tsol-unix-domain.patch revision 1072
/*
* Copyright (c) 2008, Oracle and/or its affiliates. All rights reserved.
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice (including the next
* paragraph) shall be included in all copies or substantial portions of the
* Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*
*/
Unix domain rendezvous created under /var/tsol/doors/ for Trusted
Extensions. This directory is loopback mounted into all labeled
zones from the global zone. A link is created from /tmp/.X11-unix
to the above loopback mounted dir.
(See LSARC/2008/506)
diff -urp -x '*~' -x '*.orig' Xtranssock.c Xtranssock.c
--- Xtranssock.c 2011-02-11 16:46:56.023653158 -0800
+++ Xtranssock.c 2011-02-11 16:46:56.447445693 -0800
@@ -95,6 +95,9 @@ from the copyright holders.
#include <sys/stat.h>
#endif
+#if defined(X11_t)
+#include <tsol/label.h>
+#endif /* X11_t */
#ifndef NO_TCP_H
#if defined(linux) || defined(__GLIBC__)
@@ -213,6 +216,7 @@ static int TRANS(SocketINETClose) (Xtran
#if defined(X11_t)
#define UNIX_PATH "/tmp/.X11-unix/X"
#define UNIX_DIR "/tmp/.X11-unix"
+#define TSOL_UNIX_DIR "/var/tsol/doors/.X11-unix"
#endif /* X11_t */
#if defined(XIM_t)
#define UNIX_PATH "/tmp/.XIM-unix/XIM"
@@ -1088,6 +1092,29 @@ TRANS(SocketUNIXCreateListener) (XtransC
#else
mode = 0777;
#endif
+
+#ifdef X11_t
+ if (is_system_labeled()) {
+ struct stat sbuf;
+
+ if (!abstract && trans_mkdir(TSOL_UNIX_DIR, mode) == -1) {
+ PRMSG (1, "SocketUNIXCreateListener: mkdir(%s) failed, errno = %d\n",
+ TSOL_UNIX_DIR, errno, 0);
+ (void) umask (oldUmask);
+ return TRANS_CREATE_LISTENER_FAILED;
+ }
+
+ /* Create a symlink for UNIX_DIR to TSOL_UNIX_DIR */
+ if (stat(UNIX_DIR, &sbuf) != 0 && symlink(TSOL_UNIX_DIR, UNIX_DIR) != 0) {
+ PRMSG (1,
+ "SocketUNIXCreateListener: symlink to %s failed, errno = %d\n",
+ TSOL_UNIX_DIR, errno, 0);
+ (void) umask (oldUmask);
+ return TRANS_CREATE_LISTENER_FAILED;
+ }
+
+ } else
+#endif /* X11_t */
if (!abstract && trans_mkdir(UNIX_DIR, mode) == -1) {
PRMSG (1, "SocketUNIXCreateListener: mkdir(%s) failed, errno = %d\n",
UNIX_DIR, errno, 0);
@@ -1983,10 +2010,28 @@ TRANS(SocketUNIXConnect) (XtransConnInfo
return TRANS_CONNECT_FAILED;
}
+#if defined(X11_t)
+ /*
+ * Create a symlink for UNIX_DIR to TSOL_UNIX_DIR
+ * This link is created in the labeled (non-global) zones.
+ * The rendezvous created by the X server resides in the global zone
+ * and is mounted read-only to other zones.
+ */
+ if (is_system_labeled()) {
+ struct stat sbuf;
+
+ if (stat(UNIX_DIR, &sbuf) != 0 && symlink(TSOL_UNIX_DIR, UNIX_DIR) != 0) {
+ PRMSG (1, "SocketUNIXConnect:: symlink to %s failed, errno = %d\n",
+ TSOL_UNIX_DIR, errno, 0);
+ return TRANS_CONNECT_FAILED;
+ }
+ }
+#endif /* X11_t */
+
/*
* Build the socket name.
*/
-
+
sockname.sun_family = AF_UNIX;
if (set_sun_path(port, UNIX_PATH, sockname.sun_path, abstract) != 0) {