[PATCH 2/6] busybox -- SELinux option support for coreutils

[Denis Vlasenko]

On Thursday 08 February 2007 07:54, Yuichi Nakamura wrote:
> [2/6] busybox-coreutils-02-copy.patch
>   - cp: -Z,-c option support. 
>       -c option: security context is preserved during file copy.
>       -Z option: security context can be set during file copy.
>   - mv 
>     In SELinux, it is recommended to preserve security context 
>     when file is moved. By this patch, file context is preserved 
>     during file move.
>   - install
>     When file is copied by install, security context of installed file 
>     becomes different from value configured in file_contexts file.
>     By this patch, security context is set according to file_contexts file.
> 
> Signed-off-by: Yuichi Nakamura <ynakam at hitachisoft.jp>


Index: include/libbb.h
===================================================================
--- include/libbb.h	(revision 17803)
+++ include/libbb.h	(working copy)
@@ -743,9 +743,15 @@
 	FILEUTILS_INTERACTIVE = 0x10,
 	FILEUTILS_MAKE_HARDLINK = 0x20,
 	FILEUTILS_MAKE_SOFTLINK = 0x40,
+#if ENABLE_SELINUX
+	FILEUTILS_PRESERVE_SECURITY_CONTEXT = 0x80,
+	FILEUTILS_SET_SECURITY_CONTEXT = 0x100
+#endif
+
 };

This empty line after #endif - why?

+#if ENABLE_SELINUX 
+	if (flags & FILEUTILS_SET_SECURITY_CONTEXT) {
+		if(is_selinux_enabled() == 0) {
+			fprintf( stderr, "Warning:  ignoring --context (-Z). "
+					 "It requires a SELinux enabled kernel.\n" );
+		}else{
+			if ( setfscreatecon(context_str) < 0 ) {
+				bb_error_msg_and_die("cannot set default security context %s\n", context_str);
+			}
+		}
+	}
+#endif

The style is not consistent. Should be "if ()", "} else {".
"Warning:  ignoring" has extra space for no reason.
fprintf(stderr) can be probably replaced by bb_error_msg:
bb_error_msg("warning: ignoring --context (-Z), it requires a SELinux enabled kernel");


+static int use_default_selinux_context = 1;

You never change it, it is always 1.  - ?!
--
vda