[busybox:00366] Re: [PATCH 2/6] busybox -- SELinux option support for coreutils

Yuichi Nakamura ynakam at hitachisoft.jp
Fri Feb 9 09:48:17 UTC 2007


On Thu, 8 Feb 2007 23:49:08 +0100
Denis Vlasenko wrote:
> On Thursday 08 February 2007 07:54, Yuichi Nakamura wrote:
> > [2/6] busybox-coreutils-02-copy.patch
> >   - cp: -Z,-c option support. 
> >       -c option: security context is preserved during file copy.
> >       -Z option: security context can be set during file copy.
> >   - mv 
> >     In SELinux, it is recommended to preserve security context 
> >     when file is moved. By this patch, file context is preserved 
> >     during file move.
> >   - install
> >     When file is copied by install, security context of installed file 
> >     becomes different from value configured in file_contexts file.
> >     By this patch, security context is set according to file_contexts file.
> > 
> > Signed-off-by: Yuichi Nakamura <ynakam at hitachisoft.jp>
> 
> 
> Index: include/libbb.h
> ===================================================================
> --- include/libbb.h	(revision 17803)
> +++ include/libbb.h	(working copy)
> @@ -743,9 +743,15 @@
>  	FILEUTILS_INTERACTIVE = 0x10,
>  	FILEUTILS_MAKE_HARDLINK = 0x20,
>  	FILEUTILS_MAKE_SOFTLINK = 0x40,
> +#if ENABLE_SELINUX
> +	FILEUTILS_PRESERVE_SECURITY_CONTEXT = 0x80,
> +	FILEUTILS_SET_SECURITY_CONTEXT = 0x100
> +#endif
> +
>  };
> 
> This empty line after #endif - why?

removed this empty line.

> 
> +#if ENABLE_SELINUX 
> +	if (flags & FILEUTILS_SET_SECURITY_CONTEXT) {
> +		if(is_selinux_enabled() == 0) {
> +			fprintf( stderr, "Warning:  ignoring --context (-Z). "
> +					 "It requires a SELinux enabled kernel.\n" );
> +		}else{
> +			if ( setfscreatecon(context_str) < 0 ) {
> +				bb_error_msg_and_die("cannot set default security context %s\n", context_str);
> +			}
> +		}
> +	}
> +#endif
This part is removed because upstream coreutils does not have -Z option for cp.

> 
> The style is not consistent. Should be "if ()", "} else {".
> "Warning:  ignoring" has extra space for no reason.
> fprintf(stderr) can be probably replaced by bb_error_msg:
> bb_error_msg("warning: ignoring --context (-Z), it requires a SELinux enabled kernel");
fixed.

> 
> 
> +static int use_default_selinux_context = 1;
> 
> You never change it, it is always 1.  - ?!
It is used in current patch.

> --
> vda
> 

Other changes are following:
* Removed -Z option from cp
* Added --preserve-context, -Z options to install


-- 
Yuichi Nakamura
Hitachi Software Engineering Co., Ltd.
SELinux Policy Editor: http://seedit.sourceforge.net/


-------------- next part --------------
A non-text attachment was scrubbed...
Name: busybox-coreutils-copy-02.v2.patch
Type: application/octet-stream
Size: 7808 bytes
Desc: not available
Url : http://lists.busybox.net/pipermail/busybox/attachments/20070209/205fedc0/attachment-0002.obj 


More information about the busybox mailing list