]>
Commit | Line | Data |
---|---|---|
236898d6 MT |
1 | --- net-tools-1.60/Makefile~ 2005-12-24 06:56:57.000000000 -0500 |
2 | +++ net-tools-1.60/Makefile 2005-12-29 16:54:06.000000000 -0500 | |
3 | @@ -113,6 +113,12 @@ | |
4 | ||
5 | NET_LIB = $(NET_LIB_PATH)/lib$(NET_LIB_NAME).a | |
6 | ||
7 | +ifeq ($(HAVE_SELINUX),1) | |
8 | +LDFLAGS += -lselinux | |
9 | +CFLAGS += -DHAVE_SELINUX | |
10 | +else | |
11 | +endif | |
12 | + | |
13 | CFLAGS += $(COPTS) -I. -idirafter ./include/ -I$(NET_LIB_PATH) | |
14 | LDFLAGS += $(LOPTS) -L$(NET_LIB_PATH) | |
15 | ||
16 | --- net-tools-1.60/netstat.c~ 2005-12-24 06:56:57.000000000 -0500 | |
17 | +++ net-tools-1.60/netstat.c 2005-12-29 16:54:07.000000000 -0500 | |
18 | @@ -86,6 +86,11 @@ | |
19 | #include <net/if.h> | |
20 | #include <dirent.h> | |
21 | ||
22 | +#if HAVE_SELINUX | |
23 | +#include <selinux/selinux.h> | |
24 | +#else | |
25 | +#define security_context_t char* | |
26 | +#endif | |
27 | #include "net-support.h" | |
28 | #include "pathnames.h" | |
29 | #include "version.h" | |
30 | @@ -96,6 +101,7 @@ | |
31 | #include "util.h" | |
32 | ||
33 | #define PROGNAME_WIDTH 20 | |
34 | +#define SELINUX_WIDTH 50 | |
35 | ||
36 | #if !defined(s6_addr32) && defined(in6a_words) | |
37 | #define s6_addr32 in6a_words /* libinet6 */ | |
38 | @@ -150,6 +156,7 @@ | |
39 | int flag_prg = 0; | |
40 | int flag_arg = 0; | |
41 | int flag_ver = 0; | |
42 | +int flag_selinux = 0; | |
43 | ||
44 | FILE *procinfo; | |
45 | ||
46 | @@ -213,12 +220,17 @@ | |
47 | #define PROGNAME_WIDTH1(s) PROGNAME_WIDTH2(s) | |
48 | #define PROGNAME_WIDTH2(s) #s | |
49 | ||
50 | +#define SELINUX_WIDTHs SELINUX_WIDTH1(SELINUX_WIDTH) | |
51 | +#define SELINUX_WIDTH1(s) SELINUX_WIDTH2(s) | |
52 | +#define SELINUX_WIDTH2(s) #s | |
53 | + | |
54 | #define PRG_HASH_SIZE 211 | |
55 | ||
56 | static struct prg_node { | |
57 | struct prg_node *next; | |
58 | int inode; | |
59 | char name[PROGNAME_WIDTH]; | |
60 | + char scon[SELINUX_WIDTH]; | |
61 | } *prg_hash[PRG_HASH_SIZE]; | |
62 | ||
63 | static char prg_cache_loaded = 0; | |
64 | @@ -226,9 +238,12 @@ | |
65 | #define PRG_HASHIT(x) ((x) % PRG_HASH_SIZE) | |
66 | ||
67 | #define PROGNAME_BANNER "PID/Program name" | |
68 | +#define SELINUX_BANNER "Security Context" | |
69 | ||
70 | #define print_progname_banner() do { if (flag_prg) printf("%-" PROGNAME_WIDTHs "s"," " PROGNAME_BANNER); } while (0) | |
71 | ||
72 | +#define print_selinux_banner() do { if (flag_selinux) printf("%-" SELINUX_WIDTHs "s"," " SELINUX_BANNER); } while (0) | |
73 | + | |
74 | #define PRG_LOCAL_ADDRESS "local_address" | |
75 | #define PRG_INODE "inode" | |
76 | #define PRG_SOCKET_PFX "socket:[" | |
77 | @@ -250,7 +265,7 @@ | |
78 | /* NOT working as of glibc-2.0.7: */ | |
79 | #undef DIRENT_HAVE_D_TYPE_WORKS | |
80 | ||
81 | -static void prg_cache_add(int inode, char *name) | |
82 | +static void prg_cache_add(int inode, char *name, char *scon) | |
83 | { | |
84 | unsigned hi = PRG_HASHIT(inode); | |
85 | struct prg_node **pnp,*pn; | |
86 | @@ -271,6 +286,14 @@ | |
87 | if (strlen(name)>sizeof(pn->name)-1) | |
88 | name[sizeof(pn->name)-1]='\0'; | |
89 | strcpy(pn->name,name); | |
90 | + | |
91 | + { | |
92 | + int len=(strlen(scon)-sizeof(pn->scon))+1; | |
93 | + if (len > 0) | |
94 | + strcpy(pn->scon,&scon[len+1]); | |
95 | + else | |
96 | + strcpy(pn->scon,scon); | |
97 | + } | |
98 | } | |
99 | ||
100 | static const char *prg_cache_get(unsigned long inode) | |
101 | @@ -283,6 +306,16 @@ | |
102 | return("-"); | |
103 | } | |
104 | ||
105 | +static const char *prg_cache_get_con(unsigned long inode) | |
106 | +{ | |
107 | + unsigned hi=PRG_HASHIT(inode); | |
108 | + struct prg_node *pn; | |
109 | + | |
110 | + for (pn=prg_hash[hi];pn;pn=pn->next) | |
111 | + if (pn->inode==inode) return(pn->scon); | |
112 | + return("-"); | |
113 | +} | |
114 | + | |
115 | static void prg_cache_clear(void) | |
116 | { | |
117 | struct prg_node **pnp,*pn; | |
118 | @@ -348,6 +381,7 @@ | |
119 | const char *cs,*cmdlp; | |
120 | DIR *dirproc=NULL,*dirfd=NULL; | |
121 | struct dirent *direproc,*direfd; | |
122 | + security_context_t scon=NULL; | |
123 | ||
124 | if (prg_cache_loaded || !flag_prg) return; | |
125 | prg_cache_loaded=1; | |
126 | @@ -415,7 +449,15 @@ | |
127 | } | |
128 | ||
129 | snprintf(finbuf, sizeof(finbuf), "%s/%s", direproc->d_name, cmdlp); | |
130 | - prg_cache_add(inode, finbuf); | |
131 | +#if HAVE_SELINUX | |
132 | + if (getpidcon(atoi(direproc->d_name), &scon) == -1) { | |
133 | + scon=strdup("-"); | |
134 | + } | |
135 | + prg_cache_add(inode, finbuf, scon); | |
136 | + freecon(scon); | |
137 | +#else | |
138 | + prg_cache_add(inode, finbuf, "-"); | |
139 | +#endif | |
140 | } | |
141 | closedir(dirfd); | |
142 | dirfd = NULL; | |
143 | @@ -1385,6 +1428,8 @@ | |
144 | printf("- "); | |
145 | if (flag_prg) | |
146 | printf("%-" PROGNAME_WIDTHs "s",(has & HAS_INODE?prg_cache_get(inode):"-")); | |
147 | + if (flag_selinux) | |
148 | + printf("%-" SELINUX_WIDTHs "s",(has & HAS_INODE?prg_cache_get_con(inode):"-")); | |
149 | puts(path); | |
150 | } | |
151 | ||
152 | @@ -1403,6 +1448,7 @@ | |
153 | ||
154 | printf(_("\nProto RefCnt Flags Type State I-Node")); | |
155 | print_progname_banner(); | |
156 | + print_selinux_banner(); | |
157 | printf(_(" Path\n")); /* xxx */ | |
158 | ||
159 | { | |
160 | @@ -1682,6 +1728,7 @@ | |
161 | fprintf(stderr, _(" -o, --timers display timers\n")); | |
162 | fprintf(stderr, _(" -F, --fib display Forwarding Information Base (default)\n")); | |
163 | fprintf(stderr, _(" -C, --cache display routing cache instead of FIB\n\n")); | |
164 | + fprintf(stderr, _(" -Z, --context display SELinux security context for sockets\n\n")); | |
165 | ||
166 | fprintf(stderr, _(" <Iface>: Name of interface to monitor/list.\n")); | |
167 | fprintf(stderr, _(" <Socket>={-t|--tcp} {-u|--udp} {-w|--raw} {-x|--unix} --ax25 --ipx --netrom\n")); | |
168 | @@ -1729,6 +1776,7 @@ | |
169 | {"cache", 0, 0, 'C'}, | |
170 | {"fib", 0, 0, 'F'}, | |
171 | {"groups", 0, 0, 'g'}, | |
172 | + {"context", 0, 0, 'Z'}, | |
173 | {NULL, 0, 0, 0} | |
174 | }; | |
175 | ||
176 | @@ -1741,7 +1789,7 @@ | |
177 | ||
178 | afname[0] = '\0'; | |
179 | ||
180 | - while ((i = getopt_long(argc, argv, "MCFA:acdegphiI::nNorstuVv?wxl", longopts, &lop)) != EOF) | |
181 | + while ((i = getopt_long(argc, argv, "MCFA:acdegphiI::nNorstuVv?wxlZ", longopts, &lop)) != EOF) | |
182 | switch (i) { | |
183 | case -1: | |
184 | break; | |
185 | @@ -1838,6 +1886,20 @@ | |
186 | if (aftrans_opt("unix")) | |
187 | exit(1); | |
188 | break; | |
189 | + case 'Z': | |
190 | +#if HAVE_SELINUX | |
191 | + if (is_selinux_enabled() <= 0) { | |
192 | + fprintf(stderr, _("SELinux is not enabled on this machine.\n")); | |
193 | + exit(1); | |
194 | + } | |
195 | + flag_prg++; | |
196 | + flag_selinux++; | |
197 | +#else | |
198 | + fprintf(stderr, _("SELinux is not enabled for this application.\n")); | |
199 | + exit(1); | |
200 | +#endif | |
201 | + | |
202 | + break; | |
203 | case '?': | |
204 | case 'h': | |
205 | usage(); | |
206 | --- net-tools-1.60/netstat.c.sel 2007-05-21 14:02:08.000000000 -0400 | |
207 | +++ net-tools-1.60/netstat.c 2007-05-21 14:03:23.000000000 -0400 | |
208 | @@ -769,6 +769,9 @@ static void finish_this_one(int uid, uns | |
209 | } | |
210 | if (flag_prg) | |
211 | printf("%-" PROGNAME_WIDTHs "s",prg_cache_get(inode)); | |
212 | + if (flag_selinux) | |
213 | + printf("%-" SELINUX_WIDTHs "s",prg_cache_get_con(inode)); | |
214 | + | |
215 | if (flag_opt) | |
216 | printf("%s", timers); | |
217 | putchar('\n'); | |
218 | @@ -2420,6 +2423,7 @@ int main | |
219 | if (flag_exp > 1) | |
220 | printf(_(" User Inode ")); | |
221 | print_progname_banner(); | |
222 | + print_selinux_banner(); | |
223 | if (flag_opt) | |
224 | printf(_(" Timer")); /* xxx */ | |
225 | printf("\n"); |