ls: with -Z, show SMACK security context

Enable showing of file SMACK security with '-Z' command-line switch if SMACK is enabled. Showing SMACK context of a file does not strictly require SMACK to be enabled but this required to make choice whether to show SELinux or SMACK security context. * src/ls.c (getfilecon_cache): Retrieve SMACK context if available. (gobble_file): Handle SMACK context similarly to SELinux context. * src/local.mk: Link lsl with libsmack. * NEWS: Mention the new feature. * .mailmap: Merge the Author's 2 email addresses. Signed-off-by: Michael Demeter <michael.demeter@intel.com> Conflicts: NEWS Change-Id: I888bc3b0f08dfe8a9eae9a244c91c9ab6b1d9c08
author: Jarkko Sakkinen <jarkko.sakkinen@iki.fi> 2013-06-24 14:24:55 +0300
committer: Michael Demeter <michael.demeter@intel.com> 2013-08-12 15:52:02 -0700
commit: 8bac991f18cdc1dfb8ab8fd2416066d420dfaca7 (patch)
tree: 271d2f519a1b4f34dcf6d050646b8eddb54714d9
parent: d3eb2262c619ea3121cbb5dd22d19b145de55899 (diff)
download: coreutils-8bac991f18cdc1dfb8ab8fd2416066d420dfaca7.tar.gz
coreutils-8bac991f18cdc1dfb8ab8fd2416066d420dfaca7.tar.bz2
coreutils-8bac991f18cdc1dfb8ab8fd2416066d420dfaca7.zip
4 files changed, 37 insertions, 8 deletions
diff --git a/.mailmap b/.mailmap
index dcabcb534..b5cf17cf4 100644
--- a/.mailmap
+++ b/.mailmap
@@ -26,6 +26,7 @@ Pádraig Brady <p@draigBrady.com> <P@draigBrady.com>
 <psfales@alcatel-lucent.com> <psfales@lucent.com>
 <karl@gnu.org> <karl@freefriends.org>
 <stephane.raimbault@gmail.com> <stephane.raimbault@makina-corpus.com>
+<jarkko.sakkinen@iki.fi> <jarkko.sakkinen@linux.intel.com>
 
 # Prefer spelled-out middle name and its address.
 Arne Henrik Juul <arnej@imf.unit.no> Arne H. Juul <arnej@solan.unit.no>
diff --git a/NEWS b/NEWS
index af45f7c33..0e90744a5 100644
--- a/NEWS
+++ b/NEWS
@@ -8,6 +8,8 @@ GNU coreutils NEWS                                    -*- outline -*-
 
 ** New features
 
+  ls -Z and id -Z report the SMACK security context where available.
+  
   id -Z reports the SMACK security context where available.
 
   df now accepts the --output[=FIELD_LIST] option to define the list of columns
diff --git a/src/local.mk b/src/local.mk
index 0570d73a9..95c067268 100644
--- a/src/local.mk
+++ b/src/local.mk
@@ -230,6 +230,7 @@ src_ginstall_LDADD += $(LIB_SELINUX)
 src_id_LDADD += $(LIB_SELINUX)
 src_id_LDADD += $(LIB_SMACK)
 src_ls_LDADD += $(LIB_SELINUX)
+src_ls_LDADD += $(LIB_SMACK)
 src_mkdir_LDADD += $(LIB_SELINUX)
 src_mkfifo_LDADD += $(LIB_SELINUX)
 src_mknod_LDADD += $(LIB_SELINUX)
diff --git a/src/ls.c b/src/ls.c
index f1ed43bd2..af972941a 100644
--- a/src/ls.c
+++ b/src/ls.c
@@ -115,6 +115,10 @@
 # include <sys/capability.h>
 #endif
 
+#ifdef HAVE_SMACK
+# include <sys/smack.h>
+#endif
+
 #define PROGRAM_NAME (ls_mode == LS_LS ? "ls" \
                       : (ls_mode == LS_MULTI_COL \
                          ? "dir" : "vdir"))
@@ -2749,7 +2753,14 @@ free_ent (struct fileinfo *f)
   free (f->name);
   free (f->linkname);
   if (f->scontext != UNKNOWN_SECURITY_CONTEXT)
-    freecon (f->scontext);
+    {
+#ifdef HAVE_SMACK
+      if (smack_smackfs_path ())
+        free (f->scontext);
+      else
+#endif
+        freecon (f->scontext);
+    }
 }
 
 /* Empty the table of files.  */
@@ -2804,9 +2815,16 @@ getfilecon_cache (char const *file, struct fileinfo *f, bool deref)
       errno = ENOTSUP;
       return -1;
     }
-  int r = (deref
-           ? getfilecon (file, &f->scontext)
-           : lgetfilecon (file, &f->scontext));
+  int r = 0;
+#ifdef HAVE_SMACK
+  if (smack_smackfs_path ())
+    r = smack_new_label_from_path (file, "security.SMACK64", deref,
+                                   &f->scontext);
+  else
+#endif
+    r = (deref
+         ? getfilecon (file, &f->scontext)
+         : lgetfilecon (file, &f->scontext));
   if (r < 0 && errno_unsupported (errno))
     unsupported_device = f->stat.st_dev;
   return r;
@@ -2997,13 +3015,20 @@ gobble_file (char const *name, enum filetype type, ino_t inode,
 
       if (format == long_format || print_scontext)
         {
-          bool have_selinux = false;
+          bool have_scontext = false;
           bool have_acl = false;
           int attr_len = getfilecon_cache (absolute_name, f, do_deref);
           err = (attr_len < 0);
 
           if (err == 0)
-            have_selinux = ! STREQ ("unlabeled", f->scontext);
+            {
+#ifdef HAVE_SMACK
+              if (smack_smackfs_path ())
+                have_scontext = ! STREQ ("_", f->scontext);
+              else
+#endif
+                have_scontext = ! STREQ ("unlabeled", f->scontext);
+            }
           else
             {
               f->scontext = UNKNOWN_SECURITY_CONTEXT;
@@ -3023,9 +3048,9 @@ gobble_file (char const *name, enum filetype type, ino_t inode,
               have_acl = (0 < n);
             }
 
-          f->acl_type = (!have_selinux && !have_acl
+          f->acl_type = (!have_scontext && !have_acl
                          ? ACL_T_NONE
-                         : (have_selinux && !have_acl
+                         : (have_scontext && !have_acl
                             ? ACL_T_SELINUX_ONLY
                             : ACL_T_YES));
           any_has_acl |= f->acl_type != ACL_T_NONE;
author	Jarkko Sakkinen <jarkko.sakkinen@iki.fi>	2013-06-24 14:24:55 +0300
committer	Michael Demeter <michael.demeter@intel.com>	2013-08-12 15:52:02 -0700
commit	8bac991f18cdc1dfb8ab8fd2416066d420dfaca7 (patch)
tree	271d2f519a1b4f34dcf6d050646b8eddb54714d9
parent	d3eb2262c619ea3121cbb5dd22d19b145de55899 (diff)
download	coreutils-8bac991f18cdc1dfb8ab8fd2416066d420dfaca7.tar.gz coreutils-8bac991f18cdc1dfb8ab8fd2416066d420dfaca7.tar.bz2 coreutils-8bac991f18cdc1dfb8ab8fd2416066d420dfaca7.zip