[PATCH 2/8] busybox -- SELinux option support for coreutils: ver3

Yuichi Nakamura ynakam at hitachisoft.jp
Mon Feb 26 01:52:49 UTC 2007


On Sat, 24 Feb 2007 16:01:14 +0100
Denis Vlasenko  wrote:
> On Friday 23 February 2007 09:47, Yuichi Nakamura wrote:
> > [2/8] busybox-coreutils-02-copy.v3.patch
> >   - cp: -Z,-c option support. 
> >       -c option: security context is preserved during file copy.
> >   - mv 
> >     In SELinux, it is recommended to preserve security context 
> >     when file is moved. By this patch, file context is preserved 
> >     during file move.
> >   - install
> >     When file is copied by install, security context of installed file 
> >     becomes different from value configured in file_contexts file.
> >     By this patch, security context is set according to file_contexts file.
> >     -Z option: security context can be set during file copy.
> > 
> > Signed-off-by: Yuichi Nakamura <ynakam at hitachisoft.jp>
> 
>         FILEUTILS_MAKE_SOFTLINK = 0x40,
> +#if ENABLE_SELINUX
> +       FILEUTILS_PRESERVE_SECURITY_CONTEXT = 0x80,
> +       FILEUTILS_SET_SECURITY_CONTEXT = 0x100
> +#endif
>  };
> -#define FILEUTILS_CP_OPTSTR "pdRfils"
> 
> +#define FILEUTILS_CP_OPTSTR "pdRfils" USE_SELINUX("c\b")
> +
>  extern const char *applet_name;
> ...
>         { "owner",               0, NULL, 'o' },
> +#if ENABLE_SELINUX
> +       { "context",             1, NULL, 'Z' },
> +       { "preserve_context",    0, NULL, '\b'},
> +       { "preserve-context",    0, NULL, '\b'},
> +
> +#endif
>         { 0, 0, 0, 0 }
> 
> Hmmm... we typically use high ascii values for this kind
> of "fake" option chars. Example in wget.c:
> 
>         static const struct option wget_long_options[] = {
> ...
>                 { "user-agent",       required_argument, NULL, 'U' },
>                 { "passive-ftp",      no_argument, NULL, 0xff },
>                 { "header",           required_argument, NULL, 0xfe },
>                 { 0, 0, 0, 0 }
>         };
>         applet_long_options = wget_long_options;
> #endif
>         opt_complementary = "-1" USE_FEATURE_WGET_LONG_OPTIONS(":\xfe::");
>         opt = getopt32(argc, argv, "cqO:P:Y:U:",   ...);
> 
> Notice that in this example we avoid giving "strange" chars to getopt32
> *at all*, preventing our applets from having "hidden" options a-la
> "wget $'-\xff' ftp://kernel.org/".
> 
> Can you avoid passing '\b' to getopt32 in install etc?
Fixed. Using "0xff" instead.


> 
> 
> +                       bb_error_msg("warning: ignoring --preserve-context. "
> +                                        "The kernel is not SELinux-enabled.\n" );
> 
> bb_error_msg don't need trailing '\n'.
> I already mentioned that in the previous round of review.
> 
> 
> +#if ENABLE_SELINUX
> +       if ((flags & FILEUTILS_PRESERVE_SECURITY_CONTEXT) && is_selinux_enabled() > 0){
> +               security_context_t con;
> +               if (lgetfilecon (source, &con) >= 0){
> +                       if (setfscreatecon(con) < 0) {
> +                               bb_perror_msg ("cannot set setfscreatecon %s", con);
> +                               freecon(con);
> +                               return -1;
> +                       }
> +               }else{
> +                       if( errno == ENOTSUP || errno == ENODATA ) {
> +                               setfscreatecon(NULL);
> +                       } else {
> +                               bb_perror_msg ("cannot  lgetfilecon %s", source);
> +                               return -1;
> +                       }
> +               }
> +       }
> +#endif
> 
> Usage of whitespace is very different from the rest of busybox code here.
Fixed. And I found other bad usage of white space, and fixed.

> 
> --
> vda

Attached is revised patch(v4).

--
Yuichi Nakamura
Hitachi Software Engineering Co., Ltd.
SELinux Policy Editor: http://seedit.sourceforge.net/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: busybox-coreutils-copy-02.v4.patch
Type: application/octet-stream
Size: 7805 bytes
Desc: not available
Url : http://lists.busybox.net/pipermail/busybox/attachments/20070226/91d09e74/attachment-0002.obj 


More information about the busybox mailing list