summaryrefslogtreecommitdiff
path: root/src/selinux.c
AgeCommit message (Collapse)Author
2016-10-16all: use die() rather than error(EXIT_FAILURE)Pádraig Brady
die() has the advantage of being apparent to the compiler that it doesn't return, which will avoid warnings in some cases, and possibly generate better code. * cfg.mk (sc_die_EXIT_FAILURE): A new syntax check rule to catch any new uses of error (CONSTANT, ...);
2016-01-01maint: update all copyright year number rangesPádraig Brady
Run "make update-copyright" and then... * gnulib: Update to latest with copyright year adjusted. * tests/init.sh: Sync with gnulib to pick up copyright year. * bootstrap: Likewise. * tests/sample-test: Adjust to use the single most recent year.
2015-11-04all: avoid quoting file names when possiblePádraig Brady
Quote file names using the "shell-escape" or "shell-escape-always" methods, which quote as appropriate for most shells, and better support copy and paste of presented names. The "always" variant is used when the file name is embedded in an error message with surrounding spaces. * cfg.mk (sc_error_shell_quotes): A new syntax check rule to suggest quotef() where appropriate. (sc_error_shell_always_quotes): Likewise for quoteaf(). * src/system.h (quotef): A new define to apply shell quoting when needed. I.E. when shell character or ':' is present. (quoteaf): Likewise, but always quote. * src/*.c: Use quotef() and quoteaf() rather than quote() where appropriate. * tests/: Adjust accordingly.
2015-01-01maint: update all copyright year number rangesPádraig Brady
Run "make update-copyright" and then... * tests/sample-test: Adjust to use the single most recent year. * tests/du/bind-mount-dir-cycle-v2.sh: Fix case in copyright message, so that year is updated automatically in future.
2014-07-01maint: fix const correctness warnings with security_context_tPádraig Brady
The security_context_t type was always an artificial separation from a standard char* string, and various libselinux using code assumed both were synonymous. In addition, prior to libselinux 2.3 function declarations were incorrect wrt constness of this type. Here we replace security_context_t with char*, and also provide a wrapper function to cater for the const issue on older libselinux. * src/system.h (se_const): A new function to avoid and identify the const issue on older libselinux. * src/copy.c: s/security_context_t/char */. * src/cp.c: Likewise. * src/id.c: Likewise. * src/install.c: Likewise. * src/ls.c: Likewise. * src/mkdir.c: Likewise. * src/mkfifo.c: Likewise. * src/mknod.c: Likewise. * src/runcon.c: Likewise. * src/selinux.c: Likewise. * tests/cp/no-ctx.sh: Likewise. * src/chcon.c: Likesize.
2014-01-13copy: fix a segfault in SELinux context copying codeNicolas Iooss
* src/selinux.c (restorecon_private): On ArchLinux the `fakeroot cp -a file1 file2` command segfaulted due to getfscreatecon() returning a NULL context. So map this to the sometimes ignored ENODATA error, rather than crashing. * tests/cp/no-ctx.sh: Add a new test case. * tests/local.mk: Reference the new test. * NEWS: Mention the fix. Fixes http://bugs.gnu.org/16335
2014-01-02maint: fix copyright holder and year in selinux sourcesBernhard Voelker
* src/selinux.c: As the copyright is assigned to the FSF for all of coreutils, replace the copyright holder from "Red Hat, Inc." to "Free Software Foundation, Inc.". Prompted by a warning of 'make update-copyright'. Also update the copyright year.
2013-11-28build: fix selinux.c build failure on 32 bitPádraig Brady
* src/selinux.c: Don't include the system "fts.h" as that disallows _FILE_OFFSET_BITS=64 which gnulib auto enables to support large files on 32 bit systems. Instead include our "xfts.h" which includes the less limited gnulib replacement, and also a checked version of xfts_open(). (restorecon): Use the checked xfts_open() rather than the standard fts_open(). Prompted by the continuous integration build failure at: http://hydra.nixos.org/build/6934169
2013-11-27build: avoid more selinux build failuresPádraig Brady
Handle both newer selinux libraries with mode_to_security_class(), and systems without selinux at all. We could easily adjust gnulib to provide the necessary stubs for use by this module, but it's more efficient to just stub out the module completely, when not using selinux. * src/selinux.h: Define stubs for the two module functions, when SELinux is not available. * src/selinux.c: Exclude all logic in preference for the stubs when selinux isn't used. Also when newer selinux libs are used, don't use our conflicting static version of mode_to_security_class(). m4/jm-macros.m4: Check for the system mode_to_security_class().
2013-11-27build: avoid build failure on non selinux systemsPádraig Brady
* src/selinux.c: This module introduced in commit v8.21-159-gd8e27ab doesn't need to include <selinux/flask.h>. That header file isn't catered for by gnulib, but is not needed as we're not explicitly referencing any class IDs. Prompted by the continuous integration build failure at: http://hydra.nixos.org/build/6920020
2013-11-27selinux: a new module implementing "restorecon" functionalityDaniel J Walsh
* src/selinux.c: A new module implementing "restorecon" functionality. There are two main functions to adjust the type of the referenced file system item. defaultcon() will setup the process context so that new items will have the required context without races. This is the preferred method. For existing files, the equivalent restorecon() is available which has two modes. With the "local" parameter set to false, restorecon() will adjust the type according to the system configuration for that file, and set to true will update the context as per the context for the current process (disregarding type). * src/selinux.h: Likewise. * po/POTFILES.in: Reference the new module.