]>
Commit | Line | Data |
---|---|---|
5545a732 JR |
1 | - mount does not translate SELIinux context options though libselinux |
2 | - Need man page entry for -o context= mount option | |
3 | - Can't mount with additional contexts | |
4 | ||
5 | --- util-linux-2.13-pre6/mount/Makefile.am.context 2005-09-12 22:41:11.000000000 +0200 | |
6 | +++ util-linux-2.13-pre6/mount/Makefile.am 2006-11-01 11:31:46.000000000 +0100 | |
7 | @@ -37,6 +37,9 @@ | |
8 | man_MANS += pivot_root.8 | |
9 | endif | |
10 | ||
11 | +if HAVE_SELINUX | |
12 | +mount_LDADD += -lselinux | |
13 | +endif | |
14 | ||
15 | swapon.c: swapargs.h | |
16 | ||
17 | --- util-linux-2.13-pre6/mount/mount.c.context 2006-11-01 11:31:46.000000000 +0100 | |
18 | +++ util-linux-2.13-pre6/mount/mount.c 2006-11-01 11:36:17.000000000 +0100 | |
19 | @@ -21,6 +21,11 @@ | |
20 | #include <sys/wait.h> | |
21 | #include <sys/mount.h> | |
22 | ||
23 | +#ifdef HAVE_LIBSELINUX | |
24 | +#include <selinux/selinux.h> | |
25 | +#include <selinux/context.h> | |
26 | +#endif | |
27 | + | |
28 | #include "mount_blkid.h" | |
29 | #include "mount_constants.h" | |
30 | #include "sundries.h" | |
31 | @@ -255,13 +260,79 @@ | |
32 | free((void *) s); | |
33 | } | |
34 | ||
35 | +#ifdef HAVE_LIBSELINUX | |
36 | +/* strip quotes from a "string" | |
37 | + * Warning: This function modify the "str" argument. | |
38 | + */ | |
39 | +static char * | |
40 | +strip_quotes(char *str) | |
41 | +{ | |
42 | + char *end = NULL; | |
43 | + | |
44 | + if (*str != '"') | |
45 | + return str; | |
46 | + | |
47 | + end = strrchr(str, '"'); | |
48 | + if (end == NULL || end == str) | |
49 | + die (EX_USAGE, _("mount: improperly quoted option string '%s'"), str); | |
50 | + | |
51 | + *end = '\0'; | |
52 | + return str+1; | |
53 | +} | |
54 | + | |
55 | +/* translates SELinux context from human to raw format and | |
56 | + * appends it to the mount extra options. | |
57 | + * | |
58 | + * returns -1 on error and 0 on success | |
59 | + */ | |
60 | +static int | |
61 | +append_context(const char *optname, char *optdata, char *extra_opts, int *len) | |
62 | +{ | |
63 | + security_context_t raw = NULL; | |
64 | + char *data = NULL; | |
65 | + char *buf = NULL; | |
66 | + int bufsz; | |
67 | + | |
68 | + if (!is_selinux_enabled()) | |
69 | + /* ignore the option if we running without selinux */ | |
70 | + return 0; | |
71 | + | |
72 | + if (optdata==NULL || *optdata=='\0' || optname==NULL) | |
73 | + return -1; | |
74 | + | |
75 | + /* TODO: use strip_quotes() for all mount options? */ | |
76 | + data = *optdata =='"' ? strip_quotes(optdata) : optdata; | |
77 | + | |
78 | + if (selinux_trans_to_raw_context( | |
79 | + (security_context_t) data, &raw)==-1 || | |
80 | + raw==NULL) | |
81 | + return -1; | |
82 | + | |
83 | + if (verbose) | |
84 | + printf(_("mount: translated %s '%s' to '%s'\n"), | |
85 | + optname, data, (char *) raw); | |
86 | + | |
87 | + bufsz = strlen(optname) + strlen(raw) + 4; /* 4 is \0, '=' and 2x '"' */ | |
88 | + buf = xmalloc(bufsz); | |
89 | + | |
90 | + snprintf(buf, bufsz, "%s=\"%s\"", optname, (char *) raw); | |
91 | + freecon(raw); | |
92 | + | |
93 | + if ((*len -= bufsz-1) > 0) | |
94 | + strcat(extra_opts, buf); | |
95 | + | |
96 | + my_free(buf); | |
97 | + return 0; | |
98 | +} | |
99 | +#endif | |
100 | + | |
101 | /* | |
102 | * Look for OPT in opt_map table and return mask value. | |
103 | * If OPT isn't found, tack it onto extra_opts (which is non-NULL). | |
104 | * For the options uid= and gid= replace user or group name by its value. | |
105 | */ | |
106 | static inline void | |
107 | -parse_opt(const char *opt, int *mask, char *extra_opts, int len) { | |
108 | +parse_opt(char *opt, int *mask, char *extra_opts, int len) { | |
109 | const struct opt_map *om; | |
110 | ||
111 | for (om = opt_map; om->opt != NULL; om++) | |
112 | @@ -313,7 +384,20 @@ | |
113 | return; | |
114 | } | |
115 | } | |
116 | - | |
117 | +#ifdef HAVE_LIBSELINUX | |
118 | + if (strncmp(opt, "context=", 8)==0 && *(opt+8)) { | |
119 | + if (append_context("context", opt+8, extra_opts, &len)==0) | |
120 | + return; | |
121 | + } | |
122 | + if (strncmp(opt, "fscontext=", 10)==0 && *(opt+10)) { | |
123 | + if (append_context("fscontext", opt+10, extra_opts, &len)==0) | |
124 | + return; | |
125 | + } | |
126 | + if (strncmp(opt, "defcontext=", 11)==0 && *(opt+11)) { | |
127 | + if (append_context("defcontext", opt+11, extra_opts, &len)==0) | |
128 | + return; | |
129 | + } | |
130 | +#endif | |
131 | if ((len -= strlen(opt)) > 0) | |
132 | strcat(extra_opts, opt); | |
133 | } | |
134 | @@ -329,16 +413,29 @@ | |
135 | ||
136 | if (options != NULL) { | |
137 | char *opts = xstrdup(options); | |
138 | - char *opt; | |
139 | - int len = strlen(opts) + 20; | |
140 | + int len = strlen(opts) + 256; | |
141 | + int open_quote = 0; | |
142 | + char *opt, *p; | |
143 | ||
144 | *extra_opts = xmalloc(len); | |
145 | **extra_opts = '\0'; | |
146 | ||
147 | - for (opt = strtok(opts, ","); opt; opt = strtok(NULL, ",")) | |
148 | - if (!parse_string_opt(opt)) | |
149 | - parse_opt(opt, flags, *extra_opts, len); | |
150 | - | |
151 | + for (p=opts, opt=NULL; p && *p; p++) { | |
152 | + if (!opt) | |
153 | + opt = p; /* begin of the option item */ | |
154 | + if (*p == '"') | |
155 | + open_quote ^= 1; /* reverse the status */ | |
156 | + if (open_quote) | |
157 | + continue; /* still in quoted block */ | |
158 | + if (*p == ',') | |
159 | + *p = '\0'; /* terminate the option item */ | |
160 | + /* end of option item or last item */ | |
161 | + if (*p == '\0' || *(p+1) == '\0') { | |
162 | + if (!parse_string_opt(opt)) | |
163 | + parse_opt(opt, flags, *extra_opts, len); | |
164 | + opt = NULL; | |
165 | + } | |
166 | + } | |
167 | free(opts); | |
168 | } | |
169 | ||
170 | --- util-linux-2.13-pre6/mount/mount.8.context 2006-11-01 11:31:46.000000000 +0100 | |
171 | +++ util-linux-2.13-pre6/mount/mount.8 2006-11-01 11:31:46.000000000 +0100 | |
172 | @@ -660,6 +660,50 @@ | |
173 | .BR noexec ", " nosuid ", and " nodev | |
174 | (unless overridden by subsequent options, as in the option line | |
175 | .BR users,exec,dev,suid ). | |
176 | +.TP | |
177 | +\fBcontext=\fP\fIcontext\fP, \fBfscontext=\fP\fIcontext\fP and \fBdefcontext=\fP\fIcontext\fP | |
178 | +The | |
179 | +.BR context= | |
180 | +option is useful when mounting filesystems that do not support | |
181 | +extended attributes, such as a floppy or hard disk formatted with VFAT, or | |
182 | +systems that are not normally running under SELinux, such as an ext3 formatted | |
183 | +disk from a non-SELinux workstation. You can also use | |
184 | +.BR context= | |
185 | +on filesystems you do not trust, such as a floppy. It also helps in compatibility with | |
186 | +xattr-supporting filesystems on earlier 2.4.<x> kernel versions. Even where | |
187 | +xattrs are supported, you can save time not having to label every file by | |
188 | +assigning the entire disk one security context. | |
189 | + | |
190 | +A commonly used option for removable media is | |
191 | +.BR context=system_u:object_r:removable_t . | |
192 | + | |
193 | +Two other options are | |
194 | +.BR fscontext= | |
195 | +and | |
196 | +.BR defcontext= , | |
197 | +both of which are mutually exclusive of the context option. This means you | |
198 | +can use fscontext and defcontext with each other, but neither can be used with | |
199 | +context. | |
200 | + | |
201 | +The | |
202 | +.BR fscontext= | |
203 | +option works for all filesystems, regardless of their xattr | |
204 | +support. The fscontext option sets the overarching filesystem label to a | |
205 | +specific security context. This filesystem label is separate from the | |
206 | +individual labels on the files. It represents the entire filesystem for | |
207 | +certain kinds of permission checks, such as during mount or file creation. | |
208 | +Individual file labels are still obtained from the xattrs on the files | |
209 | +themselves. The context option actually sets the aggregate context that | |
210 | +fscontext provides, in addition to supplying the same label for individual | |
211 | +files. | |
212 | + | |
213 | +You can set the default security context for unlabeled files using | |
214 | +.BR defcontext= | |
215 | +option. This overrides the value set for unlabeled files in the policy and requires a | |
216 | +file system that supports xattr labeling. | |
217 | + | |
218 | +For more details see | |
219 | +.BR selinux (8) | |
220 | .RE | |
221 | .TP | |
222 | .B \-\-bind |