>From a1d8ad1ff3f5993f4e1cb4e0c17b10b1e1da8d43 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C3=A1draig=20Brady?=
Date: Tue, 2 Jul 2013 02:40:35 +0100
Subject: [PATCH 1/2] id: don't show smack errors unless -Z is specified
* src/id.c (main): Be consistent with the SELinux case,
and only show errors in getting the security context
when -Z is specified.
---
src/id.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/src/id.c b/src/id.c
index c91dbcd..95f361a 100644
--- a/src/id.c
+++ b/src/id.c
@@ -211,7 +211,8 @@ main (int argc, char **argv)
error (EXIT_FAILURE, 0, _("can't get process context"));
#ifdef HAVE_SMACK
else if (smack_enabled
- && smack_new_label_from_self ((char **) &context) < 0)
+ && smack_new_label_from_self ((char **) &context) < 0
+ && just_context)
error (EXIT_FAILURE, 0, _("can't get process context"));
#endif
}
--
1.7.7.6
>From 018d36158d896b84d42f25bce36cda3d4adf430a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C3=A1draig=20Brady?=
Date: Tue, 2 Jul 2013 03:42:20 +0100
Subject: [PATCH 2/2] maint: refactor smack interface to a separate module
Consolidate all smack routines and checks in a module.
We replace and wrap the most commonly used smack routines,
which allows removing ifdefs throughout the code.
* gl/lib/smack.h: A new header containing the implementation
of the wrapped and replacement routines. Note the is_smack_enabled()
routine should be optimized out at compile time when compiled
on a system without libsmack.
* gl/modules/smack: Describe the new module and move the
configure time code here from ...
* m4/jm-macros.m4: ... here.
* bootstrap.conf: Reference the new module.
* src/id.c: Use the routines without ifdefs where possible.
* src/ls.c: Likewise.
* src/mkdir.c: Likewise.
* src/mkfifo.c: Likewise.
* src/mknod.c: Likewise.
---
bootstrap.conf | 1 +
gl/lib/smack.h | 46 ++++++++++++++++++++++++++++++++++++++++++++++
gl/modules/smack | 42 ++++++++++++++++++++++++++++++++++++++++++
m4/jm-macros.m4 | 21 ---------------------
src/id.c | 19 ++++++-------------
src/ls.c | 15 ++++-----------
src/mkdir.c | 9 ++-------
src/mkfifo.c | 9 ++-------
src/mknod.c | 9 ++-------
9 files changed, 105 insertions(+), 66 deletions(-)
create mode 100644 gl/lib/smack.h
create mode 100644 gl/modules/smack
diff --git a/bootstrap.conf b/bootstrap.conf
index bb6c145..0863590 100644
--- a/bootstrap.conf
+++ b/bootstrap.conf
@@ -211,6 +211,7 @@ gnulib_modules="
settime
sig2str
sigaction
+ smack
ssize_t
statat
stat-macros
diff --git a/gl/lib/smack.h b/gl/lib/smack.h
new file mode 100644
index 0000000..dea729e
--- /dev/null
+++ b/gl/lib/smack.h
@@ -0,0 +1,46 @@
+/* Include and determine availability of smack routines
+ Copyright (C) 2013 Free Software Foundation, Inc.
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see . */
+
+/* Here we replace or wrap the most common smack functions used by coreutils.
+ Others will need to be protected by HAVE_SMACK. */
+
+#include
+
+#ifdef HAVE_SMACK
+# include
+#else
+static inline ssize_t
+smack_new_label_from_self (char **label)
+{
+ return -1;
+}
+
+static inline int
+smack_set_label_for_self (const char *label)
+{
+ return -1;
+}
+#endif
+
+static inline bool
+is_smack_enabled (void)
+{
+#ifdef HAVE_SMACK
+ return smack_smackfs_path () != NULL;
+#else
+ return false;
+#endif
+}
diff --git a/gl/modules/smack b/gl/modules/smack
new file mode 100644
index 0000000..a6dcbaa
--- /dev/null
+++ b/gl/modules/smack
@@ -0,0 +1,42 @@
+Description:
+Include and determine the availability of smack routines
+
+Files:
+lib/smack.h
+
+Depends-on:
+
+configure.ac:
+# Check whether libsmack is available
+LIB_SMACK=
+AC_ARG_ENABLE([libsmack],
+ AC_HELP_STRING([--disable-libsmack], [disable libsmack support]))
+if test "X$enable_libsmack" != "Xno"; then
+ AC_CHECK_LIB([smack], [smack_new_label_from_self],
+ [AC_CHECK_LIB([smack], [smack_new_label_from_path],
+ [AC_CHECK_HEADER([sys/smack.h],
+ [LIB_SMACK=-lsmack
+ AC_DEFINE([HAVE_SMACK], [1], [libsmack usability])]
+ )])])
+ if test "X$LIB_SMACK" = "X"; then
+ if test "X$enable_libsmack" = "Xyes"; then
+ AC_MSG_ERROR([libsmack library was not found or not usable])
+ fi
+ fi
+else
+ AC_MSG_WARN([libsmack support disabled by user])
+fi
+AC_SUBST([LIB_SMACK])
+
+
+Makefile.am:
+lib_SOURCES += smack.h
+
+Include:
+"smack.h"
+
+License:
+LGPL
+
+Maintainer:
+Pádraig Brady
diff --git a/m4/jm-macros.m4 b/m4/jm-macros.m4
index 649a344..3f95def 100644
--- a/m4/jm-macros.m4
+++ b/m4/jm-macros.m4
@@ -141,27 +141,6 @@ AC_DEFUN([coreutils_MACROS],
fi
AC_SUBST([LIB_CAP])
- # Check whether libsmack is available
- LIB_SMACK=
- AC_ARG_ENABLE([libsmack],
- AC_HELP_STRING([--disable-libsmack], [disable libsmack support]))
- if test "X$enable_libsmack" != "Xno"; then
- AC_CHECK_LIB([smack], [smack_new_label_from_self],
- [AC_CHECK_LIB([smack], [smack_new_label_from_path],
- [AC_CHECK_HEADER([sys/smack.h],
- [LIB_SMACK=-lsmack
- AC_DEFINE([HAVE_SMACK], [1], [libsmack usability])]
- )])])
- if test "X$LIB_SMACK" = "X"; then
- if test "X$enable_libsmack" = "Xyes"; then
- AC_MSG_ERROR([libsmack library was not found or not usable])
- fi
- fi
- else
- AC_MSG_WARN([libsmack support disabled by user])
- fi
- AC_SUBST([LIB_SMACK])
-
# See if linking 'seq' requires -lm.
# It does on nearly every system. The single exception (so far) is
# BeOS which has all the math functions in the normal runtime library
diff --git a/src/id.c b/src/id.c
index 95f361a..bd286e0 100644
--- a/src/id.c
+++ b/src/id.c
@@ -24,15 +24,13 @@
#include
#include
#include
-#ifdef HAVE_SMACK
-# include
-#endif
#include "system.h"
#include "error.h"
#include "mgetgroups.h"
#include "quote.h"
#include "group-list.h"
+#include "smack.h"
/* The official name of this program (e.g., no 'g' prefix). */
#define PROGRAM_NAME "id"
@@ -110,9 +108,7 @@ main (int argc, char **argv)
{
int optc;
int selinux_enabled = (is_selinux_enabled () > 0);
-#ifdef HAVE_SMACK
- int smack_enabled = (smack_smackfs_path () != NULL);
-#endif
+ bool smack_enabled = is_smack_enabled ();
/* If true, output the list of all group IDs. -G */
bool just_group_list = false;
@@ -207,14 +203,11 @@ main (int argc, char **argv)
|| (default_format && ! getenv ("POSIXLY_CORRECT"))))
{
/* Report failure only if --context (-Z) was explicitly requested. */
- if (selinux_enabled && getcon (&context) && just_context)
+ if ((selinux_enabled && getcon (&context) && just_context)
+ || (smack_enabled
+ && smack_new_label_from_self ((char **) &context) < 0
+ && just_context))
error (EXIT_FAILURE, 0, _("can't get process context"));
-#ifdef HAVE_SMACK
- else if (smack_enabled
- && smack_new_label_from_self ((char **) &context) < 0
- && just_context)
- error (EXIT_FAILURE, 0, _("can't get process context"));
-#endif
}
if (n_ids == 1)
diff --git a/src/ls.c b/src/ls.c
index 61324c3..e341c67 100644
--- a/src/ls.c
+++ b/src/ls.c
@@ -101,6 +101,7 @@
#include "obstack.h"
#include "quote.h"
#include "quotearg.h"
+#include "smack.h"
#include "stat-size.h"
#include "stat-time.h"
#include "strftime.h"
@@ -115,10 +116,6 @@
# include
#endif
-#ifdef HAVE_SMACK
-# include
-#endif
-
#define PROGRAM_NAME (ls_mode == LS_LS ? "ls" \
: (ls_mode == LS_MULTI_COL \
? "dir" : "vdir"))
@@ -2762,11 +2759,9 @@ free_ent (struct fileinfo *f)
free (f->linkname);
if (f->scontext != UNKNOWN_SECURITY_CONTEXT)
{
-#ifdef HAVE_SMACK
- if (smack_smackfs_path ())
+ if (is_smack_enabled ())
free (f->scontext);
else
-#endif
freecon (f->scontext);
}
}
@@ -2825,7 +2820,7 @@ getfilecon_cache (char const *file, struct fileinfo *f, bool deref)
}
int r = 0;
#ifdef HAVE_SMACK
- if (smack_smackfs_path ())
+ if (is_smack_enabled ())
r = smack_new_label_from_path (file, "security.SMACK64", deref,
&f->scontext);
else
@@ -3030,11 +3025,9 @@ gobble_file (char const *name, enum filetype type, ino_t inode,
if (err == 0)
{
-#ifdef HAVE_SMACK
- if (smack_smackfs_path ())
+ if (is_smack_enabled ())
have_scontext = ! STREQ ("_", f->scontext);
else
-#endif
have_scontext = ! STREQ ("unlabeled", f->scontext);
}
else
diff --git a/src/mkdir.c b/src/mkdir.c
index e56b6cb..479faca 100644
--- a/src/mkdir.c
+++ b/src/mkdir.c
@@ -22,10 +22,6 @@
#include
#include
-#ifdef HAVE_SMACK
-# include
-#endif
-
#include "system.h"
#include "error.h"
#include "mkdir-p.h"
@@ -33,6 +29,7 @@
#include "prog-fprintf.h"
#include "quote.h"
#include "savewd.h"
+#include "smack.h"
/* The official name of this program (e.g., no 'g' prefix). */
#define PROGRAM_NAME "mkdir"
@@ -201,11 +198,9 @@ main (int argc, char **argv)
if (scontext)
{
-#ifdef HAVE_SMACK
- if (smack_smackfs_path ())
+ if (is_smack_enabled ())
ret = smack_set_label_for_self (scontext);
else
-#endif
ret = setfscreatecon (scontext);
}
diff --git a/src/mkfifo.c b/src/mkfifo.c
index a87a393..f9fcc0a 100644
--- a/src/mkfifo.c
+++ b/src/mkfifo.c
@@ -22,14 +22,11 @@
#include
#include
-#ifdef HAVE_SMACK
-# include
-#endif
-
#include "system.h"
#include "error.h"
#include "modechange.h"
#include "quote.h"
+#include "smack.h"
/* The official name of this program (e.g., no 'g' prefix). */
#define PROGRAM_NAME "mkfifo"
@@ -115,11 +112,9 @@ main (int argc, char **argv)
if (scontext)
{
-#ifdef HAVE_SMACK
- if (smack_smackfs_path ())
+ if (is_smack_enabled ())
ret = smack_set_label_for_self (scontext);
else
-#endif
ret = setfscreatecon (scontext);
}
diff --git a/src/mknod.c b/src/mknod.c
index 9f0afb3..4fd6ed0 100644
--- a/src/mknod.c
+++ b/src/mknod.c
@@ -22,14 +22,11 @@
#include
#include
-#ifdef HAVE_SMACK
-# include
-#endif
-
#include "system.h"
#include "error.h"
#include "modechange.h"
#include "quote.h"
+#include "smack.h"
#include "xstrtol.h"
/* The official name of this program (e.g., no 'g' prefix). */
@@ -171,11 +168,9 @@ main (int argc, char **argv)
if (scontext)
{
-#ifdef HAVE_SMACK
- if (smack_smackfs_path ())
+ if (is_smack_enabled ())
ret = smack_set_label_for_self (scontext);
else
-#endif
ret = setfscreatecon (scontext);
}
--
1.7.7.6