Re: [PATCH 1/1] coreutil mkdir: ignore -z when selinux is runtime disabled
Denys,
On Tue, May 12, 2015 at 6:36 PM, Denys Vlasenko
vda.li...@googlemail.com wrote:
Is this behavior compatible with standard coreutils?
http://git.savannah.gnu.org/cgit/coreutils.git/tree/src/mkdir.c
.
case 'Z':
if (is_smack_enabled ())
{
/* We don't yet support -Z to restore context with SMACK. */
scontext = optarg;
}
else if (is_selinux_enabled () 0)
{
if (optarg)
scontext = optarg;
else
options.set_security_context = true;
}
else if (optarg)
{
error (0, 0,
_(warning: ignoring --context;
it requires an SELinux/SMACK-enabled kernel));
}
break;
The first arg of the error() if not 0 exits the application. So in
this case Coreutils prints a warning and doesn't error out.
On Mon, May 11, 2015 at 4:00 PM, Matt Weber
matthew.we...@rockwellcollins.com wrote:
Fixes the case of using mkdir in inittab where a system might boot
with selinux disable during testing and still needs the folders created
by this command for ram mounts, etc before a mount -a. Currently it
errors out and doesn't create the folder.
Signed-off-by: Matthew Weber matthew.we...@rockwellcollins.com
---
coreutils/mkdir.c | 7 +--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/coreutils/mkdir.c b/coreutils/mkdir.c
index 864edfb..9fb6e7e 100644
--- a/coreutils/mkdir.c
+++ b/coreutils/mkdir.c
@@ -83,8 +83,11 @@ int mkdir_main(int argc UNUSED_PARAM, char **argv)
flags |= FILEUTILS_VERBOSE;
#if ENABLE_SELINUX
if (opt 8) {
- selinux_or_die();
- setfscreatecon_or_die(scontext);
+ if (is_selinux_enabled()) {
+ setfscreatecon_or_die(scontext);
+ }
+ else
+ bb_perror_msg(Ignored -Z for [%s],*(argv+optind));
}
Move argv += optind; above this code block -
then you can use argv[0] instead of *(argv+optind),
which is less code.
Sure
The message should start with lowercase letter
and use '%s', not [%s].
Sure, I hadn't though about it, but should I partially match the
coreutils output? Maybe -Z requires an SELinux enabled kernel,
ignored for %s
--
Matthew L Weber / Pr Software Engineer
Airborne Information Systems / Security Systems and Software / Secure Platforms
MS 131-100, C Ave NE, Cedar Rapids, IA, 52498, USA
www.rockwellcollins.com
Note: Any Export License Required Information and License Restricted
Third Party Intellectual Property (TPIP) content must be encrypted and
sent to matthew.we...@corp.rockwellcollins.com.
___
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox
Re: [PATCH 1/1] coreutil mkdir: ignore -z when selinux is runtime disabled
Is this behavior compatible with standard coreutils?
On Mon, May 11, 2015 at 4:00 PM, Matt Weber
matthew.we...@rockwellcollins.com wrote:
Fixes the case of using mkdir in inittab where a system might boot
with selinux disable during testing and still needs the folders created
by this command for ram mounts, etc before a mount -a. Currently it
errors out and doesn't create the folder.
Signed-off-by: Matthew Weber matthew.we...@rockwellcollins.com
---
coreutils/mkdir.c | 7 +--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/coreutils/mkdir.c b/coreutils/mkdir.c
index 864edfb..9fb6e7e 100644
--- a/coreutils/mkdir.c
+++ b/coreutils/mkdir.c
@@ -83,8 +83,11 @@ int mkdir_main(int argc UNUSED_PARAM, char **argv)
flags |= FILEUTILS_VERBOSE;
#if ENABLE_SELINUX
if (opt 8) {
- selinux_or_die();
- setfscreatecon_or_die(scontext);
+ if (is_selinux_enabled()) {
+ setfscreatecon_or_die(scontext);
+ }
+ else
+ bb_perror_msg(Ignored -Z for [%s],*(argv+optind));
}
Move argv += optind; above this code block -
then you can use argv[0] instead of *(argv+optind),
which is less code.
The message should start with lowercase letter
and use '%s', not [%s].
___
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox
[PATCH 1/1] coreutil mkdir: ignore -z when selinux is runtime disabled
Fixes the case of using mkdir in inittab where a system might boot
with selinux disable during testing and still needs the folders created
by this command for ram mounts, etc before a mount -a. Currently it
errors out and doesn't create the folder.
Signed-off-by: Matthew Weber matthew.we...@rockwellcollins.com
---
coreutils/mkdir.c | 7 +--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/coreutils/mkdir.c b/coreutils/mkdir.c
index 864edfb..9fb6e7e 100644
--- a/coreutils/mkdir.c
+++ b/coreutils/mkdir.c
@@ -83,8 +83,11 @@ int mkdir_main(int argc UNUSED_PARAM, char **argv)
flags |= FILEUTILS_VERBOSE;
#if ENABLE_SELINUX
if (opt 8) {
- selinux_or_die();
- setfscreatecon_or_die(scontext);
+ if (is_selinux_enabled()) {
+ setfscreatecon_or_die(scontext);
+ }
+ else
+ bb_perror_msg(Ignored -Z for [%s],*(argv+optind));
}
#endif
--
1.9.1
___
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox
