coreutils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] mkdir: with -Z, create SMACK security context

From: Pádraig Brady
Subject: Re: [PATCH] mkdir: with -Z, create SMACK security context
Date: Tue, 25 Jun 2013 23:55:36 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130110 Thunderbird/17.0.2 
On 06/25/2013 08:37 PM, Jarkko Sakkinen wrote:
> Enable creation of SMACK security context with -Z command-line switch
> if SMACK is enabled.

So would similar patches apply to mkfifo, mknod and install?
If so a single patch with all would be preferable.

> 
> * mkdir.c (main): set process security context to given SMACK label
> * src/local.mk: link mkdir with libsmack
> ---
>  src/local.mk |  1 +
>  src/mkdir.c  | 14 +++++++++++++-
>  2 files changed, 14 insertions(+), 1 deletion(-)
> 
> diff --git a/src/local.mk b/src/local.mk
> index 626d580..5df3405 100644
> --- a/src/local.mk
> +++ b/src/local.mk
> @@ -232,6 +232,7 @@ src_id_LDADD += $(LIB_SMACK)
>  src_ls_LDADD += $(LIB_SELINUX)
>  src_ls_LDADD += $(LIB_SMACK)
>  src_mkdir_LDADD += $(LIB_SELINUX)
> +src_mkdir_LDADD += $(LIB_SMACK)
>  src_mkfifo_LDADD += $(LIB_SELINUX)
>  src_mknod_LDADD += $(LIB_SELINUX)
>  src_runcon_LDADD += $(LIB_SELINUX)
> diff --git a/src/mkdir.c b/src/mkdir.c
> index b36237a..26348b6 100644
> --- a/src/mkdir.c
> +++ b/src/mkdir.c
> @@ -22,6 +22,10 @@
>  #include <sys/types.h>
>  #include <selinux/selinux.h>
>  
> +#ifdef HAVE_SMACK
> +# include <sys/smack.h>
> +#endif
> +
>  #include "system.h"
>  #include "error.h"
>  #include "mkdir-p.h"
> @@ -151,6 +155,7 @@ main (int argc, char **argv)
>    int optc;
>    security_context_t scontext = NULL;
>    struct mkdir_options options;
> +  int ret = 0;
>  
>    options.make_ancestor_function = NULL;
>    options.mode = S_IRWXUGO;
> @@ -194,7 +199,14 @@ main (int argc, char **argv)
>        usage (EXIT_FAILURE);
>      }
>  
> -  if (scontext && setfscreatecon (scontext) < 0)
> +  if (scontext)

Please add { ...

> +#ifdef HAVE_SMACK
> +    if (smack_smackfs_path ())
> +      ret = smack_set_label_for_self (scontext);
> +    else
> +#endif
> +      ret = setfscreatecon (scontext);

... }
to disambiguate the if else clauses.

> +  if (ret < 0)
>      error (EXIT_FAILURE, errno,
>             _("failed to set default file creation context to %s"),
>             quote (scontext));

thanks,
Pádraig.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]