Merge branch 'selinux-restorecon' of https://github.com/grulja/tigervnc

CMakeLists.txt

@@ -268,6 +268,19 @@ if(UNIX AND NOT APPLE)
   endif()
 endif()
 
+# Check for SELinux library
+if(UNIX AND NOT APPLE)
+  check_include_files(selinux/selinux.h HAVE_SELINUX_H)
+  if(HAVE_SELINUX_H)
+    set(CMAKE_REQUIRED_LIBRARIES -lselinux)
+    set(CMAKE_REQUIRED_LIBRARIES)
+    set(SELINUX_LIBS selinux)
+    add_definitions("-DHAVE_SELINUX")
+  else()
+    message(WARNING "Could not find SELinux development files")
+  endif()
+endif()
+
 # Generate config.h and make sure the source finds it
 configure_file(config.h.in config.h)
 add_definitions(-DHAVE_CONFIG_H)

unix/vncserver/CMakeLists.txt

@@ -1,5 +1,5 @@
 add_executable(vncsession vncsession.c)
-target_link_libraries(vncsession ${PAM_LIBS})
+target_link_libraries(vncsession ${PAM_LIBS} ${SELINUX_LIBS})
 
 configure_file(vncserver@.service.in vncserver@.service @ONLY)
 configure_file(vncsession-start.in vncsession-start @ONLY)

unix/vncserver/vncsession.c

@@ -37,6 +37,11 @@
 #include <sys/types.h>
 #include <sys/wait.h>
 
+#ifdef HAVE_SELINUX
+#include <selinux/selinux.h>
+#include <selinux/restorecon.h>
+#endif
+
 extern char **environ;
 
 // PAM service name
@@ -360,6 +365,17 @@ redir_stdio(const char *homedir, const char *display)
             syslog(LOG_CRIT, "Failure creating \"%s\": %s", logfile, strerror(errno));
             _exit(EX_OSERR);
         }
+
+#ifdef HAVE_SELINUX
+        int result;
+        if (selinux_file_context_verify(logfile, 0) == 0) {
+            result = selinux_restorecon(logfile, SELINUX_RESTORECON_RECURSE);
+
+            if (result < 0) {
+                syslog(LOG_WARNING, "Failure restoring SELinux context for \"%s\": %s", logfile, strerror(errno));
+            }
+        }
+#endif
     }
 
     hostlen = sysconf(_SC_HOST_NAME_MAX);