On Fri, Apr 25, 2008 at 04:57:41PM +0900, KaiGai Kohei wrote:
> Bernhard Fischer wrote:
>>> Index: busybox/util-linux/mkswap.c
>>> ===================================================================
>>> --- busybox/util-linux/mkswap.c (revision 20280)
>>> +++ busybox/util-linux/mkswap.c (working copy)
>>> @@ -8,6 +8,48 @@
>>>
>>> #include "libbb.h"
>>>
>>> +#if ENABLE_SELINUX
>>> +#define SELINUX_SWAPFILE_TYPE "swapfile_t"
>>> +
>>> +static void mkswap_selinux_setcontext(int fd, const char *path)
>>> +{
>>> + struct stat stbuf;
>>> +
>>> + if (!is_selinux_enabled())
>>> + return;
>>> +
>>> + if (fstat(fd, &stbuf) < 0)
>>> + bb_perror_msg_and_die("fstat failed");
>>> + if (S_ISREG(stbuf.st_mode)) {
>>> + security_context_t newcon, oldcon = NULL;
>>> + context_t context;
>>> +
>>> + if (fgetfilecon_raw(fd, &oldcon) < 0) {
>>> + if (errno != ENODATA)
>>> + goto error;
>>> + if (matchpathcon(path, stbuf.st_mode, &oldcon) < 0)
>>> + goto error;
>>> + }
>>> + context = context_new(oldcon);
>>> + if (!context || context_type_set(context,
>>> SELINUX_SWAPFILE_TYPE))
>>> + goto error;
>>> + newcon = context_str(context);
>>> + if (!newcon)
>>> + goto error;
>>> + if (strcmp(oldcon, newcon) != 0 && fsetfilecon_raw(fd, newcon)
>>> < 0)
>>
>> That didn't work out for me;
>> $ egrep "(hidden|fsetfilecon)" libselinux-2.0.59/src/fsetfilecon.c
>> int fsetfilecon_raw(int fd, security_context_t context)
>> hidden_def(fsetfilecon_raw)
>> int fsetfilecon(int fd, security_context_t context)
>> ret = fsetfilecon_raw(fd, rcontext);
>> $
>>
>> Strangely enough i see it in the static library but not in the dynamic.
>> I've changed this to:
>> http://www.busybox.net/cgi-bin/viewcvs.cgi/trunk/busybox/util-linux/mkswap.c?rev=21829&r1=21005&r2=21829&makepatch=1&diff_format=u
>
> You fix is fair enough for us.
>
> In addition, the above fgetfilecon_raw() should be replaced by fgetfilecon().
>
> Index: busybox/util-linux/mkswap.c
> ===================================================================
> --- busybox/util-linux/mkswap.c (revision 21854)
> +++ busybox/util-linux/mkswap.c (working copy)
> @@ -23,7 +23,7 @@
> security_context_t oldcon = NULL;
> context_t context;
>
> - if (fgetfilecon_raw(fd, &oldcon) < 0) {
> + if (fgetfilecon(fd, &oldcon) < 0) {
> if (errno != ENODATA)
> goto error;
> if (matchpathcon(path, stbuf.st_mode, &oldcon) < 0)
ok, will do this.
What about the other _raw() calls? Why don't you use the normal calls
there? Specifically:
libbb/update_passwd.c: if (getprevcon_raw(&context) < 0)
selinux/setfiles.c: ret = lgetfilecon_raw(my_file, &context);
selinux/setfiles.c: if (security_canonicalize_context_raw(context, &tmpcon)
I may have missed additional occurances of these.
thanks,
_______________________________________________
busybox mailing list
[email protected]
http://busybox.net/cgi-bin/mailman/listinfo/busybox
