jserv/disable-selinux.patch

## disable-selinux.patch
diff --git a/linker/linker_environ.cpp b/linker/linker_environ.cpp
index edc659a..4a6e4a0 100644
--- a/linker/linker_environ.cpp
+++ b/linker/linker_environ.cpp
@@ -42,20 +42,6 @@ bool get_AT_SECURE() {
   return _AT_SECURE_value;
 }

-static void __init_AT_SECURE(KernelArgumentBlock& args) {
-  // Check auxv for AT_SECURE first to see if program is setuid, setgid,
-  // has file caps, or caused a SELinux/AppArmor domain transition.
-  bool kernel_supplied_AT_SECURE;
-  _AT_SECURE_value = args.getauxval(AT_SECURE, &kernel_supplied_AT_SECURE);
-
-  // We don't support ancient kernels.
-  if (!kernel_supplied_AT_SECURE) {
-    const char* msg = "FATAL: kernel did not supply AT_SECURE\n";
-    write(2, msg, strlen(msg));
-    exit(EXIT_FAILURE);
-  }
-}
-
 // Check if the environment variable definition at 'envstr'
 // starts with '<name>=', and if so return the address of the
 // first character after the equal sign. Otherwise return NULL.
@@ -108,44 +94,6 @@ static bool __is_valid_environment_variable(const char* name) {
   return true;
 }

-static bool __is_unsafe_environment_variable(const char* name) {
-  // None of these should be allowed in setuid programs.
-  static const char* const UNSAFE_VARIABLE_NAMES[] = {
-      "GCONV_PATH",
-      "GETCONF_DIR",
-      "HOSTALIASES",
-      "LD_AOUT_LIBRARY_PATH",
-      "LD_AOUT_PRELOAD",
-      "LD_AUDIT",
-      "LD_DEBUG",
-      "LD_DEBUG_OUTPUT",
-      "LD_DYNAMIC_WEAK",
-      "LD_LIBRARY_PATH",
-      "LD_ORIGIN_PATH",
-      "LD_PRELOAD",
-      "LD_PROFILE",
-      "LD_SHOW_AUXV",
-      "LD_USE_LOAD_BIAS",
-      "LOCALDOMAIN",
-      "LOCPATH",
-      "MALLOC_CHECK_",
-      "MALLOC_TRACE",
-      "NIS_PATH",
-      "NLSPATH",
-      "RESOLV_HOST_CONF",
-      "RES_OPTIONS",
-      "TMPDIR",
-      "TZDIR",
-      NULL
-  };
-  for (size_t i = 0; UNSAFE_VARIABLE_NAMES[i] != NULL; ++i) {
-    if (env_match(name, UNSAFE_VARIABLE_NAMES[i]) != NULL) {
-      return true;
-    }
-  }
-  return false;
-}
-
 static void __sanitize_environment_variables() {
   char** src  = _envp;
   char** dst = _envp;
@@ -153,10 +101,6 @@ static void __sanitize_environment_variables() {
     if (!__is_valid_environment_variable(src[0])) {
       continue;
     }
-    // Remove various unsafe environment variables if we're loading a setuid program.
-    if (get_AT_SECURE() && __is_unsafe_environment_variable(src[0])) {
-        continue;
-    }
     dst[0] = src[0];
     ++dst;
   }
@@ -167,7 +111,6 @@ void linker_env_init(KernelArgumentBlock& args) {
   // Store environment pointer - can't be NULL.
   _envp = args.envp;

-  __init_AT_SECURE(args);
   __sanitize_environment_variables();
 }
	diff --git a/linker/linker_environ.cpp b/linker/linker_environ.cpp
	index edc659a..4a6e4a0 100644
	--- a/linker/linker_environ.cpp
	+++ b/linker/linker_environ.cpp
	@@ -42,20 +42,6 @@ bool get_AT_SECURE() {
	return _AT_SECURE_value;
	}

	-static void __init_AT_SECURE(KernelArgumentBlock& args) {
	- // Check auxv for AT_SECURE first to see if program is setuid, setgid,
	- // has file caps, or caused a SELinux/AppArmor domain transition.
	- bool kernel_supplied_AT_SECURE;
	- _AT_SECURE_value = args.getauxval(AT_SECURE, &kernel_supplied_AT_SECURE);
	-
	- // We don't support ancient kernels.
	- if (!kernel_supplied_AT_SECURE) {
	- const char* msg = "FATAL: kernel did not supply AT_SECURE\n";
	- write(2, msg, strlen(msg));
	- exit(EXIT_FAILURE);
	- }
	-}
	-
	// Check if the environment variable definition at 'envstr'
	// starts with '<name>=', and if so return the address of the
	// first character after the equal sign. Otherwise return NULL.
	@@ -108,44 +94,6 @@ static bool __is_valid_environment_variable(const char* name) {
	return true;
	}

	-static bool __is_unsafe_environment_variable(const char* name) {
	- // None of these should be allowed in setuid programs.
	- static const char* const UNSAFE_VARIABLE_NAMES[] = {
	- "GCONV_PATH",
	- "GETCONF_DIR",
	- "HOSTALIASES",
	- "LD_AOUT_LIBRARY_PATH",
	- "LD_AOUT_PRELOAD",
	- "LD_AUDIT",
	- "LD_DEBUG",
	- "LD_DEBUG_OUTPUT",
	- "LD_DYNAMIC_WEAK",
	- "LD_LIBRARY_PATH",
	- "LD_ORIGIN_PATH",
	- "LD_PRELOAD",
	- "LD_PROFILE",
	- "LD_SHOW_AUXV",
	- "LD_USE_LOAD_BIAS",
	- "LOCALDOMAIN",
	- "LOCPATH",
	- "MALLOC_CHECK_",
	- "MALLOC_TRACE",
	- "NIS_PATH",
	- "NLSPATH",
	- "RESOLV_HOST_CONF",
	- "RES_OPTIONS",
	- "TMPDIR",
	- "TZDIR",
	- NULL
	- };
	- for (size_t i = 0; UNSAFE_VARIABLE_NAMES[i] != NULL; ++i) {
	- if (env_match(name, UNSAFE_VARIABLE_NAMES[i]) != NULL) {
	- return true;
	- }
	- }
	- return false;
	-}
	-
	static void __sanitize_environment_variables() {
	char** src = _envp;
	char** dst = _envp;
	@@ -153,10 +101,6 @@ static void __sanitize_environment_variables() {
	if (!__is_valid_environment_variable(src[0])) {
	continue;
	}
	- // Remove various unsafe environment variables if we're loading a setuid program.
	- if (get_AT_SECURE() && __is_unsafe_environment_variable(src[0])) {
	- continue;
	- }
	dst[0] = src[0];
	++dst;
	}
	@@ -167,7 +111,6 @@ void linker_env_init(KernelArgumentBlock& args) {
	// Store environment pointer - can't be NULL.
	_envp = args.envp;

	- __init_AT_SECURE(args);
	__sanitize_environment_variables();
	}