diff options
| author | Denis Vlasenko <vda.linux@googlemail.com> | 2007-03-10 16:58:49 +0000 |
|---|---|---|
| committer | Denis Vlasenko <vda.linux@googlemail.com> | 2007-03-10 16:58:49 +0000 |
| commit | 49622d784672bf2f7b2fe80589714cdef5adde0c (patch) | |
| tree | 892bb79b0ef031d729e688d6be4950f6d17f13b9 /coreutils/install.c | |
| parent | 4eb8b936cb0aeb27c3e12f9a93fc43aa1e9668f5 (diff) | |
| download | busybox-w32-49622d784672bf2f7b2fe80589714cdef5adde0c.tar.gz busybox-w32-49622d784672bf2f7b2fe80589714cdef5adde0c.tar.bz2 busybox-w32-49622d784672bf2f7b2fe80589714cdef5adde0c.zip | |
selinux support by Yuichi Nakamura <ynakam@hitachisoft.jp> (HitachiSoft)
Diffstat (limited to 'coreutils/install.c')
| -rw-r--r-- | coreutils/install.c | 75 |
1 files changed, 70 insertions, 5 deletions
diff --git a/coreutils/install.c b/coreutils/install.c index c105addc5..83facad9d 100644 --- a/coreutils/install.c +++ b/coreutils/install.c | |||
| @@ -21,10 +21,49 @@ static const struct option install_long_options[] = { | |||
| 21 | { "group", 0, NULL, 'g' }, | 21 | { "group", 0, NULL, 'g' }, |
| 22 | { "mode", 0, NULL, 'm' }, | 22 | { "mode", 0, NULL, 'm' }, |
| 23 | { "owner", 0, NULL, 'o' }, | 23 | { "owner", 0, NULL, 'o' }, |
| 24 | #if ENABLE_SELINUX | ||
| 25 | { "context", 1, NULL, 'Z' }, | ||
| 26 | { "preserve_context", 0, NULL, 0xff }, | ||
| 27 | { "preserve-context", 0, NULL, 0xff }, | ||
| 28 | #endif | ||
| 24 | { 0, 0, 0, 0 } | 29 | { 0, 0, 0, 0 } |
| 25 | }; | 30 | }; |
| 26 | #endif | 31 | #endif |
| 27 | 32 | ||
| 33 | |||
| 34 | #if ENABLE_SELINUX | ||
| 35 | static bool use_default_selinux_context = 1; | ||
| 36 | |||
| 37 | static void setdefaultfilecon(const char *path) { | ||
| 38 | struct stat s; | ||
| 39 | security_context_t scontext = NULL; | ||
| 40 | |||
| 41 | if (!is_selinux_enabled()) { | ||
| 42 | return; | ||
| 43 | } | ||
| 44 | if (lstat(path, &s) != 0) { | ||
| 45 | return; | ||
| 46 | } | ||
| 47 | |||
| 48 | if (matchpathcon(path, s.st_mode, &scontext) < 0) { | ||
| 49 | goto out; | ||
| 50 | } | ||
| 51 | if (strcmp(scontext, "<<none>>") == 0) { | ||
| 52 | goto out; | ||
| 53 | } | ||
| 54 | |||
| 55 | if (lsetfilecon(path, scontext) < 0) { | ||
| 56 | if (errno != ENOTSUP) { | ||
| 57 | bb_perror_msg("warning: failed to change context of %s to %s", path, scontext); | ||
| 58 | } | ||
| 59 | } | ||
| 60 | |||
| 61 | out: | ||
| 62 | freecon(scontext); | ||
| 63 | } | ||
| 64 | |||
| 65 | #endif | ||
| 66 | |||
| 28 | int install_main(int argc, char **argv); | 67 | int install_main(int argc, char **argv); |
| 29 | int install_main(int argc, char **argv) | 68 | int install_main(int argc, char **argv) |
| 30 | { | 69 | { |
| @@ -37,7 +76,9 @@ int install_main(int argc, char **argv) | |||
| 37 | const char *mode_str; | 76 | const char *mode_str; |
| 38 | int copy_flags = FILEUTILS_DEREFERENCE | FILEUTILS_FORCE; | 77 | int copy_flags = FILEUTILS_DEREFERENCE | FILEUTILS_FORCE; |
| 39 | int ret = EXIT_SUCCESS, flags, i, isdir; | 78 | int ret = EXIT_SUCCESS, flags, i, isdir; |
| 40 | 79 | #if ENABLE_SELINUX | |
| 80 | security_context_t scontext; | ||
| 81 | #endif | ||
| 41 | enum { | 82 | enum { |
| 42 | OPT_CMD = 0x1, | 83 | OPT_CMD = 0x1, |
| 43 | OPT_DIRECTORY = 0x2, | 84 | OPT_DIRECTORY = 0x2, |
| @@ -46,14 +87,35 @@ int install_main(int argc, char **argv) | |||
| 46 | OPT_GROUP = 0x10, | 87 | OPT_GROUP = 0x10, |
| 47 | OPT_MODE = 0x20, | 88 | OPT_MODE = 0x20, |
| 48 | OPT_OWNER = 0x40, | 89 | OPT_OWNER = 0x40, |
| 90 | #if ENABLE_SELINUX | ||
| 91 | OPT_SET_SECURITY_CONTEXT = 0x80, | ||
| 92 | OPT_PRESERVE_SECURITY_CONTEXT = 0x100, | ||
| 93 | #endif | ||
| 49 | }; | 94 | }; |
| 50 | 95 | ||
| 51 | #if ENABLE_FEATURE_INSTALL_LONG_OPTIONS | 96 | #if ENABLE_FEATURE_INSTALL_LONG_OPTIONS |
| 52 | applet_long_options = install_long_options; | 97 | applet_long_options = install_long_options; |
| 53 | #endif | 98 | #endif |
| 54 | opt_complementary = "?:s--d:d--s"; | 99 | opt_complementary = "?:s--d:d--s" USE_SELINUX(":Z--\xff:\xff--Z"); |
| 55 | /* -c exists for backwards compatibility, its needed */ | 100 | /* -c exists for backwards compatibility, it's needed */ |
| 56 | flags = getopt32(argc, argv, "cdpsg:m:o:", &gid_str, &mode_str, &uid_str); | 101 | |
| 102 | flags = getopt32(argc, argv, "cdpsg:m:o:" USE_SELINUX("Z:"), &gid_str, &mode_str, &uid_str USE_SELINUX(, &scontext)); | ||
| 103 | |||
| 104 | #if ENABLE_SELINUX | ||
| 105 | if (flags & OPT_PRESERVE_SECURITY_CONTEXT) { | ||
| 106 | use_default_selinux_context = 0; | ||
| 107 | copy_flags |= FILEUTILS_PRESERVE_SECURITY_CONTEXT; | ||
| 108 | selinux_or_die(); | ||
| 109 | } | ||
| 110 | if (flags & OPT_SET_SECURITY_CONTEXT) { | ||
| 111 | selinux_or_die(); | ||
| 112 | if (setfscreatecon(scontext) < 0) { | ||
| 113 | bb_error_msg_and_die("setfscreatecon(%s)", scontext); // perror? | ||
| 114 | } | ||
| 115 | use_default_selinux_context = 0; | ||
| 116 | copy_flags |= FILEUTILS_SET_SECURITY_CONTEXT; | ||
| 117 | } | ||
| 118 | #endif | ||
| 57 | 119 | ||
| 58 | /* preserve access and modification time, this is GNU behaviour, BSD only preserves modification time */ | 120 | /* preserve access and modification time, this is GNU behaviour, BSD only preserves modification time */ |
| 59 | if (flags & OPT_PRESERVE_TIME) { | 121 | if (flags & OPT_PRESERVE_TIME) { |
| @@ -117,7 +179,10 @@ int install_main(int argc, char **argv) | |||
| 117 | bb_perror_msg("cannot change permissions of %s", dest); | 179 | bb_perror_msg("cannot change permissions of %s", dest); |
| 118 | ret = EXIT_FAILURE; | 180 | ret = EXIT_FAILURE; |
| 119 | } | 181 | } |
| 120 | 182 | #if ENABLE_SELINUX | |
| 183 | if (use_default_selinux_context) | ||
| 184 | setdefaultfilecon(dest); | ||
| 185 | #endif | ||
| 121 | /* Set the user and group id */ | 186 | /* Set the user and group id */ |
| 122 | if ((flags & (OPT_OWNER|OPT_GROUP)) | 187 | if ((flags & (OPT_OWNER|OPT_GROUP)) |
| 123 | && lchown(dest, uid, gid) == -1 | 188 | && lchown(dest, uid, gid) == -1 |