diff options
Diffstat (limited to 'selinux')
| -rw-r--r-- | selinux/chcon.c | 20 | ||||
| -rw-r--r-- | selinux/runcon.c | 10 | ||||
| -rw-r--r-- | selinux/sestatus.c | 2 | ||||
| -rw-r--r-- | selinux/setfiles.c | 19 |
4 files changed, 26 insertions, 25 deletions
diff --git a/selinux/chcon.c b/selinux/chcon.c index 88d0cfec6..f947c2c12 100644 --- a/selinux/chcon.c +++ b/selinux/chcon.c | |||
| @@ -92,7 +92,7 @@ static int FAST_FUNC change_filedir_context( | |||
| 92 | 92 | ||
| 93 | if (specified_context == NULL) { | 93 | if (specified_context == NULL) { |
| 94 | context = set_security_context_component(file_context, | 94 | context = set_security_context_component(file_context, |
| 95 | user, role, type, range); | 95 | user, role, type, range); |
| 96 | if (!context) { | 96 | if (!context) { |
| 97 | bb_error_msg("can't compute security context from %s", file_context); | 97 | bb_error_msg("can't compute security context from %s", file_context); |
| 98 | goto skip; | 98 | goto skip; |
| @@ -121,15 +121,15 @@ static int FAST_FUNC change_filedir_context( | |||
| 121 | } | 121 | } |
| 122 | if ((option_mask32 & OPT_VERBOSE) || ((option_mask32 & OPT_CHANHES) && !fail)) { | 122 | if ((option_mask32 & OPT_VERBOSE) || ((option_mask32 & OPT_CHANHES) && !fail)) { |
| 123 | printf(!fail | 123 | printf(!fail |
| 124 | ? "context of %s changed to %s\n" | 124 | ? "context of %s changed to %s\n" |
| 125 | : "can't change context of %s to %s\n", | 125 | : "can't change context of %s to %s\n", |
| 126 | fname, context_string); | 126 | fname, context_string); |
| 127 | } | 127 | } |
| 128 | if (!fail) { | 128 | if (!fail) { |
| 129 | rc = TRUE; | 129 | rc = TRUE; |
| 130 | } else if ((option_mask32 & OPT_QUIET) == 0) { | 130 | } else if ((option_mask32 & OPT_QUIET) == 0) { |
| 131 | bb_error_msg("can't change context of %s to %s", | 131 | bb_error_msg("can't change context of %s to %s", |
| 132 | fname, context_string); | 132 | fname, context_string); |
| 133 | } | 133 | } |
| 134 | } else if (option_mask32 & OPT_VERBOSE) { | 134 | } else if (option_mask32 & OPT_VERBOSE) { |
| 135 | printf("context of %s retained as %s\n", fname, context_string); | 135 | printf("context of %s retained as %s\n", fname, context_string); |
| @@ -181,7 +181,7 @@ int chcon_main(int argc UNUSED_PARAM, char **argv) | |||
| 181 | #if ENABLE_FEATURE_CHCON_LONG_OPTIONS | 181 | #if ENABLE_FEATURE_CHCON_LONG_OPTIONS |
| 182 | if (option_mask32 & OPT_REFERENCE) { | 182 | if (option_mask32 & OPT_REFERENCE) { |
| 183 | /* FIXME: lgetfilecon() should be used when '-h' is specified. | 183 | /* FIXME: lgetfilecon() should be used when '-h' is specified. |
| 184 | But current implementation follows the original one. */ | 184 | * But current implementation follows the original one. */ |
| 185 | if (getfilecon(reference_file, &specified_context) < 0) | 185 | if (getfilecon(reference_file, &specified_context) < 0) |
| 186 | bb_perror_msg_and_die("getfilecon('%s') failed", reference_file); | 186 | bb_perror_msg_and_die("getfilecon('%s') failed", reference_file); |
| 187 | } else | 187 | } else |
| @@ -201,10 +201,10 @@ int chcon_main(int argc UNUSED_PARAM, char **argv) | |||
| 201 | fname[fname_len] = '\0'; | 201 | fname[fname_len] = '\0'; |
| 202 | 202 | ||
| 203 | if (recursive_action(fname, | 203 | if (recursive_action(fname, |
| 204 | 1<<option_mask32 & OPT_RECURSIVE, | 204 | 1<<option_mask32 & OPT_RECURSIVE, |
| 205 | change_filedir_context, | 205 | change_filedir_context, |
| 206 | change_filedir_context, | 206 | change_filedir_context, |
| 207 | NULL, 0) != TRUE) | 207 | NULL, 0) != TRUE) |
| 208 | errors = 1; | 208 | errors = 1; |
| 209 | } | 209 | } |
| 210 | return errors; | 210 | return errors; |
diff --git a/selinux/runcon.c b/selinux/runcon.c index 3183a2274..27f2be3a9 100644 --- a/selinux/runcon.c +++ b/selinux/runcon.c | |||
| @@ -56,7 +56,7 @@ | |||
| 56 | #include "libbb.h" | 56 | #include "libbb.h" |
| 57 | 57 | ||
| 58 | static context_t runcon_compute_new_context(char *user, char *role, char *type, char *range, | 58 | static context_t runcon_compute_new_context(char *user, char *role, char *type, char *range, |
| 59 | char *command, int compute_trans) | 59 | char *command, int compute_trans) |
| 60 | { | 60 | { |
| 61 | context_t con; | 61 | context_t con; |
| 62 | security_context_t cur_context; | 62 | security_context_t cur_context; |
| @@ -69,9 +69,9 @@ static context_t runcon_compute_new_context(char *user, char *role, char *type, | |||
| 69 | 69 | ||
| 70 | if (getfilecon(command, &file_context) < 0) | 70 | if (getfilecon(command, &file_context) < 0) |
| 71 | bb_error_msg_and_die("can't retrieve attributes of '%s'", | 71 | bb_error_msg_and_die("can't retrieve attributes of '%s'", |
| 72 | command); | 72 | command); |
| 73 | if (security_compute_create(cur_context, file_context, | 73 | if (security_compute_create(cur_context, file_context, |
| 74 | SECCLASS_PROCESS, &new_context)) | 74 | SECCLASS_PROCESS, &new_context)) |
| 75 | bb_error_msg_and_die("unable to compute a new context"); | 75 | bb_error_msg_and_die("unable to compute a new context"); |
| 76 | cur_context = new_context; | 76 | cur_context = new_context; |
| 77 | } | 77 | } |
| @@ -147,11 +147,11 @@ int runcon_main(int argc UNUSED_PARAM, char **argv) | |||
| 147 | 147 | ||
| 148 | if (security_check_context(context_str(con))) | 148 | if (security_check_context(context_str(con))) |
| 149 | bb_error_msg_and_die("'%s' is not a valid context", | 149 | bb_error_msg_and_die("'%s' is not a valid context", |
| 150 | context_str(con)); | 150 | context_str(con)); |
| 151 | 151 | ||
| 152 | if (setexeccon(context_str(con))) | 152 | if (setexeccon(context_str(con))) |
| 153 | bb_error_msg_and_die("can't set up security context '%s'", | 153 | bb_error_msg_and_die("can't set up security context '%s'", |
| 154 | context_str(con)); | 154 | context_str(con)); |
| 155 | 155 | ||
| 156 | BB_EXECVP_or_die(argv); | 156 | BB_EXECVP_or_die(argv); |
| 157 | } | 157 | } |
diff --git a/selinux/sestatus.c b/selinux/sestatus.c index 0bd1a0dda..e59431873 100644 --- a/selinux/sestatus.c +++ b/selinux/sestatus.c | |||
| @@ -41,7 +41,7 @@ static void display_boolean(void) | |||
| 41 | if (pending < 0) | 41 | if (pending < 0) |
| 42 | goto skip; | 42 | goto skip; |
| 43 | printf(COL_FMT "%s", | 43 | printf(COL_FMT "%s", |
| 44 | bools[i], active == 0 ? "off" : "on"); | 44 | bools[i], active == 0 ? "off" : "on"); |
| 45 | if (active != pending) | 45 | if (active != pending) |
| 46 | printf(" (%sactivate pending)", pending == 0 ? "in" : ""); | 46 | printf(" (%sactivate pending)", pending == 0 ? "in" : ""); |
| 47 | bb_putchar('\n'); | 47 | bb_putchar('\n'); |
diff --git a/selinux/setfiles.c b/selinux/setfiles.c index ca3fd9361..0173db99e 100644 --- a/selinux/setfiles.c +++ b/selinux/setfiles.c | |||
| @@ -498,10 +498,11 @@ static int process_one(char *name) | |||
| 498 | 498 | ||
| 499 | if (S_ISDIR(sb.st_mode) && recurse) { | 499 | if (S_ISDIR(sb.st_mode) && recurse) { |
| 500 | if (recursive_action(name, | 500 | if (recursive_action(name, |
| 501 | ACTION_RECURSE, | 501 | ACTION_RECURSE, |
| 502 | apply_spec, | 502 | apply_spec, |
| 503 | apply_spec, | 503 | apply_spec, |
| 504 | NULL, 0) != TRUE) { | 504 | NULL, 0) != TRUE |
| 505 | ) { | ||
| 505 | bb_error_msg("error while labeling %s", name); | 506 | bb_error_msg("error while labeling %s", name); |
| 506 | goto err; | 507 | goto err; |
| 507 | } | 508 | } |
| @@ -584,7 +585,7 @@ int setfiles_main(int argc UNUSED_PARAM, char **argv) | |||
| 584 | flags = getopt32(argv, "de:f:ilnpqr:svo:FW" | 585 | flags = getopt32(argv, "de:f:ilnpqr:svo:FW" |
| 585 | IF_FEATURE_SETFILES_CHECK_OPTION("c:"), | 586 | IF_FEATURE_SETFILES_CHECK_OPTION("c:"), |
| 586 | &exclude_dir, &input_filename, &rootpath, &out_filename, | 587 | &exclude_dir, &input_filename, &rootpath, &out_filename, |
| 587 | IF_FEATURE_SETFILES_CHECK_OPTION(&policyfile,) | 588 | IF_FEATURE_SETFILES_CHECK_OPTION(&policyfile,) |
| 588 | &verbose); | 589 | &verbose); |
| 589 | } | 590 | } |
| 590 | argv += optind; | 591 | argv += optind; |
| @@ -600,8 +601,8 @@ int setfiles_main(int argc UNUSED_PARAM, char **argv) | |||
| 600 | fclose(policystream); | 601 | fclose(policystream); |
| 601 | 602 | ||
| 602 | /* Only process the specified file_contexts file, not | 603 | /* Only process the specified file_contexts file, not |
| 603 | any .homedirs or .local files, and do not perform | 604 | * any .homedirs or .local files, and do not perform |
| 604 | context translations. */ | 605 | * context translations. */ |
| 605 | set_matchpathcon_flags(MATCHPATHCON_BASEONLY | | 606 | set_matchpathcon_flags(MATCHPATHCON_BASEONLY | |
| 606 | MATCHPATHCON_NOTRANS | | 607 | MATCHPATHCON_NOTRANS | |
| 607 | MATCHPATHCON_VALIDATE); | 608 | MATCHPATHCON_VALIDATE); |
| @@ -631,8 +632,8 @@ int setfiles_main(int argc UNUSED_PARAM, char **argv) | |||
| 631 | 632 | ||
| 632 | if (applet_name[0] == 's') { /* setfiles */ | 633 | if (applet_name[0] == 's') { /* setfiles */ |
| 633 | /* Use our own invalid context checking function so that | 634 | /* Use our own invalid context checking function so that |
| 634 | we can support either checking against the active policy or | 635 | * we can support either checking against the active policy or |
| 635 | checking against a binary policy file. */ | 636 | * checking against a binary policy file. */ |
| 636 | set_matchpathcon_canoncon(&canoncon); | 637 | set_matchpathcon_canoncon(&canoncon); |
| 637 | if (!argv[0]) | 638 | if (!argv[0]) |
| 638 | bb_show_usage(); | 639 | bb_show_usage(); |