Re: [PATCH 1/1] coreutil mkdir: ignore -z when selinux is runtime disabled
Denys, On Tue, May 12, 2015 at 6:36 PM, Denys Vlasenko vda.li...@googlemail.com wrote: Is this behavior compatible with standard coreutils? http://git.savannah.gnu.org/cgit/coreutils.git/tree/src/mkdir.c . case 'Z': if (is_smack_enabled ()) { /* We don't yet support -Z to restore context with SMACK. */ scontext = optarg; } else if (is_selinux_enabled () 0) { if (optarg) scontext = optarg; else options.set_security_context = true; } else if (optarg) { error (0, 0, _(warning: ignoring --context; it requires an SELinux/SMACK-enabled kernel)); } break; The first arg of the error() if not 0 exits the application. So in this case Coreutils prints a warning and doesn't error out. On Mon, May 11, 2015 at 4:00 PM, Matt Weber matthew.we...@rockwellcollins.com wrote: Fixes the case of using mkdir in inittab where a system might boot with selinux disable during testing and still needs the folders created by this command for ram mounts, etc before a mount -a. Currently it errors out and doesn't create the folder. Signed-off-by: Matthew Weber matthew.we...@rockwellcollins.com --- coreutils/mkdir.c | 7 +-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/coreutils/mkdir.c b/coreutils/mkdir.c index 864edfb..9fb6e7e 100644 --- a/coreutils/mkdir.c +++ b/coreutils/mkdir.c @@ -83,8 +83,11 @@ int mkdir_main(int argc UNUSED_PARAM, char **argv) flags |= FILEUTILS_VERBOSE; #if ENABLE_SELINUX if (opt 8) { - selinux_or_die(); - setfscreatecon_or_die(scontext); + if (is_selinux_enabled()) { + setfscreatecon_or_die(scontext); + } + else + bb_perror_msg(Ignored -Z for [%s],*(argv+optind)); } Move argv += optind; above this code block - then you can use argv[0] instead of *(argv+optind), which is less code. Sure The message should start with lowercase letter and use '%s', not [%s]. Sure, I hadn't though about it, but should I partially match the coreutils output? Maybe -Z requires an SELinux enabled kernel, ignored for %s -- Matthew L Weber / Pr Software Engineer Airborne Information Systems / Security Systems and Software / Secure Platforms MS 131-100, C Ave NE, Cedar Rapids, IA, 52498, USA www.rockwellcollins.com Note: Any Export License Required Information and License Restricted Third Party Intellectual Property (TPIP) content must be encrypted and sent to matthew.we...@corp.rockwellcollins.com. ___ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
Re: [PATCH 1/1] coreutil mkdir: ignore -z when selinux is runtime disabled
Is this behavior compatible with standard coreutils? On Mon, May 11, 2015 at 4:00 PM, Matt Weber matthew.we...@rockwellcollins.com wrote: Fixes the case of using mkdir in inittab where a system might boot with selinux disable during testing and still needs the folders created by this command for ram mounts, etc before a mount -a. Currently it errors out and doesn't create the folder. Signed-off-by: Matthew Weber matthew.we...@rockwellcollins.com --- coreutils/mkdir.c | 7 +-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/coreutils/mkdir.c b/coreutils/mkdir.c index 864edfb..9fb6e7e 100644 --- a/coreutils/mkdir.c +++ b/coreutils/mkdir.c @@ -83,8 +83,11 @@ int mkdir_main(int argc UNUSED_PARAM, char **argv) flags |= FILEUTILS_VERBOSE; #if ENABLE_SELINUX if (opt 8) { - selinux_or_die(); - setfscreatecon_or_die(scontext); + if (is_selinux_enabled()) { + setfscreatecon_or_die(scontext); + } + else + bb_perror_msg(Ignored -Z for [%s],*(argv+optind)); } Move argv += optind; above this code block - then you can use argv[0] instead of *(argv+optind), which is less code. The message should start with lowercase letter and use '%s', not [%s]. ___ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
[PATCH 1/1] coreutil mkdir: ignore -z when selinux is runtime disabled
Fixes the case of using mkdir in inittab where a system might boot with selinux disable during testing and still needs the folders created by this command for ram mounts, etc before a mount -a. Currently it errors out and doesn't create the folder. Signed-off-by: Matthew Weber matthew.we...@rockwellcollins.com --- coreutils/mkdir.c | 7 +-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/coreutils/mkdir.c b/coreutils/mkdir.c index 864edfb..9fb6e7e 100644 --- a/coreutils/mkdir.c +++ b/coreutils/mkdir.c @@ -83,8 +83,11 @@ int mkdir_main(int argc UNUSED_PARAM, char **argv) flags |= FILEUTILS_VERBOSE; #if ENABLE_SELINUX if (opt 8) { - selinux_or_die(); - setfscreatecon_or_die(scontext); + if (is_selinux_enabled()) { + setfscreatecon_or_die(scontext); + } + else + bb_perror_msg(Ignored -Z for [%s],*(argv+optind)); } #endif -- 1.9.1 ___ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox