From: Michael C Thompson <thompsmc@us.ibm.com>
To: Michael C Thompson <thompsmc@us.ibm.com>
Cc: SE Linux <selinux@tycho.nsa.gov>, Stephen Smalley <sds@tycho.nsa.gov>
Subject: [PATCH 3/8] make newrole suid (take 3)
Date: Thu, 02 Nov 2006 19:04:20 -0600 [thread overview]
Message-ID: <454A9594.70407@us.ibm.com> (raw)
In-Reply-To: <454A8F35.2020006@us.ibm.com>
[-- Attachment #1: Type: text/plain, Size: 510 bytes --]
Michael C Thompson wrote:
> The 8 patches are as follows:
> 1) Modifications to Makefile to support future patch needs
> Add newrole-lspp.pamd
> 2) New extract_pw_data function and use in main()
> 3) Add signal handler function
This is the 3rd of 8 patches.
This patch applies against policycoreutils-1.30.30-1.
This patch moves the signal handler setup from main() into a new
function.
Changes:
* Adds set_signal_handles() and uses it in main()
Signed-off-by: Michael Thompson <thompsmc@us.ibm.com>
[-- Attachment #2: 03-signal_func.patch --]
[-- Type: text/x-diff, Size: 1367 bytes --]
diff -Naur policycoreutils-1.30.30/newrole/newrole.c policycoreutils-1.30.30.suid/newrole/newrole.c
--- policycoreutils-1.30.30/newrole/newrole.c 2006-11-02 12:20:18.000000000 -0600
+++ policycoreutils-1.30.30.suid/newrole/newrole.c 2006-11-02 12:22:27.000000000 -0600
@@ -498,6 +498,30 @@
}
#endif
+/**
+ * Take care of any signal setup
+ */
+static int set_signal_handles()
+{
+ sigset_t empty;
+
+ /* Empty the signal mask in case someone is blocking a signal */
+ if (sigemptyset(&empty)) {
+ fprintf(stderr, _("Unable to obtain empty signal set\n"));
+ return -1;
+ }
+
+ (void)sigprocmask(SIG_SETMASK, &empty, NULL);
+
+ /* Terminate on SIGHUP. */
+ if (signal(SIGHUP, SIG_DFL) == SIG_ERR) {
+ fprintf(stderr, _("Unable to set SIGHUP handler\n"));
+ return -1;
+ }
+
+ return 0;
+}
+
/************************************************************************
*
* All code used for both PAM and shadow passwd goes in this section.
@@ -534,18 +558,13 @@
uid_t uid;
int fd;
int enforcing;
- sigset_t empty;
#ifdef LOG_AUDIT_PRIV
drop_capabilities();
#endif
- /* Empty the signal mask in case someone is blocking a signal */
- sigemptyset(&empty);
- (void)sigprocmask(SIG_SETMASK, &empty, NULL);
-
- /* Terminate on SIGHUP. */
- signal(SIGHUP, SIG_DFL);
+ if (set_signal_handles())
+ return -1;
#ifdef USE_NLS
setlocale(LC_ALL, "");
next prev parent reply other threads:[~2006-11-03 1:04 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-11-03 0:37 [PATCH 0/8] make newrole suid (take 3) Michael C Thompson
2006-11-03 1:02 ` [PATCH 1/8] " Michael C Thompson
2006-11-03 1:03 ` [PATCH 2/8] " Michael C Thompson
2006-11-07 4:54 ` Serge E. Hallyn
2006-11-07 19:41 ` Michael C Thompson
2006-11-03 1:04 ` Michael C Thompson [this message]
2006-11-03 1:05 ` [PATCH 4/8] " Michael C Thompson
2006-11-07 5:23 ` Serge E. Hallyn
2006-11-07 20:09 ` Michael C Thompson
2006-11-08 17:32 ` Serge E. Hallyn
2006-11-08 19:35 ` Michael C Thompson
2006-11-09 5:15 ` Serge E. Hallyn
2006-11-09 13:57 ` Stephen Smalley
2006-11-09 16:37 ` Serge E. Hallyn
2006-11-09 20:06 ` Stephen Smalley
2006-11-09 21:21 ` Serge E. Hallyn
2006-11-09 20:22 ` Michael C Thompson
2006-11-09 20:27 ` Stephen Smalley
2006-11-03 1:05 ` [PATCH 5/8] " Michael C Thompson
2006-11-03 1:06 ` [PATCH 6/8] " Michael C Thompson
2006-11-03 1:06 ` [PATCH 7/8] " Michael C Thompson
2006-11-03 1:07 ` [PATCH 8/8] " Michael C Thompson
2006-11-14 0:08 ` [PATCH 0/8] " Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=454A9594.70407@us.ibm.com \
--to=thompsmc@us.ibm.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.