coreutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] mk{dir, fifo, nod}: with -Z, create SMACK security context


From: Jarkko Sakkinen
Subject: [PATCH] mk{dir, fifo, nod}: with -Z, create SMACK security context
Date: Wed, 26 Jun 2013 11:48:27 +0300

Enable creation of SMACK security context with -Z command-line switch
if SMACK is enabled.

* mkdir.c (main): set process security context to given SMACK label
* mkfifo.c (main): set process security context to given SMACK label
* mknod.c (main): set process security context to given SMACK label
* src/local.mk: link mk{dir, fifo, nod} with libsmack
---
 src/local.mk |  3 +++
 src/mkdir.c  | 17 ++++++++++++++++-
 src/mkfifo.c | 17 ++++++++++++++++-
 src/mknod.c  | 17 ++++++++++++++++-
 4 files changed, 51 insertions(+), 3 deletions(-)

diff --git a/src/local.mk b/src/local.mk
index 626d580..646fbad 100644
--- a/src/local.mk
+++ b/src/local.mk
@@ -232,8 +232,11 @@ src_id_LDADD += $(LIB_SMACK)
 src_ls_LDADD += $(LIB_SELINUX)
 src_ls_LDADD += $(LIB_SMACK)
 src_mkdir_LDADD += $(LIB_SELINUX)
+src_mkdir_LDADD += $(LIB_SMACK)
 src_mkfifo_LDADD += $(LIB_SELINUX)
+src_mkfifo_LDADD += $(LIB_SMACK)
 src_mknod_LDADD += $(LIB_SELINUX)
+src_mknod_LDADD += $(LIB_SMACK)
 src_runcon_LDADD += $(LIB_SELINUX)
 src_stat_LDADD += $(LIB_SELINUX)
 
diff --git a/src/mkdir.c b/src/mkdir.c
index b36237a..e56b6cb 100644
--- a/src/mkdir.c
+++ b/src/mkdir.c
@@ -22,6 +22,10 @@
 #include <sys/types.h>
 #include <selinux/selinux.h>
 
+#ifdef HAVE_SMACK
+# include <sys/smack.h>
+#endif
+
 #include "system.h"
 #include "error.h"
 #include "mkdir-p.h"
@@ -151,6 +155,7 @@ main (int argc, char **argv)
   int optc;
   security_context_t scontext = NULL;
   struct mkdir_options options;
+  int ret = 0;
 
   options.make_ancestor_function = NULL;
   options.mode = S_IRWXUGO;
@@ -194,7 +199,17 @@ main (int argc, char **argv)
       usage (EXIT_FAILURE);
     }
 
-  if (scontext && setfscreatecon (scontext) < 0)
+  if (scontext)
+    {
+#ifdef HAVE_SMACK
+      if (smack_smackfs_path ())
+        ret = smack_set_label_for_self (scontext);
+      else
+#endif
+        ret = setfscreatecon (scontext);
+    }
+
+  if (ret < 0)
     error (EXIT_FAILURE, errno,
            _("failed to set default file creation context to %s"),
            quote (scontext));
diff --git a/src/mkfifo.c b/src/mkfifo.c
index 78ff909..a87a393 100644
--- a/src/mkfifo.c
+++ b/src/mkfifo.c
@@ -22,6 +22,10 @@
 #include <sys/types.h>
 #include <selinux/selinux.h>
 
+#ifdef HAVE_SMACK
+# include <sys/smack.h>
+#endif
+
 #include "system.h"
 #include "error.h"
 #include "modechange.h"
@@ -76,6 +80,7 @@ main (int argc, char **argv)
   int exit_status = EXIT_SUCCESS;
   int optc;
   security_context_t scontext = NULL;
+  int ret = 0;
 
   initialize_main (&argc, &argv);
   set_program_name (argv[0]);
@@ -108,7 +113,17 @@ main (int argc, char **argv)
       usage (EXIT_FAILURE);
     }
 
-  if (scontext && setfscreatecon (scontext) < 0)
+  if (scontext)
+    {
+#ifdef HAVE_SMACK
+      if (smack_smackfs_path ())
+        ret = smack_set_label_for_self (scontext);
+      else
+#endif
+        ret = setfscreatecon (scontext);
+    }
+
+  if (ret < 0)
     error (EXIT_FAILURE, errno,
            _("failed to set default file creation context to %s"),
            quote (scontext));
diff --git a/src/mknod.c b/src/mknod.c
index a384ad3..9f0afb3 100644
--- a/src/mknod.c
+++ b/src/mknod.c
@@ -22,6 +22,10 @@
 #include <sys/types.h>
 #include <selinux/selinux.h>
 
+#ifdef HAVE_SMACK
+# include <sys/smack.h>
+#endif
+
 #include "system.h"
 #include "error.h"
 #include "modechange.h"
@@ -93,6 +97,7 @@ main (int argc, char **argv)
   int expected_operands;
   mode_t node_type;
   security_context_t scontext = NULL;
+  int ret = 0;
 
   initialize_main (&argc, &argv);
   set_program_name (argv[0]);
@@ -164,7 +169,17 @@ main (int argc, char **argv)
       usage (EXIT_FAILURE);
     }
 
-  if (scontext && setfscreatecon (scontext) < 0)
+  if (scontext)
+    {
+#ifdef HAVE_SMACK
+      if (smack_smackfs_path ())
+        ret = smack_set_label_for_self (scontext);
+      else
+#endif
+        ret = setfscreatecon (scontext);
+    }
+
+  if (ret < 0)
     error (EXIT_FAILURE, errno,
            _("failed to set default file creation context to %s"),
            quote (scontext));
-- 
1.8.1.2




reply via email to

[Prev in Thread] Current Thread [Next in Thread]