Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 27938 Details for
Bug 45251
psmisc could use a version bump from 21.2 to 21.4
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
21.4 selinux patch
psmisc-21.4-selinux.diff (text/plain), 28.24 KB, created by
Joshua Brindle (RETIRED)
on 2004-03-24 11:23:34 UTC
(
hide
)
Description:
21.4 selinux patch
Filename:
MIME Type:
Creator:
Joshua Brindle (RETIRED)
Created:
2004-03-24 11:23:34 UTC
Size:
28.24 KB
patch
obsolete
>diff -urN psmisc-21.4/Makefile.in psmisc-21.4-selinux/Makefile.in >--- psmisc-21.4/Makefile.in 2003-11-28 12:04:20.000000000 +0000 >+++ psmisc-21.4-selinux/Makefile.in 2004-03-23 14:03:15.703845224 +0000 >@@ -74,8 +82,8 @@ > EGREP = @EGREP@ > EXEEXT = @EXEEXT@ > F77 = @F77@ >-FLASK_LIB = @FLASK_LIB@ >-FLASK_LINUX = @FLASK_LINUX@ >+SELINUX_LIB = @SELINUX_LIB@ >+WITH_SELINUX = @WITH_SELINUX@ > GCJ = @GCJ@ > GCJFLAGS = @GCJFLAGS@ > GENCAT = @GENCAT@ >@@ -110,6 +117,7 @@ > USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@ > USE_NLS = @USE_NLS@ > VERSION = @VERSION@ >+WITH_SELINUX = @WITH_SELINUX@ > am__include = @am__include@ > am__quote = @am__quote@ > install_sh = @install_sh@ >diff -urN psmisc-21.4/config.h.in psmisc-21.4-selinux/config.h.in >--- psmisc-21.4/config.h.in 2002-09-27 12:54:00.000000000 +0000 >+++ psmisc-21.4-selinux/config.h.in 2004-03-23 14:03:15.498876384 +0000 >@@ -5,7 +5,7 @@ > #undef ENABLE_NLS > > /* Use Security-Enhanced Linux features */ >-#undef FLASK_LINUX >+#undef WITH_SELINUX > > /* Define if the GNU dcgettext() function is already present or preinstalled. > */ >diff -urN psmisc-21.4/configure psmisc-21.4-selinux/configure >--- psmisc-21.4/configure 2003-11-28 12:04:26.000000000 +0000 >+++ psmisc-21.4-selinux/configure 2004-03-23 14:09:38.292682880 +0000 >@@ -463,7 +463,7 @@ > # include <unistd.h> > #endif" > >-ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA PACKAGE VERSION EXEEXT OBJEXT ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO AMTAR install_sh INSTALL_STRIP_PROGRAM AWK SET_MAKE AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH DEPDIR CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC am__include am__quote CCDEPMODE CPP build build_cpu build_vendor build_os host host_cpu host_vendor host_os EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB STRIP ac_ct_STRIP CXX CXXFLAGS ac_ct_CXX CXXDEPMODE CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL FLASK_LINUX FLASK_LIB TERMCAP_LIB INO_T_IS_LONG_LONG INO_T_IS_INT MKINSTALLDIRS USE_NLS MSGFMT GMSGFMT XGETTEXT MSGMERGE LIBICONV LTLIBICONV INTLLIBS LIBINTL LTLIBINTL POSUB LIBOBJS LTLIBOBJS' >+ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA PACKAGE VERSION EXEEXT OBJEXT ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO AMTAR install_sh INSTALL_STRIP_PROGRAM AWK SET_MAKE AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH DEPDIR CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC am__include am__quote CCDEPMODE CPP build build_cpu build_vendor build_os host host_cpu host_vendor host_os EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB STRIP ac_ct_STRIP CXX CXXFLAGS ac_ct_CXX CXXDEPMODE CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL WITH_SELINUX SELINUX_LIB TERMCAP_LIB INO_T_IS_LONG_LONG INO_T_IS_INT MKINSTALLDIRS USE_NLS MSGFMT GMSGFMT XGETTEXT MSGMERGE LIBICONV LTLIBICONV INTLLIBS LIBINTL LTLIBINTL POSUB LIBOBJS LTLIBOBJS' > ac_subst_files='' > > # Initialize some variables set by options. >@@ -1032,7 +1032,7 @@ > --enable-fast-install[=PKGS] > optimize for fast installation [default=yes] > --disable-libtool-lock avoid locking (might break parallel builds) >- --enable-flask Enable Security-Enhanced Linux features >+ --enable-selinux Security-Enhanced Linux features > --disable-nls do not use Native Language Support > --disable-rpath do not hardcode runtime library paths > --disable-largefile omit support for large files >@@ -18822,21 +18822,21 @@ > > > >-# Check whether --enable-flask or --disable-flask was given. >-if test "${enable_flask+set}" = set; then >- enableval="$enable_flask" >+# Check whether --enable-selinux or --disable-selinux was given. >+if test "${enable_selinux+set}" = set; then >+ enableval="$enable_selinux" > > cat >>confdefs.h <<\_ACEOF >-#define FLASK_LINUX 1 >+#define WITH_SELINUX 1 > _ACEOF > >- echo "$as_me:$LINENO: checking for avc_toggle in -lsecure" >&5 >-echo $ECHO_N "checking for avc_toggle in -lsecure... $ECHO_C" >&6 >-if test "${ac_cv_lib_secure_avc_toggle+set}" = set; then >+ echo "$as_me:$LINENO: checking for getfilecon in -lselinux" >&5 >+echo $ECHO_N "checking for getfilecon in -lselinux... $ECHO_C" >&6 >+if test "${ac_cv_lib_selinux_getfilecon+set}" = set; then > echo $ECHO_N "(cached) $ECHO_C" >&6 > else > ac_check_lib_save_LIBS=$LIBS >-LIBS="-lsecure $LIBS" >+LIBS="-lselinux $LIBS" > cat >conftest.$ac_ext <<_ACEOF > /* confdefs.h. */ > _ACEOF >@@ -18850,11 +18850,11 @@ > #endif > /* We use char because int might match the return type of a gcc2 > builtin and then its argument prototype would still apply. */ >-char avc_toggle (); >+char getfilecon (); > int > main () > { >-avc_toggle (); >+getfilecon (); > ; > return 0; > } >@@ -18880,24 +18880,24 @@ > ac_status=$? > echo "$as_me:$LINENO: \$? = $ac_status" >&5 > (exit $ac_status); }; }; then >- ac_cv_lib_secure_avc_toggle=yes >+ ac_cv_lib_selinux_getfilecon=yes > else > echo "$as_me: failed program was:" >&5 > sed 's/^/| /' conftest.$ac_ext >&5 > >-ac_cv_lib_secure_avc_toggle=no >+ac_cv_lib_selinux_getfilecon=no > fi > rm -f conftest.err conftest.$ac_objext \ > conftest$ac_exeext conftest.$ac_ext > LIBS=$ac_check_lib_save_LIBS > fi >-echo "$as_me:$LINENO: result: $ac_cv_lib_secure_avc_toggle" >&5 >-echo "${ECHO_T}$ac_cv_lib_secure_avc_toggle" >&6 >-if test $ac_cv_lib_secure_avc_toggle = yes; then >+echo "$as_me:$LINENO: result: $ac_cv_lib_selinux_getfilecon" >&5 >+echo "${ECHO_T}$ac_cv_lib_selinux_getfilecon" >&6 >+if test $ac_cv_lib_selinux_getfilecon = yes; then > FLASK_LIB=-lsecure > else >- { { echo "$as_me:$LINENO: error: Cannot find selinux/ secure static library" >&5 >-echo "$as_me: error: Cannot find selinux/ secure static library" >&2;} >+ { { echo "$as_me:$LINENO: error: Cannot find selinux secure static library" >&5 >+echo "$as_me: error: Cannot find selinux secure static library" >&2;} > { (exit 1); exit 1; }; } > > fi >@@ -24618,8 +24618,8 @@ > s,@FFLAGS@,$FFLAGS,;t t > s,@ac_ct_F77@,$ac_ct_F77,;t t > s,@LIBTOOL@,$LIBTOOL,;t t >-s,@FLASK_LINUX@,$FLASK_LINUX,;t t >-s,@FLASK_LIB@,$FLASK_LIB,;t t >+s,@WITH_SELINUX@,$WITH_SELINUX,;t t >+s,@SELINUX_LIB@,$SELINUX_LIB,;t t > s,@TERMCAP_LIB@,$TERMCAP_LIB,;t t > s,@INO_T_IS_LONG_LONG@,$INO_T_IS_LONG_LONG,;t t > s,@INO_T_IS_INT@,$INO_T_IS_INT,;t t >diff -urN psmisc-21.4/configure.in psmisc-21.4-selinux/configure.in >--- psmisc-21.4/configure.in 2003-11-28 12:03:37.000000000 +0000 >+++ psmisc-21.4-selinux/configure.in 2004-03-23 14:03:15.659851912 +0000 >@@ -10,14 +10,14 @@ > AC_PROG_LIBTOOL > > dnl checks for options >-AC_SUBST(FLASK_LINUX) >-AC_ARG_ENABLE(flask,[ --enable-flask Enable Security-Enhanced Linux features], >- AC_DEFINE([FLASK_LINUX],1,[Use Security-Enhanced Linux features]) >- AC_CHECK_LIB(secure, avc_toggle, FLASK_LIB=-lsecure, >- AC_MSG_ERROR(Cannot find selinux/ secure static library) >+AC_SUBST(WITH_SELINUX) >+AC_ARG_ENABLE(selinux,[ --enable-selinux Enable Security-Enhanced Linux features], >+ AC_DEFINE([WITH_SELINUX],1,[Use Security-Enhanced Linux features]) >+ AC_CHECK_LIB(selinux,getfilecon, SELINUX_LIB=-lselinux, >+ AC_MSG_ERROR(Cannot find selinux secure static library) > ) > ,) >-AC_SUBST(FLASK_LIB) >+AC_SUBST(SELINUX_LIB) > > dnl Checks for libraries. > AC_CHECK_LIB(ncurses, tgetent, TERMCAP_LIB=-lncurses, >diff -urN psmisc-21.4/doc/Makefile.in psmisc-21.4-selinux/doc/Makefile.in >--- psmisc-21.4/doc/Makefile.in 2003-11-28 12:03:49.000000000 +0000 >+++ psmisc-21.4-selinux/doc/Makefile.in 2004-03-23 14:03:15.403890824 +0000 >@@ -74,8 +74,8 @@ > EGREP = @EGREP@ > EXEEXT = @EXEEXT@ > F77 = @F77@ >-FLASK_LIB = @FLASK_LIB@ >-FLASK_LINUX = @FLASK_LINUX@ >+SELINUX_LIB = @SELINUX_LIB@ >+WITH_SELINUX = @WITH_SELINUX@ > GCJ = @GCJ@ > GCJFLAGS = @GCJFLAGS@ > GENCAT = @GENCAT@ >diff -urN psmisc-21.4/doc/killall.1 psmisc-21.4-selinux/doc/killall.1 >--- psmisc-21.4/doc/killall.1 2003-09-26 13:24:51.000000000 +0000 >+++ psmisc-21.4-selinux/doc/killall.1 2004-03-23 14:03:15.383893864 +0000 >@@ -4,7 +4,6 @@ > .SH SYNOPSIS > .ad l > .B killall >-.RB [ \-d , \-\-sid ] > .RB [ \-c , \-\-context ] > .RB [ \-e , --exact ] > .RB [ \-g , \-\-process-group ] >@@ -67,12 +66,9 @@ > any of the killed processes still exist and only returns if none are left. > Note that \fBkillall\fP may wait forever if the signal was ignored, had no > effect, or if the process stays in zombie state. >-.IP \fB\-d\fP >-(Flask only) Specify SID: kill only processes with given SID. Mutually exclusive >-with \fB-c\fP argument. Must precede other arguments on command line. >-.IP \fB\-c\fP >-(Flask only) Specify security context: kill only processes with given security context. >-Mutually exclusive with \fB-d\fP. Must precede other arguments on the command line. >+.IP \fB\-Z\fP >+(SELinux Only) Specify security context: kill only processes with given security context. >+Must precede other arguments on the command line. > .SH FILES > .nf > /proc location of the proc file system >diff -urN psmisc-21.4/doc/pstree.1 psmisc-21.4-selinux/doc/pstree.1 >--- psmisc-21.4/doc/pstree.1 2003-09-26 13:25:17.000000000 +0000 >+++ psmisc-21.4-selinux/doc/pstree.1 2004-03-23 14:03:15.392892496 +0000 >@@ -11,6 +11,7 @@ > .RB [ \-n ] > .RB [ \-p ] > .RB [ \-u ] >+.RB [ \-Z ] > .RB [ \-G | \-U ] > .RB [ \fIpid\fB | \fIuser\fB] > .br >@@ -79,10 +80,8 @@ > with \fBecho -e '\\033%@'\fP > .IP \fB\-V\fP > Display version information. >-.IP \fB\-s\fP >-(Flask) Show Security ID (SID) for each process. >-.IP \fB\-x\fP >-(Flask) Show security context for each process. >+.IP \fB\-Z\fP >+(SELinux) Show security context for each process. > .SH FILES > .nf > /proc location of the proc file system >diff -urN psmisc-21.4/src/Makefile.am psmisc-21.4-selinux/src/Makefile.am >--- psmisc-21.4/src/Makefile.am 2003-11-28 11:22:16.000000000 +0000 >+++ psmisc-21.4-selinux/src/Makefile.am 2004-03-23 14:03:15.422887936 +0000 >@@ -21,6 +21,8 @@ > > CLEANFILES = signames.h pstree.x11 > >+LIBS=-lselinux >+ > signames.h: signames.c > @CPP@ -dM $< |\ > tr -s '\t ' ' ' | sort -n -k 3 | sed \ >diff -urN psmisc-21.4/src/Makefile.in psmisc-21.4-selinux/src/Makefile.in >--- psmisc-21.4/src/Makefile.in 2003-11-28 12:03:49.000000000 +0000 >+++ psmisc-21.4-selinux/src/Makefile.in 2004-03-23 14:03:15.443884744 +0000 >@@ -74,8 +74,8 @@ > EGREP = @EGREP@ > EXEEXT = @EXEEXT@ > F77 = @F77@ >-FLASK_LIB = @FLASK_LIB@ >-FLASK_LINUX = @FLASK_LINUX@ >+SELINUX_LIB = @SELINUX_LIB@ >+WITH_SELINUX = @WITH_SELINUX@ > GCJ = @GCJ@ > GCJFLAGS = @GCJFLAGS@ > GENCAT = @GENCAT@ >@@ -124,11 +124,11 @@ > > killall_SOURCES = killall.c comm.h signals.c signals.h signames.h > >-killall_LDADD = @FLASK_LIB@ >+killall_LDADD = @SELINUX_LIB@ > > pstree_SOURCES = pstree.c comm.h > >-pstree_LDADD = @TERMCAP_LIB@ @FLASK_LIB@ >+pstree_LDADD = @TERMCAP_LIB@ @SELINUX_LIB@ > > BUILT_SOURCES = signames.h > >@@ -162,7 +162,7 @@ > DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir) > CPPFLAGS = @CPPFLAGS@ > LDFLAGS = @LDFLAGS@ >-LIBS = @LIBS@ >+LIBS = @LIBS@ -lselinux > depcomp = $(SHELL) $(top_srcdir)/depcomp > @AMDEP_TRUE@DEP_FILES = $(DEPDIR)/fuser.Po $(DEPDIR)/killall.Po \ > @AMDEP_TRUE@ $(DEPDIR)/pstree.Po $(DEPDIR)/signals.Po >diff -urN psmisc-21.4/src/killall.c psmisc-21.4-selinux/src/killall.c >--- psmisc-21.4/src/killall.c 2003-09-16 11:00:22.000000000 +0000 >+++ psmisc-21.4-selinux/src/killall.c 2004-03-23 14:03:15.413889304 +0000 >@@ -21,10 +21,11 @@ > #include <sys/types.h> > #include <sys/stat.h> > #include <getopt.h> >-#ifdef FLASK_LINUX >-#include <selinux/fs_secure.h> >-#include <selinux/ss.h> >-#endif /*FLASK_LINUX*/ >+ >+#ifdef WITH_SELINUX >+#include <selinux/selinux.h> >+#endif /*WITH_SELINUX*/ >+ > #include <libintl.h> > #include <locale.h> > #define _(String) gettext (String) >@@ -64,13 +65,13 @@ > return ch == 'y' || ch == 'Y'; > } > >-#ifdef FLASK_LINUX >+#ifdef WITH_SELINUX > static int >-kill_all(int signal, int names, char **namelist, security_id_t sid ) >-#else /*FLASK_LINUX*/ >+kill_all(int signal, int names, char **namelist, security_context_t scontext ) >+#else /*WITH_SELINUX*/ > static int > kill_all (int signal, int names, char **namelist) >-#endif /*FLASK_LINUX*/ >+#endif /*WITH_SELINUX*/ > { > DIR *dir; > struct dirent *de; >@@ -85,11 +86,11 @@ > int empty, i, j, okay, length, got_long, error; > int pids, max_pids, pids_killed; > unsigned long found; >-#ifdef FLASK_LINUX >- security_id_t lsid; >+#ifdef WITH_SELINUX >+ security_context_t lcontext=NULL; > > if ( names == 0 || ! namelist ) exit( 1 ); /* do the obvious thing...*/ >-#endif /*FLASK_LINUX*/ >+#endif /*WITH_SELINUX*/ > > if (!(name_len = malloc (sizeof (int) * names))) > { >@@ -102,19 +103,14 @@ > sts[i].st_dev = 0; > name_len[i] = strlen (namelist[i]); > } >-#ifdef FLASK_LINUX >- else if (stat_secure(namelist[i],&sts[i], &lsid) < 0) { >- perror(namelist[i]); >- exit(1); >- } >-#else /*FLASK_LINUX*/ >- else if (stat (namelist[i], &sts[i]) < 0) >- { >- perror (namelist[i]); >- exit (1); >- } >-#endif /*FLASK_LINUX*/ >- } >+ else { >+ if (stat (namelist[i], &sts[i]) < 0) >+ { >+ perror (namelist[i]); >+ exit (1); >+ } >+ } >+ } > self = getpid (); > found = 0; > if (!(dir = opendir (PROC_BASE))) >@@ -256,37 +252,39 @@ > else if (got_long ? strcmp (namelist[j], command) : > strncmp (namelist[j], comm, COMM_LEN - 1)) > continue; >-#ifdef FLASK_LINUX >- if ( (int) sid > 0 ) { >- if ( stat_secure(path, &st, &lsid) < 0 ) >+#ifdef WITH_SELINUX >+ if ( scontext != NULL ) { >+ if ( getpidcon(pid_table[i], &lcontext) < 0 ) > continue; >- if ( lsid != sid ) >+ if (strcmp(lcontext,scontext)!=0) { >+ freecon(lcontext); > continue; >+ } >+ freecon(lcontext); > } >-#endif /*FLASK_LINUX*/ >+#endif /*WITH_SELINUX*/ > } > else > { > if (asprintf (&path, PROC_BASE "/%d/exe", pid_table[i]) < 0) > continue; >-#ifdef FLASK_LINUX >- if (stat_secure(path,&st,&lsid) < 0) { >- free(path); >- continue; >- } >- if (sts[j].st_dev != st.st_dev || >- sts[j].st_ino != st.st_ino || >- ((int) sid > 0 && (lsid != sid)) ) { >- free(path); >- continue; >- } >-#else /*FLASK_LINUX*/ >+ > if (stat (path, &st) < 0) { > free (path); > continue; > } >-#endif /*FLASK_LINUX*/ > free (path); >+#ifdef WITH_SELINUX >+ if ( scontext != NULL ) { >+ if ( getpidcon(pid_table[i], &lcontext) < 0 ) >+ continue; >+ if (strcmp(lcontext,scontext)!=0) { >+ freecon(lcontext); >+ continue; >+ } >+ freecon(lcontext); >+ } >+#endif /*WITH_SELINUX*/ > > if (sts[j].st_dev != st.st_dev || sts[j].st_ino != st.st_ino) > continue; >@@ -383,13 +381,16 @@ > static void > usage_killall (void) > { >-#ifdef FLASK_LINUX >- fprintf(stderr,"Usage: killall [-s sid] [-c context] [ -egiqvw ] [ -signal ] name ...\n"); >-#else /*FLASK_LINUX*/ >+#ifdef WITH_SELINUX >+ fprintf(stderr,"Usage: killall [-Z context] [ -egiqvw ] [ -signal ] name ...\n"); >+#else /*WITH_SELINUX*/ > fprintf (stderr, "usage: killall [ OPTIONS ] [ -- ] name ...\n"); >-#endif /*FLASK_LINUX*/ >+#endif /*WITH_SELINUX*/ > fprintf (stderr, " killall -l, --list\n"); > fprintf (stderr, " killall -V --version\n\n"); >+#ifdef WITH_SELINUX >+ fprintf (stderr, " -Z,--context kill only process(es) having scontext\n"); >+#endif /*WITH_SELINUX*/ > fprintf (stderr, " -e,--exact require exact match for very long names\n"); > fprintf (stderr, " -g,--process-group kill process group instead of process\n"); > fprintf (stderr, " -i,--interactive ask for confirmation before killing\n"); >@@ -399,11 +400,6 @@ > fprintf (stderr, " -v,--verbose report if the signal was successfully sent\n"); > fprintf (stderr, " -V,--version display version information\n"); > fprintf (stderr, " -w,--wait wait for processes to die\n\n"); >-#ifdef FLASK_LINUX >- fprintf (stderr, " -d,--sid kill only process(es) having sid\n"); >- fprintf (stderr, " -c,--context kill only process(es) having scontext\n"); >- fprintf(stderr, " (-s, -c are mutually exclusive and must precede other arguments)\n\n"); >-#endif /*FLASK_LINUX*/ > } > > >@@ -445,18 +441,17 @@ > {"signal", 1, NULL, 's'}, > {"verbose", 0, NULL, 'v'}, > {"wait", 0, NULL, 'w'}, >-#ifdef FLASK_LINUX >- {"Sid", 1, NULL, 'S'}, >+#ifdef WITH_SELINUX > {"context", 1, NULL, 'c'}, >-#endif /*FLASK_LINUX*/ >+#endif /*WITH_SELINUX*/ > {"version", 0, NULL, 'V'}, > {0,0,0,0 }}; > >-#ifdef FLASK_LINUX >- security_id_t sid = -1; >+#ifdef WITH_SELINUX >+ security_context_t scontext = NULL; > > if ( argc < 2 ) usage(); /* do the obvious thing... */ >-#endif /*FLASK_LINUX*/ >+#endif /*WITH_SELINUX*/ > > name = strrchr (*argv, '/'); > if (name) >@@ -472,8 +467,8 @@ > textdomain(PACKAGE); > > opterr = 0; >-#ifdef FLASK_LINUX >- while ( (optc = getopt_long_only(argc,argv,"egilqs:vwd:c:V",options,NULL)) != EOF) { >+#ifdef WITH_SELINUX >+ while ( (optc = getopt_long_only(argc,argv,"egilqs:vwZ:V",options,NULL)) != EOF) { > #else > while ( (optc = getopt_long_only(argc,argv,"egilqs:vwV",options,NULL)) != EOF) { > #endif >@@ -517,48 +512,14 @@ > print_version(); > return 0; > break; >-#ifdef FLASK_LINUX >- case 'd': { >- char **buf, *calloc(); >- int strlen(), rv; >- __u32 len; >- security_id_t lsid; >- >- buf = (char **) calloc(1, strlen(optarg)); >- if ( ! buf ) { >- (void) fprintf(stderr, "%s: %s\n", name, strerror(errno)); >- return( 1 ); >- } >- >- lsid = strtol(optarg, buf, 0); >- if ( **buf ) { >- (void) fprintf(stderr, "%s: SID (%s) must be numeric\n", name, *argv); >- (void) fflush(stderr); >- return( 1 ); >- } >- >- sid = (security_id_t) lsid; >- /* sanity check */ >- len = strlen(optarg); >- rv = security_sid_to_context(sid, buf, &len); >- if ( rv < 0 && (errno != ENOSPC) ) { >- (void) fprintf(stderr, "%s: security_sid_to_context(%d) %s\n", name, (int) sid, strerror(errno)); >- (void) fflush(stderr); >- free(buf); >- return( 1 ); >- } >- free(buf); >- break; >- } >- case 'c': { >- if ( security_context_to_sid(optarg, strlen(optarg)+1, &sid) ) { >- (void) fprintf(stderr, "%s: security_context_to_sid(%s): %s\n", >- name, optarg, strerror(errno)); >- (void) fflush(stderr); >- return( 1 ); >- } >- } >-#endif /*FLASK_LINUX*/ >+#ifdef WITH_SELINUX >+ case 'Z': >+ if( is_selinux_enabled()>0) >+ scontext=optarg; >+ else >+ fprintf(stderr, "Warning: -Z (--context) ignored. Requires an SELinux enabled kernel\n"); >+ break; >+#endif /*WITH_SELINUX*/ > case '?': > /* Signal names are in uppercase, so check to see if the argv > * is upper case */ >@@ -590,9 +551,9 @@ > } > argv = argv + myoptind; > /*printf("sending signal %d to procs\n", sig_num);*/ >-#ifdef FLASK_LINUX >- return kill_all(sig_num,argc - myoptind, argv, sid); >-#else /*FLASK_LINUX*/ >+#ifdef WITH_SELINUX >+ return kill_all(sig_num,argc - myoptind, argv, scontext); >+#else /*WITH_SELINUX*/ > return kill_all(sig_num,argc - myoptind, argv ); >-#endif /*FLASK_LINUX*/ >+#endif /*WITH_SELINUX*/ > } >diff -urN psmisc-21.4/src/pstree.c psmisc-21.4-selinux/src/pstree.c >--- psmisc-21.4/src/pstree.c 2003-09-26 13:42:43.000000000 +0000 >+++ psmisc-21.4-selinux/src/pstree.c 2004-03-23 14:06:16.511358304 +0000 >@@ -27,9 +27,9 @@ > > #include "comm.h" > >-#ifdef FLASK_LINUX >-#include <fs_secure.h> >-#endif /*FLASK_LINUX*/ >+#ifdef WITH_SELINUX >+#include <selinux/selinux.h> >+#endif /*WITH_SELINUX*/ > > #ifndef MAX_DEPTH > #define MAX_DEPTH 100 >@@ -58,9 +58,9 @@ > int argc; /* with -a : number of arguments, -1 if swapped */ > pid_t pid; > uid_t uid; >-#ifdef FLASK_LINUX >- security_id_t sid; >-#endif /*FLASK_LINUX*/ >+#ifdef WITH_SELINUX >+ security_context_t scontext; >+#endif /*WITH_SELINUX*/ > int highlight; > struct _child *children; > struct _proc *parent; >@@ -108,10 +108,9 @@ > static int width[MAX_DEPTH], more[MAX_DEPTH]; > static int print_args = 0, compact = 1, user_change = 0, pids = 0, by_pid = 0, > trunc = 1, wait_end = 0; >-#ifdef FLASK_LINUX >-static int show_sids = 0; >+#ifdef WITH_SELINUX > static int show_scontext = 0; >-#endif /*FLASK_LINUX*/ >+#endif /*WITH_SELINUX*/ > static int output_width = 132; > static int cur_x = 1; > static char last_char = 0; >@@ -161,38 +160,16 @@ > return digits; > } > >-#ifdef FLASK_LINUX >+#ifdef WITH_SELINUX > static void >-out_sid ( security_id_t sid ) >+out_scontext ( security_context_t scontext ) > { >- if ( (int) sid >= 0 ) >- out_int((int) sid); >- else >- out_string("??"); >-} >- >-static void >-out_scontext ( security_id_t sid ) >-{ >- static char buf[256]; >- int security_sid_to_context(); >- int len = sizeof(buf); >- int rv; >- >- bzero(buf,256); >- >- rv = security_sid_to_context((int)sid, buf, &len); >- if ( rv ) { >- out_string("`??\'"); /* punt */ >- } >- else { > out_string("`"); >- out_string(buf); >- out_string("\'"); >- } >+ out_string(scontext); >+ out_string("'"); > } >-#endif /*FLASK_LINUX*/ >- >+#endif /*WITH_SELINUX*/ >+ > > static void > out_newline (void) >@@ -216,13 +193,13 @@ > return walk; > } > >-#ifdef FLASK_LINUX >+#ifdef WITH_SELINUX > static PROC * >-new_proc(const char *comm, pid_t pid, uid_t uid, security_id_t sid) >-#else /*FLASK_LINUX*/ >+new_proc(const char *comm, pid_t pid, uid_t uid, security_context_t scontext) >+#else /*WITH_SELINUX*/ > static PROC * > new_proc (const char *comm, pid_t pid, uid_t uid) >-#endif /*FLASK_LINUX*/ >+#endif /*WITH_SELINUX*/ > { > PROC *new; > >@@ -235,9 +212,9 @@ > new->pid = pid; > new->uid = uid; > new->highlight = 0; >-#ifdef FLASK_LINUX >- new->sid = sid; >-#endif /*FLASK_LINUX*/ >+#ifdef WITH_SELINUX >+ new->scontext = scontext; >+#endif /*WITH_SELINUX*/ > new->children = NULL; > new->parent = NULL; > new->next = list; >@@ -306,24 +283,24 @@ > this->argv[i] = start = strchr (start, 0) + 1; > } > >-#ifdef FLASK_LINUX >+#ifdef WITH_SELINUX > static void > add_proc(const char *comm, pid_t pid, pid_t ppid, uid_t uid, >- const char *args, int size, security_id_t sid) >-#else /*FLASK_LINUX*/ >+ const char *args, int size, security_context_t scontext) >+#else /*WITH_SELINUX*/ > static void > add_proc (const char *comm, pid_t pid, pid_t ppid, uid_t uid, > const char *args, int size) >-#endif /*FLASK_LINUX*/ >+#endif /*WITH_SELINUX*/ > { > PROC *this, *parent; > > if (!(this = find_proc (pid))) >-#ifdef FLASK_LINUX >- this = new_proc(comm, pid, uid, sid); >-#else /*FLASK_LINUX*/ >+#ifdef WITH_SELINUX >+ this = new_proc(comm, pid, uid, scontext); >+#else /*WITH_SELINUX*/ > this = new_proc (comm, pid, uid); >-#endif /*FLASK_LINUX*/ >+#endif /*WITH_SELINUX*/ > else > { > strcpy (this->comm, comm); >@@ -334,11 +311,11 @@ > if (pid == ppid) > ppid = 0; > if (!(parent = find_proc (ppid))) >-#ifdef FLASK_LINUX >- parent = new_proc("?", ppid, 0, sid); >-#else /*FLASK_LINUX*/ >+#ifdef WITH_SELINUX >+ parent = new_proc("?", ppid, 0, scontext); >+#else /*WITH_SELINUX*/ > parent = new_proc ("?", ppid, 0); >-#endif /*FLASK_LINUX*/ >+#endif /*WITH_SELINUX*/ > add_child (parent, this); > this->parent = parent; > } >@@ -430,25 +407,17 @@ > else > (void) out_int (current->uid); > } >-#ifdef FLASK_LINUX >- if ( show_sids ) { >- out_char (info++ ? ',' : '('); >- out_sid(current->sid); >- } >+#ifdef WITH_SELINUX > if ( show_scontext ) { > out_char (info++ ? ',' : '('); >- out_scontext(current->sid); >+ out_scontext(current->scontext); > } >-#endif /*FLASK_LINUX*/ >+#endif /*WITH_SELINUX*/ > if ((swapped && print_args && current->argc < 0) || (!swapped && info)) > out_char (')'); > if (current->highlight && (tmp = tgetstr ("me", NULL))) > tputs (tmp, 1, putchar); >-#ifdef FLASK_LINUX >- if (show_scontext || print_args) >-#else /*FLASK_LINUX*/ > if (print_args) >-#endif /*FLASK_LINUX*/ > { > for (i = 0; i < current->argc; i++) > { >@@ -473,20 +442,20 @@ > } > } > } >-#ifdef FLASK_LINUX >+#ifdef WITH_SELINUX > if ( show_scontext || print_args || ! current->children ) >-#else /*FLASK_LINUX*/ >+#else /*WITH_SELINUX*/ > if (print_args || !current->children) >-#endif /*FLASK_LINUX*/ >+#endif /*WITH_SELINUX*/ > { > while (closing--) > out_char (']'); > out_newline (); >-#ifdef FLASK_LINUX >+#ifdef WITH_SELINUX > if ( show_scontext || print_args ) >-#else /*FLASK_LINUX*/ >+#else /*WITH_SELINUX*/ > if (print_args) >-#endif /*FLASK_LINUX*/ >+#endif /*WITH_SELINUX*/ > { > more[level] = !last; > width[level] = swapped + (comm_len > 1 ? 0 : -1); >@@ -576,9 +545,10 @@ > pid_t pid, ppid; > int fd, size; > int empty; >-#ifdef FLASK_LINUX >- security_id_t sid = -1; >-#endif /*FLASK_LINUX*/ >+#ifdef WITH_SELINUX >+ security_context_t scontext = NULL; >+ int selinux_enabled=is_selinux_enabled()>0; >+#endif /*WITH_SELINUX*/ > > if (!print_args) > buffer = NULL; >@@ -603,11 +573,15 @@ > { > empty = 0; > sprintf (path, "%s/%d", PROC_BASE, pid); >-#ifdef FLASK_LINUX >- if (fstat_secure(fileno(file),&st,&sid) < 0) >-#else /*FLASK_LINUX*/ >+#ifdef WITH_SELINUX >+ if (selinux_enabled) >+ if (getpidcon(pid,&scontext) < 0) >+ { >+ perror (path); >+ exit (1); >+ } >+#endif /*WITH_SELINUX*/ > if (stat (path, &st) < 0) >-#endif /*FLASK_LINUX*/ > { > perror (path); > exit (1); >@@ -632,11 +606,11 @@ > &ppid) == 4) > */ > if (!print_args) >-#ifdef FLASK_LINUX >- add_proc(comm, pid, ppid, st.st_uid, NULL, 0, sid); >-#else /*FLASK_LINUX*/ >+#ifdef WITH_SELINUX >+ add_proc(comm, pid, ppid, st.st_uid, NULL, 0, scontext); >+#else /*WITH_SELINUX*/ > add_proc (comm, pid, ppid, st.st_uid, NULL, 0); >-#endif /*FLASK_LINUX*/ >+#endif /*WITH_SELINUX*/ > else > { > sprintf (path, "%s/%d/cmdline", PROC_BASE, pid); >@@ -653,11 +627,11 @@ > (void) close (fd); > if (size) > buffer[size++] = 0; >-#ifdef FLASK_LINUX >- add_proc(comm, pid, ppid, st.st_uid, buffer, size, sid); >-#else /*FLASK_LINUX*/ >+#ifdef WITH_SELINUX >+ add_proc(comm, pid, ppid, st.st_uid, buffer, size, scontext); >+#else /*WITH_SELINUX*/ > add_proc (comm, pid, ppid, st.st_uid, buffer, size); >-#endif /*FLASK_LINUX*/ >+#endif /*WITH_SELINUX*/ > } > } > } >@@ -696,11 +670,11 @@ > cmd = comm; > if (*cmd == '-') > cmd++; >-#ifdef FLASK_LINUX >- add_proc(cmd, pid, ppid, uid, NULL, 0, -1); >-#else /*FLASK_LINUX*/ >+#ifdef WITH_SELINUX >+ add_proc(cmd, pid, ppid, uid, NULL, 0, NULL); >+#else /*WITH_SELINUX*/ > add_proc (cmd, pid, ppid, uid, NULL, 0); >-#endif /*FLASK_LINUX*/ >+#endif /*WITH_SELINUX*/ > } > } > >@@ -722,10 +696,9 @@ > fprintf (stderr, _(" -n sort output by PID\n")); > fprintf (stderr, _(" -p show PIDs; implies -c\n")); > fprintf (stderr, _(" -u show uid transitions\n")); >-#ifdef FLASK_LINUX >- fprintf (stderr, _(" -s show Flask SIDs\n")); >- fprintf (stderr, _(" -x show Flask security contexts\n")); >-#endif /*FLASK_LINUX*/ >+#ifdef WITH_SELINUX >+ fprintf (stderr, _(" -Z show SELinux security contexts\n")); >+#endif /*WITH_SELINUX*/ > fprintf (stderr, _(" -U use UTF-8 (Unicode)) line drawing characters\n")); > fprintf (stderr, _(" -V display version information\n")); > fprintf (stderr, _(" pid start at pid, default 1 (init))\n")); >@@ -771,11 +744,11 @@ > } > > >-#ifdef FLASK_LINUX >- while ((c = getopt (argc, argv, "acGhH:npluUVsx")) != EOF) >-#else /*FLASK_LINUX*/ >+#ifdef WITH_SELINUX >+ while ((c = getopt (argc, argv, "acGhH:npluUVZ")) != EOF) >+#else /*WITH_SELINUX*/ > while ((c = getopt (argc, argv, "acGhH:npluUV")) != EOF) >-#endif /*FLASK_LINUX*/ >+#endif /*WITH_SELINUX*/ > switch (c) > { > case 'a': >@@ -832,14 +805,14 @@ > case 'V': > print_version(); > return 0; >-#ifdef FLASK_LINUX >- case 's': >- show_sids = 1; >- break; >- case 'x': >- show_scontext = 1; >+#ifdef WITH_SELINUX >+ case 'Z': >+ if (is_selinux_enabled()>0) >+ show_scontext = 1; >+ else >+ fprintf(stderr, "Warning: -Z ignored. Requires anx SELinux enabled kernel\n"); > break; >-#endif /*FLASK_LINUX*/ >+#endif /*WITH_SELINUX*/ > default: > usage (); > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=27938">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 45251
: 27938
