Hi,
It's a reminder. :)
Is there any comment about the patch to support -context option for
findutils applet, I posted a week ago?
If it has no matter, I want to merge the feature.
Thanks,
KaiGai Kohei wrote:
> This patch enables to apply -context matching rule for find applet.
>
> It returns TRUE, if checked entry has same security context
> with given one by -context option.
>
> example of usage)
> # ./busybox find /etc -context system_u:object_r:shadow_t
> /etc/gshadow
> /etc/.pwd.lock
> /etc/shadow
> /etc/gshadow-
> /etc/shadow-
>
> It will print any file under /etc, have a security context of
> 'system_u:object_r:shadow_t'.
>
> Any comment please,
> Thanks,
> --
> KaiGai Kohei <[EMAIL PROTECTED]>
>
>
> ------------------------------------------------------------------------
>
> Index: busybox/include/usage.h
> ===================================================================
> --- busybox/include/usage.h (revision 18764)
> +++ busybox/include/usage.h (working copy)
> @@ -980,6 +980,8 @@
> "\n -delete Delete files; Turns on -depth option" \
> ) USE_FEATURE_FIND_PATH( \
> "\n -path Path matches PATTERN" \
> + ) USE_FEATURE_FIND_CONTEXT ( \
> + "\n -context File has specified security context" \
> ) USE_FEATURE_FIND_PAREN( \
> "\n (EXPR) Group an expression" \
> )
> Index: busybox/findutils/find.c
> ===================================================================
> --- busybox/findutils/find.c (revision 18764)
> +++ busybox/findutils/find.c (working copy)
> @@ -81,6 +81,7 @@
> USE_FEATURE_FIND_PRUNE( ACTS(prune))
> USE_FEATURE_FIND_DELETE(ACTS(delete))
> USE_FEATURE_FIND_PATH( ACTS(path, const char *pattern;))
> +USE_FEATURE_FIND_CONTEXT(ACTS(context, security_context_t context;))
>
> static action ***actions;
> static bool need_print = 1;
> @@ -336,7 +337,27 @@
> }
> #endif
>
> +#if ENABLE_FEATURE_FIND_CONTEXT
> +ACTF(context)
> +{
> + security_context_t con;
> + int rc;
>
> + if (recurse_flags & ACTION_FOLLOWLINKS) {
> + rc = getfilecon(fileName, &con);
> + } else {
> + rc = lgetfilecon(fileName, &con);
> + }
> + if (rc < 0)
> + return FALSE;
> +
> + rc = strcmp(ap->context, con);
> + freecon(con);
> +
> + return rc == 0;
> +}
> +#endif
> +
> static int fileAction(const char *fileName, struct stat *statbuf, void*
> junk, int depth)
> {
> int i;
> @@ -419,6 +440,7 @@
> USE_FEATURE_FIND_PRUNE( PARM_prune ,)
> USE_FEATURE_FIND_DELETE(PARM_delete ,)
> USE_FEATURE_FIND_PATH( PARM_path ,)
> + USE_FEATURE_FIND_CONTEXT(PARM_context ,)
> #if ENABLE_DESKTOP
> PARM_and ,
> PARM_or ,
> @@ -448,6 +470,7 @@
> USE_FEATURE_FIND_PRUNE( "-prune" ,)
> USE_FEATURE_FIND_DELETE("-delete",)
> USE_FEATURE_FIND_PATH( "-path" ,)
> + USE_FEATURE_FIND_CONTEXT("-context",)
> #if ENABLE_DESKTOP
> "-and" ,
> "-or" ,
> @@ -709,6 +732,18 @@
> ap->size = XATOOFF(arg1);
> }
> #endif
> +#if ENABLE_FEATURE_FIND_CONTEXT
> + else if (parm == PARM_context) {
> + action_context *ap;
> +
> + if (!*++argv)
> + bb_error_msg_and_die(bb_msg_requires_arg, arg);
> + ap = ALLOC_ACTION(context);
> + ap->context = NULL;
> + if (selinux_raw_to_trans_context(argv[0], &ap->context))
> + bb_perror_msg("%s", argv[0]);
> + }
> +#endif
> else
> bb_show_usage();
> argv++;
> Index: busybox/findutils/Config.in
> ===================================================================
> --- busybox/findutils/Config.in (revision 18764)
> +++ busybox/findutils/Config.in (working copy)
> @@ -151,6 +151,13 @@
> help
> The -path option matches whole pathnames instead of just filenames.
>
> +config FEATURE_FIND_CONTEXT
> + bool "Enable (-context) option for matching security context"
> + default n
> + depends on FIND && SELINUX
> + help
> + Support the 'find -context' option for matching security context.
> +
> config GREP
> bool "grep"
> default n
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> busybox mailing list
> busybox@busybox.net
> http://busybox.net/cgi-bin/mailman/listinfo/busybox
--
KaiGai Kohei <[EMAIL PROTECTED]>
_______________________________________________
busybox mailing list
busybox@busybox.net
http://busybox.net/cgi-bin/mailman/listinfo/busybox
