[PATCH] ls: with -Z, show SMACK context for each file (v4)

coreutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] ls: with -Z, show SMACK context for each file (v4)

From:	Jarkko Sakkinen
Subject:	[PATCH] ls: with -Z, show SMACK context for each file (v4)
Date:	Thu, 6 Jun 2013 21:01:39 +0300

Enable showing of file SMACK labels with '-Z' and 'l' command-line
switches if SMACK is enabled. Actually showing SMACK context of a
file does not stricly require SMACK to be enabled but this done to
make choice whether to show SELinux or SMACK security context.

* src/ls.c: output SMACK context if available and SMACK is enabled
* src/local.mk: link libsmack to 'ls'.
* m4/jm-macros.m4: check from smack_new_label_from_* functions
---
 m4/jm-macros.m4 | 10 ++++++----
 src/local.mk    |  1 +
 src/ls.c        | 41 +++++++++++++++++++++++++++++++++--------
 3 files changed, 40 insertions(+), 12 deletions(-)

diff --git a/m4/jm-macros.m4 b/m4/jm-macros.m4
index 2e0476d..b7bd4b0 100644
--- a/m4/jm-macros.m4
+++ b/m4/jm-macros.m4
@@ -147,10 +147,12 @@ AC_DEFUN([coreutils_MACROS],
     AC_HELP_STRING([--disable-libsmack], [disable libsmack support]))
   if test "X$enable_libsmack" != "Xno"; then
     AC_CHECK_LIB([smack], [smack_smackfs_path],
-      [AC_CHECK_HEADER([sys/smack.h],
-        [LIB_SMACK=-lsmack
-         AC_DEFINE([HAVE_SMACK], [1], [libsmack usability])]
-      )])
+      [AC_CHECK_LIB([smack], [smack_new_label_from_self],
+        [AC_CHECK_LIB([smack], [smack_new_label_from_path],
+          [AC_CHECK_HEADER([sys/smack.h],
+            [LIB_SMACK=-lsmack
+             AC_DEFINE([HAVE_SMACK], [1], [libsmack usability])]
+          )])])])
     if test "X$LIB_SMACK" = "X"; then
       if test "X$enable_libsmack" = "Xyes"; then
         AC_MSG_ERROR([libsmack library was not found or not usable])
diff --git a/src/local.mk b/src/local.mk
index efb0038..626d580 100644
--- a/src/local.mk
+++ b/src/local.mk
@@ -230,6 +230,7 @@ src_ginstall_LDADD += $(LIB_SELINUX)
 src_id_LDADD += $(LIB_SELINUX)
 src_id_LDADD += $(LIB_SMACK)
 src_ls_LDADD += $(LIB_SELINUX)
+src_ls_LDADD += $(LIB_SMACK)
 src_mkdir_LDADD += $(LIB_SELINUX)
 src_mkfifo_LDADD += $(LIB_SELINUX)
 src_mknod_LDADD += $(LIB_SELINUX)
diff --git a/src/ls.c b/src/ls.c
index 72aee99..c928055 100644
--- a/src/ls.c
+++ b/src/ls.c
@@ -115,6 +115,11 @@
 # include <sys/capability.h>
 #endif
 
+#ifdef HAVE_SMACK
+# include <sys/smack.h>
+# include <attr/xattr.h>
+#endif
+
 #define PROGRAM_NAME (ls_mode == LS_LS ? "ls" \
                       : (ls_mode == LS_MULTI_COL \
                          ? "dir" : "vdir"))
@@ -2757,7 +2762,12 @@ free_ent (struct fileinfo *f)
   free (f->name);
   free (f->linkname);
   if (f->scontext != UNKNOWN_SECURITY_CONTEXT)
-    freecon (f->scontext);
+#ifdef HAVE_SMACK
+    if (smack_smackfs_path ())
+      free(f->scontext);
+    else
+#endif
+      freecon (f->scontext);
 }
 
 /* Empty the table of files.  */
@@ -2812,14 +2822,22 @@ getfilecon_cache (char const *file, struct fileinfo *f, 
bool deref)
       errno = ENOTSUP;
       return -1;
     }
-  int r = (deref
-           ? getfilecon (file, &f->scontext)
-           : lgetfilecon (file, &f->scontext));
+  int r = 0;
+#ifdef HAVE_SMACK
+  if (smack_smackfs_path ())
+    r = smack_new_label_from_path (file, "security.SMACK64", deref,
+                                   &f->scontext);
+  else
+#endif
+    r = (deref
+         ? getfilecon (file, &f->scontext)
+         : lgetfilecon (file, &f->scontext));
   if (r < 0 && errno_unsupported (errno))
     unsupported_device = f->stat.st_dev;
   return r;
 }
 
+
 /* Cache file_has_acl failure, when it's trivial to do.
    Like file_has_acl, but when F's st_dev says it's on a file
    system lacking ACL support, return 0 with ENOTSUP immediately.  */
@@ -3005,13 +3023,20 @@ gobble_file (char const *name, enum filetype type, 
ino_t inode,
 
       if (format == long_format || print_scontext)
         {
-          bool have_selinux = false;
+          bool have_context = false;
           bool have_acl = false;
           int attr_len = getfilecon_cache (absolute_name, f, do_deref);
           err = (attr_len < 0);
 
           if (err == 0)
-            have_selinux = ! STREQ ("unlabeled", f->scontext);
+            {
+#ifdef HAVE_SMACK
+              if (smack_smackfs_path ())
+                have_context = ! STREQ ("_", f->scontext);
+              else
+#endif
+                have_context = ! STREQ ("unlabeled", f->scontext);
+            }
           else
             {
               f->scontext = UNKNOWN_SECURITY_CONTEXT;
@@ -3031,9 +3056,9 @@ gobble_file (char const *name, enum filetype type, ino_t 
inode,
               have_acl = (0 < n);
             }
 
-          f->acl_type = (!have_selinux && !have_acl
+          f->acl_type = (!have_context && !have_acl
                          ? ACL_T_NONE
-                         : (have_selinux && !have_acl
+                         : (have_context && !have_acl
                             ? ACL_T_SELINUX_ONLY
                             : ACL_T_YES));
           any_has_acl |= f->acl_type != ACL_T_NONE;
-- 
1.8.1.2

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] ls: with -Z, show SMACK context for each file (v4), Jarkko Sakkinen <=
- [PATCH] ls: with -Z, show SMACK context for each file (v4), Jarkko Sakkinen, 2013/06/06

Prev by Date: Re: Adding a --preserve= option to install
Next by Date: [PATCH] ls: with -Z, show SMACK context for each file (v4)
Previous by thread: Adding a --preserve= option to install
Next by thread: [PATCH] ls: with -Z, show SMACK context for each file (v4)
Index(es):
- Date
- Thread