[PATCH 2/8] busybox -- SELinux option support for coreutils: ver3
Yuichi Nakamura
ynakam at hitachisoft.jp
Mon Feb 26 01:52:49 UTC 2007
On Sat, 24 Feb 2007 16:01:14 +0100
Denis Vlasenko wrote:
> On Friday 23 February 2007 09:47, Yuichi Nakamura wrote:
> > [2/8] busybox-coreutils-02-copy.v3.patch
> > - cp: -Z,-c option support.
> > -c option: security context is preserved during file copy.
> > - mv
> > In SELinux, it is recommended to preserve security context
> > when file is moved. By this patch, file context is preserved
> > during file move.
> > - install
> > When file is copied by install, security context of installed file
> > becomes different from value configured in file_contexts file.
> > By this patch, security context is set according to file_contexts file.
> > -Z option: security context can be set during file copy.
> >
> > Signed-off-by: Yuichi Nakamura <ynakam at hitachisoft.jp>
>
> FILEUTILS_MAKE_SOFTLINK = 0x40,
> +#if ENABLE_SELINUX
> + FILEUTILS_PRESERVE_SECURITY_CONTEXT = 0x80,
> + FILEUTILS_SET_SECURITY_CONTEXT = 0x100
> +#endif
> };
> -#define FILEUTILS_CP_OPTSTR "pdRfils"
>
> +#define FILEUTILS_CP_OPTSTR "pdRfils" USE_SELINUX("c\b")
> +
> extern const char *applet_name;
> ...
> { "owner", 0, NULL, 'o' },
> +#if ENABLE_SELINUX
> + { "context", 1, NULL, 'Z' },
> + { "preserve_context", 0, NULL, '\b'},
> + { "preserve-context", 0, NULL, '\b'},
> +
> +#endif
> { 0, 0, 0, 0 }
>
> Hmmm... we typically use high ascii values for this kind
> of "fake" option chars. Example in wget.c:
>
> static const struct option wget_long_options[] = {
> ...
> { "user-agent", required_argument, NULL, 'U' },
> { "passive-ftp", no_argument, NULL, 0xff },
> { "header", required_argument, NULL, 0xfe },
> { 0, 0, 0, 0 }
> };
> applet_long_options = wget_long_options;
> #endif
> opt_complementary = "-1" USE_FEATURE_WGET_LONG_OPTIONS(":\xfe::");
> opt = getopt32(argc, argv, "cqO:P:Y:U:", ...);
>
> Notice that in this example we avoid giving "strange" chars to getopt32
> *at all*, preventing our applets from having "hidden" options a-la
> "wget $'-\xff' ftp://kernel.org/".
>
> Can you avoid passing '\b' to getopt32 in install etc?
Fixed. Using "0xff" instead.
>
>
> + bb_error_msg("warning: ignoring --preserve-context. "
> + "The kernel is not SELinux-enabled.\n" );
>
> bb_error_msg don't need trailing '\n'.
> I already mentioned that in the previous round of review.
>
>
> +#if ENABLE_SELINUX
> + if ((flags & FILEUTILS_PRESERVE_SECURITY_CONTEXT) && is_selinux_enabled() > 0){
> + security_context_t con;
> + if (lgetfilecon (source, &con) >= 0){
> + if (setfscreatecon(con) < 0) {
> + bb_perror_msg ("cannot set setfscreatecon %s", con);
> + freecon(con);
> + return -1;
> + }
> + }else{
> + if( errno == ENOTSUP || errno == ENODATA ) {
> + setfscreatecon(NULL);
> + } else {
> + bb_perror_msg ("cannot lgetfilecon %s", source);
> + return -1;
> + }
> + }
> + }
> +#endif
>
> Usage of whitespace is very different from the rest of busybox code here.
Fixed. And I found other bad usage of white space, and fixed.
>
> --
> vda
Attached is revised patch(v4).
--
Yuichi Nakamura
Hitachi Software Engineering Co., Ltd.
SELinux Policy Editor: http://seedit.sourceforge.net/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: busybox-coreutils-copy-02.v4.patch
Type: application/octet-stream
Size: 7805 bytes
Desc: not available
Url : http://lists.busybox.net/pipermail/busybox/attachments/20070226/91d09e74/attachment-0002.obj
More information about the busybox
mailing list