diff options
author | Robin H. Johnson <robbat2@gentoo.org> | 2011-01-17 07:37:38 +0000 |
---|---|---|
committer | Robin H. Johnson <robbat2@gentoo.org> | 2011-01-17 07:37:43 +0000 |
commit | 49339525a98b5f472c902144706a663f8a9903d1 (patch) | |
tree | 2375df306e2f93cd5b423f15df36256f233bed99 /src/rc | |
parent | 1f578cdbad61ebb7e8a6d389022a8d1915f62259 (diff) |
Bug #351712: Implement --applet selection mode for SELinux wrappers.
In addition to detecting what multicall applet we want via argv[0],
provide an explicit override mode with a --applet initial argument.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
Diffstat (limited to 'src/rc')
-rw-r--r-- | src/rc/rc.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/src/rc/rc.c b/src/rc/rc.c index b062349a..a2e095db 100644 --- a/src/rc/rc.c +++ b/src/rc/rc.c @@ -804,6 +804,7 @@ main(int argc, char **argv) int opt; bool parallel; int regen = 0; + int i; #ifdef __linux__ char *proc; char *p; @@ -816,6 +817,18 @@ main(int argc, char **argv) signal_setup(SIGSEGV, handle_bad_signal); #endif + /* Bug 351712: We need an extra way to explicitly select an applet OTHER + * than trusting argv[0], as argv[0] is not going to be the applet value if + * we are doing SELinux context switching. For this, we allow calls such as + * 'rc --applet APPLET', and shift ALL of argv down by two array items. */ + if(strcmp(basename_c(argv[0]), "rc") == 0 && strcmp(argv[1], "--applet") == 0) { + for(i = 2; i < argc; i++) + argv[i-2] = argv[i]; + argv[argc-2] = NULL; + argv[argc-1] = NULL; + argc -= 2; + } + /* Now we can trust our applet value in argv[0] */ applet = basename_c(argv[0]); LIST_INIT(&service_pids); atexit(cleanup); |