1 --- net-tools-1.60/Makefile~ 2005-12-24 06:56:57.000000000 -0500
2 +++ net-tools-1.60/Makefile 2005-12-29 16:54:06.000000000 -0500
5 NET_LIB = $(NET_LIB_PATH)/lib$(NET_LIB_NAME).a
7 +ifeq ($(HAVE_SELINUX),1)
9 +CFLAGS += -DHAVE_SELINUX
13 CFLAGS += $(COPTS) -I. -idirafter ./include/ -I$(NET_LIB_PATH)
14 LDFLAGS += $(LOPTS) -L$(NET_LIB_PATH)
16 --- net-tools-1.60/netstat.c~ 2005-12-24 06:56:57.000000000 -0500
17 +++ net-tools-1.60/netstat.c 2005-12-29 16:54:07.000000000 -0500
23 +#include <selinux/selinux.h>
25 +#define security_context_t char*
27 #include "net-support.h"
28 #include "pathnames.h"
33 #define PROGNAME_WIDTH 20
34 +#define SELINUX_WIDTH 50
36 #if !defined(s6_addr32) && defined(in6a_words)
37 #define s6_addr32 in6a_words /* libinet6 */
42 +int flag_selinux = 0;
47 #define PROGNAME_WIDTH1(s) PROGNAME_WIDTH2(s)
48 #define PROGNAME_WIDTH2(s) #s
50 +#define SELINUX_WIDTHs SELINUX_WIDTH1(SELINUX_WIDTH)
51 +#define SELINUX_WIDTH1(s) SELINUX_WIDTH2(s)
52 +#define SELINUX_WIDTH2(s) #s
54 #define PRG_HASH_SIZE 211
56 static struct prg_node {
57 struct prg_node *next;
59 char name[PROGNAME_WIDTH];
60 + char scon[SELINUX_WIDTH];
61 } *prg_hash[PRG_HASH_SIZE];
63 static char prg_cache_loaded = 0;
65 #define PRG_HASHIT(x) ((x) % PRG_HASH_SIZE)
67 #define PROGNAME_BANNER "PID/Program name"
68 +#define SELINUX_BANNER "Security Context"
70 #define print_progname_banner() do { if (flag_prg) printf("%-" PROGNAME_WIDTHs "s"," " PROGNAME_BANNER); } while (0)
72 +#define print_selinux_banner() do { if (flag_selinux) printf("%-" SELINUX_WIDTHs "s"," " SELINUX_BANNER); } while (0)
74 #define PRG_LOCAL_ADDRESS "local_address"
75 #define PRG_INODE "inode"
76 #define PRG_SOCKET_PFX "socket:["
78 /* NOT working as of glibc-2.0.7: */
79 #undef DIRENT_HAVE_D_TYPE_WORKS
81 -static void prg_cache_add(int inode, char *name)
82 +static void prg_cache_add(int inode, char *name, char *scon)
84 unsigned hi = PRG_HASHIT(inode);
85 struct prg_node **pnp,*pn;
87 if (strlen(name)>sizeof(pn->name)-1)
88 name[sizeof(pn->name)-1]='\0';
89 strcpy(pn->name,name);
92 + int len=(strlen(scon)-sizeof(pn->scon))+1;
94 + strcpy(pn->scon,&scon[len+1]);
96 + strcpy(pn->scon,scon);
100 static const char *prg_cache_get(unsigned long inode)
105 +static const char *prg_cache_get_con(unsigned long inode)
107 + unsigned hi=PRG_HASHIT(inode);
108 + struct prg_node *pn;
110 + for (pn=prg_hash[hi];pn;pn=pn->next)
111 + if (pn->inode==inode) return(pn->scon);
115 static void prg_cache_clear(void)
117 struct prg_node **pnp,*pn;
119 const char *cs,*cmdlp;
120 DIR *dirproc=NULL,*dirfd=NULL;
121 struct dirent *direproc,*direfd;
122 + security_context_t scon=NULL;
124 if (prg_cache_loaded || !flag_prg) return;
129 snprintf(finbuf, sizeof(finbuf), "%s/%s", direproc->d_name, cmdlp);
130 - prg_cache_add(inode, finbuf);
132 + if (getpidcon(atoi(direproc->d_name), &scon) == -1) {
135 + prg_cache_add(inode, finbuf, scon);
138 + prg_cache_add(inode, finbuf, "-");
143 @@ -1385,6 +1428,8 @@
146 printf("%-" PROGNAME_WIDTHs "s",(has & HAS_INODE?prg_cache_get(inode):"-"));
148 + printf("%-" SELINUX_WIDTHs "s",(has & HAS_INODE?prg_cache_get_con(inode):"-"));
152 @@ -1403,6 +1448,7 @@
154 printf(_("\nProto RefCnt Flags Type State I-Node"));
155 print_progname_banner();
156 + print_selinux_banner();
157 printf(_(" Path\n")); /* xxx */
160 @@ -1682,6 +1728,7 @@
161 fprintf(stderr, _(" -o, --timers display timers\n"));
162 fprintf(stderr, _(" -F, --fib display Forwarding Information Base (default)\n"));
163 fprintf(stderr, _(" -C, --cache display routing cache instead of FIB\n\n"));
164 + fprintf(stderr, _(" -Z, --context display SELinux security context for sockets\n\n"));
166 fprintf(stderr, _(" <Iface>: Name of interface to monitor/list.\n"));
167 fprintf(stderr, _(" <Socket>={-t|--tcp} {-u|--udp} {-w|--raw} {-x|--unix} --ax25 --ipx --netrom\n"));
168 @@ -1729,6 +1776,7 @@
169 {"cache", 0, 0, 'C'},
171 {"groups", 0, 0, 'g'},
172 + {"context", 0, 0, 'Z'},
176 @@ -1741,7 +1789,7 @@
180 - while ((i = getopt_long(argc, argv, "MCFA:acdegphiI::nNorstuVv?wxl", longopts, &lop)) != EOF)
181 + while ((i = getopt_long(argc, argv, "MCFA:acdegphiI::nNorstuVv?wxlZ", longopts, &lop)) != EOF)
185 @@ -1838,6 +1886,20 @@
186 if (aftrans_opt("unix"))
191 + if (is_selinux_enabled() <= 0) {
192 + fprintf(stderr, _("SELinux is not enabled on this machine.\n"));
198 + fprintf(stderr, _("SELinux is not enabled for this application.\n"));
206 --- net-tools-1.60/netstat.c.sel 2007-05-21 14:02:08.000000000 -0400
207 +++ net-tools-1.60/netstat.c 2007-05-21 14:03:23.000000000 -0400
208 @@ -769,6 +769,9 @@ static void finish_this_one(int uid, uns
211 printf("%-" PROGNAME_WIDTHs "s",prg_cache_get(inode));
213 + printf("%-" SELINUX_WIDTHs "s",prg_cache_get_con(inode));
216 printf("%s", timers);
218 @@ -2420,6 +2423,7 @@ int main
220 printf(_(" User Inode "));
221 print_progname_banner();
222 + print_selinux_banner();
224 printf(_(" Timer")); /* xxx */