[busybox:00366] Re: [PATCH 2/6] busybox -- SELinux option support for coreutils
Yuichi Nakamura
ynakam at hitachisoft.jp
Fri Feb 9 09:48:17 UTC 2007
On Thu, 8 Feb 2007 23:49:08 +0100
Denis Vlasenko wrote:
> On Thursday 08 February 2007 07:54, Yuichi Nakamura wrote:
> > [2/6] busybox-coreutils-02-copy.patch
> > - cp: -Z,-c option support.
> > -c option: security context is preserved during file copy.
> > -Z option: security context can be set during file copy.
> > - mv
> > In SELinux, it is recommended to preserve security context
> > when file is moved. By this patch, file context is preserved
> > during file move.
> > - install
> > When file is copied by install, security context of installed file
> > becomes different from value configured in file_contexts file.
> > By this patch, security context is set according to file_contexts file.
> >
> > Signed-off-by: Yuichi Nakamura <ynakam at hitachisoft.jp>
>
>
> Index: include/libbb.h
> ===================================================================
> --- include/libbb.h (revision 17803)
> +++ include/libbb.h (working copy)
> @@ -743,9 +743,15 @@
> FILEUTILS_INTERACTIVE = 0x10,
> FILEUTILS_MAKE_HARDLINK = 0x20,
> FILEUTILS_MAKE_SOFTLINK = 0x40,
> +#if ENABLE_SELINUX
> + FILEUTILS_PRESERVE_SECURITY_CONTEXT = 0x80,
> + FILEUTILS_SET_SECURITY_CONTEXT = 0x100
> +#endif
> +
> };
>
> This empty line after #endif - why?
removed this empty line.
>
> +#if ENABLE_SELINUX
> + if (flags & FILEUTILS_SET_SECURITY_CONTEXT) {
> + if(is_selinux_enabled() == 0) {
> + fprintf( stderr, "Warning: ignoring --context (-Z). "
> + "It requires a SELinux enabled kernel.\n" );
> + }else{
> + if ( setfscreatecon(context_str) < 0 ) {
> + bb_error_msg_and_die("cannot set default security context %s\n", context_str);
> + }
> + }
> + }
> +#endif
This part is removed because upstream coreutils does not have -Z option for cp.
>
> The style is not consistent. Should be "if ()", "} else {".
> "Warning: ignoring" has extra space for no reason.
> fprintf(stderr) can be probably replaced by bb_error_msg:
> bb_error_msg("warning: ignoring --context (-Z), it requires a SELinux enabled kernel");
fixed.
>
>
> +static int use_default_selinux_context = 1;
>
> You never change it, it is always 1. - ?!
It is used in current patch.
> --
> vda
>
Other changes are following:
* Removed -Z option from cp
* Added --preserve-context, -Z options to install
--
Yuichi Nakamura
Hitachi Software Engineering Co., Ltd.
SELinux Policy Editor: http://seedit.sourceforge.net/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: busybox-coreutils-copy-02.v2.patch
Type: application/octet-stream
Size: 7808 bytes
Desc: not available
Url : http://lists.busybox.net/pipermail/busybox/attachments/20070209/205fedc0/attachment-0002.obj
More information about the busybox
mailing list