From patchwork Tue Oct 25 19:26:06 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryce Ferguson X-Patchwork-Id: 686677 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3t3NTs26X6z9sD6 for ; Wed, 26 Oct 2016 06:28:01 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id AD75C86488; Tue, 25 Oct 2016 19:27:59 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9NzMNEnZPSLM; Tue, 25 Oct 2016 19:27:54 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by whitealder.osuosl.org (Postfix) with ESMTP id 4B52092053; Tue, 25 Oct 2016 19:26:51 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by ash.osuosl.org (Postfix) with ESMTP id 5C3561C1E97 for ; Tue, 25 Oct 2016 19:26:46 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 4A8D192026 for ; Tue, 25 Oct 2016 19:26:46 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BM+-5kyLZIdP for ; Tue, 25 Oct 2016 19:26:41 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from secvs01.rockwellcollins.com (secvs01.rockwellcollins.com [205.175.225.240]) by whitealder.osuosl.org (Postfix) with ESMTPS id BC3EE91FDA for ; Tue, 25 Oct 2016 19:26:33 +0000 (UTC) Received: from ofwgwc03.rockwellcollins.com (HELO dtulimr01.rockwellcollins.com) ([205.175.225.12]) by secvs01.rockwellcollins.com with ESMTP; 25 Oct 2016 14:26:32 -0500 X-Received: from largo.rockwellcollins.com (unknown [192.168.140.76]) by dtulimr01.rockwellcollins.com (Postfix) with ESMTP id AA1ED60266; Tue, 25 Oct 2016 14:26:32 -0500 (CDT) From: Bryce Ferguson To: buildroot@buildroot.org Date: Tue, 25 Oct 2016 14:26:06 -0500 Message-Id: <1477423570-15694-4-git-send-email-bryce.ferguson@rockwellcollins.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1477423570-15694-1-git-send-email-bryce.ferguson@rockwellcollins.com> References: <1477423570-15694-1-git-send-email-bryce.ferguson@rockwellcollins.com> Cc: Niranjan Reddy Subject: [Buildroot] [PATCH v13 4/8] util-linux: selinux, audit, and pam support X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" From: Matt Weber This patch adds optional libselinux ,audit and pam support to linux utilities. Signed-off-by: Matthew Weber Signed-off-by: Clayton Shotwell Reviewed-by: Samuel Martin Signed-off-by: Niranjan Reddy --- Changes v12 -> v13: - No changes Changes v11 -> v12: - No changes Changes v10 -> v11: - Comment added to explain how the SED expression writes to pam files. Changes v9 -> v10: - No changes Changes v8 -> v9: - No changes Changes v7 -> v8: - No changes Changes v6 -> v7: - No changes Changes v5 -> v6: - No changes Changes v4 -> v5: - Update the selinux busybox config to the latest version of busybox (Clayton S.) Changes v1 -> v4: - Did not exist --- package/util-linux/util-linux.mk | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/package/util-linux/util-linux.mk b/package/util-linux/util-linux.mk index bd6508c..934fe2f 100644 --- a/package/util-linux/util-linux.mk +++ b/package/util-linux/util-linux.mk @@ -63,6 +63,20 @@ endif UTIL_LINUX_CONF_ENV += LIBS="$(UTIL_LINUX_LIBS)" UTIL_LINUX_MAKE_OPTS += LIBS="$(UTIL_LINUX_LIBS)" +ifeq ($(BR2_PACKAGE_LIBSELINUX),y) +UTIL_LINUX_DEPENDENCIES += libselinux +UTIL_LINUX_CONF_OPTS += --with-selinux +else +UTIL_LINUX_CONF_OPTS += --without-selinux +endif + +ifeq ($(BR2_PACKAGE_AUDIT),y) +UTIL_LINUX_DEPENDENCIES += audit +UTIL_LINUX_CONF_OPTS += --with-audit +else +UTIL_LINUX_CONF_OPTS += --without-audit +endif + # Used by cramfs utils UTIL_LINUX_DEPENDENCIES += $(if $(BR2_PACKAGE_ZLIB),zlib) @@ -179,9 +193,25 @@ define UTIL_LINUX_INSTALL_PAMFILES $(INSTALL) -m 0644 package/util-linux/su.pam \ $(TARGET_DIR)/etc/pam.d/su-l endef + +# Add the required hooks to the pam files if SELinux is enabled +# SED expression adds these lines to /etc/pam.d/login,/etc/pam.d/su-l and /etc/pam.d/su files +# session required pam_selinux.so close +# session required pam_selinux.so open +ifeq ($(BR2_PACKAGE_LIBSELINUX),y) +define UTIL_LINUX_FIXUP_PAMFILES + for file in login su su-l ; do \ + $(SED) '/selinux/d' $(TARGET_DIR)/etc/pam.d/$${file}; \ + $(SED) '0,/session/s/session/session required pam_selinux.so close\nsession/' $(TARGET_DIR)/etc/pam.d/$${file}; \ + echo "session required pam_selinux.so open" >> $(TARGET_DIR)/etc/pam.d/$${file}; \ + done +endef +endif + endif UTIL_LINUX_POST_INSTALL_TARGET_HOOKS += UTIL_LINUX_INSTALL_PAMFILES +UTIL_LINUX_POST_INSTALL_TARGET_HOOKS += UTIL_LINUX_FIXUP_PAMFILES # Install agetty->getty symlink to avoid breakage when there's no busybox ifeq ($(BR2_PACKAGE_UTIL_LINUX_AGETTY),y)