On Sun, Oct 04, 2020 at 04:03:39PM +0200, Nicolas Iooss wrote: > Function matchpathcon() is deprecated in favor of selabel_lookup() but > program "matchpathcon" is much easier to use than "selabel_loopkup" to > find the file context which would be applied to some files and > directories. > > More precisely: > > matchpathcon /path/to/my/file > > is easier to type and remember than: > > selabel_lookup -b file -k /path/to/my/file > > It also allows performing multiple context searches in one command, > where selabel_lookup cannot use multiple -k options. > > Migrate matchpathcon to the preferred API. > > Signed-off-by: Nicolas Iooss <nicolas.iooss@xxxxxxx> Thanks for this! Travis run https://travis-ci.org/github/bachradsusi/SELinuxProject-selinux/builds/735357374 Acked-by: Petr Lautrbach <plautrba@xxxxxxxxxx> > --- > libselinux/utils/Makefile | 2 - > libselinux/utils/matchpathcon.c | 87 ++++++++++++++------------------- > 2 files changed, 38 insertions(+), 51 deletions(-) > > diff --git a/libselinux/utils/Makefile b/libselinux/utils/Makefile > index aa2d3e1b144f..b018a08acbe0 100644 > --- a/libselinux/utils/Makefile > +++ b/libselinux/utils/Makefile > @@ -56,8 +56,6 @@ sefcontext_compile: LDLIBS += $(PCRE_LDLIBS) ../src/libselinux.a -lsepol > > sefcontext_compile: sefcontext_compile.o ../src/regex.o > > -matchpathcon: CFLAGS += -Wno-deprecated-declarations > - > all: $(TARGETS) > > install: all > diff --git a/libselinux/utils/matchpathcon.c b/libselinux/utils/matchpathcon.c > index cc018d213f4c..a07e160dee71 100644 > --- a/libselinux/utils/matchpathcon.c > +++ b/libselinux/utils/matchpathcon.c > @@ -1,15 +1,14 @@ > -#include <unistd.h> > -#include <stdio.h> > -#include <stdlib.h> > -#include <getopt.h> > #include <errno.h> > -#include <string.h> > +#include <getopt.h> > #include <limits.h> > -#include <sys/types.h> > -#include <sys/stat.h> > +#include <selinux/label.h> > #include <selinux/selinux.h> > -#include <limits.h> > +#include <stdio.h> > #include <stdlib.h> > +#include <string.h> > +#include <sys/stat.h> > +#include <sys/types.h> > +#include <unistd.h> > > static __attribute__ ((__noreturn__)) void usage(const char *progname) > { > @@ -19,15 +18,21 @@ static __attribute__ ((__noreturn__)) void usage(const char *progname) > exit(1); > } > > -static int printmatchpathcon(const char *path, int header, int mode) > +static int printmatchpathcon(struct selabel_handle *hnd, const char *path, int header, int mode, int notrans) > { > - char *buf; > - int rc = matchpathcon(path, mode, &buf); > + char *buf = NULL; > + int rc; > + > + if (notrans) { > + rc = selabel_lookup_raw(hnd, &buf, path, mode); > + } else { > + rc = selabel_lookup(hnd, &buf, path, mode); > + } > if (rc < 0) { > if (errno == ENOENT) { > buf = strdup("<<none>>"); > } else { > - fprintf(stderr, "matchpathcon(%s) failed: %s\n", path, > + fprintf(stderr, "selabel_lookup(%s) failed: %s\n", path, > strerror(errno)); > return 1; > } > @@ -66,15 +71,14 @@ static mode_t string_to_mode(char *s) > > int main(int argc, char **argv) > { > - int i, init = 0, force_mode = 0; > + int i, force_mode = 0; > int header = 1, opt; > int verify = 0; > int notrans = 0; > int error = 0; > int quiet = 0; > - > - fprintf(stderr, > - "Deprecated, use selabel_lookup\n"); > + struct selabel_handle *hnd; > + struct selinux_opt options[SELABEL_NOPT] = {}; > > if (argc < 2) > usage(argv[0]); > @@ -96,23 +100,10 @@ int main(int argc, char **argv) > break; > case 'N': > notrans = 1; > - set_matchpathcon_flags(MATCHPATHCON_NOTRANS); > break; > case 'f': > - if (init) { > - fprintf(stderr, > - "%s: -f and -p are exclusive\n", > - argv[0]); > - exit(1); > - } > - init = 1; > - if (matchpathcon_init(optarg)) { > - fprintf(stderr, > - "Error while processing %s: %s\n", > - optarg, > - errno ? strerror(errno) : "invalid"); > - exit(1); > - } > + options[SELABEL_OPT_PATH].type = SELABEL_OPT_PATH; > + options[SELABEL_OPT_PATH].value = optarg; > break; > case 'P': > if (selinux_set_policy_root(optarg) < 0 ) { > @@ -124,20 +115,11 @@ int main(int argc, char **argv) > } > break; > case 'p': > - if (init) { > - fprintf(stderr, > - "%s: -f and -p are exclusive\n", > - argv[0]); > - exit(1); > - } > - init = 1; > - if (matchpathcon_init_prefix(NULL, optarg)) { > - fprintf(stderr, > - "Error while processing %s: %s\n", > - optarg, > - errno ? strerror(errno) : "invalid"); > - exit(1); > - } > + // This option has been deprecated since libselinux 2.5 (2016): > + // https://github.com/SELinuxProject/selinux/commit/26e05da0fc2d0a4bd274320968a88f8acbb3b6a6 > + fprintf(stderr, "Warning: using %s -p is deprecated\n", argv[0]); > + options[SELABEL_OPT_SUBSET].type = SELABEL_OPT_SUBSET; > + options[SELABEL_OPT_SUBSET].value = optarg; > break; > case 'q': > quiet = 1; > @@ -146,6 +128,13 @@ int main(int argc, char **argv) > usage(argv[0]); > } > } > + hnd = selabel_open(SELABEL_CTX_FILE, options, SELABEL_NOPT); > + if (!hnd) { > + fprintf(stderr, > + "Error while opening file contexts database: %s\n", > + strerror(errno)); > + return -1; > + } > for (i = optind; i < argc; i++) { > int rc, mode = 0; > struct stat buf; > @@ -185,19 +174,19 @@ int main(int argc, char **argv) > if (rc >= 0) { > printf("%s has context %s, should be ", > path, con); > - printmatchpathcon(path, 0, mode); > + printmatchpathcon(hnd, path, 0, mode, notrans); > freecon(con); > } else { > printf > ("actual context unknown: %s, should be ", > strerror(errno)); > - printmatchpathcon(path, 0, mode); > + printmatchpathcon(hnd, path, 0, mode, notrans); > } > } > } else { > - error |= printmatchpathcon(path, header, mode); > + error |= printmatchpathcon(hnd, path, header, mode, notrans); > } > } > - matchpathcon_fini(); > + selabel_close(hnd); > return error; > } > -- > 2.28.0 >
Attachment:
signature.asc
Description: PGP signature
