diff options
Diffstat (limited to 'src/mkfifo.c')
| -rw-r--r-- | src/mkfifo.c | 74 |
1 files changed, 59 insertions, 15 deletions
diff --git a/src/mkfifo.c b/src/mkfifo.c index 76291e5b..415ae562 100644 --- a/src/mkfifo.c +++ b/src/mkfifo.c @@ -1,5 +1,5 @@ /* mkfifo -- make fifo's (named pipes) - Copyright (C) 1990-2013 Free Software Foundation, Inc. + Copyright (C) 1990-2014 Free Software Foundation, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -26,6 +26,8 @@ #include "error.h" #include "modechange.h" #include "quote.h" +#include "selinux.h" +#include "smack.h" /* The official name of this program (e.g., no 'g' prefix). */ #define PROGRAM_NAME "mkfifo" @@ -59,7 +61,9 @@ Create named pipes (FIFOs) with the given NAMEs.\n\ -m, --mode=MODE set file permission bits to MODE, not a=rw - umask\n\ "), stdout); fputs (_("\ - -Z, --context=CTX set the SELinux security context of each NAME to CTX\n\ + -Z set the SELinux security context to default type\n\ + --context[=CTX] like -Z, or if CTX is specified then set the SELinux\n\ + or SMACK security context to CTX\n\ "), stdout); fputs (HELP_OPTION_DESCRIPTION, stdout); fputs (VERSION_OPTION_DESCRIPTION, stdout); @@ -75,7 +79,8 @@ main (int argc, char **argv) char const *specified_mode = NULL; int exit_status = EXIT_SUCCESS; int optc; - security_context_t scontext = NULL; + char const *scontext = NULL; + bool set_security_context = false; initialize_main (&argc, &argv); set_program_name (argv[0]); @@ -85,7 +90,7 @@ main (int argc, char **argv) atexit (close_stdout); - while ((optc = getopt_long (argc, argv, "m:Z:", longopts, NULL)) != -1) + while ((optc = getopt_long (argc, argv, "m:Z", longopts, NULL)) != -1) { switch (optc) { @@ -93,7 +98,24 @@ main (int argc, char **argv) specified_mode = optarg; break; case 'Z': - scontext = optarg; + if (is_smack_enabled ()) + { + /* We don't yet support -Z to restore context with SMACK. */ + scontext = optarg; + } + else if (is_selinux_enabled () > 0) + { + if (optarg) + scontext = optarg; + else + set_security_context = true; + } + else if (optarg) + { + error (0, 0, + _("warning: ignoring --context; " + "it requires an SELinux/SMACK-enabled kernel")); + } break; case_GETOPT_HELP_CHAR; case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS); @@ -108,18 +130,30 @@ main (int argc, char **argv) usage (EXIT_FAILURE); } - if (scontext && setfscreatecon (scontext) < 0) - error (EXIT_FAILURE, errno, - _("failed to set default file creation context to %s"), - quote (scontext)); + if (scontext) + { + int ret = 0; + if (is_smack_enabled ()) + ret = smack_set_label_for_self (scontext); + else + ret = setfscreatecon (se_const (scontext)); + + if (ret < 0) + error (EXIT_FAILURE, errno, + _("failed to set default file creation context to %s"), + quote (scontext)); + } newmode = MODE_RW_UGO; if (specified_mode) { + mode_t umask_value; struct mode_change *change = mode_compile (specified_mode); if (!change) error (EXIT_FAILURE, 0, _("invalid mode")); - newmode = mode_adjust (newmode, false, umask (0), change, NULL); + umask_value = umask (0); + umask (umask_value); + newmode = mode_adjust (newmode, false, umask_value, change, NULL); free (change); if (newmode & ~S_IRWXUGO) error (EXIT_FAILURE, 0, @@ -127,11 +161,21 @@ main (int argc, char **argv) } for (; optind < argc; ++optind) - if (mkfifo (argv[optind], newmode) != 0) - { - error (0, errno, _("cannot create fifo %s"), quote (argv[optind])); - exit_status = EXIT_FAILURE; - } + { + if (set_security_context) + defaultcon (argv[optind], S_IFIFO); + if (mkfifo (argv[optind], newmode) != 0) + { + error (0, errno, _("cannot create fifo %s"), quote (argv[optind])); + exit_status = EXIT_FAILURE; + } + else if (specified_mode && lchmod (argv[optind], newmode) != 0) + { + error (0, errno, _("cannot set permissions of %s"), + quote (argv[optind])); + exit_status = EXIT_FAILURE; + } + } exit (exit_status); } |