Bump to update SELinux patch.

(Portage version: 2.1_pre4-r1)

4 files changed, 187 insertions, 2 deletions

diff --git a/sys-apps/sysvinit/ChangeLog b/sys-apps/sysvinit/ChangeLog
index e79d4dc7c0b9..a76ae00c47e0 100644
--- a/sys-apps/sysvinit/ChangeLog
+++ b/sys-apps/sysvinit/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for sys-apps/sysvinit
-# Copyright 1999-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-apps/sysvinit/ChangeLog,v 1.24 2005/11/20 12:37:37 vapier Exp $
+# Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/sysvinit/ChangeLog,v 1.25 2006/02/07 01:22:59 pebenito Exp $
+
+*sysvinit-2.86-r4 (07 Feb 2006)
+
+  07 Feb 2006; Chris PeBenito <pebenito@gentoo.org>
+  +files/2.86-selinux-1.patch, +sysvinit-2.86-r4.ebuild:
+  Bump to update SELinux patch.
 
 *sysvinit-2.86-r3 (20 Nov 2005)
 
diff --git a/sys-apps/sysvinit/files/2.86-selinux-1.patch b/sys-apps/sysvinit/files/2.86-selinux-1.patch
new file mode 100644
index 000000000000..c1b5115bfc6c
--- /dev/null
+++ b/sys-apps/sysvinit/files/2.86-selinux-1.patch
@@ -0,0 +1,91 @@
+--- sysvinit-2.85/src/init.c.selinux	2005-10-14 14:16:24.000000000 -0400
++++ sysvinit-2.85/src/init.c	2005-10-14 14:16:24.000000000 -0400
+@@ -48,6 +48,8 @@
+ #include <stdarg.h>
+ #include <sys/syslog.h>
+ #include <sys/time.h>
++#include <selinux/selinux.h>
++
+ 
+ #ifdef __i386__
+ #  if (__GLIBC__ >= 2)
+@@ -2513,6 +2515,7 @@
+ 	char			*p;
+ 	int			f;
+ 	int			isinit;
++	int			enforce = 0;
+ 
+ 	/* Get my own name */
+ 	if ((p = strrchr(argv[0], '/')) != NULL)
+@@ -2576,6 +2579,20 @@
+ 		maxproclen += strlen(argv[f]) + 1;
+ 	}
+ 
++  	if (getenv("SELINUX_INIT") == NULL) {
++	  putenv("SELINUX_INIT=YES");
++	  if (selinux_init_load_policy(&enforce) == 0 ) {
++	    execv(myname, argv);
++	  } else {
++	    if (enforce > 0) {
++	      /* SELinux in enforcing mode but load_policy failed */
++	      /* At this point, we probably can't open /dev/console, so log() won't work */
++		    initlog(L_VB,"Unable to load SELinux Policy. Machine is in enforcing mode. Halting now.");
++	      exit(1);
++	    }
++	  }
++	}
++  
+ 	/* Start booting. */
+ 	argv0 = argv[0];
+ 	argv[1] = NULL;
+--- sysvinit-2.85/src/Makefile.selinux	2005-10-14 14:16:24.000000000 -0400
++++ sysvinit-2.85/src/Makefile	2005-10-14 14:16:24.000000000 -0400
+@@ -32,7 +32,7 @@
+ all:		$(BIN) $(SBIN) $(USRBIN)
+ 
+ init:		init.o init_utmp.o
+-		$(CC) $(LDFLAGS) $(STATIC) -o $@ init.o init_utmp.o
++		$(CC) $(LDFLAGS) $(STATIC) -o $@ init.o init_utmp.o -lsepol -lselinux
+ 
+ halt:		halt.o ifdown.o hddown.o utmp.o reboot.h
+ 		$(CC) $(LDFLAGS) -o $@ halt.o ifdown.o hddown.o utmp.o
+@@ -50,7 +50,7 @@
+ 		$(CC) $(LDFLAGS) -o $@ runlevel.o
+ 
+ sulogin:	sulogin.o
+-		$(CC) $(LDFLAGS) $(STATIC) -o $@ sulogin.o $(LCRYPT)
++		$(CC) $(LDFLAGS) $(STATIC) -o $@ sulogin.o $(LCRYPT) -lselinux
+ 
+ wall:		dowall.o wall.o
+ 		$(CC) $(LDFLAGS) -o $@ dowall.o wall.o
+--- sysvinit-2.85/src/sulogin.c.selinux	2005-10-14 14:16:24.000000000 -0400
++++ sysvinit-2.85/src/sulogin.c	2005-10-14 14:18:42.000000000 -0400
+@@ -28,6 +28,8 @@
+ #  include <crypt.h>
+ #endif
+ 
++#include <selinux/selinux.h>
++#include <selinux/get_context_list.h>
+ 
+ #define CHECK_DES	1
+ #define CHECK_MD5	1
+@@ -332,6 +335,19 @@
+ 	signal(SIGINT, SIG_DFL);
+ 	signal(SIGTSTP, SIG_DFL);
+ 	signal(SIGQUIT, SIG_DFL);
++	if (is_selinux_enabled > 0) {
++	  security_context_t scon=NULL;
++	  char *seuser=NULL;
++	  char *level=NULL;
++	  if (getseuserbyname("root", &seuser, &level) == 0)
++		  if (get_default_context_with_level(seuser, level, 0, &scon) > 0) {
++			  if (setexeccon(scon) != 0) 
++				  fprintf(stderr, "setexeccon failed\n");
++			  freecon(scon);
++		  }
++		free(seuser);
++		free(level);
++	}
+ 	execl(sushell, shell, NULL);
+ 	perror(sushell);
+ 
diff --git a/sys-apps/sysvinit/files/digest-sysvinit-2.86-r4 b/sys-apps/sysvinit/files/digest-sysvinit-2.86-r4
new file mode 100644
index 000000000000..36e59eb1e93b
--- /dev/null
+++ b/sys-apps/sysvinit/files/digest-sysvinit-2.86-r4
@@ -0,0 +1,2 @@
+MD5 7d5d61c026122ab791ac04c8a84db967 sysvinit-2.86.tar.gz 99009
+MD5 650af823f937d386e81520b1741d4d45 sysvinit-2.86-kexec.patch 4139
diff --git a/sys-apps/sysvinit/sysvinit-2.86-r4.ebuild b/sys-apps/sysvinit/sysvinit-2.86-r4.ebuild
new file mode 100644
index 000000000000..693c9fce6a39
--- /dev/null
+++ b/sys-apps/sysvinit/sysvinit-2.86-r4.ebuild
@@ -0,0 +1,86 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/sysvinit/sysvinit-2.86-r4.ebuild,v 1.1 2006/02/07 01:22:59 pebenito Exp $
+
+inherit eutils toolchain-funcs flag-o-matic
+
+DESCRIPTION="/sbin/init - parent of all processes"
+HOMEPAGE="http://freshmeat.net/projects/sysvinit/"
+SRC_URI="ftp://ftp.cistron.nl/pub/people/miquels/software/${P}.tar.gz
+	ftp://sunsite.unc.edu/pub/Linux/system/daemons/init/${P}.tar.gz
+	http://www.gc-linux.org/down/isobel/kexec/sysvinit/sysvinit-2.86-kexec.patch"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="selinux bootstrap build ibm static"
+
+RDEPEND="selinux? ( >=sys-libs/libselinux-1.28 )"
+DEPEND="${RDEPEND}
+	virtual/os-headers"
+
+src_unpack() {
+	unpack ${P}.tar.gz
+	cd "${S}"
+	epatch "${FILESDIR}"/${P}-docs.patch
+	epatch "${FILESDIR}"/${P}-shutdown-usage.patch
+	epatch "${FILESDIR}"/sysvinit-2.86-off-by-one.patch
+	epatch "${DISTDIR}"/sysvinit-2.86-kexec.patch
+	epatch "${FILESDIR}"/sysvinit-2.86-POSIX-1003.1e.patch #5818
+	epatch "${FILESDIR}"/sysvinit-2.86-execl.patch
+	epatch "${FILESDIR}"/sysvinit-2.86-utmp-64bit.patch
+	cd src
+	epatch "${FILESDIR}"/${PV}-gentoo.patch
+	use selinux && epatch "${FILESDIR}"/${PV}-selinux-1.patch
+
+	# Mung inittab for specific architectures
+	cd "${WORKDIR}"
+	cp "${FILESDIR}"/inittab . || die "cp inittab"
+	local insert=""
+	if use ibm ; then
+		insert="#hvc0:2345:respawn:/sbin/agetty -L 9600 hvc0"$'\n'
+		insert="${insert}#hvsi:2345:respawn:/sbin/agetty -L 19200 hvsi0"
+	fi
+	use arm && insert='#f0:12345:respawn:/sbin/agetty 9600 ttyFB0 vt100'
+	use hppa && insert='b0:12345:respawn:/sbin/agetty 9600 ttyB0 vt100'
+	(use arm || use mips || use sh || use sparc) && sed -i '/ttyS0/s:#::' inittab
+	[[ -n ${insert} ]] && echo "# Architecture specific features"$'\n'"${insert}" >> inittab
+}
+
+src_compile() {
+	use static && append-ldflags -static
+
+	# Note: The LCRYPT define below overrides the test in
+	# sysvinit's Makefile.  This is because sulogin must be linked
+	# to libcrypt in any case, but when building stage2 in
+	# catalyst, /usr/lib/libcrypt.a isn't available.  In truth
+	# this doesn't change how sulogin is built since ld would use
+	# the shared obj by default anyway!  The other option is to
+	# refrain from building sulogin, but that isn't a good option.
+	# (09 Jul 2004 agriffis)
+	emake -C src \
+		CC="$(tc-getCC)" \
+		DISTRO="Gentoo" \
+		LCRYPT="-lcrypt" \
+		|| die
+}
+
+src_install() {
+	dodoc README doc/*
+
+	cd src
+	make install DISTRO="Gentoo" ROOT="${D}" || die "make install"
+
+	insinto /etc
+	doins "${WORKDIR}"/inittab || die "inittab"
+}
+
+pkg_postinst() {
+	# Reload init to fix unmounting problems of / on next reboot.
+	# This is really needed, as without the new version of init cause init
+	# not to quit properly on reboot, and causes a fsck of / on next reboot.
+	if [[ ${ROOT} == / ]] && ! use build && ! use bootstrap; then
+		# Do not return an error if this fails
+		/sbin/telinit U &>/dev/null
+	fi
+}