# HG changeset patch # User Jim Meyering # Date 1249635437 -7200 # Node ID 3f075467f0f5706ef0e553a2c574e2c6bdb95c4b # Parent 20dfb1cf7571e3ea2f93f8d49e15404a026998f5 selinux-at: remove redundant m4 code, add documentation * modules/selinux-at (configure.ac): Remove redundant code. LIB_SELINUX is already set via the dependent module, selinux-h. (Include): Add quotes around selinux-at.h. * lib/selinux-at.h: Add documentation. Reported by Bruno Haible in http://marc.info/?l=gnulib-bug&m=124958988300749 diff --git a/ChangeLog b/ChangeLog --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,13 @@ +2009-08-07 Jim Meyering + + selinux-at: remove redundant m4 code, add documentation + * modules/selinux-at (configure.ac): Remove redundant code. + LIB_SELINUX is already set via the dependent module, selinux-h. + (Include): Add quotes around selinux-at.h. + * lib/selinux-at.h: Add documentation. + Reported by Bruno Haible in + http://marc.info/?l=gnulib-bug&m=124958988300749 + 2009-08-07 Bruno Haible Avoid link error on MacOS X 10.3 and 10.4. diff --git a/lib/selinux-at.h b/lib/selinux-at.h --- a/lib/selinux-at.h +++ b/lib/selinux-at.h @@ -17,7 +17,36 @@ #include #include -int getfileconat (int fd, char const *file, security_context_t *con); -int lgetfileconat (int fd, char const *file, security_context_t *con); -int setfileconat (int fd, char const *file, security_context_t con); -int lsetfileconat (int fd, char const *file, security_context_t con); +/* These are the dir-fd-relative variants of the functions without the + "at" suffix. For example, getfileconat (AT_FDCWD, file, &c) is usually + equivalent to getfileconat (file, &c). The emulation is accomplished + by first attempting getfilecon ("/proc/self/fd/DIRFD/FILE", &c). + Failing that, simulate it via save_cwd/fchdir/getfilecon/restore_cwd. + If either the save_cwd or the restore_cwd fails (relatively unlikely), + then give a diagnostic and exit nonzero. */ + +/* dir-fd-relative getfilecon. Set *CON to the SELinux security context + of the file specified by DIRFD and FILE and return the length of *CON. + DIRFD and FILE are interpreted as for fstatat[*]. A non-NULL *CON + must be freed with freecon. Upon error, set *CON to NULL, set errno + and return -1. + [*] with flags=0 here, with flags=AT_SYMLINK_NOFOLLOW for lgetfileconat */ +int getfileconat (int dirfd, char const *file, security_context_t *con); + +/* dir-fd-relative lgetfilecon. This function is just like getfileconat, + except when DIRFD and FILE specify a symlink: lgetfileconat operates on + the symlink, while getfileconat operates on the referent of the symlink. */ +int lgetfileconat (int dirfd, char const *file, security_context_t *con); + +/* dir-fd-relative setfilecon. Set the SELinux security context of + the file specified by DIRFD and FILE to CON. DIRFD and FILE are + interpreted as for fstatat[*]. Upon success, return 0. + Otherwise, return -1 and set errno. */ +int setfileconat (int dirfd, char const *file, security_context_t con); + +/* dir-fd-relative lsetfilecon. This function is just like setfileconat, + except that rather than dereferencing a symlink, this function affects it. */ +/* dir-fd-relative lsetfilecon. This function is just like setfileconat, + except when DIRFD and FILE specify a symlink: lsetfileconat operates on + the symlink, while setfileconat operates on the referent of the symlink. */ +int lsetfileconat (int dirfd, char const *file, security_context_t con); diff --git a/modules/selinux-at b/modules/selinux-at --- a/modules/selinux-at +++ b/modules/selinux-at @@ -12,18 +12,11 @@ configure.ac: AC_CHECK_HEADERS([selinux/flask.h]) AC_LIBOBJ([selinux-at]) -gl_save_LIBS=$LIBS - LIB_SELINUX= - AC_SEARCH_LIBS([setfilecon], [selinux], - [test "$ac_cv_search_setfilecon" = "none required" || - LIB_SELINUX=$ac_cv_search_setfilecon]) - AC_SUBST(LIB_SELINUX) -LIBS=$gl_save_LIBS Makefile.am: Include: -selinux-at.h +"selinux-at.h" License: GPL