Changeset 39222 in vbox

Timestamp:

Nov 8, 2011 7:48:10 AM (13 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

74744

Message:

Installer/linux: refactor and add selinux permissions.

Location:

trunk/src/VBox/Installer/linux

Files:

• install.sh (modified) (1 diff)
• installer-utils.sh (modified) (2 diffs)
• rpm/VirtualBox.tmpl.spec (modified) (1 diff)

trunk/src/VBox/Installer/linux/install.sh

@@ -338 +338 @@
 
     # XXX SELinux: allow text relocation entries
-    if [ -x /usr/bin/chcon ]; then
-        chcon -t texrel_shlib_t $INSTALLATION_DIR/VBox* > /dev/null 2>&1
-        chcon -t texrel_shlib_t $INSTALLATION_DIR/VBoxAuth.so > /dev/null 2>&1
-        chcon -t texrel_shlib_t $INSTALLATION_DIR/VirtualBox.so > /dev/null 2>&1
-        chcon -t texrel_shlib_t $INSTALLATION_DIR/components/VBox*.so > /dev/null 2>&1
-        chcon -t java_exec_t    $INSTALLATION_DIR/VirtualBox > /dev/null 2>&1
-        chcon -t java_exec_t    $INSTALLATION_DIR/VBoxSDL > /dev/null 2>&1
-        chcon -t java_exec_t    $INSTALLATION_DIR/VBoxHeadless > /dev/null 2>&1
-        chcon -t java_exec_t    $INSTALLATION_DIR/VBoxNetDHCP > /dev/null 2>&1
-        chcon -t java_exec_t    $INSTALLATION_DIR/VBoxExtPackHelperApp > /dev/null 2>&1
-        chcon -t java_exec_t    $INSTALLATION_DIR/vboxwebsrv > /dev/null 2>&1
-        chcon -t java_exec_t    $INSTALLATION_DIR/webtest > /dev/null 2>&1
-    fi
+    set_selinux_permissions "$INSTALLATION_DIR" \
+                            "$INSTALLATION_DIR"
 
     # Hardened build: Mark selected binaries set-user-ID-on-execution,

trunk/src/VBox/Installer/linux/installer-utils.sh

@@ -13 +13 @@
 # hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
 #
+
+## @todo Make this file into a script in the VirtualBox lib directory once
+#        enough code has been made shared between the different installers.
 
 # This is used for unit testing and will be reset after the file is sourced for
@@ -148 +151 @@
     done
 }
+
+set_selinux_permissions() {
+    # XXX SELinux: allow text relocation entries
+    INSTALLATION_DIR="$1"  # Where the VirtualBox binaries are installed to
+    SHARE_DIR="$2"         # Where shared bits are installed to
+    if [ -x /usr/bin/chcon ]; then
+        chcon -t texrel_shlib_t "$INSTALLATION_DIR"/*VBox* > /dev/null 2>&1
+        chcon -t texrel_shlib_t "$INSTALLATION_DIR"/VBoxAuth.so \
+            > /dev/null 2>&1
+        chcon -t texrel_shlib_t "$INSTALLATION_DIR"/VirtualBox.so \
+            > /dev/null 2>&1
+        chcon -t texrel_shlib_t "$INSTALLATION_DIR"/components/VBox*.so \
+            > /dev/null 2>&1
+        chcon -t java_exec_t    "$INSTALLATION_DIR"/VirtualBox > /dev/null 2>&1
+        chcon -t java_exec_t    "$INSTALLATION_DIR"/VBoxSDL > /dev/null 2>&1
+        chcon -t java_exec_t    "$INSTALLATION_DIR"/VBoxHeadless \
+            > /dev/null 2>&1
+        chcon -t java_exec_t    "$INSTALLATION_DIR"/VBoxNetDHCP \
+            > /dev/null 2>&1
+        chcon -t java_exec_t    "$INSTALLATION_DIR"/VBoxExtPackHelperApp \
+            > /dev/null 2>&1
+        chcon -t java_exec_t    "$INSTALLATION_DIR"/vboxwebsrv > /dev/null 2>&1
+        chcon -t java_exec_t    "$INSTALLATION_DIR"/webtest > /dev/null 2>&1
+        chcon -t bin_t          "$SHARE_DIR"/src/vboxhost/*/build_in_tmp \
+             > /dev/null 2>&1
+    fi
+}

trunk/src/VBox/Installer/linux/rpm/VirtualBox.tmpl.spec

@@ -239 +239 @@
 # XXX SELinux: allow text relocation entries
 %if %{?rpm_redhat:1}%{!?rpm_redhat:0}
-if [ -x /usr/bin/chcon ]; then
-  chcon -t texrel_shlib_t /usr/lib/virtualbox/*VBox* > /dev/null 2>&1
-  chcon -t texrel_shlib_t /usr/lib/virtualbox/VirtualBox.so > /dev/null 2>&1
-  chcon -t texrel_shlib_t /usr/lib/virtualbox/VBoxAuth.so > /dev/null 2>&1
-  chcon -t texrel_shlib_t /usr/lib/virtualbox/components/VBox*.so > /dev/null 2>&1
-  chcon -t java_exec_t    /usr/lib/virtualbox/VirtualBox > /dev/null 2>&1
-  chcon -t java_exec_t    /usr/lib/virtualbox/VBoxSDL > /dev/null 2>&1
-  chcon -t java_exec_t    /usr/lib/virtualbox/VBoxHeadless > /dev/null 2>&1
-  chcon -t java_exec_t    /usr/lib/virtualbox/VBoxExtPackHelperApp > /dev/null 2>&1
-  chcon -t java_exec_t    /usr/lib/virtualbox/VBoxBalloonCtrl > /dev/null 2>&1
-  chcon -t java_exec_t    /usr/lib/virtualbox/vboxwebsrv > /dev/null 2>&1
-fi
+set_selinux_permissions /usr/lib/virtualbox /usr/share/virtualbox
 %endif