[packages/util-linux.git] / util-linux-mount-context.patch

- mount does not translate SELIinux context options though libselinux
- Need man page entry for -o context= mount option
- Can't mount with additional contexts

--- util-linux-2.13-pre6/mount/Makefile.am.context	2005-09-12 22:41:11.000000000 +0200
+++ util-linux-2.13-pre6/mount/Makefile.am	2006-11-01 11:31:46.000000000 +0100
@@ -37,6 +37,9 @@
 man_MANS += pivot_root.8
 endif
 
+if HAVE_SELINUX
+mount_LDADD += -lselinux
+endif
 
 swapon.c: swapargs.h
 
--- util-linux-2.13-pre6/mount/mount.c.context	2006-11-01 11:31:46.000000000 +0100
+++ util-linux-2.13-pre6/mount/mount.c	2006-11-01 11:36:17.000000000 +0100
@@ -21,6 +21,11 @@
 #include <sys/wait.h>
 #include <sys/mount.h>
 
+#ifdef HAVE_LIBSELINUX
+#include <selinux/selinux.h>
+#include <selinux/context.h>
+#endif
+
 #include "mount_blkid.h"
 #include "mount_constants.h"
 #include "sundries.h"
@@ -255,13 +260,79 @@
 		free((void *) s);
 }
 
+#ifdef HAVE_LIBSELINUX
+/* strip quotes from a "string"
+ * Warning: This function modify the "str" argument.
+ */
+static char *
+strip_quotes(char *str)
+{
+	char *end = NULL;
+
+	if (*str != '"') 
+		return str;
+	
+	end = strrchr(str, '"');
+	if (end == NULL || end == str) 
+		die (EX_USAGE, _("mount: improperly quoted option string '%s'"), str);
+
+	*end = '\0';
+	return str+1;
+}
+
+/* translates SELinux context from human to raw format and 
+ * appends it to the mount extra options.
+ *
+ * returns -1 on error and 0 on success 
+ */
+static int
+append_context(const char *optname, char *optdata, char *extra_opts, int *len)
+{
+	security_context_t raw = NULL;
+	char *data = NULL;
+	char *buf = NULL;
+	int bufsz;
+	
+	if (!is_selinux_enabled())
+		/* ignore the option if we running without selinux */
+		return 0;
+
+	if (optdata==NULL || *optdata=='\0' || optname==NULL)
+		return -1;
+	
+	/* TODO: use strip_quotes() for all mount options? */
+	data = *optdata =='"' ? strip_quotes(optdata) : optdata;
+	
+	if (selinux_trans_to_raw_context(
+			(security_context_t) data, &raw)==-1 ||
+			raw==NULL) 
+		return -1;
+	
+	if (verbose)
+		printf(_("mount: translated %s '%s' to '%s'\n"), 
+				optname, data, (char *) raw);
+        
+	bufsz = strlen(optname) + strlen(raw) + 4;	/* 4 is \0, '=' and 2x '"' */ 
+	buf = xmalloc(bufsz);
+
+	snprintf(buf, bufsz, "%s=\"%s\"", optname, (char *) raw);
+	freecon(raw);
+	
+	if ((*len -= bufsz-1) > 0)
+		strcat(extra_opts, buf);
+	
+	my_free(buf);
+	return 0;
+}
+#endif
+
 /*
  * Look for OPT in opt_map table and return mask value.
  * If OPT isn't found, tack it onto extra_opts (which is non-NULL).
  * For the options uid= and gid= replace user or group name by its value.
  */
 static inline void
-parse_opt(const char *opt, int *mask, char *extra_opts, int len) {
+parse_opt(char *opt, int *mask, char *extra_opts, int len) {
 	const struct opt_map *om;
 
 	for (om = opt_map; om->opt != NULL; om++)
@@ -313,7 +384,20 @@
 			return;
 		}
 	}
-
+#ifdef HAVE_LIBSELINUX
+	if (strncmp(opt, "context=", 8)==0 && *(opt+8)) {
+		if (append_context("context", opt+8, extra_opts, &len)==0)
+			return;
+	}
+	if (strncmp(opt, "fscontext=", 10)==0 && *(opt+10)) {
+		if (append_context("fscontext", opt+10, extra_opts, &len)==0)
+			return;
+	}
+	if (strncmp(opt, "defcontext=", 11)==0 && *(opt+11)) {
+		if (append_context("defcontext", opt+11, extra_opts, &len)==0)
+			return;
+	}
+#endif
 	if ((len -= strlen(opt)) > 0)
 		strcat(extra_opts, opt);
 }
@@ -329,16 +413,29 @@
 
 	if (options != NULL) {
 		char *opts = xstrdup(options);
-		char *opt;
-		int len = strlen(opts) + 20;
+		int len = strlen(opts) + 256;
+		int open_quote = 0;
+		char *opt, *p;
 
 		*extra_opts = xmalloc(len); 
 		**extra_opts = '\0';
 
-		for (opt = strtok(opts, ","); opt; opt = strtok(NULL, ","))
-			if (!parse_string_opt(opt))
-				parse_opt(opt, flags, *extra_opts, len);
-
+		for (p=opts, opt=NULL; p && *p; p++) {
+			if (!opt)
+				opt = p;		/* begin of the option item */
+			if (*p == '"') 
+				open_quote ^= 1;	/* reverse the status */
+			if (open_quote)
+				continue;		/* still in quoted block */
+			if (*p == ',')
+				*p = '\0';		/* terminate the option item */
+			/* end of option item or last item */
+			if (*p == '\0' || *(p+1) == '\0') {
+				if (!parse_string_opt(opt))
+					parse_opt(opt, flags, *extra_opts, len);
+				opt = NULL;
+			}
+		} 
 		free(opts);
 	}
 
--- util-linux-2.13-pre6/mount/mount.8.context	2006-11-01 11:31:46.000000000 +0100
+++ util-linux-2.13-pre6/mount/mount.8	2006-11-01 11:31:46.000000000 +0100
@@ -660,6 +660,50 @@
 .BR noexec ", " nosuid ", and " nodev
 (unless overridden by subsequent options, as in the option line
 .BR users,exec,dev,suid ).
+.TP
+\fBcontext=\fP\fIcontext\fP, \fBfscontext=\fP\fIcontext\fP and \fBdefcontext=\fP\fIcontext\fP
+The 
+.BR context= 
+option is useful when mounting filesystems that do not support
+extended attributes, such as a floppy or hard disk formatted with VFAT, or
+systems that are not normally running under SELinux, such as an ext3 formatted
+disk from a non-SELinux workstation. You can also use
+.BR context= 
+on filesystems you do not trust, such as a floppy. It also helps in compatibility with
+xattr-supporting filesystems on earlier 2.4.<x> kernel versions. Even where
+xattrs are supported, you can save time not having to label every file by
+assigning the entire disk one security context.
+
+A commonly used option for removable media is 
+.BR context=system_u:object_r:removable_t .
+
+Two other options are 
+.BR fscontext= 
+and 
+.BR defcontext= ,
+both of which are mutually exclusive of the context option. This means you
+can use fscontext and defcontext with each other, but neither can be used with
+context.
+
+The 
+.BR fscontext= 
+option works for all filesystems, regardless of their xattr
+support. The fscontext option sets the overarching filesystem label to a
+specific security context. This filesystem label is separate from the
+individual labels on the files. It represents the entire filesystem for
+certain kinds of permission checks, such as during mount or file creation.
+Individual file labels are still obtained from the xattrs on the files
+themselves. The context option actually sets the aggregate context that
+fscontext provides, in addition to supplying the same label for individual
+files.
+
+You can set the default security context for unlabeled files using 
+.BR defcontext=
+option. This overrides the value set for unlabeled files in the policy and requires a
+file system that supports xattr labeling. 
+
+For more details see 
+.BR selinux (8)
 .RE
 .TP
 .B \-\-bind
Commit	Line	Data
5545a732 JR	1	- mount does not translate SELIinux context options though libselinux
	2	- Need man page entry for -o context= mount option
	3	- Can't mount with additional contexts
	4
	5	--- util-linux-2.13-pre6/mount/Makefile.am.context 2005-09-12 22:41:11.000000000 +0200
	6	+++ util-linux-2.13-pre6/mount/Makefile.am 2006-11-01 11:31:46.000000000 +0100
	7	@@ -37,6 +37,9 @@
	8	man_MANS += pivot_root.8
	9	endif
	10
	11	+if HAVE_SELINUX
	12	+mount_LDADD += -lselinux
	13	+endif
	14
	15	swapon.c: swapargs.h
	16
	17	--- util-linux-2.13-pre6/mount/mount.c.context 2006-11-01 11:31:46.000000000 +0100
	18	+++ util-linux-2.13-pre6/mount/mount.c 2006-11-01 11:36:17.000000000 +0100
	19	@@ -21,6 +21,11 @@
	20	#include <sys/wait.h>
	21	#include <sys/mount.h>
	22
	23	+#ifdef HAVE_LIBSELINUX
	24	+#include <selinux/selinux.h>
	25	+#include <selinux/context.h>
	26	+#endif
	27	+
	28	#include "mount_blkid.h"
	29	#include "mount_constants.h"
	30	#include "sundries.h"
	31	@@ -255,13 +260,79 @@
	32	free((void *) s);
	33	}
	34
	35	+#ifdef HAVE_LIBSELINUX
	36	+/* strip quotes from a "string"
	37	+ * Warning: This function modify the "str" argument.
	38	+ */
	39	+static char *
	40	+strip_quotes(char *str)
	41	+{
	42	+ char *end = NULL;
	43	+
	44	+ if (*str != '"')
	45	+ return str;
	46	+
	47	+ end = strrchr(str, '"');
	48	+ if (end == NULL \|\| end == str)
	49	+ die (EX_USAGE, _("mount: improperly quoted option string '%s'"), str);
	50	+
	51	+ *end = '\0';
	52	+ return str+1;
	53	+}
	54	+
	55	+/* translates SELinux context from human to raw format and
	56	+ * appends it to the mount extra options.
	57	+ *
	58	+ * returns -1 on error and 0 on success
	59	+ */
	60	+static int
	61	+append_context(const char optname, char optdata, char extra_opts, int len)
	62	+{
	63	+ security_context_t raw = NULL;
	64	+ char *data = NULL;
65	+ char *buf = NULL;
66	+ int bufsz;
67	+
68	+ if (!is_selinux_enabled())
69	+ /* ignore the option if we running without selinux */
70	+ return 0;
71	+
72	+ if (optdata==NULL \|\| *optdata=='\0' \|\| optname==NULL)
73	+ return -1;
74	+
75	+ /* TODO: use strip_quotes() for all mount options? */
76	+ data = *optdata =='"' ? strip_quotes(optdata) : optdata;
77	+
78	+ if (selinux_trans_to_raw_context(
79	+ (security_context_t) data, &raw)==-1 \|\|
80	+ raw==NULL)
81	+ return -1;
82	+
83	+ if (verbose)
84	+ printf(_("mount: translated %s '%s' to '%s'\n"),
85	+ optname, data, (char *) raw);
86	+
87	+ bufsz = strlen(optname) + strlen(raw) + 4; /* 4 is \0, '=' and 2x '"' */
88	+ buf = xmalloc(bufsz);
89	+
90	+ snprintf(buf, bufsz, "%s=\"%s\"", optname, (char *) raw);
91	+ freecon(raw);
92	+
93	+ if ((*len -= bufsz-1) > 0)
94	+ strcat(extra_opts, buf);
95	+
96	+ my_free(buf);
97	+ return 0;
98	+}
99	+#endif
100	+
101	/*
102	* Look for OPT in opt_map table and return mask value.
103	* If OPT isn't found, tack it onto extra_opts (which is non-NULL).
104	* For the options uid= and gid= replace user or group name by its value.
105	*/
106	static inline void
107	-parse_opt(const char opt, int mask, char *extra_opts, int len) {
108	+parse_opt(char opt, int mask, char *extra_opts, int len) {
109	const struct opt_map *om;
110
111	for (om = opt_map; om->opt != NULL; om++)
112	@@ -313,7 +384,20 @@
113	return;
114	}
115	}
116	-
117	+#ifdef HAVE_LIBSELINUX
118	+ if (strncmp(opt, "context=", 8)==0 && *(opt+8)) {
119	+ if (append_context("context", opt+8, extra_opts, &len)==0)
120	+ return;
121	+ }
122	+ if (strncmp(opt, "fscontext=", 10)==0 && *(opt+10)) {
123	+ if (append_context("fscontext", opt+10, extra_opts, &len)==0)
124	+ return;
125	+ }
126	+ if (strncmp(opt, "defcontext=", 11)==0 && *(opt+11)) {
127	+ if (append_context("defcontext", opt+11, extra_opts, &len)==0)
128	+ return;
129	+ }
130	+#endif
131	if ((len -= strlen(opt)) > 0)
132	strcat(extra_opts, opt);
133	}
134	@@ -329,16 +413,29 @@
135
136	if (options != NULL) {
137	char *opts = xstrdup(options);
138	- char *opt;
139	- int len = strlen(opts) + 20;
140	+ int len = strlen(opts) + 256;
141	+ int open_quote = 0;
142	+ char opt, p;
143
144	*extra_opts = xmalloc(len);
145	**extra_opts = '\0';
146
147	- for (opt = strtok(opts, ","); opt; opt = strtok(NULL, ","))
148	- if (!parse_string_opt(opt))
149	- parse_opt(opt, flags, *extra_opts, len);
150	-
151	+ for (p=opts, opt=NULL; p && *p; p++) {
152	+ if (!opt)
153	+ opt = p; /* begin of the option item */
154	+ if (*p == '"')
155	+ open_quote ^= 1; /* reverse the status */
156	+ if (open_quote)
157	+ continue; /* still in quoted block */
158	+ if (*p == ',')
159	+ p = '\0'; / terminate the option item */
160	+ /* end of option item or last item */
161	+ if (p == '\0' \|\| (p+1) == '\0') {
162	+ if (!parse_string_opt(opt))
163	+ parse_opt(opt, flags, *extra_opts, len);
164	+ opt = NULL;
165	+ }
166	+ }
167	free(opts);
168	}
169
170	--- util-linux-2.13-pre6/mount/mount.8.context 2006-11-01 11:31:46.000000000 +0100
171	+++ util-linux-2.13-pre6/mount/mount.8 2006-11-01 11:31:46.000000000 +0100
172	@@ -660,6 +660,50 @@
173	.BR noexec ", " nosuid ", and " nodev
174	(unless overridden by subsequent options, as in the option line
175	.BR users,exec,dev,suid ).
176	+.TP
177	+\fBcontext=\fP\fIcontext\fP, \fBfscontext=\fP\fIcontext\fP and \fBdefcontext=\fP\fIcontext\fP
178	+The
179	+.BR context=
180	+option is useful when mounting filesystems that do not support
181	+extended attributes, such as a floppy or hard disk formatted with VFAT, or
182	+systems that are not normally running under SELinux, such as an ext3 formatted
183	+disk from a non-SELinux workstation. You can also use
184	+.BR context=
185	+on filesystems you do not trust, such as a floppy. It also helps in compatibility with
186	+xattr-supporting filesystems on earlier 2.4.<x> kernel versions. Even where
187	+xattrs are supported, you can save time not having to label every file by
188	+assigning the entire disk one security context.
189	+
190	+A commonly used option for removable media is
191	+.BR context=system_u:object_r:removable_t .
192	+
193	+Two other options are
194	+.BR fscontext=
195	+and
196	+.BR defcontext= ,
197	+both of which are mutually exclusive of the context option. This means you
198	+can use fscontext and defcontext with each other, but neither can be used with
199	+context.
200	+
201	+The
202	+.BR fscontext=
203	+option works for all filesystems, regardless of their xattr
204	+support. The fscontext option sets the overarching filesystem label to a
205	+specific security context. This filesystem label is separate from the
206	+individual labels on the files. It represents the entire filesystem for
207	+certain kinds of permission checks, such as during mount or file creation.
208	+Individual file labels are still obtained from the xattrs on the files
209	+themselves. The context option actually sets the aggregate context that
210	+fscontext provides, in addition to supplying the same label for individual
211	+files.
212	+
213	+You can set the default security context for unlabeled files using
214	+.BR defcontext=
215	+option. This overrides the value set for unlabeled files in the policy and requires a
216	+file system that supports xattr labeling.
217	+
218	+For more details see
219	+.BR selinux (8)
220	.RE
221	.TP
222	.B \-\-bind