[PATCH 2/6] busybox -- SELinux option support for coreutils
Denis Vlasenko
vda.linux at googlemail.com
Thu Feb 8 22:49:08 UTC 2007
On Thursday 08 February 2007 07:54, Yuichi Nakamura wrote:
> [2/6] busybox-coreutils-02-copy.patch
> - cp: -Z,-c option support.
> -c option: security context is preserved during file copy.
> -Z option: security context can be set during file copy.
> - mv
> In SELinux, it is recommended to preserve security context
> when file is moved. By this patch, file context is preserved
> during file move.
> - install
> When file is copied by install, security context of installed file
> becomes different from value configured in file_contexts file.
> By this patch, security context is set according to file_contexts file.
>
> Signed-off-by: Yuichi Nakamura <ynakam at hitachisoft.jp>
Index: include/libbb.h
===================================================================
--- include/libbb.h (revision 17803)
+++ include/libbb.h (working copy)
@@ -743,9 +743,15 @@
FILEUTILS_INTERACTIVE = 0x10,
FILEUTILS_MAKE_HARDLINK = 0x20,
FILEUTILS_MAKE_SOFTLINK = 0x40,
+#if ENABLE_SELINUX
+ FILEUTILS_PRESERVE_SECURITY_CONTEXT = 0x80,
+ FILEUTILS_SET_SECURITY_CONTEXT = 0x100
+#endif
+
};
This empty line after #endif - why?
+#if ENABLE_SELINUX
+ if (flags & FILEUTILS_SET_SECURITY_CONTEXT) {
+ if(is_selinux_enabled() == 0) {
+ fprintf( stderr, "Warning: ignoring --context (-Z). "
+ "It requires a SELinux enabled kernel.\n" );
+ }else{
+ if ( setfscreatecon(context_str) < 0 ) {
+ bb_error_msg_and_die("cannot set default security context %s\n", context_str);
+ }
+ }
+ }
+#endif
The style is not consistent. Should be "if ()", "} else {".
"Warning: ignoring" has extra space for no reason.
fprintf(stderr) can be probably replaced by bb_error_msg:
bb_error_msg("warning: ignoring --context (-Z), it requires a SELinux enabled kernel");
+static int use_default_selinux_context = 1;
You never change it, it is always 1. - ?!
--
vda
More information about the busybox
mailing list