On 05/04/2013 06:44 PM, Jarkko Sakkinen wrote: > Enable showing SMACK security context with -Z command-line switch. > Adds dependency to libsmack.
This looks good thanks. SMACK is a little esoteric to warn about by default in ./configure --quiet, so I've removed that warning. This deserves a mention in NEWS too. I also adjusted the commit message a little, and shortened a long line. I'll apply the attached very soon. thanks! Pádraig.
>From 475c1f59bbbc30b03338720ef5e59da11ea9f75e Mon Sep 17 00:00:00 2001 From: Jarkko Sakkinen <[email protected]> Date: Sat, 4 May 2013 20:44:53 +0300 Subject: [PATCH] id: with -Z, show SMACK security context Adds an optional dependency on libsmack. * m4/jm-macros.m4: Look for the smack library/header. * src/id.c (main): Output the smack context if available. * src/local.mk: Link with libsmack if available. * NEWS: Mention the new feature. --- NEWS | 2 ++ m4/jm-macros.m4 | 20 ++++++++++++++++++++ src/id.c | 24 ++++++++++++++++++++---- src/local.mk | 1 + 4 files changed, 43 insertions(+), 4 deletions(-) diff --git a/NEWS b/NEWS index 3edb946..ae6251d 100644 --- a/NEWS +++ b/NEWS @@ -20,6 +20,8 @@ GNU coreutils NEWS -*- outline -*- ** New features + id -Z reports the SMACK security context where available. + join accepts a new option: --zero-terminated (-z). As with the sort,uniq option of the same name, this makes join consume and produce NUL-terminated lines rather than newline-terminated lines. diff --git a/m4/jm-macros.m4 b/m4/jm-macros.m4 index 3f95def..2e0476d 100644 --- a/m4/jm-macros.m4 +++ b/m4/jm-macros.m4 @@ -141,6 +141,26 @@ AC_DEFUN([coreutils_MACROS], fi AC_SUBST([LIB_CAP]) + # Check whether libsmack is available + LIB_SMACK= + AC_ARG_ENABLE([libsmack], + AC_HELP_STRING([--disable-libsmack], [disable libsmack support])) + if test "X$enable_libsmack" != "Xno"; then + AC_CHECK_LIB([smack], [smack_smackfs_path], + [AC_CHECK_HEADER([sys/smack.h], + [LIB_SMACK=-lsmack + AC_DEFINE([HAVE_SMACK], [1], [libsmack usability])] + )]) + if test "X$LIB_SMACK" = "X"; then + if test "X$enable_libsmack" = "Xyes"; then + AC_MSG_ERROR([libsmack library was not found or not usable]) + fi + fi + else + AC_MSG_WARN([libsmack support disabled by user]) + fi + AC_SUBST([LIB_SMACK]) + # See if linking 'seq' requires -lm. # It does on nearly every system. The single exception (so far) is # BeOS which has all the math functions in the normal runtime library diff --git a/src/id.c b/src/id.c index b5a7214..937b723 100644 --- a/src/id.c +++ b/src/id.c @@ -24,6 +24,9 @@ #include <grp.h> #include <getopt.h> #include <selinux/selinux.h> +#ifdef HAVE_SMACK +# include <sys/smack.h> +#endif #include "system.h" #include "error.h" @@ -107,6 +110,9 @@ main (int argc, char **argv) { int optc; int selinux_enabled = (is_selinux_enabled () > 0); +#ifdef HAVE_SMACK + int smack_enabled = (smack_smackfs_path () != NULL); +#endif /* If true, output the list of all group IDs. -G */ bool just_group_list = false; @@ -134,10 +140,17 @@ main (int argc, char **argv) break; case 'Z': - /* politely decline if we're not on a selinux-enabled kernel. */ + /* politely decline if we're not on a SELinux/SMACK-enabled kernel. */ +#ifdef HAVE_SMACK + if (!selinux_enabled && !smack_enabled) + error (EXIT_FAILURE, 0, + _("--context (-Z) works only on " + "an SELinux/SMACK-enabled kernel")); +#else if (!selinux_enabled) error (EXIT_FAILURE, 0, _("--context (-Z) works only on an SELinux-enabled kernel")); +#endif just_context = 1; break; @@ -189,14 +202,17 @@ main (int argc, char **argv) and we're not in POSIXLY_CORRECT mode, get our context. Otherwise, leave the context variable alone - it has been initialized to an invalid value that will be not displayed in print_full_info(). */ - if (selinux_enabled - && n_ids == 0 + if (n_ids == 0 && (just_context || (default_format && ! getenv ("POSIXLY_CORRECT")))) { /* Report failure only if --context (-Z) was explicitly requested. */ - if (getcon (&context) && just_context) + if (selinux_enabled && getcon (&context) && just_context) + error (EXIT_FAILURE, 0, _("can't get process context")); +#ifdef HAVE_SMACK + else if (smack_enabled && smack_new_label_from_self ((char **) &context)) error (EXIT_FAILURE, 0, _("can't get process context")); +#endif } if (n_ids == 1) diff --git a/src/local.mk b/src/local.mk index 1ae9eff..efb0038 100644 --- a/src/local.mk +++ b/src/local.mk @@ -228,6 +228,7 @@ copy_ldadd += $(LIB_SELINUX) src_chcon_LDADD += $(LIB_SELINUX) src_ginstall_LDADD += $(LIB_SELINUX) src_id_LDADD += $(LIB_SELINUX) +src_id_LDADD += $(LIB_SMACK) src_ls_LDADD += $(LIB_SELINUX) src_mkdir_LDADD += $(LIB_SELINUX) src_mkfifo_LDADD += $(LIB_SELINUX) -- 1.7.7.6
