summaryrefslogtreecommitdiff
path: root/shlibs
diff options
context:
space:
mode:
authorKarel Zak <kzak@redhat.com>2010-09-21 21:47:54 +0200
committerKarel Zak <kzak@redhat.com>2011-01-03 12:28:43 +0100
commit7a457a96af320112021dfb9263857336a7732687 (patch)
treec95dd60e0860b0f690811bf22fa74c4d96bd08cc /shlibs
parentaf903024535eaeddbd0574b75a5d19c9e39eafe2 (diff)
downloadutil-linux-old-7a457a96af320112021dfb9263857336a7732687.tar.gz
libmount: implement mnt_context_subst_optstr()
Signed-off-by: Karel Zak <kzak@redhat.com>
Diffstat (limited to 'shlibs')
-rw-r--r--shlibs/mount/src/Makefile.am8
-rw-r--r--shlibs/mount/src/context.c83
2 files changed, 66 insertions, 25 deletions
diff --git a/shlibs/mount/src/Makefile.am b/shlibs/mount/src/Makefile.am
index e007272c..298a8754 100644
--- a/shlibs/mount/src/Makefile.am
+++ b/shlibs/mount/src/Makefile.am
@@ -28,6 +28,12 @@ libmount_la_DEPENDENCIES = $(libmount_la_LIBADD) mount.sym mount.h.in
libmount_la_LDFLAGS = -Wl,--version-script=$(ul_libmount_srcdir)/mount.sym \
-version-info $(LIBMOUNT_VERSION_INFO)
+TESTS_LIBS = $(UUID_LIBS)
+
+if HAVE_SELINUX
+TESTS_LIBS += $(SELINUX_LIBS)
+endif
+
EXTRA_DIST = mount.sym mount.h.in
CLEANFILES = $(tests)
@@ -54,5 +60,5 @@ tests: all $(tests)
test_%: %.c
$(COMPILE) -DTEST_PROGRAM $< .libs/libmount.a \
$(ul_libblkid_builddir)/.libs/libblkid.a -o $@ \
- $(UUID_LIBS)
+ $(TESTS_LIBS)
diff --git a/shlibs/mount/src/context.c b/shlibs/mount/src/context.c
index f2c26cbc..e99797de 100644
--- a/shlibs/mount/src/context.c
+++ b/shlibs/mount/src/context.c
@@ -13,10 +13,14 @@
#include <string.h>
#include <errno.h>
+#ifdef HAVE_LIBSELINUX
+#include <selinux/selinux.h>
+#include <selinux/context.h>
+#endif
+
#include "c.h"
#include "mountP.h"
-
/*
* Mount context -- high-level API
*/
@@ -873,8 +877,6 @@ static int mnt_context_subst_optstr(mnt_context *cxt)
{
int rc = 0;
char *o, *o0;
- char *val = NULL;
- size_t valsz = 0;
if (!cxt || !cxt->fs)
return -EINVAL;
@@ -883,37 +885,68 @@ static int mnt_context_subst_optstr(mnt_context *cxt)
if (!o)
return 0;
- if (!mnt_optstr_get_option(o, "uid", &val, &valsz) && val &&
- !strncmp(val, "useruid", 7)) {
- char id[40];
+ rc = mnt_optstr_translate_uid(&o);
+ if (rc < 0)
+ return rc;
- snprintf(id, sizeof(id), "%u", getuid());
- rc = mnt_optstr_set_option(&o, "uid", id);
- if (rc)
- return rc;
- }
+ rc = mnt_optstr_translate_gid(&o);
+ if (rc < 0)
+ return rc;
- val = NULL, valsz = 0;
+#ifdef HAVE_LIBSELINUX
+ unsigned long flags;
- if (!mnt_optstr_get_option(o, "gid", &val, &valsz) && val &&
- !strncmp(val, "usergid", 7)) {
- char id[40];
+ mnt_context_get_mountflags(cxt, &flags);
- snprintf(id, sizeof(id), "%u", getgid());
- rc = mnt_optstr_set_option(&o, "gid", id);
- if (rc)
- return rc;
+ if ((flags & MS_REMOUNT) || !is_selinux_enabled()) {
+ /*
+ * Ignore SELinux context options
+ */
+ rc = mnt_optstr_remove_option(&o, "context");
+ if (rc >= 0)
+ rc = mnt_optstr_remove_option(&o, "fscontext");
+ if (rc >= 0)
+ rc = mnt_optstr_remove_option(&o, "defcontext");
+ if (rc >= 0)
+ rc = mnt_optstr_remove_option(&o, "rootcontext");
+ } else {
+ /*
+ * Translate SELinux context from human to raw format
+ */
+ rc = mnt_optstr_translate_selinux(&o, "context");
+ if (rc >= 0)
+ rc = mnt_optstr_translate_selinux(&o, "fscontext");
+ if (rc >= 0)
+ rc = mnt_optstr_translate_selinux(&o, "defcontext");
+ if (rc >= 0)
+ rc = mnt_optstr_translate_selinux(&o, "rootcontext");
}
- if (o != o0)
+ if (rc)
+ return rc;
+#endif
+ if (o != o0) {
rc = mnt_fs_set_optstr(cxt->fs, o);
-
+ free(o);
+ }
return rc;
}
-static int mnt_context_check_permissions(mnt_context *cxt)
+static int mnt_context_evaluate_permissions(mnt_context *cxt)
{
- return 0; /* TODO */
+ unsigned long u_flags;
+
+ mnt_context_get_userspace_mountflags(cxt, &u_flags);
+
+ if (u_flags & (MNT_MS_OWNER | MNT_MS_GROUP))
+ cxt->mountflags |= MS_OWNERSECURE;
+
+ if (u_flags & (MNT_MS_USER | MNT_MS_USERS))
+ cxt->mountflags |= MS_SECURE;
+
+
+
+ return 0;
}
static int mnt_context_prepare_srcpath(mnt_context *cxt)
@@ -1032,7 +1065,7 @@ int mnt_context_prepare_mount(mnt_context *cxt)
if (rc)
goto err;
- rc = mnt_context_check_permissions(cxt);
+ rc = mnt_context_evaluate_permissions(cxt);
if (rc)
goto err;
@@ -1047,6 +1080,8 @@ int mnt_context_prepare_mount(mnt_context *cxt)
/* TODO: prepare mtab update */
+ /* TODO: replace generic optstr with fs_optstr */
+
DBG(CXT, mnt_debug_h(cxt, "sucessfully prepared"));
return 0;
err: