Hi all,
For some cross compiling cases, I need to use semodule to create the
policy store at build time.
It is,
semodule -n -b base.pp -i some.pp .. -p $TARGET_ROOT
With this, semodule will use /etc/selinux/semanage.conf by calling
semanage_handle_create():
// libsemanage/src/handle.c
semanage_handle_t *semanage_handle_create(void)
{
semanage_handle_t *sh = NULL;
const char *conf_name = NULL;
/* Allocate handle */
if ((sh = calloc(1, sizeof(semanage_handle_t))) == NULL)
goto err;
if ((conf_name = semanage_conf_path()) == NULL)
goto err;
if ((sh->conf = semanage_conf_parse(conf_name)) == NULL)
goto err;
While there may be some different options in semanage.conf for the
target, I am trying to specify a special semanage.conf path instead of
/etc/selinux/semanage.conf in the build host.
Commit 9cd587f5533456e7b26601e27e65744272e2e783 introduced
semanage_set_root() as an alternate root for policy stores. So I make
a patch to use the semanage.conf in the alternate root.
After the patch, semodule -p /target will use
/target/etc/selinux/semanage.conf as the config file.
Anyone who has better solutions, please
diff --git a/libsemanage/src/handle.c b/libsemanage/src/handle.c
index 7adc1cc..ef36152 100644
--- a/libsemanage/src/handle.c
+++ b/libsemanage/src/handle.c
@@ -41,6 +41,7 @@
#include <string.h>
#include <selinux/selinux.h>
static char *private_selinux_path = NULL;
+static char *private_semanage_conf_path = NULL;
static char *private_file_context_path = NULL;
static char *private_file_context_local_path = NULL;
static char *private_file_context_homedir_path = NULL;
@@ -52,6 +53,7 @@ static char *private_policy_root = NULL;
void semanage_free_root() {
free(private_selinux_path); private_selinux_path = NULL;
+ free(private_semanage_conf_path); private_semanage_conf_path = NULL;
free(private_file_context_path); private_file_context_path = NULL;
free(private_file_context_local_path);
private_file_context_local_path = NULL;
free(private_file_context_homedir_path);
private_file_context_homedir_path = NULL;
@@ -68,6 +70,10 @@ int semanage_set_root(const char *path) {
goto error;
}
+ if ( asprintf(&private_semanage_conf_path, "%s/%s", path,
semanage_conf_path()) < 0 ) {
+ goto error;
+ }
+
if ( asprintf(&private_file_context_path, "%s/%s", path,
selinux_file_context_path()) < 0 ) {
goto error;
}
@@ -171,6 +177,13 @@ const char *semanage_selinux_path(void) {
return selinux_path();
}
+const char *semanage_semanage_conf_path(void) {
+ if (private_semanage_conf_path
+ && access(private_semanage_conf_path, R_OK) == 0)
+ return private_semanage_conf_path;
+ return semanage_conf_path();
+}
+
semanage_handle_t *semanage_handle_create(void)
{
semanage_handle_t *sh = NULL;
@@ -180,7 +193,7 @@ semanage_handle_t *semanage_handle_create(void)
if ((sh = calloc(1, sizeof(semanage_handle_t))) == NULL)
goto err;
- if ((conf_name = semanage_conf_path()) == NULL)
+ if ((conf_name = semanage_semanage_conf_path()) == NULL)
goto err;
if ((sh->conf = semanage_conf_parse(conf_name)) == NULL)
From 811e113c1e6fddccca729f8e133321c46db95c80 Mon Sep 17 00:00:00 2001
From: Xin Ouyang <xinpascal@xxxxxxxxx>
Date: Wed, 4 Jan 2012 14:38:36 +0800
Subject: [PATCH] libsemanage: semanage.conf with semanage_set_root.
Allow applications to use semanage.conf in the alternate root, if
semanage_set_root called.
---
libsemanage/src/handle.c | 15 ++++++++++++++-
1 files changed, 14 insertions(+), 1 deletions(-)
diff --git a/libsemanage/src/handle.c b/libsemanage/src/handle.c
index 7adc1cc..ef36152 100644
--- a/libsemanage/src/handle.c
+++ b/libsemanage/src/handle.c
@@ -41,6 +41,7 @@
#include <string.h>
#include <selinux/selinux.h>
static char *private_selinux_path = NULL;
+static char *private_semanage_conf_path = NULL;
static char *private_file_context_path = NULL;
static char *private_file_context_local_path = NULL;
static char *private_file_context_homedir_path = NULL;
@@ -52,6 +53,7 @@ static char *private_policy_root = NULL;
void semanage_free_root() {
free(private_selinux_path); private_selinux_path = NULL;
+ free(private_semanage_conf_path); private_semanage_conf_path = NULL;
free(private_file_context_path); private_file_context_path = NULL;
free(private_file_context_local_path); private_file_context_local_path = NULL;
free(private_file_context_homedir_path); private_file_context_homedir_path = NULL;
@@ -68,6 +70,10 @@ int semanage_set_root(const char *path) {
goto error;
}
+ if ( asprintf(&private_semanage_conf_path, "%s/%s", path, semanage_conf_path()) < 0 ) {
+ goto error;
+ }
+
if ( asprintf(&private_file_context_path, "%s/%s", path, selinux_file_context_path()) < 0 ) {
goto error;
}
@@ -171,6 +177,13 @@ const char *semanage_selinux_path(void) {
return selinux_path();
}
+const char *semanage_semanage_conf_path(void) {
+ if (private_semanage_conf_path
+ && access(private_semanage_conf_path, R_OK) == 0)
+ return private_semanage_conf_path;
+ return semanage_conf_path();
+}
+
semanage_handle_t *semanage_handle_create(void)
{
semanage_handle_t *sh = NULL;
@@ -180,7 +193,7 @@ semanage_handle_t *semanage_handle_create(void)
if ((sh = calloc(1, sizeof(semanage_handle_t))) == NULL)
goto err;
- if ((conf_name = semanage_conf_path()) == NULL)
+ if ((conf_name = semanage_semanage_conf_path()) == NULL)
goto err;
if ((sh->conf = semanage_conf_parse(conf_name)) == NULL)
--
1.7.5.4
