[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] mkdir: with -Z, create SMACK security context
|
From: |
Jarkko Sakkinen |
|
Subject: |
[PATCH] mkdir: with -Z, create SMACK security context |
|
Date: |
Tue, 25 Jun 2013 22:37:58 +0300 |
Enable creation of SMACK security context with -Z command-line switch
if SMACK is enabled.
* mkdir.c (main): set process security context to given SMACK label
* src/local.mk: link mkdir with libsmack
---
src/local.mk | 1 +
src/mkdir.c | 14 +++++++++++++-
2 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/src/local.mk b/src/local.mk
index 626d580..5df3405 100644
--- a/src/local.mk
+++ b/src/local.mk
@@ -232,6 +232,7 @@ src_id_LDADD += $(LIB_SMACK)
src_ls_LDADD += $(LIB_SELINUX)
src_ls_LDADD += $(LIB_SMACK)
src_mkdir_LDADD += $(LIB_SELINUX)
+src_mkdir_LDADD += $(LIB_SMACK)
src_mkfifo_LDADD += $(LIB_SELINUX)
src_mknod_LDADD += $(LIB_SELINUX)
src_runcon_LDADD += $(LIB_SELINUX)
diff --git a/src/mkdir.c b/src/mkdir.c
index b36237a..26348b6 100644
--- a/src/mkdir.c
+++ b/src/mkdir.c
@@ -22,6 +22,10 @@
#include <sys/types.h>
#include <selinux/selinux.h>
+#ifdef HAVE_SMACK
+# include <sys/smack.h>
+#endif
+
#include "system.h"
#include "error.h"
#include "mkdir-p.h"
@@ -151,6 +155,7 @@ main (int argc, char **argv)
int optc;
security_context_t scontext = NULL;
struct mkdir_options options;
+ int ret = 0;
options.make_ancestor_function = NULL;
options.mode = S_IRWXUGO;
@@ -194,7 +199,14 @@ main (int argc, char **argv)
usage (EXIT_FAILURE);
}
- if (scontext && setfscreatecon (scontext) < 0)
+ if (scontext)
+#ifdef HAVE_SMACK
+ if (smack_smackfs_path ())
+ ret = smack_set_label_for_self (scontext);
+ else
+#endif
+ ret = setfscreatecon (scontext);
+ if (ret < 0)
error (EXIT_FAILURE, errno,
_("failed to set default file creation context to %s"),
quote (scontext));
--
1.8.1.2
- [PATCH] mkdir: with -Z, create SMACK security context,
Jarkko Sakkinen <=