# HG changeset patch # User Jim Meyering # Date 1249560923 -7200 # Node ID c51247a03b74c3d9b6d9e9740dd57de5aad2b3d2 # Parent 51e19b43ff658664004864edefe5d584bb754621 selinux-at: new module Initially written for coreutils, this module will soon be used by findutils, too. * MODULES.html.sh [Misc]: Add selinux-at. * lib/selinux-at.h: New file, from coreutils. * lib/selinux-at.c: Likewise. * modules/selinux-at: Likewise. (License): Change from LGPL to GPL, since it depends on the GPL'd openat module. diff --git a/ChangeLog b/ChangeLog --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,15 @@ 2009-08-06 Jim Meyering + selinux-at: new module + Initially written for coreutils, this module will soon be + used by findutils, too. + * MODULES.html.sh [Misc]: Add selinux-at. + * lib/selinux-at.h: New file, from coreutils. + * lib/selinux-at.c: Likewise. + * modules/selinux-at: Likewise. + (License): Change from LGPL to GPL, since it depends + on the GPL'd openat module. + doc: update README * README: Remove references to cogito. Remove cvs-repo-updating instructions from 2007. diff --git a/MODULES.html.sh b/MODULES.html.sh --- a/MODULES.html.sh +++ b/MODULES.html.sh @@ -3114,6 +3114,7 @@ func_module quote func_module readutmp func_module random_r + func_module selinux-at func_module sysexits func_module u64 func_module verror diff --git a/lib/selinux-at.c b/lib/selinux-at.c new file mode 100644 --- /dev/null +++ b/lib/selinux-at.c @@ -0,0 +1,88 @@ +/* openat-style fd-relative functions for SE Linux + Copyright (C) 2007, 2009 Free Software Foundation, Inc. + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + +/* written by Jim Meyering */ + +#include + +#include "selinux-at.h" +#include "openat.h" + +#include +#include +#include +#include + +#include "dirname.h" /* solely for definition of IS_ABSOLUTE_FILE_NAME */ +#include "save-cwd.h" + +#include "openat-priv.h" + +#define AT_FUNC_NAME getfileconat +#define AT_FUNC_F1 getfilecon +#define AT_FUNC_F2 getfilecon +#define AT_FUNC_USE_F1_COND 1 +#define AT_FUNC_POST_FILE_PARAM_DECLS , security_context_t *con +#define AT_FUNC_POST_FILE_ARGS , con +#include "at-func.c" +#undef AT_FUNC_NAME +#undef AT_FUNC_F1 +#undef AT_FUNC_F2 +#undef AT_FUNC_USE_F1_COND +#undef AT_FUNC_POST_FILE_PARAM_DECLS +#undef AT_FUNC_POST_FILE_ARGS + +#define AT_FUNC_NAME lgetfileconat +#define AT_FUNC_F1 lgetfilecon +#define AT_FUNC_F2 lgetfilecon +#define AT_FUNC_USE_F1_COND 1 +#define AT_FUNC_POST_FILE_PARAM_DECLS , security_context_t *con +#define AT_FUNC_POST_FILE_ARGS , con +#include "at-func.c" +#undef AT_FUNC_NAME +#undef AT_FUNC_F1 +#undef AT_FUNC_F2 +#undef AT_FUNC_USE_F1_COND +#undef AT_FUNC_POST_FILE_PARAM_DECLS +#undef AT_FUNC_POST_FILE_ARGS + +#define AT_FUNC_NAME setfileconat +#define AT_FUNC_F1 setfilecon +#define AT_FUNC_F2 setfilecon +#define AT_FUNC_USE_F1_COND 1 +#define AT_FUNC_POST_FILE_PARAM_DECLS , security_context_t con +#define AT_FUNC_POST_FILE_ARGS , con +#include "at-func.c" +#undef AT_FUNC_NAME +#undef AT_FUNC_F1 +#undef AT_FUNC_F2 +#undef AT_FUNC_USE_F1_COND +#undef AT_FUNC_POST_FILE_PARAM_DECLS +#undef AT_FUNC_POST_FILE_ARGS + +#define AT_FUNC_NAME lsetfileconat +#define AT_FUNC_F1 lsetfilecon +#define AT_FUNC_F2 lsetfilecon +#define AT_FUNC_USE_F1_COND 1 +#define AT_FUNC_POST_FILE_PARAM_DECLS , security_context_t con +#define AT_FUNC_POST_FILE_ARGS , con +#include "at-func.c" +#undef AT_FUNC_NAME +#undef AT_FUNC_F1 +#undef AT_FUNC_F2 +#undef AT_FUNC_USE_F1_COND +#undef AT_FUNC_POST_FILE_PARAM_DECLS +#undef AT_FUNC_POST_FILE_ARGS diff --git a/lib/selinux-at.h b/lib/selinux-at.h new file mode 100644 --- /dev/null +++ b/lib/selinux-at.h @@ -0,0 +1,23 @@ +/* Prototypes for openat-style fd-relative SELinux functions + Copyright (C) 2007, 2009 Free Software Foundation, Inc. + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + +#include +#include + +int getfileconat (int fd, char const *file, security_context_t *con); +int lgetfileconat (int fd, char const *file, security_context_t *con); +int setfileconat (int fd, char const *file, security_context_t con); +int lsetfileconat (int fd, char const *file, security_context_t con); diff --git a/modules/selinux-at b/modules/selinux-at new file mode 100644 --- /dev/null +++ b/modules/selinux-at @@ -0,0 +1,32 @@ +Description: +openat-style fd-relative functions for SE Linux + +Files: +lib/selinux-at.c +lib/selinux-at.h + +Depends-on: +openat +selinux-h + +configure.ac: +AC_CHECK_HEADERS([selinux/flask.h]) +AC_LIBOBJ([selinux-at]) +gl_save_LIBS=$LIBS + LIB_SELINUX= + AC_SEARCH_LIBS([setfilecon], [selinux], + [test "$ac_cv_search_setfilecon" = "none required" || + LIB_SELINUX=$ac_cv_search_setfilecon]) + AC_SUBST(LIB_SELINUX) +LIBS=$gl_save_LIBS + +Makefile.am: + +Include: +selinux-at.h + +License: +GPL + +Maintainer: +Jim Meyering