All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH 1/6] busybox -- SELinux option support for coreutils
@ 2007-02-08  6:54 Yuichi Nakamura
       [not found] ` <200702082332.43175.vda.linux@googlemail.com>
  0 siblings, 1 reply; 2+ messages in thread
From: Yuichi Nakamura @ 2007-02-08  6:54 UTC (permalink / raw)
  To: busybox, selinux; +Cc: russell, rob, busybox, vda.linux, ynakam

[-- Attachment #1: Type: text/plain, Size: 132 bytes --]


[1/6] busybox-coreutils-common-01.patch
 - usage.h for SELinux options

Signed-off-by: Yuichi Nakamura <ynakam@hitachisoft.jp>





[-- Attachment #2: busybox-coreutils-common-01.patch --]
[-- Type: application/octet-stream, Size: 4206 bytes --]

Index: include/usage.h
===================================================================
--- include/usage.h	(revision 17803)
+++ include/usage.h	(working copy)
@@ -388,13 +388,15 @@
        "Copy SOURCE to DEST, or multiple SOURCE(s) to DIRECTORY" \
        "\n\nOptions:\n" \
        "	-a	Same as -dpR\n" \
+       USAGE_SELINUX("	-c	Preserves security context\n")	\
        "	-d,-P	Preserve links\n" \
        "	-H,-L	Dereference all symlinks (implied by default)\n" \
        "	-p	Preserve file attributes if possible\n" \
        "	-f	Force, overwrite\n" \
        "	-i	Interactive, prompt before overwrite\n" \
        "	-R,-r	Copy directories recursively\n" \
-       "	-l,-s	Create (sym)links"
+       "	-l,-s	Create (sym)links\n" \
+       USAGE_SELINUX("	-Z	CONTEXT\tset security context of copy to CONTEXT")
 
 #define cpio_trivial_usage \
        "-[dimtuv][F cpiofile]"
@@ -1299,9 +1301,8 @@
 #define id_full_usage \
        "Print information for USERNAME or the current user" \
        "\n\nOptions:\n" \
-	USE_SELINUX( \
-       "	-c	Prints only the security context\n") \
-       "	-g	Prints only the group ID\n" \
+	   USAGE_SELINUX("	-Z	prints only the security context\n")	\
+	   "	-g	Prints only the group ID\n"						\
        "	-u	Prints only the user ID\n" \
        "	-n	Print a name instead of a number\n" \
        "	-r	Prints the real user ID instead of the effective ID"
@@ -1519,7 +1520,9 @@
        "	-m	Set permission modes\n" \
        "	-o	Set ownership\n" \
        "	-p	Preserve date\n" \
-       "	-s	Strip symbol tables"
+       "    -s  Strip symbol tables\n" \
+	USAGE_SELINUX("	-P	preserve security context\n") \
+	USAGE_SELINUX("	Z	CONTEXT  set security context of copy to CONTEXT")
 
 #define ip_trivial_usage \
        "[OPTIONS] {address | link | route | tunnel | rule} {COMMAND}"
@@ -1829,7 +1832,9 @@
 	USE_SELINUX( \
        "\n	-k	Print security context") \
 	USE_SELINUX( \
-       "\n	-K	Print security context in long format")
+       "\n	-K	Print security context in long format") \
+	USE_SELINUX( \
+	"\n	-Z	Print security context and permission")
 
 #define lsattr_trivial_usage \
        "[-Radlv] [files...]"
@@ -1974,7 +1979,9 @@
        "Create the DIRECTORY(ies) if they do not already exist" \
        "\n\nOptions:\n" \
        "	-m	Set permission mode (as in chmod), not rwxrwxrwx - umask\n" \
-       "	-p	No error if existing, make parent directories as needed"
+       "	-p	No error if existing, make parent directories as needed\n"	\
+       USAGE_SELINUX("	-Z	set security context")
+
 #define mkdir_example_usage \
        "$ mkdir /tmp/foo\n" \
        "$ mkdir /tmp/foo\n" \
@@ -2019,7 +2026,8 @@
 #define mkfifo_full_usage \
        "Create a named pipe (identical to 'mknod name p')" \
        "\n\nOptions:\n" \
-       "	-m	Create the pipe using the specified mode (default a=rw)"
+       "	-m	Create the pipe using the specified mode (default a=rw)\n" \
+	USAGE_SELINUX("	-Z	set security context")
 
 #define mkfs_minix_trivial_usage \
        "[-c | -l filename] [-nXX] [-iXX] /dev/name [blocks]"
@@ -2041,7 +2049,9 @@
        "\n\nTYPEs include:\n" \
        "	b:	Make a block (buffered) device\n" \
        "	c or u:	Make a character (un-buffered) device\n" \
-       "	p:	Make a named pipe. MAJOR and MINOR are ignored for named pipes"
+       "	p:	Make a named pipe. MAJOR and MINOR are ignored for named pipes\n" \
+	USAGE_SELINUX("	-Z	set security context")
+
 #define mknod_example_usage \
        "$ mknod /dev/fd0 b 2 0\n" \
        "$ mknod -m 644 /tmp/pipe p\n"
@@ -2901,6 +2911,7 @@
        "	-f	Display filesystem status\n" \
        "	-L,-l	Dereference links\n" \
        "	-t	Display info in terse form" \
+	USAGE_SELINUX("	-Z	print security context\n") \
 	USE_FEATURE_STAT_FORMAT( \
        "\n\nValid format sequences for files:\n" \
        " %a	Access rights in octal\n" \
@@ -2935,6 +2946,7 @@
        " %c	Total file nodes in file system\n" \
        " %d	Free file nodes in file system\n" \
        " %f	Free blocks in file system\n" \
+	USAGE_SELINUX("	%C	Security context in SELinux\n")	\
        " %i	File System ID in hex\n" \
        " %l	Maximum length of filenames\n" \
        " %n	File name\n" \

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: [busybox:00365] Re: [PATCH 1/6] busybox -- SELinux option support for coreutils
       [not found] ` <200702082332.43175.vda.linux@googlemail.com>
@ 2007-02-09  9:47   ` Yuichi Nakamura
  0 siblings, 0 replies; 2+ messages in thread
From: Yuichi Nakamura @ 2007-02-09  9:47 UTC (permalink / raw)
  To: busybox, busybox; +Cc: ynakam, Denis Vlasenko, selinux, russell, rob

[-- Attachment #1: Type: text/plain, Size: 1550 bytes --]

Thank you for comments.

On Thu, 8 Feb 2007 23:32:43 +0100
Denis Vlasenko  wrote:
> On Thursday 08 February 2007 07:54, Yuichi Nakamura wrote:
> > 
> > [1/6] busybox-coreutils-common-01.patch
> >  - usage.h for SELinux options
> > 
> > Signed-off-by: Yuichi Nakamura <ynakam@hitachisoft.jp>
> 
> 
> @@ -1299,9 +1301,8 @@
>  #define id_full_usage \
>         "Print information for USERNAME or the current user" \
>         "\n\nOptions:\n" \
> -	USE_SELINUX( \
> -       "	-c	Prints only the security context\n") \
> -       "	-g	Prints only the group ID\n" \
> +	   USAGE_SELINUX("	-Z	prints only the security context\n")	\
> +	   "	-g	Prints only the group ID\n"						\
> 
> Well I can fix occasional problems but this is a bitt too much.
> I would prefer more careful formatting, like
> 
> 	USAGE_SELINUX( \
>        "	-Z	prints only the security context\n" \
> 	) \
>        "	-g	Prints only the group ID\n" \
> 
> This helps to avoid misformatting in help texts.
> 
> The rest of this patch needs similar reformatting.
Fixed.

> --
> vda
> 

We were porting SELinux option based on coreutils in Fedora Core6, 
but Stephen recommended to check upstream coreutils.
So I have checked upstream coreutils and found some SELinux option has been changed.
I have changed following:
* Removed -Z option from cp
* Added -Z and --preserve-context option to install

About cp,  -c option is dropped in upstream and "--preserve=context" is used instead.
However, cp in BusyBox does not have long options, so our patch still has -c option.

Yuichi Nakamura



[-- Attachment #2: busybox-coreutils-common-01.v2.patch --]
[-- Type: application/octet-stream, Size: 4171 bytes --]

Index: include/usage.h
===================================================================
--- include/usage.h	(revision 17803)
+++ include/usage.h	(working copy)
@@ -388,13 +388,16 @@
        "Copy SOURCE to DEST, or multiple SOURCE(s) to DIRECTORY" \
        "\n\nOptions:\n" \
        "	-a	Same as -dpR\n" \
+	USAGE_SELINUX( \
+       "	-c	Preserves security context\n" \
+	) \
        "	-d,-P	Preserve links\n" \
        "	-H,-L	Dereference all symlinks (implied by default)\n" \
        "	-p	Preserve file attributes if possible\n" \
        "	-f	Force, overwrite\n" \
        "	-i	Interactive, prompt before overwrite\n" \
        "	-R,-r	Copy directories recursively\n" \
-       "	-l,-s	Create (sym)links"
+       "	-l,-s	Create (sym)links\n"
 
 #define cpio_trivial_usage \
        "-[dimtuv][F cpiofile]"
@@ -1299,9 +1302,10 @@
 #define id_full_usage \
        "Print information for USERNAME or the current user" \
        "\n\nOptions:\n" \
-	USE_SELINUX( \
-       "	-c	Prints only the security context\n") \
-       "	-g	Prints only the group ID\n" \
+	USAGE_SELINUX( \
+       "	-Z	prints only the security context\n" \
+	) \
+	   "	-g	Prints only the group ID\n"						\
        "	-u	Prints only the user ID\n" \
        "	-n	Print a name instead of a number\n" \
        "	-r	Prints the real user ID instead of the effective ID"
@@ -1519,7 +1523,10 @@
        "	-m	Set permission modes\n" \
        "	-o	Set ownership\n" \
        "	-p	Preserve date\n" \
-       "	-s	Strip symbol tables"
+       "    -s  Strip symbol tables\n" \
+	USAGE_SELINUX( \
+       "	Z	Set security context of copy" \
+	)
 
 #define ip_trivial_usage \
        "[OPTIONS] {address | link | route | tunnel | rule} {COMMAND}"
@@ -1829,7 +1836,9 @@
 	USE_SELINUX( \
        "\n	-k	Print security context") \
 	USE_SELINUX( \
-       "\n	-K	Print security context in long format")
+       "\n	-K	Print security context in long format") \
+	USE_SELINUX( \
+	"\n	-Z	Print security context and permission")
 
 #define lsattr_trivial_usage \
        "[-Radlv] [files...]"
@@ -1974,7 +1983,11 @@
        "Create the DIRECTORY(ies) if they do not already exist" \
        "\n\nOptions:\n" \
        "	-m	Set permission mode (as in chmod), not rwxrwxrwx - umask\n" \
-       "	-p	No error if existing, make parent directories as needed"
+       "	-p	No error if existing, make parent directories as needed\n"	\
+	USAGE_SELINUX( \
+       "	-Z	set security context" \
+	)
+
 #define mkdir_example_usage \
        "$ mkdir /tmp/foo\n" \
        "$ mkdir /tmp/foo\n" \
@@ -2019,7 +2032,10 @@
 #define mkfifo_full_usage \
        "Create a named pipe (identical to 'mknod name p')" \
        "\n\nOptions:\n" \
-       "	-m	Create the pipe using the specified mode (default a=rw)"
+       "	-m	Create the pipe using the specified mode (default a=rw)\n" \
+	USAGE_SELINUX( \
+       "	-Z	set security context" \
+	)
 
 #define mkfs_minix_trivial_usage \
        "[-c | -l filename] [-nXX] [-iXX] /dev/name [blocks]"
@@ -2041,7 +2057,11 @@
        "\n\nTYPEs include:\n" \
        "	b:	Make a block (buffered) device\n" \
        "	c or u:	Make a character (un-buffered) device\n" \
-       "	p:	Make a named pipe. MAJOR and MINOR are ignored for named pipes"
+       "	p:	Make a named pipe. MAJOR and MINOR are ignored for named pipes\n" \
+	USAGE_SELINUX( \
+       "	-Z	set security context" \
+	)
+
 #define mknod_example_usage \
        "$ mknod /dev/fd0 b 2 0\n" \
        "$ mknod -m 644 /tmp/pipe p\n"
@@ -2901,6 +2921,9 @@
        "	-f	Display filesystem status\n" \
        "	-L,-l	Dereference links\n" \
        "	-t	Display info in terse form" \
+	USAGE_SELINUX( \
+       "	-Z	print security context\n" \
+	) \
 	USE_FEATURE_STAT_FORMAT( \
        "\n\nValid format sequences for files:\n" \
        " %a	Access rights in octal\n" \
@@ -2935,6 +2958,9 @@
        " %c	Total file nodes in file system\n" \
        " %d	Free file nodes in file system\n" \
        " %f	Free blocks in file system\n" \
+	USAGE_SELINUX( \
+       "	%C	Security context in SELinux\n" \
+	) \
        " %i	File System ID in hex\n" \
        " %l	Maximum length of filenames\n" \
        " %n	File name\n" \

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2007-02-09  9:46 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-02-08  6:54 [PATCH 1/6] busybox -- SELinux option support for coreutils Yuichi Nakamura
     [not found] ` <200702082332.43175.vda.linux@googlemail.com>
2007-02-09  9:47   ` [busybox:00365] " Yuichi Nakamura

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.