Re: [PATCH] mkdir: with -Z, create SMACK security context

coreutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] mkdir: with -Z, create SMACK security context

From:	Jarkko Sakkinen
Subject:	Re: [PATCH] mkdir: with -Z, create SMACK security context
Date:	Wed, 26 Jun 2013 10:59:05 +0300
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130510 Thunderbird/17.0.6

On 26.06.2013 01:55, Pádraig Brady wrote:

On 06/25/2013 08:37 PM, Jarkko Sakkinen wrote:

Enable creation of SMACK security context with -Z command-line switch
if SMACK is enabled.

So would similar patches apply to mkfifo, mknod and install?
If so a single patch with all would be preferable.


I was thinking of doing that but wasn't what's the granularity
of commits preferred in coreutils. It makes sense because they
are almost identical changes.

* mkdir.c (main): set process security context to given SMACK label
* src/local.mk: link mkdir with libsmack
---
  src/local.mk |  1 +
  src/mkdir.c  | 14 +++++++++++++-
  2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/src/local.mk b/src/local.mk
index 626d580..5df3405 100644
--- a/src/local.mk
+++ b/src/local.mk
@@ -232,6 +232,7 @@ src_id_LDADD += $(LIB_SMACK)
  src_ls_LDADD += $(LIB_SELINUX)
  src_ls_LDADD += $(LIB_SMACK)
  src_mkdir_LDADD += $(LIB_SELINUX)
+src_mkdir_LDADD += $(LIB_SMACK)
  src_mkfifo_LDADD += $(LIB_SELINUX)
  src_mknod_LDADD += $(LIB_SELINUX)
  src_runcon_LDADD += $(LIB_SELINUX)
diff --git a/src/mkdir.c b/src/mkdir.c
index b36237a..26348b6 100644
--- a/src/mkdir.c
+++ b/src/mkdir.c
@@ -22,6 +22,10 @@
  #include <sys/types.h>
  #include <selinux/selinux.h>

+#ifdef HAVE_SMACK

+# include <sys/smack.h>
+#endif
+
  #include "system.h"
  #include "error.h"
  #include "mkdir-p.h"
@@ -151,6 +155,7 @@ main (int argc, char **argv)
    int optc;
    security_context_t scontext = NULL;
    struct mkdir_options options;
+  int ret = 0;

options.make_ancestor_function = NULL;

    options.mode = S_IRWXUGO;
@@ -194,7 +199,14 @@ main (int argc, char **argv)
        usage (EXIT_FAILURE);
      }

- if (scontext && setfscreatecon (scontext) < 0)

+  if (scontext)

Please add { ...

+#ifdef HAVE_SMACK
+    if (smack_smackfs_path ())
+      ret = smack_set_label_for_self (scontext);
+    else
+#endif
+      ret = setfscreatecon (scontext);

... }
to disambiguate the if else clauses.

+  if (ret < 0)
      error (EXIT_FAILURE, errno,
             _("failed to set default file creation context to %s"),
             quote (scontext));

thanks,
Pádraig.


Thanks
/Jarkko

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] mkdir: with -Z, create SMACK security context, Jarkko Sakkinen, 2013/06/25
- Re: [PATCH] mkdir: with -Z, create SMACK security context, Pádraig Brady, 2013/06/25
  - Re: [PATCH] mkdir: with -Z, create SMACK security context, Jarkko Sakkinen <=

Prev by Date: Re: struct rusage redefinition issues on ppc - gnu time-1.7
Next by Date: [PATCH] mk{dir, fifo, nod}: with -Z, create SMACK security context
Previous by thread: Re: [PATCH] mkdir: with -Z, create SMACK security context
Next by thread: [PATCH] mk{dir, fifo, nod}: with -Z, create SMACK security context
Index(es):
- Date
- Thread