Re: [PATCH] ls - colorize files with capabilities

bug-coreutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] ls - colorize files with capabilities

From:	Jim Meyering
Subject:	Re: [PATCH] ls - colorize files with capabilities
Date:	Sat, 19 Jul 2008 18:16:20 +0200

Kamil Dudka <address@hidden> wrote:
> as requested in rhbz #449985 by sectools team it will be good to have
> capability displaying support in ls. This patch has no effect on systems
> without function cap_get_file supported since libcap 2.x. You have to run
> configure with parameter --enable-libcap.

Thanks for working on this.
Sounds worthwhile, though maybe worth
giving it a separate attribute rather than
sharing the one currently used for set-user-ID programs.

Have you considered enabling it by default, when the library is usable?

> From d4fde447cae7d5e40320dd8f7240cd8cb248a127 Mon Sep 17 00:00:00 2001
> From: Kamil Dudka <address@hidden>
> Date: Mon, 14 Jul 2008 13:45:04 +0200

> Subject: [PATCH] Added support for capabilities to ls.

FYI, if the rest were ready, I'd want the log to look like this:

ls: --color now highlights files with capabilities, too
* configure.ac: --enable-libcap configure parameter, check for libcap 2.x 
version
* src/Makefile.am: libcap library linking
* src/ls.c (has_capability): new function for capability detection
(print_color_indicator): colorize file with capability
* NEWS: mentioned the change

Note the s/hasCapability/has_capability/ change.

> ---
>  configure.ac    |   12 ++++++++++++
>  src/Makefile.am |    6 +++---
>  src/ls.c        |   40 +++++++++++++++++++++++++++++++++++++++-
>  NEWS            |    2 ++
>  4 files changed, 56 insertions(+), 4 deletions(-)
>
> diff --git a/configure.ac b/configure.ac
> index ac93e1c..b8567ac 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -44,6 +44,18 @@ gl_EARLY
>  gl_INIT
>  coreutils_MACROS
>
> +dnl Check whether support for libcap 2.x should be built
> +AC_ARG_ENABLE(libcap,
> +  [  --enable-libcap               Enable use of the libcap 2.x library],

It's better to use AC_HELP_STRING:

  AC_ARG_ENABLE([libcap],
    AC_HELP_STRING([--enable-libcap], [enable libcap support])
    AC_HELP_STRING([--disable-libcap], [disable libcap support]),
    ...
    )

> +  [AC_CHECK_LIB([cap], [cap_get_file],
> +    [AC_CHECK_HEADER([sys/capability.h],
> +      [LIB_CAP2="-lcap" AC_DEFINE(HAVE_CAP2, 1, [libcap 2.x availability])],

Re LIB_CAP2,
if you don't embed the library version number in the symbol name,
then we won't have to change it when libcap3 comes along.

> +      [AC_MSG_WARN([header sys/capability.h was not found, support for 
> libcap will not be built])]
> +      )],
> +    [AC_MSG_WARN([libcap 2.x library was not found, support for libcap will 
> not be built])])

Don't mention the 2.x version number here either.

> +    ])
> +AC_SUBST([LIB_CAP2])
> +
>  AC_FUNC_FORK
>
>  optional_bin_progs=
> diff --git a/src/Makefile.am b/src/Makefile.am
> index 65b20a2..e96f98d 100644
> --- a/src/Makefile.am
> +++ b/src/Makefile.am
> @@ -101,15 +101,15 @@ __LDADD = $(LDADD) $(LIB_EACCESS)
>
>  # for clock_gettime and fdatasync
>  dd_LDADD = $(LDADD) $(LIB_GETHRXTIME) $(LIB_FDATASYNC)
> -dir_LDADD = $(LDADD) $(LIB_CLOCK_GETTIME) $(LIB_SELINUX)
> +dir_LDADD = $(LDADD) $(LIB_CLOCK_GETTIME) $(LIB_SELINUX) $(LIB_CAP2)
>  id_LDADD = $(LDADD) $(LIB_SELINUX)
> -ls_LDADD = $(LDADD) $(LIB_CLOCK_GETTIME) $(LIB_SELINUX)
> +ls_LDADD = $(LDADD) $(LIB_CLOCK_GETTIME) $(LIB_SELINUX) $(LIB_CAP2)
>  mktemp_LDADD = $(LDADD) $(LIB_GETHRXTIME)
>  pr_LDADD = $(LDADD) $(LIB_CLOCK_GETTIME)
>  shred_LDADD = $(LDADD) $(LIB_GETHRXTIME) $(LIB_FDATASYNC)
>  shuf_LDADD = $(LDADD) $(LIB_GETHRXTIME)
>  tac_LDADD = $(LDADD) $(LIB_CLOCK_GETTIME)
> -vdir_LDADD = $(LDADD) $(LIB_CLOCK_GETTIME) $(LIB_SELINUX)
> +vdir_LDADD = $(LDADD) $(LIB_CLOCK_GETTIME) $(LIB_SELINUX) $(LIB_CAP2)
>
>  ## If necessary, add -lm to resolve use of pow in lib/strtod.c.
>  sort_LDADD = $(LDADD) $(POW_LIB) $(LIB_GETHRXTIME)
> diff --git a/src/ls.c b/src/ls.c
> index 4b69f7d..6fc7197 100644
> --- a/src/ls.c
> +++ b/src/ls.c
> @@ -38,6 +38,10 @@
>  #include <config.h>
>  #include <sys/types.h>
>
> +#ifdef HAVE_CAP2
> +# include <sys/capability.h>
> +#endif
> +
>  #if HAVE_TERMIOS_H
>  # include <termios.h>
>  #endif
> @@ -3896,6 +3900,34 @@ print_type_indicator (bool stat_ok, mode_t mode, enum 
> filetype type)
>      DIRED_PUTCHAR (c);
>  }
>
> +#ifdef HAVE_CAP2
> +static bool
> +/* returns true if file has capability (see linux/capability.h) */

Return true if NAME has a capability (see linux/capability.h) */

Use underscores, (i.e., has_capability, has_cap), not mixed case.

> +hasCapability(const char *name)

Always use a space before the opening parenthesis.

> +{
> +  cap_t cap_d;
> +  char *result;
> +  bool hasCap;
> +
> +  cap_d = cap_get_file(name);
> +  if (cap_d == NULL)
> +    return false;
> +
> +  result = cap_to_text(cap_d, NULL);
> +  if (!result) {

curly brace goes on a line by itself.  Use 'gnu indent's style.

> +    cap_free(cap_d);

Move this cap_free call "up".  Then you can remove
the repeated call below.

> +    return false;
> +  }
> +
> +  /* check if human-readable capability string is empty */
> +  hasCap = *result;

I seem to recall that this idiom is slightly better
from a portability standpoint, e.g., when bool is simulated
with an 8-bit type:

    hasCap = !!*result;

> +  cap_free(cap_d);
> +  cap_free(result);
> +  return hasCap;
> +}
> +#endif
> +
>  /* Returns whether any color sequence was printed. */
>  static bool
>  print_color_indicator (const char *name, mode_t mode, int linkok,
> @@ -3919,7 +3951,13 @@ print_color_indicator (const char *name, mode_t mode, 
> int linkok,
>        if (S_ISREG (mode))
>       {
>         type = C_FILE;
> -       if ((mode & S_ISUID) != 0)
> +       if (
> +        ((mode & S_ISUID) != 0)
> +#ifdef HAVE_CAP2

Remove these in-function #ifdefs.
Instead, define has_capability to return false when the library
is not available.

> +/* highlights file with capability (see linux/capability.h) */
> +        || hasCapability(name)
> +#endif
> +        )
>           type = C_SETUID;
>         else if ((mode & S_ISGID) != 0)
>           type = C_SETGID;
> diff --git a/NEWS b/NEWS
> index d6ed89e..16b721e 100644
> --- a/NEWS
> +++ b/NEWS
> @@ -27,6 +27,8 @@ GNU coreutils NEWS                                    -*- 
> outline -*-
>    represents the maximum number of inputs that will be merged at once.
>    When processing more than NMERGE inputs, sort uses temporary files.
>
> +  ls now colorizes files with capabilities if libcap is available
> +
>  ** Bug fixes
>
>    chcon --verbose now prints a newline after each message

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] ls - colorize files with capabilities, Kamil Dudka, 2008/07/14
- Re: [PATCH] ls - colorize files with capabilities, Jim Meyering <=
  - Re: [PATCH] ls - colorize files with capabilities, Kamil Dudka, 2008/07/21
    - Re: [PATCH] ls - colorize files with capabilities, Jim Meyering, 2008/07/21
    - Re: [PATCH] ls - colorize files with capabilities, Kamil Dudka, 2008/07/22
    - Re: [PATCH] ls - colorize files with capabilities, Kamil Dudka, 2008/07/22
    - Re: [PATCH] ls - colorize files with capabilities, Jim Meyering, 2008/07/22
- Re: [PATCH] ls - colorize files with capabilities, Kamil Dudka, 2008/07/23
  - Re: [PATCH] ls - colorize files with capabilities, Jim Meyering, 2008/07/25
    - Re: [PATCH] ls - colorize files with capabilities, Kamil Dudka, 2008/07/29
    - Re: [PATCH] ls - colorize files with capabilities, Kamil Dudka, 2008/07/30

Prev by Date: Re: Suggestion: try ~/.dircolors
Next by Date: Re: Suggestion: try ~/.dircolors
Previous by thread: [PATCH] ls - colorize files with capabilities
Next by thread: Re: [PATCH] ls - colorize files with capabilities
Index(es):
- Date
- Thread