mkdir,mkfifo,mknod: with -Z, create SMACK security context

Enable creation of SMACK security context with -Z command-line switch
if SMACK is enabled.

* mkdir.c (main): Set process security context to given SMACK label.
* mkfifo.c (main): Likewise.
* mknod.c (main): Likewise.
* src/local.mk: link mk{dir, fifo, nod} with libsmack.
* NEWS: Mention the new feature.

diff --git a/NEWS b/NEWS
index 320638504a9cd620412d83a4b6360d4244a8445b..75ec253eee2add78ff281fa357189f7be4a09cab 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -29,7 +29,8 @@ GNU coreutils NEWS                                    -*- outline -*-
 
 ** New features
 
-  ls -Z and id -Z report the SMACK security context where available.
+  id and ls with -Z report the SMACK security context where available.
+  mkdir, mkfifo and mknod with -Z set the SMACK context where available.
 
   join accepts a new option: --zero-terminated (-z). As with the sort,uniq
   option of the same name, this makes join consume and produce NUL-terminated

diff --git a/src/local.mk b/src/local.mk
index 626d580de663aa3ef19575b283704e51723af1fa..646fbada191e8b05e9e822009f58ab2f91b9a617 100644 (file)
--- a/src/local.mk
+++ b/src/local.mk
@@ -232,8 +232,11 @@ src_id_LDADD += $(LIB_SMACK)
 src_ls_LDADD += $(LIB_SELINUX)
 src_ls_LDADD += $(LIB_SMACK)
 src_mkdir_LDADD += $(LIB_SELINUX)
+src_mkdir_LDADD += $(LIB_SMACK)
 src_mkfifo_LDADD += $(LIB_SELINUX)
+src_mkfifo_LDADD += $(LIB_SMACK)
 src_mknod_LDADD += $(LIB_SELINUX)
+src_mknod_LDADD += $(LIB_SMACK)
 src_runcon_LDADD += $(LIB_SELINUX)
 src_stat_LDADD += $(LIB_SELINUX)
 

diff --git a/src/mkdir.c b/src/mkdir.c
index b36237a3370fbce2df099bd098795ec48af78dca..e56b6cbbda0e4c7cb98b1848a194c92baa7075ab 100644 (file)
--- a/src/mkdir.c
+++ b/src/mkdir.c
@@ -22,6 +22,10 @@
 #include <sys/types.h>
 #include <selinux/selinux.h>
 
+#ifdef HAVE_SMACK
+# include <sys/smack.h>
+#endif
+
 #include "system.h"
 #include "error.h"
 #include "mkdir-p.h"
@@ -151,6 +155,7 @@ main (int argc, char **argv)
   int optc;
   security_context_t scontext = NULL;
   struct mkdir_options options;
+  int ret = 0;
 
   options.make_ancestor_function = NULL;
   options.mode = S_IRWXUGO;
@@ -194,7 +199,17 @@ main (int argc, char **argv)
       usage (EXIT_FAILURE);
     }
 
-  if (scontext && setfscreatecon (scontext) < 0)
+  if (scontext)
+    {
+#ifdef HAVE_SMACK
+      if (smack_smackfs_path ())
+        ret = smack_set_label_for_self (scontext);
+      else
+#endif
+        ret = setfscreatecon (scontext);
+    }
+
+  if (ret < 0)
     error (EXIT_FAILURE, errno,
            _("failed to set default file creation context to %s"),
            quote (scontext));

diff --git a/src/mkfifo.c b/src/mkfifo.c
index 78ff909cc355e79be767d3c0c4d266050f40f9e8..a87a393e2ab8b1075a41a2dbf57e066eb5f8cc98 100644 (file)
--- a/src/mkfifo.c
+++ b/src/mkfifo.c
@@ -22,6 +22,10 @@
 #include <sys/types.h>
 #include <selinux/selinux.h>
 
+#ifdef HAVE_SMACK
+# include <sys/smack.h>
+#endif
+
 #include "system.h"
 #include "error.h"
 #include "modechange.h"
@@ -76,6 +80,7 @@ main (int argc, char **argv)
   int exit_status = EXIT_SUCCESS;
   int optc;
   security_context_t scontext = NULL;
+  int ret = 0;
 
   initialize_main (&argc, &argv);
   set_program_name (argv[0]);
@@ -108,7 +113,17 @@ main (int argc, char **argv)
       usage (EXIT_FAILURE);
     }
 
-  if (scontext && setfscreatecon (scontext) < 0)
+  if (scontext)
+    {
+#ifdef HAVE_SMACK
+      if (smack_smackfs_path ())
+        ret = smack_set_label_for_self (scontext);
+      else
+#endif
+        ret = setfscreatecon (scontext);
+    }
+
+  if (ret < 0)
     error (EXIT_FAILURE, errno,
            _("failed to set default file creation context to %s"),
            quote (scontext));

diff --git a/src/mknod.c b/src/mknod.c
index a384ad35cd6c0462b1b53074288717af439a839e..9f0afb3ff4c06e92aa5956a11745b53cabd9e560 100644 (file)
--- a/src/mknod.c
+++ b/src/mknod.c
@@ -22,6 +22,10 @@
 #include <sys/types.h>
 #include <selinux/selinux.h>
 
+#ifdef HAVE_SMACK
+# include <sys/smack.h>
+#endif
+
 #include "system.h"
 #include "error.h"
 #include "modechange.h"
@@ -93,6 +97,7 @@ main (int argc, char **argv)
   int expected_operands;
   mode_t node_type;
   security_context_t scontext = NULL;
+  int ret = 0;
 
   initialize_main (&argc, &argv);
   set_program_name (argv[0]);
@@ -164,7 +169,17 @@ main (int argc, char **argv)
       usage (EXIT_FAILURE);
     }
 
-  if (scontext && setfscreatecon (scontext) < 0)
+  if (scontext)
+    {
+#ifdef HAVE_SMACK
+      if (smack_smackfs_path ())
+        ret = smack_set_label_for_self (scontext);
+      else
+#endif
+        ret = setfscreatecon (scontext);
+    }
+
+  if (ret < 0)
     error (EXIT_FAILURE, errno,
            _("failed to set default file creation context to %s"),
            quote (scontext));