Skip to content

Commit

Permalink
Using vendor defined directories for configuration files besides user…
Browse files Browse the repository at this point in the history
…/admin defined configuration files.

Signed-off-by: Stefan Schubert <[email protected]>
  • Loading branch information
schubi2 committed Dec 15, 2023
1 parent 97fa708 commit 6941162
Show file tree
Hide file tree
Showing 4 changed files with 90 additions and 5 deletions.
6 changes: 6 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -135,6 +135,12 @@ This may render your system unusable if the upstream SELinux userspace
lacks library functions or other dependencies relied upon by your
distribution. If it breaks, you get to keep both pieces.

A directory for distribution provided configuration files (in e.g. /usr/etc) can be set by:

make VENDORDIR=/usr/etc

If distribution provided configuration files are used, the library libeconf is
needed for parsing these files in the correct order.

## Setting CFLAGS

Expand Down
8 changes: 8 additions & 0 deletions policycoreutils/sestatus/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ BINDIR ?= $(PREFIX)/bin
SBINDIR ?= $(PREFIX)/sbin
MANDIR = $(PREFIX)/share/man
ETCDIR ?= /etc
LIBECONFH ?= $(shell test -f /usr/include/libeconf.h && echo y)

CFLAGS ?= -Werror -Wall -W
override CFLAGS += -D_FILE_OFFSET_BITS=64
Expand All @@ -13,6 +14,13 @@ override LDLIBS += -lselinux
all: sestatus

sestatus: sestatus.o
ifdef VENDORDIR
ifneq ($(LIBECONFH), y)
(echo "VENDORDIR defined but libeconf not available."; exit 1)
endif
override CFLAGS += -DVENDORDIR='"${VENDORDIR}"'
override LDLIBS += -leconf
endif

install: all
[ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p $(DESTDIR)$(MANDIR)/man8
Expand Down
79 changes: 75 additions & 4 deletions policycoreutils/sestatus/sestatus.c
Original file line number Diff line number Diff line change
Expand Up @@ -21,11 +21,16 @@

#define PROC_BASE "/proc"
#define MAX_CHECK 50
#define CONF "/etc/sestatus.conf"
#define CONFDIR "/etc"
#define CONFNAME "sestatus"
#define CONFPOST "conf"
#define CONF CONFDIR "/" CONFNAME "." CONFPOST

/* conf file sections */
#define PROCS "[process]"
#define FILES "[files]"
#define SECTIONPROCS "process"
#define SECTIONFILES "files"
#define PROCS "[" SECTIONPROCS "]"
#define FILES "[" SECTIONFILES "]"

/* buffer size for cmp_cmdline */
#define BUFSIZE 255
Expand Down Expand Up @@ -92,9 +97,75 @@ static int pidof(const char *command)
return ret;
}

static void load_checks(char *pc[], int *npc, char *fc[], int *nfc)
#ifdef VENDORDIR
#include <libeconf.h>

static void load_checks_with_vendor_settings(char *pc[], int *npc, char *fc[], int *nfc)
{
econf_file *key_file = NULL;
econf_err error;
char **keys;
size_t key_number;

error = econf_readDirs (&key_file,
VENDORDIR,
CONFDIR,
CONFNAME,
CONFPOST,
"", "#");
if (error != ECONF_SUCCESS) {
printf("\nCannot read settings %s.%s: %s\n",
CONFNAME,
CONFPOST,
econf_errString( error ));
return;
}

error = econf_getKeys(key_file, SECTIONPROCS, &key_number, &keys);
if (error != ECONF_SUCCESS) {
printf("\nCannot read group %s: %s\n",
SECTIONPROCS,
econf_errString( error ));
} else {
for (size_t i = 0; i < key_number; i++) {
if (*npc >= MAX_CHECK)
break;
pc[*npc] = strdup(keys[i]);
if (!pc[*npc])
break;
(*npc)++;
}
econf_free (keys);
}

error = econf_getKeys(key_file, SECTIONFILES, &key_number, &keys);
if (error != ECONF_SUCCESS) {
printf("\nCannot read group %s: %s\n",
SECTIONFILES,
econf_errString( error ));
} else {
for (size_t i = 0; i < key_number; i++) {
if (*nfc >= MAX_CHECK)
break;
fc[*nfc] = strdup(keys[i]);
if (!fc[*nfc])
break;
(*nfc)++;
}
econf_free (keys);
}

econf_free (key_file);
return;
}
#endif

static void load_checks(char *pc[], int *npc, char *fc[], int *nfc)
{
#ifdef VENDORDIR
load_checks_with_vendor_settings(pc, npc, fc, nfc);
return;
#endif
FILE *fp = fopen(CONF, "r");
char buf[255], *bufp;
int buf_len, section = -1;
Expand Down
2 changes: 1 addition & 1 deletion policycoreutils/sestatus/sestatus.conf.5
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ The \fIsestatus.conf\fR file is used by the \fBsestatus\fR(8) command with the \
.sp
The fully qualified path name of the configuration file is:
.RS
\fI/etc/sestatus.conf\fR
\fI/etc/sestatus.conf\fR or \fI<vendordir>/sestatus.conf\fR if it is not available
.RE
.RE
.sp
Expand Down

0 comments on commit 6941162

Please sign in to comment.