From c6f35241b38ea0c9581409efcd83716b74918903 Mon Sep 17 00:00:00 2001 From: Mike Frysinger Date: Fri, 9 Dec 2016 18:30:30 -0500 Subject: selinux: drop deprecated headers The selinux guys want you to get class values at runtime by converting textual names into constants. Drop the deprecated headers and switch to the new format. This API has been around for years, so there shouldn't be an issue with backwards compatibility. Signed-off-by: Mike Frysinger --- libbb/update_passwd.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) (limited to 'libbb/update_passwd.c') diff --git a/libbb/update_passwd.c b/libbb/update_passwd.c index a2004f480..6255af492 100644 --- a/libbb/update_passwd.c +++ b/libbb/update_passwd.c @@ -30,7 +30,18 @@ static void check_selinux_update_passwd(const char *username) if (!seuser) bb_error_msg_and_die("invalid context '%s'", context); if (strcmp(seuser, username) != 0) { - if (checkPasswdAccess(PASSWD__PASSWD) != 0) + security_class_t tclass; + access_vector_t av; + + tclass = string_to_security_class("passwd"); + if (tclass == 0) + goto die; + av = string_to_av_perm(tclass, "passwd"); + if (av == 0) + goto die; + + if (selinux_check_passwd_access(av) != 0) + die: bb_error_msg_and_die("SELinux: access denied"); } if (ENABLE_FEATURE_CLEAN_UP) -- cgit v1.2.3-55-g6feb From c2f3655842f5e9872631fbf0a4d0339baa44dc63 Mon Sep 17 00:00:00 2001 From: Denys Vlasenko Date: Fri, 23 Dec 2016 02:42:26 +0100 Subject: fix breakage found by mass one-applet builds Signed-off-by: Denys Vlasenko --- archival/bbunzip.c | 4 ++++ libbb/Kbuild.src | 1 + libbb/appletlib.c | 32 ++++++++++++++++---------------- libbb/update_passwd.c | 2 ++ networking/libiproute/Kbuild.src | 3 +++ networking/udhcp/Config.src | 2 -- networking/udhcp/Kbuild.src | 2 +- sysklogd/logread.c | 3 ++- 8 files changed, 29 insertions(+), 20 deletions(-) (limited to 'libbb/update_passwd.c') diff --git a/archival/bbunzip.c b/archival/bbunzip.c index d5db4627f..60a837e22 100644 --- a/archival/bbunzip.c +++ b/archival/bbunzip.c @@ -9,8 +9,12 @@ /* lzop_main() uses bbunpack(), need this: */ //kbuild:lib-$(CONFIG_LZOP) += bbunzip.o +//kbuild:lib-$(CONFIG_LZOPCAT) += bbunzip.o +//kbuild:lib-$(CONFIG_UNLZOP) += bbunzip.o /* bzip2_main() too: */ //kbuild:lib-$(CONFIG_BZIP2) += bbunzip.o +/* gzip_main() too: */ +//kbuild:lib-$(CONFIG_GZIP) += bbunzip.o /* Note: must be kept in sync with archival/lzop.c */ enum { diff --git a/libbb/Kbuild.src b/libbb/Kbuild.src index e426f3c7e..898a51a89 100644 --- a/libbb/Kbuild.src +++ b/libbb/Kbuild.src @@ -176,6 +176,7 @@ lib-$(CONFIG_TRACEROUTE6) += inet_cksum.o lib-$(CONFIG_UDHCPC) += inet_cksum.o lib-$(CONFIG_UDHCPC6) += inet_cksum.o lib-$(CONFIG_UDHCPD) += inet_cksum.o +lib-$(CONFIG_DHCPRELAY) += inet_cksum.o # We shouldn't build xregcomp.c if we don't need it - this ensures we don't # require regex.h to be in the include dir even if we don't need it thereby diff --git a/libbb/appletlib.c b/libbb/appletlib.c index 9425c7bd4..ee8b4ec14 100644 --- a/libbb/appletlib.c +++ b/libbb/appletlib.c @@ -329,21 +329,6 @@ static struct suid_config_t { static bool suid_cfg_readable; -/* check if u is member of group g */ -static int ingroup(uid_t u, gid_t g) -{ - struct group *grp = getgrgid(g); - if (grp) { - char **mem; - for (mem = grp->gr_mem; *mem; mem++) { - struct passwd *pwd = getpwnam(*mem); - if (pwd && (pwd->pw_uid == u)) - return 1; - } - } - return 0; -} - /* libbb candidate */ static char *get_trimmed_slice(char *s, char *e) { @@ -568,7 +553,22 @@ static inline void parse_config_file(void) # endif /* FEATURE_SUID_CONFIG */ -# if ENABLE_FEATURE_SUID +# if ENABLE_FEATURE_SUID && NUM_APPLETS > 0 +/* check if u is member of group g */ +static int ingroup(uid_t u, gid_t g) +{ + struct group *grp = getgrgid(g); + if (grp) { + char **mem; + for (mem = grp->gr_mem; *mem; mem++) { + struct passwd *pwd = getpwnam(*mem); + if (pwd && (pwd->pw_uid == u)) + return 1; + } + } + return 0; +} + static void check_suid(int applet_no) { gid_t rgid; /* real gid */ diff --git a/libbb/update_passwd.c b/libbb/update_passwd.c index 6255af492..95423d19b 100644 --- a/libbb/update_passwd.c +++ b/libbb/update_passwd.c @@ -180,6 +180,7 @@ int FAST_FUNC update_passwd(const char *filename, if (!line) /* EOF/error */ break; +#if ENABLE_FEATURE_ADDUSER_TO_GROUP || ENABLE_FEATURE_DEL_USER_FROM_GROUP if (!name && member) { /* Delete member from all groups */ /* line is "GROUP:PASSWD:[member1[,member2]...]" */ @@ -209,6 +210,7 @@ int FAST_FUNC update_passwd(const char *filename, fprintf(new_fp, "%s\n", line); goto next; } +#endif cp = is_prefixed_with(line, name_colon); if (!cp) { diff --git a/networking/libiproute/Kbuild.src b/networking/libiproute/Kbuild.src index c20e2fee8..056a58540 100644 --- a/networking/libiproute/Kbuild.src +++ b/networking/libiproute/Kbuild.src @@ -62,13 +62,16 @@ lib-$(CONFIG_FEATURE_IP_TUNNEL) += \ lib-$(CONFIG_FEATURE_IP_RULE) += \ ip_parse_common_args.o \ iprule.o \ + libnetlink.o \ rt_names.o \ + rtm_map.o \ utils.o lib-$(CONFIG_FEATURE_IP_NEIGH) += \ ip_parse_common_args.o \ ipneigh.o \ libnetlink.o \ + ll_addr.o \ ll_map.o \ rt_names.o \ utils.o diff --git a/networking/udhcp/Config.src b/networking/udhcp/Config.src index c34c8d6f0..90fb313b5 100644 --- a/networking/udhcp/Config.src +++ b/networking/udhcp/Config.src @@ -16,7 +16,6 @@ config UDHCPD config DHCPRELAY bool "dhcprelay" default y - depends on UDHCPD help dhcprelay listens for dhcp requests on one or more interfaces and forwards these requests to a different interface or dhcp @@ -25,7 +24,6 @@ config DHCPRELAY config DUMPLEASES bool "Lease display utility (dumpleases)" default y - depends on UDHCPD help dumpleases displays the leases written out by the udhcpd server. Lease times are stored in the file by time remaining in lease, or diff --git a/networking/udhcp/Kbuild.src b/networking/udhcp/Kbuild.src index 5ea77df06..fcb725fbc 100644 --- a/networking/udhcp/Kbuild.src +++ b/networking/udhcp/Kbuild.src @@ -15,7 +15,7 @@ lib-$(CONFIG_UDHCPD) += common.o packet.o signalpipe.o socket.o lib-$(CONFIG_UDHCPC) += dhcpc.o lib-$(CONFIG_UDHCPD) += dhcpd.o arpping.o lib-$(CONFIG_DUMPLEASES) += dumpleases.o -lib-$(CONFIG_DHCPRELAY) += dhcprelay.o +lib-$(CONFIG_DHCPRELAY) += dhcprelay.o common.o socket.o packet.o lib-$(CONFIG_FEATURE_UDHCPC_ARPING) += arpping.o lib-$(CONFIG_FEATURE_UDHCP_RFC3397) += domain_codec.o diff --git a/sysklogd/logread.c b/sysklogd/logread.c index 5b999730a..1f0c6252d 100644 --- a/sysklogd/logread.c +++ b/sysklogd/logread.c @@ -11,7 +11,8 @@ //config:config LOGREAD //config: bool "logread" //config: default y -//config: depends on FEATURE_IPC_SYSLOG +//WRONG: it should be compilable without SYSLOG=y: +//WRONG: depends on FEATURE_IPC_SYSLOG //config: help //config: If you enabled Circular Buffer support, you almost //config: certainly want to enable this feature as well. This -- cgit v1.2.3-55-g6feb