* [PATCH 1/8] busybox -- SELinux option support for coreutils: ver3
@ 2007-02-23 8:47 Yuichi Nakamura
[not found] ` <200702241601.14808.vda.linux@googlemail.com>
0 siblings, 1 reply; 3+ messages in thread
From: Yuichi Nakamura @ 2007-02-23 8:47 UTC (permalink / raw)
To: busybox; +Cc: busybox, vda.linux, selinux
[-- Attachment #1: Type: text/plain, Size: 203 bytes --]
[1/8] busybox-coreutils-common-01.v3.patch
- common component for SELinux options, applets
Signed-off-by: Yuichi Nakamura <ynakam@hitachisoft.jp>
Signed-off-by: KaiGai Kohei <kaigai@kaigai.gr.jp>
[-- Attachment #2: busybox-coreutils-common-01.v3.patch --]
[-- Type: application/octet-stream, Size: 9162 bytes --]
Index: include/usage.h
===================================================================
--- include/usage.h (revision 17961)
+++ include/usage.h (working copy)
@@ -198,6 +198,26 @@
" -R Recursively list subdirectories\n" \
" -v Set the file's version/generation number"
+#define chcon_trivial_usage \
+ "[OPTIONS] CONTEXT FILE...\n" \
+ " chcon [OPTIONS] [-u USER] [-r ROLE] [-l RANGE] [-t TYPE] FILE...\n" \
+ " chcon [OPTIONS] --reference=RFILE FILE...\n"
+#define chcon_full_usage \
+ "Change the security context of each FILE to CONTEXT.\n\n" \
+ " -c, --changes like verbose but report only when a change is made\n" \
+ " -h, --no-dereference affect symbolic links instead of any referenced file\n" \
+ " (available only on systems with lchown system call)\n" \
+ " -f, --silent, --quiet suppress most error messages\n" \
+ " --reference=RFILE use RFILE's group instead of using a CONTEXT value\n" \
+ " -u, --user=USER set user USER in the target security context\n" \
+ " -r, --role=ROLE set role ROLE in the target security context\n" \
+ " -t, --type=TYPE set type TYPE in the target security context\n" \
+ " -l, --range=RANGE set range RANGE in the target security context\n" \
+ " -R, --recursive change files and directories recursively\n" \
+ " -v, --verbose output a diagnostic for every file processed\n" \
+ " --help display this help and exit\n" \
+ " --version output version information and exit"
+
#define chgrp_trivial_usage \
"[-Rh"USE_DESKTOP("cvf")"]... GROUP FILE..."
#define chgrp_full_usage \
@@ -388,13 +408,16 @@
"Copy SOURCE to DEST, or multiple SOURCE(s) to DIRECTORY" \
"\n\nOptions:\n" \
" -a Same as -dpR\n" \
+ USAGE_SELINUX( \
+ " -c Preserves security context\n" \
+ ) \
" -d,-P Preserve links\n" \
" -H,-L Dereference all symlinks (implied by default)\n" \
" -p Preserve file attributes if possible\n" \
" -f Force, overwrite\n" \
" -i Interactive, prompt before overwrite\n" \
" -R,-r Copy directories recursively\n" \
- " -l,-s Create (sym)links"
+ " -l,-s Create (sym)links\n"
#define cpio_trivial_usage \
"-[dimtuv][F cpiofile]"
@@ -1299,8 +1322,9 @@
#define id_full_usage \
"Print information for USERNAME or the current user" \
"\n\nOptions:\n" \
- USE_SELINUX( \
- " -c Prints only the security context\n") \
+ USAGE_SELINUX( \
+ " -Z prints only the security context\n" \
+ ) \
" -g Prints only the group ID\n" \
" -u Prints only the user ID\n" \
" -n Print a name instead of a number\n" \
@@ -1519,7 +1543,10 @@
" -m Set permission modes\n" \
" -o Set ownership\n" \
" -p Preserve date\n" \
- " -s Strip symbol tables"
+ " -s Strip symbol tables\n" \
+ USAGE_SELINUX( \
+ " -Z Set security context of copy" \
+ )
#define ip_trivial_usage \
"[OPTIONS] {address | link | route | tunnel | rule} {COMMAND}"
@@ -1829,7 +1856,9 @@
USE_SELINUX( \
"\n -k Print security context") \
USE_SELINUX( \
- "\n -K Print security context in long format")
+ "\n -K Print security context in long format") \
+ USE_SELINUX( \
+ "\n -Z Print security context and permission")
#define lsattr_trivial_usage \
"[-Radlv] [files...]"
@@ -1974,7 +2003,11 @@
"Create the DIRECTORY(ies) if they do not already exist" \
"\n\nOptions:\n" \
" -m Set permission mode (as in chmod), not rwxrwxrwx - umask\n" \
- " -p No error if existing, make parent directories as needed"
+ " -p No error if existing, make parent directories as needed\n" \
+ USAGE_SELINUX( \
+ " -Z set security context" \
+ )
+
#define mkdir_example_usage \
"$ mkdir /tmp/foo\n" \
"$ mkdir /tmp/foo\n" \
@@ -2019,7 +2052,10 @@
#define mkfifo_full_usage \
"Create a named pipe (identical to 'mknod name p')" \
"\n\nOptions:\n" \
- " -m Create the pipe using the specified mode (default a=rw)"
+ " -m Create the pipe using the specified mode (default a=rw)\n" \
+ USAGE_SELINUX( \
+ " -Z set security context" \
+ )
#define mkfs_minix_trivial_usage \
"[-c | -l filename] [-nXX] [-iXX] /dev/name [blocks]"
@@ -2041,7 +2077,11 @@
"\n\nTYPEs include:\n" \
" b: Make a block (buffered) device\n" \
" c or u: Make a character (un-buffered) device\n" \
- " p: Make a named pipe. MAJOR and MINOR are ignored for named pipes"
+ " p: Make a named pipe. MAJOR and MINOR are ignored for named pipes\n" \
+ USAGE_SELINUX( \
+ " -Z set security context" \
+ )
+
#define mknod_example_usage \
"$ mknod /dev/fd0 b 2 0\n" \
"$ mknod -m 644 /tmp/pipe p\n"
@@ -2677,6 +2717,21 @@
#define rpm2cpio_full_usage \
"Output a cpio archive of the rpm file"
+#define runcon_trivial_usage \
+ "[-c] [-u USER] [-r ROLE] [-t TYPE] [-l RANGE] COMMAND [args]\n" \
+ " runcon CONTEXT COMMAND [args]"
+#define runcon_full_usage \
+ "runcon [-c] [-u USER] [-r ROLE] [-t TYPE] [-l RANGE] COMMAND [args]\n" \
+ "runcon CONTEXT COMMAND [args]\n" \
+ "Run a program in a different security context.\n\n" \
+ " CONTEXT Complete security context\n" \
+ " -c, --compute compute process transition context before modifying\n" \
+ " -t, --type=TYPE type (for same role as parent)\n" \
+ " -u, --user=USER user identity\n" \
+ " -r, --role=ROLE role\n" \
+ " -l, --range=RANGE levelrange\n" \
+ " -h, --help display this help and exit"
+
#define run_parts_trivial_usage \
"[-t] [-a ARG] [-u MASK] DIRECTORY"
#define run_parts_full_usage \
@@ -2903,6 +2958,9 @@
" -f Display filesystem status\n" \
" -L,-l Dereference links\n" \
" -t Display info in terse form" \
+ USAGE_SELINUX( \
+ " -Z print security context\n" \
+ ) \
USE_FEATURE_STAT_FORMAT( \
"\n\nValid format sequences for files:\n" \
" %a Access rights in octal\n" \
@@ -2937,6 +2995,9 @@
" %c Total file nodes in file system\n" \
" %d Free file nodes in file system\n" \
" %f Free blocks in file system\n" \
+ USAGE_SELINUX( \
+ " %C Security context in SELinux\n" \
+ ) \
" %i File System ID in hex\n" \
" %l Maximum length of filenames\n" \
" %n File name\n" \
Index: include/applets.h
===================================================================
--- include/applets.h (revision 17961)
+++ include/applets.h (working copy)
@@ -69,6 +69,7 @@
USE_CAT(APPLET(cat, _BB_DIR_BIN, _BB_SUID_NEVER))
USE_CATV(APPLET(catv, _BB_DIR_BIN, _BB_SUID_NEVER))
USE_CHATTR(APPLET(chattr, _BB_DIR_BIN, _BB_SUID_NEVER))
+USE_CHCON(APPLET(chcon, _BB_DIR_USR_BIN, _BB_SUID_NEVER))
USE_CHGRP(APPLET(chgrp, _BB_DIR_BIN, _BB_SUID_NEVER))
USE_CHMOD(APPLET(chmod, _BB_DIR_BIN, _BB_SUID_NEVER))
USE_CHOWN(APPLET(chown, _BB_DIR_BIN, _BB_SUID_NEVER))
@@ -247,6 +248,7 @@
USE_ROUTE(APPLET(route, _BB_DIR_SBIN, _BB_SUID_NEVER))
USE_RPM(APPLET(rpm, _BB_DIR_BIN, _BB_SUID_NEVER))
USE_RPM2CPIO(APPLET(rpm2cpio, _BB_DIR_USR_BIN, _BB_SUID_NEVER))
+USE_RUNCON(APPLET(runcon, _BB_DIR_USR_BIN, _BB_SUID_NEVER))
USE_RUN_PARTS(APPLET_ODDNAME(run-parts, run_parts, _BB_DIR_BIN, _BB_SUID_NEVER, run_parts))
USE_RUNLEVEL(APPLET(runlevel, _BB_DIR_SBIN, _BB_SUID_NEVER))
USE_RUNSV(APPLET(runsv, _BB_DIR_USR_BIN, _BB_SUID_NEVER))
Index: selinux/Kbuild
===================================================================
--- selinux/Kbuild (revision 17961)
+++ selinux/Kbuild (working copy)
@@ -6,8 +6,10 @@
# Licensed under the GPL v2, see the file LICENSE in this tarball.
lib-y:=
+lib-$(CONFIG_CHCON) += chcon.o
lib-$(CONFIG_GETENFORCE) += getenforce.o
lib-$(CONFIG_GETSEBOOL) += getsebool.o
lib-$(CONFIG_MATCHPATHCON) += matchpathcon.o
+lib-$(CONFIG_RUNCON) += runcon.o
lib-$(CONFIG_SELINUXENABLED) += selinuxenabled.o
lib-$(CONFIG_SETENFORCE) += setenforce.o
Index: selinux/Config.in
===================================================================
--- selinux/Config.in (revision 17961)
+++ selinux/Config.in (working copy)
@@ -6,6 +6,20 @@
menu "Selinux Utilities"
depends on SELINUX
+config CHCON
+ bool "chcon"
+ default n
+ depends on SELINUX
+ help
+ Enable support for chcon command as a SELinux utility.
+
+config FEATURE_CHCON_LONG_OPTIONS
+ bool "Enable long options"
+ default y
+ depends on CHCON && GETOPT_LONG
+ help
+ Support long options for the chcon applet.
+
config GETENFORCE
bool "getenforce"
default n
@@ -28,6 +42,20 @@
Enable support to get default security context of the
specified path from the file contexts configuration.
+config RUNCON
+ bool "runcon"
+ default n
+ depends on SELINUX
+ help
+ Enable support for runcon command as a SELinux utility.
+
+config FEATURE_RUNCON_LONG_OPTIONS
+ bool "Enable long options"
+ default y
+ depends on RUNCON && GETOPT_LONG
+ help
+ Support long options for the runcon applet.
+
config SELINUXENABLED
bool "selinuxenabled"
default n
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH 1/8] busybox -- SELinux option support for coreutils: ver3
[not found] ` <200702241601.14808.vda.linux@googlemail.com>
@ 2007-02-26 1:31 ` Yuichi Nakamura
2007-02-26 23:42 ` Yuichi Nakamura
0 siblings, 1 reply; 3+ messages in thread
From: Yuichi Nakamura @ 2007-02-26 1:31 UTC (permalink / raw)
To: Denis Vlasenko; +Cc: ynakam, busybox, busybox, selinux
[-- Attachment #1: Type: text/plain, Size: 1135 bytes --]
Thank you for review!
On Sat, 24 Feb 2007 16:01:14 +0100
Denis Vlasenko wrote:
> On Friday 23 February 2007 09:47, Yuichi Nakamura wrote:
> > [1/8] busybox-coreutils-common-01.v3.patch
> > - common component for SELinux options, applets
> >
> > Signed-off-by: Yuichi Nakamura <ynakam@hitachisoft.jp>
> > Signed-off-by: KaiGai Kohei <kaigai@kaigai.gr.jp>
>
> " -i Interactive, prompt before overwrite\n" \
> " -R,-r Copy directories recursively\n" \
> - " -l,-s Create (sym)links"
> + " -l,-s Create (sym)links\n"
>
> #define cpio_trivial_usage \
>
> Why?
Removed this one.
> USE_RPM2CPIO(APPLET(rpm2cpio, _BB_DIR_USR_BIN, _BB_SUID_NEVER))
> +USE_RUNCON(APPLET(runcon, _BB_DIR_USR_BIN, _BB_SUID_NEVER))
> USE_RUN_PARTS(APPLET_ODDNAME(run-parts, run_parts, _BB_DIR_BIN, _BB_SUID_NEVER, run_parts))
> USE_RUNLEVEL(APPLET(runlevel, _BB_DIR_SBIN, _BB_SUID_NEVER))
>
> *Must* be in ASCII order.
Fixed.
>
>
> --
> vda
Attached is reviesed patch.
--
Yuichi Nakamura
Hitachi Software Engineering Co., Ltd.
SELinux Policy Editor: http://seedit.sourceforge.net/
[-- Attachment #2: busybox-coreutils-common-01.v4.patch --]
[-- Type: application/octet-stream, Size: 10143 bytes --]
Index: include/usage.h
===================================================================
--- include/usage.h (revision 17961)
+++ include/usage.h (working copy)
@@ -198,6 +198,26 @@
" -R Recursively list subdirectories\n" \
" -v Set the file's version/generation number"
+#define chcon_trivial_usage \
+ "[OPTIONS] CONTEXT FILE...\n" \
+ " chcon [OPTIONS] [-u USER] [-r ROLE] [-l RANGE] [-t TYPE] FILE...\n" \
+ " chcon [OPTIONS] --reference=RFILE FILE...\n"
+#define chcon_full_usage \
+ "Change the security context of each FILE to CONTEXT.\n\n" \
+ " -c, --changes like verbose but report only when a change is made\n" \
+ " -h, --no-dereference affect symbolic links instead of any referenced file\n" \
+ " (available only on systems with lchown system call)\n" \
+ " -f, --silent, --quiet suppress most error messages\n" \
+ " --reference=RFILE use RFILE's group instead of using a CONTEXT value\n" \
+ " -u, --user=USER set user USER in the target security context\n" \
+ " -r, --role=ROLE set role ROLE in the target security context\n" \
+ " -t, --type=TYPE set type TYPE in the target security context\n" \
+ " -l, --range=RANGE set range RANGE in the target security context\n" \
+ " -R, --recursive change files and directories recursively\n" \
+ " -v, --verbose output a diagnostic for every file processed\n" \
+ " --help display this help and exit\n" \
+ " --version output version information and exit"
+
#define chgrp_trivial_usage \
"[-Rh"USE_DESKTOP("cvf")"]... GROUP FILE..."
#define chgrp_full_usage \
@@ -388,6 +408,9 @@
"Copy SOURCE to DEST, or multiple SOURCE(s) to DIRECTORY" \
"\n\nOptions:\n" \
" -a Same as -dpR\n" \
+ USAGE_SELINUX( \
+ " -c Preserves security context\n" \
+ ) \
" -d,-P Preserve links\n" \
" -H,-L Dereference all symlinks (implied by default)\n" \
" -p Preserve file attributes if possible\n" \
@@ -1299,8 +1322,9 @@
#define id_full_usage \
"Print information for USERNAME or the current user" \
"\n\nOptions:\n" \
- USE_SELINUX( \
- " -c Prints only the security context\n") \
+ USAGE_SELINUX( \
+ " -Z prints only the security context\n" \
+ ) \
" -g Prints only the group ID\n" \
" -u Prints only the user ID\n" \
" -n Print a name instead of a number\n" \
@@ -1519,7 +1543,10 @@
" -m Set permission modes\n" \
" -o Set ownership\n" \
" -p Preserve date\n" \
- " -s Strip symbol tables"
+ " -s Strip symbol tables\n" \
+ USAGE_SELINUX( \
+ " -Z Set security context of copy" \
+ )
#define ip_trivial_usage \
"[OPTIONS] {address | link | route | tunnel | rule} {COMMAND}"
@@ -1721,6 +1748,15 @@
#define loadkmap_example_usage \
"$ loadkmap < /etc/i18n/lang-keymap\n"
+#define load_policy_trivial_usage \
+ "[bq]"
+#define load_policy_full_usage \
+ "\n\nOptions:\n" \
+ " -b reset the policy boolean values to the saved policy settings.\n" \
+ " -q suppress warning messages."
+#define load_policy_example_usage \
+ "# load_policy\n"
+
#define logger_trivial_usage \
"[OPTION]... [MESSAGE]"
#define logger_full_usage \
@@ -1829,7 +1865,9 @@
USE_SELINUX( \
"\n -k Print security context") \
USE_SELINUX( \
- "\n -K Print security context in long format")
+ "\n -K Print security context in long format") \
+ USE_SELINUX( \
+ "\n -Z Print security context and permission")
#define lsattr_trivial_usage \
"[-Radlv] [files...]"
@@ -1974,7 +2012,11 @@
"Create the DIRECTORY(ies) if they do not already exist" \
"\n\nOptions:\n" \
" -m Set permission mode (as in chmod), not rwxrwxrwx - umask\n" \
- " -p No error if existing, make parent directories as needed"
+ " -p No error if existing, make parent directories as needed\n" \
+ USAGE_SELINUX( \
+ " -Z set security context" \
+ )
+
#define mkdir_example_usage \
"$ mkdir /tmp/foo\n" \
"$ mkdir /tmp/foo\n" \
@@ -2019,7 +2061,10 @@
#define mkfifo_full_usage \
"Create a named pipe (identical to 'mknod name p')" \
"\n\nOptions:\n" \
- " -m Create the pipe using the specified mode (default a=rw)"
+ " -m Create the pipe using the specified mode (default a=rw)\n" \
+ USAGE_SELINUX( \
+ " -Z set security context" \
+ )
#define mkfs_minix_trivial_usage \
"[-c | -l filename] [-nXX] [-iXX] /dev/name [blocks]"
@@ -2041,7 +2086,11 @@
"\n\nTYPEs include:\n" \
" b: Make a block (buffered) device\n" \
" c or u: Make a character (un-buffered) device\n" \
- " p: Make a named pipe. MAJOR and MINOR are ignored for named pipes"
+ " p: Make a named pipe. MAJOR and MINOR are ignored for named pipes\n" \
+ USAGE_SELINUX( \
+ " -Z set security context" \
+ )
+
#define mknod_example_usage \
"$ mknod /dev/fd0 b 2 0\n" \
"$ mknod -m 644 /tmp/pipe p\n"
@@ -2677,6 +2726,21 @@
#define rpm2cpio_full_usage \
"Output a cpio archive of the rpm file"
+#define runcon_trivial_usage \
+ "[-c] [-u USER] [-r ROLE] [-t TYPE] [-l RANGE] COMMAND [args]\n" \
+ " runcon CONTEXT COMMAND [args]"
+#define runcon_full_usage \
+ "runcon [-c] [-u USER] [-r ROLE] [-t TYPE] [-l RANGE] COMMAND [args]\n" \
+ "runcon CONTEXT COMMAND [args]\n" \
+ "Run a program in a different security context.\n\n" \
+ " CONTEXT Complete security context\n" \
+ " -c, --compute compute process transition context before modifying\n" \
+ " -t, --type=TYPE type (for same role as parent)\n" \
+ " -u, --user=USER user identity\n" \
+ " -r, --role=ROLE role\n" \
+ " -l, --range=RANGE levelrange\n" \
+ " -h, --help display this help and exit"
+
#define run_parts_trivial_usage \
"[-t] [-a ARG] [-u MASK] DIRECTORY"
#define run_parts_full_usage \
@@ -2903,6 +2967,9 @@
" -f Display filesystem status\n" \
" -L,-l Dereference links\n" \
" -t Display info in terse form" \
+ USAGE_SELINUX( \
+ " -Z print security context\n" \
+ ) \
USE_FEATURE_STAT_FORMAT( \
"\n\nValid format sequences for files:\n" \
" %a Access rights in octal\n" \
@@ -2937,6 +3004,9 @@
" %c Total file nodes in file system\n" \
" %d Free file nodes in file system\n" \
" %f Free blocks in file system\n" \
+ USAGE_SELINUX( \
+ " %C Security context in SELinux\n" \
+ ) \
" %i File System ID in hex\n" \
" %l Maximum length of filenames\n" \
" %n File name\n" \
Index: include/applets.h
===================================================================
--- include/applets.h (revision 17961)
+++ include/applets.h (working copy)
@@ -69,6 +69,7 @@
USE_CAT(APPLET(cat, _BB_DIR_BIN, _BB_SUID_NEVER))
USE_CATV(APPLET(catv, _BB_DIR_BIN, _BB_SUID_NEVER))
USE_CHATTR(APPLET(chattr, _BB_DIR_BIN, _BB_SUID_NEVER))
+USE_CHCON(APPLET(chcon, _BB_DIR_USR_BIN, _BB_SUID_NEVER))
USE_CHGRP(APPLET(chgrp, _BB_DIR_BIN, _BB_SUID_NEVER))
USE_CHMOD(APPLET(chmod, _BB_DIR_BIN, _BB_SUID_NEVER))
USE_CHOWN(APPLET(chown, _BB_DIR_BIN, _BB_SUID_NEVER))
@@ -180,6 +181,7 @@
USE_LN(APPLET(ln, _BB_DIR_BIN, _BB_SUID_NEVER))
USE_LOADFONT(APPLET(loadfont, _BB_DIR_USR_BIN, _BB_SUID_NEVER))
USE_LOADKMAP(APPLET(loadkmap, _BB_DIR_SBIN, _BB_SUID_NEVER))
+USE_LOAD_POLICY(APPLET(load_policy, _BB_DIR_USR_SBIN, _BB_SUID_NEVER))
USE_LOGGER(APPLET(logger, _BB_DIR_USR_BIN, _BB_SUID_NEVER))
USE_LOGIN(APPLET(login, _BB_DIR_BIN, _BB_SUID_ALWAYS))
USE_LOGNAME(APPLET(logname, _BB_DIR_USR_BIN, _BB_SUID_NEVER))
@@ -248,6 +250,7 @@
USE_RPM(APPLET(rpm, _BB_DIR_BIN, _BB_SUID_NEVER))
USE_RPM2CPIO(APPLET(rpm2cpio, _BB_DIR_USR_BIN, _BB_SUID_NEVER))
USE_RUN_PARTS(APPLET_ODDNAME(run-parts, run_parts, _BB_DIR_BIN, _BB_SUID_NEVER, run_parts))
+USE_RUNCON(APPLET(runcon, _BB_DIR_USR_BIN, _BB_SUID_NEVER))
USE_RUNLEVEL(APPLET(runlevel, _BB_DIR_SBIN, _BB_SUID_NEVER))
USE_RUNSV(APPLET(runsv, _BB_DIR_USR_BIN, _BB_SUID_NEVER))
USE_RUNSVDIR(APPLET(runsvdir, _BB_DIR_USR_BIN, _BB_SUID_NEVER))
Index: selinux/Kbuild
===================================================================
--- selinux/Kbuild (revision 17961)
+++ selinux/Kbuild (working copy)
@@ -6,8 +6,11 @@
# Licensed under the GPL v2, see the file LICENSE in this tarball.
lib-y:=
+lib-$(CONFIG_CHCON) += chcon.o
lib-$(CONFIG_GETENFORCE) += getenforce.o
lib-$(CONFIG_GETSEBOOL) += getsebool.o
+lib-$(CONFIG_LOAD_POLICY) += load_policy.o
lib-$(CONFIG_MATCHPATHCON) += matchpathcon.o
+lib-$(CONFIG_RUNCON) += runcon.o
lib-$(CONFIG_SELINUXENABLED) += selinuxenabled.o
lib-$(CONFIG_SETENFORCE) += setenforce.o
Index: selinux/Config.in
===================================================================
--- selinux/Config.in (revision 17961)
+++ selinux/Config.in (working copy)
@@ -6,6 +6,20 @@
menu "Selinux Utilities"
depends on SELINUX
+config CHCON
+ bool "chcon"
+ default n
+ depends on SELINUX
+ help
+ Enable support for chcon command as a SELinux utility.
+
+config FEATURE_CHCON_LONG_OPTIONS
+ bool "Enable long options"
+ default y
+ depends on CHCON && GETOPT_LONG
+ help
+ Support long options for the chcon applet.
+
config GETENFORCE
bool "getenforce"
default n
@@ -20,6 +34,13 @@
help
Enable support to get SELinux boolean values.
+config LOAD_POLICY
+ bool "load_policy"
+ default n
+ depends on SELINUX
+ help
+ Enable support to load SELinux policy.
+
config MATCHPATHCON
bool "matchpathcon"
default n
@@ -28,6 +49,20 @@
Enable support to get default security context of the
specified path from the file contexts configuration.
+config RUNCON
+ bool "runcon"
+ default n
+ depends on SELINUX
+ help
+ Enable support for runcon command as a SELinux utility.
+
+config FEATURE_RUNCON_LONG_OPTIONS
+ bool "Enable long options"
+ default y
+ depends on RUNCON && GETOPT_LONG
+ help
+ Support long options for the runcon applet.
+
config SELINUXENABLED
bool "selinuxenabled"
default n
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH 1/8] busybox -- SELinux option support for coreutils: ver3
2007-02-26 1:31 ` Yuichi Nakamura
@ 2007-02-26 23:42 ` Yuichi Nakamura
0 siblings, 0 replies; 3+ messages in thread
From: Yuichi Nakamura @ 2007-02-26 23:42 UTC (permalink / raw)
To: busybox; +Cc: Denis Vlasenko, selinux, busybox
[-- Attachment #1: Type: text/plain, Size: 1599 bytes --]
In previous patch,
definitions about another SELinux-related applet was included.
I am sorry, and I've removed that one.
Please use attached patch instead of busybox-coreutils-common-01.v4.patch.
On Mon, 26 Feb 2007 10:31:14 +0900
Yuichi Nakamura wrote:
> Thank you for review!
>
> On Sat, 24 Feb 2007 16:01:14 +0100
> Denis Vlasenko wrote:
> > On Friday 23 February 2007 09:47, Yuichi Nakamura wrote:
> > > [1/8] busybox-coreutils-common-01.v3.patch
> > > - common component for SELinux options, applets
> > >
> > > Signed-off-by: Yuichi Nakamura <ynakam@hitachisoft.jp>
> > > Signed-off-by: KaiGai Kohei <kaigai@kaigai.gr.jp>
> >
> > " -i Interactive, prompt before overwrite\n" \
> > " -R,-r Copy directories recursively\n" \
> > - " -l,-s Create (sym)links"
> > + " -l,-s Create (sym)links\n"
> >
> > #define cpio_trivial_usage \
> >
> > Why?
> Removed this one.
>
> > USE_RPM2CPIO(APPLET(rpm2cpio, _BB_DIR_USR_BIN, _BB_SUID_NEVER))
> > +USE_RUNCON(APPLET(runcon, _BB_DIR_USR_BIN, _BB_SUID_NEVER))
> > USE_RUN_PARTS(APPLET_ODDNAME(run-parts, run_parts, _BB_DIR_BIN, _BB_SUID_NEVER, run_parts))
> > USE_RUNLEVEL(APPLET(runlevel, _BB_DIR_SBIN, _BB_SUID_NEVER))
> >
> > *Must* be in ASCII order.
> Fixed.
>
>
> >
> >
> > --
> > vda
>
> Attached is reviesed patch.
>
>
> --
> Yuichi Nakamura
> Hitachi Software Engineering Co., Ltd.
> SELinux Policy Editor: http://seedit.sourceforge.net/
>
>
--
Yuichi Nakamura
Hitachi Software Engineering Co., Ltd.
SELinux Policy Editor: http://seedit.sourceforge.net/
[-- Attachment #2: busybox-coreutils-common-01.v5.patch --]
[-- Type: application/octet-stream, Size: 8893 bytes --]
Index: include/usage.h
===================================================================
--- include/usage.h (revision 17961)
+++ include/usage.h (working copy)
@@ -198,6 +198,26 @@
" -R Recursively list subdirectories\n" \
" -v Set the file's version/generation number"
+#define chcon_trivial_usage \
+ "[OPTIONS] CONTEXT FILE...\n" \
+ " chcon [OPTIONS] [-u USER] [-r ROLE] [-l RANGE] [-t TYPE] FILE...\n" \
+ " chcon [OPTIONS] --reference=RFILE FILE...\n"
+#define chcon_full_usage \
+ "Change the security context of each FILE to CONTEXT.\n\n" \
+ " -c, --changes like verbose but report only when a change is made\n" \
+ " -h, --no-dereference affect symbolic links instead of any referenced file\n" \
+ " (available only on systems with lchown system call)\n" \
+ " -f, --silent, --quiet suppress most error messages\n" \
+ " --reference=RFILE use RFILE's group instead of using a CONTEXT value\n" \
+ " -u, --user=USER set user USER in the target security context\n" \
+ " -r, --role=ROLE set role ROLE in the target security context\n" \
+ " -t, --type=TYPE set type TYPE in the target security context\n" \
+ " -l, --range=RANGE set range RANGE in the target security context\n" \
+ " -R, --recursive change files and directories recursively\n" \
+ " -v, --verbose output a diagnostic for every file processed\n" \
+ " --help display this help and exit\n" \
+ " --version output version information and exit"
+
#define chgrp_trivial_usage \
"[-Rh"USE_DESKTOP("cvf")"]... GROUP FILE..."
#define chgrp_full_usage \
@@ -388,6 +408,9 @@
"Copy SOURCE to DEST, or multiple SOURCE(s) to DIRECTORY" \
"\n\nOptions:\n" \
" -a Same as -dpR\n" \
+ USAGE_SELINUX( \
+ " -c Preserves security context\n" \
+ ) \
" -d,-P Preserve links\n" \
" -H,-L Dereference all symlinks (implied by default)\n" \
" -p Preserve file attributes if possible\n" \
@@ -1299,8 +1322,9 @@
#define id_full_usage \
"Print information for USERNAME or the current user" \
"\n\nOptions:\n" \
- USE_SELINUX( \
- " -c Prints only the security context\n") \
+ USAGE_SELINUX( \
+ " -Z prints only the security context\n" \
+ ) \
" -g Prints only the group ID\n" \
" -u Prints only the user ID\n" \
" -n Print a name instead of a number\n" \
@@ -1519,7 +1543,10 @@
" -m Set permission modes\n" \
" -o Set ownership\n" \
" -p Preserve date\n" \
- " -s Strip symbol tables"
+ " -s Strip symbol tables\n" \
+ USAGE_SELINUX( \
+ " -Z Set security context of copy" \
+ )
#define ip_trivial_usage \
"[OPTIONS] {address | link | route | tunnel | rule} {COMMAND}"
@@ -1829,7 +1856,9 @@
USE_SELINUX( \
"\n -k Print security context") \
USE_SELINUX( \
- "\n -K Print security context in long format")
+ "\n -K Print security context in long format") \
+ USE_SELINUX( \
+ "\n -Z Print security context and permission")
#define lsattr_trivial_usage \
"[-Radlv] [files...]"
@@ -1974,7 +2003,11 @@
"Create the DIRECTORY(ies) if they do not already exist" \
"\n\nOptions:\n" \
" -m Set permission mode (as in chmod), not rwxrwxrwx - umask\n" \
- " -p No error if existing, make parent directories as needed"
+ " -p No error if existing, make parent directories as needed\n" \
+ USAGE_SELINUX( \
+ " -Z set security context" \
+ )
+
#define mkdir_example_usage \
"$ mkdir /tmp/foo\n" \
"$ mkdir /tmp/foo\n" \
@@ -2019,7 +2052,10 @@
#define mkfifo_full_usage \
"Create a named pipe (identical to 'mknod name p')" \
"\n\nOptions:\n" \
- " -m Create the pipe using the specified mode (default a=rw)"
+ " -m Create the pipe using the specified mode (default a=rw)\n" \
+ USAGE_SELINUX( \
+ " -Z set security context" \
+ )
#define mkfs_minix_trivial_usage \
"[-c | -l filename] [-nXX] [-iXX] /dev/name [blocks]"
@@ -2041,7 +2077,11 @@
"\n\nTYPEs include:\n" \
" b: Make a block (buffered) device\n" \
" c or u: Make a character (un-buffered) device\n" \
- " p: Make a named pipe. MAJOR and MINOR are ignored for named pipes"
+ " p: Make a named pipe. MAJOR and MINOR are ignored for named pipes\n" \
+ USAGE_SELINUX( \
+ " -Z set security context" \
+ )
+
#define mknod_example_usage \
"$ mknod /dev/fd0 b 2 0\n" \
"$ mknod -m 644 /tmp/pipe p\n"
@@ -2677,6 +2717,21 @@
#define rpm2cpio_full_usage \
"Output a cpio archive of the rpm file"
+#define runcon_trivial_usage \
+ "[-c] [-u USER] [-r ROLE] [-t TYPE] [-l RANGE] COMMAND [args]\n" \
+ " runcon CONTEXT COMMAND [args]"
+#define runcon_full_usage \
+ "runcon [-c] [-u USER] [-r ROLE] [-t TYPE] [-l RANGE] COMMAND [args]\n" \
+ "runcon CONTEXT COMMAND [args]\n" \
+ "Run a program in a different security context.\n\n" \
+ " CONTEXT Complete security context\n" \
+ " -c, --compute compute process transition context before modifying\n" \
+ " -t, --type=TYPE type (for same role as parent)\n" \
+ " -u, --user=USER user identity\n" \
+ " -r, --role=ROLE role\n" \
+ " -l, --range=RANGE levelrange\n" \
+ " -h, --help display this help and exit"
+
#define run_parts_trivial_usage \
"[-t] [-a ARG] [-u MASK] DIRECTORY"
#define run_parts_full_usage \
@@ -2903,6 +2958,9 @@
" -f Display filesystem status\n" \
" -L,-l Dereference links\n" \
" -t Display info in terse form" \
+ USAGE_SELINUX( \
+ " -Z print security context\n" \
+ ) \
USE_FEATURE_STAT_FORMAT( \
"\n\nValid format sequences for files:\n" \
" %a Access rights in octal\n" \
@@ -2937,6 +2995,9 @@
" %c Total file nodes in file system\n" \
" %d Free file nodes in file system\n" \
" %f Free blocks in file system\n" \
+ USAGE_SELINUX( \
+ " %C Security context in SELinux\n" \
+ ) \
" %i File System ID in hex\n" \
" %l Maximum length of filenames\n" \
" %n File name\n" \
Index: include/applets.h
===================================================================
--- include/applets.h (revision 17961)
+++ include/applets.h (working copy)
@@ -69,6 +69,7 @@
USE_CAT(APPLET(cat, _BB_DIR_BIN, _BB_SUID_NEVER))
USE_CATV(APPLET(catv, _BB_DIR_BIN, _BB_SUID_NEVER))
USE_CHATTR(APPLET(chattr, _BB_DIR_BIN, _BB_SUID_NEVER))
+USE_CHCON(APPLET(chcon, _BB_DIR_USR_BIN, _BB_SUID_NEVER))
USE_CHGRP(APPLET(chgrp, _BB_DIR_BIN, _BB_SUID_NEVER))
USE_CHMOD(APPLET(chmod, _BB_DIR_BIN, _BB_SUID_NEVER))
USE_CHOWN(APPLET(chown, _BB_DIR_BIN, _BB_SUID_NEVER))
@@ -248,6 +249,7 @@
USE_RPM(APPLET(rpm, _BB_DIR_BIN, _BB_SUID_NEVER))
USE_RPM2CPIO(APPLET(rpm2cpio, _BB_DIR_USR_BIN, _BB_SUID_NEVER))
USE_RUN_PARTS(APPLET_ODDNAME(run-parts, run_parts, _BB_DIR_BIN, _BB_SUID_NEVER, run_parts))
+USE_RUNCON(APPLET(runcon, _BB_DIR_USR_BIN, _BB_SUID_NEVER))
USE_RUNLEVEL(APPLET(runlevel, _BB_DIR_SBIN, _BB_SUID_NEVER))
USE_RUNSV(APPLET(runsv, _BB_DIR_USR_BIN, _BB_SUID_NEVER))
USE_RUNSVDIR(APPLET(runsvdir, _BB_DIR_USR_BIN, _BB_SUID_NEVER))
Index: selinux/Kbuild
===================================================================
--- selinux/Kbuild (revision 17961)
+++ selinux/Kbuild (working copy)
@@ -6,8 +6,10 @@
# Licensed under the GPL v2, see the file LICENSE in this tarball.
lib-y:=
+lib-$(CONFIG_CHCON) += chcon.o
lib-$(CONFIG_GETENFORCE) += getenforce.o
lib-$(CONFIG_GETSEBOOL) += getsebool.o
lib-$(CONFIG_MATCHPATHCON) += matchpathcon.o
+lib-$(CONFIG_RUNCON) += runcon.o
lib-$(CONFIG_SELINUXENABLED) += selinuxenabled.o
lib-$(CONFIG_SETENFORCE) += setenforce.o
Index: selinux/Config.in
===================================================================
--- selinux/Config.in (revision 17961)
+++ selinux/Config.in (working copy)
@@ -6,6 +6,20 @@
menu "Selinux Utilities"
depends on SELINUX
+config CHCON
+ bool "chcon"
+ default n
+ depends on SELINUX
+ help
+ Enable support for chcon command as a SELinux utility.
+
+config FEATURE_CHCON_LONG_OPTIONS
+ bool "Enable long options"
+ default y
+ depends on CHCON && GETOPT_LONG
+ help
+ Support long options for the chcon applet.
+
config GETENFORCE
bool "getenforce"
default n
@@ -28,6 +42,20 @@
Enable support to get default security context of the
specified path from the file contexts configuration.
+config RUNCON
+ bool "runcon"
+ default n
+ depends on SELINUX
+ help
+ Enable support for runcon command as a SELinux utility.
+
+config FEATURE_RUNCON_LONG_OPTIONS
+ bool "Enable long options"
+ default y
+ depends on RUNCON && GETOPT_LONG
+ help
+ Support long options for the runcon applet.
+
config SELINUXENABLED
bool "selinuxenabled"
default n
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2007-02-26 23:41 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-02-23 8:47 [PATCH 1/8] busybox -- SELinux option support for coreutils: ver3 Yuichi Nakamura
[not found] ` <200702241601.14808.vda.linux@googlemail.com>
2007-02-26 1:31 ` Yuichi Nakamura
2007-02-26 23:42 ` Yuichi Nakamura
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.