From 7d5976f668e0799aae1c428a17eb370f06aea1d0 Mon Sep 17 00:00:00 2001
From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Date: Wed, 26 Jun 2013 11:48:27 +0300
Subject: mkdir,mkfifo,mknod: with -Z, create SMACK security context

Enable creation of SMACK security context with -Z command-line switch
if SMACK is enabled.

* mkdir.c (main): Set process security context to given SMACK label.
* mkfifo.c (main): Likewise.
* mknod.c (main): Likewise.
* src/local.mk: link mk{dir, fifo, nod} with libsmack.
* NEWS: Mention the new feature.
---
 src/mkdir.c | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

(limited to 'src/mkdir.c')

diff --git a/src/mkdir.c b/src/mkdir.c
index b36237a33..e56b6cbbd 100644
--- a/src/mkdir.c
+++ b/src/mkdir.c
@@ -22,6 +22,10 @@
 #include <sys/types.h>
 #include <selinux/selinux.h>
 
+#ifdef HAVE_SMACK
+# include <sys/smack.h>
+#endif
+
 #include "system.h"
 #include "error.h"
 #include "mkdir-p.h"
@@ -151,6 +155,7 @@ main (int argc, char **argv)
   int optc;
   security_context_t scontext = NULL;
   struct mkdir_options options;
+  int ret = 0;
 
   options.make_ancestor_function = NULL;
   options.mode = S_IRWXUGO;
@@ -194,7 +199,17 @@ main (int argc, char **argv)
       usage (EXIT_FAILURE);
     }
 
-  if (scontext && setfscreatecon (scontext) < 0)
+  if (scontext)
+    {
+#ifdef HAVE_SMACK
+      if (smack_smackfs_path ())
+        ret = smack_set_label_for_self (scontext);
+      else
+#endif
+        ret = setfscreatecon (scontext);
+    }
+
+  if (ret < 0)
     error (EXIT_FAILURE, errno,
            _("failed to set default file creation context to %s"),
            quote (scontext));
-- 
cgit v1.2.3-54-g00ecf