From 7a457a96af320112021dfb9263857336a7732687 Mon Sep 17 00:00:00 2001 From: Karel Zak Date: Tue, 21 Sep 2010 21:47:54 +0200 Subject: libmount: implement mnt_context_subst_optstr() Signed-off-by: Karel Zak --- shlibs/mount/src/Makefile.am | 8 ++++- shlibs/mount/src/context.c | 83 +++++++++++++++++++++++++++++++------------- 2 files changed, 66 insertions(+), 25 deletions(-) (limited to 'shlibs') diff --git a/shlibs/mount/src/Makefile.am b/shlibs/mount/src/Makefile.am index e007272c..298a8754 100644 --- a/shlibs/mount/src/Makefile.am +++ b/shlibs/mount/src/Makefile.am @@ -28,6 +28,12 @@ libmount_la_DEPENDENCIES = $(libmount_la_LIBADD) mount.sym mount.h.in libmount_la_LDFLAGS = -Wl,--version-script=$(ul_libmount_srcdir)/mount.sym \ -version-info $(LIBMOUNT_VERSION_INFO) +TESTS_LIBS = $(UUID_LIBS) + +if HAVE_SELINUX +TESTS_LIBS += $(SELINUX_LIBS) +endif + EXTRA_DIST = mount.sym mount.h.in CLEANFILES = $(tests) @@ -54,5 +60,5 @@ tests: all $(tests) test_%: %.c $(COMPILE) -DTEST_PROGRAM $< .libs/libmount.a \ $(ul_libblkid_builddir)/.libs/libblkid.a -o $@ \ - $(UUID_LIBS) + $(TESTS_LIBS) diff --git a/shlibs/mount/src/context.c b/shlibs/mount/src/context.c index f2c26cbc..e99797de 100644 --- a/shlibs/mount/src/context.c +++ b/shlibs/mount/src/context.c @@ -13,10 +13,14 @@ #include #include +#ifdef HAVE_LIBSELINUX +#include +#include +#endif + #include "c.h" #include "mountP.h" - /* * Mount context -- high-level API */ @@ -873,8 +877,6 @@ static int mnt_context_subst_optstr(mnt_context *cxt) { int rc = 0; char *o, *o0; - char *val = NULL; - size_t valsz = 0; if (!cxt || !cxt->fs) return -EINVAL; @@ -883,37 +885,68 @@ static int mnt_context_subst_optstr(mnt_context *cxt) if (!o) return 0; - if (!mnt_optstr_get_option(o, "uid", &val, &valsz) && val && - !strncmp(val, "useruid", 7)) { - char id[40]; + rc = mnt_optstr_translate_uid(&o); + if (rc < 0) + return rc; - snprintf(id, sizeof(id), "%u", getuid()); - rc = mnt_optstr_set_option(&o, "uid", id); - if (rc) - return rc; - } + rc = mnt_optstr_translate_gid(&o); + if (rc < 0) + return rc; - val = NULL, valsz = 0; +#ifdef HAVE_LIBSELINUX + unsigned long flags; - if (!mnt_optstr_get_option(o, "gid", &val, &valsz) && val && - !strncmp(val, "usergid", 7)) { - char id[40]; + mnt_context_get_mountflags(cxt, &flags); - snprintf(id, sizeof(id), "%u", getgid()); - rc = mnt_optstr_set_option(&o, "gid", id); - if (rc) - return rc; + if ((flags & MS_REMOUNT) || !is_selinux_enabled()) { + /* + * Ignore SELinux context options + */ + rc = mnt_optstr_remove_option(&o, "context"); + if (rc >= 0) + rc = mnt_optstr_remove_option(&o, "fscontext"); + if (rc >= 0) + rc = mnt_optstr_remove_option(&o, "defcontext"); + if (rc >= 0) + rc = mnt_optstr_remove_option(&o, "rootcontext"); + } else { + /* + * Translate SELinux context from human to raw format + */ + rc = mnt_optstr_translate_selinux(&o, "context"); + if (rc >= 0) + rc = mnt_optstr_translate_selinux(&o, "fscontext"); + if (rc >= 0) + rc = mnt_optstr_translate_selinux(&o, "defcontext"); + if (rc >= 0) + rc = mnt_optstr_translate_selinux(&o, "rootcontext"); } - if (o != o0) + if (rc) + return rc; +#endif + if (o != o0) { rc = mnt_fs_set_optstr(cxt->fs, o); - + free(o); + } return rc; } -static int mnt_context_check_permissions(mnt_context *cxt) +static int mnt_context_evaluate_permissions(mnt_context *cxt) { - return 0; /* TODO */ + unsigned long u_flags; + + mnt_context_get_userspace_mountflags(cxt, &u_flags); + + if (u_flags & (MNT_MS_OWNER | MNT_MS_GROUP)) + cxt->mountflags |= MS_OWNERSECURE; + + if (u_flags & (MNT_MS_USER | MNT_MS_USERS)) + cxt->mountflags |= MS_SECURE; + + + + return 0; } static int mnt_context_prepare_srcpath(mnt_context *cxt) @@ -1032,7 +1065,7 @@ int mnt_context_prepare_mount(mnt_context *cxt) if (rc) goto err; - rc = mnt_context_check_permissions(cxt); + rc = mnt_context_evaluate_permissions(cxt); if (rc) goto err; @@ -1047,6 +1080,8 @@ int mnt_context_prepare_mount(mnt_context *cxt) /* TODO: prepare mtab update */ + /* TODO: replace generic optstr with fs_optstr */ + DBG(CXT, mnt_debug_h(cxt, "sucessfully prepared")); return 0; err: -- cgit v1.2.3