From 7d5976f668e0799aae1c428a17eb370f06aea1d0 Mon Sep 17 00:00:00 2001 From: Jarkko Sakkinen Date: Wed, 26 Jun 2013 11:48:27 +0300 Subject: mkdir,mkfifo,mknod: with -Z, create SMACK security context Enable creation of SMACK security context with -Z command-line switch if SMACK is enabled. * mkdir.c (main): Set process security context to given SMACK label. * mkfifo.c (main): Likewise. * mknod.c (main): Likewise. * src/local.mk: link mk{dir, fifo, nod} with libsmack. * NEWS: Mention the new feature. --- src/local.mk | 3 +++ src/mkdir.c | 17 ++++++++++++++++- src/mkfifo.c | 17 ++++++++++++++++- src/mknod.c | 17 ++++++++++++++++- 4 files changed, 51 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/local.mk b/src/local.mk index 626d580de..646fbada1 100644 --- a/src/local.mk +++ b/src/local.mk @@ -232,8 +232,11 @@ src_id_LDADD += $(LIB_SMACK) src_ls_LDADD += $(LIB_SELINUX) src_ls_LDADD += $(LIB_SMACK) src_mkdir_LDADD += $(LIB_SELINUX) +src_mkdir_LDADD += $(LIB_SMACK) src_mkfifo_LDADD += $(LIB_SELINUX) +src_mkfifo_LDADD += $(LIB_SMACK) src_mknod_LDADD += $(LIB_SELINUX) +src_mknod_LDADD += $(LIB_SMACK) src_runcon_LDADD += $(LIB_SELINUX) src_stat_LDADD += $(LIB_SELINUX) diff --git a/src/mkdir.c b/src/mkdir.c index b36237a33..e56b6cbbd 100644 --- a/src/mkdir.c +++ b/src/mkdir.c @@ -22,6 +22,10 @@ #include #include +#ifdef HAVE_SMACK +# include +#endif + #include "system.h" #include "error.h" #include "mkdir-p.h" @@ -151,6 +155,7 @@ main (int argc, char **argv) int optc; security_context_t scontext = NULL; struct mkdir_options options; + int ret = 0; options.make_ancestor_function = NULL; options.mode = S_IRWXUGO; @@ -194,7 +199,17 @@ main (int argc, char **argv) usage (EXIT_FAILURE); } - if (scontext && setfscreatecon (scontext) < 0) + if (scontext) + { +#ifdef HAVE_SMACK + if (smack_smackfs_path ()) + ret = smack_set_label_for_self (scontext); + else +#endif + ret = setfscreatecon (scontext); + } + + if (ret < 0) error (EXIT_FAILURE, errno, _("failed to set default file creation context to %s"), quote (scontext)); diff --git a/src/mkfifo.c b/src/mkfifo.c index 78ff909cc..a87a393e2 100644 --- a/src/mkfifo.c +++ b/src/mkfifo.c @@ -22,6 +22,10 @@ #include #include +#ifdef HAVE_SMACK +# include +#endif + #include "system.h" #include "error.h" #include "modechange.h" @@ -76,6 +80,7 @@ main (int argc, char **argv) int exit_status = EXIT_SUCCESS; int optc; security_context_t scontext = NULL; + int ret = 0; initialize_main (&argc, &argv); set_program_name (argv[0]); @@ -108,7 +113,17 @@ main (int argc, char **argv) usage (EXIT_FAILURE); } - if (scontext && setfscreatecon (scontext) < 0) + if (scontext) + { +#ifdef HAVE_SMACK + if (smack_smackfs_path ()) + ret = smack_set_label_for_self (scontext); + else +#endif + ret = setfscreatecon (scontext); + } + + if (ret < 0) error (EXIT_FAILURE, errno, _("failed to set default file creation context to %s"), quote (scontext)); diff --git a/src/mknod.c b/src/mknod.c index a384ad35c..9f0afb3ff 100644 --- a/src/mknod.c +++ b/src/mknod.c @@ -22,6 +22,10 @@ #include #include +#ifdef HAVE_SMACK +# include +#endif + #include "system.h" #include "error.h" #include "modechange.h" @@ -93,6 +97,7 @@ main (int argc, char **argv) int expected_operands; mode_t node_type; security_context_t scontext = NULL; + int ret = 0; initialize_main (&argc, &argv); set_program_name (argv[0]); @@ -164,7 +169,17 @@ main (int argc, char **argv) usage (EXIT_FAILURE); } - if (scontext && setfscreatecon (scontext) < 0) + if (scontext) + { +#ifdef HAVE_SMACK + if (smack_smackfs_path ()) + ret = smack_set_label_for_self (scontext); + else +#endif + ret = setfscreatecon (scontext); + } + + if (ret < 0) error (EXIT_FAILURE, errno, _("failed to set default file creation context to %s"), quote (scontext)); -- cgit v1.2.3-70-g09d2