Hi,

It's a reminder. :)

Is there any comment about the patch to support -context option for
findutils applet, I posted a week ago?

If it has no matter, I want to merge the feature.
Thanks,

KaiGai Kohei wrote:
> This patch enables to apply -context matching rule for find applet.
> 
> It returns TRUE, if checked entry has same security context
> with given one by -context option.
> 
> example of usage)
> # ./busybox find /etc -context system_u:object_r:shadow_t
> /etc/gshadow
> /etc/.pwd.lock
> /etc/shadow
> /etc/gshadow-
> /etc/shadow-
> 
> It will print any file under /etc, have a security context of
> 'system_u:object_r:shadow_t'.
> 
> Any comment please,
> Thanks,
> --
> KaiGai Kohei <[EMAIL PROTECTED]>
> 
> 
> ------------------------------------------------------------------------
> 
> Index: busybox/include/usage.h
> ===================================================================
> --- busybox/include/usage.h   (revision 18764)
> +++ busybox/include/usage.h   (working copy)
> @@ -980,6 +980,8 @@
>         "\n   -delete         Delete files; Turns on -depth option" \
>       ) USE_FEATURE_FIND_PATH( \
>         "\n   -path           Path matches PATTERN" \
> +     ) USE_FEATURE_FIND_CONTEXT ( \
> +       "\n   -context        File has specified security context" \
>       ) USE_FEATURE_FIND_PAREN( \
>         "\n   (EXPR)          Group an expression" \
>       )
> Index: busybox/findutils/find.c
> ===================================================================
> --- busybox/findutils/find.c  (revision 18764)
> +++ busybox/findutils/find.c  (working copy)
> @@ -81,6 +81,7 @@
>  USE_FEATURE_FIND_PRUNE( ACTS(prune))
>  USE_FEATURE_FIND_DELETE(ACTS(delete))
>  USE_FEATURE_FIND_PATH(  ACTS(path, const char *pattern;))
> +USE_FEATURE_FIND_CONTEXT(ACTS(context, security_context_t context;))
>  
>  static action ***actions;
>  static bool need_print = 1;
> @@ -336,7 +337,27 @@
>  }
>  #endif
>  
> +#if ENABLE_FEATURE_FIND_CONTEXT
> +ACTF(context)
> +{
> +     security_context_t con;
> +     int rc;
>  
> +     if (recurse_flags & ACTION_FOLLOWLINKS) {
> +             rc = getfilecon(fileName, &con);
> +     } else {
> +             rc = lgetfilecon(fileName, &con);
> +     }
> +     if (rc < 0)
> +             return FALSE;
> +
> +     rc = strcmp(ap->context, con);
> +     freecon(con);
> +
> +     return rc == 0;
> +}
> +#endif
> +
>  static int fileAction(const char *fileName, struct stat *statbuf, void* 
> junk, int depth)
>  {
>       int i;
> @@ -419,6 +440,7 @@
>       USE_FEATURE_FIND_PRUNE( PARM_prune     ,)
>       USE_FEATURE_FIND_DELETE(PARM_delete    ,)
>       USE_FEATURE_FIND_PATH(  PARM_path      ,)
> +     USE_FEATURE_FIND_CONTEXT(PARM_context  ,)
>  #if ENABLE_DESKTOP
>                               PARM_and       ,
>                               PARM_or        ,
> @@ -448,6 +470,7 @@
>       USE_FEATURE_FIND_PRUNE( "-prune" ,)
>       USE_FEATURE_FIND_DELETE("-delete",)
>       USE_FEATURE_FIND_PATH(  "-path"  ,)
> +     USE_FEATURE_FIND_CONTEXT("-context",)
>  #if ENABLE_DESKTOP
>                               "-and"   ,
>                               "-or"    ,
> @@ -709,6 +732,18 @@
>                       ap->size = XATOOFF(arg1);
>               }
>  #endif
> +#if ENABLE_FEATURE_FIND_CONTEXT
> +             else if (parm == PARM_context) {
> +                     action_context *ap;
> +
> +                     if (!*++argv)
> +                             bb_error_msg_and_die(bb_msg_requires_arg, arg);
> +                     ap = ALLOC_ACTION(context);
> +                     ap->context = NULL;
> +                     if (selinux_raw_to_trans_context(argv[0], &ap->context))
> +                             bb_perror_msg("%s", argv[0]);
> +             }
> +#endif
>               else
>                       bb_show_usage();
>               argv++;
> Index: busybox/findutils/Config.in
> ===================================================================
> --- busybox/findutils/Config.in       (revision 18764)
> +++ busybox/findutils/Config.in       (working copy)
> @@ -151,6 +151,13 @@
>       help
>         The -path option matches whole pathnames instead of just filenames.
>  
> +config FEATURE_FIND_CONTEXT
> +     bool "Enable (-context) option for matching security context"
> +     default n
> +     depends on FIND && SELINUX
> +     help
> +       Support the 'find -context' option for matching security context.
> +
>  config GREP
>       bool "grep"
>       default n
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> busybox mailing list
> busybox@busybox.net
> http://busybox.net/cgi-bin/mailman/listinfo/busybox


-- 
KaiGai Kohei <[EMAIL PROTECTED]>
_______________________________________________
busybox mailing list
busybox@busybox.net
http://busybox.net/cgi-bin/mailman/listinfo/busybox

Reply via email to