87 lines
2.7 KiB
Diff
87 lines
2.7 KiB
Diff
From c78f9c355fa7b8c0862149d0a69bd6e5d25bec78 Mon Sep 17 00:00:00 2001
|
|
From: Stephen Smalley <sds@tycho.nsa.gov>
|
|
Date: Thu, 10 Jan 2019 10:24:53 -0500
|
|
Subject: [PATCH 124/170] setsebool: support use of -P on SELinux-disabled
|
|
hosts
|
|
|
|
As reported in #123, setsebool immediately exits with an error if
|
|
SELinux is disabled, preventing its use for setting boolean persistent
|
|
values. In contrast, semanage boolean -m works on SELinux-disabled
|
|
hosts. Change setsebool so that it can be used with the -P option
|
|
(persistent changes) even if SELinux is disabled. In the SELinux-disabled
|
|
case, skip setting of active boolean values, but set the persistent value
|
|
in the policy store. Policy reload is automatically disabled by libsemanage
|
|
when SELinux is disabled, so we only need to call semanage_set_reload()
|
|
if -N was used.
|
|
|
|
Fixes: https://github.com/SELinuxProject/selinux/issues/123
|
|
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
|
---
|
|
policycoreutils-2.8/setsebool/setsebool.c | 15 ++++++---------
|
|
1 file changed, 6 insertions(+), 9 deletions(-)
|
|
|
|
diff --git a/policycoreutils-2.8/setsebool/setsebool.c b/policycoreutils-2.8/setsebool/setsebool.c
|
|
index 53d3566c..a5157efc 100644
|
|
--- a/policycoreutils-2.8/setsebool/setsebool.c
|
|
+++ b/policycoreutils-2.8/setsebool/setsebool.c
|
|
@@ -18,7 +18,7 @@
|
|
#include <errno.h>
|
|
|
|
int permanent = 0;
|
|
-int reload = 1;
|
|
+int no_reload = 0;
|
|
int verbose = 0;
|
|
|
|
int setbool(char **list, size_t start, size_t end);
|
|
@@ -38,11 +38,6 @@ int main(int argc, char **argv)
|
|
if (argc < 2)
|
|
usage();
|
|
|
|
- if (is_selinux_enabled() <= 0) {
|
|
- fputs("setsebool: SELinux is disabled.\n", stderr);
|
|
- return 1;
|
|
- }
|
|
-
|
|
while (1) {
|
|
clflag = getopt(argc, argv, "PNV");
|
|
if (clflag == -1)
|
|
@@ -53,7 +48,7 @@ int main(int argc, char **argv)
|
|
permanent = 1;
|
|
break;
|
|
case 'N':
|
|
- reload = 0;
|
|
+ no_reload = 1;
|
|
break;
|
|
case 'V':
|
|
verbose = 1;
|
|
@@ -130,6 +125,7 @@ static int semanage_set_boolean_list(size_t boolcnt,
|
|
semanage_bool_key_t *bool_key = NULL;
|
|
int managed;
|
|
int result;
|
|
+ int enabled = is_selinux_enabled();
|
|
|
|
handle = semanage_handle_create();
|
|
if (handle == NULL) {
|
|
@@ -191,7 +187,7 @@ static int semanage_set_boolean_list(size_t boolcnt,
|
|
boolean) < 0)
|
|
goto err;
|
|
|
|
- if (semanage_bool_set_active(handle, bool_key, boolean) < 0) {
|
|
+ if (enabled && semanage_bool_set_active(handle, bool_key, boolean) < 0) {
|
|
fprintf(stderr, "Failed to change boolean %s: %m\n",
|
|
boollist[j].name);
|
|
goto err;
|
|
@@ -202,7 +198,8 @@ static int semanage_set_boolean_list(size_t boolcnt,
|
|
boolean = NULL;
|
|
}
|
|
|
|
- semanage_set_reload(handle, reload);
|
|
+ if (no_reload)
|
|
+ semanage_set_reload(handle, 0);
|
|
if (semanage_commit(handle) < 0)
|
|
goto err;
|
|
|
|
--
|
|
2.19.1
|
|
|