Bug #351712: Implement --applet selection mode for SELinux wrappers.

In addition to detecting what multicall applet we want via argv[0],
provide an explicit override mode with a --applet initial argument.

Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
This commit is contained in:
Robin H. Johnson 2011-01-17 07:37:38 +00:00
parent 1f578cdbad
commit 49339525a9

View File

@ -804,6 +804,7 @@ main(int argc, char **argv)
int opt; int opt;
bool parallel; bool parallel;
int regen = 0; int regen = 0;
int i;
#ifdef __linux__ #ifdef __linux__
char *proc; char *proc;
char *p; char *p;
@ -816,6 +817,18 @@ main(int argc, char **argv)
signal_setup(SIGSEGV, handle_bad_signal); signal_setup(SIGSEGV, handle_bad_signal);
#endif #endif
/* Bug 351712: We need an extra way to explicitly select an applet OTHER
* than trusting argv[0], as argv[0] is not going to be the applet value if
* we are doing SELinux context switching. For this, we allow calls such as
* 'rc --applet APPLET', and shift ALL of argv down by two array items. */
if(strcmp(basename_c(argv[0]), "rc") == 0 && strcmp(argv[1], "--applet") == 0) {
for(i = 2; i < argc; i++)
argv[i-2] = argv[i];
argv[argc-2] = NULL;
argv[argc-1] = NULL;
argc -= 2;
}
/* Now we can trust our applet value in argv[0] */
applet = basename_c(argv[0]); applet = basename_c(argv[0]);
LIST_INIT(&service_pids); LIST_INIT(&service_pids);
atexit(cleanup); atexit(cleanup);