Attachment #27938 for bug #45251

View | Details | Raw Unified | Return to bug 45251
Collapse All | Expand All

Lines 74-81 Link Here

(-)psmisc-21.4/Makefile.in (-2 / +3 lines)
74	EGREP = @EGREP@	82	EGREP = @EGREP@
75	EXEEXT = @EXEEXT@	83	EXEEXT = @EXEEXT@
76	F77 = @F77@	84	F77 = @F77@
77	FLASK_LIB = @FLASK_LIB@	85	SELINUX_LIB = @SELINUX_LIB@
78	FLASK_LINUX = @FLASK_LINUX@	86	WITH_SELINUX = @WITH_SELINUX@
79	GCJ = @GCJ@	87	GCJ = @GCJ@
80	GCJFLAGS = @GCJFLAGS@	88	GCJFLAGS = @GCJFLAGS@
81	GENCAT = @GENCAT@	89	GENCAT = @GENCAT@
Lines 110-115 Link Here
110	USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@	117	USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@
111	USE_NLS = @USE_NLS@	118	USE_NLS = @USE_NLS@
112	VERSION = @VERSION@	119	VERSION = @VERSION@
		120	WITH_SELINUX = @WITH_SELINUX@
113	am__include = @am__include@	121	am__include = @am__include@
114	am__quote = @am__quote@	122	am__quote = @am__quote@
115	install_sh = @install_sh@	123	install_sh = @install_sh@

Lines 5-11 Link Here

(-)psmisc-21.4/config.h.in (-1 / +1 lines)
5	#undef ENABLE_NLS	5	#undef ENABLE_NLS
6		6
7	/* Use Security-Enhanced Linux features */	7	/* Use Security-Enhanced Linux features */
8	#undef FLASK_LINUX	8	#undef WITH_SELINUX
9		9
10	/* Define if the GNU dcgettext() function is already present or preinstalled.	10	/* Define if the GNU dcgettext() function is already present or preinstalled.
11	*/	11	*/




# include <unistd.h>
#endif"

ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA PACKAGE VERSION EXEEXT OBJEXT ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO AMTAR install_sh INSTALL_STRIP_PROGRAM AWK SET_MAKE AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH DEPDIR CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC am__include am__quote CCDEPMODE CPP build build_cpu build_vendor build_os host host_cpu host_vendor host_os EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB STRIP ac_ct_STRIP CXX CXXFLAGS ac_ct_CXX CXXDEPMODE CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL WITH_SELINUX SELINUX_LIB TERMCAP_LIB INO_T_IS_LONG_LONG INO_T_IS_INT MKINSTALLDIRS USE_NLS MSGFMT GMSGFMT XGETTEXT MSGMERGE LIBICONV LTLIBICONV INTLLIBS LIBINTL LTLIBINTL POSUB LIBOBJS LTLIBOBJS'
ac_subst_files=''

# Initialize some variables set by options.

  --enable-fast-install[=PKGS]
                          optimize for fast installation [default=yes]
  --disable-libtool-lock  avoid locking (might break parallel builds)
  --enable-selinux  Security-Enhanced Linux features
  --disable-nls           do not use Native Language Support
  --disable-rpath         do not hardcode runtime library paths
  --disable-largefile     omit support for large files




# Check whether --enable-selinux or --disable-selinux was given.
if test "${enable_selinux+set}" = set; then
  enableval="$enable_selinux"

cat >>confdefs.h <<\_ACEOF
#define WITH_SELINUX 1
_ACEOF

	echo "$as_me:$LINENO: checking for getfilecon in -lselinux" >&5
echo $ECHO_N "checking for getfilecon in -lselinux... $ECHO_C" >&6
if test "${ac_cv_lib_selinux_getfilecon+set}" = set; then
  echo $ECHO_N "(cached) $ECHO_C" >&6
else
  ac_check_lib_save_LIBS=$LIBS
LIBS="-lselinux  $LIBS"
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h.  */
_ACEOF

#endif
/* We use char because int might match the return type of a gcc2
   builtin and then its argument prototype would still apply.  */
char getfilecon ();
int
main ()
{
getfilecon ();
  ;
  return 0;
}

  ac_status=$?
  echo "$as_me:$LINENO: \$? = $ac_status" >&5
  (exit $ac_status); }; }; then
  ac_cv_lib_selinux_getfilecon=yes
else
  echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5

ac_cv_lib_selinux_getfilecon=no
fi
rm -f conftest.err conftest.$ac_objext \
      conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
echo "$as_me:$LINENO: result: $ac_cv_lib_selinux_getfilecon" >&5
echo "${ECHO_T}$ac_cv_lib_selinux_getfilecon" >&6
if test $ac_cv_lib_selinux_getfilecon = yes; then
  FLASK_LIB=-lsecure
else
  { { echo "$as_me:$LINENO: error: Cannot find selinux secure static library" >&5
echo "$as_me: error: Cannot find selinux secure static library" >&2;}
   { (exit 1); exit 1; }; }

fi

s,@FFLAGS@,$FFLAGS,;t t
s,@ac_ct_F77@,$ac_ct_F77,;t t
s,@LIBTOOL@,$LIBTOOL,;t t
s,@WITH_SELINUX@,$WITH_SELINUX,;t t
s,@SELINUX_LIB@,$SELINUX_LIB,;t t
s,@TERMCAP_LIB@,$TERMCAP_LIB,;t t
s,@INO_T_IS_LONG_LONG@,$INO_T_IS_LONG_LONG,;t t
s,@INO_T_IS_INT@,$INO_T_IS_INT,;t t




AC_PROG_LIBTOOL

dnl checks for options
AC_SUBST(WITH_SELINUX)
AC_ARG_ENABLE(selinux,[  --enable-selinux  Enable Security-Enhanced Linux features],
	AC_DEFINE([WITH_SELINUX],1,[Use Security-Enhanced Linux features])
	AC_CHECK_LIB(selinux,getfilecon, SELINUX_LIB=-lselinux,
	   AC_MSG_ERROR(Cannot find selinux secure static library)
	)
,)
AC_SUBST(SELINUX_LIB)

dnl Checks for libraries.
AC_CHECK_LIB(ncurses, tgetent, TERMCAP_LIB=-lncurses,

Lines 74-81 Link Here

(-)psmisc-21.4/doc/Makefile.in (-2 / +2 lines)
74	EGREP = @EGREP@	74	EGREP = @EGREP@
75	EXEEXT = @EXEEXT@	75	EXEEXT = @EXEEXT@
76	F77 = @F77@	76	F77 = @F77@
77	FLASK_LIB = @FLASK_LIB@	77	SELINUX_LIB = @SELINUX_LIB@
78	FLASK_LINUX = @FLASK_LINUX@	78	WITH_SELINUX = @WITH_SELINUX@
79	GCJ = @GCJ@	79	GCJ = @GCJ@
80	GCJFLAGS = @GCJFLAGS@	80	GCJFLAGS = @GCJFLAGS@
81	GENCAT = @GENCAT@	81	GENCAT = @GENCAT@




.SH SYNOPSIS
.ad l
.B killall
.RB [ \-d , \-\-sid ]
.RB [ \-c , \-\-context ] 
.RB [ \-e , --exact ]
.RB [ \-g , \-\-process-group ]

any of the killed processes still exist and only returns if none are left.
Note that \fBkillall\fP may wait forever if the signal was ignored, had no
effect, or if the process stays in zombie state.
.IP \fB\-Z\fP
(SELinux Only) Specify security context: kill only processes with given security context.
Must precede other arguments on the command line.
.IP \fB\-c\fP
(Flask only) Specify security context: kill only processes with given security context.
Mutually exclusive with \fB-d\fP.  Must precede other arguments on the command line.
.SH FILES
.nf
/proc	location of the proc file system




.RB [ \-n ]
.RB [ \-p ]
.RB [ \-u ]
.RB [ \-Z ]
.RB [ \-G | \-U ]
.RB [ \fIpid\fB | \fIuser\fB]
.br

with \fBecho -e '\\033%@'\fP
.IP \fB\-V\fP
Display version information.
.IP \fB\-Z\fP
(SELinux) Show security context for each process.
.IP \fB\-x\fP
(Flask) Show security context for each process.
.SH FILES
.nf
/proc	location of the proc file system

Lines 21-26 Link Here

(-)psmisc-21.4/src/Makefile.am (+2 lines)
21		21
22	CLEANFILES = signames.h pstree.x11	22	CLEANFILES = signames.h pstree.x11
23		23
		24	LIBS=-lselinux
		25
24	signames.h: signames.c	26	signames.h: signames.c
25	@CPP@ -dM $< \|\	27	@CPP@ -dM $< \|\
26	tr -s '\t ' ' ' \| sort -n -k 3 \| sed \	28	tr -s '\t ' ' ' \| sort -n -k 3 \| sed \




EGREP = @EGREP@
EXEEXT = @EXEEXT@
F77 = @F77@
SELINUX_LIB = @SELINUX_LIB@
WITH_SELINUX = @WITH_SELINUX@
GCJ = @GCJ@
GCJFLAGS = @GCJFLAGS@
GENCAT = @GENCAT@


killall_SOURCES = killall.c comm.h signals.c signals.h signames.h

killall_LDADD = @SELINUX_LIB@

pstree_SOURCES = pstree.c comm.h

pstree_LDADD = @TERMCAP_LIB@ @SELINUX_LIB@

BUILT_SOURCES = signames.h


DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)
CPPFLAGS = @CPPFLAGS@
LDFLAGS = @LDFLAGS@
LIBS = @LIBS@ -lselinux 
depcomp = $(SHELL) $(top_srcdir)/depcomp
@AMDEP_TRUE@DEP_FILES = $(DEPDIR)/fuser.Po $(DEPDIR)/killall.Po \
@AMDEP_TRUE@	$(DEPDIR)/pstree.Po $(DEPDIR)/signals.Po




#include <sys/types.h>
#include <sys/stat.h>
#include <getopt.h>

#ifdef WITH_SELINUX
#include <selinux/selinux.h>
#endif /*WITH_SELINUX*/

#include <libintl.h>
#include <locale.h>
#define _(String) gettext (String)

  return ch == 'y' || ch == 'Y';
}

#ifdef WITH_SELINUX
static int
kill_all(int signal, int names, char **namelist, security_context_t scontext )
#else  /*WITH_SELINUX*/
static int
kill_all (int signal, int names, char **namelist)
#endif /*WITH_SELINUX*/
{
  DIR *dir;
  struct dirent *de;

  int empty, i, j, okay, length, got_long, error;
  int pids, max_pids, pids_killed;
  unsigned long found;
#ifdef WITH_SELINUX
  security_context_t lcontext=NULL;

  if ( names == 0 || ! namelist ) exit( 1 ); /* do the obvious thing...*/
#endif /*WITH_SELINUX*/

  if (!(name_len = malloc (sizeof (int) * names)))
    {

	sts[i].st_dev = 0;
	name_len[i] = strlen (namelist[i]);
      }
    else {
      if (stat (namelist[i], &sts[i]) < 0)
	{
	  perror (namelist[i]);
	  exit (1);
	}
    }
  } 
	perror (namelist[i]);
	exit (1);
      }
#endif /*FLASK_LINUX*/
   } 
  self = getpid ();
  found = 0;
  if (!(dir = opendir (PROC_BASE)))

	      else if (got_long ? strcmp (namelist[j], command) :
		       strncmp (namelist[j], comm, COMM_LEN - 1))
		continue;
#ifdef WITH_SELINUX
              if ( scontext != NULL ) {
                if ( getpidcon(pid_table[i], &lcontext) < 0 )
                  continue;
                if (strcmp(lcontext,scontext)!=0) {
		  freecon(lcontext);
                  continue;
		}
		freecon(lcontext);
              }
#endif /*WITH_SELINUX*/
	    }
	  else
	    {
	      if (asprintf (&path, PROC_BASE "/%d/exe", pid_table[i]) < 0)
		continue;

          if (stat_secure(path,&st,&lsid) < 0) {
            free(path);
            continue;
          }
          if (sts[j].st_dev != st.st_dev ||
              sts[j].st_ino != st.st_ino ||
              ((int) sid > 0 && (lsid != sid)) ) {
            free(path);
            continue;
          }
#else  /*FLASK_LINUX*/
	      if (stat (path, &st) < 0) {
		    free (path);
		    continue;
	      }
#endif /*FLASK_LINUX*/
	      free (path);
#ifdef WITH_SELINUX
              if ( scontext != NULL ) {
                if ( getpidcon(pid_table[i], &lcontext) < 0 )
                  continue;
                if (strcmp(lcontext,scontext)!=0) {
		  freecon(lcontext);
                  continue;
		}
		freecon(lcontext);
              }
#endif /*WITH_SELINUX*/

	      if (sts[j].st_dev != st.st_dev || sts[j].st_ino != st.st_ino)
		continue;

static void
usage_killall (void)
{
#ifdef WITH_SELINUX
  fprintf(stderr,"Usage: killall [-Z context] [ -egiqvw ] [ -signal ] name ...\n");
#else  /*WITH_SELINUX*/
  fprintf (stderr, "usage: killall [ OPTIONS ] [ -- ] name ...\n");
#endif /*WITH_SELINUX*/
  fprintf (stderr, "       killall -l, --list\n");
  fprintf (stderr, "       killall -V --version\n\n");
#ifdef WITH_SELINUX
  fprintf (stderr, "  -Z,--context        kill only process(es) having scontext\n");
#endif /*WITH_SELINUX*/
  fprintf (stderr, "  -e,--exact          require exact match for very long names\n");
  fprintf (stderr, "  -g,--process-group  kill process group instead of process\n");
  fprintf (stderr, "  -i,--interactive    ask for confirmation before killing\n");

  fprintf (stderr, "  -v,--verbose        report if the signal was successfully sent\n");
  fprintf (stderr, "  -V,--version        display version information\n");
  fprintf (stderr, "  -w,--wait           wait for processes to die\n\n");
#ifdef FLASK_LINUX
  fprintf (stderr, "  -d,--sid            kill only process(es) having sid\n");
  fprintf (stderr, "  -c,--context        kill only process(es) having scontext\n");
  fprintf(stderr, "   (-s, -c are mutually exclusive and must precede other arguments)\n\n");
#endif /*FLASK_LINUX*/
}



    {"signal", 1, NULL, 's'},
    {"verbose", 0, NULL, 'v'},
    {"wait", 0, NULL, 'w'},
#ifdef WITH_SELINUX
    {"Sid", 1, NULL, 'S'},
    {"context", 1, NULL, 'c'},
#endif /*WITH_SELINUX*/
    {"version", 0, NULL, 'V'},
    {0,0,0,0 }};

#ifdef WITH_SELINUX
  security_context_t scontext = NULL;

  if ( argc < 2 ) usage(); /* do the obvious thing... */
#endif /*WITH_SELINUX*/

  name = strrchr (*argv, '/');
  if (name)

  textdomain(PACKAGE);

  opterr = 0;
#ifdef WITH_SELINUX
  while ( (optc = getopt_long_only(argc,argv,"egilqs:vwZ:V",options,NULL)) != EOF) {
#else
  while ( (optc = getopt_long_only(argc,argv,"egilqs:vwV",options,NULL)) != EOF) {
#endif

        print_version();
        return 0;
        break;
#ifdef WITH_SELINUX
	case 'Z': 
	  if( is_selinux_enabled()>0) 
	    scontext=optarg;
	  else 
	    fprintf(stderr, "Warning: -Z (--context) ignored. Requires an SELinux enabled kernel\n");
	  break;
#endif /*WITH_SELINUX*/
          if ( ! buf ) {
             (void) fprintf(stderr, "%s: %s\n", name, strerror(errno));
             return( 1 );
          }

	  lsid = strtol(optarg, buf, 0);
          if ( **buf ) {
              (void) fprintf(stderr, "%s: SID (%s) must be numeric\n", name, *argv);
              (void) fflush(stderr);
              return( 1 );
          }

          sid = (security_id_t) lsid;
          /* sanity check */
          len = strlen(optarg);
          rv = security_sid_to_context(sid, buf, &len);
          if ( rv < 0 && (errno != ENOSPC) ) {
              (void) fprintf(stderr, "%s: security_sid_to_context(%d) %s\n", name, (int) sid, strerror(errno));
              (void) fflush(stderr);
              free(buf);
              return( 1 );
          }
          free(buf);
          break;
      }
      case 'c': {
          if ( security_context_to_sid(optarg, strlen(optarg)+1, &sid) ) {
              (void) fprintf(stderr, "%s: security_context_to_sid(%s): %s\n",
                     name, optarg, strerror(errno));
              (void) fflush(stderr);
              return( 1 );
          }
      }
#endif /*FLASK_LINUX*/
      case '?':
        /* Signal names are in uppercase, so check to see if the argv
         * is upper case */

    }
  argv = argv + myoptind;
  /*printf("sending signal %d to procs\n", sig_num);*/
#ifdef WITH_SELINUX
  return kill_all(sig_num,argc - myoptind, argv, scontext);
#else  /*WITH_SELINUX*/
  return kill_all(sig_num,argc - myoptind, argv );
#endif /*WITH_SELINUX*/
}





#include "comm.h"

#ifdef WITH_SELINUX
#include <selinux/selinux.h>
#endif /*WITH_SELINUX*/

#ifndef MAX_DEPTH
#define MAX_DEPTH    100

  int argc;			/* with -a   : number of arguments, -1 if swapped    */
  pid_t pid;
  uid_t uid;
#ifdef WITH_SELINUX
  security_context_t scontext;
#endif /*WITH_SELINUX*/
  int highlight;
  struct _child *children;
  struct _proc *parent;

static int width[MAX_DEPTH], more[MAX_DEPTH];
static int print_args = 0, compact = 1, user_change = 0, pids = 0, by_pid = 0,
  trunc = 1, wait_end = 0;
#ifdef WITH_SELINUX
static int show_sids    = 0;
static int show_scontext = 0;
#endif /*WITH_SELINUX*/
static int output_width = 132;
static int cur_x = 1;
static char last_char = 0;

  return digits;
}

#ifdef WITH_SELINUX
static void 
out_scontext ( security_context_t scontext )
{
  if ( (int) sid >= 0 )
    out_int((int) sid);
  else
    out_string("??");
}

static void 
out_scontext ( security_id_t sid )
{
  static char buf[256];
  int security_sid_to_context();
  int len = sizeof(buf);
  int rv;

  bzero(buf,256);

  rv = security_sid_to_context((int)sid, buf, &len);
  if ( rv ) {
    out_string("`??\'"); /* punt */
  }
  else {
    out_string("`");
    out_string(scontext);
    out_string("'");
  }
}
#endif /*WITH_SELINUX*/
  

static void
out_newline (void)

  return walk;
}

#ifdef WITH_SELINUX
static PROC *
new_proc(const char *comm, pid_t pid, uid_t uid, security_context_t scontext)
#else  /*WITH_SELINUX*/
static PROC *
new_proc (const char *comm, pid_t pid, uid_t uid)
#endif /*WITH_SELINUX*/
{
  PROC *new;


  new->pid = pid;
  new->uid = uid;
  new->highlight = 0;
#ifdef WITH_SELINUX
  new->scontext = scontext;
#endif /*WITH_SELINUX*/
  new->children = NULL;
  new->parent = NULL;
  new->next = list;

    this->argv[i] = start = strchr (start, 0) + 1;
}

#ifdef WITH_SELINUX
static void
add_proc(const char *comm, pid_t pid, pid_t ppid, uid_t uid,
         const char *args, int size, security_context_t scontext)
#else  /*WITH_SELINUX*/
static void
add_proc (const char *comm, pid_t pid, pid_t ppid, uid_t uid,
	  const char *args, int size)
#endif /*WITH_SELINUX*/
{
  PROC *this, *parent;

  if (!(this = find_proc (pid)))
#ifdef WITH_SELINUX
    this = new_proc(comm, pid, uid, scontext);
#else  /*WITH_SELINUX*/
    this = new_proc (comm, pid, uid);
#endif /*WITH_SELINUX*/
  else
    {
      strcpy (this->comm, comm);

  if (pid == ppid)
    ppid = 0;
  if (!(parent = find_proc (ppid)))
#ifdef WITH_SELINUX
    parent = new_proc("?", ppid, 0, scontext);
#else  /*WITH_SELINUX*/
    parent = new_proc ("?", ppid, 0);
#endif /*WITH_SELINUX*/
  add_child (parent, this);
  this->parent = parent;
}

      else
	(void) out_int (current->uid);
    }
#ifdef WITH_SELINUX
  if ( show_sids ) {
    out_char (info++ ? ',' : '(');
    out_sid(current->sid);
  }
  if ( show_scontext ) {
    out_char (info++ ? ',' : '(');
    out_scontext(current->scontext);
  }
#endif /*WITH_SELINUX*/
  if ((swapped && print_args && current->argc < 0) || (!swapped && info))
    out_char (')');
  if (current->highlight && (tmp = tgetstr ("me", NULL)))
    tputs (tmp, 1, putchar);
#ifdef FLASK_LINUX
  if (show_scontext || print_args)
#else  /*FLASK_LINUX*/
  if (print_args)
#endif /*FLASK_LINUX*/
    {
      for (i = 0; i < current->argc; i++)
	{

	    }
	}
    }
#ifdef WITH_SELINUX
  if ( show_scontext || print_args || ! current->children )
#else  /*WITH_SELINUX*/
  if (print_args || !current->children)
#endif /*WITH_SELINUX*/
    {
      while (closing--)
	out_char (']');
      out_newline ();
#ifdef WITH_SELINUX
      if ( show_scontext || print_args )
#else /*WITH_SELINUX*/
      if (print_args)
#endif /*WITH_SELINUX*/
	{
	  more[level] = !last;
	  width[level] = swapped + (comm_len > 1 ? 0 : -1);

  pid_t pid, ppid;
  int fd, size;
  int empty;
#ifdef WITH_SELINUX
  security_context_t scontext = NULL;
  int selinux_enabled=is_selinux_enabled()>0;
#endif /*WITH_SELINUX*/

  if (!print_args)
    buffer = NULL;

	  {
	    empty = 0;
	    sprintf (path, "%s/%d", PROC_BASE, pid);
#ifdef WITH_SELINUX
	    if (selinux_enabled)
	      if (getpidcon(pid,&scontext) < 0)
		{
		  perror (path);
		  exit (1);
		}
#endif /*WITH_SELINUX*/
            if (stat (path, &st) < 0)
#endif /*FLASK_LINUX*/
	    {
		perror (path);
		exit (1);

		 &ppid) == 4)
 */
		if (!print_args)
#ifdef WITH_SELINUX
		  add_proc(comm, pid, ppid, st.st_uid, NULL, 0, scontext);
#else  /*WITH_SELINUX*/
		  add_proc (comm, pid, ppid, st.st_uid, NULL, 0);
#endif /*WITH_SELINUX*/
		else
		  {
		    sprintf (path, "%s/%d/cmdline", PROC_BASE, pid);

		    (void) close (fd);
		    if (size)
		      buffer[size++] = 0;
#ifdef WITH_SELINUX
		    add_proc(comm, pid, ppid, st.st_uid, buffer, size, scontext);
#else  /*WITH_SELINUX*/
		    add_proc (comm, pid, ppid, st.st_uid, buffer, size);
#endif /*WITH_SELINUX*/
		  }
		}
	      }

	cmd = comm;
      if (*cmd == '-')
	cmd++;
#ifdef WITH_SELINUX
      add_proc(cmd, pid, ppid, uid, NULL, 0, NULL);
#else  /*WITH_SELINUX*/
      add_proc (cmd, pid, ppid, uid, NULL, 0);
#endif /*WITH_SELINUX*/
    }
}


  fprintf (stderr, _("    -n     sort output by PID\n"));
  fprintf (stderr, _("    -p     show PIDs; implies -c\n"));
  fprintf (stderr, _("    -u     show uid transitions\n"));
#ifdef WITH_SELINUX
  fprintf (stderr, _("    -Z     show SELinux security contexts\n"));
#endif /*WITH_SELINUX*/
#endif /*FLASK_LINUX*/
  fprintf (stderr, _("    -U     use UTF-8 (Unicode)) line drawing characters\n"));
  fprintf (stderr, _("    -V     display version information\n"));
  fprintf (stderr, _("    pid    start at pid, default 1 (init))\n"));

  }


#ifdef WITH_SELINUX
  while ((c = getopt (argc, argv, "acGhH:npluUVZ")) != EOF)
#else  /*WITH_SELINUX*/
  while ((c = getopt (argc, argv, "acGhH:npluUV")) != EOF)
#endif /*WITH_SELINUX*/
    switch (c)
      {
      case 'a':

      case 'V':
      print_version();
	return 0;
#ifdef WITH_SELINUX
      case 'Z':
	if (is_selinux_enabled()>0)
	  show_scontext = 1;
	else
	  fprintf(stderr, "Warning: -Z ignored. Requires anx SELinux enabled kernel\n");
        break;
#endif /*WITH_SELINUX*/
      default:
	usage ();
      }

Return to bug 45251

Lines 463-469 Link Here

(-)psmisc-21.4/configure (-21 / +21 lines)
463	# include <unistd.h>	463	# include <unistd.h>
464	#endif"	464	#endif"
465		465
466	ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA PACKAGE VERSION EXEEXT OBJEXT ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO AMTAR install_sh INSTALL_STRIP_PROGRAM AWK SET_MAKE AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH DEPDIR CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC am__include am__quote CCDEPMODE CPP build build_cpu build_vendor build_os host host_cpu host_vendor host_os EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB STRIP ac_ct_STRIP CXX CXXFLAGS ac_ct_CXX CXXDEPMODE CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL FLASK_LINUX FLASK_LIB TERMCAP_LIB INO_T_IS_LONG_LONG INO_T_IS_INT MKINSTALLDIRS USE_NLS MSGFMT GMSGFMT XGETTEXT MSGMERGE LIBICONV LTLIBICONV INTLLIBS LIBINTL LTLIBINTL POSUB LIBOBJS LTLIBOBJS'	466	ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA PACKAGE VERSION EXEEXT OBJEXT ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO AMTAR install_sh INSTALL_STRIP_PROGRAM AWK SET_MAKE AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH DEPDIR CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC am__include am__quote CCDEPMODE CPP build build_cpu build_vendor build_os host host_cpu host_vendor host_os EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB STRIP ac_ct_STRIP CXX CXXFLAGS ac_ct_CXX CXXDEPMODE CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL WITH_SELINUX SELINUX_LIB TERMCAP_LIB INO_T_IS_LONG_LONG INO_T_IS_INT MKINSTALLDIRS USE_NLS MSGFMT GMSGFMT XGETTEXT MSGMERGE LIBICONV LTLIBICONV INTLLIBS LIBINTL LTLIBINTL POSUB LIBOBJS LTLIBOBJS'
467	ac_subst_files=''	467	ac_subst_files=''
468		468
469	# Initialize some variables set by options.	469	# Initialize some variables set by options.
Lines 1032-1038 Link Here
1032	--enable-fast-install[=PKGS]	1032	--enable-fast-install[=PKGS]
1033	optimize for fast installation [default=yes]	1033	optimize for fast installation [default=yes]
1034	--disable-libtool-lock avoid locking (might break parallel builds)	1034	--disable-libtool-lock avoid locking (might break parallel builds)
1035	--enable-flask Enable Security-Enhanced Linux features	1035	--enable-selinux Security-Enhanced Linux features
1036	--disable-nls do not use Native Language Support	1036	--disable-nls do not use Native Language Support
1037	--disable-rpath do not hardcode runtime library paths	1037	--disable-rpath do not hardcode runtime library paths
1038	--disable-largefile omit support for large files	1038	--disable-largefile omit support for large files
Lines 18822-18842 Link Here
18822		18822
18823		18823
18824		18824
18825	# Check whether --enable-flask or --disable-flask was given.	18825	# Check whether --enable-selinux or --disable-selinux was given.
18826	if test "${enable_flask+set}" = set; then	18826	if test "${enable_selinux+set}" = set; then
18827	enableval="$enable_flask"	18827	enableval="$enable_selinux"
18828		18828
18829	cat >>confdefs.h <<\_ACEOF	18829	cat >>confdefs.h <<\_ACEOF
18830	#define FLASK_LINUX 1	18830	#define WITH_SELINUX 1
18831	_ACEOF	18831	_ACEOF
18832		18832
18833	echo "$as_me:$LINENO: checking for avc_toggle in -lsecure" >&5	18833	echo "$as_me:$LINENO: checking for getfilecon in -lselinux" >&5
18834	echo $ECHO_N "checking for avc_toggle in -lsecure... $ECHO_C" >&6	18834	echo $ECHO_N "checking for getfilecon in -lselinux... $ECHO_C" >&6
18835	if test "${ac_cv_lib_secure_avc_toggle+set}" = set; then	18835	if test "${ac_cv_lib_selinux_getfilecon+set}" = set; then
18836	echo $ECHO_N "(cached) $ECHO_C" >&6	18836	echo $ECHO_N "(cached) $ECHO_C" >&6
18837	else	18837	else
18838	ac_check_lib_save_LIBS=$LIBS	18838	ac_check_lib_save_LIBS=$LIBS
18839	LIBS="-lsecure $LIBS"	18839	LIBS="-lselinux $LIBS"
18840	cat >conftest.$ac_ext <<_ACEOF	18840	cat >conftest.$ac_ext <<_ACEOF
18841	/* confdefs.h. */	18841	/* confdefs.h. */
18842	_ACEOF	18842	_ACEOF
Lines 18850-18860 Link Here
18850	#endif	18850	#endif
18851	/* We use char because int might match the return type of a gcc2	18851	/* We use char because int might match the return type of a gcc2
18852	builtin and then its argument prototype would still apply. */	18852	builtin and then its argument prototype would still apply. */
18853	char avc_toggle ();	18853	char getfilecon ();
18854	int	18854	int
18855	main ()	18855	main ()
18856	{	18856	{
18857	avc_toggle ();	18857	getfilecon ();
18858	;	18858	;
18859	return 0;	18859	return 0;
18860	}	18860	}
Lines 18880-18903 Link Here
18880	ac_status=$?	18880	ac_status=$?
18881	echo "$as_me:$LINENO: \$? = $ac_status" >&5	18881	echo "$as_me:$LINENO: \$? = $ac_status" >&5
18882	(exit $ac_status); }; }; then	18882	(exit $ac_status); }; }; then
18883	ac_cv_lib_secure_avc_toggle=yes	18883	ac_cv_lib_selinux_getfilecon=yes
18884	else	18884	else
18885	echo "$as_me: failed program was:" >&5	18885	echo "$as_me: failed program was:" >&5
18886	sed 's/^/\| /' conftest.$ac_ext >&5	18886	sed 's/^/\| /' conftest.$ac_ext >&5
18887		18887
18888	ac_cv_lib_secure_avc_toggle=no	18888	ac_cv_lib_selinux_getfilecon=no
18889	fi	18889	fi
18890	rm -f conftest.err conftest.$ac_objext \	18890	rm -f conftest.err conftest.$ac_objext \
18891	conftest$ac_exeext conftest.$ac_ext	18891	conftest$ac_exeext conftest.$ac_ext
18892	LIBS=$ac_check_lib_save_LIBS	18892	LIBS=$ac_check_lib_save_LIBS
18893	fi	18893	fi
18894	echo "$as_me:$LINENO: result: $ac_cv_lib_secure_avc_toggle" >&5	18894	echo "$as_me:$LINENO: result: $ac_cv_lib_selinux_getfilecon" >&5
18895	echo "${ECHO_T}$ac_cv_lib_secure_avc_toggle" >&6	18895	echo "${ECHO_T}$ac_cv_lib_selinux_getfilecon" >&6
18896	if test $ac_cv_lib_secure_avc_toggle = yes; then	18896	if test $ac_cv_lib_selinux_getfilecon = yes; then
18897	FLASK_LIB=-lsecure	18897	FLASK_LIB=-lsecure
18898	else	18898	else
18899	{ { echo "$as_me:$LINENO: error: Cannot find selinux/ secure static library" >&5	18899	{ { echo "$as_me:$LINENO: error: Cannot find selinux secure static library" >&5
18900	echo "$as_me: error: Cannot find selinux/ secure static library" >&2;}	18900	echo "$as_me: error: Cannot find selinux secure static library" >&2;}
18901	{ (exit 1); exit 1; }; }	18901	{ (exit 1); exit 1; }; }
18902		18902
18903	fi	18903	fi
Lines 24618-24625 Link Here
24618	s,@FFLAGS@,$FFLAGS,;t t	24618	s,@FFLAGS@,$FFLAGS,;t t
24619	s,@ac_ct_F77@,$ac_ct_F77,;t t	24619	s,@ac_ct_F77@,$ac_ct_F77,;t t
24620	s,@LIBTOOL@,$LIBTOOL,;t t	24620	s,@LIBTOOL@,$LIBTOOL,;t t
24621	s,@FLASK_LINUX@,$FLASK_LINUX,;t t	24621	s,@WITH_SELINUX@,$WITH_SELINUX,;t t
24622	s,@FLASK_LIB@,$FLASK_LIB,;t t	24622	s,@SELINUX_LIB@,$SELINUX_LIB,;t t
24623	s,@TERMCAP_LIB@,$TERMCAP_LIB,;t t	24623	s,@TERMCAP_LIB@,$TERMCAP_LIB,;t t
24624	s,@INO_T_IS_LONG_LONG@,$INO_T_IS_LONG_LONG,;t t	24624	s,@INO_T_IS_LONG_LONG@,$INO_T_IS_LONG_LONG,;t t
24625	s,@INO_T_IS_INT@,$INO_T_IS_INT,;t t	24625	s,@INO_T_IS_INT@,$INO_T_IS_INT,;t t

Lines 10-23 Link Here

(-)psmisc-21.4/configure.in (-6 / +6 lines)
10	AC_PROG_LIBTOOL	10	AC_PROG_LIBTOOL
11		11
12	dnl checks for options	12	dnl checks for options
13	AC_SUBST(FLASK_LINUX)	13	AC_SUBST(WITH_SELINUX)
14	AC_ARG_ENABLE(flask,[ --enable-flask Enable Security-Enhanced Linux features],	14	AC_ARG_ENABLE(selinux,[ --enable-selinux Enable Security-Enhanced Linux features],
15	AC_DEFINE([FLASK_LINUX],1,[Use Security-Enhanced Linux features])	15	AC_DEFINE([WITH_SELINUX],1,[Use Security-Enhanced Linux features])
16	AC_CHECK_LIB(secure, avc_toggle, FLASK_LIB=-lsecure,	16	AC_CHECK_LIB(selinux,getfilecon, SELINUX_LIB=-lselinux,
17	AC_MSG_ERROR(Cannot find selinux/ secure static library)	17	AC_MSG_ERROR(Cannot find selinux secure static library)
18	)	18	)
19	,)	19	,)
20	AC_SUBST(FLASK_LIB)	20	AC_SUBST(SELINUX_LIB)
21		21
22	dnl Checks for libraries.	22	dnl Checks for libraries.
23	AC_CHECK_LIB(ncurses, tgetent, TERMCAP_LIB=-lncurses,	23	AC_CHECK_LIB(ncurses, tgetent, TERMCAP_LIB=-lncurses,

Lines 4-10 Link Here

(-)psmisc-21.4/doc/killall.1 (-7 / +3 lines)
4	.SH SYNOPSIS	4	.SH SYNOPSIS
5	.ad l	5	.ad l
6	.B killall	6	.B killall
7	.RB [ \-d , \-\-sid ]
8	.RB [ \-c , \-\-context ]	7	.RB [ \-c , \-\-context ]
9	.RB [ \-e , --exact ]	8	.RB [ \-e , --exact ]
10	.RB [ \-g , \-\-process-group ]	9	.RB [ \-g , \-\-process-group ]
Lines 67-78 Link Here
67	any of the killed processes still exist and only returns if none are left.	66	any of the killed processes still exist and only returns if none are left.
68	Note that \fBkillall\fP may wait forever if the signal was ignored, had no	67	Note that \fBkillall\fP may wait forever if the signal was ignored, had no
69	effect, or if the process stays in zombie state.	68	effect, or if the process stays in zombie state.
70	.IP \fB\-d\fP	69	.IP \fB\-Z\fP
71	(Flask only) Specify SID: kill only processes with given SID. Mutually exclusive	70	(SELinux Only) Specify security context: kill only processes with given security context.
72	with \fB-c\fP argument. Must precede other arguments on command line.	71	Must precede other arguments on the command line.
73	.IP \fB\-c\fP
74	(Flask only) Specify security context: kill only processes with given security context.
75	Mutually exclusive with \fB-d\fP. Must precede other arguments on the command line.
76	.SH FILES	72	.SH FILES
77	.nf	73	.nf
78	/proc location of the proc file system	74	/proc location of the proc file system

Lines 11-16 Link Here

(-)psmisc-21.4/doc/pstree.1 (-4 / +3 lines)
11	.RB [ \-n ]	11	.RB [ \-n ]
12	.RB [ \-p ]	12	.RB [ \-p ]
13	.RB [ \-u ]	13	.RB [ \-u ]
		14	.RB [ \-Z ]
14	.RB [ \-G \| \-U ]	15	.RB [ \-G \| \-U ]
15	.RB [ \fIpid\fB \| \fIuser\fB]	16	.RB [ \fIpid\fB \| \fIuser\fB]
16	.br	17	.br
Lines 79-88 Link Here
79	with \fBecho -e '\\033%@'\fP	80	with \fBecho -e '\\033%@'\fP
80	.IP \fB\-V\fP	81	.IP \fB\-V\fP
81	Display version information.	82	Display version information.
82	.IP \fB\-s\fP	83	.IP \fB\-Z\fP
83	(Flask) Show Security ID (SID) for each process.	84	(SELinux) Show security context for each process.
84	.IP \fB\-x\fP
85	(Flask) Show security context for each process.
86	.SH FILES	85	.SH FILES
87	.nf	86	.nf
88	/proc location of the proc file system	87	/proc location of the proc file system

Lines 74-81 Link Here

(-)psmisc-21.4/src/Makefile.in (-5 / +5 lines)
74	EGREP = @EGREP@	74	EGREP = @EGREP@
75	EXEEXT = @EXEEXT@	75	EXEEXT = @EXEEXT@
76	F77 = @F77@	76	F77 = @F77@
77	FLASK_LIB = @FLASK_LIB@	77	SELINUX_LIB = @SELINUX_LIB@
78	FLASK_LINUX = @FLASK_LINUX@	78	WITH_SELINUX = @WITH_SELINUX@
79	GCJ = @GCJ@	79	GCJ = @GCJ@
80	GCJFLAGS = @GCJFLAGS@	80	GCJFLAGS = @GCJFLAGS@
81	GENCAT = @GENCAT@	81	GENCAT = @GENCAT@
Lines 124-134 Link Here
124		124
125	killall_SOURCES = killall.c comm.h signals.c signals.h signames.h	125	killall_SOURCES = killall.c comm.h signals.c signals.h signames.h
126		126
127	killall_LDADD = @FLASK_LIB@	127	killall_LDADD = @SELINUX_LIB@
128		128
129	pstree_SOURCES = pstree.c comm.h	129	pstree_SOURCES = pstree.c comm.h
130		130
131	pstree_LDADD = @TERMCAP_LIB@ @FLASK_LIB@	131	pstree_LDADD = @TERMCAP_LIB@ @SELINUX_LIB@
132		132
133	BUILT_SOURCES = signames.h	133	BUILT_SOURCES = signames.h
134		134
Lines 162-168 Link Here
162	DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)	162	DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)
163	CPPFLAGS = @CPPFLAGS@	163	CPPFLAGS = @CPPFLAGS@
164	LDFLAGS = @LDFLAGS@	164	LDFLAGS = @LDFLAGS@
165	LIBS = @LIBS@	165	LIBS = @LIBS@ -lselinux
166	depcomp = $(SHELL) $(top_srcdir)/depcomp	166	depcomp = $(SHELL) $(top_srcdir)/depcomp
167	@AMDEP_TRUE@DEP_FILES = $(DEPDIR)/fuser.Po $(DEPDIR)/killall.Po \	167	@AMDEP_TRUE@DEP_FILES = $(DEPDIR)/fuser.Po $(DEPDIR)/killall.Po \
168	@AMDEP_TRUE@ $(DEPDIR)/pstree.Po $(DEPDIR)/signals.Po	168	@AMDEP_TRUE@ $(DEPDIR)/pstree.Po $(DEPDIR)/signals.Po

Lines 21-30 Link Here

(-)psmisc-21.4/src/killall.c (-105 / +66 lines)
21	#include <sys/types.h>	21	#include <sys/types.h>
22	#include <sys/stat.h>	22	#include <sys/stat.h>
23	#include <getopt.h>	23	#include <getopt.h>
24	#ifdef FLASK_LINUX	24
25	#include <selinux/fs_secure.h>	25	#ifdef WITH_SELINUX
26	#include <selinux/ss.h>	26	#include <selinux/selinux.h>
27	#endif /FLASK_LINUX/	27	#endif /WITH_SELINUX/
		28
28	#include <libintl.h>	29	#include <libintl.h>
29	#include <locale.h>	30	#include <locale.h>
30	#define _(String) gettext (String)	31	#define _(String) gettext (String)
Lines 64-76 Link Here
64	return ch == 'y' \|\| ch == 'Y';	65	return ch == 'y' \|\| ch == 'Y';
65	}	66	}
66		67
67	#ifdef FLASK_LINUX	68	#ifdef WITH_SELINUX
68	static int	69	static int
69	kill_all(int signal, int names, char **namelist, security_id_t sid )	70	kill_all(int signal, int names, char **namelist, security_context_t scontext )
70	#else /FLASK_LINUX/	71	#else /WITH_SELINUX/
71	static int	72	static int
72	kill_all (int signal, int names, char **namelist)	73	kill_all (int signal, int names, char **namelist)
73	#endif /FLASK_LINUX/	74	#endif /WITH_SELINUX/
74	{	75	{
75	DIR *dir;	76	DIR *dir;
76	struct dirent *de;	77	struct dirent *de;
Lines 85-95 Link Here
85	int empty, i, j, okay, length, got_long, error;	86	int empty, i, j, okay, length, got_long, error;
86	int pids, max_pids, pids_killed;	87	int pids, max_pids, pids_killed;
87	unsigned long found;	88	unsigned long found;
88	#ifdef FLASK_LINUX	89	#ifdef WITH_SELINUX
89	security_id_t lsid;	90	security_context_t lcontext=NULL;
90		91
91	if ( names == 0 \|\| ! namelist ) exit( 1 ); /* do the obvious thing...*/	92	if ( names == 0 \|\| ! namelist ) exit( 1 ); /* do the obvious thing...*/
92	#endif /FLASK_LINUX/	93	#endif /WITH_SELINUX/
93		94
94	if (!(name_len = malloc (sizeof (int) * names)))	95	if (!(name_len = malloc (sizeof (int) * names)))
95	{	96	{
Lines 102-120 Link Here
102	sts[i].st_dev = 0;	103	sts[i].st_dev = 0;
103	name_len[i] = strlen (namelist[i]);	104	name_len[i] = strlen (namelist[i]);
104	}	105	}
105	#ifdef FLASK_LINUX	106	else {
106	else if (stat_secure(namelist[i],&sts[i], &lsid) < 0) {	107	if (stat (namelist[i], &sts[i]) < 0)
107	perror(namelist[i]);	108	{
108	exit(1);	109	perror (namelist[i]);
109	}	110	exit (1);
110	#else /FLASK_LINUX/	111	}
111	else if (stat (namelist[i], &sts[i]) < 0)	112	}
112	{	113	}
113	perror (namelist[i]);
114	exit (1);
115	}
116	#endif /FLASK_LINUX/
117	}
118	self = getpid ();	114	self = getpid ();
119	found = 0;	115	found = 0;
120	if (!(dir = opendir (PROC_BASE)))	116	if (!(dir = opendir (PROC_BASE)))
Lines 256-292 Link Here
256	else if (got_long ? strcmp (namelist[j], command) :	252	else if (got_long ? strcmp (namelist[j], command) :
257	strncmp (namelist[j], comm, COMM_LEN - 1))	253	strncmp (namelist[j], comm, COMM_LEN - 1))
258	continue;	254	continue;
259	#ifdef FLASK_LINUX	255	#ifdef WITH_SELINUX
260	if ( (int) sid > 0 ) {	256	if ( scontext != NULL ) {
261	if ( stat_secure(path, &st, &lsid) < 0 )	257	if ( getpidcon(pid_table[i], &lcontext) < 0 )
262	continue;	258	continue;
263	if ( lsid != sid )	259	if (strcmp(lcontext,scontext)!=0) {
		260	freecon(lcontext);
264	continue;	261	continue;
		262	}
		263	freecon(lcontext);
265	}	264	}
266	#endif /FLASK_LINUX/	265	#endif /WITH_SELINUX/
267	}	266	}
268	else	267	else
269	{	268	{
270	if (asprintf (&path, PROC_BASE "/%d/exe", pid_table[i]) < 0)	269	if (asprintf (&path, PROC_BASE "/%d/exe", pid_table[i]) < 0)
271	continue;	270	continue;
272	#ifdef FLASK_LINUX	271
273	if (stat_secure(path,&st,&lsid) < 0) {
274	free(path);
275	continue;
276	}
277	if (sts[j].st_dev != st.st_dev \|\|
278	sts[j].st_ino != st.st_ino \|\|
279	((int) sid > 0 && (lsid != sid)) ) {
280	free(path);
281	continue;
282	}
283	#else /FLASK_LINUX/
284	if (stat (path, &st) < 0) {	272	if (stat (path, &st) < 0) {
285	free (path);	273	free (path);
286	continue;	274	continue;
287	}	275	}
288	#endif /FLASK_LINUX/
289	free (path);	276	free (path);
		277	#ifdef WITH_SELINUX
		278	if ( scontext != NULL ) {
		279	if ( getpidcon(pid_table[i], &lcontext) < 0 )
		280	continue;
		281	if (strcmp(lcontext,scontext)!=0) {
		282	freecon(lcontext);
		283	continue;
		284	}
		285	freecon(lcontext);
		286	}
		287	#endif /WITH_SELINUX/
290		288
291	if (sts[j].st_dev != st.st_dev \|\| sts[j].st_ino != st.st_ino)	289	if (sts[j].st_dev != st.st_dev \|\| sts[j].st_ino != st.st_ino)
292	continue;	290	continue;
Lines 383-395 Link Here
383	static void	381	static void
384	usage_killall (void)	382	usage_killall (void)
385	{	383	{
386	#ifdef FLASK_LINUX	384	#ifdef WITH_SELINUX
387	fprintf(stderr,"Usage: killall [-s sid] [-c context] [ -egiqvw ] [ -signal ] name ...\n");	385	fprintf(stderr,"Usage: killall [-Z context] [ -egiqvw ] [ -signal ] name ...\n");
388	#else /FLASK_LINUX/	386	#else /WITH_SELINUX/
389	fprintf (stderr, "usage: killall [ OPTIONS ] [ -- ] name ...\n");	387	fprintf (stderr, "usage: killall [ OPTIONS ] [ -- ] name ...\n");
390	#endif /FLASK_LINUX/	388	#endif /WITH_SELINUX/
391	fprintf (stderr, " killall -l, --list\n");	389	fprintf (stderr, " killall -l, --list\n");
392	fprintf (stderr, " killall -V --version\n\n");	390	fprintf (stderr, " killall -V --version\n\n");
		391	#ifdef WITH_SELINUX
		392	fprintf (stderr, " -Z,--context kill only process(es) having scontext\n");
		393	#endif /WITH_SELINUX/
393	fprintf (stderr, " -e,--exact require exact match for very long names\n");	394	fprintf (stderr, " -e,--exact require exact match for very long names\n");
394	fprintf (stderr, " -g,--process-group kill process group instead of process\n");	395	fprintf (stderr, " -g,--process-group kill process group instead of process\n");
395	fprintf (stderr, " -i,--interactive ask for confirmation before killing\n");	396	fprintf (stderr, " -i,--interactive ask for confirmation before killing\n");
Lines 399-409 Link Here
399	fprintf (stderr, " -v,--verbose report if the signal was successfully sent\n");	400	fprintf (stderr, " -v,--verbose report if the signal was successfully sent\n");
400	fprintf (stderr, " -V,--version display version information\n");	401	fprintf (stderr, " -V,--version display version information\n");
401	fprintf (stderr, " -w,--wait wait for processes to die\n\n");	402	fprintf (stderr, " -w,--wait wait for processes to die\n\n");
402	#ifdef FLASK_LINUX
403	fprintf (stderr, " -d,--sid kill only process(es) having sid\n");
404	fprintf (stderr, " -c,--context kill only process(es) having scontext\n");
405	fprintf(stderr, " (-s, -c are mutually exclusive and must precede other arguments)\n\n");
406	#endif /FLASK_LINUX/
407	}	403	}
408		404
409		405
Lines 445-462 Link Here
445	{"signal", 1, NULL, 's'},	441	{"signal", 1, NULL, 's'},
446	{"verbose", 0, NULL, 'v'},	442	{"verbose", 0, NULL, 'v'},
447	{"wait", 0, NULL, 'w'},	443	{"wait", 0, NULL, 'w'},
448	#ifdef FLASK_LINUX	444	#ifdef WITH_SELINUX
449	{"Sid", 1, NULL, 'S'},
450	{"context", 1, NULL, 'c'},	445	{"context", 1, NULL, 'c'},
451	#endif /FLASK_LINUX/	446	#endif /WITH_SELINUX/
452	{"version", 0, NULL, 'V'},	447	{"version", 0, NULL, 'V'},
453	{0,0,0,0 }};	448	{0,0,0,0 }};
454		449
455	#ifdef FLASK_LINUX	450	#ifdef WITH_SELINUX
456	security_id_t sid = -1;	451	security_context_t scontext = NULL;
457		452
458	if ( argc < 2 ) usage(); /* do the obvious thing... */	453	if ( argc < 2 ) usage(); /* do the obvious thing... */
459	#endif /FLASK_LINUX/	454	#endif /WITH_SELINUX/
460		455
461	name = strrchr (*argv, '/');	456	name = strrchr (*argv, '/');
462	if (name)	457	if (name)
Lines 472-479 Link Here
472	textdomain(PACKAGE);	467	textdomain(PACKAGE);
473		468
474	opterr = 0;	469	opterr = 0;
475	#ifdef FLASK_LINUX	470	#ifdef WITH_SELINUX
476	while ( (optc = getopt_long_only(argc,argv,"egilqs:vwd:c:V",options,NULL)) != EOF) {	471	while ( (optc = getopt_long_only(argc,argv,"egilqs:vwZ:V",options,NULL)) != EOF) {
477	#else	472	#else
478	while ( (optc = getopt_long_only(argc,argv,"egilqs:vwV",options,NULL)) != EOF) {	473	while ( (optc = getopt_long_only(argc,argv,"egilqs:vwV",options,NULL)) != EOF) {
479	#endif	474	#endif
Lines 517-564 Link Here
517	print_version();	512	print_version();
518	return 0;	513	return 0;
519	break;	514	break;
520	#ifdef FLASK_LINUX	515	#ifdef WITH_SELINUX
521	case 'd': {	516	case 'Z':
522	char *buf, calloc();	517	if( is_selinux_enabled()>0)
523	int strlen(), rv;	518	scontext=optarg;
524	__u32 len;	519	else
525	security_id_t lsid;	520	fprintf(stderr, "Warning: -Z (--context) ignored. Requires an SELinux enabled kernel\n");
526		521	break;
527	buf = (char **) calloc(1, strlen(optarg));	522	#endif /WITH_SELINUX/
528	if ( ! buf ) {
529	(void) fprintf(stderr, "%s: %s\n", name, strerror(errno));
530	return( 1 );
531	}
532
533	lsid = strtol(optarg, buf, 0);
534	if ( **buf ) {
535	(void) fprintf(stderr, "%s: SID (%s) must be numeric\n", name, *argv);
536	(void) fflush(stderr);
537	return( 1 );
538	}
539
540	sid = (security_id_t) lsid;
541	/* sanity check */
542	len = strlen(optarg);
543	rv = security_sid_to_context(sid, buf, &len);
544	if ( rv < 0 && (errno != ENOSPC) ) {
545	(void) fprintf(stderr, "%s: security_sid_to_context(%d) %s\n", name, (int) sid, strerror(errno));
546	(void) fflush(stderr);
547	free(buf);
548	return( 1 );
549	}
550	free(buf);
551	break;
552	}
553	case 'c': {
554	if ( security_context_to_sid(optarg, strlen(optarg)+1, &sid) ) {
555	(void) fprintf(stderr, "%s: security_context_to_sid(%s): %s\n",
556	name, optarg, strerror(errno));
557	(void) fflush(stderr);
558	return( 1 );
559	}
560	}
561	#endif /FLASK_LINUX/
562	case '?':	523	case '?':
563	/* Signal names are in uppercase, so check to see if the argv	524	/* Signal names are in uppercase, so check to see if the argv
564	* is upper case */	525	* is upper case */
Lines 590-598 Link Here
590	}	551	}
591	argv = argv + myoptind;	552	argv = argv + myoptind;
592	/printf("sending signal %d to procs\n", sig_num);/	553	/printf("sending signal %d to procs\n", sig_num);/
593	#ifdef FLASK_LINUX	554	#ifdef WITH_SELINUX
594	return kill_all(sig_num,argc - myoptind, argv, sid);	555	return kill_all(sig_num,argc - myoptind, argv, scontext);
595	#else /FLASK_LINUX/	556	#else /WITH_SELINUX/
596	return kill_all(sig_num,argc - myoptind, argv );	557	return kill_all(sig_num,argc - myoptind, argv );
597	#endif /FLASK_LINUX/	558	#endif /WITH_SELINUX/
598	}	559	}

Lines 27-35 Link Here

(-)psmisc-21.4/src/pstree.c (-107 / +80 lines)
27		27
28	#include "comm.h"	28	#include "comm.h"
29		29
30	#ifdef FLASK_LINUX	30	#ifdef WITH_SELINUX
31	#include <fs_secure.h>	31	#include <selinux/selinux.h>
32	#endif /FLASK_LINUX/	32	#endif /WITH_SELINUX/
33		33
34	#ifndef MAX_DEPTH	34	#ifndef MAX_DEPTH
35	#define MAX_DEPTH 100	35	#define MAX_DEPTH 100
Lines 58-66 Link Here
58	int argc; /* with -a : number of arguments, -1 if swapped */	58	int argc; /* with -a : number of arguments, -1 if swapped */
59	pid_t pid;	59	pid_t pid;
60	uid_t uid;	60	uid_t uid;
61	#ifdef FLASK_LINUX	61	#ifdef WITH_SELINUX
62	security_id_t sid;	62	security_context_t scontext;
63	#endif /FLASK_LINUX/	63	#endif /WITH_SELINUX/
64	int highlight;	64	int highlight;
65	struct _child *children;	65	struct _child *children;
66	struct _proc *parent;	66	struct _proc *parent;
Lines 108-117 Link Here
108	static int width[MAX_DEPTH], more[MAX_DEPTH];	108	static int width[MAX_DEPTH], more[MAX_DEPTH];
109	static int print_args = 0, compact = 1, user_change = 0, pids = 0, by_pid = 0,	109	static int print_args = 0, compact = 1, user_change = 0, pids = 0, by_pid = 0,
110	trunc = 1, wait_end = 0;	110	trunc = 1, wait_end = 0;
111	#ifdef FLASK_LINUX	111	#ifdef WITH_SELINUX
112	static int show_sids = 0;
113	static int show_scontext = 0;	112	static int show_scontext = 0;
114	#endif /FLASK_LINUX/	113	#endif /WITH_SELINUX/
115	static int output_width = 132;	114	static int output_width = 132;
116	static int cur_x = 1;	115	static int cur_x = 1;
117	static char last_char = 0;	116	static char last_char = 0;
Lines 161-198 Link Here
161	return digits;	160	return digits;
162	}	161	}
163		162
164	#ifdef FLASK_LINUX	163	#ifdef WITH_SELINUX
165	static void	164	static void
166	out_sid ( security_id_t sid )	165	out_scontext ( security_context_t scontext )
167	{	166	{
168	if ( (int) sid >= 0 )
169	out_int((int) sid);
170	else
171	out_string("??");
172	}
173
174	static void
175	out_scontext ( security_id_t sid )
176	{
177	static char buf[256];
178	int security_sid_to_context();
179	int len = sizeof(buf);
180	int rv;
181
182	bzero(buf,256);
183
184	rv = security_sid_to_context((int)sid, buf, &len);
185	if ( rv ) {
186	out_string("`??\'"); /* punt */
187	}
188	else {
189	out_string("`");	167	out_string("`");
190	out_string(buf);	168	out_string(scontext);
191	out_string("\'");	169	out_string("'");
192	}
193	}	170	}
194	#endif /FLASK_LINUX/	171	#endif /WITH_SELINUX/
195		172
196		173
197	static void	174	static void
198	out_newline (void)	175	out_newline (void)
Lines 216-228 Link Here
216	return walk;	193	return walk;
217	}	194	}
218		195
219	#ifdef FLASK_LINUX	196	#ifdef WITH_SELINUX
220	static PROC *	197	static PROC *
221	new_proc(const char *comm, pid_t pid, uid_t uid, security_id_t sid)	198	new_proc(const char *comm, pid_t pid, uid_t uid, security_context_t scontext)
222	#else /FLASK_LINUX/	199	#else /WITH_SELINUX/
223	static PROC *	200	static PROC *
224	new_proc (const char *comm, pid_t pid, uid_t uid)	201	new_proc (const char *comm, pid_t pid, uid_t uid)
225	#endif /FLASK_LINUX/	202	#endif /WITH_SELINUX/
226	{	203	{
227	PROC *new;	204	PROC *new;
228		205
Lines 235-243 Link Here
235	new->pid = pid;	212	new->pid = pid;
236	new->uid = uid;	213	new->uid = uid;
237	new->highlight = 0;	214	new->highlight = 0;
238	#ifdef FLASK_LINUX	215	#ifdef WITH_SELINUX
239	new->sid = sid;	216	new->scontext = scontext;
240	#endif /FLASK_LINUX/	217	#endif /WITH_SELINUX/
241	new->children = NULL;	218	new->children = NULL;
242	new->parent = NULL;	219	new->parent = NULL;
243	new->next = list;	220	new->next = list;
Lines 306-329 Link Here
306	this->argv[i] = start = strchr (start, 0) + 1;	283	this->argv[i] = start = strchr (start, 0) + 1;
307	}	284	}
308		285
309	#ifdef FLASK_LINUX	286	#ifdef WITH_SELINUX
310	static void	287	static void
311	add_proc(const char *comm, pid_t pid, pid_t ppid, uid_t uid,	288	add_proc(const char *comm, pid_t pid, pid_t ppid, uid_t uid,
312	const char *args, int size, security_id_t sid)	289	const char *args, int size, security_context_t scontext)
313	#else /FLASK_LINUX/	290	#else /WITH_SELINUX/
314	static void	291	static void
315	add_proc (const char *comm, pid_t pid, pid_t ppid, uid_t uid,	292	add_proc (const char *comm, pid_t pid, pid_t ppid, uid_t uid,
316	const char *args, int size)	293	const char *args, int size)
317	#endif /FLASK_LINUX/	294	#endif /WITH_SELINUX/
318	{	295	{
319	PROC this, parent;	296	PROC this, parent;
320		297
321	if (!(this = find_proc (pid)))	298	if (!(this = find_proc (pid)))
322	#ifdef FLASK_LINUX	299	#ifdef WITH_SELINUX
323	this = new_proc(comm, pid, uid, sid);	300	this = new_proc(comm, pid, uid, scontext);
324	#else /FLASK_LINUX/	301	#else /WITH_SELINUX/
325	this = new_proc (comm, pid, uid);	302	this = new_proc (comm, pid, uid);
326	#endif /FLASK_LINUX/	303	#endif /WITH_SELINUX/
327	else	304	else
328	{	305	{
329	strcpy (this->comm, comm);	306	strcpy (this->comm, comm);
Lines 334-344 Link Here
334	if (pid == ppid)	311	if (pid == ppid)
335	ppid = 0;	312	ppid = 0;
336	if (!(parent = find_proc (ppid)))	313	if (!(parent = find_proc (ppid)))
337	#ifdef FLASK_LINUX	314	#ifdef WITH_SELINUX
338	parent = new_proc("?", ppid, 0, sid);	315	parent = new_proc("?", ppid, 0, scontext);
339	#else /FLASK_LINUX/	316	#else /WITH_SELINUX/
340	parent = new_proc ("?", ppid, 0);	317	parent = new_proc ("?", ppid, 0);
341	#endif /FLASK_LINUX/	318	#endif /WITH_SELINUX/
342	add_child (parent, this);	319	add_child (parent, this);
343	this->parent = parent;	320	this->parent = parent;
344	}	321	}
Lines 430-454 Link Here
430	else	407	else
431	(void) out_int (current->uid);	408	(void) out_int (current->uid);
432	}	409	}
433	#ifdef FLASK_LINUX	410	#ifdef WITH_SELINUX
434	if ( show_sids ) {
435	out_char (info++ ? ',' : '(');
436	out_sid(current->sid);
437	}
438	if ( show_scontext ) {	411	if ( show_scontext ) {
439	out_char (info++ ? ',' : '(');	412	out_char (info++ ? ',' : '(');
440	out_scontext(current->sid);	413	out_scontext(current->scontext);
441	}	414	}
442	#endif /FLASK_LINUX/	415	#endif /WITH_SELINUX/
443	if ((swapped && print_args && current->argc < 0) \|\| (!swapped && info))	416	if ((swapped && print_args && current->argc < 0) \|\| (!swapped && info))
444	out_char (')');	417	out_char (')');
445	if (current->highlight && (tmp = tgetstr ("me", NULL)))	418	if (current->highlight && (tmp = tgetstr ("me", NULL)))
446	tputs (tmp, 1, putchar);	419	tputs (tmp, 1, putchar);
447	#ifdef FLASK_LINUX
448	if (show_scontext \|\| print_args)
449	#else /FLASK_LINUX/
450	if (print_args)	420	if (print_args)
451	#endif /FLASK_LINUX/
452	{	421	{
453	for (i = 0; i < current->argc; i++)	422	for (i = 0; i < current->argc; i++)
454	{	423	{
Lines 473-492 Link Here
473	}	442	}
474	}	443	}
475	}	444	}
476	#ifdef FLASK_LINUX	445	#ifdef WITH_SELINUX
477	if ( show_scontext \|\| print_args \|\| ! current->children )	446	if ( show_scontext \|\| print_args \|\| ! current->children )
478	#else /FLASK_LINUX/	447	#else /WITH_SELINUX/
479	if (print_args \|\| !current->children)	448	if (print_args \|\| !current->children)
480	#endif /FLASK_LINUX/	449	#endif /WITH_SELINUX/
481	{	450	{
482	while (closing--)	451	while (closing--)
483	out_char (']');	452	out_char (']');
484	out_newline ();	453	out_newline ();
485	#ifdef FLASK_LINUX	454	#ifdef WITH_SELINUX
486	if ( show_scontext \|\| print_args )	455	if ( show_scontext \|\| print_args )
487	#else /FLASK_LINUX/	456	#else /WITH_SELINUX/
488	if (print_args)	457	if (print_args)
489	#endif /FLASK_LINUX/	458	#endif /WITH_SELINUX/
490	{	459	{
491	more[level] = !last;	460	more[level] = !last;
492	width[level] = swapped + (comm_len > 1 ? 0 : -1);	461	width[level] = swapped + (comm_len > 1 ? 0 : -1);
Lines 576-584 Link Here
576	pid_t pid, ppid;	545	pid_t pid, ppid;
577	int fd, size;	546	int fd, size;
578	int empty;	547	int empty;
579	#ifdef FLASK_LINUX	548	#ifdef WITH_SELINUX
580	security_id_t sid = -1;	549	security_context_t scontext = NULL;
581	#endif /FLASK_LINUX/	550	int selinux_enabled=is_selinux_enabled()>0;
		551	#endif /WITH_SELINUX/
582		552
583	if (!print_args)	553	if (!print_args)
584	buffer = NULL;	554	buffer = NULL;
Lines 603-613 Link Here
603	{	573	{
604	empty = 0;	574	empty = 0;
605	sprintf (path, "%s/%d", PROC_BASE, pid);	575	sprintf (path, "%s/%d", PROC_BASE, pid);
606	#ifdef FLASK_LINUX	576	#ifdef WITH_SELINUX
607	if (fstat_secure(fileno(file),&st,&sid) < 0)	577	if (selinux_enabled)
608	#else /FLASK_LINUX/	578	if (getpidcon(pid,&scontext) < 0)
		579	{
		580	perror (path);
		581	exit (1);
		582	}
		583	#endif /WITH_SELINUX/
609	if (stat (path, &st) < 0)	584	if (stat (path, &st) < 0)
610	#endif /FLASK_LINUX/
611	{	585	{
612	perror (path);	586	perror (path);
613	exit (1);	587	exit (1);
Lines 632-642 Link Here
632	&ppid) == 4)	606	&ppid) == 4)
633	*/	607	*/
634	if (!print_args)	608	if (!print_args)
635	#ifdef FLASK_LINUX	609	#ifdef WITH_SELINUX
636	add_proc(comm, pid, ppid, st.st_uid, NULL, 0, sid);	610	add_proc(comm, pid, ppid, st.st_uid, NULL, 0, scontext);
637	#else /FLASK_LINUX/	611	#else /WITH_SELINUX/
638	add_proc (comm, pid, ppid, st.st_uid, NULL, 0);	612	add_proc (comm, pid, ppid, st.st_uid, NULL, 0);
639	#endif /FLASK_LINUX/	613	#endif /WITH_SELINUX/
640	else	614	else
641	{	615	{
642	sprintf (path, "%s/%d/cmdline", PROC_BASE, pid);	616	sprintf (path, "%s/%d/cmdline", PROC_BASE, pid);
Lines 653-663 Link Here
653	(void) close (fd);	627	(void) close (fd);
654	if (size)	628	if (size)
655	buffer[size++] = 0;	629	buffer[size++] = 0;
656	#ifdef FLASK_LINUX	630	#ifdef WITH_SELINUX
657	add_proc(comm, pid, ppid, st.st_uid, buffer, size, sid);	631	add_proc(comm, pid, ppid, st.st_uid, buffer, size, scontext);
658	#else /FLASK_LINUX/	632	#else /WITH_SELINUX/
659	add_proc (comm, pid, ppid, st.st_uid, buffer, size);	633	add_proc (comm, pid, ppid, st.st_uid, buffer, size);
660	#endif /FLASK_LINUX/	634	#endif /WITH_SELINUX/
661	}	635	}
662	}	636	}
663	}	637	}
Lines 696-706 Link Here
696	cmd = comm;	670	cmd = comm;
697	if (*cmd == '-')	671	if (*cmd == '-')
698	cmd++;	672	cmd++;
699	#ifdef FLASK_LINUX	673	#ifdef WITH_SELINUX
700	add_proc(cmd, pid, ppid, uid, NULL, 0, -1);	674	add_proc(cmd, pid, ppid, uid, NULL, 0, NULL);
701	#else /FLASK_LINUX/	675	#else /WITH_SELINUX/
702	add_proc (cmd, pid, ppid, uid, NULL, 0);	676	add_proc (cmd, pid, ppid, uid, NULL, 0);
703	#endif /FLASK_LINUX/	677	#endif /WITH_SELINUX/
704	}	678	}
705	}	679	}
706		680
Lines 722-731 Link Here
722	fprintf (stderr, _(" -n sort output by PID\n"));	696	fprintf (stderr, _(" -n sort output by PID\n"));
723	fprintf (stderr, _(" -p show PIDs; implies -c\n"));	697	fprintf (stderr, _(" -p show PIDs; implies -c\n"));
724	fprintf (stderr, _(" -u show uid transitions\n"));	698	fprintf (stderr, _(" -u show uid transitions\n"));
725	#ifdef FLASK_LINUX	699	#ifdef WITH_SELINUX
726	fprintf (stderr, _(" -s show Flask SIDs\n"));	700	fprintf (stderr, _(" -Z show SELinux security contexts\n"));
727	fprintf (stderr, _(" -x show Flask security contexts\n"));	701	#endif /WITH_SELINUX/
728	#endif /FLASK_LINUX/
729	fprintf (stderr, _(" -U use UTF-8 (Unicode)) line drawing characters\n"));	702	fprintf (stderr, _(" -U use UTF-8 (Unicode)) line drawing characters\n"));
730	fprintf (stderr, _(" -V display version information\n"));	703	fprintf (stderr, _(" -V display version information\n"));
731	fprintf (stderr, _(" pid start at pid, default 1 (init))\n"));	704	fprintf (stderr, _(" pid start at pid, default 1 (init))\n"));
Lines 771-781 Link Here
771	}	744	}
772		745
773		746
774	#ifdef FLASK_LINUX	747	#ifdef WITH_SELINUX
775	while ((c = getopt (argc, argv, "acGhH:npluUVsx")) != EOF)	748	while ((c = getopt (argc, argv, "acGhH:npluUVZ")) != EOF)
776	#else /FLASK_LINUX/	749	#else /WITH_SELINUX/
777	while ((c = getopt (argc, argv, "acGhH:npluUV")) != EOF)	750	while ((c = getopt (argc, argv, "acGhH:npluUV")) != EOF)
778	#endif /FLASK_LINUX/	751	#endif /WITH_SELINUX/
779	switch (c)	752	switch (c)
780	{	753	{
781	case 'a':	754	case 'a':
Lines 832-845 Link Here
832	case 'V':	805	case 'V':
833	print_version();	806	print_version();
834	return 0;	807	return 0;
835	#ifdef FLASK_LINUX	808	#ifdef WITH_SELINUX
836	case 's':	809	case 'Z':
837	show_sids = 1;	810	if (is_selinux_enabled()>0)
838	break;	811	show_scontext = 1;
839	case 'x':	812	else
840	show_scontext = 1;	813	fprintf(stderr, "Warning: -Z ignored. Requires anx SELinux enabled kernel\n");
841	break;	814	break;
842	#endif /FLASK_LINUX/	815	#endif /WITH_SELINUX/
843	default:	816	default:
844	usage ();	817	usage ();
845	}	818	}