policycoreutils: add semodule option to set store root path

Add a new -S option to semodule. This option overrides store_root in semanage.conf and sets the SELinux store's root path. If neither -S, nor store_root are specified in semanage.conf, then the default location is used. Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2025-01-11 16:09:47 +00:00 · 2014-04-03 16:58:12 -04:00 · 2014-04-03 16:58:12 -04:00 · 28efbfd4ed
commit 28efbfd4ed
parent 5e75b96e91
2 changed files with 30 additions and 1 deletions
--- a/policycoreutils/semodule/semodule.8
+++ b/policycoreutils/semodule/semodule.8
@ -76,6 +76,9 @@ Recompile CIL modules built from HLL files
 .B \-p,\-\-path
 Use an alternate path for the policy root
 .TP
+.B \-S,\-\-store-path
+Use an alternate path for the policy store root
+.TP
 .B  \-v,\-\-verbose     
 be verbose

@ -103,6 +106,8 @@ $ semodule \-X 100 \-i alsa.pp
 $ semodule \-l full
 # Set an alternate path for the policy root
 $ semodule \-B \-p "/tmp"
+# Set an alternate path for the policy store root
+$ semodule \-B \-S "/tmp/var/lib/selinux"
 .fi

 .SH SEE ALSO
--- a/policycoreutils/semodule/semodule.c
+++ b/policycoreutils/semodule/semodule.c
@ -52,6 +52,7 @@ static uint16_t priority;

 static semanage_handle_t *sh = NULL;
 static char *store;
+static char *store_root;

 extern char *optarg;
 extern int optind;
@ -89,6 +90,20 @@ static void set_store(char *storename)
 	exit(1);
 }

+static void set_store_root(char *path)
+{
+	if ((store_root = strdup(path)) == NULL) {
+		fprintf(stderr, "Out of memory!\n");
+		goto bad;
+	}
+
+	return;
+
+      bad:
+	cleanup();
+	exit(1);
+}
+
 /* Establish signal handlers for the process. */
 static void create_signal_handlers(void)
 {
@ -124,6 +139,7 @@ static void usage(char *progname)
 	printf("  -P,--preserve_tunables	Preserve tunables in policy\n");
 	printf("  -C,--ignore-module-cache	Rebuild CIL modules compiled from HLL files\n");
 	printf("  -p,--path        use an alternate path for the policy root\n");
+	printf("  -S,--store-path  use an alternate path for the policy store root\n");
 }

 /* Sets the global mode variable to new_mode, but only if no other
@ -173,6 +189,7 @@ static void parse_command_line(int argc, char **argv)
 		{"enable", required_argument, NULL, 'e'},
 		{"disable", required_argument, NULL, 'd'},
 		{"path", required_argument, NULL, 'p'},
+		{"store-path", required_argument, NULL, 'S'},
 		{NULL, 0, NULL, 0}
 	};
 	int i;
@ -181,7 +198,7 @@ static void parse_command_line(int argc, char **argv)
 	no_reload = 0;
 	priority = 400;
 	while ((i =
-		getopt_long(argc, argv, "s:b:hi:l::vqr:u:RnNBDCPX:e:d:p:", opts,
+		getopt_long(argc, argv, "s:b:hi:l::vqr:u:RnNBDCPX:e:d:p:S:", opts,
 			    NULL)) != -1) {
 		switch (i) {
 		case 'b':
@ -213,6 +230,9 @@ static void parse_command_line(int argc, char **argv)
 		case 'p':
 			semanage_set_root(optarg);
 			break;
+		case 'S':
+			set_store_root(optarg);
+			break;
 		case 'R':
 			reload = 1;
 			break;
@ -317,6 +337,10 @@ int main(int argc, char *argv[])
 		semanage_select_store(sh, store, SEMANAGE_CON_DIRECT);
 	}

+	if (store_root) {
+		semanage_set_store_root(sh, store_root);
+	}
+
 	/* create store if necessary, for bootstrapping */
 	semanage_set_create_store(sh, 1);