run_shell and selinux
Yuichi Nakamura
himainu-ynakam at miomio.jp
Mon Sep 10 06:30:39 PDT 2007
Hi.
On Mon, 10 Sep 2007 13:42:37 +0100
Denys Vlasenko wrote:
> Hi,
>
> void run_shell(const char *shell, int loginshell, const char *command, const char **additional_args)
> {
> const char **args;
> int argno = 1;
> int additional_args_cnt = 0;
> ...
> args[argno] = NULL;
> #if ENABLE_SELINUX
> if (current_sid && !setexeccon(current_sid)) {
> freecon(current_sid);
> execve(shell, (char **) args, environ);
> } else
> #endif
> execv(shell, (char **) args);
> bb_perror_msg_and_die("cannot run %s", shell);
> }
>
>
> I don't understand in full what is the intent of the above
> #if/#endif block. IIRC these are equivalent:
> execve(shell, (char **) args, environ);
> execv(shell, (char **) args);
> Can it be rewritten this way?
>
> #if ENABLE_SELINUX
> if (current_sid && !setexeccon(current_sid))
> freecon(current_sid);
> #endif
> execv(shell, (char **) args);
I think you can do it.
And as you said in next email,
You can write:
if (ENABLE_FEATURE_CLEAN_UP)
freecon(...)
>
> If not, we need to add a comment which explains why not.
> --
> vda
Regards,
Yuichi Nakamura
More information about the busybox
mailing list