[PATCH] tar: add selinux context support
Tanguy Pruvot
tanguy.pruvot at gmail.com
Sat May 17 15:37:22 UTC 2014
>From ea1ee9b60cf888bd1689a002813c7abf4afb0860 Mon Sep 17 00:00:00 2001
From: Tanguy Pruvot <tanguy.pruvot at gmail.com>
Date: Sat, 17 May 2014 17:27:40 +0200
Subject: [PATCH] tar: add selinux context support
Change-Id: Ic7a39ee03087ed19e814b138ec6d70cdadb605cd
Signed-off-by: Tanguy Pruvot <tanguy.pruvot at gmail.com>
---
archival/tar.c | 42 ++++++++++++++++++++++++++++++++++++++++++
include/bb_archive.h | 2 +-
2 files changed, 43 insertions(+), 1 deletions(-)
diff --git a/archival/tar.c b/archival/tar.c
index aa02d35..c295ce0 100644
--- a/archival/tar.c
+++ b/archival/tar.c
@@ -210,6 +210,7 @@ enum {
CONTTYPE = '7', /* reserved */
GNULONGLINK = 'K', /* GNU long (>100 chars) link name */
GNULONGNAME = 'L', /* GNU long (>100 chars) file name */
+ EXTTYPE = 'x', /* ext metadata for next file, store selinux_context */
};
/* Might be faster (and bigger) if the dev/ino were stored in numeric
order;) */
@@ -351,6 +352,35 @@ static void writeLongname(int fd, int type, const char
*name, int dir)
}
#endif
+#if ENABLE_FEATURE_TAR_SELINUX
+# define SELINUX_CONTEXT_KEYWORD "RHT.security.selinux"
+/* Write 2 blocks : extended file header + selinux context */
+static void writeSeHeader(int fd, const char *con, struct stat *statbuf,
+ struct tar_header_t *mainHeader)
+{
+ struct tar_header_t header;
+ char block[TAR_BLOCK_SIZE];
+ int sz = sizeof(SELINUX_CONTEXT_KEYWORD) + strlen(con) + 4;
+ if (sz >= 100) sz++; // another ascci digit for size
+
+ memset(&block, 0, TAR_BLOCK_SIZE);
+ sprintf(block, "%d %s=%s\n", sz, SELINUX_CONTEXT_KEYWORD, con);
+
+ memcpy(&header, mainHeader, sizeof(header));
+
+ /* write duplicated file entry */
+ mainHeader->typeflag = EXTTYPE;
+ PUT_OCTAL(mainHeader->size, sz);
+ chksum_and_xwrite(fd, mainHeader);
+
+ /* write selinux context */
+ xwrite(fd, &block, TAR_BLOCK_SIZE);
+
+ /* restore main header for standard write */
+ memcpy(mainHeader, &header, sizeof(header));
+}
+#endif
+
/* Write out a tar header for the specified file/directory/whatever */
static int writeTarHeader(struct TarBallInfo *tbInfo,
const char *header_name, const char *fileName, struct stat *statbuf)
@@ -468,6 +498,18 @@ static int writeTarHeader(struct TarBallInfo *tbInfo,
header_name, S_ISDIR(statbuf->st_mode));
#endif
+#if ENABLE_FEATURE_TAR_SELINUX
+ if (is_selinux_enabled()) {
+ security_context_t sid;
+ getfilecon(fileName, &sid);
+ if (sid) {
+ // optional extended block
+ writeSeHeader(tbInfo->tarFd, sid, statbuf, &header);
+ freecon(sid);
+ }
+ }
+#endif
+
/* Now write the header out to disk */
chksum_and_xwrite(tbInfo->tarFd, &header);
diff --git a/include/bb_archive.h b/include/bb_archive.h
index b82cfd8..d796fcd 100644
--- a/include/bb_archive.h
+++ b/include/bb_archive.h
@@ -146,7 +146,7 @@ typedef struct tar_header_t { /* byte offset */
/* Normally it's defined as magic[6] followed by
* version[2], but we put them together to save code.
*/
- char magic[8]; /* 257-264 */
+ char magic[8]; /* 257-264 (magic 6 + version 2) */
char uname[32]; /* 265-296 */
char gname[32]; /* 297-328 */
char devmajor[8]; /* 329-336 */
--
1.7.2.5
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/busybox/attachments/20140517/0b254fe1/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-tar-add-selinux-context-support.patch
Type: application/octet-stream
Size: 3205 bytes
Desc: not available
URL: <http://lists.busybox.net/pipermail/busybox/attachments/20140517/0b254fe1/attachment.obj>
More information about the busybox
mailing list