-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This patch looks good to me. acked. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk44GSEACgkQrlYvE4MpobP5vwCgzNtoNMjsYCoeS1mgopMgorIh bPIAoJrwtLvOBoKj8hAlf0m6hZ0i+0dF =v99j -----END PGP SIGNATURE-----
>From 895dce5702a921b7ef01d71e04f34a5dff4d14ee Mon Sep 17 00:00:00 2001
From: Eric Paris <eparis@localhost.localdomain>
Date: Tue, 28 Jun 2011 19:40:26 -0400
Subject: [PATCH 13/92] libselinux: new setexecon utility
This utility will tell what context a new task will have after exec
based on the pathname and the context of the launching task.
Signed-off-by: Eric Paris <eparis@xxxxxxxxxx>
---
libselinux/man/man8/selinuxexeccon.8 | 24 +++++++++++++
libselinux/utils/.gitignore | 1 +
libselinux/utils/selinuxexeccon.c | 60 ++++++++++++++++++++++++++++++++++
3 files changed, 85 insertions(+), 0 deletions(-)
create mode 100644 libselinux/man/man8/selinuxexeccon.8
create mode 100644 libselinux/utils/.gitignore
create mode 100644 libselinux/utils/selinuxexeccon.c
diff --git a/libselinux/man/man8/selinuxexeccon.8 b/libselinux/man/man8/selinuxexeccon.8
new file mode 100644
index 0000000..6482d74
--- /dev/null
+++ b/libselinux/man/man8/selinuxexeccon.8
@@ -0,0 +1,24 @@
+.TH "selinuxexeccon" "1" "14 May 2011" "dwalsh@xxxxxxxxxx" "SELinux Command Line documentation"
+.SH "NAME"
+selinuxexeccon \- report SELinux context used for this executable
+
+.SH "SYNOPSIS"
+.B selinuxexeccon command [ fromcon] o
+
+.SH "DESCRIPTION"
+.B selinuxexeccon
+reports the SELinux process context for the specified command from the specified context or the current context.
+
+.SH EXAMPLE
+# selinuxexeccon /usr/bin/passwd
+staff_u:staff_r:passwd_t:s0-s0:c0.c1023
+
+.br
+# selinuxexeccon /usr/sbin/sendmail system_u:system_r:httpd_t:s0
+system_u:system_r:system_mail_t:s0
+
+.SH AUTHOR
+This manual page was written by Dan Walsh <dwalsh@xxxxxxxxxx>.
+
+.SH "SEE ALSO"
+secon(8)
diff --git a/libselinux/utils/.gitignore b/libselinux/utils/.gitignore
new file mode 100644
index 0000000..50e524e
--- /dev/null
+++ b/libselinux/utils/.gitignore
@@ -0,0 +1 @@
+selinuxexeccon
diff --git a/libselinux/utils/selinuxexeccon.c b/libselinux/utils/selinuxexeccon.c
new file mode 100644
index 0000000..c55fde9
--- /dev/null
+++ b/libselinux/utils/selinuxexeccon.c
@@ -0,0 +1,60 @@
+#include <unistd.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <string.h>
+#include <ctype.h>
+#include <selinux/flask.h>
+#include <selinux/selinux.h>
+
+void usage(char *name, char *detail, int rc)
+{
+ fprintf(stderr, "usage: %s command [ fromcon ]\n", name);
+ if (detail)
+ fprintf(stderr, "%s: %s\n", name, detail);
+ exit(rc);
+}
+
+static security_context_t get_selinux_proc_context(const char *command, security_context_t execcon) {
+ security_context_t fcon = NULL, newcon = NULL;
+
+ int ret = getfilecon(command, &fcon);
+ if (ret < 0) goto err;
+ ret = security_compute_create(execcon, fcon, SECCLASS_PROCESS, &newcon);
+ if (ret < 0) goto err;
+
+err:
+ freecon(fcon);
+ return newcon;
+}
+
+int main(int argc, char **argv)
+{
+ int ret = -1;
+ security_context_t proccon = NULL, con = NULL;
+ if (argc < 2 || argc > 3)
+ usage(argv[0], "Invalid number of arguments", -1);
+
+ if (argc == 2) {
+ if (getcon(&con) < 0) {
+ perror(argv[0]);
+ return -1;
+ }
+ } else {
+ con = strdup(argv[2]);
+ }
+
+ proccon = get_selinux_proc_context(argv[1], con);
+ if (proccon) {
+ printf("%s\n", proccon);
+ ret = 0;
+ } else {
+ perror(argv[0]);
+ }
+
+ free(proccon);
+ free(con);
+ return ret;
+}
--
1.7.6
Attachment:
0013-libselinux-new-setexecon-utility.patch.sig
Description: PGP signature
