-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Systemd needs some default contexts specified.
This patch looks good to me. acked.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlJpJMkACgkQrlYvE4MpobNOIgCgqVRbslYSW4sLMWaWCjdmLyf0
yREAoKzIEcASqCnMsEBzymdcD2KaZ2kF
=a2TL
-----END PGP SIGNATURE-----
>From 11787d9a081a117afaa4e3dc5f713e5a0bdce766 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@xxxxxxxxxx>
Date: Wed, 9 Oct 2013 14:52:49 -0400
Subject: [PATCH 08/74] Add selinux_systemd_contexts_path
systemd has some internal contexts like generated systemd unit files
that we want to allow it to check against processes trying to manage them.
---
libselinux/include/selinux/selinux.h | 1 +
libselinux/src/file_path_suffixes.h | 1 +
libselinux/src/selinux_config.c | 10 +++++++++-
libselinux/src/selinux_internal.h | 1 +
4 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/libselinux/include/selinux/selinux.h b/libselinux/include/selinux/selinux.h
index 9151bf2..7e50857 100644
--- a/libselinux/include/selinux/selinux.h
+++ b/libselinux/include/selinux/selinux.h
@@ -521,6 +521,7 @@ extern const char *selinux_virtual_image_context_path(void);
extern const char *selinux_lxc_contexts_path(void);
extern const char *selinux_x_context_path(void);
extern const char *selinux_sepgsql_context_path(void);
+extern const char *selinux_systemd_contexts_path(void);
extern const char *selinux_contexts_path(void);
extern const char *selinux_securetty_types_path(void);
extern const char *selinux_booleans_subs_path(void);
diff --git a/libselinux/src/file_path_suffixes.h b/libselinux/src/file_path_suffixes.h
index d11c8dc..3c92424 100644
--- a/libselinux/src/file_path_suffixes.h
+++ b/libselinux/src/file_path_suffixes.h
@@ -23,6 +23,7 @@ S_(BINPOLICY, "/policy/policy")
S_(VIRTUAL_DOMAIN, "/contexts/virtual_domain_context")
S_(VIRTUAL_IMAGE, "/contexts/virtual_image_context")
S_(LXC_CONTEXTS, "/contexts/lxc_contexts")
+ S_(SYSTEMD_CONTEXTS, "/contexts/systemd_contexts")
S_(FILE_CONTEXT_SUBS, "/contexts/files/file_contexts.subs")
S_(FILE_CONTEXT_SUBS_DIST, "/contexts/files/file_contexts.subs_dist")
S_(SEPGSQL_CONTEXTS, "/contexts/sepgsql_contexts")
diff --git a/libselinux/src/selinux_config.c b/libselinux/src/selinux_config.c
index 9d90418..020d57a 100644
--- a/libselinux/src/selinux_config.c
+++ b/libselinux/src/selinux_config.c
@@ -50,7 +50,8 @@
#define FILE_CONTEXT_SUBS_DIST 25
#define LXC_CONTEXTS 26
#define BOOLEAN_SUBS 27
-#define NEL 28
+#define SYSTEMD_CONTEXTS 28
+#define NEL 29
/* Part of one-time lazy init */
static pthread_once_t once = PTHREAD_ONCE_INIT;
@@ -467,6 +468,13 @@ const char *selinux_lxc_contexts_path(void)
hidden_def(selinux_lxc_contexts_path)
+const char *selinux_systemd_contexts_path(void)
+{
+ return get_path(SYSTEMD_CONTEXTS);
+}
+
+hidden_def(selinux_systemd_contexts_path)
+
const char * selinux_booleans_subs_path(void) {
return get_path(BOOLEAN_SUBS);
}
diff --git a/libselinux/src/selinux_internal.h b/libselinux/src/selinux_internal.h
index 2c7c85c..7c930e5 100644
--- a/libselinux/src/selinux_internal.h
+++ b/libselinux/src/selinux_internal.h
@@ -82,6 +82,7 @@ hidden_proto(selinux_mkload_policy)
hidden_proto(selinux_media_context_path)
hidden_proto(selinux_x_context_path)
hidden_proto(selinux_sepgsql_context_path)
+ hidden_proto(selinux_systemd_contexts_path)
hidden_proto(selinux_path)
hidden_proto(selinux_check_passwd_access)
hidden_proto(selinux_check_securetty_context)
--
1.8.3.1
