diff options
| author | Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> | 2013-06-26 11:48:27 +0300 |
|---|---|---|
| committer | Pádraig Brady <P@draigBrady.com> | 2013-07-01 14:33:05 +0100 |
| commit | 7d5976f668e0799aae1c428a17eb370f06aea1d0 (patch) | |
| tree | f3ce27edc413f00ca4a22ef2e4df7e4b8ff68c50 | |
| parent | 1b90421a1bb27960679d180e40412d74b6ff3d0c (diff) | |
| download | coreutils-7d5976f668e0799aae1c428a17eb370f06aea1d0.tar.xz | |
mkdir,mkfifo,mknod: with -Z, create SMACK security context
Enable creation of SMACK security context with -Z command-line switch
if SMACK is enabled.
* mkdir.c (main): Set process security context to given SMACK label.
* mkfifo.c (main): Likewise.
* mknod.c (main): Likewise.
* src/local.mk: link mk{dir, fifo, nod} with libsmack.
* NEWS: Mention the new feature.
| -rw-r--r-- | NEWS | 3 | ||||
| -rw-r--r-- | src/local.mk | 3 | ||||
| -rw-r--r-- | src/mkdir.c | 17 | ||||
| -rw-r--r-- | src/mkfifo.c | 17 | ||||
| -rw-r--r-- | src/mknod.c | 17 |
5 files changed, 53 insertions, 4 deletions
@@ -29,7 +29,8 @@ GNU coreutils NEWS -*- outline -*- ** New features - ls -Z and id -Z report the SMACK security context where available. + id and ls with -Z report the SMACK security context where available. + mkdir, mkfifo and mknod with -Z set the SMACK context where available. join accepts a new option: --zero-terminated (-z). As with the sort,uniq option of the same name, this makes join consume and produce NUL-terminated diff --git a/src/local.mk b/src/local.mk index 626d580de..646fbada1 100644 --- a/src/local.mk +++ b/src/local.mk @@ -232,8 +232,11 @@ src_id_LDADD += $(LIB_SMACK) src_ls_LDADD += $(LIB_SELINUX) src_ls_LDADD += $(LIB_SMACK) src_mkdir_LDADD += $(LIB_SELINUX) +src_mkdir_LDADD += $(LIB_SMACK) src_mkfifo_LDADD += $(LIB_SELINUX) +src_mkfifo_LDADD += $(LIB_SMACK) src_mknod_LDADD += $(LIB_SELINUX) +src_mknod_LDADD += $(LIB_SMACK) src_runcon_LDADD += $(LIB_SELINUX) src_stat_LDADD += $(LIB_SELINUX) diff --git a/src/mkdir.c b/src/mkdir.c index b36237a33..e56b6cbbd 100644 --- a/src/mkdir.c +++ b/src/mkdir.c @@ -22,6 +22,10 @@ #include <sys/types.h> #include <selinux/selinux.h> +#ifdef HAVE_SMACK +# include <sys/smack.h> +#endif + #include "system.h" #include "error.h" #include "mkdir-p.h" @@ -151,6 +155,7 @@ main (int argc, char **argv) int optc; security_context_t scontext = NULL; struct mkdir_options options; + int ret = 0; options.make_ancestor_function = NULL; options.mode = S_IRWXUGO; @@ -194,7 +199,17 @@ main (int argc, char **argv) usage (EXIT_FAILURE); } - if (scontext && setfscreatecon (scontext) < 0) + if (scontext) + { +#ifdef HAVE_SMACK + if (smack_smackfs_path ()) + ret = smack_set_label_for_self (scontext); + else +#endif + ret = setfscreatecon (scontext); + } + + if (ret < 0) error (EXIT_FAILURE, errno, _("failed to set default file creation context to %s"), quote (scontext)); diff --git a/src/mkfifo.c b/src/mkfifo.c index 78ff909cc..a87a393e2 100644 --- a/src/mkfifo.c +++ b/src/mkfifo.c @@ -22,6 +22,10 @@ #include <sys/types.h> #include <selinux/selinux.h> +#ifdef HAVE_SMACK +# include <sys/smack.h> +#endif + #include "system.h" #include "error.h" #include "modechange.h" @@ -76,6 +80,7 @@ main (int argc, char **argv) int exit_status = EXIT_SUCCESS; int optc; security_context_t scontext = NULL; + int ret = 0; initialize_main (&argc, &argv); set_program_name (argv[0]); @@ -108,7 +113,17 @@ main (int argc, char **argv) usage (EXIT_FAILURE); } - if (scontext && setfscreatecon (scontext) < 0) + if (scontext) + { +#ifdef HAVE_SMACK + if (smack_smackfs_path ()) + ret = smack_set_label_for_self (scontext); + else +#endif + ret = setfscreatecon (scontext); + } + + if (ret < 0) error (EXIT_FAILURE, errno, _("failed to set default file creation context to %s"), quote (scontext)); diff --git a/src/mknod.c b/src/mknod.c index a384ad35c..9f0afb3ff 100644 --- a/src/mknod.c +++ b/src/mknod.c @@ -22,6 +22,10 @@ #include <sys/types.h> #include <selinux/selinux.h> +#ifdef HAVE_SMACK +# include <sys/smack.h> +#endif + #include "system.h" #include "error.h" #include "modechange.h" @@ -93,6 +97,7 @@ main (int argc, char **argv) int expected_operands; mode_t node_type; security_context_t scontext = NULL; + int ret = 0; initialize_main (&argc, &argv); set_program_name (argv[0]); @@ -164,7 +169,17 @@ main (int argc, char **argv) usage (EXIT_FAILURE); } - if (scontext && setfscreatecon (scontext) < 0) + if (scontext) + { +#ifdef HAVE_SMACK + if (smack_smackfs_path ()) + ret = smack_set_label_for_self (scontext); + else +#endif + ret = setfscreatecon (scontext); + } + + if (ret < 0) error (EXIT_FAILURE, errno, _("failed to set default file creation context to %s"), quote (scontext)); |