|
Tim Waugh |
327524 |
--- coreutils-6.7/tests/help-version.selinux 2007-01-09 18:47:03.000000000 +0000
|
|
Tim Waugh |
327524 |
+++ coreutils-6.7/tests/help-version 2007-01-09 18:47:04.000000000 +0000
|
|
Tim Waugh |
d66c4d |
@@ -72,6 +72,8 @@
|
|
Tim Waugh |
d66c4d |
|
|
Tim Waugh |
d66c4d |
# Skip `test'; it doesn't accept --help or --version.
|
|
Tim Waugh |
d66c4d |
test $i = test && continue;
|
|
Tim Waugh |
d66c4d |
+ test $i = chcon && continue;
|
|
Tim Waugh |
d66c4d |
+ test $i = runcon && continue;
|
|
Tim Waugh |
d66c4d |
|
|
Tim Waugh |
d66c4d |
# false fails even when invoked with --help or --version.
|
|
Tim Waugh |
d66c4d |
if test $i = false; then
|
|
Tim Waugh |
d66c4d |
@@ -198,7 +200,7 @@
|
|
Tim Waugh |
d66c4d |
|
|
Tim Waugh |
d66c4d |
for i in $all_programs; do
|
|
Tim Waugh |
d66c4d |
# Skip these.
|
|
Tim Waugh |
d66c4d |
- case $i in chroot|stty|tty|false) continue;; esac
|
|
Tim Waugh |
d66c4d |
+ case $i in chroot|stty|tty|false|chcon|runcon) continue;; esac
|
|
Tim Waugh |
d66c4d |
|
|
Tim Waugh |
d66c4d |
rm -rf $tmp_in $tmp_in2 $tmp_dir $tmp_out
|
|
Tim Waugh |
d66c4d |
echo > $tmp_in
|
|
Tim Waugh |
d66c4d |
--- coreutils-6.7/src/ls.c.selinux 2006-11-27 10:25:51.000000000 +0000
|
|
Tim Waugh |
327524 |
+++ coreutils-6.7/src/ls.c 2007-01-10 14:01:08.000000000 +0000
|
|
Tim Waugh |
d66c4d |
@@ -110,6 +110,18 @@
|
|
Tim Waugh |
d66c4d |
|
|
Tim Waugh |
d66c4d |
#define AUTHORS "Richard Stallman", "David MacKenzie"
|
|
Tim Waugh |
d66c4d |
|
|
Tim Waugh |
d66c4d |
+#ifdef WITH_SELINUX
|
|
cvsdist |
4d15f3 |
+#include <selinux/selinux.h>
|
|
Daniel J Walsh |
129baa |
+
|
|
Tim Waugh |
d66c4d |
+static int print_scontext = 0;
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+
|
|
Tim Waugh |
d66c4d |
+#endif
|
|
Daniel J Walsh |
129baa |
+
|
|
Tim Waugh |
d66c4d |
#define obstack_chunk_alloc malloc
|
|
Tim Waugh |
d66c4d |
#define obstack_chunk_free free
|
|
Tim Waugh |
d66c4d |
|
|
Tim Waugh |
d66c4d |
@@ -132,7 +144,8 @@
|
|
Tim Waugh |
d66c4d |
symbolic_link,
|
|
Tim Waugh |
d66c4d |
sock,
|
|
Tim Waugh |
d66c4d |
whiteout,
|
|
Tim Waugh |
d66c4d |
- arg_directory
|
|
Tim Waugh |
d66c4d |
+ arg_directory,
|
|
Tim Waugh |
d66c4d |
+ command_line
|
|
Tim Waugh |
d66c4d |
};
|
|
Tim Waugh |
d66c4d |
|
|
Tim Waugh |
d66c4d |
/* Display letters and indicators for each filetype.
|
|
Tim Waugh |
d66c4d |
@@ -175,6 +188,10 @@
|
|
Tim Waugh |
d66c4d |
/* For long listings, true if the file has an access control list. */
|
|
Tim Waugh |
d66c4d |
bool have_acl;
|
|
Tim Waugh |
d66c4d |
#endif
|
|
Tim Waugh |
5505e2 |
+
|
|
Tim Waugh |
d66c4d |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
d66c4d |
+ security_context_t scontext;
|
|
Tim Waugh |
d66c4d |
+#endif
|
|
Tim Waugh |
d66c4d |
};
|
|
Tim Waugh |
d66c4d |
|
|
Tim Waugh |
d66c4d |
#if USE_ACL
|
|
Tim Waugh |
d66c4d |
@@ -245,6 +262,9 @@
|
|
Tim Waugh |
d66c4d |
static void sort_files (void);
|
|
Tim Waugh |
d66c4d |
static void parse_ls_color (void);
|
|
Tim Waugh |
d66c4d |
void usage (int status);
|
|
Tim Waugh |
d66c4d |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
d66c4d |
+static void print_scontext_format (const struct fileinfo *f);
|
|
Tim Waugh |
d66c4d |
+#endif
|
|
Tim Waugh |
d66c4d |
|
|
Tim Waugh |
d66c4d |
/* The name this program was run with. */
|
|
Tim Waugh |
d66c4d |
char *program_name;
|
|
Tim Waugh |
d66c4d |
@@ -353,7 +373,11 @@
|
|
Tim Waugh |
d66c4d |
one_per_line, /* -1 */
|
|
Tim Waugh |
d66c4d |
many_per_line, /* -C */
|
|
Tim Waugh |
d66c4d |
horizontal, /* -x */
|
|
Tim Waugh |
d66c4d |
- with_commas /* -m */
|
|
Tim Waugh |
d66c4d |
+ with_commas, /* -m */
|
|
Tim Waugh |
d66c4d |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
d66c4d |
+ security_format, /* -Z */
|
|
Tim Waugh |
d66c4d |
+#endif
|
|
Tim Waugh |
d66c4d |
+ invalid_format
|
|
Tim Waugh |
d66c4d |
};
|
|
Tim Waugh |
d66c4d |
|
|
Tim Waugh |
d66c4d |
static enum format format;
|
|
Tim Waugh |
d66c4d |
@@ -734,6 +758,11 @@
|
|
Tim Waugh |
d66c4d |
SHOW_CONTROL_CHARS_OPTION,
|
|
Tim Waugh |
d66c4d |
SI_OPTION,
|
|
Tim Waugh |
d66c4d |
SORT_OPTION,
|
|
Tim Waugh |
d66c4d |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
d66c4d |
+ CONTEXT_OPTION,
|
|
Tim Waugh |
d66c4d |
+ LCONTEXT_OPTION,
|
|
Tim Waugh |
d66c4d |
+ SCONTEXT_OPTION,
|
|
Tim Waugh |
d66c4d |
+#endif
|
|
Tim Waugh |
d66c4d |
TIME_OPTION,
|
|
Tim Waugh |
d66c4d |
TIME_STYLE_OPTION
|
|
Tim Waugh |
d66c4d |
};
|
|
Tim Waugh |
d66c4d |
@@ -780,6 +809,11 @@
|
|
Tim Waugh |
d66c4d |
{"time-style", required_argument, NULL, TIME_STYLE_OPTION},
|
|
Tim Waugh |
d66c4d |
{"color", optional_argument, NULL, COLOR_OPTION},
|
|
Tim Waugh |
d66c4d |
{"block-size", required_argument, NULL, BLOCK_SIZE_OPTION},
|
|
Tim Waugh |
d66c4d |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
d66c4d |
+ {"context", no_argument, 0, CONTEXT_OPTION},
|
|
Tim Waugh |
d66c4d |
+ {"lcontext", no_argument, 0, LCONTEXT_OPTION},
|
|
Tim Waugh |
d66c4d |
+ {"scontext", no_argument, 0, SCONTEXT_OPTION},
|
|
Tim Waugh |
d66c4d |
+#endif
|
|
Tim Waugh |
d66c4d |
{"author", no_argument, NULL, AUTHOR_OPTION},
|
|
Tim Waugh |
d66c4d |
{GETOPT_HELP_OPTION_DECL},
|
|
Tim Waugh |
d66c4d |
{GETOPT_VERSION_OPTION_DECL},
|
|
Tim Waugh |
d66c4d |
@@ -789,12 +823,19 @@
|
|
Tim Waugh |
d66c4d |
static char const *const format_args[] =
|
|
Tim Waugh |
d66c4d |
{
|
|
Tim Waugh |
d66c4d |
"verbose", "long", "commas", "horizontal", "across",
|
|
Tim Waugh |
d66c4d |
- "vertical", "single-column", NULL
|
|
Tim Waugh |
d66c4d |
+ "vertical", "single-column",
|
|
Tim Waugh |
d66c4d |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
d66c4d |
+ "context",
|
|
Tim Waugh |
d66c4d |
+#endif
|
|
Tim Waugh |
d66c4d |
+ NULL
|
|
Tim Waugh |
d66c4d |
};
|
|
Tim Waugh |
d66c4d |
static enum format const format_types[] =
|
|
Tim Waugh |
d66c4d |
{
|
|
Tim Waugh |
d66c4d |
long_format, long_format, with_commas, horizontal, horizontal,
|
|
Tim Waugh |
d66c4d |
many_per_line, one_per_line
|
|
Tim Waugh |
d66c4d |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
d66c4d |
+ , security_format
|
|
Tim Waugh |
d66c4d |
+#endif
|
|
Tim Waugh |
d66c4d |
};
|
|
Tim Waugh |
d66c4d |
ARGMATCH_VERIFY (format_args, format_types);
|
|
Tim Waugh |
d66c4d |
|
|
Tim Waugh |
d66c4d |
@@ -1218,6 +1259,9 @@
|
|
Tim Waugh |
d66c4d |
|
|
Tim Waugh |
d66c4d |
format_needs_stat = sort_type == sort_time || sort_type == sort_size
|
|
Tim Waugh |
d66c4d |
|| format == long_format
|
|
Tim Waugh |
d66c4d |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
d66c4d |
+ || format == security_format || print_scontext
|
|
Tim Waugh |
d66c4d |
+#endif
|
|
Tim Waugh |
d66c4d |
|| print_block_size;
|
|
Tim Waugh |
d66c4d |
format_needs_type = (! format_needs_stat
|
|
Tim Waugh |
d66c4d |
&& (recursive
|
|
Tim Waugh |
d66c4d |
@@ -1248,7 +1292,7 @@
|
|
Tim Waugh |
d66c4d |
}
|
|
Tim Waugh |
d66c4d |
else
|
|
Tim Waugh |
d66c4d |
do
|
|
Tim Waugh |
d66c4d |
- gobble_file (argv[i++], unknown, NOT_AN_INODE_NUMBER, true, "");
|
|
Tim Waugh |
d66c4d |
+ gobble_file (argv[i++], command_line, NOT_AN_INODE_NUMBER, true, "");
|
|
Tim Waugh |
d66c4d |
while (i < argc);
|
|
Tim Waugh |
d66c4d |
|
|
Tim Waugh |
d66c4d |
if (files_index)
|
|
Tim Waugh |
d66c4d |
@@ -1411,6 +1455,9 @@
|
|
Tim Waugh |
d66c4d |
ignore_mode = IGNORE_DEFAULT;
|
|
Tim Waugh |
d66c4d |
ignore_patterns = NULL;
|
|
Tim Waugh |
d66c4d |
hide_patterns = NULL;
|
|
Tim Waugh |
d66c4d |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
d66c4d |
+ print_scontext = 0;
|
|
Tim Waugh |
d66c4d |
+#endif
|
|
Tim Waugh |
d66c4d |
|
|
Tim Waugh |
d66c4d |
/* FIXME: put this in a function. */
|
|
Tim Waugh |
d66c4d |
{
|
|
Tim Waugh |
d66c4d |
@@ -1486,7 +1533,7 @@
|
|
Tim Waugh |
d66c4d |
}
|
|
Tim Waugh |
d66c4d |
|
|
Tim Waugh |
d66c4d |
while ((c = getopt_long (argc, argv,
|
|
Tim Waugh |
d66c4d |
- "abcdfghiklmnopqrstuvw:xABCDFGHI:LNQRST:UX1",
|
|
Tim Waugh |
d66c4d |
+ "abcdfghiklmnopqrstuvw:xABCDFGHI:LNQRST:UX1Z",
|
|
Tim Waugh |
d66c4d |
long_options, NULL)) != -1)
|
|
Tim Waugh |
d66c4d |
{
|
|
Tim Waugh |
d66c4d |
switch (c)
|
|
Tim Waugh |
d66c4d |
@@ -1609,6 +1656,13 @@
|
|
Tim Waugh |
d66c4d |
format = horizontal;
|
|
Tim Waugh |
d66c4d |
break;
|
|
Tim Waugh |
d66c4d |
|
|
Tim Waugh |
d66c4d |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
d66c4d |
+ case 'Z':
|
|
Tim Waugh |
5505e2 |
+
|
|
Tim Waugh |
d66c4d |
+ print_scontext = 1;
|
|
Tim Waugh |
d66c4d |
+ format = security_format;
|
|
Tim Waugh |
d66c4d |
+ break;
|
|
Tim Waugh |
d66c4d |
+#endif
|
|
Tim Waugh |
d66c4d |
case 'A':
|
|
Tim Waugh |
d66c4d |
if (ignore_mode == IGNORE_DEFAULT)
|
|
Tim Waugh |
d66c4d |
ignore_mode = IGNORE_DOT_AND_DOTDOT;
|
|
Tim Waugh |
d66c4d |
@@ -1789,6 +1843,25 @@
|
|
Tim Waugh |
d66c4d |
|
|
Tim Waugh |
d66c4d |
case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
|
|
Tim Waugh |
d66c4d |
|
|
Tim Waugh |
d66c4d |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
5505e2 |
+
|
|
Tim Waugh |
d66c4d |
+ case CONTEXT_OPTION: /* new security format */
|
|
Tim Waugh |
5505e2 |
+
|
|
Tim Waugh |
d66c4d |
+ print_scontext = 1;
|
|
Tim Waugh |
d66c4d |
+ format = security_format;
|
|
Tim Waugh |
d66c4d |
+ break;
|
|
Tim Waugh |
d66c4d |
+ case LCONTEXT_OPTION: /* long format plus security context */
|
|
Tim Waugh |
5505e2 |
+
|
|
Tim Waugh |
d66c4d |
+ print_scontext = 1;
|
|
Tim Waugh |
d66c4d |
+ format = long_format;
|
|
Tim Waugh |
d66c4d |
+ break;
|
|
Tim Waugh |
d66c4d |
+ case SCONTEXT_OPTION: /* short form of new security format */
|
|
Tim Waugh |
5505e2 |
+
|
|
Tim Waugh |
d66c4d |
+ print_scontext = 0;
|
|
Tim Waugh |
d66c4d |
+ format = security_format;
|
|
Tim Waugh |
d66c4d |
+ break;
|
|
Tim Waugh |
d66c4d |
+#endif
|
|
Tim Waugh |
5505e2 |
+
|
|
Tim Waugh |
d66c4d |
default:
|
|
Tim Waugh |
d66c4d |
usage (LS_FAILURE);
|
|
Tim Waugh |
d66c4d |
}
|
|
Tim Waugh |
d66c4d |
@@ -2485,6 +2558,12 @@
|
|
Tim Waugh |
d66c4d |
{
|
|
Tim Waugh |
d66c4d |
free (files[i].name);
|
|
Tim Waugh |
d66c4d |
free (files[i].linkname);
|
|
Tim Waugh |
d66c4d |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
d66c4d |
+ if (files[i].scontext) {
|
|
Tim Waugh |
d66c4d |
+ freecon (files[i].scontext);
|
|
Tim Waugh |
d66c4d |
+ files[i].scontext=NULL;
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+#endif
|
|
Tim Waugh |
d66c4d |
}
|
|
Tim Waugh |
d66c4d |
|
|
Tim Waugh |
d66c4d |
files_index = 0;
|
|
Tim Waugh |
d66c4d |
@@ -2527,6 +2606,9 @@
|
|
Tim Waugh |
d66c4d |
memset (f, '\0', sizeof *f);
|
|
Tim Waugh |
d66c4d |
f->stat.st_ino = inode;
|
|
Tim Waugh |
d66c4d |
f->filetype = type;
|
|
Tim Waugh |
d66c4d |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
d66c4d |
+ f->scontext = NULL;
|
|
Tim Waugh |
d66c4d |
+#endif
|
|
Tim Waugh |
d66c4d |
|
|
Tim Waugh |
d66c4d |
if (command_line_arg
|
|
Tim Waugh |
d66c4d |
|| format_needs_stat
|
|
Tim Waugh |
d66c4d |
@@ -2574,6 +2656,11 @@
|
|
Tim Waugh |
d66c4d |
{
|
|
Tim Waugh |
d66c4d |
case DEREF_ALWAYS:
|
|
Tim Waugh |
d66c4d |
err = stat (absolute_name, &f->stat);
|
|
Tim Waugh |
d66c4d |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
d66c4d |
+ if (err>=0)
|
|
Tim Waugh |
d66c4d |
+ if (format == security_format || print_scontext)
|
|
Tim Waugh |
d66c4d |
+ getfilecon(absolute_name, &f->scontext);
|
|
Tim Waugh |
d66c4d |
+#endif
|
|
Tim Waugh |
d66c4d |
break;
|
|
Tim Waugh |
d66c4d |
|
|
Tim Waugh |
d66c4d |
case DEREF_COMMAND_LINE_ARGUMENTS:
|
|
Tim Waugh |
d66c4d |
@@ -2582,6 +2669,11 @@
|
|
Tim Waugh |
d66c4d |
{
|
|
Tim Waugh |
d66c4d |
bool need_lstat;
|
|
Tim Waugh |
d66c4d |
err = stat (absolute_name, &f->stat);
|
|
Tim Waugh |
d66c4d |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
d66c4d |
+ if (err>=0)
|
|
Tim Waugh |
d66c4d |
+ if (format == security_format || print_scontext)
|
|
Tim Waugh |
d66c4d |
+ getfilecon(absolute_name, &f->scontext);
|
|
Tim Waugh |
d66c4d |
+#endif
|
|
Tim Waugh |
d66c4d |
|
|
Tim Waugh |
d66c4d |
if (dereference == DEREF_COMMAND_LINE_ARGUMENTS)
|
|
Tim Waugh |
d66c4d |
break;
|
|
Tim Waugh |
327524 |
@@ -2600,6 +2692,11 @@
|
|
Tim Waugh |
d66c4d |
|
|
Tim Waugh |
d66c4d |
default: /* DEREF_NEVER */
|
|
Tim Waugh |
d66c4d |
err = lstat (absolute_name, &f->stat);
|
|
Tim Waugh |
d66c4d |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
d66c4d |
+ if (err == 0)
|
|
Tim Waugh |
d66c4d |
+ if (format == security_format || print_scontext)
|
|
Tim Waugh |
d66c4d |
+ lgetfilecon(absolute_name, &f->scontext);
|
|
Tim Waugh |
d66c4d |
+#endif
|
|
Tim Waugh |
d66c4d |
break;
|
|
Tim Waugh |
d66c4d |
}
|
|
Tim Waugh |
d66c4d |
|
|
Tim Waugh |
327524 |
@@ -2622,7 +2719,11 @@
|
|
Tim Waugh |
327524 |
f->stat_ok = true;
|
|
Tim Waugh |
d66c4d |
|
|
Tim Waugh |
d66c4d |
#if USE_ACL
|
|
Tim Waugh |
d66c4d |
- if (format == long_format)
|
|
Tim Waugh |
d66c4d |
+ if (format == long_format
|
|
Tim Waugh |
d66c4d |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
d66c4d |
+ || format == security_format
|
|
Tim Waugh |
d66c4d |
+#endif
|
|
Tim Waugh |
d66c4d |
+ )
|
|
Tim Waugh |
d66c4d |
{
|
|
Tim Waugh |
d66c4d |
int n = file_has_acl (absolute_name, &f->stat);
|
|
Tim Waugh |
d66c4d |
f->have_acl = (0 < n);
|
|
Tim Waugh |
327524 |
@@ -3158,6 +3259,16 @@
|
|
Tim Waugh |
d66c4d |
DIRED_PUTCHAR ('\n');
|
|
Tim Waugh |
d66c4d |
}
|
|
Tim Waugh |
d66c4d |
break;
|
|
Tim Waugh |
5505e2 |
+
|
|
Tim Waugh |
d66c4d |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
d66c4d |
+ case security_format:
|
|
Tim Waugh |
d66c4d |
+ for (i = 0; i < files_index; i++)
|
|
Tim Waugh |
d66c4d |
+ {
|
|
Tim Waugh |
d66c4d |
+ print_scontext_format (files + i);
|
|
Tim Waugh |
d66c4d |
+ DIRED_PUTCHAR ('\n');
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+ break;
|
|
Tim Waugh |
d66c4d |
+#endif
|
|
Tim Waugh |
d66c4d |
}
|
|
Tim Waugh |
d66c4d |
}
|
|
Tim Waugh |
d66c4d |
|
|
Tim Waugh |
327524 |
@@ -3412,6 +3523,15 @@
|
|
Tim Waugh |
d66c4d |
The latter is wrong when nlink_width is zero. */
|
|
Tim Waugh |
d66c4d |
p += strlen (p);
|
|
Tim Waugh |
d66c4d |
|
|
Tim Waugh |
d66c4d |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
5505e2 |
+
|
|
Tim Waugh |
d66c4d |
+ if (print_scontext)
|
|
Tim Waugh |
5505e2 |
+ {
|
|
Tim Waugh |
d66c4d |
+ sprintf (p, "%-32s ", f->scontext ? f->scontext : "");
|
|
Tim Waugh |
d66c4d |
+ p += strlen (p);
|
|
Tim Waugh |
5505e2 |
+ }
|
|
Tim Waugh |
d66c4d |
+#endif
|
|
Tim Waugh |
5505e2 |
+
|
|
Tim Waugh |
d66c4d |
DIRED_INDENT ();
|
|
Tim Waugh |
d66c4d |
|
|
Tim Waugh |
d66c4d |
if (print_owner | print_group | print_author)
|
|
Tim Waugh |
327524 |
@@ -4351,6 +4471,16 @@
|
|
Tim Waugh |
d66c4d |
-X sort alphabetically by entry extension\n\
|
|
Tim Waugh |
d66c4d |
-1 list one file per line\n\
|
|
Tim Waugh |
d66c4d |
"), stdout);
|
|
Tim Waugh |
d66c4d |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
d66c4d |
+printf(_("\nSELINUX options:\n\n\
|
|
Tim Waugh |
d66c4d |
+ --lcontext Display security context. Enable -l. Lines\n\
|
|
Tim Waugh |
d66c4d |
+ will probably be too wide for most displays.\n\
|
|
Tim Waugh |
d66c4d |
+ -Z, --context Display security context so it fits on most\n\
|
|
Tim Waugh |
d66c4d |
+ displays. Displays only mode, user, group,\n\
|
|
Tim Waugh |
d66c4d |
+ security context and file name.\n\
|
|
Tim Waugh |
d66c4d |
+ --scontext Display only security context and file name.\n\
|
|
Tim Waugh |
d66c4d |
+\n\n"));
|
|
Tim Waugh |
d66c4d |
+#endif
|
|
Tim Waugh |
d66c4d |
fputs (HELP_OPTION_DESCRIPTION, stdout);
|
|
Tim Waugh |
d66c4d |
fputs (VERSION_OPTION_DESCRIPTION, stdout);
|
|
Tim Waugh |
d66c4d |
fputs (_("\n\
|
|
Tim Waugh |
327524 |
@@ -4374,3 +4504,70 @@
|
|
Tim Waugh |
d66c4d |
}
|
|
Tim Waugh |
d66c4d |
exit (status);
|
|
Tim Waugh |
d66c4d |
}
|
|
Tim Waugh |
5505e2 |
+
|
|
Tim Waugh |
d66c4d |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
5505e2 |
+
|
|
Tim Waugh |
d66c4d |
+static void
|
|
Tim Waugh |
d66c4d |
+print_scontext_format (const struct fileinfo *f)
|
|
Tim Waugh |
d66c4d |
+{
|
|
Tim Waugh |
d66c4d |
+ char modebuf[12];
|
|
Tim Waugh |
5505e2 |
+
|
|
Tim Waugh |
d66c4d |
+ /* 7 fields that may require LONGEST_HUMAN_READABLE bytes,
|
|
Tim Waugh |
d66c4d |
+ 1 10-byte mode string,
|
|
Tim Waugh |
d66c4d |
+ 9 spaces, one following each of these fields, and
|
|
Tim Waugh |
d66c4d |
+ 1 trailing NUL byte. */
|
|
Daniel J Walsh |
129baa |
+
|
|
Tim Waugh |
d66c4d |
+ char init_bigbuf[7 * LONGEST_HUMAN_READABLE + 10 + 9 + 1];
|
|
Tim Waugh |
d66c4d |
+ char *buf = init_bigbuf;
|
|
Tim Waugh |
d66c4d |
+ size_t bufsize = sizeof (init_bigbuf);
|
|
Tim Waugh |
d66c4d |
+ size_t s;
|
|
Tim Waugh |
d66c4d |
+ char *p;
|
|
Tim Waugh |
d66c4d |
+ const char *fmt;
|
|
Tim Waugh |
d66c4d |
+ char *user_name;
|
|
Tim Waugh |
d66c4d |
+ char *group_name;
|
|
Tim Waugh |
d66c4d |
+ int rv;
|
|
Tim Waugh |
d66c4d |
+ char *scontext;
|
|
Daniel J Walsh |
129baa |
+
|
|
Tim Waugh |
d66c4d |
+ p = buf;
|
|
Daniel J Walsh |
129baa |
+
|
|
Tim Waugh |
d66c4d |
+ if ( print_scontext ) { /* zero means terse listing */
|
|
Tim Waugh |
d66c4d |
+ filemodestring (&f->stat, modebuf);
|
|
Tim Waugh |
d66c4d |
+ modebuf[10] = (FILE_HAS_ACL (f) ? '+' : ' ');
|
|
Tim Waugh |
d66c4d |
+ modebuf[11] = '\0';
|
|
Daniel J Walsh |
129baa |
+
|
|
Tim Waugh |
d66c4d |
+ /* print mode */
|
|
Daniel J Walsh |
129baa |
+
|
|
Tim Waugh |
d66c4d |
+ (void) sprintf (p, "%s ", modebuf);
|
|
Tim Waugh |
d66c4d |
+ p += strlen (p);
|
|
cvsdist |
5adf0d |
+
|
|
Tim Waugh |
d66c4d |
+ /* print standard user and group */
|
|
Tim Waugh |
5505e2 |
+
|
|
Tim Waugh |
d66c4d |
+ DIRED_FPUTS (buf, stdout, p - buf);
|
|
Tim Waugh |
d66c4d |
+ format_user (f->stat.st_uid, owner_width, f->stat_ok);
|
|
Tim Waugh |
d66c4d |
+ format_group (f->stat.st_gid, group_width, f->stat_ok);
|
|
Tim Waugh |
d66c4d |
+ p = buf;
|
|
Tim Waugh |
5505e2 |
+ }
|
|
Tim Waugh |
5505e2 |
+
|
|
Tim Waugh |
d66c4d |
+ (void) sprintf (p, "%-32s ", f->scontext ?: "");
|
|
Tim Waugh |
d66c4d |
+ p += strlen (p);
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+ DIRED_INDENT ();
|
|
Tim Waugh |
d66c4d |
+ DIRED_FPUTS (buf, stdout, p - buf);
|
|
Tim Waugh |
d66c4d |
+ print_name_with_quoting (f->name, f->stat.st_mode, f->linkok,
|
|
Tim Waugh |
d66c4d |
+ f->stat_ok, f->filetype, &dired_obstack);
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+ if (f->filetype == symbolic_link) {
|
|
Tim Waugh |
d66c4d |
+ if (f->linkname) {
|
|
Tim Waugh |
d66c4d |
+ DIRED_FPUTS_LITERAL (" -> ", stdout);
|
|
Tim Waugh |
d66c4d |
+ print_name_with_quoting (f->linkname, f->linkmode, f->linkok - 1,
|
|
Tim Waugh |
d66c4d |
+ f->stat_ok, f->filetype, NULL);
|
|
Tim Waugh |
d66c4d |
+ if (indicator_style != none)
|
|
Tim Waugh |
d66c4d |
+ print_type_indicator (f->stat_ok, f->linkmode, f->filetype);
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
5505e2 |
+ }
|
|
Tim Waugh |
d66c4d |
+ else {
|
|
Tim Waugh |
d66c4d |
+ if (indicator_style != none)
|
|
Tim Waugh |
d66c4d |
+ print_type_indicator (f->stat_ok, f->stat.st_mode, f->filetype);
|
|
Tim Waugh |
5505e2 |
+ }
|
|
cvsdist |
4d15f3 |
+}
|
|
Tim Waugh |
5505e2 |
+#endif
|
|
Tim Waugh |
d66c4d |
--- coreutils-6.7/src/cp.c.selinux 2006-12-06 11:04:22.000000000 +0000
|
|
Tim Waugh |
327524 |
+++ coreutils-6.7/src/cp.c 2007-01-09 18:47:04.000000000 +0000
|
|
Tim Waugh |
d66c4d |
@@ -51,6 +51,11 @@
|
|
Tim Waugh |
5505e2 |
|
|
Tim Waugh |
d66c4d |
#define AUTHORS "Torbjorn Granlund", "David MacKenzie", "Jim Meyering"
|
|
Tim Waugh |
5505e2 |
|
|
Tim Waugh |
5505e2 |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
5505e2 |
+#include <selinux/selinux.h> /* for is_selinux_enabled() */
|
|
Tim Waugh |
d66c4d |
+int selinux_enabled=0;
|
|
Tim Waugh |
5505e2 |
+#endif
|
|
cvsdist |
5adf0d |
+
|
|
Tim Waugh |
d66c4d |
/* Used by do_copy, make_dir_parents_private, and re_protect
|
|
Tim Waugh |
d66c4d |
to keep a list of leading directories whose protections
|
|
Tim Waugh |
d66c4d |
need to be fixed after copying. */
|
|
Tim Waugh |
d66c4d |
@@ -141,6 +146,9 @@
|
|
Tim Waugh |
d66c4d |
{"target-directory", required_argument, NULL, 't'},
|
|
Tim Waugh |
d66c4d |
{"update", no_argument, NULL, 'u'},
|
|
Tim Waugh |
d66c4d |
{"verbose", no_argument, NULL, 'v'},
|
|
Tim Waugh |
5505e2 |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
5505e2 |
+ {"context", required_argument, NULL, 'Z'},
|
|
Tim Waugh |
5505e2 |
+#endif
|
|
Tim Waugh |
d66c4d |
{GETOPT_HELP_OPTION_DECL},
|
|
Tim Waugh |
d66c4d |
{GETOPT_VERSION_OPTION_DECL},
|
|
Tim Waugh |
d66c4d |
{NULL, 0, NULL, 0}
|
|
Tim Waugh |
d66c4d |
@@ -194,6 +202,9 @@
|
|
Tim Waugh |
d66c4d |
additional attributes: links, all\n\
|
|
Tim Waugh |
5505e2 |
"), stdout);
|
|
Tim Waugh |
5505e2 |
fputs (_("\
|
|
Tim Waugh |
d66c4d |
+ -c same as --preserve=context\n\
|
|
Tim Waugh |
d66c4d |
+"), stdout);
|
|
Tim Waugh |
d66c4d |
+ fputs (_("\
|
|
Tim Waugh |
d66c4d |
--no-preserve=ATTR_LIST don't preserve the specified attributes\n\
|
|
Tim Waugh |
d66c4d |
--parents use full source file name under DIRECTORY\n\
|
|
Tim Waugh |
5505e2 |
"), stdout);
|
|
Tim Waugh |
d66c4d |
@@ -219,6 +230,7 @@
|
|
Tim Waugh |
5505e2 |
destination file is missing\n\
|
|
Tim Waugh |
5505e2 |
-v, --verbose explain what is being done\n\
|
|
Tim Waugh |
5505e2 |
-x, --one-file-system stay on this file system\n\
|
|
Tim Waugh |
5505e2 |
+ -Z, --context=CONTEXT set security context of copy to CONTEXT\n\
|
|
Tim Waugh |
5505e2 |
"), stdout);
|
|
Tim Waugh |
5505e2 |
fputs (HELP_OPTION_DESCRIPTION, stdout);
|
|
Tim Waugh |
5505e2 |
fputs (VERSION_OPTION_DESCRIPTION, stdout);
|
|
Tim Waugh |
d66c4d |
@@ -736,6 +748,11 @@
|
|
Tim Waugh |
5505e2 |
x->preserve_mode = false;
|
|
Tim Waugh |
5505e2 |
x->preserve_timestamps = false;
|
|
Tim Waugh |
5505e2 |
|
|
Tim Waugh |
5505e2 |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
5505e2 |
+ x->preserve_security_context = false;
|
|
Tim Waugh |
b9e1cc |
+ x->set_security_context = false;
|
|
Tim Waugh |
5505e2 |
+#endif
|
|
Tim Waugh |
5505e2 |
+
|
|
Tim Waugh |
5505e2 |
x->require_preserve = false;
|
|
Tim Waugh |
5505e2 |
x->recursive = false;
|
|
Tim Waugh |
5505e2 |
x->sparse_mode = SPARSE_AUTO;
|
|
Tim Waugh |
d66c4d |
@@ -763,18 +780,19 @@
|
|
Tim Waugh |
5505e2 |
PRESERVE_TIMESTAMPS,
|
|
Tim Waugh |
5505e2 |
PRESERVE_OWNERSHIP,
|
|
Tim Waugh |
5505e2 |
PRESERVE_LINK,
|
|
Tim Waugh |
5505e2 |
+ PRESERVE_CONTEXT,
|
|
Tim Waugh |
5505e2 |
PRESERVE_ALL
|
|
Tim Waugh |
5505e2 |
};
|
|
Tim Waugh |
5505e2 |
static enum File_attribute const preserve_vals[] =
|
|
Tim Waugh |
5505e2 |
{
|
|
Tim Waugh |
5505e2 |
PRESERVE_MODE, PRESERVE_TIMESTAMPS,
|
|
Tim Waugh |
5505e2 |
- PRESERVE_OWNERSHIP, PRESERVE_LINK, PRESERVE_ALL
|
|
Tim Waugh |
5505e2 |
+ PRESERVE_OWNERSHIP, PRESERVE_LINK, PRESERVE_CONTEXT, PRESERVE_ALL
|
|
Tim Waugh |
5505e2 |
};
|
|
Tim Waugh |
5505e2 |
/* Valid arguments to the `--preserve' option. */
|
|
Tim Waugh |
5505e2 |
static char const* const preserve_args[] =
|
|
Tim Waugh |
5505e2 |
{
|
|
Tim Waugh |
5505e2 |
"mode", "timestamps",
|
|
Tim Waugh |
5505e2 |
- "ownership", "links", "all", NULL
|
|
Tim Waugh |
5505e2 |
+ "ownership", "links", "context", "all", NULL
|
|
Tim Waugh |
5505e2 |
};
|
|
Tim Waugh |
5505e2 |
ARGMATCH_VERIFY (preserve_args, preserve_vals);
|
|
Tim Waugh |
5505e2 |
|
|
Tim Waugh |
d66c4d |
@@ -810,11 +828,16 @@
|
|
Tim Waugh |
5505e2 |
x->preserve_links = on_off;
|
|
Tim Waugh |
5505e2 |
break;
|
|
Tim Waugh |
5505e2 |
|
|
Tim Waugh |
5505e2 |
+ case PRESERVE_CONTEXT:
|
|
Tim Waugh |
5505e2 |
+ x->preserve_security_context = on_off;
|
|
Tim Waugh |
5505e2 |
+ break;
|
|
Tim Waugh |
5505e2 |
+
|
|
Tim Waugh |
5505e2 |
case PRESERVE_ALL:
|
|
Tim Waugh |
5505e2 |
x->preserve_mode = on_off;
|
|
Tim Waugh |
5505e2 |
x->preserve_timestamps = on_off;
|
|
Tim Waugh |
5505e2 |
x->preserve_ownership = on_off;
|
|
Tim Waugh |
5505e2 |
x->preserve_links = on_off;
|
|
Tim Waugh |
5505e2 |
+ x->preserve_security_context = on_off;
|
|
Tim Waugh |
5505e2 |
break;
|
|
Tim Waugh |
5505e2 |
|
|
Tim Waugh |
5505e2 |
default:
|
|
Tim Waugh |
d66c4d |
@@ -839,6 +862,9 @@
|
|
Tim Waugh |
5505e2 |
bool copy_contents = false;
|
|
Tim Waugh |
5505e2 |
char *target_directory = NULL;
|
|
Tim Waugh |
5505e2 |
bool no_target_directory = false;
|
|
Tim Waugh |
5505e2 |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
5505e2 |
+ selinux_enabled= (is_selinux_enabled()>0);
|
|
Tim Waugh |
5505e2 |
+#endif
|
|
Tim Waugh |
5505e2 |
|
|
Tim Waugh |
5505e2 |
initialize_main (&argc, &argv);
|
|
Tim Waugh |
5505e2 |
program_name = argv[0];
|
|
Tim Waugh |
d66c4d |
@@ -854,7 +880,11 @@
|
|
Tim Waugh |
5505e2 |
we'll actually use backup_suffix_string. */
|
|
Tim Waugh |
5505e2 |
backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX");
|
|
Tim Waugh |
5505e2 |
|
|
Tim Waugh |
5505e2 |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
5505e2 |
+ while ((c = getopt_long (argc, argv, "abcdfHilLprst:uvxPRS:TZ:",
|
|
Tim Waugh |
5505e2 |
+#else
|
|
Tim Waugh |
5505e2 |
while ((c = getopt_long (argc, argv, "abdfHilLprst:uvxPRS:T",
|
|
Tim Waugh |
5505e2 |
+#endif
|
|
Tim Waugh |
5505e2 |
long_opts, NULL))
|
|
Tim Waugh |
5505e2 |
!= -1)
|
|
Tim Waugh |
5505e2 |
{
|
|
Tim Waugh |
d66c4d |
@@ -865,12 +895,13 @@
|
|
Tim Waugh |
b9e1cc |
sparse_type_string, sparse_type);
|
|
Tim Waugh |
b9e1cc |
break;
|
|
Tim Waugh |
b9e1cc |
|
|
Tim Waugh |
b9e1cc |
- case 'a': /* Like -dpPR. */
|
|
Tim Waugh |
b9e1cc |
+ case 'a': /* Like -dpPRc. */
|
|
Tim Waugh |
b9e1cc |
x.dereference = DEREF_NEVER;
|
|
Tim Waugh |
b9e1cc |
x.preserve_links = true;
|
|
Tim Waugh |
b9e1cc |
x.preserve_ownership = true;
|
|
Tim Waugh |
b9e1cc |
x.preserve_mode = true;
|
|
Tim Waugh |
b9e1cc |
x.preserve_timestamps = true;
|
|
Tim Waugh |
b9e1cc |
+ x.preserve_security_context = true;
|
|
Tim Waugh |
b9e1cc |
x.require_preserve = true;
|
|
Tim Waugh |
b9e1cc |
x.recursive = true;
|
|
Tim Waugh |
b9e1cc |
break;
|
|
Tim Waugh |
d66c4d |
@@ -945,6 +976,36 @@
|
|
Tim Waugh |
5505e2 |
case 'R':
|
|
Tim Waugh |
5505e2 |
x.recursive = true;
|
|
Tim Waugh |
5505e2 |
break;
|
|
Tim Waugh |
5505e2 |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
5505e2 |
+ case 'c':
|
|
Tim Waugh |
b9e1cc |
+ if ( x.set_security_context ) {
|
|
Tim Waugh |
b9e1cc |
+ (void) fprintf(stderr, "%s: cannot force target context and preserve it\n", argv[0]);
|
|
Tim Waugh |
5505e2 |
+ exit( 1 );
|
|
Tim Waugh |
5505e2 |
+ }
|
|
Tim Waugh |
5505e2 |
+ else if (selinux_enabled)
|
|
Tim Waugh |
b9e1cc |
+ x.preserve_security_context = true;
|
|
Tim Waugh |
5505e2 |
+ break;
|
|
Tim Waugh |
5505e2 |
+
|
|
Tim Waugh |
5505e2 |
+ case 'Z':
|
|
Tim Waugh |
5505e2 |
+ /* politely decline if we're not on a selinux-enabled kernel. */
|
|
Tim Waugh |
5505e2 |
+ if( !selinux_enabled ) {
|
|
Tim Waugh |
5505e2 |
+ fprintf( stderr, "Warning: ignoring --context (-Z). "
|
|
Tim Waugh |
5505e2 |
+ "It requires a SELinux enabled kernel.\n" );
|
|
Tim Waugh |
5505e2 |
+ break;
|
|
Tim Waugh |
5505e2 |
+ }
|
|
Tim Waugh |
5505e2 |
+ if ( x.preserve_security_context ) {
|
|
Tim Waugh |
5505e2 |
+ (void) fprintf(stderr, "%s: cannot force target context to '%s' and preserve it\n", argv[0], optarg);
|
|
Tim Waugh |
5505e2 |
+ exit( 1 );
|
|
Tim Waugh |
5505e2 |
+ }
|
|
Tim Waugh |
b9e1cc |
+ x.set_security_context = true;
|
|
Tim Waugh |
5505e2 |
+ /* if there's a security_context given set new path
|
|
Tim Waugh |
5505e2 |
+ components to that context, too */
|
|
Tim Waugh |
b9e1cc |
+ if ( setfscreatecon(optarg) < 0 ) {
|
|
Tim Waugh |
b9e1cc |
+ (void) fprintf(stderr, _("cannot set default security context %s\n"), optarg);
|
|
Tim Waugh |
5505e2 |
+ exit( 1 );
|
|
Tim Waugh |
5505e2 |
+ }
|
|
Tim Waugh |
5505e2 |
+ break;
|
|
Tim Waugh |
5505e2 |
+#endif
|
|
Tim Waugh |
5505e2 |
|
|
Tim Waugh |
5505e2 |
case REPLY_OPTION: /* Deprecated */
|
|
Tim Waugh |
5505e2 |
x.interactive = XARGMATCH ("--reply", optarg,
|
|
Tim Waugh |
327524 |
--- coreutils-6.7/src/Makefile.am.selinux 2007-01-09 18:47:04.000000000 +0000
|
|
Tim Waugh |
327524 |
+++ coreutils-6.7/src/Makefile.am 2007-01-09 18:47:04.000000000 +0000
|
|
Tim Waugh |
7a87ac |
@@ -20,14 +20,14 @@
|
|
Tim Waugh |
5505e2 |
EXTRA_PROGRAMS = chroot df hostid nice pinky stty su runuser uname uptime users who
|
|
Tim Waugh |
5505e2 |
|
|
Tim Waugh |
5505e2 |
bin_SCRIPTS = groups
|
|
Tim Waugh |
5505e2 |
-bin_PROGRAMS = [ chgrp chown chmod cp dd dircolors du \
|
|
Tim Waugh |
d66c4d |
+bin_PROGRAMS = [ chcon chgrp chown chmod cp dd dircolors du \
|
|
Tim Waugh |
5505e2 |
ginstall link ln dir vdir ls mkdir \
|
|
Tim Waugh |
5505e2 |
mkfifo mknod mv nohup readlink rm rmdir shred stat sync touch unlink \
|
|
Tim Waugh |
5505e2 |
cat cksum comm csplit cut expand fmt fold head join md5sum \
|
|
Tim Waugh |
7a87ac |
nl od paste pr ptx sha1sum sha224sum sha256sum sha384sum sha512sum \
|
|
Tim Waugh |
d66c4d |
shuf sort split sum tac tail tr tsort unexpand uniq wc \
|
|
Tim Waugh |
5505e2 |
basename date dirname echo env expr factor false \
|
|
Tim Waugh |
5505e2 |
- hostname id kill logname pathchk printenv printf pwd seq sleep tee \
|
|
Tim Waugh |
5505e2 |
+ hostname id kill logname pathchk printenv printf pwd runcon seq sleep tee \
|
|
Tim Waugh |
5505e2 |
test true tty whoami yes \
|
|
Tim Waugh |
7a87ac |
base64 \
|
|
Tim Waugh |
5505e2 |
$(OPTIONAL_BIN_PROGS) $(DF_PROG)
|
|
Tim Waugh |
d66c4d |
@@ -61,9 +61,9 @@
|
|
Tim Waugh |
5505e2 |
LDADD = ../lib/libcoreutils.a $(LIBINTL) ../lib/libcoreutils.a
|
|
Tim Waugh |
5505e2 |
|
|
Tim Waugh |
5505e2 |
# for eaccess in lib/euidaccess.c.
|
|
Tim Waugh |
d66c4d |
-cp_LDADD = $(LDADD) $(LIB_EACCESS)
|
|
Tim Waugh |
d66c4d |
-ginstall_LDADD = $(LDADD) $(LIB_EACCESS)
|
|
Tim Waugh |
d66c4d |
-mv_LDADD = $(LDADD) $(LIB_EACCESS)
|
|
Tim Waugh |
d66c4d |
+cp_LDADD = $(LDADD) $(LIB_EACCESS) @LIB_SELINUX@
|
|
Tim Waugh |
d66c4d |
+ginstall_LDADD = $(LDADD) $(LIB_EACCESS) @LIB_SELINUX@
|
|
Tim Waugh |
d66c4d |
+mv_LDADD = $(LDADD) $(LIB_EACCESS) @LIB_SELINUX@
|
|
Tim Waugh |
5505e2 |
pathchk_LDADD = $(LDADD) $(LIB_EACCESS)
|
|
Tim Waugh |
5505e2 |
rm_LDADD = $(LDADD) $(LIB_EACCESS)
|
|
Tim Waugh |
5505e2 |
test_LDADD = $(LDADD) $(LIB_EACCESS)
|
|
Tim Waugh |
d66c4d |
@@ -72,12 +72,19 @@
|
|
Tim Waugh |
5505e2 |
|
|
Tim Waugh |
5505e2 |
# for clock_gettime and fdatasync
|
|
Tim Waugh |
5505e2 |
dd_LDADD = $(LDADD) $(LIB_GETHRXTIME) $(LIB_FDATASYNC)
|
|
Tim Waugh |
d66c4d |
-dir_LDADD = $(LDADD) $(LIB_CLOCK_GETTIME)
|
|
Tim Waugh |
d66c4d |
-ls_LDADD = $(LDADD) $(LIB_CLOCK_GETTIME)
|
|
Tim Waugh |
d66c4d |
+dir_LDADD = $(LDADD) $(LIB_CLOCK_GETTIME) @LIB_SELINUX@
|
|
Tim Waugh |
d66c4d |
+ls_LDADD = $(LDADD) $(LIB_CLOCK_GETTIME) @LIB_SELINUX@
|
|
Tim Waugh |
5505e2 |
pr_LDADD = $(LDADD) $(LIB_CLOCK_GETTIME)
|
|
Tim Waugh |
5505e2 |
shred_LDADD = $(LDADD) $(LIB_GETHRXTIME) $(LIB_FDATASYNC)
|
|
Tim Waugh |
d66c4d |
shuf_LDADD = $(LDADD) $(LIB_GETHRXTIME)
|
|
Tim Waugh |
d66c4d |
-vdir_LDADD = $(LDADD) $(LIB_CLOCK_GETTIME)
|
|
Tim Waugh |
d66c4d |
+vdir_LDADD = $(LDADD) $(LIB_CLOCK_GETTIME) @LIB_SELINUX@
|
|
Tim Waugh |
5505e2 |
+chcon_LDADD = $(LDADD) @LIB_SELINUX@
|
|
Tim Waugh |
5505e2 |
+id_LDADD = $(LDADD) @LIB_SELINUX@
|
|
Tim Waugh |
5505e2 |
+mkdir_LDADD = $(LDADD) @LIB_SELINUX@
|
|
Tim Waugh |
5505e2 |
+mkfifo_LDADD = $(LDADD) @LIB_SELINUX@
|
|
Tim Waugh |
5505e2 |
+mknod_LDADD = $(LDADD) @LIB_SELINUX@
|
|
Tim Waugh |
5505e2 |
+stat_LDADD = $(LDADD) @LIB_SELINUX@
|
|
Tim Waugh |
5505e2 |
+runcon_LDADD = $(LDADD) @LIB_SELINUX@
|
|
Tim Waugh |
5505e2 |
|
|
Tim Waugh |
5505e2 |
## If necessary, add -lm to resolve use of pow in lib/strtod.c.
|
|
Tim Waugh |
d66c4d |
sort_LDADD = $(LDADD) $(POW_LIB) $(LIB_GETHRXTIME)
|
|
Tim Waugh |
d66c4d |
--- coreutils-6.7/src/copy.h.selinux 2006-12-06 11:04:22.000000000 +0000
|
|
Tim Waugh |
327524 |
+++ coreutils-6.7/src/copy.h 2007-01-09 18:47:05.000000000 +0000
|
|
Tim Waugh |
d66c4d |
@@ -127,6 +127,10 @@
|
|
Tim Waugh |
d66c4d |
bool preserve_ownership;
|
|
Tim Waugh |
d66c4d |
bool preserve_mode;
|
|
Tim Waugh |
d66c4d |
bool preserve_timestamps;
|
|
Tim Waugh |
d66c4d |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
d66c4d |
+ bool preserve_security_context;
|
|
Tim Waugh |
d66c4d |
+ bool set_security_context;
|
|
Tim Waugh |
d66c4d |
+#endif
|
|
Tim Waugh |
d66c4d |
|
|
Tim Waugh |
d66c4d |
/* Enabled for mv, and for cp by the --preserve=links option.
|
|
Tim Waugh |
d66c4d |
If true, attempt to preserve in the destination files any
|
|
Tim Waugh |
327524 |
--- /dev/null 2007-01-10 09:33:30.042789464 +0000
|
|
Tim Waugh |
327524 |
+++ coreutils-6.7/src/chcon.c 2007-01-09 18:47:05.000000000 +0000
|
|
Tim Waugh |
d66c4d |
@@ -0,0 +1,421 @@
|
|
Tim Waugh |
d66c4d |
+/* chcontext -- change security context of a pathname */
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+#include <config.h>
|
|
Tim Waugh |
d66c4d |
+#include <stdio.h>
|
|
Tim Waugh |
d66c4d |
+#include <sys/types.h>
|
|
Tim Waugh |
d66c4d |
+#include <grp.h>
|
|
Tim Waugh |
d66c4d |
+#include <getopt.h>
|
|
Tim Waugh |
d66c4d |
+#include <selinux/selinux.h>
|
|
Tim Waugh |
d66c4d |
+#include <selinux/context.h>
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+#include "system.h"
|
|
Tim Waugh |
d66c4d |
+#include "error.h"
|
|
Tim Waugh |
d66c4d |
+#include "savedir.h"
|
|
Tim Waugh |
d66c4d |
+#include "group-member.h"
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+enum Change_status
|
|
Tim Waugh |
d66c4d |
+{
|
|
Tim Waugh |
d66c4d |
+ CH_SUCCEEDED,
|
|
Tim Waugh |
d66c4d |
+ CH_FAILED,
|
|
Tim Waugh |
d66c4d |
+ CH_NO_CHANGE_REQUESTED
|
|
Tim Waugh |
d66c4d |
+};
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+enum Verbosity
|
|
Tim Waugh |
d66c4d |
+{
|
|
Tim Waugh |
d66c4d |
+ /* Print a message for each file that is processed. */
|
|
Tim Waugh |
d66c4d |
+ V_high,
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+ /* Print a message for each file whose attributes we change. */
|
|
Tim Waugh |
d66c4d |
+ V_changes_only,
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+ /* Do not be verbose. This is the default. */
|
|
Tim Waugh |
d66c4d |
+ V_off
|
|
Tim Waugh |
d66c4d |
+};
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+static int change_dir_context (const char *dir, const struct stat *statp);
|
|
cvsdist |
5adf0d |
+
|
|
Tim Waugh |
5505e2 |
+/* The name the program was run with. */
|
|
Tim Waugh |
5505e2 |
+char *program_name;
|
|
cvsdist |
5adf0d |
+
|
|
Tim Waugh |
d66c4d |
+/* If nonzero, and the systems has support for it, change the context
|
|
Tim Waugh |
d66c4d |
+ of symbolic links rather than any files they point to. */
|
|
Tim Waugh |
d66c4d |
+static int change_symlinks;
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+/* If nonzero, change the context of directories recursively. */
|
|
Tim Waugh |
d66c4d |
+static int recurse;
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+/* If nonzero, force silence (no error messages). */
|
|
Tim Waugh |
d66c4d |
+static int force_silent;
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+/* Level of verbosity. */
|
|
Tim Waugh |
d66c4d |
+static enum Verbosity verbosity = V_off;
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+/* The name of the context file is being given. */
|
|
Tim Waugh |
d66c4d |
+static const char *specified_context;
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+/* Specific components of the context */
|
|
Tim Waugh |
d66c4d |
+static const char *specified_user;
|
|
Tim Waugh |
d66c4d |
+static const char *specified_role;
|
|
Tim Waugh |
d66c4d |
+static const char *specified_range;
|
|
Tim Waugh |
d66c4d |
+static const char *specified_type;
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+/* The argument to the --reference option. Use the context of this file.
|
|
Tim Waugh |
d66c4d |
+ This file must exist. */
|
|
Tim Waugh |
d66c4d |
+static char *reference_file;
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
5505e2 |
+/* If nonzero, display usage information and exit. */
|
|
Tim Waugh |
5505e2 |
+static int show_help;
|
|
cvsdist |
5adf0d |
+
|
|
Tim Waugh |
5505e2 |
+/* If nonzero, print the version on standard output and exit. */
|
|
Tim Waugh |
5505e2 |
+static int show_version;
|
|
cvsdist |
4d15f3 |
+
|
|
Tim Waugh |
d66c4d |
+static struct option const long_options[] =
|
|
cvsdist |
4d15f3 |
+{
|
|
Tim Waugh |
d66c4d |
+ {"recursive", no_argument, 0, 'R'},
|
|
Tim Waugh |
d66c4d |
+ {"changes", no_argument, 0, 'c'},
|
|
Tim Waugh |
d66c4d |
+ {"no-dereference", no_argument, 0, 'h'},
|
|
Tim Waugh |
d66c4d |
+ {"silent", no_argument, 0, 'f'},
|
|
Tim Waugh |
d66c4d |
+ {"quiet", no_argument, 0, 'f'},
|
|
Tim Waugh |
d66c4d |
+ {"reference", required_argument, 0, CHAR_MAX + 1},
|
|
Tim Waugh |
d66c4d |
+ {"context", required_argument, 0, CHAR_MAX + 2},
|
|
Tim Waugh |
d66c4d |
+ {"user", required_argument, 0, 'u'},
|
|
Tim Waugh |
d66c4d |
+ {"role", required_argument, 0, 'r'},
|
|
Tim Waugh |
d66c4d |
+ {"type", required_argument, 0, 't'},
|
|
Tim Waugh |
d66c4d |
+ {"range", required_argument, 0, 'l'},
|
|
Tim Waugh |
d66c4d |
+ {"verbose", no_argument, 0, 'v'},
|
|
Tim Waugh |
d66c4d |
+ {"help", no_argument, &show_help, 1},
|
|
Tim Waugh |
d66c4d |
+ {"version", no_argument, &show_version, 1},
|
|
Tim Waugh |
d66c4d |
+ {0, 0, 0, 0}
|
|
Tim Waugh |
d66c4d |
+};
|
|
Tim Waugh |
5505e2 |
+
|
|
Tim Waugh |
d66c4d |
+/* Tell the user how/if the context of FILE has been changed.
|
|
Tim Waugh |
d66c4d |
+ CHANGED describes what (if anything) has happened. */
|
|
cvsdist |
5adf0d |
+
|
|
Tim Waugh |
d66c4d |
+static void
|
|
Tim Waugh |
d66c4d |
+describe_change (const char *file, security_context_t newcontext, enum Change_status changed)
|
|
Tim Waugh |
d66c4d |
+{
|
|
Tim Waugh |
d66c4d |
+ const char *fmt;
|
|
Tim Waugh |
d66c4d |
+ switch (changed)
|
|
Tim Waugh |
d66c4d |
+ {
|
|
Tim Waugh |
d66c4d |
+ case CH_SUCCEEDED:
|
|
Tim Waugh |
d66c4d |
+ fmt = _("context of %s changed to %s\n");
|
|
Tim Waugh |
5505e2 |
+ break;
|
|
Tim Waugh |
d66c4d |
+ case CH_FAILED:
|
|
Tim Waugh |
d66c4d |
+ fmt = _("failed to change context of %s to %s\n");
|
|
Tim Waugh |
5505e2 |
+ break;
|
|
Tim Waugh |
d66c4d |
+ case CH_NO_CHANGE_REQUESTED:
|
|
Tim Waugh |
d66c4d |
+ fmt = _("context of %s retained as %s\n");
|
|
Tim Waugh |
5505e2 |
+ break;
|
|
Tim Waugh |
5505e2 |
+ default:
|
|
Tim Waugh |
d66c4d |
+ abort ();
|
|
Tim Waugh |
5505e2 |
+ }
|
|
Tim Waugh |
d66c4d |
+ printf (fmt, file, newcontext);
|
|
Tim Waugh |
d66c4d |
+}
|
|
cvsdist |
5adf0d |
+
|
|
Tim Waugh |
d66c4d |
+static int
|
|
Tim Waugh |
d66c4d |
+compute_context_from_mask (security_context_t context, context_t *ret)
|
|
Tim Waugh |
d66c4d |
+{
|
|
Tim Waugh |
d66c4d |
+ context_t newcontext = context_new (context);
|
|
Tim Waugh |
d66c4d |
+ if (!newcontext)
|
|
Tim Waugh |
d66c4d |
+ return 1;
|
|
Tim Waugh |
d66c4d |
+#define SETCOMPONENT(comp) \
|
|
Tim Waugh |
d66c4d |
+ do { \
|
|
Tim Waugh |
d66c4d |
+ if (specified_ ## comp) \
|
|
Tim Waugh |
d66c4d |
+ if (context_ ## comp ## _set (newcontext, specified_ ## comp)) \
|
|
Tim Waugh |
d66c4d |
+ goto lose; \
|
|
Tim Waugh |
d66c4d |
+ } while (0)
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+ SETCOMPONENT(user);
|
|
Tim Waugh |
d66c4d |
+ SETCOMPONENT(range);
|
|
Tim Waugh |
d66c4d |
+ SETCOMPONENT(role);
|
|
Tim Waugh |
d66c4d |
+ SETCOMPONENT(type);
|
|
Tim Waugh |
d66c4d |
+#undef SETCOMPONENT
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+ *ret = newcontext;
|
|
Tim Waugh |
d66c4d |
+ return 0;
|
|
Tim Waugh |
d66c4d |
+ lose:
|
|
Tim Waugh |
d66c4d |
+ context_free (newcontext);
|
|
Tim Waugh |
d66c4d |
+ return 1;
|
|
Tim Waugh |
d66c4d |
+}
|
|
cvsdist |
4d15f3 |
+
|
|
Tim Waugh |
d66c4d |
+/* Change the context of FILE, using specified components.
|
|
Tim Waugh |
d66c4d |
+ If it is a directory and -R is given, recurse.
|
|
Tim Waugh |
d66c4d |
+ Return 0 if successful, 1 if errors occurred. */
|
|
cvsdist |
4d15f3 |
+
|
|
Tim Waugh |
d66c4d |
+static int
|
|
Tim Waugh |
d66c4d |
+change_file_context (const char *file)
|
|
Tim Waugh |
d66c4d |
+{
|
|
Tim Waugh |
d66c4d |
+ struct stat file_stats;
|
|
Tim Waugh |
d66c4d |
+ security_context_t file_context=NULL;
|
|
Tim Waugh |
d66c4d |
+ context_t context;
|
|
Tim Waugh |
d66c4d |
+ security_context_t context_string;
|
|
Tim Waugh |
d66c4d |
+ int errors = 0;
|
|
Tim Waugh |
d66c4d |
+ int status = 0;
|
|
Tim Waugh |
5505e2 |
+
|
|
Tim Waugh |
d66c4d |
+ if (change_symlinks)
|
|
Tim Waugh |
d66c4d |
+ status = lgetfilecon(file, &file_context);
|
|
Tim Waugh |
d66c4d |
+ else
|
|
Tim Waugh |
d66c4d |
+ status = getfilecon(file, &file_context);
|
|
Tim Waugh |
5505e2 |
+
|
|
Tim Waugh |
d66c4d |
+ if ((status < 0) && (errno != ENODATA))
|
|
Tim Waugh |
d66c4d |
+ {
|
|
Tim Waugh |
d66c4d |
+ if (force_silent == 0)
|
|
Tim Waugh |
d66c4d |
+ error (0, errno, "%s", file);
|
|
Tim Waugh |
d66c4d |
+ return 1;
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Tim Waugh |
5505e2 |
+
|
|
Tim Waugh |
d66c4d |
+ /* If the file doesn't have a context, and we're not setting all of
|
|
Tim Waugh |
d66c4d |
+ the context components, there isn't really an obvious default.
|
|
Tim Waugh |
d66c4d |
+ Thus, we just give up. */
|
|
Tim Waugh |
d66c4d |
+ if (file_context == NULL && specified_context == NULL)
|
|
Tim Waugh |
d66c4d |
+ {
|
|
Tim Waugh |
d66c4d |
+ error (0, 0, _("can't apply partial context to unlabeled file %s"), file);
|
|
Tim Waugh |
d66c4d |
+ return 1;
|
|
Tim Waugh |
5505e2 |
+ }
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+ if (specified_context == NULL)
|
|
Tim Waugh |
d66c4d |
+ {
|
|
Tim Waugh |
d66c4d |
+ if (compute_context_from_mask (file_context, &context))
|
|
Tim Waugh |
d66c4d |
+ {
|
|
Tim Waugh |
d66c4d |
+ error (0, 0, _("couldn't compute security context from %s"), file_context);
|
|
Tim Waugh |
d66c4d |
+ return 1;
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
5505e2 |
+ }
|
|
Tim Waugh |
d66c4d |
+ else
|
|
Tim Waugh |
d66c4d |
+ {
|
|
Tim Waugh |
d66c4d |
+ context = context_new (specified_context);
|
|
Tim Waugh |
d66c4d |
+ if (!context)
|
|
Tim Waugh |
d66c4d |
+ error (1, 0,_("invalid context: %s"),specified_context);
|
|
Tim Waugh |
5505e2 |
+ }
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+ context_string = context_str (context);
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+ if (file_context == NULL || strcmp(context_string,file_context)!=0)
|
|
Tim Waugh |
d66c4d |
+ {
|
|
Tim Waugh |
d66c4d |
+ int fail;
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+ if (change_symlinks)
|
|
Tim Waugh |
d66c4d |
+ fail = lsetfilecon (file, context_string);
|
|
Tim Waugh |
d66c4d |
+ else
|
|
Tim Waugh |
d66c4d |
+ fail = setfilecon (file, context_string);
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+ if (verbosity == V_high || (verbosity == V_changes_only && !fail))
|
|
Tim Waugh |
d66c4d |
+ describe_change (file, context_string, (fail ? CH_FAILED : CH_SUCCEEDED));
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+ if (fail)
|
|
Tim Waugh |
d66c4d |
+ {
|
|
Tim Waugh |
d66c4d |
+ errors = 1;
|
|
Tim Waugh |
d66c4d |
+ if (force_silent == 0)
|
|
Tim Waugh |
d66c4d |
+ {
|
|
Tim Waugh |
d66c4d |
+ error (0, errno, _("failed to change context of %s to %s"), file, context_string);
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
5505e2 |
+ }
|
|
Tim Waugh |
d66c4d |
+ else if (verbosity == V_high)
|
|
Tim Waugh |
d66c4d |
+ {
|
|
Tim Waugh |
d66c4d |
+ describe_change (file, context_string, CH_NO_CHANGE_REQUESTED);
|
|
cvsdist |
5adf0d |
+ }
|
|
cvsdist |
5adf0d |
+
|
|
Tim Waugh |
d66c4d |
+ context_free(context);
|
|
Tim Waugh |
d66c4d |
+ freecon(file_context);
|
|
Tim Waugh |
5505e2 |
+
|
|
Tim Waugh |
d66c4d |
+ if (recurse) {
|
|
Tim Waugh |
d66c4d |
+ if (lstat(file, &file_stats)==0)
|
|
Tim Waugh |
d66c4d |
+ if (S_ISDIR (file_stats.st_mode))
|
|
Tim Waugh |
d66c4d |
+ errors |= change_dir_context (file, &file_stats);
|
|
Tim Waugh |
5505e2 |
+ }
|
|
Tim Waugh |
d66c4d |
+ return errors;
|
|
Tim Waugh |
5505e2 |
+}
|
|
Tim Waugh |
5505e2 |
+
|
|
Tim Waugh |
d66c4d |
+/* Recursively change context of the files in directory DIR
|
|
Tim Waugh |
d66c4d |
+ using specified context components.
|
|
Tim Waugh |
d66c4d |
+ STATP points to the results of lstat on DIR.
|
|
Tim Waugh |
d66c4d |
+ Return 0 if successful, 1 if errors occurred. */
|
|
Tim Waugh |
5505e2 |
+
|
|
Tim Waugh |
d66c4d |
+static int
|
|
Tim Waugh |
d66c4d |
+change_dir_context (const char *dir, const struct stat *statp)
|
|
Tim Waugh |
d66c4d |
+{
|
|
Tim Waugh |
d66c4d |
+ char *name_space, *namep;
|
|
Tim Waugh |
d66c4d |
+ char *path; /* Full path of each entry to process. */
|
|
Tim Waugh |
d66c4d |
+ unsigned dirlength; /* Length of `dir' and '\0'. */
|
|
Tim Waugh |
d66c4d |
+ unsigned filelength; /* Length of each pathname to process. */
|
|
Tim Waugh |
d66c4d |
+ unsigned pathlength; /* Bytes allocated for `path'. */
|
|
Tim Waugh |
d66c4d |
+ int errors = 0;
|
|
Tim Waugh |
5505e2 |
+
|
|
Tim Waugh |
d66c4d |
+ errno = 0;
|
|
Tim Waugh |
d66c4d |
+ name_space = savedir (dir);
|
|
Tim Waugh |
d66c4d |
+ if (name_space == NULL)
|
|
Tim Waugh |
d66c4d |
+ {
|
|
Tim Waugh |
d66c4d |
+ if (errno)
|
|
Tim Waugh |
d66c4d |
+ {
|
|
Tim Waugh |
d66c4d |
+ if (force_silent == 0)
|
|
Tim Waugh |
d66c4d |
+ error (0, errno, "%s", dir);
|
|
Tim Waugh |
d66c4d |
+ return 1;
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+ else
|
|
Tim Waugh |
d66c4d |
+ error (1, 0, _("virtual memory exhausted"));
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
5505e2 |
+
|
|
Tim Waugh |
d66c4d |
+ dirlength = strlen (dir) + 1; /* + 1 is for the trailing '/'. */
|
|
Tim Waugh |
d66c4d |
+ pathlength = dirlength + 1;
|
|
Tim Waugh |
d66c4d |
+ /* Give `path' a dummy value; it will be reallocated before first use. */
|
|
Tim Waugh |
d66c4d |
+ path = xmalloc (pathlength);
|
|
Tim Waugh |
d66c4d |
+ strcpy (path, dir);
|
|
Tim Waugh |
d66c4d |
+ path[dirlength - 1] = '/';
|
|
Tim Waugh |
5505e2 |
+
|
|
Tim Waugh |
d66c4d |
+ for (namep = name_space; *namep; namep += filelength - dirlength)
|
|
Tim Waugh |
d66c4d |
+ {
|
|
Tim Waugh |
d66c4d |
+ filelength = dirlength + strlen (namep) + 1;
|
|
Tim Waugh |
d66c4d |
+ if (filelength > pathlength)
|
|
Tim Waugh |
d66c4d |
+ {
|
|
Tim Waugh |
d66c4d |
+ pathlength = filelength * 2;
|
|
Tim Waugh |
d66c4d |
+ path = xrealloc (path, pathlength);
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+ strcpy (path + dirlength, namep);
|
|
Tim Waugh |
d66c4d |
+ errors |= change_file_context (path);
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+ free (path);
|
|
Tim Waugh |
d66c4d |
+ free (name_space);
|
|
Tim Waugh |
d66c4d |
+ return errors;
|
|
Tim Waugh |
d66c4d |
+}
|
|
Tim Waugh |
5505e2 |
+
|
|
Tim Waugh |
d66c4d |
+static void
|
|
Tim Waugh |
d66c4d |
+usage (int status)
|
|
Tim Waugh |
d66c4d |
+{
|
|
Tim Waugh |
d66c4d |
+ if (status != 0)
|
|
Tim Waugh |
d66c4d |
+ fprintf (stderr, _("Try `%s --help' for more information.\n"),
|
|
Tim Waugh |
d66c4d |
+ program_name);
|
|
Tim Waugh |
d66c4d |
+ else
|
|
Tim Waugh |
d66c4d |
+ {
|
|
Tim Waugh |
d66c4d |
+ printf (_("\
|
|
Tim Waugh |
d66c4d |
+Usage: %s [OPTION]... CONTEXT FILE...\n\
|
|
Tim Waugh |
d66c4d |
+ or: %s [OPTION]... [-u USER] [-r ROLE] [-l RANGE] [-t TYPE] FILE...\n\
|
|
Tim Waugh |
d66c4d |
+ or: %s [OPTION]... --reference=RFILE FILE...\n\
|
|
Tim Waugh |
d66c4d |
+"),
|
|
Tim Waugh |
d66c4d |
+ program_name, program_name, program_name);
|
|
Tim Waugh |
d66c4d |
+ printf (_("\
|
|
Tim Waugh |
d66c4d |
+Change the security context of each FILE to CONTEXT.\n\
|
|
Tim Waugh |
d66c4d |
+\n\
|
|
Tim Waugh |
d66c4d |
+ -c, --changes like verbose but report only when a change is made\n\
|
|
Tim Waugh |
d66c4d |
+ -h, --no-dereference affect symbolic links instead of any referenced file\n\
|
|
Tim Waugh |
d66c4d |
+ (available only on systems with lchown system call)\n\
|
|
Tim Waugh |
d66c4d |
+ -f, --silent, --quiet suppress most error messages\n\
|
|
Tim Waugh |
d66c4d |
+ --reference=RFILE use RFILE's group instead of using a CONTEXT value\n\
|
|
Tim Waugh |
d66c4d |
+ -u, --user=USER set user USER in the target security context\n\
|
|
Tim Waugh |
d66c4d |
+ -r, --role=ROLE set role ROLE in the target security context\n\
|
|
Tim Waugh |
d66c4d |
+ -t, --type=TYPE set type TYPE in the target security context\n\
|
|
Tim Waugh |
d66c4d |
+ -l, --range=RANGE set range RANGE in the target security context\n\
|
|
Tim Waugh |
d66c4d |
+ -R, --recursive change files and directories recursively\n\
|
|
Tim Waugh |
d66c4d |
+ -v, --verbose output a diagnostic for every file processed\n\
|
|
Tim Waugh |
d66c4d |
+ --help display this help and exit\n\
|
|
Tim Waugh |
d66c4d |
+ --version output version information and exit\n\
|
|
Tim Waugh |
d66c4d |
+"));
|
|
Tim Waugh |
d66c4d |
+ close_stdout ();
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+ exit (status);
|
|
Tim Waugh |
d66c4d |
+}
|
|
Tim Waugh |
5505e2 |
+
|
|
Tim Waugh |
d66c4d |
+int
|
|
Tim Waugh |
d66c4d |
+main (int argc, char **argv)
|
|
Tim Waugh |
d66c4d |
+{
|
|
Tim Waugh |
d66c4d |
+ security_context_t ref_context = NULL;
|
|
Tim Waugh |
d66c4d |
+ int errors = 0;
|
|
Tim Waugh |
d66c4d |
+ int optc;
|
|
Tim Waugh |
d66c4d |
+ int component_specified = 0;
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+ program_name = argv[0];
|
|
Tim Waugh |
d66c4d |
+ setlocale (LC_ALL, "");
|
|
Tim Waugh |
d66c4d |
+ bindtextdomain (PACKAGE, LOCALEDIR);
|
|
Tim Waugh |
d66c4d |
+ textdomain (PACKAGE);
|
|
Tim Waugh |
5505e2 |
+
|
|
Tim Waugh |
d66c4d |
+ recurse = force_silent = 0;
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+ while ((optc = getopt_long (argc, argv, "Rcfhvu:r:t:l:", long_options, NULL)) != -1)
|
|
Tim Waugh |
d66c4d |
+ {
|
|
Tim Waugh |
d66c4d |
+ switch (optc)
|
|
Tim Waugh |
d66c4d |
+ {
|
|
Tim Waugh |
d66c4d |
+ case 0:
|
|
Tim Waugh |
d66c4d |
+ break;
|
|
Tim Waugh |
d66c4d |
+ case 'u':
|
|
Tim Waugh |
d66c4d |
+ specified_user = optarg;
|
|
Tim Waugh |
d66c4d |
+ component_specified = 1;
|
|
Tim Waugh |
d66c4d |
+ break;
|
|
Tim Waugh |
d66c4d |
+ case 'r':
|
|
Tim Waugh |
d66c4d |
+ specified_role = optarg;
|
|
Tim Waugh |
d66c4d |
+ component_specified = 1;
|
|
Tim Waugh |
d66c4d |
+ break;
|
|
Tim Waugh |
d66c4d |
+ case 't':
|
|
Tim Waugh |
d66c4d |
+ specified_type = optarg;
|
|
Tim Waugh |
d66c4d |
+ component_specified = 1;
|
|
Tim Waugh |
d66c4d |
+ break;
|
|
Tim Waugh |
d66c4d |
+ case 'l':
|
|
Tim Waugh |
d66c4d |
+ specified_range = optarg;
|
|
Tim Waugh |
d66c4d |
+ component_specified = 1;
|
|
Tim Waugh |
d66c4d |
+ break;
|
|
Tim Waugh |
d66c4d |
+ case CHAR_MAX + 1:
|
|
Tim Waugh |
d66c4d |
+ reference_file = optarg;
|
|
Tim Waugh |
d66c4d |
+ break;
|
|
Tim Waugh |
d66c4d |
+ case 'R':
|
|
Tim Waugh |
d66c4d |
+ recurse = 1;
|
|
Tim Waugh |
d66c4d |
+ break;
|
|
Tim Waugh |
d66c4d |
+ case 'c':
|
|
Tim Waugh |
d66c4d |
+ verbosity = V_changes_only;
|
|
Tim Waugh |
d66c4d |
+ break;
|
|
Tim Waugh |
d66c4d |
+ case 'f':
|
|
Tim Waugh |
d66c4d |
+ force_silent = 1;
|
|
Tim Waugh |
d66c4d |
+ break;
|
|
Tim Waugh |
d66c4d |
+ case 'h':
|
|
Tim Waugh |
d66c4d |
+ change_symlinks = 1;
|
|
Tim Waugh |
d66c4d |
+ break;
|
|
Tim Waugh |
d66c4d |
+ case 'v':
|
|
Tim Waugh |
d66c4d |
+ verbosity = V_high;
|
|
Tim Waugh |
d66c4d |
+ break;
|
|
Tim Waugh |
d66c4d |
+ default:
|
|
Tim Waugh |
d66c4d |
+ usage (1);
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+ if (show_version)
|
|
Tim Waugh |
d66c4d |
+ {
|
|
Tim Waugh |
d66c4d |
+ printf ("chcon (%s) %s\n", GNU_PACKAGE, VERSION);
|
|
Tim Waugh |
d66c4d |
+ close_stdout ();
|
|
Tim Waugh |
d66c4d |
+ exit (0);
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+ if (show_help)
|
|
Tim Waugh |
d66c4d |
+ usage (0);
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+ if (reference_file && component_specified)
|
|
Tim Waugh |
d66c4d |
+ {
|
|
Tim Waugh |
d66c4d |
+ error (0, 0, _("conflicting security context specifiers given"));
|
|
Tim Waugh |
d66c4d |
+ usage (1);
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+ if (!(((reference_file || component_specified)
|
|
Tim Waugh |
d66c4d |
+ && (argc - optind > 0))
|
|
Tim Waugh |
d66c4d |
+ || (argc - optind > 1)))
|
|
Tim Waugh |
d66c4d |
+ {
|
|
Tim Waugh |
d66c4d |
+ error (0, 0, _("too few arguments"));
|
|
Tim Waugh |
d66c4d |
+ usage (1);
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+ if (reference_file)
|
|
Tim Waugh |
d66c4d |
+ {
|
|
Tim Waugh |
d66c4d |
+ if (getfilecon (reference_file, &ref_context)<0)
|
|
Tim Waugh |
d66c4d |
+ error (1, errno, "%s", reference_file);
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+ specified_context = ref_context;
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+ else if (!component_specified) {
|
|
Tim Waugh |
d66c4d |
+ specified_context = argv[optind++];
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+ for (; optind < argc; ++optind)
|
|
Tim Waugh |
d66c4d |
+ errors |= change_file_context (argv[optind]);
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+ if (verbosity != V_off)
|
|
Tim Waugh |
d66c4d |
+ close_stdout ();
|
|
Tim Waugh |
d66c4d |
+ if (ref_context != NULL)
|
|
Tim Waugh |
d66c4d |
+ freecon(ref_context);
|
|
Tim Waugh |
d66c4d |
+ exit (errors);
|
|
Tim Waugh |
d66c4d |
+}
|
|
Tim Waugh |
d66c4d |
--- coreutils-6.7/src/mkdir.c.selinux 2006-10-22 17:54:15.000000000 +0100
|
|
Tim Waugh |
327524 |
+++ coreutils-6.7/src/mkdir.c 2007-01-09 18:47:05.000000000 +0000
|
|
Tim Waugh |
d66c4d |
@@ -35,11 +35,18 @@
|
|
Tim Waugh |
5505e2 |
|
|
Tim Waugh |
d66c4d |
#define AUTHORS "David MacKenzie"
|
|
Tim Waugh |
5505e2 |
|
|
Tim Waugh |
5505e2 |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
d66c4d |
+#include <selinux/selinux.h> /* for is_selinux_enabled() */
|
|
Tim Waugh |
5505e2 |
+#endif
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
/* The name this program was run with. */
|
|
Tim Waugh |
d66c4d |
char *program_name;
|
|
Tim Waugh |
d66c4d |
|
|
Tim Waugh |
d66c4d |
static struct option const longopts[] =
|
|
Tim Waugh |
5505e2 |
{
|
|
Tim Waugh |
5505e2 |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
d66c4d |
+ {"context", required_argument, NULL, 'Z'},
|
|
Tim Waugh |
5505e2 |
+#endif
|
|
Tim Waugh |
d66c4d |
{"mode", required_argument, NULL, 'm'},
|
|
Tim Waugh |
d66c4d |
{"parents", no_argument, NULL, 'p'},
|
|
Tim Waugh |
d66c4d |
{"verbose", no_argument, NULL, 'v'},
|
|
Tim Waugh |
d66c4d |
@@ -61,6 +68,11 @@
|
|
Tim Waugh |
d66c4d |
Create the DIRECTORY(ies), if they do not already exist.\n\
|
|
Tim Waugh |
d66c4d |
\n\
|
|
Tim Waugh |
d66c4d |
"), stdout);
|
|
Tim Waugh |
5505e2 |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
d66c4d |
+ printf (_("\
|
|
Tim Waugh |
d66c4d |
+ -Z, --context=CONTEXT (SELinux) set security context to CONTEXT\n\
|
|
Tim Waugh |
d66c4d |
+"));
|
|
Tim Waugh |
5505e2 |
+#endif
|
|
Tim Waugh |
d66c4d |
fputs (_("\
|
|
Tim Waugh |
d66c4d |
Mandatory arguments to long options are mandatory for short options too.\n\
|
|
Tim Waugh |
d66c4d |
"), stdout);
|
|
Tim Waugh |
d66c4d |
@@ -154,7 +166,11 @@
|
|
Tim Waugh |
5505e2 |
|
|
Tim Waugh |
d66c4d |
atexit (close_stdout);
|
|
Tim Waugh |
5505e2 |
|
|
Tim Waugh |
5505e2 |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
d66c4d |
+ while ((optc = getopt_long (argc, argv, "pm:vZ:", longopts, NULL)) != -1)
|
|
Tim Waugh |
d66c4d |
+#else
|
|
Tim Waugh |
d66c4d |
while ((optc = getopt_long (argc, argv, "pm:v", longopts, NULL)) != -1)
|
|
Tim Waugh |
5505e2 |
+#endif
|
|
Tim Waugh |
5505e2 |
{
|
|
Tim Waugh |
d66c4d |
switch (optc)
|
|
Tim Waugh |
d66c4d |
{
|
|
Tim Waugh |
d66c4d |
@@ -167,6 +183,20 @@
|
|
Tim Waugh |
d66c4d |
case 'v': /* --verbose */
|
|
Tim Waugh |
d66c4d |
options.created_directory_format = _("created directory %s");
|
|
Tim Waugh |
5505e2 |
break;
|
|
Tim Waugh |
5505e2 |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
d66c4d |
+ case 'Z':
|
|
Tim Waugh |
d66c4d |
+ /* politely decline if we're not on a selinux-enabled kernel. */
|
|
Tim Waugh |
d66c4d |
+ if( !(is_selinux_enabled()>0)) {
|
|
Tim Waugh |
d66c4d |
+ fprintf( stderr, "Sorry, --context (-Z) can be used only on "
|
|
Tim Waugh |
d66c4d |
+ "a selinux-enabled kernel.\n" );
|
|
Tim Waugh |
d66c4d |
+ exit( 1 );
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+ if (setfscreatecon(optarg)) {
|
|
Tim Waugh |
d66c4d |
+ fprintf( stderr, "Sorry, cannot set default context to %s.\n", optarg);
|
|
Tim Waugh |
d66c4d |
+ exit( 1 );
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+ break;
|
|
Tim Waugh |
5505e2 |
+#endif
|
|
Tim Waugh |
d66c4d |
case_GETOPT_HELP_CHAR;
|
|
Tim Waugh |
5505e2 |
case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
|
|
Tim Waugh |
d66c4d |
default:
|
|
Tim Waugh |
d66c4d |
--- coreutils-6.7/src/stat.c.selinux 2006-11-27 10:25:51.000000000 +0000
|
|
Tim Waugh |
327524 |
+++ coreutils-6.7/src/stat.c 2007-01-09 18:47:05.000000000 +0000
|
|
Tim Waugh |
d66c4d |
@@ -55,6 +55,13 @@
|
|
Tim Waugh |
d66c4d |
# include <fs_info.h>
|
|
Tim Waugh |
d66c4d |
#endif
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
d66c4d |
+#include <selinux/selinux.h>
|
|
Tim Waugh |
d66c4d |
+#define SECURITY_ID_T security_context_t
|
|
Tim Waugh |
d66c4d |
+#else
|
|
Tim Waugh |
d66c4d |
+#define SECURITY_ID_T char *
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
+
|
|
Tim Waugh |
d66c4d |
#include "system.h"
|
|
Daniel J Walsh |
129baa |
|
|
Tim Waugh |
5505e2 |
#include "error.h"
|
|
Tim Waugh |
d66c4d |
@@ -158,6 +165,7 @@
|
|
Tim Waugh |
5505e2 |
};
|
|
Tim Waugh |
c3e4c8 |
|
|
Tim Waugh |
5505e2 |
static struct option const long_options[] = {
|
|
Tim Waugh |
5505e2 |
+ {"context", no_argument, 0, 'Z'},
|
|
Tim Waugh |
5505e2 |
{"dereference", no_argument, NULL, 'L'},
|
|
Tim Waugh |
5505e2 |
{"file-system", no_argument, NULL, 'f'},
|
|
Tim Waugh |
5505e2 |
{"filesystem", no_argument, NULL, 'f'}, /* obsolete and undocumented alias */
|
|
Tim Waugh |
d66c4d |
@@ -397,7 +405,7 @@
|
|
Tim Waugh |
5505e2 |
/* print statfs info */
|
|
Tim Waugh |
5505e2 |
static void
|
|
Tim Waugh |
d66c4d |
print_statfs (char *pformat, size_t prefix_len, char m, char const *filename,
|
|
Tim Waugh |
5505e2 |
- void const *data)
|
|
Tim Waugh |
5505e2 |
+ void const *data, SECURITY_ID_T scontext)
|
|
Tim Waugh |
5505e2 |
{
|
|
Tim Waugh |
5505e2 |
STRUCT_STATVFS const *statfsbuf = data;
|
|
Tim Waugh |
c3e4c8 |
|
|
Tim Waugh |
d66c4d |
@@ -472,7 +480,10 @@
|
|
Tim Waugh |
d66c4d |
case 'd':
|
|
Tim Waugh |
d66c4d |
out_int (pformat, prefix_len, statfsbuf->f_ffree);
|
|
Tim Waugh |
5505e2 |
break;
|
|
Tim Waugh |
5505e2 |
-
|
|
Tim Waugh |
5505e2 |
+ case 'C':
|
|
Tim Waugh |
5505e2 |
+ strcat (pformat, "s");
|
|
Tim Waugh |
5505e2 |
+ printf(scontext);
|
|
Tim Waugh |
5505e2 |
+ break;
|
|
Tim Waugh |
5505e2 |
default:
|
|
Tim Waugh |
d66c4d |
fputc ('?', stdout);
|
|
Tim Waugh |
d66c4d |
break;
|
|
Tim Waugh |
d66c4d |
@@ -482,7 +493,7 @@
|
|
Tim Waugh |
5505e2 |
/* print stat info */
|
|
Tim Waugh |
5505e2 |
static void
|
|
Tim Waugh |
d66c4d |
print_stat (char *pformat, size_t prefix_len, char m,
|
|
Tim Waugh |
5505e2 |
- char const *filename, void const *data)
|
|
Tim Waugh |
5505e2 |
+ char const *filename, void const *data, SECURITY_ID_T scontext)
|
|
Tim Waugh |
5505e2 |
{
|
|
Tim Waugh |
5505e2 |
struct stat *statbuf = (struct stat *) data;
|
|
Tim Waugh |
5505e2 |
struct passwd *pw_ent;
|
|
Tim Waugh |
d66c4d |
@@ -595,6 +606,10 @@
|
|
Tim Waugh |
d66c4d |
else
|
|
Tim Waugh |
d66c4d |
out_uint (pformat, prefix_len, statbuf->st_ctime);
|
|
Tim Waugh |
5505e2 |
break;
|
|
Tim Waugh |
5505e2 |
+ case 'C':
|
|
Tim Waugh |
5505e2 |
+ strcat (pformat, "s");
|
|
Tim Waugh |
5505e2 |
+ printf(pformat,scontext);
|
|
Tim Waugh |
5505e2 |
+ break;
|
|
Tim Waugh |
5505e2 |
default:
|
|
Tim Waugh |
d66c4d |
fputc ('?', stdout);
|
|
Tim Waugh |
d66c4d |
break;
|
|
Tim Waugh |
d66c4d |
@@ -641,8 +656,9 @@
|
|
Daniel J Walsh |
129baa |
|
|
Tim Waugh |
5505e2 |
static void
|
|
Tim Waugh |
5505e2 |
print_it (char const *format, char const *filename,
|
|
Tim Waugh |
5505e2 |
- void (*print_func) (char *, size_t, char, char const *, void const *),
|
|
Tim Waugh |
5505e2 |
- void const *data)
|
|
Tim Waugh |
5505e2 |
+ void (*print_func) (char *, size_t, char, char const *, void const *,
|
|
Tim Waugh |
5505e2 |
+ SECURITY_ID_T ),
|
|
Tim Waugh |
5505e2 |
+ void const *data, SECURITY_ID_T scontext)
|
|
Tim Waugh |
5505e2 |
{
|
|
Tim Waugh |
5505e2 |
/* Add 2 to accommodate our conversion of the stat `%s' format string
|
|
Tim Waugh |
5505e2 |
to the longer printf `%llu' one. */
|
|
Tim Waugh |
d66c4d |
@@ -683,7 +699,7 @@
|
|
Tim Waugh |
5505e2 |
putchar ('%');
|
|
Tim Waugh |
5505e2 |
break;
|
|
Tim Waugh |
5505e2 |
default:
|
|
Tim Waugh |
d66c4d |
- print_func (dest, len + 1, *fmt_char, filename, data);
|
|
Tim Waugh |
d66c4d |
+ print_func (dest, len + 1, *fmt_char, filename, data, scontext);
|
|
Tim Waugh |
5505e2 |
break;
|
|
Tim Waugh |
5505e2 |
}
|
|
Tim Waugh |
5505e2 |
break;
|
|
Tim Waugh |
d66c4d |
@@ -746,9 +762,21 @@
|
|
Daniel J Walsh |
129baa |
|
|
Tim Waugh |
5505e2 |
/* Stat the file system and print what we find. */
|
|
Tim Waugh |
5505e2 |
static bool
|
|
Tim Waugh |
5505e2 |
-do_statfs (char const *filename, bool terse, char const *format)
|
|
Tim Waugh |
5505e2 |
+do_statfs (char const *filename, bool terse, bool secure, char const *format)
|
|
Tim Waugh |
5505e2 |
{
|
|
Tim Waugh |
5505e2 |
STRUCT_STATVFS statfsbuf;
|
|
Tim Waugh |
5505e2 |
+ SECURITY_ID_T scontext = NULL;
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
a30626 |
+ if(is_selinux_enabled()) {
|
|
Tim Waugh |
5505e2 |
+ if (getfilecon(filename,&scontext)<0) {
|
|
Tim Waugh |
a30626 |
+ if (secure) {
|
|
Tim Waugh |
a30626 |
+ perror (filename);
|
|
Tim Waugh |
a30626 |
+ return false;
|
|
Tim Waugh |
a30626 |
+ }
|
|
Tim Waugh |
a30626 |
+ scontext = NULL;
|
|
Tim Waugh |
5505e2 |
+ }
|
|
Tim Waugh |
a30626 |
+ }
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
|
|
Tim Waugh |
5505e2 |
if (STATFS (filename, &statfsbuf) != 0)
|
|
Tim Waugh |
5505e2 |
{
|
|
Tim Waugh |
d66c4d |
@@ -759,25 +787,46 @@
|
|
Tim Waugh |
5505e2 |
|
|
Tim Waugh |
5505e2 |
if (format == NULL)
|
|
Tim Waugh |
5505e2 |
{
|
|
Tim Waugh |
5505e2 |
- format = (terse
|
|
Tim Waugh |
5505e2 |
- ? "%n %i %l %t %s %S %b %f %a %c %d\n"
|
|
Tim Waugh |
5505e2 |
- : " File: \"%n\"\n"
|
|
Tim Waugh |
5505e2 |
- " ID: %-8i Namelen: %-7l Type: %T\n"
|
|
Tim Waugh |
5505e2 |
- "Block size: %-10s Fundamental block size: %S\n"
|
|
Tim Waugh |
5505e2 |
- "Blocks: Total: %-10b Free: %-10f Available: %a\n"
|
|
Tim Waugh |
5505e2 |
- "Inodes: Total: %-10c Free: %d\n");
|
|
Tim Waugh |
5505e2 |
+ if (terse)
|
|
Daniel J Walsh |
129baa |
+ {
|
|
Tim Waugh |
5505e2 |
+ if (secure)
|
|
Tim Waugh |
5505e2 |
+ format = "%n %i %l %t %s %S %b %f %a %c %d %C\n";
|
|
Tim Waugh |
5505e2 |
+ else
|
|
Tim Waugh |
5505e2 |
+ format = "%n %i %l %t %s %S %b %f %a %c %d\n";
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Tim Waugh |
5505e2 |
+ else
|
|
Tim Waugh |
5505e2 |
+ {
|
|
Tim Waugh |
5505e2 |
+ if (secure)
|
|
Tim Waugh |
5505e2 |
+ format = " File: \"%n\"\n"
|
|
Tim Waugh |
5505e2 |
+ " ID: %-8i Namelen: %-7l Type: %T\n"
|
|
Tim Waugh |
5505e2 |
+ "Block size: %-10s Fundamental block size: %S\n"
|
|
Tim Waugh |
5505e2 |
+ "Blocks: Total: %-10b Free: %-10f Available: %a\n"
|
|
Tim Waugh |
5505e2 |
+ "Inodes: Total: %-10c Free: %d\n"
|
|
Tim Waugh |
5505e2 |
+ " S_Context: %C\n";
|
|
Tim Waugh |
5505e2 |
+ else
|
|
Tim Waugh |
5505e2 |
+ format = " File: \"%n\"\n"
|
|
Tim Waugh |
5505e2 |
+ " ID: %-8i Namelen: %-7l Type: %T\n"
|
|
Tim Waugh |
5505e2 |
+ "Block size: %-10s Fundamental block size: %S\n"
|
|
Tim Waugh |
5505e2 |
+ "Blocks: Total: %-10b Free: %-10f Available: %a\n"
|
|
Tim Waugh |
5505e2 |
+ "Inodes: Total: %-10c Free: %d\n";
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Tim Waugh |
5505e2 |
}
|
|
Tim Waugh |
5505e2 |
|
|
Tim Waugh |
5505e2 |
- print_it (format, filename, print_statfs, &statfsbuf);
|
|
Tim Waugh |
5505e2 |
+ print_it (format, filename, print_statfs, &statfsbuf, scontext);
|
|
Tim Waugh |
5505e2 |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
5505e2 |
+ if (scontext != NULL)
|
|
Tim Waugh |
5505e2 |
+ freecon(scontext);
|
|
Tim Waugh |
5505e2 |
+#endif
|
|
Tim Waugh |
5505e2 |
return true;
|
|
Tim Waugh |
5505e2 |
}
|
|
Tim Waugh |
5505e2 |
|
|
Tim Waugh |
5505e2 |
/* stat the file and print what we find */
|
|
Tim Waugh |
5505e2 |
static bool
|
|
Tim Waugh |
5505e2 |
-do_stat (char const *filename, bool follow_links, bool terse,
|
|
Tim Waugh |
5505e2 |
+do_stat (char const *filename, bool follow_links, bool terse, bool secure,
|
|
Tim Waugh |
5505e2 |
char const *format)
|
|
Tim Waugh |
5505e2 |
{
|
|
Tim Waugh |
5505e2 |
struct stat statbuf;
|
|
Tim Waugh |
5505e2 |
+ SECURITY_ID_T scontext = NULL;
|
|
Tim Waugh |
5505e2 |
|
|
Tim Waugh |
5505e2 |
if ((follow_links ? stat : lstat) (filename, &statbuf) != 0)
|
|
Tim Waugh |
5505e2 |
{
|
|
Tim Waugh |
d66c4d |
@@ -785,11 +834,29 @@
|
|
Tim Waugh |
5505e2 |
return false;
|
|
Tim Waugh |
5505e2 |
}
|
|
Tim Waugh |
5505e2 |
|
|
Tim Waugh |
5505e2 |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
a30626 |
+ if(is_selinux_enabled()) {
|
|
Tim Waugh |
5505e2 |
+ int i;
|
|
Tim Waugh |
5505e2 |
+ if (!follow_links)
|
|
Tim Waugh |
5505e2 |
+ i=lgetfilecon(filename, &scontext);
|
|
Tim Waugh |
5505e2 |
+ else
|
|
Tim Waugh |
5505e2 |
+ i=getfilecon(filename, &scontext);
|
|
Tim Waugh |
a30626 |
+ if (i == -1 && secure)
|
|
Tim Waugh |
5505e2 |
+ {
|
|
Tim Waugh |
5505e2 |
+ perror (filename);
|
|
Tim Waugh |
5505e2 |
+ return false;
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
+
|
|
Tim Waugh |
5505e2 |
if (format == NULL)
|
|
Daniel J Walsh |
129baa |
{
|
|
Tim Waugh |
5505e2 |
if (terse)
|
|
Tim Waugh |
5505e2 |
{
|
|
Tim Waugh |
5505e2 |
- format = "%n %s %b %f %u %g %D %i %h %t %T %X %Y %Z %o\n";
|
|
Tim Waugh |
5505e2 |
+ if (secure)
|
|
Tim Waugh |
5505e2 |
+ format = "%n %s %b %f %u %g %D %i %h %t %T %X %Y %Z %o %C\n";
|
|
Tim Waugh |
5505e2 |
+ else
|
|
Tim Waugh |
5505e2 |
+ format = "%n %s %b %f %u %g %D %i %h %t %T %X %Y %Z %o\n";
|
|
Tim Waugh |
5505e2 |
}
|
|
Tim Waugh |
5505e2 |
else
|
|
Tim Waugh |
5505e2 |
{
|
|
Tim Waugh |
d66c4d |
@@ -807,16 +874,30 @@
|
|
Tim Waugh |
5505e2 |
}
|
|
Tim Waugh |
5505e2 |
else
|
|
Tim Waugh |
5505e2 |
{
|
|
Tim Waugh |
5505e2 |
- format =
|
|
Tim Waugh |
5505e2 |
- " File: %N\n"
|
|
Tim Waugh |
5505e2 |
- " Size: %-10s\tBlocks: %-10b IO Block: %-6o %F\n"
|
|
Tim Waugh |
5505e2 |
- "Device: %Dh/%dd\tInode: %-10i Links: %h\n"
|
|
Tim Waugh |
5505e2 |
- "Access: (%04a/%10.10A) Uid: (%5u/%8U) Gid: (%5g/%8G)\n"
|
|
Tim Waugh |
5505e2 |
- "Access: %x\n" "Modify: %y\n" "Change: %z\n";
|
|
Tim Waugh |
5505e2 |
+ if (secure)
|
|
Tim Waugh |
5505e2 |
+ format =
|
|
Tim Waugh |
5505e2 |
+ " File: %N\n"
|
|
Tim Waugh |
5505e2 |
+ " Size: %-10s\tBlocks: %-10b IO Block: %-6o %F\n"
|
|
Tim Waugh |
5505e2 |
+ "Device: %Dh/%dd\tInode: %-10i Links: %-5h"
|
|
Tim Waugh |
5505e2 |
+ " Device type: %t,%T\n"
|
|
Tim Waugh |
5505e2 |
+ "Access: (%04a/%10.10A) Uid: (%5u/%8U) Gid: (%5g/%8G)\n"
|
|
Tim Waugh |
5505e2 |
+ " S_Context: %C\n"
|
|
Tim Waugh |
5505e2 |
+ "Access: %x\n" "Modify: %y\n" "Change: %z\n";
|
|
Tim Waugh |
5505e2 |
+ else
|
|
Tim Waugh |
5505e2 |
+ format =
|
|
Tim Waugh |
5505e2 |
+ " File: %N\n"
|
|
Tim Waugh |
5505e2 |
+ " Size: %-10s\tBlocks: %-10b IO Block: %-6o %F\n"
|
|
Tim Waugh |
5505e2 |
+ "Device: %Dh/%dd\tInode: %-10i Links: %h\n"
|
|
Tim Waugh |
5505e2 |
+ "Access: (%04a/%10.10A) Uid: (%5u/%8U) Gid: (%5g/%8G)\n"
|
|
Tim Waugh |
5505e2 |
+ "Access: %x\n" "Modify: %y\n" "Change: %z\n";
|
|
Tim Waugh |
5505e2 |
}
|
|
Tim Waugh |
5505e2 |
}
|
|
Tim Waugh |
5505e2 |
}
|
|
Tim Waugh |
5505e2 |
- print_it (format, filename, print_stat, &statbuf);
|
|
Tim Waugh |
5505e2 |
+ print_it (format, filename, print_stat, &statbuf, scontext);
|
|
Tim Waugh |
5505e2 |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
5505e2 |
+ if (scontext)
|
|
Tim Waugh |
5505e2 |
+ freecon(scontext);
|
|
Tim Waugh |
5505e2 |
+#endif
|
|
Tim Waugh |
5505e2 |
return true;
|
|
Tim Waugh |
5505e2 |
}
|
|
Tim Waugh |
5505e2 |
|
|
Tim Waugh |
d66c4d |
@@ -833,6 +914,7 @@
|
|
Tim Waugh |
5505e2 |
Display file or file system status.\n\
|
|
Tim Waugh |
5505e2 |
\n\
|
|
Tim Waugh |
5505e2 |
-L, --dereference follow links\n\
|
|
Tim Waugh |
5505e2 |
+ -Z, --context print the security context \n\
|
|
Tim Waugh |
5505e2 |
-f, --file-system display file system status instead of file status\n\
|
|
Tim Waugh |
5505e2 |
"), stdout);
|
|
Tim Waugh |
5505e2 |
fputs (_("\
|
|
Tim Waugh |
d66c4d |
@@ -892,6 +974,7 @@
|
|
Tim Waugh |
5505e2 |
%c Total file nodes in file system\n\
|
|
Tim Waugh |
5505e2 |
%d Free file nodes in file system\n\
|
|
Tim Waugh |
5505e2 |
%f Free blocks in file system\n\
|
|
Tim Waugh |
5505e2 |
+ %C - Security context in SELinux\n\
|
|
Tim Waugh |
5505e2 |
"), stdout);
|
|
Tim Waugh |
5505e2 |
fputs (_("\
|
|
Tim Waugh |
5505e2 |
%i File System ID in hex\n\
|
|
Tim Waugh |
d66c4d |
@@ -916,6 +999,7 @@
|
|
Tim Waugh |
5505e2 |
bool follow_links = false;
|
|
Tim Waugh |
5505e2 |
bool fs = false;
|
|
Tim Waugh |
5505e2 |
bool terse = false;
|
|
Tim Waugh |
5505e2 |
+ bool secure = false;
|
|
Tim Waugh |
5505e2 |
char *format = NULL;
|
|
Tim Waugh |
5505e2 |
bool ok = true;
|
|
Daniel J Walsh |
129baa |
|
|
Tim Waugh |
d66c4d |
@@ -927,7 +1011,7 @@
|
|
Daniel J Walsh |
129baa |
|
|
Tim Waugh |
5505e2 |
atexit (close_stdout);
|
|
Daniel J Walsh |
129baa |
|
|
Tim Waugh |
5505e2 |
- while ((c = getopt_long (argc, argv, "c:fLt", long_options, NULL)) != -1)
|
|
Tim Waugh |
5505e2 |
+ while ((c = getopt_long (argc, argv, "c:fLtZ", long_options, NULL)) != -1)
|
|
Tim Waugh |
5505e2 |
{
|
|
Tim Waugh |
5505e2 |
switch (c)
|
|
Tim Waugh |
5505e2 |
{
|
|
Tim Waugh |
d66c4d |
@@ -954,6 +1038,14 @@
|
|
Tim Waugh |
5505e2 |
case 't':
|
|
Tim Waugh |
5505e2 |
terse = true;
|
|
Tim Waugh |
5505e2 |
break;
|
|
Tim Waugh |
5505e2 |
+ case 'Z':
|
|
Tim Waugh |
5505e2 |
+ if((is_selinux_enabled()>0))
|
|
Tim Waugh |
5505e2 |
+ secure = 1;
|
|
Tim Waugh |
5505e2 |
+ else {
|
|
Tim Waugh |
5505e2 |
+ error (0, 0, _("Kernel is not SELinux enabled"));
|
|
Tim Waugh |
5505e2 |
+ usage (EXIT_FAILURE);
|
|
Tim Waugh |
5505e2 |
+ }
|
|
Tim Waugh |
5505e2 |
+ break;
|
|
Daniel J Walsh |
129baa |
|
|
Tim Waugh |
5505e2 |
case_GETOPT_HELP_CHAR;
|
|
Daniel J Walsh |
129baa |
|
|
Tim Waugh |
d66c4d |
@@ -972,8 +1064,8 @@
|
|
Daniel J Walsh |
129baa |
|
|
Tim Waugh |
5505e2 |
for (i = optind; i < argc; i++)
|
|
Tim Waugh |
5505e2 |
ok &= (fs
|
|
Tim Waugh |
5505e2 |
- ? do_statfs (argv[i], terse, format)
|
|
Tim Waugh |
5505e2 |
- : do_stat (argv[i], follow_links, terse, format));
|
|
Tim Waugh |
5505e2 |
+ ? do_statfs (argv[i], terse, secure, format)
|
|
Tim Waugh |
5505e2 |
+ : do_stat (argv[i], follow_links, terse, secure, format));
|
|
Tim Waugh |
5505e2 |
|
|
Tim Waugh |
5505e2 |
exit (ok ? EXIT_SUCCESS : EXIT_FAILURE);
|
|
Tim Waugh |
5505e2 |
}
|
|
Tim Waugh |
d66c4d |
--- coreutils-6.7/src/mkfifo.c.selinux 2006-10-22 17:54:15.000000000 +0100
|
|
Tim Waugh |
327524 |
+++ coreutils-6.7/src/mkfifo.c 2007-01-09 18:47:05.000000000 +0000
|
|
Tim Waugh |
5505e2 |
@@ -32,11 +32,18 @@
|
|
Tim Waugh |
5505e2 |
|
|
Tim Waugh |
5505e2 |
#define AUTHORS "David MacKenzie"
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
5505e2 |
+#include <selinux/selinux.h> /* for is_selinux_enabled() */
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
/* The name this program was run with. */
|
|
Daniel J Walsh |
129baa |
char *program_name;
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
static struct option const longopts[] =
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ {"context", required_argument, NULL, 'Z'},
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
{"mode", required_argument, NULL, 'm'},
|
|
Daniel J Walsh |
129baa |
{GETOPT_HELP_OPTION_DECL},
|
|
Daniel J Walsh |
129baa |
{GETOPT_VERSION_OPTION_DECL},
|
|
Tim Waugh |
d66c4d |
@@ -56,6 +63,11 @@
|
|
Tim Waugh |
5505e2 |
Create named pipes (FIFOs) with the given NAMEs.\n\
|
|
Daniel J Walsh |
129baa |
\n\
|
|
Daniel J Walsh |
129baa |
"), stdout);
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
01672f |
+ fputs (_("\
|
|
Daniel J Walsh |
129baa |
+ -Z, --context=CONTEXT set security context (quoted string)\n\
|
|
Daniel J Walsh |
129baa |
+"), stdout);
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
fputs (_("\
|
|
Daniel J Walsh |
129baa |
Mandatory arguments to long options are mandatory for short options too.\n\
|
|
Daniel J Walsh |
129baa |
"), stdout);
|
|
Tim Waugh |
d66c4d |
@@ -85,13 +97,32 @@
|
|
Tim Waugh |
d66c4d |
|
|
Tim Waugh |
d66c4d |
atexit (close_stdout);
|
|
Tim Waugh |
d66c4d |
|
|
Tim Waugh |
d66c4d |
- while ((optc = getopt_long (argc, argv, "m:", longopts, NULL)) != -1)
|
|
Tim Waugh |
d66c4d |
+ while ((optc = getopt_long (argc, argv, "m:"
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
d66c4d |
+ "Z:"
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Tim Waugh |
d66c4d |
+ , longopts, NULL)) != -1)
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
switch (optc)
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
case 'm':
|
|
Daniel J Walsh |
129baa |
specified_mode = optarg;
|
|
Daniel J Walsh |
129baa |
break;
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ case 'Z':
|
|
Tim Waugh |
d66c4d |
+ if (!(is_selinux_enabled()>0))
|
|
Tim Waugh |
d66c4d |
+ {
|
|
Tim Waugh |
d66c4d |
+ fprintf( stderr, "Sorry, --context (-Z) can be used only on "
|
|
Tim Waugh |
d66c4d |
+ "a selinux-enabled kernel.\n" );
|
|
Tim Waugh |
d66c4d |
+ exit (1);
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+ if (setfscreatecon(optarg))
|
|
Tim Waugh |
d66c4d |
+ {
|
|
Tim Waugh |
d66c4d |
+ fprintf( stderr, "Sorry, cannot set default context to %s.\n", optarg);
|
|
Tim Waugh |
d66c4d |
+ exit (1);
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Daniel J Walsh |
129baa |
+ break;
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
case_GETOPT_HELP_CHAR;
|
|
Daniel J Walsh |
129baa |
case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
|
|
Daniel J Walsh |
129baa |
default:
|
|
Tim Waugh |
d66c4d |
--- coreutils-6.7/src/mknod.c.selinux 2006-10-22 17:54:15.000000000 +0100
|
|
Tim Waugh |
327524 |
+++ coreutils-6.7/src/mknod.c 2007-01-09 18:47:05.000000000 +0000
|
|
Tim Waugh |
d66c4d |
@@ -36,8 +36,15 @@
|
|
Tim Waugh |
d66c4d |
/* The name this program was run with. */
|
|
Tim Waugh |
d66c4d |
char *program_name;
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
5505e2 |
+#include <selinux/selinux.h>
|
|
Tim Waugh |
d66c4d |
+#endif
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
static struct option const longopts[] =
|
|
Tim Waugh |
d66c4d |
{
|
|
Tim Waugh |
d66c4d |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
d66c4d |
+ {"context", required_argument, NULL, 'Z'},
|
|
Tim Waugh |
d66c4d |
+#endif
|
|
Tim Waugh |
d66c4d |
{"mode", required_argument, NULL, 'm'},
|
|
Tim Waugh |
d66c4d |
{GETOPT_HELP_OPTION_DECL},
|
|
Tim Waugh |
d66c4d |
{GETOPT_VERSION_OPTION_DECL},
|
|
Tim Waugh |
d66c4d |
@@ -58,6 +65,11 @@
|
|
Tim Waugh |
d66c4d |
Create the special file NAME of the given TYPE.\n\
|
|
Tim Waugh |
d66c4d |
\n\
|
|
Tim Waugh |
d66c4d |
"), stdout);
|
|
Tim Waugh |
d66c4d |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
d66c4d |
+ fputs(_("\
|
|
Tim Waugh |
d66c4d |
+ -Z, --context=CONTEXT set security context (quoted string)\n\
|
|
Tim Waugh |
d66c4d |
+"), stdout);
|
|
Tim Waugh |
d66c4d |
+#endif
|
|
Tim Waugh |
d66c4d |
fputs (_("\
|
|
Tim Waugh |
d66c4d |
Mandatory arguments to long options are mandatory for short options too.\n\
|
|
Tim Waugh |
d66c4d |
"), stdout);
|
|
Tim Waugh |
d66c4d |
@@ -101,13 +113,31 @@
|
|
Tim Waugh |
d66c4d |
|
|
Tim Waugh |
d66c4d |
atexit (close_stdout);
|
|
Tim Waugh |
d66c4d |
|
|
Tim Waugh |
d66c4d |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
d66c4d |
+ while ((optc = getopt_long (argc, argv, "m:Z:", longopts, NULL)) != -1)
|
|
Tim Waugh |
d66c4d |
+#else
|
|
Tim Waugh |
d66c4d |
while ((optc = getopt_long (argc, argv, "m:", longopts, NULL)) != -1)
|
|
Tim Waugh |
d66c4d |
+#endif
|
|
Tim Waugh |
d66c4d |
{
|
|
Tim Waugh |
d66c4d |
switch (optc)
|
|
Tim Waugh |
d66c4d |
{
|
|
Tim Waugh |
d66c4d |
case 'm':
|
|
Tim Waugh |
d66c4d |
specified_mode = optarg;
|
|
Tim Waugh |
d66c4d |
break;
|
|
Tim Waugh |
d66c4d |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
d66c4d |
+ case 'Z':
|
|
Tim Waugh |
d66c4d |
+ /* politely decline if we're not on a selinux-enabled kernel. */
|
|
Tim Waugh |
d66c4d |
+ if( !(is_selinux_enabled()>0)) {
|
|
Tim Waugh |
d66c4d |
+ fprintf( stderr, "Sorry, --context (-Z) can be used only on "
|
|
Tim Waugh |
d66c4d |
+ "a selinux-enabled kernel.\n" );
|
|
Tim Waugh |
d66c4d |
+ exit( 1 );
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+ if (setfscreatecon(optarg)) {
|
|
Tim Waugh |
d66c4d |
+ fprintf( stderr, "Sorry, cannot set default context to %s.\n", optarg);
|
|
Tim Waugh |
d66c4d |
+ exit( 1 );
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+ break;
|
|
Tim Waugh |
d66c4d |
+#endif
|
|
Tim Waugh |
d66c4d |
case_GETOPT_HELP_CHAR;
|
|
Tim Waugh |
d66c4d |
case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
|
|
Tim Waugh |
d66c4d |
default:
|
|
Tim Waugh |
327524 |
--- coreutils-6.7/src/id.c.selinux 2007-01-09 18:47:04.000000000 +0000
|
|
Tim Waugh |
327524 |
+++ coreutils-6.7/src/id.c 2007-01-09 18:47:05.000000000 +0000
|
|
Tim Waugh |
d66c4d |
@@ -37,6 +37,20 @@
|
|
Tim Waugh |
d66c4d |
|
|
Tim Waugh |
d66c4d |
int getugroups ();
|
|
Tim Waugh |
d66c4d |
|
|
Tim Waugh |
d66c4d |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
d66c4d |
+#include <selinux/selinux.h>
|
|
Tim Waugh |
d66c4d |
+static void print_context (char* context);
|
|
Tim Waugh |
d66c4d |
+/* Print the SELinux context */
|
|
Tim Waugh |
d66c4d |
+static void
|
|
Tim Waugh |
d66c4d |
+print_context(char *context)
|
|
Tim Waugh |
d66c4d |
+{
|
|
Tim Waugh |
d66c4d |
+ printf ("%s", context);
|
|
Tim Waugh |
d66c4d |
+}
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+/* If nonzero, output only the SELinux context. -Z */
|
|
Tim Waugh |
d66c4d |
+static int just_context = 0;
|
|
Tim Waugh |
5505e2 |
+
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Tim Waugh |
5505e2 |
static void print_user (uid_t uid);
|
|
Tim Waugh |
5505e2 |
static void print_group (gid_t gid);
|
|
Tim Waugh |
5505e2 |
static void print_group_list (const char *username);
|
|
Tim Waugh |
5505e2 |
@@ -55,8 +69,14 @@
|
|
Tim Waugh |
5505e2 |
/* True unless errors have been encountered. */
|
|
Tim Waugh |
5505e2 |
static bool ok = true;
|
|
Tim Waugh |
5505e2 |
|
|
Tim Waugh |
5505e2 |
+/* The SELinux context */
|
|
Tim Waugh |
5505e2 |
+/* Set `context' to a known invalid value so print_full_info() will *
|
|
Tim Waugh |
5505e2 |
+ * know when `context' has not been set to a meaningful value. */
|
|
Tim Waugh |
5505e2 |
+static security_context_t context=NULL;
|
|
Daniel J Walsh |
129baa |
+
|
|
Tim Waugh |
5505e2 |
static struct option const longopts[] =
|
|
Tim Waugh |
5505e2 |
{
|
|
Tim Waugh |
5505e2 |
+ {"context", no_argument, NULL, 'Z'},
|
|
Tim Waugh |
5505e2 |
{"group", no_argument, NULL, 'g'},
|
|
Tim Waugh |
5505e2 |
{"groups", no_argument, NULL, 'G'},
|
|
Tim Waugh |
5505e2 |
{"name", no_argument, NULL, 'n'},
|
|
Tim Waugh |
5505e2 |
@@ -80,6 +100,7 @@
|
|
Tim Waugh |
5505e2 |
Print information for USERNAME, or the current user.\n\
|
|
Tim Waugh |
5505e2 |
\n\
|
|
Tim Waugh |
5505e2 |
-a ignore, for compatibility with other versions\n\
|
|
Tim Waugh |
dfe7b9 |
+ -Z, --context print only the context of the current process\n\
|
|
Tim Waugh |
5505e2 |
-g, --group print only the effective group ID\n\
|
|
Tim Waugh |
5505e2 |
-G, --groups print all group IDs\n\
|
|
Tim Waugh |
5505e2 |
-n, --name print a name instead of a number, for -ugG\n\
|
|
Tim Waugh |
5505e2 |
@@ -101,6 +122,7 @@
|
|
Tim Waugh |
5505e2 |
main (int argc, char **argv)
|
|
Tim Waugh |
5505e2 |
{
|
|
Tim Waugh |
5505e2 |
int optc;
|
|
Tim Waugh |
5505e2 |
+ int selinux_enabled=(is_selinux_enabled()>0);
|
|
Tim Waugh |
5505e2 |
|
|
Tim Waugh |
5505e2 |
/* If true, output the list of all group IDs. -G */
|
|
Tim Waugh |
5505e2 |
bool just_group_list = false;
|
|
Tim Waugh |
5505e2 |
@@ -119,13 +141,24 @@
|
|
Tim Waugh |
5505e2 |
|
|
Tim Waugh |
5505e2 |
atexit (close_stdout);
|
|
Tim Waugh |
5505e2 |
|
|
Tim Waugh |
5505e2 |
- while ((optc = getopt_long (argc, argv, "agnruG", longopts, NULL)) != -1)
|
|
Tim Waugh |
5505e2 |
+ while ((optc = getopt_long (argc, argv, "agnruGZ", longopts, NULL)) != -1)
|
|
Tim Waugh |
5505e2 |
{
|
|
Tim Waugh |
5505e2 |
switch (optc)
|
|
Tim Waugh |
5505e2 |
{
|
|
Tim Waugh |
5505e2 |
case 'a':
|
|
Tim Waugh |
5505e2 |
/* Ignore -a, for compatibility with SVR4. */
|
|
Tim Waugh |
5505e2 |
break;
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
5505e2 |
+ case 'Z':
|
|
Tim Waugh |
5505e2 |
+ /* politely decline if we're not on a selinux-enabled kernel. */
|
|
Tim Waugh |
5505e2 |
+ if( !selinux_enabled ) {
|
|
Tim Waugh |
5505e2 |
+ fprintf( stderr, "Sorry, --context (-Z) can be used only on "
|
|
Tim Waugh |
5505e2 |
+ "a selinux-enabled kernel.\n" );
|
|
Tim Waugh |
5505e2 |
+ exit( 1 );
|
|
Tim Waugh |
5505e2 |
+ }
|
|
Tim Waugh |
5505e2 |
+ just_context = 1;
|
|
Tim Waugh |
5505e2 |
+ break;
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Tim Waugh |
5505e2 |
case 'g':
|
|
Tim Waugh |
5505e2 |
just_group = true;
|
|
Tim Waugh |
5505e2 |
break;
|
|
Tim Waugh |
5505e2 |
@@ -148,8 +181,28 @@
|
|
Tim Waugh |
5505e2 |
}
|
|
Tim Waugh |
5505e2 |
}
|
|
Tim Waugh |
5505e2 |
|
|
Tim Waugh |
5505e2 |
- if (just_user + just_group + just_group_list > 1)
|
|
Tim Waugh |
5505e2 |
- error (EXIT_FAILURE, 0, _("cannot print only user and only group"));
|
|
Tim Waugh |
5505e2 |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
5505e2 |
+ if (argc - optind == 1)
|
|
Tim Waugh |
add8cb |
+ if (just_context) error (1, 0, _("\
|
|
Tim Waugh |
dfe7b9 |
+cannot print security context when user specified"));
|
|
Tim Waugh |
5505e2 |
+
|
|
Tim Waugh |
5505e2 |
+ if( just_context && !selinux_enabled)
|
|
Tim Waugh |
5505e2 |
+ error (1, 0, _("\
|
|
Tim Waugh |
dfe7b9 |
+cannot display context when selinux not enabled"));
|
|
Tim Waugh |
5505e2 |
+
|
|
Tim Waugh |
5505e2 |
+ /* If we are on a selinux-enabled kernel, get our context. *
|
|
Tim Waugh |
5505e2 |
+ * Otherwise, leave the context variable alone - it has *
|
|
Tim Waugh |
5505e2 |
+ * been initialized known invalid value; if we see this invalid *
|
|
Tim Waugh |
5505e2 |
+ * value later, we will know we are on a non-selinux kernel. */
|
|
Tim Waugh |
5505e2 |
+ if( selinux_enabled )
|
|
Tim Waugh |
5505e2 |
+ {
|
|
Tim Waugh |
5505e2 |
+ if (getcon(&context) && just_context)
|
|
Tim Waugh |
5505e2 |
+ error (1, 0, "can't get process context");
|
|
Tim Waugh |
5505e2 |
+ }
|
|
Tim Waugh |
5505e2 |
+#endif
|
|
Tim Waugh |
5505e2 |
+
|
|
Tim Waugh |
5505e2 |
+ if (just_user + just_group + just_group_list + just_context > 1)
|
|
Tim Waugh |
5505e2 |
+ error (EXIT_FAILURE, 0, _("cannot print \"only\" of more than one choice"));
|
|
Tim Waugh |
5505e2 |
|
|
Tim Waugh |
5505e2 |
if (just_user + just_group + just_group_list == 0 && (use_real | use_name))
|
|
Tim Waugh |
5505e2 |
error (EXIT_FAILURE, 0,
|
|
Tim Waugh |
5505e2 |
@@ -183,6 +236,10 @@
|
|
Tim Waugh |
5505e2 |
print_group (use_real ? rgid : egid);
|
|
Tim Waugh |
5505e2 |
else if (just_group_list)
|
|
Tim Waugh |
5505e2 |
print_group_list (argv[optind]);
|
|
Tim Waugh |
5505e2 |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
5505e2 |
+ else if (just_context)
|
|
Tim Waugh |
5505e2 |
+ print_context (context);
|
|
Tim Waugh |
5505e2 |
+#endif
|
|
Tim Waugh |
5505e2 |
else
|
|
Tim Waugh |
5505e2 |
print_full_info (argv[optind]);
|
|
Tim Waugh |
5505e2 |
putchar ('\n');
|
|
Tim Waugh |
d66c4d |
@@ -407,4 +464,9 @@
|
|
Tim Waugh |
d66c4d |
free (groups);
|
|
Tim Waugh |
d66c4d |
}
|
|
Tim Waugh |
5505e2 |
#endif /* HAVE_GETGROUPS */
|
|
Tim Waugh |
5505e2 |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
5505e2 |
+ if ( context != NULL ) {
|
|
Tim Waugh |
5505e2 |
+ printf(" context=%s",context);
|
|
Tim Waugh |
5505e2 |
+ }
|
|
Tim Waugh |
d66c4d |
+#endif
|
|
Tim Waugh |
d66c4d |
}
|
|
Tim Waugh |
d66c4d |
--- coreutils-6.7/src/mv.c.selinux 2006-10-23 10:09:10.000000000 +0100
|
|
Tim Waugh |
327524 |
+++ coreutils-6.7/src/mv.c 2007-01-09 18:47:05.000000000 +0000
|
|
Tim Waugh |
d66c4d |
@@ -33,6 +33,11 @@
|
|
Tim Waugh |
d66c4d |
#include "quote.h"
|
|
Tim Waugh |
d66c4d |
#include "remove.h"
|
|
Tim Waugh |
d66c4d |
|
|
Tim Waugh |
d66c4d |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
d66c4d |
+#include <selinux/selinux.h> /* for is_selinux_enabled() */
|
|
Tim Waugh |
d66c4d |
+int selinux_enabled=0;
|
|
Tim Waugh |
d66c4d |
+#endif
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
/* The official name of this program (e.g., no `g' prefix). */
|
|
Tim Waugh |
d66c4d |
#define PROGRAM_NAME "mv"
|
|
Tim Waugh |
d66c4d |
|
|
Tim Waugh |
d66c4d |
@@ -126,6 +131,10 @@
|
|
Tim Waugh |
d66c4d |
x->preserve_links = true;
|
|
Tim Waugh |
d66c4d |
x->preserve_mode = true;
|
|
Tim Waugh |
d66c4d |
x->preserve_timestamps = true;
|
|
Tim Waugh |
d66c4d |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
d66c4d |
+ x->preserve_security_context = true;
|
|
Tim Waugh |
d66c4d |
+ x->set_security_context = false;
|
|
Tim Waugh |
d66c4d |
+#endif
|
|
Tim Waugh |
d66c4d |
x->require_preserve = false; /* FIXME: maybe make this an option */
|
|
Tim Waugh |
d66c4d |
x->recursive = true;
|
|
Tim Waugh |
d66c4d |
x->sparse_mode = SPARSE_AUTO; /* FIXME: maybe make this an option */
|
|
Tim Waugh |
d66c4d |
@@ -357,6 +366,10 @@
|
|
Tim Waugh |
d66c4d |
|
|
Tim Waugh |
d66c4d |
cp_option_init (&x);
|
|
Tim Waugh |
d66c4d |
|
|
Tim Waugh |
d66c4d |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
d66c4d |
+ selinux_enabled= (is_selinux_enabled()>0);
|
|
Tim Waugh |
d66c4d |
+#endif
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
/* FIXME: consider not calling getenv for SIMPLE_BACKUP_SUFFIX unless
|
|
Tim Waugh |
d66c4d |
we'll actually use backup_suffix_string. */
|
|
Tim Waugh |
d66c4d |
backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX");
|
|
Tim Waugh |
327524 |
--- /dev/null 2007-01-10 09:33:30.042789464 +0000
|
|
Tim Waugh |
327524 |
+++ coreutils-6.7/src/runcon.c 2007-01-09 18:47:05.000000000 +0000
|
|
Tim Waugh |
d66c4d |
@@ -0,0 +1,253 @@
|
|
Tim Waugh |
d66c4d |
+/*
|
|
Tim Waugh |
d66c4d |
+ * runcon [ context |
|
|
Tim Waugh |
d66c4d |
+ * ( [ -c ] [ -r role ] [-t type] [ -u user ] [ -l levelrange ] )
|
|
Tim Waugh |
d66c4d |
+ * command [arg1 [arg2 ...] ]
|
|
Tim Waugh |
d66c4d |
+ *
|
|
Tim Waugh |
d66c4d |
+ * attempt to run the specified command with the specified context.
|
|
Tim Waugh |
d66c4d |
+ *
|
|
Tim Waugh |
d66c4d |
+ * -r role : use the current context with the specified role
|
|
Tim Waugh |
d66c4d |
+ * -t type : use the current context with the specified type
|
|
Tim Waugh |
d66c4d |
+ * -u user : use the current context with the specified user
|
|
Tim Waugh |
d66c4d |
+ * -l level : use the current context with the specified level range
|
|
Tim Waugh |
d66c4d |
+ * -c : compute process transition context before modifying
|
|
Tim Waugh |
d66c4d |
+ *
|
|
Tim Waugh |
d66c4d |
+ * Contexts are interpreted as follows:
|
|
Tim Waugh |
d66c4d |
+ *
|
|
Tim Waugh |
d66c4d |
+ * Number of MLS
|
|
Tim Waugh |
d66c4d |
+ * components system?
|
|
Tim Waugh |
d66c4d |
+ *
|
|
Tim Waugh |
d66c4d |
+ * 1 - type
|
|
Tim Waugh |
d66c4d |
+ * 2 - role:type
|
|
Tim Waugh |
d66c4d |
+ * 3 Y role:type:range
|
|
Tim Waugh |
d66c4d |
+ * 3 N user:role:type
|
|
Tim Waugh |
d66c4d |
+ * 4 Y user:role:type:range
|
|
Tim Waugh |
d66c4d |
+ * 4 N error
|
|
Tim Waugh |
d66c4d |
+ */
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+#include <config.h>
|
|
Tim Waugh |
d66c4d |
+#include <unistd.h>
|
|
Tim Waugh |
d66c4d |
+#include <stdio.h>
|
|
Tim Waugh |
d66c4d |
+#include <getopt.h>
|
|
Tim Waugh |
d66c4d |
+#include <selinux/context.h>
|
|
Tim Waugh |
d66c4d |
+#include <selinux/selinux.h>
|
|
Tim Waugh |
d66c4d |
+#include <selinux/flask.h>
|
|
Tim Waugh |
d66c4d |
+#include <errno.h>
|
|
Tim Waugh |
d66c4d |
+#include "system.h"
|
|
Tim Waugh |
d66c4d |
+extern int errno;
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+/* The name the program was run with. */
|
|
Tim Waugh |
d66c4d |
+char *program_name;
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+/* If nonzero, display usage information and exit. */
|
|
Tim Waugh |
d66c4d |
+static int show_help;
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+/* If nonzero, print the version on standard output and exit. */
|
|
Tim Waugh |
d66c4d |
+static int show_version;
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+void
|
|
Tim Waugh |
d66c4d |
+usage(int status)
|
|
Tim Waugh |
d66c4d |
+{
|
|
Tim Waugh |
d66c4d |
+ printf(_("Usage: %s CONTEXT COMMAND [args]\n"
|
|
Tim Waugh |
d66c4d |
+ " or: %s [ -c ] [-u USER] [-r ROLE] [-t TYPE] [-l RANGE] COMMAND [args]\n"
|
|
Tim Waugh |
d66c4d |
+ "Run a program in a different security context.\n\n"
|
|
Tim Waugh |
d66c4d |
+ " CONTEXT Complete security context\n"
|
|
Tim Waugh |
d66c4d |
+ " -c, --compute compute process transition context before modifying\n"
|
|
Tim Waugh |
d66c4d |
+ " -t, --type=TYPE type (for same role as parent)\n"
|
|
Tim Waugh |
d66c4d |
+ " -u, --user=USER user identity\n"
|
|
Tim Waugh |
d66c4d |
+ " -r, --role=ROLE role\n"
|
|
Tim Waugh |
d66c4d |
+ " -l, --range=RANGE levelrange\n"
|
|
Tim Waugh |
d66c4d |
+ " --help display this help and exit\n"
|
|
Tim Waugh |
d66c4d |
+ " --version output version information and exit\n"),
|
|
Tim Waugh |
d66c4d |
+ program_name, program_name);
|
|
Tim Waugh |
d66c4d |
+ exit(status);
|
|
Tim Waugh |
d66c4d |
+}
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+int
|
|
Tim Waugh |
d66c4d |
+main(int argc,char **argv,char **envp )
|
|
Tim Waugh |
d66c4d |
+{
|
|
Tim Waugh |
d66c4d |
+ char *role = 0;
|
|
Tim Waugh |
d66c4d |
+ char *range = 0;
|
|
Tim Waugh |
d66c4d |
+ char *user = 0;
|
|
Tim Waugh |
d66c4d |
+ char *type = 0;
|
|
Tim Waugh |
d66c4d |
+ char *context = NULL;
|
|
Tim Waugh |
d66c4d |
+ security_context_t cur_context = NULL;
|
|
Tim Waugh |
d66c4d |
+ security_context_t file_context = NULL;
|
|
Tim Waugh |
d66c4d |
+ security_context_t new_context = NULL;
|
|
Tim Waugh |
d66c4d |
+ int compute_trans = 0;
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+ context_t con;
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+ program_name = argv[0];
|
|
Tim Waugh |
d66c4d |
+ setlocale (LC_ALL, "");
|
|
Tim Waugh |
d66c4d |
+ bindtextdomain (PACKAGE, LOCALEDIR);
|
|
Tim Waugh |
d66c4d |
+ textdomain (PACKAGE);
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+ while (1) {
|
|
Tim Waugh |
d66c4d |
+ int c;
|
|
Tim Waugh |
d66c4d |
+ int this_option_optind = optind ? optind : 1;
|
|
Tim Waugh |
d66c4d |
+ int option_index = 0;
|
|
Tim Waugh |
d66c4d |
+ static struct option long_options[] = {
|
|
Tim Waugh |
d66c4d |
+ { "role", 1, 0, 'r' },
|
|
Tim Waugh |
d66c4d |
+ { "type", 1, 0, 't' },
|
|
Tim Waugh |
d66c4d |
+ { "user", 1, 0, 'u' },
|
|
Tim Waugh |
d66c4d |
+ { "range", 1, 0, 'l' },
|
|
Tim Waugh |
d66c4d |
+ { "compute", 0, 0, 'c' },
|
|
Tim Waugh |
d66c4d |
+ { "help", 0, &show_help, 1 },
|
|
Tim Waugh |
d66c4d |
+ { "version", 0, &show_version, 1 },
|
|
Tim Waugh |
d66c4d |
+ { 0, 0, 0, 0 }
|
|
Tim Waugh |
d66c4d |
+ };
|
|
Tim Waugh |
d66c4d |
+ c = getopt_long(argc, argv, "r:t:u:l:c", long_options, &option_index);
|
|
Tim Waugh |
d66c4d |
+ if ( c == -1 ) {
|
|
Tim Waugh |
d66c4d |
+ break;
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+ switch ( c ) {
|
|
Tim Waugh |
d66c4d |
+ case 0:
|
|
Tim Waugh |
d66c4d |
+ break;
|
|
Tim Waugh |
d66c4d |
+ case 'r':
|
|
Tim Waugh |
d66c4d |
+ if ( role ) {
|
|
Tim Waugh |
d66c4d |
+ fprintf(stderr,_("multiple roles\n"));
|
|
Tim Waugh |
d66c4d |
+ exit(1);
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+ role = optarg;
|
|
Tim Waugh |
d66c4d |
+ break;
|
|
Tim Waugh |
d66c4d |
+ case 't':
|
|
Tim Waugh |
d66c4d |
+ if ( type ) {
|
|
Tim Waugh |
d66c4d |
+ fprintf(stderr,_("multiple types\n"));
|
|
Tim Waugh |
d66c4d |
+ exit(1);
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+ type = optarg;
|
|
Tim Waugh |
d66c4d |
+ break;
|
|
Tim Waugh |
d66c4d |
+ case 'u':
|
|
Tim Waugh |
d66c4d |
+ if ( user ) {
|
|
Tim Waugh |
d66c4d |
+ fprintf(stderr,_("multiple users\n"));
|
|
Tim Waugh |
d66c4d |
+ exit(1);
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+ user = optarg;
|
|
Tim Waugh |
d66c4d |
+ break;
|
|
Tim Waugh |
d66c4d |
+ case 'l':
|
|
Tim Waugh |
d66c4d |
+ if ( range ) {
|
|
Tim Waugh |
d66c4d |
+ fprintf(stderr,_("multiple levelranges\n"));
|
|
Tim Waugh |
d66c4d |
+ exit(1);
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+ range = optarg;
|
|
Tim Waugh |
d66c4d |
+ break;
|
|
Tim Waugh |
d66c4d |
+ case 'c':
|
|
Tim Waugh |
d66c4d |
+ compute_trans = 1;
|
|
Tim Waugh |
d66c4d |
+ break;
|
|
Tim Waugh |
d66c4d |
+ default:
|
|
Tim Waugh |
d66c4d |
+ usage(1);
|
|
Tim Waugh |
d66c4d |
+ break;
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+ if (show_version) {
|
|
Tim Waugh |
d66c4d |
+ printf("runcon (%s) %s\n", GNU_PACKAGE, VERSION);
|
|
Tim Waugh |
d66c4d |
+ exit(0);
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+ if (show_help)
|
|
Tim Waugh |
d66c4d |
+ usage(0);
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+ if ( !(user || role || type || range || compute_trans)) {
|
|
Tim Waugh |
d66c4d |
+ if ( optind >= argc ) {
|
|
Tim Waugh |
d66c4d |
+ fprintf(stderr,_("must specify -c, -t, -u, -l, -r, or context\n"));
|
|
Tim Waugh |
d66c4d |
+ usage(1);
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+ context = argv[optind++];
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+ if ( optind >= argc ) {
|
|
Tim Waugh |
d66c4d |
+ fprintf(stderr,_("no command found\n"));
|
|
Tim Waugh |
d66c4d |
+ usage(1);
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+ if( is_selinux_enabled() != 1 ) {
|
|
Tim Waugh |
d66c4d |
+ fprintf( stderr,
|
|
Tim Waugh |
d66c4d |
+ _("runcon may be used only on a SELinux kernel.\n") );
|
|
Tim Waugh |
d66c4d |
+ exit(-1);
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+ if ( context ) {
|
|
Tim Waugh |
d66c4d |
+ con = context_new(context);
|
|
Tim Waugh |
d66c4d |
+ if (!con) {
|
|
Tim Waugh |
d66c4d |
+ fprintf(stderr,_("%s is not a valid context\n"), context);
|
|
Tim Waugh |
d66c4d |
+ exit(1);
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+ else {
|
|
Tim Waugh |
d66c4d |
+ if (getcon(&cur_context) < 0) {
|
|
Tim Waugh |
d66c4d |
+ fprintf(stderr,_("Couldn't get current context.\n"));
|
|
Tim Waugh |
d66c4d |
+ exit(1);
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+ /* We will generate context based on process transition */
|
|
Tim Waugh |
d66c4d |
+ if ( compute_trans ) {
|
|
Tim Waugh |
d66c4d |
+ /* Get context of file to be executed */
|
|
Tim Waugh |
d66c4d |
+ if (getfilecon(argv[optind], &file_context) == -1) {
|
|
Tim Waugh |
d66c4d |
+ fprintf(stderr,_("unable to retrieve attributes of %s\n"),
|
|
Tim Waugh |
d66c4d |
+ argv[optind]);
|
|
Tim Waugh |
d66c4d |
+ exit(1);
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+ /* compute result of process transition */
|
|
Tim Waugh |
d66c4d |
+ if (security_compute_create(cur_context, file_context,
|
|
Tim Waugh |
d66c4d |
+ SECCLASS_PROCESS, &new_context) != 0) {
|
|
Tim Waugh |
d66c4d |
+ fprintf(stderr,_("unable to compute a new context\n"));
|
|
Tim Waugh |
d66c4d |
+ exit(1);
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+ /* free contexts */
|
|
Tim Waugh |
d66c4d |
+ freecon(file_context);
|
|
Tim Waugh |
d66c4d |
+ freecon(cur_context);
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+ /* set cur_context equal to new_context */
|
|
Tim Waugh |
d66c4d |
+ cur_context = new_context;
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+ con = context_new(cur_context);
|
|
Tim Waugh |
d66c4d |
+ if (!con) {
|
|
Tim Waugh |
d66c4d |
+ fprintf(stderr,_("%s is not a valid context\n"), cur_context);
|
|
Tim Waugh |
d66c4d |
+ exit(1);
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+ if ( user ) {
|
|
Tim Waugh |
d66c4d |
+ if ( context_user_set(con,user)) {
|
|
Tim Waugh |
d66c4d |
+ fprintf(stderr,_("failed to set new user %s\n"),user);
|
|
Tim Waugh |
d66c4d |
+ exit(1);
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+ if ( type ) {
|
|
Tim Waugh |
d66c4d |
+ if ( context_type_set(con,type)) {
|
|
Tim Waugh |
d66c4d |
+ fprintf(stderr,_("failed to set new type %s\n"),type);
|
|
Tim Waugh |
d66c4d |
+ exit(1);
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+ if ( range ) {
|
|
Tim Waugh |
d66c4d |
+ if ( context_range_set(con,range)) {
|
|
Tim Waugh |
d66c4d |
+ fprintf(stderr,_("failed to set new range %s\n"),range);
|
|
Tim Waugh |
d66c4d |
+ exit(1);
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+ if ( role ) {
|
|
Tim Waugh |
d66c4d |
+ if (context_role_set(con,role)) {
|
|
Tim Waugh |
d66c4d |
+ fprintf(stderr,_("failed to set new role %s\n"),role);
|
|
Tim Waugh |
d66c4d |
+ exit(1);
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+ if (security_check_context(context_str(con)) < 0) {
|
|
Tim Waugh |
d66c4d |
+ fprintf(stderr, _("%s is not a valid context\n"), context_str(con));
|
|
Tim Waugh |
d66c4d |
+ exit(1);
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+ if (setexeccon(context_str(con))!=0) {
|
|
Tim Waugh |
d66c4d |
+ fprintf(stderr,_("unable to setup security context %s\n"), context_str(con));
|
|
Tim Waugh |
d66c4d |
+ exit(1);
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+ if (cur_context!=NULL)
|
|
Tim Waugh |
d66c4d |
+ freecon(cur_context);
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+ if ( execvp(argv[optind],argv+optind) ) {
|
|
Tim Waugh |
d66c4d |
+ perror("execvp");
|
|
Tim Waugh |
d66c4d |
+ exit(1);
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+ return 1; /* can't reach this statement.... */
|
|
Tim Waugh |
d66c4d |
+}
|
|
Tim Waugh |
d66c4d |
--- coreutils-6.7/src/copy.c.selinux 2006-12-07 07:01:16.000000000 +0000
|
|
Tim Waugh |
327524 |
+++ coreutils-6.7/src/copy.c 2007-01-09 18:47:05.000000000 +0000
|
|
Tim Waugh |
d66c4d |
@@ -53,6 +53,11 @@
|
|
Tim Waugh |
5505e2 |
#include "xreadlink.h"
|
|
Tim Waugh |
5505e2 |
#include "yesno.h"
|
|
Tim Waugh |
5505e2 |
|
|
Tim Waugh |
5505e2 |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
5505e2 |
+#include <selinux/selinux.h> /* for is_selinux_enabled() */
|
|
Tim Waugh |
5505e2 |
+extern int selinux_enabled;
|
|
Tim Waugh |
5505e2 |
+#endif
|
|
Tim Waugh |
5505e2 |
+
|
|
Tim Waugh |
d66c4d |
#ifndef HAVE_FCHOWN
|
|
Tim Waugh |
d66c4d |
# define HAVE_FCHOWN false
|
|
Tim Waugh |
d66c4d |
# define fchown(fd, uid, gid) (-1)
|
|
Tim Waugh |
d66c4d |
@@ -301,6 +306,30 @@
|
|
Tim Waugh |
679161 |
{
|
|
Tim Waugh |
d66c4d |
dest_desc = open (dst_name, O_WRONLY | O_TRUNC | O_BINARY);
|
|
Tim Waugh |
679161 |
|
|
Tim Waugh |
679161 |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
b9e1cc |
+ if (dest_desc >= 0 && selinux_enabled &&
|
|
Tim Waugh |
b9e1cc |
+ (x->preserve_security_context || x->set_security_context))
|
|
Tim Waugh |
679161 |
+ {
|
|
Tim Waugh |
679161 |
+ security_context_t con;
|
|
Tim Waugh |
679161 |
+ if(getfscreatecon(&con) == -1)
|
|
Tim Waugh |
679161 |
+ {
|
|
Tim Waugh |
679161 |
+ return_val = false;
|
|
Tim Waugh |
679161 |
+ goto close_src_desc;
|
|
Tim Waugh |
679161 |
+ }
|
|
Tim Waugh |
4af876 |
+
|
|
Tim Waugh |
4af876 |
+ if (con)
|
|
Tim Waugh |
679161 |
+ {
|
|
Tim Waugh |
4af876 |
+ if(fsetfilecon(dest_desc, con) == -1)
|
|
Tim Waugh |
4af876 |
+ {
|
|
Tim Waugh |
4af876 |
+ return_val = false;
|
|
Tim Waugh |
4af876 |
+ freecon(con);
|
|
Tim Waugh |
4af876 |
+ goto close_src_desc;
|
|
Tim Waugh |
4af876 |
+ }
|
|
Tim Waugh |
679161 |
+ freecon(con);
|
|
Tim Waugh |
679161 |
+ }
|
|
Tim Waugh |
679161 |
+ }
|
|
Tim Waugh |
679161 |
+#endif
|
|
Tim Waugh |
679161 |
+
|
|
Tim Waugh |
679161 |
if (dest_desc < 0 && x->unlink_dest_after_failed_open)
|
|
Tim Waugh |
679161 |
{
|
|
Tim Waugh |
679161 |
if (unlink (dst_name) != 0)
|
|
Tim Waugh |
d66c4d |
@@ -1520,6 +1549,32 @@
|
|
Tim Waugh |
5505e2 |
In such cases, set this variable to zero. */
|
|
Tim Waugh |
5505e2 |
preserve_metadata = true;
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
5505e2 |
+ if (x->preserve_security_context && selinux_enabled)
|
|
Tim Waugh |
5505e2 |
+ {
|
|
Tim Waugh |
5505e2 |
+ security_context_t con;
|
|
Tim Waugh |
5505e2 |
+
|
|
Tim Waugh |
5505e2 |
+ if (lgetfilecon (src_name, &con) >= 0)
|
|
Tim Waugh |
5505e2 |
+ {
|
|
Tim Waugh |
5505e2 |
+ if (setfscreatecon(con) < 0)
|
|
Tim Waugh |
5505e2 |
+ {
|
|
Tim Waugh |
5505e2 |
+ error (0, errno, _("cannot set setfscreatecon %s"), quote (con));
|
|
Tim Waugh |
5505e2 |
+ if (x->require_preserve) {
|
|
Tim Waugh |
5505e2 |
+ freecon(con);
|
|
Tim Waugh |
5505e2 |
+ return 1;
|
|
Tim Waugh |
5505e2 |
+ }
|
|
Tim Waugh |
5505e2 |
+ }
|
|
Tim Waugh |
5505e2 |
+ freecon(con);
|
|
Tim Waugh |
5505e2 |
+ }
|
|
Tim Waugh |
5505e2 |
+ else {
|
|
Tim Waugh |
5505e2 |
+ if (( errno != ENOTSUP ) && ( errno != ENODATA )) {
|
|
Tim Waugh |
5505e2 |
+ error (0, errno, _("cannot lgetfilecon %s"), quote (src_name));
|
|
Tim Waugh |
5505e2 |
+ return 1;
|
|
Tim Waugh |
5505e2 |
+ }
|
|
Tim Waugh |
5505e2 |
+ }
|
|
Tim Waugh |
5505e2 |
+ }
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
+
|
|
Tim Waugh |
5505e2 |
if (S_ISDIR (src_mode))
|
|
Daniel J Walsh |
129baa |
{
|
|
Tim Waugh |
5505e2 |
struct dir_list *dir;
|
|
Tim Waugh |
d66c4d |
@@ -1595,7 +1650,13 @@
|
|
Daniel J Walsh |
129baa |
|
|
Tim Waugh |
5505e2 |
/* Are we crossing a file system boundary? */
|
|
Tim Waugh |
5505e2 |
if (x->one_file_system && device != 0 && device != src_sb.st_dev)
|
|
Tim Waugh |
5505e2 |
- return true;
|
|
Tim Waugh |
5505e2 |
+ {
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
5505e2 |
+ if (x->preserve_security_context && selinux_enabled)
|
|
Tim Waugh |
5505e2 |
+ setfscreatecon(NULL);
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Tim Waugh |
5505e2 |
+ return true;
|
|
Tim Waugh |
5505e2 |
+ }
|
|
Daniel J Walsh |
129baa |
|
|
Tim Waugh |
5505e2 |
/* Copy the contents of the directory. */
|
|
Tim Waugh |
5505e2 |
|
|
Tim Waugh |
d66c4d |
@@ -1740,6 +1801,11 @@
|
|
Tim Waugh |
5505e2 |
}
|
|
Tim Waugh |
5505e2 |
}
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
5505e2 |
+ if (x->preserve_security_context && selinux_enabled)
|
|
Tim Waugh |
5505e2 |
+ setfscreatecon(NULL);
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
+
|
|
Tim Waugh |
5505e2 |
/* There's no need to preserve timestamps or permissions. */
|
|
Tim Waugh |
5505e2 |
preserve_metadata = false;
|
|
Daniel J Walsh |
129baa |
|
|
Tim Waugh |
d66c4d |
@@ -1873,6 +1939,11 @@
|
|
Daniel J Walsh |
129baa |
|
|
Tim Waugh |
5505e2 |
un_backup:
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
5505e2 |
+ if (x->preserve_security_context && selinux_enabled)
|
|
Tim Waugh |
5505e2 |
+ setfscreatecon(NULL);
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
+
|
|
Tim Waugh |
5505e2 |
/* We have failed to create the destination file.
|
|
Tim Waugh |
5505e2 |
If we've just added a dev/ino entry via the remember_copied
|
|
Tim Waugh |
5505e2 |
call above (i.e., unless we've just failed to create a hard link),
|
|
Tim Waugh |
d66c4d |
--- coreutils-6.7/src/install.c.selinux 2006-12-04 09:00:28.000000000 +0000
|
|
Tim Waugh |
327524 |
+++ coreutils-6.7/src/install.c 2007-01-09 18:47:05.000000000 +0000
|
|
Tim Waugh |
d66c4d |
@@ -49,6 +49,43 @@
|
|
Tim Waugh |
d66c4d |
# include <sys/wait.h>
|
|
Tim Waugh |
d66c4d |
#endif
|
|
Daniel J Walsh |
129baa |
|
|
Tim Waugh |
5505e2 |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
d66c4d |
+#include <selinux/selinux.h> /* for is_selinux_enabled() */
|
|
Tim Waugh |
d66c4d |
+int selinux_enabled=0;
|
|
Tim Waugh |
d66c4d |
+static int use_default_selinux_context = 1;
|
|
Tim Waugh |
d66c4d |
+/* Modify file context to match the specified policy,
|
|
Tim Waugh |
d66c4d |
+ If an error occurs the file will remain with the default directory
|
|
Tim Waugh |
d66c4d |
+ context.*/
|
|
Tim Waugh |
d66c4d |
+static void setdefaultfilecon(const char *path) {
|
|
Tim Waugh |
d66c4d |
+ struct stat st;
|
|
Tim Waugh |
d66c4d |
+ security_context_t scontext=NULL;
|
|
Tim Waugh |
d66c4d |
+ if (selinux_enabled != 1) {
|
|
Tim Waugh |
d66c4d |
+ /* Indicate no context found. */
|
|
Tim Waugh |
d66c4d |
+ return;
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+ if (lstat(path, &st) != 0)
|
|
Tim Waugh |
d66c4d |
+ return;
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+ /* If there's an error determining the context, or it has none,
|
|
Tim Waugh |
d66c4d |
+ return to allow default context */
|
|
Tim Waugh |
d66c4d |
+ if ((matchpathcon(path, st.st_mode, &scontext) != 0) ||
|
|
Tim Waugh |
d66c4d |
+ (strcmp(scontext, "<<none>>") == 0)) {
|
|
Tim Waugh |
d66c4d |
+ if (scontext != NULL) {
|
|
Tim Waugh |
d66c4d |
+ freecon(scontext);
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+ return;
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+ if (lsetfilecon(path, scontext) < 0) {
|
|
Tim Waugh |
d66c4d |
+ if (errno != ENOTSUP) {
|
|
Tim Waugh |
d66c4d |
+ error (0, errno,
|
|
Tim Waugh |
d66c4d |
+ _("warning: failed to change context of %s to %s"), path, scontext);
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+ freecon(scontext);
|
|
Tim Waugh |
d66c4d |
+ return;
|
|
Tim Waugh |
d66c4d |
+}
|
|
Tim Waugh |
5505e2 |
+#endif
|
|
Tim Waugh |
5505e2 |
+
|
|
Tim Waugh |
d66c4d |
#if ! HAVE_ENDGRENT
|
|
Tim Waugh |
d66c4d |
# define endgrent() ((void) 0)
|
|
Tim Waugh |
d66c4d |
#endif
|
|
Tim Waugh |
d66c4d |
@@ -124,12 +161,18 @@
|
|
Tim Waugh |
d66c4d |
static struct option const long_options[] =
|
|
Daniel J Walsh |
129baa |
{
|
|
Tim Waugh |
d66c4d |
{"backup", optional_argument, NULL, 'b'},
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ {"context", required_argument, NULL, 'Z'},
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Tim Waugh |
d66c4d |
{"directory", no_argument, NULL, 'd'},
|
|
Tim Waugh |
d66c4d |
{"group", required_argument, NULL, 'g'},
|
|
Daniel J Walsh |
129baa |
{"mode", required_argument, NULL, 'm'},
|
|
Tim Waugh |
d66c4d |
{"no-target-directory", no_argument, NULL, 'T'},
|
|
Tim Waugh |
d66c4d |
{"owner", required_argument, NULL, 'o'},
|
|
Tim Waugh |
d66c4d |
{"preserve-timestamps", no_argument, NULL, 'p'},
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
d66c4d |
+ {"preserve_context", no_argument, NULL, 'P'},
|
|
Tim Waugh |
d66c4d |
+#endif
|
|
Tim Waugh |
d66c4d |
{"strip", no_argument, NULL, 's'},
|
|
Tim Waugh |
d66c4d |
{"suffix", required_argument, NULL, 'S'},
|
|
Tim Waugh |
d66c4d |
{"target-directory", required_argument, NULL, 't'},
|
|
Tim Waugh |
d66c4d |
@@ -169,6 +212,10 @@
|
|
Tim Waugh |
d66c4d |
x->stdin_tty = false;
|
|
Tim Waugh |
d66c4d |
|
|
Tim Waugh |
d66c4d |
x->update = false;
|
|
Tim Waugh |
d66c4d |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
d66c4d |
+ x->preserve_security_context = false;
|
|
Tim Waugh |
d66c4d |
+ x->set_security_context = false;
|
|
Tim Waugh |
d66c4d |
+#endif
|
|
Tim Waugh |
d66c4d |
x->verbose = false;
|
|
Tim Waugh |
d66c4d |
x->dest_info = NULL;
|
|
Tim Waugh |
d66c4d |
x->src_info = NULL;
|
|
Tim Waugh |
d66c4d |
@@ -222,6 +269,10 @@
|
|
Tim Waugh |
d66c4d |
bool no_target_directory = false;
|
|
Tim Waugh |
d66c4d |
int n_files;
|
|
Tim Waugh |
d66c4d |
char **file;
|
|
Tim Waugh |
d66c4d |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
d66c4d |
+ /* set iff kernel has extra selinux system calls */
|
|
Tim Waugh |
d66c4d |
+ selinux_enabled = (is_selinux_enabled()>0);
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Tim Waugh |
5505e2 |
|
|
Tim Waugh |
d66c4d |
initialize_main (&argc, &argv);
|
|
Tim Waugh |
d66c4d |
program_name = argv[0];
|
|
Tim Waugh |
d66c4d |
@@ -243,7 +294,11 @@
|
|
Tim Waugh |
d66c4d |
we'll actually use backup_suffix_string. */
|
|
Tim Waugh |
d66c4d |
backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX");
|
|
Tim Waugh |
5505e2 |
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
d66c4d |
+ while ((optc = getopt_long (argc, argv, "bcsDdg:m:o:pPt:TvS:Z:", long_options,
|
|
Daniel J Walsh |
129baa |
+#else
|
|
Tim Waugh |
d66c4d |
while ((optc = getopt_long (argc, argv, "bcsDdg:m:o:pt:TvS:", long_options,
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Tim Waugh |
d66c4d |
NULL)) != -1)
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
switch (optc)
|
|
Tim Waugh |
d66c4d |
@@ -305,6 +360,41 @@
|
|
Tim Waugh |
d66c4d |
case 'T':
|
|
Tim Waugh |
d66c4d |
no_target_directory = true;
|
|
Daniel J Walsh |
129baa |
break;
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
d66c4d |
+ case 'P':
|
|
Tim Waugh |
d66c4d |
+ /* politely decline if we're not on a selinux-enabled kernel. */
|
|
Tim Waugh |
d66c4d |
+ if( !selinux_enabled ) {
|
|
Tim Waugh |
d66c4d |
+ fprintf( stderr, "Warning: ignoring --preserve_context (-P) "
|
|
Tim Waugh |
d66c4d |
+ "because the kernel is not selinux-enabled.\n" );
|
|
Tim Waugh |
d66c4d |
+ break;
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+ if ( x.set_security_context ) {
|
|
Tim Waugh |
d66c4d |
+ (void) fprintf(stderr, "%s: cannot force target context and preserve it\n", argv[0]);
|
|
Tim Waugh |
d66c4d |
+ exit( 1 );
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Tim Waugh |
d66c4d |
+ x.preserve_security_context = true;
|
|
Tim Waugh |
d66c4d |
+ use_default_selinux_context = 0;
|
|
Tim Waugh |
d66c4d |
+ break ;
|
|
Daniel J Walsh |
129baa |
+ case 'Z':
|
|
Tim Waugh |
5505e2 |
+ /* politely decline if we're not on a selinux-enabled kernel. */
|
|
Tim Waugh |
d66c4d |
+ if( !selinux_enabled) {
|
|
Tim Waugh |
d66c4d |
+ fprintf( stderr, "Warning: ignoring --context (-Z) "
|
|
Tim Waugh |
d66c4d |
+ "because the kernel is not selinux-enabled.\n" );
|
|
Tim Waugh |
d66c4d |
+ break;
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Tim Waugh |
d66c4d |
+ if ( x.preserve_security_context ) {
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
+ (void) fprintf(stderr, "%s: cannot force target context == '%s' and preserve it\n", argv[0], optarg);
|
|
Daniel J Walsh |
129baa |
+ exit( 1 );
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Tim Waugh |
d66c4d |
+ use_default_selinux_context = 0;
|
|
Tim Waugh |
d66c4d |
+ x.set_security_context = true;
|
|
Tim Waugh |
d66c4d |
+ if (setfscreatecon(optarg)) {
|
|
Tim Waugh |
d66c4d |
+ (void) fprintf(stderr, "%s: cannot setup default context == '%s'\n", argv[0], optarg);
|
|
Tim Waugh |
d66c4d |
+ exit(1);
|
|
Tim Waugh |
d66c4d |
+ }
|
|
Daniel J Walsh |
129baa |
+ break;
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
case_GETOPT_HELP_CHAR;
|
|
Daniel J Walsh |
129baa |
case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
|
|
Daniel J Walsh |
129baa |
default:
|
|
Tim Waugh |
d66c4d |
@@ -523,6 +613,10 @@
|
|
Tim Waugh |
d66c4d |
else
|
|
Tim Waugh |
d66c4d |
return true;
|
|
Tim Waugh |
5505e2 |
|
|
Tim Waugh |
d66c4d |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
d66c4d |
+ if (use_default_selinux_context)
|
|
Tim Waugh |
d66c4d |
+ setdefaultfilecon(name);
|
|
Tim Waugh |
d66c4d |
+#endif
|
|
Tim Waugh |
d66c4d |
return false;
|
|
Tim Waugh |
d66c4d |
}
|
|
Tim Waugh |
5505e2 |
|
|
Tim Waugh |
d66c4d |
@@ -688,6 +782,11 @@
|
|
Tim Waugh |
d66c4d |
-T, --no-target-directory treat DEST as a normal file\n\
|
|
Tim Waugh |
d66c4d |
-v, --verbose print the name of each directory as it is created\n\
|
|
Tim Waugh |
d66c4d |
"), stdout);
|
|
Tim Waugh |
d66c4d |
+ fputs (_("\
|
|
Tim Waugh |
d66c4d |
+ -P, --preserve_context (SELinux) Preserve security context\n\
|
|
Tim Waugh |
d66c4d |
+ -Z, --context=CONTEXT (SELinux) Set security context of files and directories\n\
|
|
Tim Waugh |
d66c4d |
+"), stdout);
|
|
Tim Waugh |
d66c4d |
+
|
|
Tim Waugh |
d66c4d |
fputs (HELP_OPTION_DESCRIPTION, stdout);
|
|
Tim Waugh |
d66c4d |
fputs (VERSION_OPTION_DESCRIPTION, stdout);
|
|
Tim Waugh |
d66c4d |
fputs (_("\
|
|
Tim Waugh |
327524 |
--- coreutils-6.7/configure.ac.selinux 2007-01-09 18:47:02.000000000 +0000
|
|
Tim Waugh |
327524 |
+++ coreutils-6.7/configure.ac 2007-01-09 18:47:05.000000000 +0000
|
|
Tim Waugh |
d66c4d |
@@ -46,6 +46,13 @@
|
|
Tim Waugh |
5505e2 |
LIB_PAM="-ldl -lpam -lpam_misc"
|
|
Tim Waugh |
5505e2 |
AC_SUBST(LIB_PAM)])
|
|
Tim Waugh |
5505e2 |
|
|
Tim Waugh |
5505e2 |
+dnl Give the chance to enable SELINUX
|
|
Tim Waugh |
5505e2 |
+AC_ARG_ENABLE(selinux, dnl
|
|
Tim Waugh |
5505e2 |
+[ --enable-selinux Enable use of the SELINUX libraries],
|
|
Tim Waugh |
5505e2 |
+[AC_DEFINE(WITH_SELINUX, 1, [Define if you want to use SELINUX])
|
|
Tim Waugh |
5505e2 |
+LIB_SELINUX="-lselinux"
|
|
Tim Waugh |
5505e2 |
+AC_SUBST(LIB_SELINUX)])
|
|
Tim Waugh |
5505e2 |
+
|
|
Tim Waugh |
d66c4d |
AC_CHECK_FUNCS(uname,
|
|
Tim Waugh |
d66c4d |
OPTIONAL_BIN_PROGS="$OPTIONAL_BIN_PROGS uname\$(EXEEXT)"
|
|
Tim Waugh |
d66c4d |
MAN="$MAN uname.1")
|
|
Tim Waugh |
d66c4d |
--- coreutils-6.7/man/stat.1.selinux 2006-12-07 22:45:45.000000000 +0000
|
|
Tim Waugh |
327524 |
+++ coreutils-6.7/man/stat.1 2007-01-09 18:47:05.000000000 +0000
|
|
Tim Waugh |
d66c4d |
@@ -28,6 +28,9 @@
|
|
Tim Waugh |
d66c4d |
\fB\-t\fR, \fB\-\-terse\fR
|
|
Tim Waugh |
d66c4d |
print the information in terse form
|
|
Tim Waugh |
d66c4d |
.TP
|
|
Tim Waugh |
d66c4d |
+\fB\-Z\fR, \fB\-\-context\fR
|
|
Tim Waugh |
d66c4d |
+print security context information for SELinux if available.
|
|
Tim Waugh |
d66c4d |
+.TP
|
|
Tim Waugh |
d66c4d |
\fB\-\-help\fR
|
|
Tim Waugh |
d66c4d |
display this help and exit
|
|
Tim Waugh |
d66c4d |
.TP
|
|
Tim Waugh |
d66c4d |
@@ -51,6 +54,9 @@
|
|
Tim Waugh |
d66c4d |
%d
|
|
Tim Waugh |
d66c4d |
Device number in decimal
|
|
Tim Waugh |
d66c4d |
.TP
|
|
Tim Waugh |
d66c4d |
+%C
|
|
Tim Waugh |
d66c4d |
+SELinux security context
|
|
Tim Waugh |
d66c4d |
+.TP
|
|
Tim Waugh |
d66c4d |
%D
|
|
Tim Waugh |
d66c4d |
Device number in hex
|
|
Tim Waugh |
d66c4d |
.TP
|
|
Tim Waugh |
327524 |
--- /dev/null 2007-01-10 09:33:30.042789464 +0000
|
|
Tim Waugh |
327524 |
+++ coreutils-6.7/man/chcon.x 2007-01-09 18:47:05.000000000 +0000
|
|
Tim Waugh |
d66c4d |
@@ -0,0 +1,4 @@
|
|
Tim Waugh |
d66c4d |
+[NAME]
|
|
Tim Waugh |
d66c4d |
+chcon \- change file security context
|
|
Tim Waugh |
d66c4d |
+[DESCRIPTION]
|
|
Tim Waugh |
d66c4d |
+.\" Add any additional description here
|
|
Tim Waugh |
327524 |
--- /dev/null 2007-01-10 09:33:30.042789464 +0000
|
|
Tim Waugh |
327524 |
+++ coreutils-6.7/man/chcon.1 2007-01-09 18:47:05.000000000 +0000
|
|
Tim Waugh |
d66c4d |
@@ -0,0 +1,64 @@
|
|
Tim Waugh |
d66c4d |
+.TH CHCON 1 "July 2003" "chcon (coreutils) 5.0" "User Commands"
|
|
Tim Waugh |
d66c4d |
+.SH NAME
|
|
Daniel J Walsh |
9a5367 |
+chcon \- change SELinux security context
|
|
Tim Waugh |
d66c4d |
+.SH SYNOPSIS
|
|
Tim Waugh |
d66c4d |
+.B chcon
|
|
Tim Waugh |
d66c4d |
+[\fIOPTION\fR]...\fI CONTEXT FILE\fR...
|
|
Tim Waugh |
d66c4d |
+.br
|
|
Tim Waugh |
d66c4d |
+.B chcon
|
|
Tim Waugh |
d66c4d |
+[\fIOPTION\fR]...\fI --reference=RFILE FILE\fR...
|
|
Tim Waugh |
d66c4d |
+.SH DESCRIPTION
|
|
Tim Waugh |
d66c4d |
+.PP
|
|
Tim Waugh |
d66c4d |
+." Add any additional description here
|
|
Tim Waugh |
d66c4d |
+.PP
|
|
Tim Waugh |
d66c4d |
+Change the security context of each FILE to CONTEXT.
|
|
Tim Waugh |
d66c4d |
+.TP
|
|
Tim Waugh |
d66c4d |
+\fB\-c\fR, \fB\-\-changes\fR
|
|
Tim Waugh |
d66c4d |
+like verbose but report only when a change is made
|
|
Tim Waugh |
d66c4d |
+.TP
|
|
Tim Waugh |
d66c4d |
+\fB\-h\fR, \fB\-\-no\-dereference\fR
|
|
Tim Waugh |
d66c4d |
+affect symbolic links instead of any referenced file (available only on systems with lchown system call)
|
|
Tim Waugh |
d66c4d |
+.TP
|
|
Tim Waugh |
d66c4d |
+\fB\-f\fR, \fB\-\-silent\fR, \fB\-\-quiet\fR
|
|
Tim Waugh |
d66c4d |
+suppress most error messages
|
|
Tim Waugh |
d66c4d |
+.TP
|
|
Tim Waugh |
d66c4d |
+\fB\-l\fR, \fB\-\-range\fR
|
|
Tim Waugh |
d66c4d |
+set range RANGE in the target security context
|
|
Tim Waugh |
d66c4d |
+.TP
|
|
Tim Waugh |
d66c4d |
+\fB\-\-reference\fR=\fIRFILE\fR
|
|
Tim Waugh |
d66c4d |
+use RFILE's context instead of using a CONTEXT value
|
|
Tim Waugh |
d66c4d |
+.TP
|
|
Tim Waugh |
d66c4d |
+\fB\-R\fR, \fB\-\-recursive\fR
|
|
Tim Waugh |
d66c4d |
+change files and directories recursively
|
|
Tim Waugh |
d66c4d |
+.TP
|
|
Tim Waugh |
d66c4d |
+\fB\-r\fR, \fB\-\-role\fR
|
|
Tim Waugh |
d66c4d |
+set role ROLE in the target security context
|
|
Tim Waugh |
d66c4d |
+.TP
|
|
Tim Waugh |
d66c4d |
+\fB\-t\fR, \fB\-\-type\fR
|
|
Tim Waugh |
d66c4d |
+set type TYPE in the target security context
|
|
Tim Waugh |
d66c4d |
+.TP
|
|
Tim Waugh |
d66c4d |
+\fB\-u\fR, \fB\-\-user\fR
|
|
Tim Waugh |
d66c4d |
+set user USER in the target security context
|
|
Tim Waugh |
d66c4d |
+.TP
|
|
Tim Waugh |
d66c4d |
+\fB\-v\fR, \fB\-\-verbose\fR
|
|
Tim Waugh |
d66c4d |
+output a diagnostic for every file processed
|
|
Tim Waugh |
d66c4d |
+.TP
|
|
Tim Waugh |
d66c4d |
+\fB\-\-help\fR
|
|
Tim Waugh |
d66c4d |
+display this help and exit
|
|
Tim Waugh |
d66c4d |
+.TP
|
|
Tim Waugh |
d66c4d |
+\fB\-\-version\fR
|
|
Tim Waugh |
d66c4d |
+output version information and exit
|
|
Tim Waugh |
d66c4d |
+.SH "REPORTING BUGS"
|
|
Tim Waugh |
d66c4d |
+Report bugs to <https://bugzilla.redhat.com/bugzilla>.
|
|
Tim Waugh |
d66c4d |
+.SH "SEE ALSO"
|
|
Tim Waugh |
d66c4d |
+The full documentation for
|
|
Tim Waugh |
d66c4d |
+.B chcon
|
|
Tim Waugh |
d66c4d |
+is maintained as a Texinfo manual. If the
|
|
Tim Waugh |
d66c4d |
+.B info
|
|
Tim Waugh |
d66c4d |
+and
|
|
Tim Waugh |
d66c4d |
+.B chcon
|
|
Tim Waugh |
d66c4d |
+programs are properly installed at your site, the command
|
|
Tim Waugh |
d66c4d |
+.IP
|
|
Tim Waugh |
d66c4d |
+.B info chcon
|
|
Tim Waugh |
d66c4d |
+.PP
|
|
Tim Waugh |
d66c4d |
+should give you access to the complete manual.
|
|
Tim Waugh |
d66c4d |
--- coreutils-6.7/man/dir.1.selinux 2006-12-07 22:45:41.000000000 +0000
|
|
Tim Waugh |
327524 |
+++ coreutils-6.7/man/dir.1 2007-01-09 18:47:05.000000000 +0000
|
|
Tim Waugh |
d66c4d |
@@ -204,6 +204,20 @@
|
|
Daniel J Walsh |
129baa |
.TP
|
|
Daniel J Walsh |
129baa |
\fB\-1\fR
|
|
Daniel J Walsh |
129baa |
list one file per line
|
|
Daniel J Walsh |
129baa |
+.PP
|
|
Tim Waugh |
d66c4d |
+SELINUX options:
|
|
Daniel J Walsh |
129baa |
+.TP
|
|
Daniel J Walsh |
129baa |
+\fB\-\-lcontext\fR
|
|
Daniel J Walsh |
129baa |
+Display security context. Enable \fB\-l\fR. Lines
|
|
Daniel J Walsh |
129baa |
+will probably be too wide for most displays.
|
|
Daniel J Walsh |
129baa |
+.TP
|
|
Tim Waugh |
d66c4d |
+\fB\-\-context\fR
|
|
Daniel J Walsh |
129baa |
+Display security context so it fits on most
|
|
Daniel J Walsh |
129baa |
+displays. Displays only mode, user, group,
|
|
Daniel J Walsh |
129baa |
+security context and file name.
|
|
Daniel J Walsh |
129baa |
+.TP
|
|
Daniel J Walsh |
129baa |
+\fB\-\-scontext\fR
|
|
Tim Waugh |
5505e2 |
+Display only security context and file name.
|
|
Tim Waugh |
5505e2 |
.TP
|
|
Tim Waugh |
5505e2 |
\fB\-\-help\fR
|
|
Tim Waugh |
5505e2 |
display this help and exit
|
|
Tim Waugh |
d66c4d |
--- coreutils-6.7/man/mkfifo.1.selinux 2006-12-07 22:45:43.000000000 +0000
|
|
Tim Waugh |
327524 |
+++ coreutils-6.7/man/mkfifo.1 2007-01-09 18:47:05.000000000 +0000
|
|
Tim Waugh |
d66c4d |
@@ -12,6 +12,9 @@
|
|
Tim Waugh |
d66c4d |
.PP
|
|
Tim Waugh |
d66c4d |
Mandatory arguments to long options are mandatory for short options too.
|
|
Daniel J Walsh |
129baa |
.TP
|
|
Daniel J Walsh |
129baa |
+\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR
|
|
Tim Waugh |
d66c4d |
+set security context (quoted string)
|
|
Tim Waugh |
d66c4d |
+.TP
|
|
Tim Waugh |
d66c4d |
\fB\-m\fR, \fB\-\-mode\fR=\fIMODE\fR
|
|
Tim Waugh |
d66c4d |
set file permission bits to MODE, not a=rw \- umask
|
|
Tim Waugh |
d66c4d |
.TP
|
|
Tim Waugh |
327524 |
--- coreutils-6.7/man/Makefile.am.selinux 2007-01-09 18:47:04.000000000 +0000
|
|
Tim Waugh |
327524 |
+++ coreutils-6.7/man/Makefile.am 2007-01-09 18:47:05.000000000 +0000
|
|
Tim Waugh |
d66c4d |
@@ -30,7 +30,7 @@
|
|
Tim Waugh |
d66c4d |
shred.1 shuf.1 sleep.1 sort.1 split.1 stat.1 \
|
|
Tim Waugh |
d66c4d |
su.1 sum.1 sync.1 tac.1 tail.1 tee.1 test.1 touch.1 tr.1 true.1 tsort.1 \
|
|
Tim Waugh |
d66c4d |
tty.1 unexpand.1 uniq.1 unlink.1 vdir.1 wc.1 \
|
|
Tim Waugh |
d66c4d |
- whoami.1 yes.1 $(MAN)
|
|
Tim Waugh |
d66c4d |
+ whoami.1 yes.1 chcon.1 runcon.1 $(MAN)
|
|
Tim Waugh |
d66c4d |
optional_mans = \
|
|
Tim Waugh |
d66c4d |
chroot.1 hostid.1 nice.1 pinky.1 stty.1 uname.1 uptime.1 users.1 who.1
|
|
Tim Waugh |
d66c4d |
|
|
Tim Waugh |
d66c4d |
@@ -142,6 +142,8 @@
|
|
Tim Waugh |
d66c4d |
who.1: $(common_dep) $(srcdir)/who.x ../src/who.c
|
|
Tim Waugh |
d66c4d |
whoami.1: $(common_dep) $(srcdir)/whoami.x ../src/whoami.c
|
|
Tim Waugh |
d66c4d |
yes.1: $(common_dep) $(srcdir)/yes.x ../src/yes.c
|
|
Tim Waugh |
d66c4d |
+chcon.1: $(common_dep) $(srcdir)/chcon.x ../src/chcon.c
|
|
Tim Waugh |
d66c4d |
+runcon.1: $(common_dep) $(srcdir)/runcon.x ../src/runcon.c
|
|
Tim Waugh |
d66c4d |
|
|
Tim Waugh |
d66c4d |
SUFFIXES = .x .1
|
|
Tim Waugh |
d66c4d |
|
|
Tim Waugh |
d66c4d |
--- coreutils-6.7/man/cp.1.selinux 2006-12-07 22:45:41.000000000 +0000
|
|
Tim Waugh |
327524 |
+++ coreutils-6.7/man/cp.1 2007-01-09 18:47:05.000000000 +0000
|
|
Tim Waugh |
d66c4d |
@@ -57,7 +57,7 @@
|
|
Tim Waugh |
d66c4d |
.TP
|
|
Tim Waugh |
d66c4d |
\fB\-\-preserve\fR[=\fIATTR_LIST\fR]
|
|
Tim Waugh |
d66c4d |
preserve the specified attributes (default:
|
|
Tim Waugh |
d66c4d |
-mode,ownership,timestamps), if possible
|
|
Tim Waugh |
d66c4d |
+mode,ownership,timestamps) and security contexts, if possible
|
|
Tim Waugh |
d66c4d |
additional attributes: links, all
|
|
Daniel J Walsh |
129baa |
.TP
|
|
Tim Waugh |
d66c4d |
\fB\-\-no\-preserve\fR=\fIATTR_LIST\fR
|
|
Tim Waugh |
d66c4d |
@@ -106,6 +106,9 @@
|
|
Daniel J Walsh |
129baa |
\fB\-\-help\fR
|
|
Daniel J Walsh |
129baa |
display this help and exit
|
|
Tim Waugh |
d66c4d |
.TP
|
|
Tim Waugh |
d66c4d |
+\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR
|
|
Tim Waugh |
d66c4d |
+set security context of copy to CONTEXT
|
|
Tim Waugh |
d66c4d |
+.TP
|
|
Tim Waugh |
d66c4d |
\fB\-\-version\fR
|
|
Tim Waugh |
d66c4d |
output version information and exit
|
|
Tim Waugh |
d66c4d |
.PP
|
|
Tim Waugh |
d66c4d |
--- coreutils-6.7/man/id.1.selinux 2006-12-07 22:45:42.000000000 +0000
|
|
Tim Waugh |
327524 |
+++ coreutils-6.7/man/id.1 2007-01-09 18:47:06.000000000 +0000
|
|
Tim Waugh |
5505e2 |
@@ -13,6 +13,9 @@
|
|
Tim Waugh |
5505e2 |
\fB\-a\fR
|
|
Tim Waugh |
5505e2 |
ignore, for compatibility with other versions
|
|
Tim Waugh |
5505e2 |
.TP
|
|
Tim Waugh |
5505e2 |
+\fB\-Z\fR, \fB\-\-context\fR
|
|
Tim Waugh |
dfe7b9 |
+print only the security context of the current process
|
|
Tim Waugh |
5505e2 |
+.TP
|
|
Tim Waugh |
5505e2 |
\fB\-g\fR, \fB\-\-group\fR
|
|
Tim Waugh |
5505e2 |
print only the effective group ID
|
|
Tim Waugh |
5505e2 |
.TP
|
|
Tim Waugh |
327524 |
--- /dev/null 2007-01-10 09:33:30.042789464 +0000
|
|
Tim Waugh |
327524 |
+++ coreutils-6.7/man/runcon.x 2007-01-09 18:47:06.000000000 +0000
|
|
Tim Waugh |
d66c4d |
@@ -0,0 +1,14 @@
|
|
Tim Waugh |
d66c4d |
+[NAME]
|
|
Tim Waugh |
d66c4d |
+runcon \- run command with specified security context
|
|
Tim Waugh |
d66c4d |
+[DESCRIPTION]
|
|
Tim Waugh |
d66c4d |
+Run COMMAND with completely-specified CONTEXT, or with current or
|
|
Tim Waugh |
d66c4d |
+transitioned security context modified by one or more of LEVEL,
|
|
Tim Waugh |
d66c4d |
+ROLE, TYPE, and USER.
|
|
Tim Waugh |
d66c4d |
+.PP
|
|
Tim Waugh |
d66c4d |
+If none of \fI-c\fR, \fI-t\fR, \fI-u\fR, \fI-r\fR, or \fI-l\fR, is specified,
|
|
Tim Waugh |
d66c4d |
+the first argument is used as the complete context. Any additional
|
|
Tim Waugh |
d66c4d |
+arguments after \fICOMMAND\fR are interpreted as arguments to the
|
|
Tim Waugh |
d66c4d |
+command.
|
|
Tim Waugh |
d66c4d |
+.PP
|
|
Tim Waugh |
d66c4d |
+Note that only carefully-chosen contexts are likely to successfully
|
|
Tim Waugh |
d66c4d |
+run.
|
|
Tim Waugh |
327524 |
--- /dev/null 2007-01-10 09:33:30.042789464 +0000
|
|
Tim Waugh |
327524 |
+++ coreutils-6.7/man/runcon.1 2007-01-09 18:47:06.000000000 +0000
|
|
Tim Waugh |
00dc86 |
@@ -0,0 +1,45 @@
|
|
Tim Waugh |
5505e2 |
+.TH RUNCON "1" "February 2005" "runcon (coreutils) 5.0" "selinux"
|
|
Tim Waugh |
5505e2 |
+.SH NAME
|
|
Daniel J Walsh |
9a5367 |
+runcon \- run command with specified SELinux security context
|
|
Tim Waugh |
5505e2 |
+.SH SYNOPSIS
|
|
Tim Waugh |
5505e2 |
+.B runcon
|
|
Tim Waugh |
5505e2 |
+[\fI-c\fR] [\fI-t TYPE\fR] [\fI-l LEVEL\fR] [\fI-u USER\fR] [\fI-r ROLE\fR] \fICOMMAND\fR [\fIARGS...\fR]
|
|
Tim Waugh |
5505e2 |
+.PP
|
|
Tim Waugh |
5505e2 |
+or
|
|
Tim Waugh |
5505e2 |
+.PP
|
|
Tim Waugh |
5505e2 |
+.B runcon
|
|
Tim Waugh |
5505e2 |
+\fICONTEXT\fR \fICOMMAND\fR [\fIargs...\fR]
|
|
Tim Waugh |
5505e2 |
+.PP
|
|
Tim Waugh |
5505e2 |
+.br
|
|
Tim Waugh |
5505e2 |
+.SH DESCRIPTION
|
|
Tim Waugh |
5505e2 |
+.PP
|
|
Tim Waugh |
5505e2 |
+.\" Add any additional description here
|
|
Tim Waugh |
5505e2 |
+.PP
|
|
Tim Waugh |
5505e2 |
+Run COMMAND with completely-specified CONTEXT, or with current or
|
|
Tim Waugh |
5505e2 |
+transitioned security context modified by one or more of LEVEL,
|
|
Tim Waugh |
5505e2 |
+ROLE, TYPE, and USER.
|
|
Tim Waugh |
5505e2 |
+.TP
|
|
Tim Waugh |
5505e2 |
+\fB\-c\fR
|
|
Tim Waugh |
5505e2 |
+compute process transition before modifying context
|
|
Tim Waugh |
5505e2 |
+.TP
|
|
Tim Waugh |
5505e2 |
+\fB\-t\fR
|
|
Tim Waugh |
5505e2 |
+change current type to the specified type
|
|
Tim Waugh |
5505e2 |
+.TP
|
|
Tim Waugh |
5505e2 |
+\fB\-l\fR
|
|
Tim Waugh |
5505e2 |
+change current level range to the specified range
|
|
Tim Waugh |
5505e2 |
+.TP
|
|
Tim Waugh |
5505e2 |
+\fB\-r\fR
|
|
Tim Waugh |
5505e2 |
+change current role to the specified role
|
|
Tim Waugh |
5505e2 |
+.TP
|
|
Tim Waugh |
5505e2 |
+\fB\-u\fR
|
|
Tim Waugh |
5505e2 |
+change current user to the specified user
|
|
Tim Waugh |
00dc86 |
+.TP
|
|
Tim Waugh |
00dc86 |
+\fB\-\-\fR
|
|
Tim Waugh |
00dc86 |
+The \fB\-\-\fR flag indicates that \fBruncon\fR should stop processing command
|
|
Tim Waugh |
00dc86 |
+line arguments. Further arguments will be passed to COMMAND.
|
|
Tim Waugh |
5505e2 |
+.PP
|
|
Tim Waugh |
5505e2 |
+If none of \fI-c\fR, \fI-t\fR, \fI-u\fR, \fI-r\fR, or \fI-l\fR, is specified,
|
|
Tim Waugh |
00dc86 |
+the first argument is used as the complete context.
|
|
Tim Waugh |
5505e2 |
+.PP
|
|
Tim Waugh |
5505e2 |
+Note that only carefully-chosen contexts are likely to successfully
|
|
Tim Waugh |
5505e2 |
+run.
|
|
Tim Waugh |
d66c4d |
--- coreutils-6.7/man/mknod.1.selinux 2006-12-07 22:45:43.000000000 +0000
|
|
Tim Waugh |
327524 |
+++ coreutils-6.7/man/mknod.1 2007-01-09 18:47:06.000000000 +0000
|
|
Tim Waugh |
5505e2 |
@@ -12,6 +12,9 @@
|
|
Tim Waugh |
5505e2 |
.PP
|
|
Tim Waugh |
5505e2 |
Mandatory arguments to long options are mandatory for short options too.
|
|
Tim Waugh |
5505e2 |
.TP
|
|
Tim Waugh |
5505e2 |
+\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR
|
|
Tim Waugh |
5505e2 |
+set security context (quoted string)
|
|
Tim Waugh |
5505e2 |
+.TP
|
|
Tim Waugh |
5505e2 |
\fB\-m\fR, \fB\-\-mode\fR=\fIMODE\fR
|
|
Tim Waugh |
d66c4d |
set file permission bits to MODE, not a=rw \- umask
|
|
Tim Waugh |
5505e2 |
.TP
|
|
Tim Waugh |
d66c4d |
--- coreutils-6.7/man/ls.1.selinux 2006-12-07 22:45:42.000000000 +0000
|
|
Tim Waugh |
327524 |
+++ coreutils-6.7/man/ls.1 2007-01-09 18:47:06.000000000 +0000
|
|
Tim Waugh |
d66c4d |
@@ -204,6 +204,20 @@
|
|
Tim Waugh |
5505e2 |
.TP
|
|
Tim Waugh |
5505e2 |
\fB\-1\fR
|
|
Tim Waugh |
5505e2 |
list one file per line
|
|
Tim Waugh |
5505e2 |
+.PP
|
|
Tim Waugh |
d66c4d |
+SELinux options:
|
|
Tim Waugh |
5505e2 |
+.TP
|
|
Tim Waugh |
5505e2 |
+\fB\-\-lcontext\fR
|
|
Tim Waugh |
5505e2 |
+Display security context. Enable \fB\-l\fR. Lines
|
|
Tim Waugh |
5505e2 |
+will probably be too wide for most displays.
|
|
Tim Waugh |
5505e2 |
+.TP
|
|
Tim Waugh |
d66c4d |
+\fB\-Z\fR, \fB\-\-context\fR
|
|
Tim Waugh |
5505e2 |
+Display security context so it fits on most
|
|
Tim Waugh |
5505e2 |
+displays. Displays only mode, user, group,
|
|
Tim Waugh |
5505e2 |
+security context and file name.
|
|
Tim Waugh |
5505e2 |
+.TP
|
|
Tim Waugh |
5505e2 |
+\fB\-\-scontext\fR
|
|
Tim Waugh |
5505e2 |
+Display only security context and file name.
|
|
Tim Waugh |
5505e2 |
.TP
|
|
Tim Waugh |
5505e2 |
\fB\-\-help\fR
|
|
Tim Waugh |
5505e2 |
display this help and exit
|
|
Tim Waugh |
d66c4d |
--- coreutils-6.7/man/mkdir.1.selinux 2006-12-07 22:45:43.000000000 +0000
|
|
Tim Waugh |
327524 |
+++ coreutils-6.7/man/mkdir.1 2007-01-09 18:47:06.000000000 +0000
|
|
Tim Waugh |
d66c4d |
@@ -12,6 +12,8 @@
|
|
Tim Waugh |
d66c4d |
.PP
|
|
Tim Waugh |
d66c4d |
Mandatory arguments to long options are mandatory for short options too.
|
|
Tim Waugh |
d66c4d |
.TP
|
|
Tim Waugh |
d66c4d |
+\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR (SELinux) set security context to CONTEXT
|
|
Tim Waugh |
d66c4d |
+.TP
|
|
Tim Waugh |
d66c4d |
\fB\-m\fR, \fB\-\-mode\fR=\fIMODE\fR
|
|
Tim Waugh |
d66c4d |
set file mode (as in chmod), not a=rwx \- umask
|
|
Tim Waugh |
d66c4d |
.TP
|
|
Tim Waugh |
d66c4d |
--- coreutils-6.7/man/vdir.1.selinux 2006-12-07 22:45:46.000000000 +0000
|
|
Tim Waugh |
327524 |
+++ coreutils-6.7/man/vdir.1 2007-01-09 18:47:06.000000000 +0000
|
|
Tim Waugh |
d66c4d |
@@ -204,6 +204,20 @@
|
|
Tim Waugh |
5505e2 |
.TP
|
|
Tim Waugh |
5505e2 |
\fB\-1\fR
|
|
Tim Waugh |
5505e2 |
list one file per line
|
|
Tim Waugh |
5505e2 |
+.PP
|
|
Tim Waugh |
5505e2 |
+SELINUX options:
|
|
Tim Waugh |
5505e2 |
+.TP
|
|
Tim Waugh |
5505e2 |
+\fB\-\-lcontext\fR
|
|
Tim Waugh |
5505e2 |
+Display security context. Enable \fB\-l\fR. Lines
|
|
Tim Waugh |
5505e2 |
+will probably be too wide for most displays.
|
|
Tim Waugh |
5505e2 |
+.TP
|
|
Tim Waugh |
5505e2 |
+\fB\-\-context\fR
|
|
Tim Waugh |
5505e2 |
+Display security context so it fits on most
|
|
Tim Waugh |
5505e2 |
+displays. Displays only mode, user, group,
|
|
Tim Waugh |
5505e2 |
+security context and file name.
|
|
Tim Waugh |
5505e2 |
+.TP
|
|
Tim Waugh |
5505e2 |
+\fB\-\-scontext\fR
|
|
Tim Waugh |
5505e2 |
+Display only security context and file name.
|
|
Tim Waugh |
5505e2 |
.TP
|
|
Tim Waugh |
5505e2 |
\fB\-\-help\fR
|
|
Tim Waugh |
5505e2 |
display this help and exit
|
|
Tim Waugh |
d66c4d |
--- coreutils-6.7/man/install.1.selinux 2006-12-07 22:45:42.000000000 +0000
|
|
Tim Waugh |
327524 |
+++ coreutils-6.7/man/install.1 2007-01-09 18:47:06.000000000 +0000
|
|
Tim Waugh |
d66c4d |
@@ -66,6 +66,11 @@
|
|
Tim Waugh |
d66c4d |
.TP
|
|
Tim Waugh |
d66c4d |
\fB\-v\fR, \fB\-\-verbose\fR
|
|
Tim Waugh |
d66c4d |
print the name of each directory as it is created
|
|
Tim Waugh |
d66c4d |
+.HP
|
|
Tim Waugh |
d66c4d |
+\fB\-P\fR, \fB\-\-preserve_context\fR (SELinux) Preserve security context
|
|
cvsdist |
4d15f3 |
+.TP
|
|
Tim Waugh |
d66c4d |
+\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR
|
|
Tim Waugh |
d66c4d |
+(SELinux) Set security context of files and directories
|
|
Tim Waugh |
d66c4d |
.TP
|
|
Tim Waugh |
d66c4d |
\fB\-\-help\fR
|
|
Tim Waugh |
d66c4d |
display this help and exit
|
|
Tim Waugh |
327524 |
--- coreutils-6.7/README.selinux 2007-01-09 18:47:04.000000000 +0000
|
|
Tim Waugh |
327524 |
+++ coreutils-6.7/README 2007-01-09 18:47:06.000000000 +0000
|
|
Tim Waugh |
d66c4d |
@@ -7,11 +7,11 @@
|
|
Tim Waugh |
d66c4d |
|
|
Tim Waugh |
d66c4d |
The programs that can be built with this package are:
|
|
Tim Waugh |
d66c4d |
|
|
Tim Waugh |
d66c4d |
- [ base64 basename cat chgrp chmod chown chroot cksum comm cp csplit cut date
|
|
Tim Waugh |
d66c4d |
+ [ base64 basename cat chcon chgrp chmod chown chroot cksum comm cp csplit cut date
|
|
Tim Waugh |
d66c4d |
dd df dir dircolors dirname du echo env expand expr factor false fmt fold
|
|
Tim Waugh |
d66c4d |
ginstall groups head hostid hostname id join kill link ln logname ls
|
|
Tim Waugh |
d66c4d |
md5sum mkdir mkfifo mknod mv nice nl nohup od paste pathchk pinky pr
|
|
Tim Waugh |
d66c4d |
- printenv printf ptx pwd readlink rm rmdir runuser seq sha1sum sha224sum sha256sum
|
|
Tim Waugh |
d66c4d |
+ printenv printf ptx pwd readlink rm rmdir runcon runuser seq sha1sum sha224sum sha256sum
|
|
Tim Waugh |
d66c4d |
sha384sum sha512sum shred shuf sleep sort split stat stty su sum sync tac
|
|
Tim Waugh |
d66c4d |
tail tee test touch tr true tsort tty uname unexpand uniq unlink uptime
|
|
Tim Waugh |
d66c4d |
users vdir wc who whoami yes
|