]>
Commit | Line | Data |
---|---|---|
72db70f1 JB |
1 | --- findutils-4.4.0/find/Makefile.am.orig 2007-07-22 14:29:31.000000000 +0200 |
2 | +++ findutils-4.4.0/find/Makefile.am 2008-03-16 01:19:36.539333465 +0100 | |
3 | @@ -25,8 +25,9 @@ | |
4 | endif | |
5 | ||
32939b0c | 6 | EXTRA_DIST = defs.h $(man_MANS) |
72db70f1 | 7 | +DEFS = @DEFS@ -DWITH_SELINUX |
32939b0c | 8 | INCLUDES = -I../gnulib/lib -I$(top_srcdir)/lib -I$(top_srcdir)/gnulib/lib -I../intl -DLOCALEDIR=\"$(localedir)\" |
72db70f1 JB |
9 | -LDADD = ./libfindtools.a ../lib/libfind.a ../gnulib/lib/libgnulib.a @INTLLIBS@ @LIB_CLOCK_GETTIME@ @FINDLIBS@ |
10 | +LDADD = ./libfindtools.a ../lib/libfind.a ../gnulib/lib/libgnulib.a @INTLLIBS@ @LIB_CLOCK_GETTIME@ @FINDLIBS@ -lselinux | |
32939b0c | 11 | man_MANS = find.1 |
72db70f1 | 12 | SUBDIRS = . testsuite |
32939b0c | 13 | |
72db70f1 JB |
14 | --- findutils-4.4.0/find/defs.h.orig 2008-03-10 10:37:21.000000000 +0100 |
15 | +++ findutils-4.4.0/find/defs.h 2008-03-16 01:22:53.718566717 +0100 | |
16 | @@ -49,6 +49,9 @@ | |
17 | #include <stdint.h> /* for uintmax_t */ | |
18 | #include <sys/stat.h> /* S_ISUID etc. */ | |
32939b0c JB |
19 | |
20 | +#ifdef WITH_SELINUX | |
21 | +#include <selinux/selinux.h> | |
22 | +#endif /*WITH_SELINUX*/ | |
72db70f1 JB |
23 | |
24 | ||
25 | #ifndef CHAR_BIT | |
26 | @@ -314,6 +317,9 @@ | |
27 | struct perm_val perm; /* perm */ | |
28 | struct samefile_file_id samefileid; /* samefile */ | |
32939b0c | 29 | mode_t type; /* type */ |
32939b0c JB |
30 | +#ifdef WITH_SELINUX |
31 | + security_context_t scontext; /* scontext */ | |
32 | +#endif /*WITH_SELINUX*/ | |
72db70f1 | 33 | struct format_val printf_vec; /* printf fprintf fprint ls fls print0 fprint0 print */ |
32939b0c JB |
34 | } args; |
35 | ||
72db70f1 | 36 | @@ -589,6 +595,10 @@ |
1db50576 JB |
37 | /* Pointer to the function used to stat files. */ |
38 | int (*xstat) (const char *name, struct stat *statbuf); | |
72db70f1 | 39 | |
1db50576 JB |
40 | +#ifdef WITH_SELINUX |
41 | + int (*x_getfilecon) (); | |
42 | +#endif /* WITH_SELINUX */ | |
72db70f1 | 43 | + |
1db50576 | 44 | |
72db70f1 JB |
45 | /* Indicate if we can implement safely_chdir() using the O_NOFOLLOW |
46 | * flag to open(2). | |
47 | @@ -657,4 +667,9 @@ | |
48 | extern char *program_name; | |
2cf781ec | 49 | |
32939b0c JB |
50 | |
51 | +#ifdef WITH_SELINUX | |
72db70f1 | 52 | +PREDICATEFUNCTION pred_scontext; |
32939b0c JB |
53 | +extern int (*x_getfilecon) (); |
54 | +#endif /*WITH_SELINUX*/ | |
55 | + | |
dd23e660 | 56 | #endif |
72db70f1 JB |
57 | --- findutils-4.4.0/find/find.1.orig 2007-12-19 20:53:14.000000000 +0100 |
58 | +++ findutils-4.4.0/find/find.1 2008-03-16 01:24:14.939206112 +0100 | |
59 | @@ -935,6 +935,10 @@ | |
60 | .B \-type | |
61 | does not check. | |
62 | ||
32939b0c | 63 | +.IP "\-context \fIscontext\fR" |
72db70f1 | 64 | +.IP "\-\-context \fIscontext\fR" |
32939b0c | 65 | +(SELinux only) File has the security context \fIscontext\fR. |
72db70f1 | 66 | + |
dace4399 | 67 | .SS ACTIONS |
095a6182 | 68 | .IP "\-delete\fR" |
72db70f1 JB |
69 | Delete files; true if removal succeeded. If the removal failed, an |
70 | @@ -1340,6 +1344,8 @@ | |
71 | U=unknown type (shouldn't happen) | |
095a6182 JB |
72 | .IP %Y |
73 | File's type (like %y), plus follow symlinks: L=loop, N=nonexistent | |
32939b0c JB |
74 | +.IP %Z |
75 | +(SELinux only) file's security context. | |
76 | .PP | |
72db70f1 JB |
77 | A `%' character followed by any other character is discarded, but the |
78 | other character is printed (don't rely on this, as further format | |
79 | --- findutils-4.4.0/find/parser.c.orig 2008-03-10 10:37:21.000000000 +0100 | |
80 | +++ findutils-4.4.0/find/parser.c 2008-03-17 20:23:52.047453360 +0100 | |
81 | @@ -53,6 +53,10 @@ | |
4c6d4011 | 82 | #include <unistd.h> |
72db70f1 | 83 | #include <sys/stat.h> |
32939b0c JB |
84 | |
85 | +#ifdef WITH_SELINUX | |
86 | +#include <selinux/selinux.h> | |
87 | +#endif /*WITH_SELINUX*/ | |
88 | + | |
89 | #if ENABLE_NLS | |
90 | # include <libintl.h> | |
91 | # define _(Text) gettext (Text) | |
72db70f1 | 92 | @@ -156,6 +160,9 @@ |
4c6d4011 JB |
93 | static boolean parse_warn PARAMS((const struct parser_table*, char *argv[], int *arg_ptr)); |
94 | static boolean parse_xtype PARAMS((const struct parser_table*, char *argv[], int *arg_ptr)); | |
95 | static boolean parse_quit PARAMS((const struct parser_table*, char *argv[], int *arg_ptr)); | |
32939b0c | 96 | +#ifdef WITH_SELINUX |
4c6d4011 | 97 | +static boolean parse_scontext PARAMS((const struct parser_table*, char *argv[], int *arg_ptr)); |
32939b0c JB |
98 | +#endif /*WITH_SELINUX*/ |
99 | ||
72db70f1 | 100 | boolean parse_print PARAMS((const struct parser_table*, char *argv[], int *arg_ptr)); |
4c6d4011 | 101 | |
72db70f1 JB |
102 | @@ -322,6 +329,10 @@ |
103 | {ARG_TEST, "writable", parse_accesscheck, pred_writable}, /* GNU, 4.3.0+ */ | |
104 | PARSE_OPTION ("xdev", xdev), /* POSIX */ | |
4c6d4011 | 105 | PARSE_TEST ("xtype", xtype), /* GNU */ |
32939b0c | 106 | +#ifdef WITH_SELINUX |
4c6d4011 JB |
107 | + PARSE_TEST ("context", scontext), /* SELINUX */ |
108 | + PARSE_TEST ("-context", scontext), /* SELINUX */ | |
32939b0c | 109 | +#endif /*WITH_SELINUX*/ |
4c6d4011 JB |
110 | #ifdef UNIMPLEMENTED_UNIX |
111 | /* It's pretty ugly for find to know about archive formats. | |
112 | Plus what it could do with cpio archives is very limited. | |
72db70f1 JB |
113 | @@ -451,11 +462,17 @@ |
114 | { | |
115 | case SYMLINK_ALWAYS_DEREF: /* -L */ | |
116 | options.xstat = optionl_stat; | |
117 | +#ifdef WITH_SELINUX | |
118 | + options.x_getfilecon = getfilecon; | |
119 | +#endif /* WITH_SELINUX */ | |
120 | options.no_leaf_check = true; | |
121 | break; | |
122 | ||
123 | case SYMLINK_NEVER_DEREF: /* -P (default) */ | |
124 | options.xstat = optionp_stat; | |
125 | +#ifdef WITH_SELINUX | |
126 | + options.x_getfilecon = lgetfilecon; | |
127 | +#endif /* WITH_SELINUX */ | |
128 | /* Can't turn no_leaf_check off because the user might have specified | |
129 | * -noleaf anyway | |
130 | */ | |
131 | @@ -463,6 +480,9 @@ | |
132 | ||
133 | case SYMLINK_DEREF_ARGSONLY: /* -H */ | |
134 | options.xstat = optionh_stat; | |
135 | +#ifdef WITH_SELINUX | |
136 | + options.x_getfilecon = getfilecon; | |
137 | +#endif /* WITH_SELINUX */ | |
138 | options.no_leaf_check = true; | |
139 | } | |
140 | } | |
141 | @@ -1129,6 +1149,10 @@ | |
142 | -readable -writable -executable\n\ | |
095a6182 | 143 | -wholename PATTERN -size N[bcwkMG] -true -type [bcdpflsD] -uid N\n\ |
1db50576 | 144 | -used N -user NAME -xtype [bcdpfls]\n")); |
32939b0c JB |
145 | +#ifdef WITH_SELINUX |
146 | + puts (_("\ | |
147 | + -context CONTEXT\n")); | |
148 | +#endif /*WITH_SELINUX*/ | |
149 | puts (_("\ | |
4c6d4011 JB |
150 | actions: -delete -print0 -printf FORMAT -fprintf FILE FORMAT -print \n\ |
151 | -fprint0 FILE -fprint FILE -ls -fls FILE -prune -quit\n\ | |
72db70f1 JB |
152 | @@ -2392,6 +2416,30 @@ |
153 | } | |
32939b0c JB |
154 | } |
155 | ||
156 | +#ifdef WITH_SELINUX | |
157 | + | |
158 | +static boolean | |
4c6d4011 | 159 | +parse_scontext (const struct parser_table *entry, char **argv, int *arg_ptr) |
32939b0c JB |
160 | +{ |
161 | + struct predicate *our_pred; | |
162 | + | |
163 | + if ( (argv == NULL) || (argv[*arg_ptr] == NULL) ) | |
164 | + return( false ); | |
165 | + | |
4c6d4011 JB |
166 | + our_pred = insert_primary_withpred (entry, pred_scontext); |
167 | + our_pred->need_stat = our_pred->need_type = false; | |
32939b0c JB |
168 | +#ifdef DEBUG |
169 | + our_pred->p_name = find_pred_name (pred_scontext); | |
170 | +#endif /*DEBUG*/ | |
171 | + | |
172 | + our_pred->args.scontext = argv[*arg_ptr];; | |
173 | + | |
174 | + (*arg_ptr)++; | |
175 | + return( true ); | |
176 | +} | |
177 | + | |
178 | +#endif /*WITH_SELINUX*/ | |
179 | + | |
180 | static boolean | |
4c6d4011 | 181 | parse_used (const struct parser_table* entry, char **argv, int *arg_ptr) |
32939b0c | 182 | { |
72db70f1 | 183 | @@ -2777,7 +2825,11 @@ |
32939b0c JB |
184 | if (*scan2 == '.') |
185 | for (scan2++; ISDIGIT (*scan2); scan2++) | |
186 | /* Do nothing. */ ; | |
32939b0c | 187 | +#ifdef WITH_SELINUX |
72db70f1 | 188 | + if (strchr ("abcdDfFgGhHiklmMnpPsStuUyYZ", *scan2)) |
32939b0c | 189 | +#else /* WITH_SELINUX */ |
72db70f1 | 190 | if (strchr ("abcdDfFgGhHiklmMnpPsStuUyY", *scan2)) |
32939b0c JB |
191 | +#endif /* WITH_SELINUX */ |
192 | { | |
193 | segmentp = make_segment (segmentp, format, scan2 - format, | |
72db70f1 | 194 | KIND_FORMAT, *scan2, 0, |
1db50576 JB |
195 | --- findutils-4.2.11/find/pred.c.orig 2005-01-03 01:15:48.000000000 +0100 |
196 | +++ findutils-4.2.11/find/pred.c 2005-01-09 18:22:25.204312920 +0100 | |
197 | @@ -30,6 +30,14 @@ | |
198 | #include "filemode.h" | |
32939b0c JB |
199 | #include "wait.h" |
200 | ||
201 | +#ifdef WITH_SELINUX | |
202 | +#include <selinux/selinux.h> | |
203 | +#endif /*WITH_SELINUX*/ | |
204 | + | |
205 | +#ifndef FNM_CASEFOLD | |
206 | +#define FNM_CASEFOLD (1<<4) | |
207 | +#endif /*FNM_CASEFOLD*/ | |
208 | + | |
209 | #if ENABLE_NLS | |
210 | # include <libintl.h> | |
211 | # define _(Text) gettext (Text) | |
1db50576 | 212 | @@ -73,7 +81,6 @@ |
32939b0c JB |
213 | |
214 | extern int yesno (); | |
215 | ||
216 | - | |
217 | /* Get or fake the disk device blocksize. | |
218 | Usually defined by sys/param.h (if at all). */ | |
219 | #ifndef DEV_BSIZE | |
1db50576 | 220 | @@ -202,6 +209,9 @@ |
32939b0c JB |
221 | {pred_used, "used "}, |
222 | {pred_user, "user "}, | |
223 | {pred_xtype, "xtype "}, | |
224 | +#ifdef WITH_SELINUX | |
225 | + {pred_scontext, "context"}, | |
226 | +#endif /*WITH_SELINUX*/ | |
227 | {0, "none "} | |
228 | }; | |
229 | ||
1db50576 JB |
230 | @@ -813,6 +823,26 @@ |
231 | ||
232 | } | |
32939b0c JB |
233 | break; |
234 | +#ifdef WITH_SELINUX | |
235 | + case 'Z': /* SELinux security context */ | |
236 | + { | |
237 | + security_context_t scontext; | |
238 | + int rv; | |
1db50576 | 239 | + rv = (*options.x_getfilecon)(state.rel_pathname, &scontext); |
32939b0c JB |
240 | + |
241 | + if ( rv < 0 ) { | |
242 | + (void) fprintf(stderr, "getfileconf(%s): %s", | |
243 | + pathname, strerror(errno)); | |
244 | + (void) fflush(stderr); | |
245 | + } | |
246 | + else { | |
247 | + segment->text[segment->text_len] = 's'; | |
72db70f1 | 248 | + checked_fprintf (dest, segment->text, scontext); |
32939b0c JB |
249 | + freecon(scontext); |
250 | + } | |
251 | + } | |
252 | + break ; | |
253 | +#endif /* WITH_SELINUX */ | |
254 | } | |
255 | } | |
256 | return (true); | |
1db50576 JB |
257 | @@ -1366,6 +1396,31 @@ |
258 | */ | |
32939b0c JB |
259 | return (pred_type (pathname, &sbuf, pred_ptr)); |
260 | } | |
261 | + | |
262 | + | |
263 | +#ifdef WITH_SELINUX | |
264 | + | |
265 | +boolean | |
72db70f1 | 266 | +pred_scontext (const char *pathname, struct stat *stat_buf, struct predicate *pred_ptr) |
32939b0c JB |
267 | +{ |
268 | + int rv; | |
269 | + security_context_t scontext; | |
270 | + | |
1db50576 | 271 | + rv = (*options.x_getfilecon)(state.rel_pathname, &scontext); |
32939b0c JB |
272 | + |
273 | + if ( rv < 0 ) { | |
274 | + (void) fprintf(stderr, "getfilecon(%s): %s\n", pathname, strerror(errno)); | |
275 | + (void) fflush(stderr); | |
276 | + return ( false ); | |
277 | + } | |
278 | + | |
1db50576 | 279 | + rv= (strcmp(scontext, pred_ptr->args.scontext) == 0); |
32939b0c JB |
280 | + freecon(scontext); |
281 | + return rv; | |
282 | +} | |
283 | + | |
284 | +#endif /*WITH_SELINUX*/ | |
285 | + | |
286 | \f | |
287 | /* 1) fork to get a child; parent remembers the child pid | |
288 | 2) child execs the command requested | |
72db70f1 JB |
289 | --- findutils-4.4.0/find/tree.c.orig 2007-12-20 22:40:35.000000000 +0100 |
290 | +++ findutils-4.4.0/find/tree.c 2008-03-17 20:21:28.427267235 +0100 | |
291 | @@ -1194,6 +1194,9 @@ | |
292 | struct predicate *cur_pred; | |
293 | const struct parser_table *entry_close, *entry_print, *entry_open; | |
294 | int i, oldi; | |
295 | +#ifdef WITH_SELINUX | |
296 | + int is_selinux_enabled_flag; | |
297 | +#endif /* WITH_SELINUX */ | |
298 | ||
299 | predicates = NULL; | |
300 | ||
301 | @@ -1230,6 +1233,14 @@ | |
302 | } | |
303 | ||
304 | predicate_name = argv[i]; | |
305 | +#ifdef WITH_SELINUX | |
306 | + if (! is_selinux_enabled_flag) { | |
307 | + if ((strncmp(predicate_name,"-context",strlen("-context"))==0) || | |
308 | + (strncmp(predicate_name,"--context",strlen("--context"))==0)) { | |
309 | + error (1, 0,_("Error: invalid predicate %s: the kernel is not SELinux-enabled.\n"),predicate_name); | |
310 | + } | |
311 | + } | |
312 | +#endif | |
313 | parse_entry = find_parser (predicate_name); | |
314 | if (parse_entry == NULL) | |
315 | { | |
316 | --- findutils-4.4.0/find/util.c.orig 2008-03-10 10:37:22.000000000 +0100 | |
317 | +++ findutils-4.4.0/find/util.c 2008-03-16 01:28:33.177920622 +0100 | |
318 | @@ -97,6 +97,9 @@ | |
319 | new_pred->pred_func = pred_func; | |
320 | new_pred->p_name = entry->parser_name; | |
321 | new_pred->args.str = NULL; | |
32939b0c | 322 | +#ifdef WITH_SELINUX |
72db70f1 | 323 | + new_pred->args.scontext = NULL; |
32939b0c | 324 | +#endif |
72db70f1 JB |
325 | new_pred->p_type = PRIMARY_TYPE; |
326 | new_pred->p_prec = NO_PREC; | |
327 | return new_pred; | |
328 | --- findutils-4.4.0/po/pl.po.orig 2008-03-15 12:43:32.000000000 +0100 | |
329 | +++ findutils-4.4.0/po/pl.po 2008-03-17 20:28:05.717905863 +0100 | |
330 | @@ -453,6 +453,10 @@ | |
331 | " -wholename WZORZEC -size N[bcwkMG] -true -type [bcdpflsD] -uid N\n" | |
332 | " -used N -user NAZWA -xtype [bcdpfls]\n" | |
333 | ||
334 | +#: find/parser.c:1154 | |
335 | +msgid " -context CONTEXT\n" | |
336 | +msgstr " -context KONTEKST\n" | |
337 | + | |
338 | #: find/parser.c:1132 | |
339 | msgid "" | |
340 | "actions: -delete -print0 -printf FORMAT -fprintf FILE FORMAT -print \n" | |
341 | @@ -755,6 +759,11 @@ | |
342 | msgid "unknown predicate `%s'" | |
343 |