Jim Meyering <jim@xxxxxxxxxxxx> wrote: > I wrote this: >> [ I'm Cc'ing bug-coreutils@xxxxxxxx >> FYI, this is a continuation of discussion from the SELinux list: >> http://marc.info/?t=120645074000003&r=1&w=2 >> and the debian bug tracking system: http://bugs.debian.org/472590 >> >> The problem is that on an SELinux-enabled system, 'ls -l's "+", >> the "alternate access method" indicator, is useless, because it >> appears on every file: >> >> $ ls -glo /var >> total 164 >> drwxr-xr-x+ 3 4096 2008-03-29 08:43 kerberos >> drwxr-xr-x+ 39 4096 2008-03-29 08:43 lib >> drwxr-xr-x+ 2 4096 2008-03-27 17:33 local >> drwxrwxr-x+ 8 4096 2008-03-31 04:15 lock >> drwxr-xr-x+ 20 4096 2008-03-31 09:55 log >> lrwxrwxrwx+ 1 10 2008-03-28 23:33 mail -> spool/mail >> ... >> >> Newer POSIX allows any non-space character as the indicator, and >> that's what we're discussing now. >> ] >> >> Russell Coker <russell@xxxxxxxxxxxx> wrote: >>> On Wednesday 26 March 2008 04:31, Michael Stone <mstone@xxxxxxxxxx> wrote: >>>> if (acl) then '+' >>>> else if (selinux) then '.' >>> >>> Should there be some special marking of files with both a SE Linux context and >>> an ACL? >>> >>> Pity that they didn't choose an "a" to mark an ACL which would then permit >>> using "A" for ACL + MAC. >> >> This is probably as good a time as any to make such a change, though >> I doubt it will make the cut for the upcoming release. I'd like to keep >> it simple (i.e., not try to encode all possible combinations). If you >> want to get full details, stat(1) is probably the program to change. >> >> I like Michael's suggestion. Rephrasing it, >> >> if (SELinux, with no other MAC or ACL) >> use '.' >> else if (any other combination of alternate access methods) >> use '+' >> >> If someone who already has a copyright assignment on file for coreutils >> wants to write the patch (including doc update, tests, NEWS, ChangeLog, >> etc.), please speak up ASAP. Otherwise I'll do it. > > No one spoke up, so here's code, for discussion's sake. > I've tested it only lightly. > This change is not slated for the upcoming release. > > Here's sample output, running on an SELinux system: > > $ src/ls -ldgo [ac]* > -rw-r--r--. 1 42625 2008-04-02 19:31 aclocal.m4 > drwxr-xr-x. 2 4096 2008-04-02 19:31 autom4te.cache > -rw-r--r--. 1 1597 2008-03-21 16:35 cfg.mk > -rw-r--r--. 1 1417195 2008-04-02 19:33 config.log > -rwxr-xr-x. 1 71225 2008-04-02 19:33 config.status > -rwxr-xr-x. 1 1846424 2008-04-02 19:31 configure > -rw-r--r--. 1 12014 2008-03-25 23:55 configure.ac Thanks to a nudge from Ondřej, I've just completed and pushed this: >From b3677e5e383103bf1764b2c8a9329b1c17934b24 Mon Sep 17 00:00:00 2001 From: Jim Meyering <meyering@xxxxxxxxxx> Date: Wed, 2 Apr 2008 22:26:45 +0200 Subject: [PATCH] ls: use '.' (not +) as SELinux-only alt. access flag in ls -l output * src/ls.c (gobble_file) [long_format]: Map SELinux-only to '.', any other nonempty combination of MAC and ACL to '+', and all else to the usual ' '. Suggested by Michael Stone. * tests/misc/selinux: Adapt: expect '.', not '+'. * doc/coreutils.texi (What information is listed): Document this. * NEWS (Changes in behavior): Mention it. --- NEWS | 6 ++++++ doc/coreutils.texi | 8 +++++--- src/ls.c | 25 +++++++++++++++++++------ tests/misc/selinux | 4 ++-- 4 files changed, 32 insertions(+), 11 deletions(-) diff --git a/NEWS b/NEWS index ab7d5bd..357efc2 100644 --- a/NEWS +++ b/NEWS @@ -6,6 +6,12 @@ GNU coreutils NEWS -*- outline -*- stat -f recognizes the Lustre file system type +** Changes in behavior + + ls -l now marks SELinux-only files with the less obtrusive '.', + rather than '+'. A file with any other combination of MAC and ACL + is still marked with a '+'. + * Noteworthy changes in release 7.0 (2008-10-05) [beta] diff --git a/doc/coreutils.texi b/doc/coreutils.texi index 6459870..cbef013 100644 --- a/doc/coreutils.texi +++ b/doc/coreutils.texi @@ -6474,9 +6474,11 @@ What information is listed space, there is no alternate access method. When it is a printing character, then there is such a method. -For a file with an extended access control list, a @samp{+} character is -listed. Basic access control lists are equivalent to the permissions -listed, and are not considered an alternate access method. +GNU @command{ls} uses a @samp{.} character to indicate a file +with an SELinux security context, but no other alternate access method. + +A file with any other combination of alternate access methods +is marked with a @samp{+} character. @item -n @itemx --numeric-uid-gid diff --git a/src/ls.c b/src/ls.c index e38a5fe..590af7f 100644 --- a/src/ls.c +++ b/src/ls.c @@ -154,6 +154,12 @@ verify (sizeof filetype_letter - 1 == arg_directory + 1); C_LINK, C_SOCK, C_FILE, C_DIR \ } +enum acl_type + { + ACL_T_NONE, + ACL_T_SELINUX_ONLY, + ACL_T_YES + }; struct fileinfo { @@ -182,7 +188,7 @@ struct fileinfo /* For long listings, true if the file has an access control list, or an SELinux security context. */ - bool have_acl; + enum acl_type acl_type; }; #define LEN_STR_PAIR(s) sizeof (s) - 1, s @@ -2689,6 +2695,7 @@ gobble_file (char const *name, enum filetype type, ino_t inode, if (format == long_format || print_scontext) { + bool have_selinux = false; bool have_acl = false; int attr_len = (do_deref ? getfilecon (absolute_name, &f->scontext) @@ -2707,7 +2714,7 @@ gobble_file (char const *name, enum filetype type, ino_t inode, } if (err == 0) - have_acl = ! STREQ ("unlabeled", f->scontext); + have_selinux = ! STREQ ("unlabeled", f->scontext); else { f->scontext = UNKNOWN_SECURITY_CONTEXT; @@ -2720,15 +2727,19 @@ gobble_file (char const *name, enum filetype type, ino_t inode, err = 0; } - if (err == 0 && ! have_acl && format == long_format) + if (err == 0 && format == long_format) { int n = file_has_acl (absolute_name, &f->stat); err = (n < 0); have_acl = (0 < n); } - f->have_acl = have_acl; - any_has_acl |= have_acl; + f->acl_type = (!have_selinux && !have_acl + ? ACL_T_NONE + : (have_selinux && !have_acl + ? ACL_T_SELINUX_ONLY + : ACL_T_YES)); + any_has_acl |= f->acl_type != ACL_T_NONE; if (err) error (0, errno, "%s", quotearg_colon (absolute_name)); @@ -3449,7 +3460,9 @@ print_long_format (const struct fileinfo *f) } if (! any_has_acl) modebuf[10] = '\0'; - else if (f->have_acl) + else if (f->acl_type == ACL_T_SELINUX_ONLY) + modebuf[10] = '.'; + else if (f->acl_type == ACL_T_YES) modebuf[10] = '+'; switch (time_type) diff --git a/tests/misc/selinux b/tests/misc/selinux index a231fa7..8211c80 100755 --- a/tests/misc/selinux +++ b/tests/misc/selinux @@ -34,8 +34,8 @@ for i in d f p; do c=`stat --printf %C $i`; test x$c = x$ctx || fail=1 done -# ensure that ls -l output includes the "+". -c=`ls -l f|cut -c11`; test "$c" = + || fail=1 +# ensure that ls -l output includes the ".". +c=`ls -l f|cut -c11`; test "$c" = . || fail=1 # Copy each to a new directory and ensure that context is preserved. cp -r --preserve=all d f p s1 || fail=1 -- 1.6.0.3 -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
