/*
* Copyright (c) 2008, Oracle and/or its affiliates. All rights reserved.
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice (including the next
* paragraph) shall be included in all copies or substantial portions of the
* Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*
*/
Unix domain rendezvous created under /var/tsol/doors/ for Trusted
Extensions. This directory is loopback mounted into all labeled
zones from the global zone. A link is created from /tmp/.X11-unix
to the above loopback mounted dir.
(See LSARC/2008/506)
diff --git a/Xtranssock.c b/Xtranssock.c
index 8c11b9d..8428314 100644
--- a/Xtranssock.c
+++ b/Xtranssock.c
@@ -95,6 +95,9 @@ from the copyright holders.
#include <sys/stat.h>
#endif
+#if defined(X11_t)
+#include <tsol/label.h>
+#endif /* X11_t */
#ifndef NO_TCP_H
#if defined(linux) || defined(__GLIBC__)
@@ -213,6 +216,7 @@ static int TRANS(SocketINETClose) (XtransConnInfo ciptr);
#if defined(X11_t)
#define UNIX_PATH "/tmp/.X11-unix/X"
#define UNIX_DIR "/tmp/.X11-unix"
+#define TSOL_UNIX_DIR "/var/tsol/doors/.X11-unix"
#endif /* X11_t */
#if defined(XIM_t)
#define UNIX_PATH "/tmp/.XIM-unix/XIM"
@@ -1086,6 +1090,29 @@ TRANS(SocketUNIXCreateListener) (XtransConnInfo ciptr, char *port,
#else
mode = 0777;
#endif
+
+#ifdef X11_t
+ if (is_system_labeled()) {
+ struct stat sbuf;
+
+ if (!abstract && trans_mkdir(TSOL_UNIX_DIR, mode) == -1) {
+ prmsg (1, "SocketUNIXCreateListener: mkdir(%s) failed, errno = %d\n",
+ TSOL_UNIX_DIR, errno);
+ (void) umask (oldUmask);
+ return TRANS_CREATE_LISTENER_FAILED;
+ }
+
+ /* Create a symlink for UNIX_DIR to TSOL_UNIX_DIR */
+ if (stat(UNIX_DIR, &sbuf) != 0 && symlink(TSOL_UNIX_DIR, UNIX_DIR) != 0) {
+ prmsg (1,
+ "SocketUNIXCreateListener: symlink to %s failed, errno = %d\n",
+ TSOL_UNIX_DIR, errno);
+ (void) umask (oldUmask);
+ return TRANS_CREATE_LISTENER_FAILED;
+ }
+
+ } else
+#endif /* X11_t */
if (!abstract && trans_mkdir(UNIX_DIR, mode) == -1) {
prmsg (1, "SocketUNIXCreateListener: mkdir(%s) failed, errno = %d\n",
UNIX_DIR, errno);
@@ -1967,6 +1994,24 @@ TRANS(SocketUNIXConnect) (XtransConnInfo ciptr, char *host, char *port)
return TRANS_CONNECT_FAILED;
}
+#if defined(X11_t)
+ /*
+ * Create a symlink for UNIX_DIR to TSOL_UNIX_DIR
+ * This link is created in the labeled (non-global) zones.
+ * The rendezvous created by the X server resides in the global zone
+ * and is mounted read-only to other zones.
+ */
+ if (is_system_labeled()) {
+ struct stat sbuf;
+
+ if (stat(UNIX_DIR, &sbuf) != 0 && symlink(TSOL_UNIX_DIR, UNIX_DIR) != 0) {
+ prmsg (1, "SocketUNIXConnect:: symlink to %s failed, errno = %d\n",
+ TSOL_UNIX_DIR, errno);
+ return TRANS_CONNECT_FAILED;
+ }
+ }
+#endif /* X11_t */
+
/*
* Build the socket name.
*/