installer.c +++ b/nvidia-installer.c @@ -414,6 +414,8 @@ Options *parse_commandline(int argc, char *argv[]) exit(1); } break; + case SELINUX_CHCON_TYPE_OPTION: + op->selinux_chcon_type = optarg; break; case NO_SIGWINCH_WORKAROUND_OPTION: op->sigwinch_workaround = FALSE; break; diff --git a/nvidia-installer.h b/nvidia-installer.h index d11a17b..aacc02e 100644 --- a/nvidia-installer.h +++ b/nvidia-installer.h @@ -180,6 +180,7 @@ typedef struct __options { char *kernel_name; char *rpm_file_list; char *precompiled_kernel_interfaces_path; + const char *selinux_chcon_type; Distribution distro; diff --git a/option_table.h b/option_table.h index 5a25039..2c28f36 100644 --- a/option_table.h +++ b/option_table.h @@ -45,6 +45,7 @@ enum { COMPAT32_LIBDIR_OPTION, UPDATE_OPTION, FORCE_SELINUX_OPTION, + SELINUX_CHCON_TYPE_OPTION, NO_SIGWINCH_WORKAROUND_OPTION, X_MODULE_PATH_OPTION, DOCUMENTATION_PREFIX_OPTION, @@ -389,7 +390,8 @@ static const NVOption __options[] = { { "force-selinux", FORCE_SELINUX_OPTION, NVOPT_HAS_ARGUMENT, "Linux installations using SELinux (Security-Enhanced Linux) " "require that the security type of all shared libraries be set " - "to 'shlib_t'. nvidia-installer will detect when to set " + "to 'shlib_t' or 'textrel_shlib_t', depending on the distribution. " + "nvidia-installer will detect when to set " "the security type, and set it using chcon(1) on the shared " "libraries it installs. Use this option to override " "nvidia-installer's detection of when to set the security type. " @@ -397,7 +399,13 @@ static const NVOption __options[] = { "security type), " "'no' (prevent setting of the security type), and 'default' " "(let nvidia-installer decide when to set the security type)." }, - + + { "selinux-chcon-type", SELINUX_CHCON_TYPE_OPTION, NVOPT_HAS_ARGUMENT, + "When SELinux support is enabled, nvidia-installer will try to determine " + "which chcon argument to use by first trying 'textrel_shlib_t', then " + "'texrel_shlib_t', then 'shlib_t'. Use this option to override this " + "detection logic." }, + { "no-sigwinch-workaround", NO_SIGWINCH_WORKAROUND_OPTION, 0, "Normally, nvidia-installer ignores the SIGWINCH signal before it " "forks to execute commands, e.g. to build the kernel module, and " |