* [PATCH 3/6] busybox -- SELinux option support for coreutils
@ 2007-02-08 6:54 Yuichi Nakamura
[not found] ` <200702082353.43667.vda.linux@googlemail.com>
0 siblings, 1 reply; 2+ messages in thread
From: Yuichi Nakamura @ 2007-02-08 6:54 UTC (permalink / raw)
To: busybox, selinux; +Cc: russell, rob, busybox, vda.linux, ynakam
[-- Attachment #1: Type: text/plain, Size: 206 bytes --]
[3/6] busybox-coreutils-03-mk.patch
- -Z option support for mkdir, mkfifo, mknod.
By -Z, security context for created file can be set.
Signed-off-by: Yoshinori Sato <ysato@users.sourceforge.jp>
[-- Attachment #2: busybox-coreutils-mk-03.patch --]
[-- Type: application/octet-stream, Size: 2211 bytes --]
Index: coreutils/mkdir.c
===================================================================
--- coreutils/mkdir.c (revision 17803)
+++ coreutils/mkdir.c (working copy)
@@ -16,6 +16,11 @@
* conjunction with -m.
*/
+/* Nov 28, 2006 Yoshinori Sato <ysato@users.sourceforge.jp>
+ *
+ * Add -Z (SELinux) support.
+ */
+
#include <stdlib.h>
#include <unistd.h>
#include <getopt.h> /* struct option */
@@ -25,6 +30,9 @@
static const struct option mkdir_long_options[] = {
{ "mode", 1, NULL, 'm' },
{ "parents", 0, NULL, 'p' },
+#if ENABLE_SELINUX
+ { "context", 1, NULL, 'Z'},
+#endif
{ 0, 0, 0, 0 }
};
#endif
@@ -37,11 +45,14 @@
int flags = 0;
unsigned opt;
char *smode;
+#if ENABLE_SELINUX
+ security_context_t scontext = NULL;
+#endif
#if ENABLE_FEATURE_MKDIR_LONG_OPTIONS
applet_long_options = mkdir_long_options;
#endif
- opt = getopt32(argc, argv, "m:p", &smode);
+ opt = getopt32(argc, argv, "m:p" USE_SELINUX("Z:"), &smode USE_SELINUX(,&scontext));
if (opt & 1) {
mode = 0777;
if (!bb_parse_mode(smode, &mode)) {
@@ -50,6 +61,15 @@
}
if (opt & 2)
flags |= FILEUTILS_RECUR;
+#if ENABLE_SELINUX
+ if(opt & 4) {
+ selinux_or_die();
+ if (setfscreatecon(scontext)) {
+ bb_error_msg_and_die ("Sorry, cannot set default context "
+ "to %s.\n", scontext);
+ }
+ }
+#endif
if (optind == argc) {
bb_show_usage();
Index: coreutils/libcoreutils/getopt_mk_fifo_nod.c
===================================================================
--- coreutils/libcoreutils/getopt_mk_fifo_nod.c (revision 17803)
+++ coreutils/libcoreutils/getopt_mk_fifo_nod.c (working copy)
@@ -30,11 +30,25 @@
{
mode_t mode = 0666;
char *smode = NULL;
-
- getopt32(argc, argv, "m:", &smode);
- if(smode) {
+#if ENABLE_SELINUX
+ security_context_t scontext = NULL;
+#endif
+ int opt = 0;
+ opt = getopt32(argc, argv, "m:" USE_SELINUX("Z:"), &smode USE_SELINUX(,&scontext));
+ if(opt & 1) {
if (bb_parse_mode(smode, &mode))
umask(0);
}
+
+#if ENABLE_SELINUX
+ if(opt & 2) {
+ selinux_or_die();
+ if (setfscreatecon(scontext)) {
+ bb_error_msg_and_die ("Sorry, cannot set default context"
+ "to %s.\n", scontext);
+ }
+ }
+#endif
+
return mode;
}
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [busybox:00367] Re: [PATCH 3/6] busybox -- SELinux option support for coreutils
[not found] ` <200702082353.43667.vda.linux@googlemail.com>
@ 2007-02-09 9:48 ` Yuichi Nakamura
0 siblings, 0 replies; 2+ messages in thread
From: Yuichi Nakamura @ 2007-02-09 9:48 UTC (permalink / raw)
To: busybox; +Cc: ynakam, Denis Vlasenko, busybox, selinux, russell, rob
[-- Attachment #1: Type: text/plain, Size: 1426 bytes --]
On Thu, 8 Feb 2007 23:53:43 +0100
Denis Vlasenko wrote:
> On Thursday 08 February 2007 07:54, Yuichi Nakamura wrote:
> > [3/6] busybox-coreutils-03-mk.patch
> > - -Z option support for mkdir, mkfifo, mknod.
> > By -Z, security context for created file can be set.
> >
> > Signed-off-by: Yoshinori Sato <ysato@users.sourceforge.jp>
>
>
> +#if ENABLE_SELINUX
> + security_context_t scontext = NULL;
> +#endif
>
> #if ENABLE_FEATURE_MKDIR_LONG_OPTIONS
> applet_long_options = mkdir_long_options;
> #endif
> - opt = getopt32(argc, argv, "m:p", &smode);
> + opt = getopt32(argc, argv, "m:p" USE_SELINUX("Z:"), &smode USE_SELINUX(,&scontext));
> if (opt & 1) {
> mode = 0777;
> if (!bb_parse_mode(smode, &mode)) {
> @@ -50,6 +61,15 @@
> }
> if (opt & 2)
> flags |= FILEUTILS_RECUR;
> +#if ENABLE_SELINUX
> + if(opt & 4) {
> + selinux_or_die();
> + if (setfscreatecon(scontext)) {
> + bb_error_msg_and_die ("Sorry, cannot set default context "
> + "to %s.\n", scontext);
>
> Initializing scontext to NULL is useless code. bb_error_msg_and_die
> has useless "Sorry" (with wrong capitalization: "mkdir: Sorry...")
> and useless ".\n" at the end.
Fixed.
>
> Sorry guys, I would be really happy if these patches get
> a little bit prettier...
Thank you :-)
> --
> vda
>
--
Yuichi Nakamura
Hitachi Software Engineering Co., Ltd.
SELinux Policy Editor: http://seedit.sourceforge.net/
[-- Attachment #2: busybox-coreutils-mk-03.v2.patch --]
[-- Type: application/octet-stream, Size: 2213 bytes --]
Index: coreutils/mkdir.c
===================================================================
--- coreutils/mkdir.c (revision 17803)
+++ coreutils/mkdir.c (working copy)
@@ -16,6 +16,11 @@
* conjunction with -m.
*/
+/* Nov 28, 2006 Yoshinori Sato <ysato@users.sourceforge.jp>
+ *
+ * Add -Z (SELinux) support.
+ */
+
#include <stdlib.h>
#include <unistd.h>
#include <getopt.h> /* struct option */
@@ -25,6 +30,9 @@
static const struct option mkdir_long_options[] = {
{ "mode", 1, NULL, 'm' },
{ "parents", 0, NULL, 'p' },
+#if ENABLE_SELINUX
+ { "context", 1, NULL, 'Z'},
+#endif
{ 0, 0, 0, 0 }
};
#endif
@@ -37,11 +45,14 @@
int flags = 0;
unsigned opt;
char *smode;
+#if ENABLE_SELINUX
+ security_context_t scontext;
+#endif
#if ENABLE_FEATURE_MKDIR_LONG_OPTIONS
applet_long_options = mkdir_long_options;
#endif
- opt = getopt32(argc, argv, "m:p", &smode);
+ opt = getopt32(argc, argv, "m:p" USE_SELINUX("Z:"), &smode USE_SELINUX(,&scontext));
if (opt & 1) {
mode = 0777;
if (!bb_parse_mode(smode, &mode)) {
@@ -50,6 +61,15 @@
}
if (opt & 2)
flags |= FILEUTILS_RECUR;
+#if ENABLE_SELINUX
+ if(opt & 4) {
+ selinux_or_die();
+ if (setfscreatecon(scontext)) {
+ bb_error_msg_and_die ("failed to set default file creation context "
+ "to %s", scontext);
+ }
+ }
+#endif
if (optind == argc) {
bb_show_usage();
Index: coreutils/libcoreutils/getopt_mk_fifo_nod.c
===================================================================
--- coreutils/libcoreutils/getopt_mk_fifo_nod.c (revision 17803)
+++ coreutils/libcoreutils/getopt_mk_fifo_nod.c (working copy)
@@ -30,11 +30,25 @@
{
mode_t mode = 0666;
char *smode = NULL;
-
- getopt32(argc, argv, "m:", &smode);
- if(smode) {
+#if ENABLE_SELINUX
+ security_context_t scontext;
+#endif
+ int opt = 0;
+ opt = getopt32(argc, argv, "m:" USE_SELINUX("Z:"), &smode USE_SELINUX(,&scontext));
+ if(opt & 1) {
if (bb_parse_mode(smode, &mode))
umask(0);
}
+
+#if ENABLE_SELINUX
+ if(opt & 2) {
+ selinux_or_die();
+ if (setfscreatecon(scontext)) {
+ bb_error_msg_and_die ("failed to set default file creation context "
+ "to %s", scontext);
+ }
+ }
+#endif
+
return mode;
}
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2007-02-09 9:47 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-02-08 6:54 [PATCH 3/6] busybox -- SELinux option support for coreutils Yuichi Nakamura
[not found] ` <200702082353.43667.vda.linux@googlemail.com>
2007-02-09 9:48 ` [busybox:00367] " Yuichi Nakamura
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.