coreutils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] id: show SMACK security context

From: Jarkko Sakkinen
Subject: [PATCH] id: show SMACK security context
Date: Wed, 17 Apr 2013 23:30:48 +0300 
Enable showing SMACK security context with -Z command-line switch.
Adds dependency to libsmack.
---
 configure.ac |  5 +++++
 src/id.c     | 21 +++++++++++++++++----
 src/local.mk |  2 +-
 3 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/configure.ac b/configure.ac
index 3f0c58b..e001bd8 100644
--- a/configure.ac
+++ b/configure.ac
@@ -276,6 +276,11 @@ if test $ac_cv_func_syslog = no; then
   done
 fi
 
+AC_ARG_WITH([smack], AS_HELP_STRING([--with-smack], [Build with SMACK]))
+if test "x$with_smack" = "xyes"; then
+   PKG_CHECK_MODULES([LIBSMACK], [libsmack], [AC_DEFINE([HAVE_SMACK], [1], 
[FIXME])])
+fi
+
 AC_CACHE_CHECK([for 3-argument setpriority function],
   [utils_cv_func_setpriority],
   [AC_LINK_IFELSE(
diff --git a/src/id.c b/src/id.c
index b5a7214..86b63b4 100644
--- a/src/id.c
+++ b/src/id.c
@@ -24,6 +24,7 @@
 #include <grp.h>
 #include <getopt.h>
 #include <selinux/selinux.h>
+#include <sys/smack.h>
 
 #include "system.h"
 #include "error.h"
@@ -107,6 +108,9 @@ main (int argc, char **argv)
 {
   int optc;
   int selinux_enabled = (is_selinux_enabled () > 0);
+#ifdef HAVE_SMACK
+  int smack_enabled = (smack_smackfs_path () != NULL);
+#endif
 
   /* If true, output the list of all group IDs. -G */
   bool just_group_list = false;
@@ -134,10 +138,16 @@ main (int argc, char **argv)
           break;
 
         case 'Z':
-          /* politely decline if we're not on a selinux-enabled kernel. */
+          /* politely decline if we're not on a SELinux/SMACK-enabled kernel. 
*/
+#ifdef HAVE_SMACK
+          if (!selinux_enabled && !smack_enabled)
+            error (EXIT_FAILURE, 0,
+                   _("--context (-Z) works only on an SELinux/SMACK-enabled 
kernel"));
+#else
           if (!selinux_enabled)
             error (EXIT_FAILURE, 0,
                    _("--context (-Z) works only on an SELinux-enabled 
kernel"));
+#endif
           just_context = 1;
           break;
 
@@ -189,14 +199,17 @@ main (int argc, char **argv)
      and we're not in POSIXLY_CORRECT mode, get our context.  Otherwise,
      leave the context variable alone - it has been initialized to an
      invalid value that will be not displayed in print_full_info().  */
-  if (selinux_enabled
-      && n_ids == 0
+  if (n_ids == 0
       && (just_context
           || (default_format && ! getenv ("POSIXLY_CORRECT"))))
     {
       /* Report failure only if --context (-Z) was explicitly requested.  */
-      if (getcon (&context) && just_context)
+      if (selinux_enabled && getcon (&context) && just_context)
+        error (EXIT_FAILURE, 0, _("can't get process context"));
+#ifdef HAVE_SMACK
+      else if (smack_enabled && smack_new_label_from_self ((char **) &context))
         error (EXIT_FAILURE, 0, _("can't get process context"));
+#endif
     }
 
   if (n_ids == 1)
diff --git a/src/local.mk b/src/local.mk
index 1ae9eff..67d6693 100644
--- a/src/local.mk
+++ b/src/local.mk
@@ -227,7 +227,7 @@ src_test_LDADD += $(LIB_EACCESS)
 copy_ldadd += $(LIB_SELINUX)
 src_chcon_LDADD += $(LIB_SELINUX)
 src_ginstall_LDADD += $(LIB_SELINUX)
-src_id_LDADD += $(LIB_SELINUX)
+src_id_LDADD += $(LIB_SELINUX) $(LIBSMACK_LIBS)
 src_ls_LDADD += $(LIB_SELINUX)
 src_mkdir_LDADD += $(LIB_SELINUX)
 src_mkfifo_LDADD += $(LIB_SELINUX)
-- 
1.8.1.2
reply via email to
[Prev in Thread] Current Thread [Next in Thread]