New program: chcon

* gl/modules/selinux-at: New module. Check for libselinux and set LIB_SELINUX here, unconditionally, rather than depending on the configure-time --enable-selinux option. * gl/modules/selinux-h: New module. * bootstrap.conf (gnulib_modules): Add selinux-at. * gl/lib/selinux-at.c, gl/lib/selinux-at.h: New files. * gl/lib/se-selinux_.h: New file. * gl/lib/se-context_.h: New file. * gl/m4/selinux-selinux-h.m4: New file. * gl/m4/selinux-context-h.m4: New file. * src/Makefile.am (bin_PROGRAMS): Add chcon. (chcon_LDADD): Define. * README: Add chcon to the list of programs. * src/chcon.c: Rewrite the original (Red Hat) chcon to use fts.
author: Jim Meyering <jim@meyering.net> 2007-01-04 16:33:43 +0100
committer: Jim Meyering <jim@meyering.net> 2007-03-29 21:37:05 +0200
commit: 87516b80a5dcbfc4c2a8bb2193037a249c96674f (patch)
tree: e2093ff352ca9c0c55ce8916b4a9b779fd4e3361 /gl/lib
parent: 56fc172d1133f9c97547818ea4c4c156cd431a16 (diff)
download: coreutils-87516b80a5dcbfc4c2a8bb2193037a249c96674f.tar.xz
4 files changed, 203 insertions, 0 deletions
diff --git a/gl/lib/se-context_.h b/gl/lib/se-context_.h
new file mode 100644
index 000000000..26e1709f1
--- /dev/null
+++ b/gl/lib/se-context_.h
@@ -0,0 +1,31 @@
+#ifndef SELINUX_CONTEXT_H
+# define SELINUX_CONTEXT_H
+
+# include <errno.h>
+/* Some systems don't have ENOSYS.  */
+# ifndef ENOSYS
+#  ifdef ENOTSUP
+#   define ENOSYS ENOTSUP
+#  else
+/* Some systems don't have ENOTSUP either.  */
+#   define ENOSYS EINVAL
+#  endif
+# endif
+
+typedef int context_t;
+static inline context_t context_new (char const *s)
+  { errno = ENOTSUP; return 0; }
+static inline char *context_str (context_t con)
+  { errno = ENOTSUP; return (void *) 0; }
+static inline void context_free (context_t c) {}
+
+static inline int context_user_set (context_t sc, char const *s)
+  { errno = ENOTSUP; return -1; }
+static inline int context_role_set (context_t sc, char const *s)
+  { errno = ENOTSUP; return -1; }
+static inline int context_range_set (context_t sc, char const *s)
+  { errno = ENOTSUP; return -1; }
+static inline int context_type_set (context_t sc, char const *s)
+  { errno = ENOTSUP; return -1; }
+
+#endif
diff --git a/gl/lib/se-selinux_.h b/gl/lib/se-selinux_.h
new file mode 100644
index 000000000..b08c7eee4
--- /dev/null
+++ b/gl/lib/se-selinux_.h
@@ -0,0 +1,54 @@
+#ifndef SELINUX_SELINUX_H
+# define SELINUX_SELINUX_H
+
+# include <sys/types.h>
+# include <errno.h>
+/* Some systems don't have ENOSYS.  */
+# ifndef ENOSYS
+#  ifdef ENOTSUP
+#   define ENOSYS ENOTSUP
+#  else
+/* Some systems don't have ENOTSUP either.  */
+#   define ENOSYS EINVAL
+#  endif
+# endif
+
+typedef unsigned short security_class_t;
+# define security_context_t char*
+# define is_selinux_enabled() 0
+
+static inline int getcon (security_context_t *con) { errno = ENOTSUP; return -1; }
+static inline void freecon (security_context_t con) {}
+
+
+static inline int getfscreatecon (security_context_t *con)
+  { errno = ENOTSUP; return -1; }
+static inline int setfscreatecon (security_context_t con)
+  { errno = ENOTSUP; return -1; }
+static inline int matchpathcon (char const *s, mode_t m,
+				security_context_t *con)
+  { errno = ENOTSUP; return -1; }
+
+static inline int getfilecon (char const *s, security_context_t *con)
+  { errno = ENOTSUP; return -1; }
+static inline int lgetfilecon (char const *s, security_context_t *con)
+  { errno = ENOTSUP; return -1; }
+static inline int setfilecon (char const *s, security_context_t con)
+  { errno = ENOTSUP; return -1; }
+static inline int lsetfilecon (char const *s, security_context_t con)
+  { errno = ENOTSUP; return -1; }
+static inline int fsetfilecon (int fd, security_context_t con)
+  { errno = ENOTSUP; return -1; }
+
+static inline int security_check_context (security_context_t con)
+  { errno = ENOTSUP; return -1; }
+static inline int security_check_context_raw (security_context_t con)
+  { errno = ENOTSUP; return -1; }
+static inline int setexeccon (security_context_t con)
+  { errno = ENOTSUP; return -1; }
+static inline int security_compute_create (security_context_t scon,
+					   security_context_t tcon,
+					   security_class_t tclass,
+					   security_context_t *newcon)
+  { errno = ENOTSUP; return -1; }
+#endif
diff --git a/gl/lib/selinux-at.c b/gl/lib/selinux-at.c
new file mode 100644
index 000000000..ebc41ee7a
--- /dev/null
+++ b/gl/lib/selinux-at.c
@@ -0,0 +1,94 @@
+/* openat-style fd-relative functions for SE Linux
+   Copyright (C) 2007 Free Software Foundation, Inc.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2, or (at your option)
+   any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software Foundation,
+   Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.  */
+
+/* written by Jim Meyering */
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include "selinux-at.h"
+#include "openat.h"
+
+#include <stdlib.h>
+#include <unistd.h>
+#include <errno.h>
+#include <fcntl.h>
+
+#include "dirname.h" /* solely for definition of IS_ABSOLUTE_FILE_NAME */
+#include "save-cwd.h"
+
+#include "gettext.h"
+#define _(msgid) gettext (msgid)
+
+#include "openat-priv.h"
+
+#define AT_FUNC_NAME getfileconat
+#define AT_FUNC_F1 getfilecon
+#define AT_FUNC_F2 getfilecon
+#define AT_FUNC_USE_F1_COND 1
+#define AT_FUNC_POST_FILE_PARAM_DECLS , security_context_t *con
+#define AT_FUNC_POST_FILE_ARGS        , con
+#include "at-func.c"
+#undef AT_FUNC_NAME
+#undef AT_FUNC_F1
+#undef AT_FUNC_F2
+#undef AT_FUNC_USE_F1_COND
+#undef AT_FUNC_POST_FILE_PARAM_DECLS
+#undef AT_FUNC_POST_FILE_ARGS
+
+#define AT_FUNC_NAME lgetfileconat
+#define AT_FUNC_F1 lgetfilecon
+#define AT_FUNC_F2 lgetfilecon
+#define AT_FUNC_USE_F1_COND 1
+#define AT_FUNC_POST_FILE_PARAM_DECLS , security_context_t *con
+#define AT_FUNC_POST_FILE_ARGS        , con
+#include "at-func.c"
+#undef AT_FUNC_NAME
+#undef AT_FUNC_F1
+#undef AT_FUNC_F2
+#undef AT_FUNC_USE_F1_COND
+#undef AT_FUNC_POST_FILE_PARAM_DECLS
+#undef AT_FUNC_POST_FILE_ARGS
+
+#define AT_FUNC_NAME setfileconat
+#define AT_FUNC_F1 setfilecon
+#define AT_FUNC_F2 setfilecon
+#define AT_FUNC_USE_F1_COND 1
+#define AT_FUNC_POST_FILE_PARAM_DECLS , security_context_t con
+#define AT_FUNC_POST_FILE_ARGS        , con
+#include "at-func.c"
+#undef AT_FUNC_NAME
+#undef AT_FUNC_F1
+#undef AT_FUNC_F2
+#undef AT_FUNC_USE_F1_COND
+#undef AT_FUNC_POST_FILE_PARAM_DECLS
+#undef AT_FUNC_POST_FILE_ARGS
+
+#define AT_FUNC_NAME lsetfileconat
+#define AT_FUNC_F1 lsetfilecon
+#define AT_FUNC_F2 lsetfilecon
+#define AT_FUNC_USE_F1_COND 1
+#define AT_FUNC_POST_FILE_PARAM_DECLS , security_context_t con
+#define AT_FUNC_POST_FILE_ARGS        , con
+#include "at-func.c"
+#undef AT_FUNC_NAME
+#undef AT_FUNC_F1
+#undef AT_FUNC_F2
+#undef AT_FUNC_USE_F1_COND
+#undef AT_FUNC_POST_FILE_PARAM_DECLS
+#undef AT_FUNC_POST_FILE_ARGS
diff --git a/gl/lib/selinux-at.h b/gl/lib/selinux-at.h
new file mode 100644
index 000000000..f12022c51
--- /dev/null
+++ b/gl/lib/selinux-at.h
@@ -0,0 +1,24 @@
+/* Prototypes for openat-style fd-relative SELinux functions
+   Copyright (C) 2007 Free Software Foundation, Inc.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2, or (at your option)
+   any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software Foundation,
+   Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.  */
+
+#include <selinux/selinux.h>
+#include <selinux/context.h>
+
+int  getfileconat (int fd, char const *file, security_context_t *con);
+int lgetfileconat (int fd, char const *file, security_context_t *con);
+int  setfileconat (int fd, char const *file, security_context_t con);
+int lsetfileconat (int fd, char const *file, security_context_t con);
author	Jim Meyering <jim@meyering.net>	2007-01-04 16:33:43 +0100
committer	Jim Meyering <jim@meyering.net>	2007-03-29 21:37:05 +0200
commit	87516b80a5dcbfc4c2a8bb2193037a249c96674f (patch)
tree	e2093ff352ca9c0c55ce8916b4a9b779fd4e3361 /gl/lib
parent	56fc172d1133f9c97547818ea4c4c156cd431a16 (diff)
download	coreutils-87516b80a5dcbfc4c2a8bb2193037a249c96674f.tar.xz