Re: [PATCH] ss: Add support for retrieving SELinux contexts

Ben Hutchings <ben@xxxxxxxxxxxxxxx> · Sun, 16 Feb 2014 13:18:10 +0000

On Fri, 2014-02-14 at 15:20 +0000, Richard Haines wrote:
> The process SELinux contexts can be added to the output using the -Z
> option. Using the -z option will show the process and socket contexts (see
> the man page for details).
> For netlink sockets: if valid process show process context, if pid = 0
> show kernel initial context, if unknown show "not available".
> 
> Signed-off-by: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
> ---
>  configure     |  16 +++
>  man/man8/ss.8 |  34 ++++++
>  misc/Makefile |  12 ++
>  misc/ss.c     | 375 ++++++++++++++++++++++++++++++++++++++++++++++++++--------
>  4 files changed, 387 insertions(+), 50 deletions(-)
> 
> diff --git a/configure b/configure
> index da01c19..854837e 100755
> --- a/configure
> +++ b/configure
> @@ -231,6 +231,19 @@ EOF
>      rm -f $TMPDIR/ipsettest.c $TMPDIR/ipsettest
>  }
>  
> +check_selinux()
> +# SELinux is a compile time option in the ss utility
> +{
> +	SELINUX_LIB=$(${PKG_CONFIG} --silence-errors libselinux --libs)
> +	if [ -n "$SELINUX_LIB" ]

This should be just:
	if pkg-config libselinux --exists

> +	then
> +	echo "HAVE_SELINUX:=y" >>Config
> +	echo "yes"
> +    else
> +	echo "no"
> +	fi
> +}
[...]
> --- a/misc/Makefile
> +++ b/misc/Makefile
> @@ -8,6 +8,18 @@ include ../Config
>  all: $(TARGETS)
>  
>  ss: $(SSOBJ)
> +ifeq ($(HAVE_SELINUX),y)
> +	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(SSOBJ) $(LDLIBS) -lselinux

This should use the output of 'pkg-config libselinux --libs'.

> +else
> +	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(SSOBJ) $(LDLIBS)
> +endif
> +
> +ss.o: ss.c
> +ifeq ($(HAVE_SELINUX),y)
> +	$(CC) $(CFLAGS) -DHAVE_SELINUX -c $+

This should use the output of 'pkg-config libselinux --cflags'.

> +else
> +	$(CC) $(CFLAGS) -c $+
> +endif
[...]

Ben.

-- 
Ben Hutchings
Any sufficiently advanced bug is indistinguishable from a feature.
Attachment:
signature.asc

Description: This is a digitally signed message part
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.