* [PATCH 2/6] busybox -- SELinux option support for coreutils
@ 2007-02-08 6:54 Yuichi Nakamura
[not found] ` <200702082349.08804.vda.linux@googlemail.com>
0 siblings, 1 reply; 2+ messages in thread
From: Yuichi Nakamura @ 2007-02-08 6:54 UTC (permalink / raw)
To: busybox, selinux; +Cc: russell, rob, busybox, vda.linux, ynakam
[-- Attachment #1: Type: text/plain, Size: 644 bytes --]
[2/6] busybox-coreutils-02-copy.patch
- cp: -Z,-c option support.
-c option: security context is preserved during file copy.
-Z option: security context can be set during file copy.
- mv
In SELinux, it is recommended to preserve security context
when file is moved. By this patch, file context is preserved
during file move.
- install
When file is copied by install, security context of installed file
becomes different from value configured in file_contexts file.
By this patch, security context is set according to file_contexts file.
Signed-off-by: Yuichi Nakamura <ynakam@hitachisoft.jp>
[-- Attachment #2: busybox-coreutils-copy-02.patch --]
[-- Type: application/octet-stream, Size: 6414 bytes --]
Index: include/libbb.h
===================================================================
--- include/libbb.h (revision 17803)
+++ include/libbb.h (working copy)
@@ -743,9 +743,15 @@
FILEUTILS_INTERACTIVE = 0x10,
FILEUTILS_MAKE_HARDLINK = 0x20,
FILEUTILS_MAKE_SOFTLINK = 0x40,
+#if ENABLE_SELINUX
+ FILEUTILS_PRESERVE_SECURITY_CONTEXT = 0x80,
+ FILEUTILS_SET_SECURITY_CONTEXT = 0x100
+#endif
+
};
-#define FILEUTILS_CP_OPTSTR "pdRfils"
+#define FILEUTILS_CP_OPTSTR "pdRfils" USE_SELINUX("cZ:")
+
extern const char *applet_name;
extern const char BB_BANNER[];
Index: coreutils/cp.c
===================================================================
--- coreutils/cp.c (revision 17803)
+++ coreutils/cp.c (working copy)
@@ -3,6 +3,7 @@
* Mini cp implementation for busybox
*
* Copyright (C) 2000 by Matt Kraai <kraai@alumni.carnegiemellon.edu>
+ * SELinux support by Yuichi Nakamura <ynakam@hitachisoft.jp>
*
* Licensed under GPL v2 or later, see file LICENSE in this tarball for details.
*/
@@ -28,6 +29,9 @@
int d_flags;
int flags;
int status = 0;
+#if ENABLE_SELINUX
+ char *context_str = NULL;
+#endif
enum {
OPT_a = 1 << (sizeof(FILEUTILS_CP_OPTSTR)-1),
OPT_r = 1 << (sizeof(FILEUTILS_CP_OPTSTR)),
@@ -40,8 +44,8 @@
// -P and -d are the same (-P is POSIX, -d is GNU)
// -r and -R are the same
// -a = -pdR
- opt_complementary = "?:l--s:s--l:Pd:rR:apdR";
- flags = getopt32(argc, argv, FILEUTILS_CP_OPTSTR "arPHL");
+ opt_complementary = "?:l--s:s--l:Pd:rR:apdR" USE_SELINUX(":c--Z:Z--c");
+ flags = getopt32(argc, argv, FILEUTILS_CP_OPTSTR "arPHL" USE_SELINUX(,&context_str));
/* Default behavior of cp is to dereference, so we don't have to do
* anything special when we are given -L.
* The behavior of -H is *almost* like -L, but not quite, so let's
@@ -50,6 +54,19 @@
if (flags & OPT_H) ... // deref command-line params only
*/
+#if ENABLE_SELINUX
+ if (flags & FILEUTILS_SET_SECURITY_CONTEXT) {
+ if(is_selinux_enabled() == 0) {
+ fprintf( stderr, "Warning: ignoring --context (-Z). "
+ "It requires a SELinux enabled kernel.\n" );
+ }else{
+ if ( setfscreatecon(context_str) < 0 ) {
+ bb_error_msg_and_die("cannot set default security context %s\n", context_str);
+ }
+ }
+ }
+#endif
+
flags ^= FILEUTILS_DEREFERENCE; /* The sense of this flag was reversed. */
if (optind + 2 > argc) {
Index: coreutils/mv.c
===================================================================
--- coreutils/mv.c (revision 17803)
+++ coreutils/mv.c (working copy)
@@ -3,6 +3,7 @@
* Mini mv implementation for busybox
*
* Copyright (C) 2000 by Matt Kraai <kraai@alumni.carnegiemellon.edu>
+ * SELinux support by Yuichi Nakamura <ynakam@hitachisoft.jp>
*
* Licensed under GPLv2 or later, see file LICENSE in this tarball for details.
*/
@@ -44,6 +45,7 @@
unsigned long flags;
int dest_exists;
int status = 0;
+ int copy_flag = 0;
#if ENABLE_FEATURE_MV_LONG_OPTIONS
applet_long_options = mv_long_options;
@@ -113,8 +115,11 @@
goto RET_1;
}
}
- if ((copy_file(*argv, dest,
- FILEUTILS_RECUR | FILEUTILS_PRESERVE_STATUS) >= 0) &&
+ copy_flag = FILEUTILS_RECUR | FILEUTILS_PRESERVE_STATUS;
+#if ENABLE_SELINUX
+ copy_flag |= FILEUTILS_PRESERVE_SECURITY_CONTEXT;
+#endif
+ if ((copy_file(*argv, dest, copy_flag) >= 0) &&
(remove_file(*argv, FILEUTILS_RECUR | FILEUTILS_FORCE) >= 0)) {
goto RET_0;
}
Index: coreutils/install.c
===================================================================
--- coreutils/install.c (revision 17803)
+++ coreutils/install.c (working copy)
@@ -25,6 +25,41 @@
};
#endif
+
+#if ENABLE_SELINUX
+static int use_default_selinux_context = 1;
+
+static void setdefaultfilecon(const char *path) {
+ struct stat s;
+ security_context_t scontext = NULL;
+
+ if (!is_selinux_enabled()){
+ return;
+ }
+ if (lstat(path, &s) != 0){
+ return;
+ }
+
+ if (matchpathcon(path, s.st_mode, &scontext) < 0){
+ return;
+ }
+ if (strcmp(scontext, "<<none>>") == 0){
+ freecon(scontext);
+ return;
+ }
+
+ if (lsetfilecon(path, scontext) < 0) {
+ if (errno != ENOTSUP) {
+ bb_perror_msg("warning: failed to change context of %s to %s", path, scontext);
+ }
+ }
+
+ freecon(scontext);
+ return;
+}
+
+#endif
+
int install_main(int argc, char **argv);
int install_main(int argc, char **argv)
{
@@ -117,7 +152,10 @@
bb_perror_msg("cannot change permissions of %s", dest);
ret = EXIT_FAILURE;
}
-
+#if ENABLE_SELINUX
+ if (use_default_selinux_context)
+ setdefaultfilecon(dest);
+#endif
/* Set the user and group id */
if ((flags & (OPT_OWNER|OPT_GROUP))
&& lchown(dest, uid, gid) == -1
Index: libbb/copy_file.c
===================================================================
--- libbb/copy_file.c (revision 17803)
+++ libbb/copy_file.c (working copy)
@@ -3,6 +3,7 @@
* Mini copy_file implementation for busybox
*
* Copyright (C) 2001 by Matt Kraai <kraai@alumni.carnegiemellon.edu>
+ * SELinux support by Yuichi Nakamura <ynakam@hitachisoft.jp>
*
* Licensed under GPLv2 or later, see file LICENSE in this tarball for details.
*
@@ -62,6 +63,26 @@
dest_exists = 1;
}
+#if ENABLE_SELINUX
+ if ((flags & FILEUTILS_PRESERVE_SECURITY_CONTEXT) && is_selinux_enabled() > 0){
+ security_context_t con;
+ if (lgetfilecon (source, &con) >= 0){
+ if (setfscreatecon(con) < 0) {
+ bb_perror_msg ("cannot set setfscreatecon %s", con);
+ freecon(con);
+ return -1;
+ }
+ }else{
+ if( errno == ENOTSUP || errno == ENODATA ) {
+ setfscreatecon(NULL);
+ } else {
+ bb_perror_msg ("cannot lgetfilecon %s", source);
+ return -1;
+ }
+ }
+ }
+#endif
+
if (S_ISDIR(source_stat.st_mode)) {
DIR *dp;
struct dirent *d;
@@ -202,8 +223,27 @@
close(src_fd);
return -1;
}
+ }
+
+#if ENABLE_SELINUX
+ if ( ((flags & FILEUTILS_PRESERVE_SECURITY_CONTEXT)
+ ||(flags & FILEUTILS_SET_SECURITY_CONTEXT))
+ && is_selinux_enabled() > 0 ){
+ security_context_t con;
+ if(getfscreatecon(&con) == -1){
+ bb_perror_msg ("cannot getfscreatecon");
+ return -1;
+ }
+ if (con){
+ if(setfilecon(dest, con) == -1){
+ bb_perror_msg ("cannot setfilecon:%s,%s",dest,con);
+ freecon(con);
+ return -1;
+ }
+ freecon(con);
+ }
}
-
+#endif
if (bb_copyfd_eof(src_fd, dst_fd) == -1)
status = -1;
if (close(dst_fd) < 0) {
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [busybox:00366] Re: [PATCH 2/6] busybox -- SELinux option support for coreutils
[not found] ` <200702082349.08804.vda.linux@googlemail.com>
@ 2007-02-09 9:48 ` Yuichi Nakamura
0 siblings, 0 replies; 2+ messages in thread
From: Yuichi Nakamura @ 2007-02-09 9:48 UTC (permalink / raw)
To: busybox, busybox; +Cc: ynakam, Denis Vlasenko, selinux, russell, rob
[-- Attachment #1: Type: text/plain, Size: 2452 bytes --]
On Thu, 8 Feb 2007 23:49:08 +0100
Denis Vlasenko wrote:
> On Thursday 08 February 2007 07:54, Yuichi Nakamura wrote:
> > [2/6] busybox-coreutils-02-copy.patch
> > - cp: -Z,-c option support.
> > -c option: security context is preserved during file copy.
> > -Z option: security context can be set during file copy.
> > - mv
> > In SELinux, it is recommended to preserve security context
> > when file is moved. By this patch, file context is preserved
> > during file move.
> > - install
> > When file is copied by install, security context of installed file
> > becomes different from value configured in file_contexts file.
> > By this patch, security context is set according to file_contexts file.
> >
> > Signed-off-by: Yuichi Nakamura <ynakam@hitachisoft.jp>
>
>
> Index: include/libbb.h
> ===================================================================
> --- include/libbb.h (revision 17803)
> +++ include/libbb.h (working copy)
> @@ -743,9 +743,15 @@
> FILEUTILS_INTERACTIVE = 0x10,
> FILEUTILS_MAKE_HARDLINK = 0x20,
> FILEUTILS_MAKE_SOFTLINK = 0x40,
> +#if ENABLE_SELINUX
> + FILEUTILS_PRESERVE_SECURITY_CONTEXT = 0x80,
> + FILEUTILS_SET_SECURITY_CONTEXT = 0x100
> +#endif
> +
> };
>
> This empty line after #endif - why?
removed this empty line.
>
> +#if ENABLE_SELINUX
> + if (flags & FILEUTILS_SET_SECURITY_CONTEXT) {
> + if(is_selinux_enabled() == 0) {
> + fprintf( stderr, "Warning: ignoring --context (-Z). "
> + "It requires a SELinux enabled kernel.\n" );
> + }else{
> + if ( setfscreatecon(context_str) < 0 ) {
> + bb_error_msg_and_die("cannot set default security context %s\n", context_str);
> + }
> + }
> + }
> +#endif
This part is removed because upstream coreutils does not have -Z option for cp.
>
> The style is not consistent. Should be "if ()", "} else {".
> "Warning: ignoring" has extra space for no reason.
> fprintf(stderr) can be probably replaced by bb_error_msg:
> bb_error_msg("warning: ignoring --context (-Z), it requires a SELinux enabled kernel");
fixed.
>
>
> +static int use_default_selinux_context = 1;
>
> You never change it, it is always 1. - ?!
It is used in current patch.
> --
> vda
>
Other changes are following:
* Removed -Z option from cp
* Added --preserve-context, -Z options to install
--
Yuichi Nakamura
Hitachi Software Engineering Co., Ltd.
SELinux Policy Editor: http://seedit.sourceforge.net/
[-- Attachment #2: busybox-coreutils-copy-02.v2.patch --]
[-- Type: application/octet-stream, Size: 7808 bytes --]
Index: include/libbb.h
===================================================================
--- include/libbb.h (revision 17803)
+++ include/libbb.h (working copy)
@@ -735,7 +735,7 @@
uint32_t *crc32_filltable(int endian);
-enum { /* DO NOT CHANGE THESE VALUES! cp.c depends on them. */
+enum { /* DO NOT CHANGE THESE VALUES! cp.c, mv.c, install.c depends on them. */
FILEUTILS_PRESERVE_STATUS = 1,
FILEUTILS_DEREFERENCE = 2,
FILEUTILS_RECUR = 4,
@@ -743,9 +743,14 @@
FILEUTILS_INTERACTIVE = 0x10,
FILEUTILS_MAKE_HARDLINK = 0x20,
FILEUTILS_MAKE_SOFTLINK = 0x40,
+#if ENABLE_SELINUX
+ FILEUTILS_PRESERVE_SECURITY_CONTEXT = 0x80,
+ FILEUTILS_SET_SECURITY_CONTEXT = 0x100
+#endif
};
-#define FILEUTILS_CP_OPTSTR "pdRfils"
+#define FILEUTILS_CP_OPTSTR "pdRfils" USE_SELINUX("c\b")
+
extern const char *applet_name;
extern const char BB_BANNER[];
Index: coreutils/cp.c
===================================================================
--- coreutils/cp.c (revision 17803)
+++ coreutils/cp.c (working copy)
@@ -3,6 +3,7 @@
* Mini cp implementation for busybox
*
* Copyright (C) 2000 by Matt Kraai <kraai@alumni.carnegiemellon.edu>
+ * SELinux support by Yuichi Nakamura <ynakam@hitachisoft.jp>
*
* Licensed under GPL v2 or later, see file LICENSE in this tarball for details.
*/
@@ -50,6 +51,12 @@
if (flags & OPT_H) ... // deref command-line params only
*/
+#if ENABLE_SELINUX
+ if (flags & FILEUTILS_PRESERVE_SECURITY_CONTEXT) {
+ selinux_or_die();
+ }
+#endif
+
flags ^= FILEUTILS_DEREFERENCE; /* The sense of this flag was reversed. */
if (optind + 2 > argc) {
Index: coreutils/mv.c
===================================================================
--- coreutils/mv.c (revision 17803)
+++ coreutils/mv.c (working copy)
@@ -3,6 +3,7 @@
* Mini mv implementation for busybox
*
* Copyright (C) 2000 by Matt Kraai <kraai@alumni.carnegiemellon.edu>
+ * SELinux support by Yuichi Nakamura <ynakam@hitachisoft.jp>
*
* Licensed under GPLv2 or later, see file LICENSE in this tarball for details.
*/
@@ -44,6 +45,7 @@
unsigned long flags;
int dest_exists;
int status = 0;
+ int copy_flag = 0;
#if ENABLE_FEATURE_MV_LONG_OPTIONS
applet_long_options = mv_long_options;
@@ -113,8 +115,11 @@
goto RET_1;
}
}
- if ((copy_file(*argv, dest,
- FILEUTILS_RECUR | FILEUTILS_PRESERVE_STATUS) >= 0) &&
+ copy_flag = FILEUTILS_RECUR | FILEUTILS_PRESERVE_STATUS;
+#if ENABLE_SELINUX
+ copy_flag |= FILEUTILS_PRESERVE_SECURITY_CONTEXT;
+#endif
+ if ((copy_file(*argv, dest, copy_flag) >= 0) &&
(remove_file(*argv, FILEUTILS_RECUR | FILEUTILS_FORCE) >= 0)) {
goto RET_0;
}
Index: coreutils/install.c
===================================================================
--- coreutils/install.c (revision 17803)
+++ coreutils/install.c (working copy)
@@ -21,10 +21,51 @@
{ "group", 0, NULL, 'g' },
{ "mode", 0, NULL, 'm' },
{ "owner", 0, NULL, 'o' },
+#if ENABLE_SELINUX
+ { "context", 1, NULL, 'Z' },
+ { "preserve_context", 0, NULL, '\b'},
+ { "preserve-context", 0, NULL, '\b'},
+
+#endif
{ 0, 0, 0, 0 }
};
#endif
+
+#if ENABLE_SELINUX
+static int use_default_selinux_context = 1;
+
+static void setdefaultfilecon(const char *path) {
+ struct stat s;
+ security_context_t scontext = NULL;
+
+ if (!is_selinux_enabled()){
+ return;
+ }
+ if (lstat(path, &s) != 0){
+ return;
+ }
+
+ if (matchpathcon(path, s.st_mode, &scontext) < 0){
+ return;
+ }
+ if (strcmp(scontext, "<<none>>") == 0){
+ freecon(scontext);
+ return;
+ }
+
+ if (lsetfilecon(path, scontext) < 0) {
+ if (errno != ENOTSUP) {
+ bb_perror_msg("warning: failed to change context of %s to %s", path, scontext);
+ }
+ }
+
+ freecon(scontext);
+ return;
+}
+
+#endif
+
int install_main(int argc, char **argv);
int install_main(int argc, char **argv)
{
@@ -37,7 +78,9 @@
const char *mode_str;
int copy_flags = FILEUTILS_DEREFERENCE | FILEUTILS_FORCE;
int ret = EXIT_SUCCESS, flags, i, isdir;
-
+#if ENABLE_SELINUX
+ security_context_t scontext;
+#endif
enum {
OPT_CMD = 0x1,
OPT_DIRECTORY = 0x2,
@@ -46,15 +89,42 @@
OPT_GROUP = 0x10,
OPT_MODE = 0x20,
OPT_OWNER = 0x40,
+#if ENABLE_SELINUX
+ OPT_SET_SECURITY_CONTEXT = 0x80,
+ OPT_PRESERVE_SECURITY_CONTEXT = 0x100,
+#endif
};
#if ENABLE_FEATURE_INSTALL_LONG_OPTIONS
applet_long_options = install_long_options;
#endif
- opt_complementary = "?:s--d:d--s";
+ opt_complementary = "?:s--d:d--s" USE_SELINUX(":Z--\b:\b--Z");
/* -c exists for backwards compatibility, its needed */
- flags = getopt32(argc, argv, "cdpsg:m:o:", &gid_str, &mode_str, &uid_str);
+ flags = getopt32(argc, argv, "cdpsg:m:o:" USE_SELINUX("Z:\b"), &gid_str, &mode_str, &uid_str USE_SELINUX(, &scontext));
+#if ENABLE_SELINUX
+ if (flags & OPT_PRESERVE_SECURITY_CONTEXT) {
+ use_default_selinux_context = 0;
+ copy_flags |= FILEUTILS_PRESERVE_SECURITY_CONTEXT;
+ if(!is_selinux_enabled()) {
+ bb_error_msg("warning: ignoring --preserve-context. "
+ "The kernel is not SELinux-enabled.\n" );
+ }
+ }
+ if (flags & OPT_SET_SECURITY_CONTEXT) {
+ if(!is_selinux_enabled()) {
+ bb_error_msg("warning: ignoring --context (-Z). "
+ "The kernel is not SELinux-enabled.\n" );
+ } else {
+ if (setfscreatecon(scontext) < 0) {
+ bb_error_msg_and_die("cannot set default security context %s\n", scontext);
+ }
+ }
+ use_default_selinux_context = 0;
+ copy_flags |= FILEUTILS_SET_SECURITY_CONTEXT;
+ }
+#endif
+
/* preserve access and modification time, this is GNU behaviour, BSD only preserves modification time */
if (flags & OPT_PRESERVE_TIME) {
copy_flags |= FILEUTILS_PRESERVE_STATUS;
@@ -117,7 +187,10 @@
bb_perror_msg("cannot change permissions of %s", dest);
ret = EXIT_FAILURE;
}
-
+#if ENABLE_SELINUX
+ if (use_default_selinux_context)
+ setdefaultfilecon(dest);
+#endif
/* Set the user and group id */
if ((flags & (OPT_OWNER|OPT_GROUP))
&& lchown(dest, uid, gid) == -1
Index: libbb/copy_file.c
===================================================================
--- libbb/copy_file.c (revision 17803)
+++ libbb/copy_file.c (working copy)
@@ -3,6 +3,7 @@
* Mini copy_file implementation for busybox
*
* Copyright (C) 2001 by Matt Kraai <kraai@alumni.carnegiemellon.edu>
+ * SELinux support by Yuichi Nakamura <ynakam@hitachisoft.jp>
*
* Licensed under GPLv2 or later, see file LICENSE in this tarball for details.
*
@@ -62,6 +63,26 @@
dest_exists = 1;
}
+#if ENABLE_SELINUX
+ if ((flags & FILEUTILS_PRESERVE_SECURITY_CONTEXT) && is_selinux_enabled() > 0){
+ security_context_t con;
+ if (lgetfilecon (source, &con) >= 0){
+ if (setfscreatecon(con) < 0) {
+ bb_perror_msg ("cannot set setfscreatecon %s", con);
+ freecon(con);
+ return -1;
+ }
+ }else{
+ if( errno == ENOTSUP || errno == ENODATA ) {
+ setfscreatecon(NULL);
+ } else {
+ bb_perror_msg ("cannot lgetfilecon %s", source);
+ return -1;
+ }
+ }
+ }
+#endif
+
if (S_ISDIR(source_stat.st_mode)) {
DIR *dp;
struct dirent *d;
@@ -202,8 +223,27 @@
close(src_fd);
return -1;
}
+ }
+
+#if ENABLE_SELINUX
+ if ( ((flags & FILEUTILS_PRESERVE_SECURITY_CONTEXT)
+ ||(flags & FILEUTILS_SET_SECURITY_CONTEXT))
+ && is_selinux_enabled() > 0 ){
+ security_context_t con;
+ if(getfscreatecon(&con) == -1){
+ bb_perror_msg ("cannot getfscreatecon");
+ return -1;
+ }
+ if (con){
+ if(setfilecon(dest, con) == -1){
+ bb_perror_msg ("cannot setfilecon:%s,%s",dest,con);
+ freecon(con);
+ return -1;
+ }
+ freecon(con);
+ }
}
-
+#endif
if (bb_copyfd_eof(src_fd, dst_fd) == -1)
status = -1;
if (close(dst_fd) < 0) {
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2007-02-09 9:47 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-02-08 6:54 [PATCH 2/6] busybox -- SELinux option support for coreutils Yuichi Nakamura
[not found] ` <200702082349.08804.vda.linux@googlemail.com>
2007-02-09 9:48 ` [busybox:00366] " Yuichi Nakamura
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.