diff -urN psmisc-21.4/Makefile.in psmisc-21.4-selinux/Makefile.in --- psmisc-21.4/Makefile.in 2003-11-28 12:04:20.000000000 +0000 +++ psmisc-21.4-selinux/Makefile.in 2004-03-23 14:03:15.703845224 +0000 @@ -74,8 +82,8 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ -FLASK_LIB = @FLASK_LIB@ -FLASK_LINUX = @FLASK_LINUX@ +SELINUX_LIB = @SELINUX_LIB@ +WITH_SELINUX = @WITH_SELINUX@ GCJ = @GCJ@ GCJFLAGS = @GCJFLAGS@ GENCAT = @GENCAT@ @@ -110,6 +117,7 @@ USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ +WITH_SELINUX = @WITH_SELINUX@ am__include = @am__include@ am__quote = @am__quote@ install_sh = @install_sh@ diff -urN psmisc-21.4/config.h.in psmisc-21.4-selinux/config.h.in --- psmisc-21.4/config.h.in 2002-09-27 12:54:00.000000000 +0000 +++ psmisc-21.4-selinux/config.h.in 2004-03-23 14:03:15.498876384 +0000 @@ -5,7 +5,7 @@ #undef ENABLE_NLS /* Use Security-Enhanced Linux features */ -#undef FLASK_LINUX +#undef WITH_SELINUX /* Define if the GNU dcgettext() function is already present or preinstalled. */ diff -urN psmisc-21.4/configure psmisc-21.4-selinux/configure --- psmisc-21.4/configure 2003-11-28 12:04:26.000000000 +0000 +++ psmisc-21.4-selinux/configure 2004-03-23 14:09:38.292682880 +0000 @@ -463,7 +463,7 @@ # include #endif" -ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA PACKAGE VERSION EXEEXT OBJEXT ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO AMTAR install_sh INSTALL_STRIP_PROGRAM AWK SET_MAKE AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH DEPDIR CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC am__include am__quote CCDEPMODE CPP build build_cpu build_vendor build_os host host_cpu host_vendor host_os EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB STRIP ac_ct_STRIP CXX CXXFLAGS ac_ct_CXX CXXDEPMODE CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL FLASK_LINUX FLASK_LIB TERMCAP_LIB INO_T_IS_LONG_LONG INO_T_IS_INT MKINSTALLDIRS USE_NLS MSGFMT GMSGFMT XGETTEXT MSGMERGE LIBICONV LTLIBICONV INTLLIBS LIBINTL LTLIBINTL POSUB LIBOBJS LTLIBOBJS' +ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA PACKAGE VERSION EXEEXT OBJEXT ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO AMTAR install_sh INSTALL_STRIP_PROGRAM AWK SET_MAKE AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH DEPDIR CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC am__include am__quote CCDEPMODE CPP build build_cpu build_vendor build_os host host_cpu host_vendor host_os EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB STRIP ac_ct_STRIP CXX CXXFLAGS ac_ct_CXX CXXDEPMODE CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL WITH_SELINUX SELINUX_LIB TERMCAP_LIB INO_T_IS_LONG_LONG INO_T_IS_INT MKINSTALLDIRS USE_NLS MSGFMT GMSGFMT XGETTEXT MSGMERGE LIBICONV LTLIBICONV INTLLIBS LIBINTL LTLIBINTL POSUB LIBOBJS LTLIBOBJS' ac_subst_files='' # Initialize some variables set by options. @@ -1032,7 +1032,7 @@ --enable-fast-install[=PKGS] optimize for fast installation [default=yes] --disable-libtool-lock avoid locking (might break parallel builds) - --enable-flask Enable Security-Enhanced Linux features + --enable-selinux Security-Enhanced Linux features --disable-nls do not use Native Language Support --disable-rpath do not hardcode runtime library paths --disable-largefile omit support for large files @@ -18822,21 +18822,21 @@ -# Check whether --enable-flask or --disable-flask was given. -if test "${enable_flask+set}" = set; then - enableval="$enable_flask" +# Check whether --enable-selinux or --disable-selinux was given. +if test "${enable_selinux+set}" = set; then + enableval="$enable_selinux" cat >>confdefs.h <<\_ACEOF -#define FLASK_LINUX 1 +#define WITH_SELINUX 1 _ACEOF - echo "$as_me:$LINENO: checking for avc_toggle in -lsecure" >&5 -echo $ECHO_N "checking for avc_toggle in -lsecure... $ECHO_C" >&6 -if test "${ac_cv_lib_secure_avc_toggle+set}" = set; then + echo "$as_me:$LINENO: checking for getfilecon in -lselinux" >&5 +echo $ECHO_N "checking for getfilecon in -lselinux... $ECHO_C" >&6 +if test "${ac_cv_lib_selinux_getfilecon+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_check_lib_save_LIBS=$LIBS -LIBS="-lsecure $LIBS" +LIBS="-lselinux $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF @@ -18850,11 +18850,11 @@ #endif /* We use char because int might match the return type of a gcc2 builtin and then its argument prototype would still apply. */ -char avc_toggle (); +char getfilecon (); int main () { -avc_toggle (); +getfilecon (); ; return 0; } @@ -18880,24 +18880,24 @@ ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then - ac_cv_lib_secure_avc_toggle=yes + ac_cv_lib_selinux_getfilecon=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 -ac_cv_lib_secure_avc_toggle=no +ac_cv_lib_selinux_getfilecon=no fi rm -f conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -echo "$as_me:$LINENO: result: $ac_cv_lib_secure_avc_toggle" >&5 -echo "${ECHO_T}$ac_cv_lib_secure_avc_toggle" >&6 -if test $ac_cv_lib_secure_avc_toggle = yes; then +echo "$as_me:$LINENO: result: $ac_cv_lib_selinux_getfilecon" >&5 +echo "${ECHO_T}$ac_cv_lib_selinux_getfilecon" >&6 +if test $ac_cv_lib_selinux_getfilecon = yes; then FLASK_LIB=-lsecure else - { { echo "$as_me:$LINENO: error: Cannot find selinux/ secure static library" >&5 -echo "$as_me: error: Cannot find selinux/ secure static library" >&2;} + { { echo "$as_me:$LINENO: error: Cannot find selinux secure static library" >&5 +echo "$as_me: error: Cannot find selinux secure static library" >&2;} { (exit 1); exit 1; }; } fi @@ -24618,8 +24618,8 @@ s,@FFLAGS@,$FFLAGS,;t t s,@ac_ct_F77@,$ac_ct_F77,;t t s,@LIBTOOL@,$LIBTOOL,;t t -s,@FLASK_LINUX@,$FLASK_LINUX,;t t -s,@FLASK_LIB@,$FLASK_LIB,;t t +s,@WITH_SELINUX@,$WITH_SELINUX,;t t +s,@SELINUX_LIB@,$SELINUX_LIB,;t t s,@TERMCAP_LIB@,$TERMCAP_LIB,;t t s,@INO_T_IS_LONG_LONG@,$INO_T_IS_LONG_LONG,;t t s,@INO_T_IS_INT@,$INO_T_IS_INT,;t t diff -urN psmisc-21.4/configure.in psmisc-21.4-selinux/configure.in --- psmisc-21.4/configure.in 2003-11-28 12:03:37.000000000 +0000 +++ psmisc-21.4-selinux/configure.in 2004-03-23 14:03:15.659851912 +0000 @@ -10,14 +10,14 @@ AC_PROG_LIBTOOL dnl checks for options -AC_SUBST(FLASK_LINUX) -AC_ARG_ENABLE(flask,[ --enable-flask Enable Security-Enhanced Linux features], - AC_DEFINE([FLASK_LINUX],1,[Use Security-Enhanced Linux features]) - AC_CHECK_LIB(secure, avc_toggle, FLASK_LIB=-lsecure, - AC_MSG_ERROR(Cannot find selinux/ secure static library) +AC_SUBST(WITH_SELINUX) +AC_ARG_ENABLE(selinux,[ --enable-selinux Enable Security-Enhanced Linux features], + AC_DEFINE([WITH_SELINUX],1,[Use Security-Enhanced Linux features]) + AC_CHECK_LIB(selinux,getfilecon, SELINUX_LIB=-lselinux, + AC_MSG_ERROR(Cannot find selinux secure static library) ) ,) -AC_SUBST(FLASK_LIB) +AC_SUBST(SELINUX_LIB) dnl Checks for libraries. AC_CHECK_LIB(ncurses, tgetent, TERMCAP_LIB=-lncurses, diff -urN psmisc-21.4/doc/Makefile.in psmisc-21.4-selinux/doc/Makefile.in --- psmisc-21.4/doc/Makefile.in 2003-11-28 12:03:49.000000000 +0000 +++ psmisc-21.4-selinux/doc/Makefile.in 2004-03-23 14:03:15.403890824 +0000 @@ -74,8 +74,8 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ -FLASK_LIB = @FLASK_LIB@ -FLASK_LINUX = @FLASK_LINUX@ +SELINUX_LIB = @SELINUX_LIB@ +WITH_SELINUX = @WITH_SELINUX@ GCJ = @GCJ@ GCJFLAGS = @GCJFLAGS@ GENCAT = @GENCAT@ diff -urN psmisc-21.4/doc/killall.1 psmisc-21.4-selinux/doc/killall.1 --- psmisc-21.4/doc/killall.1 2003-09-26 13:24:51.000000000 +0000 +++ psmisc-21.4-selinux/doc/killall.1 2004-03-23 14:03:15.383893864 +0000 @@ -4,7 +4,6 @@ .SH SYNOPSIS .ad l .B killall -.RB [ \-d , \-\-sid ] .RB [ \-c , \-\-context ] .RB [ \-e , --exact ] .RB [ \-g , \-\-process-group ] @@ -67,12 +66,9 @@ any of the killed processes still exist and only returns if none are left. Note that \fBkillall\fP may wait forever if the signal was ignored, had no effect, or if the process stays in zombie state. -.IP \fB\-d\fP -(Flask only) Specify SID: kill only processes with given SID. Mutually exclusive -with \fB-c\fP argument. Must precede other arguments on command line. -.IP \fB\-c\fP -(Flask only) Specify security context: kill only processes with given security context. -Mutually exclusive with \fB-d\fP. Must precede other arguments on the command line. +.IP \fB\-Z\fP +(SELinux Only) Specify security context: kill only processes with given security context. +Must precede other arguments on the command line. .SH FILES .nf /proc location of the proc file system diff -urN psmisc-21.4/doc/pstree.1 psmisc-21.4-selinux/doc/pstree.1 --- psmisc-21.4/doc/pstree.1 2003-09-26 13:25:17.000000000 +0000 +++ psmisc-21.4-selinux/doc/pstree.1 2004-03-23 14:03:15.392892496 +0000 @@ -11,6 +11,7 @@ .RB [ \-n ] .RB [ \-p ] .RB [ \-u ] +.RB [ \-Z ] .RB [ \-G | \-U ] .RB [ \fIpid\fB | \fIuser\fB] .br @@ -79,10 +80,8 @@ with \fBecho -e '\\033%@'\fP .IP \fB\-V\fP Display version information. -.IP \fB\-s\fP -(Flask) Show Security ID (SID) for each process. -.IP \fB\-x\fP -(Flask) Show security context for each process. +.IP \fB\-Z\fP +(SELinux) Show security context for each process. .SH FILES .nf /proc location of the proc file system diff -urN psmisc-21.4/src/Makefile.am psmisc-21.4-selinux/src/Makefile.am --- psmisc-21.4/src/Makefile.am 2003-11-28 11:22:16.000000000 +0000 +++ psmisc-21.4-selinux/src/Makefile.am 2004-03-23 14:03:15.422887936 +0000 @@ -21,6 +21,8 @@ CLEANFILES = signames.h pstree.x11 +LIBS=-lselinux + signames.h: signames.c @CPP@ -dM $< |\ tr -s '\t ' ' ' | sort -n -k 3 | sed \ diff -urN psmisc-21.4/src/Makefile.in psmisc-21.4-selinux/src/Makefile.in --- psmisc-21.4/src/Makefile.in 2003-11-28 12:03:49.000000000 +0000 +++ psmisc-21.4-selinux/src/Makefile.in 2004-03-23 14:03:15.443884744 +0000 @@ -74,8 +74,8 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ -FLASK_LIB = @FLASK_LIB@ -FLASK_LINUX = @FLASK_LINUX@ +SELINUX_LIB = @SELINUX_LIB@ +WITH_SELINUX = @WITH_SELINUX@ GCJ = @GCJ@ GCJFLAGS = @GCJFLAGS@ GENCAT = @GENCAT@ @@ -124,11 +124,11 @@ killall_SOURCES = killall.c comm.h signals.c signals.h signames.h -killall_LDADD = @FLASK_LIB@ +killall_LDADD = @SELINUX_LIB@ pstree_SOURCES = pstree.c comm.h -pstree_LDADD = @TERMCAP_LIB@ @FLASK_LIB@ +pstree_LDADD = @TERMCAP_LIB@ @SELINUX_LIB@ BUILT_SOURCES = signames.h @@ -162,7 +162,7 @@ DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir) CPPFLAGS = @CPPFLAGS@ LDFLAGS = @LDFLAGS@ -LIBS = @LIBS@ +LIBS = @LIBS@ -lselinux depcomp = $(SHELL) $(top_srcdir)/depcomp @AMDEP_TRUE@DEP_FILES = $(DEPDIR)/fuser.Po $(DEPDIR)/killall.Po \ @AMDEP_TRUE@ $(DEPDIR)/pstree.Po $(DEPDIR)/signals.Po diff -urN psmisc-21.4/src/killall.c psmisc-21.4-selinux/src/killall.c --- psmisc-21.4/src/killall.c 2003-09-16 11:00:22.000000000 +0000 +++ psmisc-21.4-selinux/src/killall.c 2004-03-23 14:03:15.413889304 +0000 @@ -21,10 +21,11 @@ #include #include #include -#ifdef FLASK_LINUX -#include -#include -#endif /*FLASK_LINUX*/ + +#ifdef WITH_SELINUX +#include +#endif /*WITH_SELINUX*/ + #include #include #define _(String) gettext (String) @@ -64,13 +65,13 @@ return ch == 'y' || ch == 'Y'; } -#ifdef FLASK_LINUX +#ifdef WITH_SELINUX static int -kill_all(int signal, int names, char **namelist, security_id_t sid ) -#else /*FLASK_LINUX*/ +kill_all(int signal, int names, char **namelist, security_context_t scontext ) +#else /*WITH_SELINUX*/ static int kill_all (int signal, int names, char **namelist) -#endif /*FLASK_LINUX*/ +#endif /*WITH_SELINUX*/ { DIR *dir; struct dirent *de; @@ -85,11 +86,11 @@ int empty, i, j, okay, length, got_long, error; int pids, max_pids, pids_killed; unsigned long found; -#ifdef FLASK_LINUX - security_id_t lsid; +#ifdef WITH_SELINUX + security_context_t lcontext=NULL; if ( names == 0 || ! namelist ) exit( 1 ); /* do the obvious thing...*/ -#endif /*FLASK_LINUX*/ +#endif /*WITH_SELINUX*/ if (!(name_len = malloc (sizeof (int) * names))) { @@ -102,19 +103,14 @@ sts[i].st_dev = 0; name_len[i] = strlen (namelist[i]); } -#ifdef FLASK_LINUX - else if (stat_secure(namelist[i],&sts[i], &lsid) < 0) { - perror(namelist[i]); - exit(1); - } -#else /*FLASK_LINUX*/ - else if (stat (namelist[i], &sts[i]) < 0) - { - perror (namelist[i]); - exit (1); - } -#endif /*FLASK_LINUX*/ - } + else { + if (stat (namelist[i], &sts[i]) < 0) + { + perror (namelist[i]); + exit (1); + } + } + } self = getpid (); found = 0; if (!(dir = opendir (PROC_BASE))) @@ -256,37 +252,39 @@ else if (got_long ? strcmp (namelist[j], command) : strncmp (namelist[j], comm, COMM_LEN - 1)) continue; -#ifdef FLASK_LINUX - if ( (int) sid > 0 ) { - if ( stat_secure(path, &st, &lsid) < 0 ) +#ifdef WITH_SELINUX + if ( scontext != NULL ) { + if ( getpidcon(pid_table[i], &lcontext) < 0 ) continue; - if ( lsid != sid ) + if (strcmp(lcontext,scontext)!=0) { + freecon(lcontext); continue; + } + freecon(lcontext); } -#endif /*FLASK_LINUX*/ +#endif /*WITH_SELINUX*/ } else { if (asprintf (&path, PROC_BASE "/%d/exe", pid_table[i]) < 0) continue; -#ifdef FLASK_LINUX - if (stat_secure(path,&st,&lsid) < 0) { - free(path); - continue; - } - if (sts[j].st_dev != st.st_dev || - sts[j].st_ino != st.st_ino || - ((int) sid > 0 && (lsid != sid)) ) { - free(path); - continue; - } -#else /*FLASK_LINUX*/ + if (stat (path, &st) < 0) { free (path); continue; } -#endif /*FLASK_LINUX*/ free (path); +#ifdef WITH_SELINUX + if ( scontext != NULL ) { + if ( getpidcon(pid_table[i], &lcontext) < 0 ) + continue; + if (strcmp(lcontext,scontext)!=0) { + freecon(lcontext); + continue; + } + freecon(lcontext); + } +#endif /*WITH_SELINUX*/ if (sts[j].st_dev != st.st_dev || sts[j].st_ino != st.st_ino) continue; @@ -383,13 +381,16 @@ static void usage_killall (void) { -#ifdef FLASK_LINUX - fprintf(stderr,"Usage: killall [-s sid] [-c context] [ -egiqvw ] [ -signal ] name ...\n"); -#else /*FLASK_LINUX*/ +#ifdef WITH_SELINUX + fprintf(stderr,"Usage: killall [-Z context] [ -egiqvw ] [ -signal ] name ...\n"); +#else /*WITH_SELINUX*/ fprintf (stderr, "usage: killall [ OPTIONS ] [ -- ] name ...\n"); -#endif /*FLASK_LINUX*/ +#endif /*WITH_SELINUX*/ fprintf (stderr, " killall -l, --list\n"); fprintf (stderr, " killall -V --version\n\n"); +#ifdef WITH_SELINUX + fprintf (stderr, " -Z,--context kill only process(es) having scontext\n"); +#endif /*WITH_SELINUX*/ fprintf (stderr, " -e,--exact require exact match for very long names\n"); fprintf (stderr, " -g,--process-group kill process group instead of process\n"); fprintf (stderr, " -i,--interactive ask for confirmation before killing\n"); @@ -399,11 +400,6 @@ fprintf (stderr, " -v,--verbose report if the signal was successfully sent\n"); fprintf (stderr, " -V,--version display version information\n"); fprintf (stderr, " -w,--wait wait for processes to die\n\n"); -#ifdef FLASK_LINUX - fprintf (stderr, " -d,--sid kill only process(es) having sid\n"); - fprintf (stderr, " -c,--context kill only process(es) having scontext\n"); - fprintf(stderr, " (-s, -c are mutually exclusive and must precede other arguments)\n\n"); -#endif /*FLASK_LINUX*/ } @@ -445,18 +441,17 @@ {"signal", 1, NULL, 's'}, {"verbose", 0, NULL, 'v'}, {"wait", 0, NULL, 'w'}, -#ifdef FLASK_LINUX - {"Sid", 1, NULL, 'S'}, +#ifdef WITH_SELINUX {"context", 1, NULL, 'c'}, -#endif /*FLASK_LINUX*/ +#endif /*WITH_SELINUX*/ {"version", 0, NULL, 'V'}, {0,0,0,0 }}; -#ifdef FLASK_LINUX - security_id_t sid = -1; +#ifdef WITH_SELINUX + security_context_t scontext = NULL; if ( argc < 2 ) usage(); /* do the obvious thing... */ -#endif /*FLASK_LINUX*/ +#endif /*WITH_SELINUX*/ name = strrchr (*argv, '/'); if (name) @@ -472,8 +467,8 @@ textdomain(PACKAGE); opterr = 0; -#ifdef FLASK_LINUX - while ( (optc = getopt_long_only(argc,argv,"egilqs:vwd:c:V",options,NULL)) != EOF) { +#ifdef WITH_SELINUX + while ( (optc = getopt_long_only(argc,argv,"egilqs:vwZ:V",options,NULL)) != EOF) { #else while ( (optc = getopt_long_only(argc,argv,"egilqs:vwV",options,NULL)) != EOF) { #endif @@ -517,48 +512,14 @@ print_version(); return 0; break; -#ifdef FLASK_LINUX - case 'd': { - char **buf, *calloc(); - int strlen(), rv; - __u32 len; - security_id_t lsid; - - buf = (char **) calloc(1, strlen(optarg)); - if ( ! buf ) { - (void) fprintf(stderr, "%s: %s\n", name, strerror(errno)); - return( 1 ); - } - - lsid = strtol(optarg, buf, 0); - if ( **buf ) { - (void) fprintf(stderr, "%s: SID (%s) must be numeric\n", name, *argv); - (void) fflush(stderr); - return( 1 ); - } - - sid = (security_id_t) lsid; - /* sanity check */ - len = strlen(optarg); - rv = security_sid_to_context(sid, buf, &len); - if ( rv < 0 && (errno != ENOSPC) ) { - (void) fprintf(stderr, "%s: security_sid_to_context(%d) %s\n", name, (int) sid, strerror(errno)); - (void) fflush(stderr); - free(buf); - return( 1 ); - } - free(buf); - break; - } - case 'c': { - if ( security_context_to_sid(optarg, strlen(optarg)+1, &sid) ) { - (void) fprintf(stderr, "%s: security_context_to_sid(%s): %s\n", - name, optarg, strerror(errno)); - (void) fflush(stderr); - return( 1 ); - } - } -#endif /*FLASK_LINUX*/ +#ifdef WITH_SELINUX + case 'Z': + if( is_selinux_enabled()>0) + scontext=optarg; + else + fprintf(stderr, "Warning: -Z (--context) ignored. Requires an SELinux enabled kernel\n"); + break; +#endif /*WITH_SELINUX*/ case '?': /* Signal names are in uppercase, so check to see if the argv * is upper case */ @@ -590,9 +551,9 @@ } argv = argv + myoptind; /*printf("sending signal %d to procs\n", sig_num);*/ -#ifdef FLASK_LINUX - return kill_all(sig_num,argc - myoptind, argv, sid); -#else /*FLASK_LINUX*/ +#ifdef WITH_SELINUX + return kill_all(sig_num,argc - myoptind, argv, scontext); +#else /*WITH_SELINUX*/ return kill_all(sig_num,argc - myoptind, argv ); -#endif /*FLASK_LINUX*/ +#endif /*WITH_SELINUX*/ } diff -urN psmisc-21.4/src/pstree.c psmisc-21.4-selinux/src/pstree.c --- psmisc-21.4/src/pstree.c 2003-09-26 13:42:43.000000000 +0000 +++ psmisc-21.4-selinux/src/pstree.c 2004-03-23 14:06:16.511358304 +0000 @@ -27,9 +27,9 @@ #include "comm.h" -#ifdef FLASK_LINUX -#include -#endif /*FLASK_LINUX*/ +#ifdef WITH_SELINUX +#include +#endif /*WITH_SELINUX*/ #ifndef MAX_DEPTH #define MAX_DEPTH 100 @@ -58,9 +58,9 @@ int argc; /* with -a : number of arguments, -1 if swapped */ pid_t pid; uid_t uid; -#ifdef FLASK_LINUX - security_id_t sid; -#endif /*FLASK_LINUX*/ +#ifdef WITH_SELINUX + security_context_t scontext; +#endif /*WITH_SELINUX*/ int highlight; struct _child *children; struct _proc *parent; @@ -108,10 +108,9 @@ static int width[MAX_DEPTH], more[MAX_DEPTH]; static int print_args = 0, compact = 1, user_change = 0, pids = 0, by_pid = 0, trunc = 1, wait_end = 0; -#ifdef FLASK_LINUX -static int show_sids = 0; +#ifdef WITH_SELINUX static int show_scontext = 0; -#endif /*FLASK_LINUX*/ +#endif /*WITH_SELINUX*/ static int output_width = 132; static int cur_x = 1; static char last_char = 0; @@ -161,38 +160,16 @@ return digits; } -#ifdef FLASK_LINUX +#ifdef WITH_SELINUX static void -out_sid ( security_id_t sid ) +out_scontext ( security_context_t scontext ) { - if ( (int) sid >= 0 ) - out_int((int) sid); - else - out_string("??"); -} - -static void -out_scontext ( security_id_t sid ) -{ - static char buf[256]; - int security_sid_to_context(); - int len = sizeof(buf); - int rv; - - bzero(buf,256); - - rv = security_sid_to_context((int)sid, buf, &len); - if ( rv ) { - out_string("`??\'"); /* punt */ - } - else { out_string("`"); - out_string(buf); - out_string("\'"); - } + out_string(scontext); + out_string("'"); } -#endif /*FLASK_LINUX*/ - +#endif /*WITH_SELINUX*/ + static void out_newline (void) @@ -216,13 +193,13 @@ return walk; } -#ifdef FLASK_LINUX +#ifdef WITH_SELINUX static PROC * -new_proc(const char *comm, pid_t pid, uid_t uid, security_id_t sid) -#else /*FLASK_LINUX*/ +new_proc(const char *comm, pid_t pid, uid_t uid, security_context_t scontext) +#else /*WITH_SELINUX*/ static PROC * new_proc (const char *comm, pid_t pid, uid_t uid) -#endif /*FLASK_LINUX*/ +#endif /*WITH_SELINUX*/ { PROC *new; @@ -235,9 +212,9 @@ new->pid = pid; new->uid = uid; new->highlight = 0; -#ifdef FLASK_LINUX - new->sid = sid; -#endif /*FLASK_LINUX*/ +#ifdef WITH_SELINUX + new->scontext = scontext; +#endif /*WITH_SELINUX*/ new->children = NULL; new->parent = NULL; new->next = list; @@ -306,24 +283,24 @@ this->argv[i] = start = strchr (start, 0) + 1; } -#ifdef FLASK_LINUX +#ifdef WITH_SELINUX static void add_proc(const char *comm, pid_t pid, pid_t ppid, uid_t uid, - const char *args, int size, security_id_t sid) -#else /*FLASK_LINUX*/ + const char *args, int size, security_context_t scontext) +#else /*WITH_SELINUX*/ static void add_proc (const char *comm, pid_t pid, pid_t ppid, uid_t uid, const char *args, int size) -#endif /*FLASK_LINUX*/ +#endif /*WITH_SELINUX*/ { PROC *this, *parent; if (!(this = find_proc (pid))) -#ifdef FLASK_LINUX - this = new_proc(comm, pid, uid, sid); -#else /*FLASK_LINUX*/ +#ifdef WITH_SELINUX + this = new_proc(comm, pid, uid, scontext); +#else /*WITH_SELINUX*/ this = new_proc (comm, pid, uid); -#endif /*FLASK_LINUX*/ +#endif /*WITH_SELINUX*/ else { strcpy (this->comm, comm); @@ -334,11 +311,11 @@ if (pid == ppid) ppid = 0; if (!(parent = find_proc (ppid))) -#ifdef FLASK_LINUX - parent = new_proc("?", ppid, 0, sid); -#else /*FLASK_LINUX*/ +#ifdef WITH_SELINUX + parent = new_proc("?", ppid, 0, scontext); +#else /*WITH_SELINUX*/ parent = new_proc ("?", ppid, 0); -#endif /*FLASK_LINUX*/ +#endif /*WITH_SELINUX*/ add_child (parent, this); this->parent = parent; } @@ -430,25 +407,17 @@ else (void) out_int (current->uid); } -#ifdef FLASK_LINUX - if ( show_sids ) { - out_char (info++ ? ',' : '('); - out_sid(current->sid); - } +#ifdef WITH_SELINUX if ( show_scontext ) { out_char (info++ ? ',' : '('); - out_scontext(current->sid); + out_scontext(current->scontext); } -#endif /*FLASK_LINUX*/ +#endif /*WITH_SELINUX*/ if ((swapped && print_args && current->argc < 0) || (!swapped && info)) out_char (')'); if (current->highlight && (tmp = tgetstr ("me", NULL))) tputs (tmp, 1, putchar); -#ifdef FLASK_LINUX - if (show_scontext || print_args) -#else /*FLASK_LINUX*/ if (print_args) -#endif /*FLASK_LINUX*/ { for (i = 0; i < current->argc; i++) { @@ -473,20 +442,20 @@ } } } -#ifdef FLASK_LINUX +#ifdef WITH_SELINUX if ( show_scontext || print_args || ! current->children ) -#else /*FLASK_LINUX*/ +#else /*WITH_SELINUX*/ if (print_args || !current->children) -#endif /*FLASK_LINUX*/ +#endif /*WITH_SELINUX*/ { while (closing--) out_char (']'); out_newline (); -#ifdef FLASK_LINUX +#ifdef WITH_SELINUX if ( show_scontext || print_args ) -#else /*FLASK_LINUX*/ +#else /*WITH_SELINUX*/ if (print_args) -#endif /*FLASK_LINUX*/ +#endif /*WITH_SELINUX*/ { more[level] = !last; width[level] = swapped + (comm_len > 1 ? 0 : -1); @@ -576,9 +545,10 @@ pid_t pid, ppid; int fd, size; int empty; -#ifdef FLASK_LINUX - security_id_t sid = -1; -#endif /*FLASK_LINUX*/ +#ifdef WITH_SELINUX + security_context_t scontext = NULL; + int selinux_enabled=is_selinux_enabled()>0; +#endif /*WITH_SELINUX*/ if (!print_args) buffer = NULL; @@ -603,11 +573,15 @@ { empty = 0; sprintf (path, "%s/%d", PROC_BASE, pid); -#ifdef FLASK_LINUX - if (fstat_secure(fileno(file),&st,&sid) < 0) -#else /*FLASK_LINUX*/ +#ifdef WITH_SELINUX + if (selinux_enabled) + if (getpidcon(pid,&scontext) < 0) + { + perror (path); + exit (1); + } +#endif /*WITH_SELINUX*/ if (stat (path, &st) < 0) -#endif /*FLASK_LINUX*/ { perror (path); exit (1); @@ -632,11 +606,11 @@ &ppid) == 4) */ if (!print_args) -#ifdef FLASK_LINUX - add_proc(comm, pid, ppid, st.st_uid, NULL, 0, sid); -#else /*FLASK_LINUX*/ +#ifdef WITH_SELINUX + add_proc(comm, pid, ppid, st.st_uid, NULL, 0, scontext); +#else /*WITH_SELINUX*/ add_proc (comm, pid, ppid, st.st_uid, NULL, 0); -#endif /*FLASK_LINUX*/ +#endif /*WITH_SELINUX*/ else { sprintf (path, "%s/%d/cmdline", PROC_BASE, pid); @@ -653,11 +627,11 @@ (void) close (fd); if (size) buffer[size++] = 0; -#ifdef FLASK_LINUX - add_proc(comm, pid, ppid, st.st_uid, buffer, size, sid); -#else /*FLASK_LINUX*/ +#ifdef WITH_SELINUX + add_proc(comm, pid, ppid, st.st_uid, buffer, size, scontext); +#else /*WITH_SELINUX*/ add_proc (comm, pid, ppid, st.st_uid, buffer, size); -#endif /*FLASK_LINUX*/ +#endif /*WITH_SELINUX*/ } } } @@ -696,11 +670,11 @@ cmd = comm; if (*cmd == '-') cmd++; -#ifdef FLASK_LINUX - add_proc(cmd, pid, ppid, uid, NULL, 0, -1); -#else /*FLASK_LINUX*/ +#ifdef WITH_SELINUX + add_proc(cmd, pid, ppid, uid, NULL, 0, NULL); +#else /*WITH_SELINUX*/ add_proc (cmd, pid, ppid, uid, NULL, 0); -#endif /*FLASK_LINUX*/ +#endif /*WITH_SELINUX*/ } } @@ -722,10 +696,9 @@ fprintf (stderr, _(" -n sort output by PID\n")); fprintf (stderr, _(" -p show PIDs; implies -c\n")); fprintf (stderr, _(" -u show uid transitions\n")); -#ifdef FLASK_LINUX - fprintf (stderr, _(" -s show Flask SIDs\n")); - fprintf (stderr, _(" -x show Flask security contexts\n")); -#endif /*FLASK_LINUX*/ +#ifdef WITH_SELINUX + fprintf (stderr, _(" -Z show SELinux security contexts\n")); +#endif /*WITH_SELINUX*/ fprintf (stderr, _(" -U use UTF-8 (Unicode)) line drawing characters\n")); fprintf (stderr, _(" -V display version information\n")); fprintf (stderr, _(" pid start at pid, default 1 (init))\n")); @@ -771,11 +744,11 @@ } -#ifdef FLASK_LINUX - while ((c = getopt (argc, argv, "acGhH:npluUVsx")) != EOF) -#else /*FLASK_LINUX*/ +#ifdef WITH_SELINUX + while ((c = getopt (argc, argv, "acGhH:npluUVZ")) != EOF) +#else /*WITH_SELINUX*/ while ((c = getopt (argc, argv, "acGhH:npluUV")) != EOF) -#endif /*FLASK_LINUX*/ +#endif /*WITH_SELINUX*/ switch (c) { case 'a': @@ -832,14 +805,14 @@ case 'V': print_version(); return 0; -#ifdef FLASK_LINUX - case 's': - show_sids = 1; - break; - case 'x': - show_scontext = 1; +#ifdef WITH_SELINUX + case 'Z': + if (is_selinux_enabled()>0) + show_scontext = 1; + else + fprintf(stderr, "Warning: -Z ignored. Requires anx SELinux enabled kernel\n"); break; -#endif /*FLASK_LINUX*/ +#endif /*WITH_SELINUX*/ default: usage (); }