On Tue, Oct 13, 2020 at 04:48:05PM +0200, Petr Lautrbach wrote: > On Sun, Oct 04, 2020 at 04:03:39PM +0200, Nicolas Iooss wrote: > > Function matchpathcon() is deprecated in favor of selabel_lookup() but > > program "matchpathcon" is much easier to use than "selabel_loopkup" to > > find the file context which would be applied to some files and > > directories. > > > > More precisely: > > > > matchpathcon /path/to/my/file > > > > is easier to type and remember than: > > > > selabel_lookup -b file -k /path/to/my/file > > > > It also allows performing multiple context searches in one command, > > where selabel_lookup cannot use multiple -k options. > > > > Migrate matchpathcon to the preferred API. > > > > Signed-off-by: Nicolas Iooss <nicolas.iooss@xxxxxxx> > > > Thanks for this! > > Travis run https://travis-ci.org/github/bachradsusi/SELinuxProject-selinux/builds/735357374 > > Acked-by: Petr Lautrbach <plautrba@xxxxxxxxxx> > It's merged now. > > > --- > > libselinux/utils/Makefile | 2 - > > libselinux/utils/matchpathcon.c | 87 ++++++++++++++------------------- > > 2 files changed, 38 insertions(+), 51 deletions(-) > > > > diff --git a/libselinux/utils/Makefile b/libselinux/utils/Makefile > > index aa2d3e1b144f..b018a08acbe0 100644 > > --- a/libselinux/utils/Makefile > > +++ b/libselinux/utils/Makefile > > @@ -56,8 +56,6 @@ sefcontext_compile: LDLIBS += $(PCRE_LDLIBS) ../src/libselinux.a -lsepol > > > > sefcontext_compile: sefcontext_compile.o ../src/regex.o > > > > -matchpathcon: CFLAGS += -Wno-deprecated-declarations > > - > > all: $(TARGETS) > > > > install: all > > diff --git a/libselinux/utils/matchpathcon.c b/libselinux/utils/matchpathcon.c > > index cc018d213f4c..a07e160dee71 100644 > > --- a/libselinux/utils/matchpathcon.c > > +++ b/libselinux/utils/matchpathcon.c > > @@ -1,15 +1,14 @@ > > -#include <unistd.h> > > -#include <stdio.h> > > -#include <stdlib.h> > > -#include <getopt.h> > > #include <errno.h> > > -#include <string.h> > > +#include <getopt.h> > > #include <limits.h> > > -#include <sys/types.h> > > -#include <sys/stat.h> > > +#include <selinux/label.h> > > #include <selinux/selinux.h> > > -#include <limits.h> > > +#include <stdio.h> > > #include <stdlib.h> > > +#include <string.h> > > +#include <sys/stat.h> > > +#include <sys/types.h> > > +#include <unistd.h> > > > > static __attribute__ ((__noreturn__)) void usage(const char *progname) > > { > > @@ -19,15 +18,21 @@ static __attribute__ ((__noreturn__)) void usage(const char *progname) > > exit(1); > > } > > > > -static int printmatchpathcon(const char *path, int header, int mode) > > +static int printmatchpathcon(struct selabel_handle *hnd, const char *path, int header, int mode, int notrans) > > { > > - char *buf; > > - int rc = matchpathcon(path, mode, &buf); > > + char *buf = NULL; > > + int rc; > > + > > + if (notrans) { > > + rc = selabel_lookup_raw(hnd, &buf, path, mode); > > + } else { > > + rc = selabel_lookup(hnd, &buf, path, mode); > > + } > > if (rc < 0) { > > if (errno == ENOENT) { > > buf = strdup("<<none>>"); > > } else { > > - fprintf(stderr, "matchpathcon(%s) failed: %s\n", path, > > + fprintf(stderr, "selabel_lookup(%s) failed: %s\n", path, > > strerror(errno)); > > return 1; > > } > > @@ -66,15 +71,14 @@ static mode_t string_to_mode(char *s) > > > > int main(int argc, char **argv) > > { > > - int i, init = 0, force_mode = 0; > > + int i, force_mode = 0; > > int header = 1, opt; > > int verify = 0; > > int notrans = 0; > > int error = 0; > > int quiet = 0; > > - > > - fprintf(stderr, > > - "Deprecated, use selabel_lookup\n"); > > + struct selabel_handle *hnd; > > + struct selinux_opt options[SELABEL_NOPT] = {}; > > > > if (argc < 2) > > usage(argv[0]); > > @@ -96,23 +100,10 @@ int main(int argc, char **argv) > > break; > > case 'N': > > notrans = 1; > > - set_matchpathcon_flags(MATCHPATHCON_NOTRANS); > > break; > > case 'f': > > - if (init) { > > - fprintf(stderr, > > - "%s: -f and -p are exclusive\n", > > - argv[0]); > > - exit(1); > > - } > > - init = 1; > > - if (matchpathcon_init(optarg)) { > > - fprintf(stderr, > > - "Error while processing %s: %s\n", > > - optarg, > > - errno ? strerror(errno) : "invalid"); > > - exit(1); > > - } > > + options[SELABEL_OPT_PATH].type = SELABEL_OPT_PATH; > > + options[SELABEL_OPT_PATH].value = optarg; > > break; > > case 'P': > > if (selinux_set_policy_root(optarg) < 0 ) { > > @@ -124,20 +115,11 @@ int main(int argc, char **argv) > > } > > break; > > case 'p': > > - if (init) { > > - fprintf(stderr, > > - "%s: -f and -p are exclusive\n", > > - argv[0]); > > - exit(1); > > - } > > - init = 1; > > - if (matchpathcon_init_prefix(NULL, optarg)) { > > - fprintf(stderr, > > - "Error while processing %s: %s\n", > > - optarg, > > - errno ? strerror(errno) : "invalid"); > > - exit(1); > > - } > > + // This option has been deprecated since libselinux 2.5 (2016): > > + // https://github.com/SELinuxProject/selinux/commit/26e05da0fc2d0a4bd274320968a88f8acbb3b6a6 > > + fprintf(stderr, "Warning: using %s -p is deprecated\n", argv[0]); > > + options[SELABEL_OPT_SUBSET].type = SELABEL_OPT_SUBSET; > > + options[SELABEL_OPT_SUBSET].value = optarg; > > break; > > case 'q': > > quiet = 1; > > @@ -146,6 +128,13 @@ int main(int argc, char **argv) > > usage(argv[0]); > > } > > } > > + hnd = selabel_open(SELABEL_CTX_FILE, options, SELABEL_NOPT); > > + if (!hnd) { > > + fprintf(stderr, > > + "Error while opening file contexts database: %s\n", > > + strerror(errno)); > > + return -1; > > + } > > for (i = optind; i < argc; i++) { > > int rc, mode = 0; > > struct stat buf; > > @@ -185,19 +174,19 @@ int main(int argc, char **argv) > > if (rc >= 0) { > > printf("%s has context %s, should be ", > > path, con); > > - printmatchpathcon(path, 0, mode); > > + printmatchpathcon(hnd, path, 0, mode, notrans); > > freecon(con); > > } else { > > printf > > ("actual context unknown: %s, should be ", > > strerror(errno)); > > - printmatchpathcon(path, 0, mode); > > + printmatchpathcon(hnd, path, 0, mode, notrans); > > } > > } > > } else { > > - error |= printmatchpathcon(path, header, mode); > > + error |= printmatchpathcon(hnd, path, header, mode, notrans); > > } > > } > > - matchpathcon_fini(); > > + selabel_close(hnd); > > return error; > > } > > -- > > 2.28.0 > >
Attachment:
signature.asc
Description: PGP signature
