Changeset 3232 in MondoRescue for branches/3.2/mindi-busybox/selinux

Timestamp:

Jan 1, 2014, 12:47:38 AM (10 years ago)

Author:

Bruno Cornec

Message:

• Update mindi-busybox to 1.21.1

Location:

branches/3.2/mindi-busybox/selinux

Files:

• chcon.c (modified) (6 diffs)
• getenforce.c (modified) (1 diff)
• getsebool.c (modified) (1 diff)
• load_policy.c (modified) (1 diff)
• matchpathcon.c (modified) (1 diff)
• runcon.c (modified) (4 diffs)
• selinuxenabled.c (modified) (1 diff)
• sestatus.c (modified) (2 diffs)
• setenforce.c (modified) (1 diff)
• setfiles.c (modified) (5 diffs)
• setsebool.c (modified) (1 diff)

branches/3.2/mindi-busybox/selinux/chcon.c

@@ -8 +8 @@
  * Licensed under GPLv2, see file LICENSE in this source tree.
  */
-#include <getopt.h>
+
+//usage:#define chcon_trivial_usage
+//usage:       "[OPTIONS] CONTEXT FILE..."
+//usage:       "\n  chcon [OPTIONS] [-u USER] [-r ROLE] [-l RANGE] [-t TYPE] FILE..."
+//usage:    IF_FEATURE_CHCON_LONG_OPTIONS(
+//usage:       "\n  chcon [OPTIONS] --reference=RFILE FILE..."
+//usage:    )
+//usage:#define chcon_full_usage "\n\n"
+//usage:       "Change the security context of each FILE to CONTEXT\n"
+//usage:    IF_FEATURE_CHCON_LONG_OPTIONS(
+//usage:     "\n    -v,--verbose        Verbose"
+//usage:     "\n    -c,--changes        Report changes made"
+//usage:     "\n    -h,--no-dereference Affect symlinks instead of their targets"
+//usage:     "\n    -f,--silent,--quiet Suppress most error messages"
+//usage:     "\n    --reference=RFILE   Use RFILE's group instead of using a CONTEXT value"
+//usage:     "\n    -u,--user=USER      Set user/role/type/range in the target"
+//usage:     "\n    -r,--role=ROLE      security context"
+//usage:     "\n    -t,--type=TYPE"
+//usage:     "\n    -l,--range=RANGE"
+//usage:     "\n    -R,--recursive      Recurse"
+//usage:    )
+//usage:    IF_NOT_FEATURE_CHCON_LONG_OPTIONS(
+//usage:     "\n    -v  Verbose"
+//usage:     "\n    -c  Report changes made"
+//usage:     "\n    -h  Affect symlinks instead of their targets"
+//usage:     "\n    -f  Suppress most error messages"
+//usage:     "\n    -u USER Set user/role/type/range in the target security context"
+//usage:     "\n    -r ROLE"
+//usage:     "\n    -t TYPE"
+//usage:     "\n    -l RNG"
+//usage:     "\n    -R  Recurse"
+//usage:    )
+
 #include <selinux/context.h>
 
@@ -61 +93 @@
     if (specified_context == NULL) {
         context = set_security_context_component(file_context,
-                             user, role, type, range);
+                            user, role, type, range);
         if (!context) {
             bb_error_msg("can't compute security context from %s", file_context);
@@ -90 +122 @@
         if ((option_mask32 & OPT_VERBOSE) || ((option_mask32 & OPT_CHANHES) && !fail)) {
             printf(!fail
-                   ? "context of %s changed to %s\n"
-                   : "can't change context of %s to %s\n",
-                   fname, context_string);
+                ? "context of %s changed to %s\n"
+                : "can't change context of %s to %s\n",
+                fname, context_string);
         }
         if (!fail) {
@@ -98 +130 @@
         } else if ((option_mask32 & OPT_QUIET) == 0) {
             bb_error_msg("can't change context of %s to %s",
-                     fname, context_string);
+                    fname, context_string);
         }
     } else if (option_mask32 & OPT_VERBOSE) {
@@ -150 +182 @@
     if (option_mask32 & OPT_REFERENCE) {
         /* FIXME: lgetfilecon() should be used when '-h' is specified.
-           But current implementation follows the original one. */
+         * But current implementation follows the original one. */
         if (getfilecon(reference_file, &specified_context) < 0)
             bb_perror_msg_and_die("getfilecon('%s') failed", reference_file);
@@ -170 +202 @@
 
         if (recursive_action(fname,
-                     1<<option_mask32 & OPT_RECURSIVE,
-                     change_filedir_context,
-                     change_filedir_context,
-                     NULL, 0) != TRUE)
+                    1<<option_mask32 & OPT_RECURSIVE,
+                    change_filedir_context,
+                    change_filedir_context,
+                    NULL, 0) != TRUE)
             errors = 1;
     }

branches/3.2/mindi-busybox/selinux/getenforce.c

@@ -7 +7 @@
  * Licensed under GPLv2, see file LICENSE in this source tree.
  */
+
+//usage:#define getenforce_trivial_usage NOUSAGE_STR
+//usage:#define getenforce_full_usage ""
 
 #include "libbb.h"

branches/3.2/mindi-busybox/selinux/getsebool.c

@@ -7 +7 @@
  * Licensed under GPLv2, see file LICENSE in this source tree.
  */
+
+//usage:#define getsebool_trivial_usage
+//usage:       "-a or getsebool boolean..."
+//usage:#define getsebool_full_usage "\n\n"
+//usage:       "    -a  Show all selinux booleans"
 
 #include "libbb.h"

branches/3.2/mindi-busybox/selinux/load_policy.c

@@ -5 +5 @@
  * Licensed under GPLv2, see file LICENSE in this source tree.
  */
+
+//usage:#define load_policy_trivial_usage NOUSAGE_STR
+//usage:#define load_policy_full_usage ""
+
 #include "libbb.h"
 

branches/3.2/mindi-busybox/selinux/matchpathcon.c

@@ -6 +6 @@
  * Licensed under GPLv2, see file LICENSE in this source tree.
  */
+
+//usage:#define matchpathcon_trivial_usage
+//usage:       "[-n] [-N] [-f file_contexts_file] [-p prefix] [-V]"
+//usage:#define matchpathcon_full_usage "\n\n"
+//usage:       "    -n  Don't display path"
+//usage:     "\n    -N  Don't use translations"
+//usage:     "\n    -f  Use alternate file_context file"
+//usage:     "\n    -p  Use prefix to speed translations"
+//usage:     "\n    -V  Verify file context on disk matches defaults"
+
 #include "libbb.h"
 

branches/3.2/mindi-busybox/selinux/runcon.c

@@ -29 +29 @@
  * Licensed under GPLv2, see file LICENSE in this source tree.
  */
-#include <getopt.h>
+
+//usage:#define runcon_trivial_usage
+//usage:       "[-c] [-u USER] [-r ROLE] [-t TYPE] [-l RANGE] PROG ARGS\n"
+//usage:       "runcon CONTEXT PROG ARGS"
+//usage:#define runcon_full_usage "\n\n"
+//usage:       "Run PROG in a different security context\n"
+//usage:     "\n    CONTEXT     Complete security context\n"
+//usage:    IF_FEATURE_RUNCON_LONG_OPTIONS(
+//usage:     "\n    -c,--compute    Compute process transition context before modifying"
+//usage:     "\n    -t,--type=TYPE  Type (for same role as parent)"
+//usage:     "\n    -u,--user=USER  User identity"
+//usage:     "\n    -r,--role=ROLE  Role"
+//usage:     "\n    -l,--range=RNG  Levelrange"
+//usage:    )
+//usage:    IF_NOT_FEATURE_RUNCON_LONG_OPTIONS(
+//usage:     "\n    -c  Compute process transition context before modifying"
+//usage:     "\n    -t TYPE Type (for same role as parent)"
+//usage:     "\n    -u USER User identity"
+//usage:     "\n    -r ROLE Role"
+//usage:     "\n    -l RNG  Levelrange"
+//usage:    )
+
 #include <selinux/context.h>
 #include <selinux/flask.h>
@@ -36 +57 @@
 
 static context_t runcon_compute_new_context(char *user, char *role, char *type, char *range,
-                        char *command, int compute_trans)
+            char *command, int compute_trans)
 {
     context_t con;
@@ -49 +70 @@
         if (getfilecon(command, &file_context) < 0)
             bb_error_msg_and_die("can't retrieve attributes of '%s'",
-                         command);
+                    command);
         if (security_compute_create(cur_context, file_context,
-                        SECCLASS_PROCESS, &new_context))
+                    SECCLASS_PROCESS, &new_context))
             bb_error_msg_and_die("unable to compute a new context");
         cur_context = new_context;
@@ -127 +148 @@
     if (security_check_context(context_str(con)))
         bb_error_msg_and_die("'%s' is not a valid context",
-                     context_str(con));
+                context_str(con));
 
     if (setexeccon(context_str(con)))
         bb_error_msg_and_die("can't set up security context '%s'",
-                     context_str(con));
+                context_str(con));
 
-    execvp(argv[0], argv);
-    bb_perror_msg_and_die("can't execute '%s'", argv[0]);
+    BB_EXECVP_or_die(argv);
 }

branches/3.2/mindi-busybox/selinux/selinuxenabled.c

@@ -7 +7 @@
  * Licensed under GPLv2, see file LICENSE in this source tree.
  */
+
+//usage:#define selinuxenabled_trivial_usage NOUSAGE_STR
+//usage:#define selinuxenabled_full_usage ""
+
 #include "libbb.h"
 

branches/3.2/mindi-busybox/selinux/sestatus.c

@@ -9 +9 @@
  */
 
+//usage:#define sestatus_trivial_usage
+//usage:       "[-vb]"
+//usage:#define sestatus_full_usage "\n\n"
+//usage:       "    -v  Verbose"
+//usage:     "\n    -b  Display current state of booleans"
+
 #include "libbb.h"
 
@@ -36 +42 @@
             goto skip;
         printf(COL_FMT "%s",
-               bools[i], active == 0 ? "off" : "on");
+                bools[i], active == 0 ? "off" : "on");
         if (active != pending)
             printf(" (%sactivate pending)", pending == 0 ? "in" : "");

branches/3.2/mindi-busybox/selinux/setenforce.c

@@ -7 +7 @@
  * Licensed under GPLv2, see file LICENSE in this source tree.
  */
+
+//usage:#define setenforce_trivial_usage
+//usage:       "[Enforcing | Permissive | 1 | 0]"
+//usage:#define setenforce_full_usage ""
 
 #include "libbb.h"

branches/3.2/mindi-busybox/selinux/setfiles.c

@@ -4 +4 @@
   Port to BusyBox (c) 2007 by Yuichi Nakamura <ynakam@hitachisoft.jp>
 */
+
+//usage:#define setfiles_trivial_usage
+//usage:       "[-dnpqsvW] [-e DIR]... [-o FILE] [-r alt_root_path]"
+//usage:    IF_FEATURE_SETFILES_CHECK_OPTION(
+//usage:       " [-c policyfile] spec_file"
+//usage:    )
+//usage:       " pathname"
+//usage:#define setfiles_full_usage "\n\n"
+//usage:       "Reset file contexts under pathname according to spec_file\n"
+//usage:    IF_FEATURE_SETFILES_CHECK_OPTION(
+//usage:     "\n    -c FILE Check the validity of the contexts against the specified binary policy"
+//usage:    )
+//usage:     "\n    -d  Show which specification matched each file"
+//usage:     "\n    -l  Log changes in file labels to syslog"
+//usage:     "\n    -n  Don't change any file labels"
+//usage:     "\n    -q  Suppress warnings"
+//usage:     "\n    -r DIR  Use an alternate root path"
+//usage:     "\n    -e DIR  Exclude DIR"
+//usage:     "\n    -F  Force reset of context to match file_context for customizable files"
+//usage:     "\n    -o FILE Save list of files with incorrect context"
+//usage:     "\n    -s  Take a list of files from stdin (instead of command line)"
+//usage:     "\n    -v  Show changes in file labels, if type or role are changing"
+//usage:     "\n    -vv Show changes in file labels, if type, role, or user are changing"
+//usage:     "\n    -W  Display warnings about entries that had no matching files"
+//usage:
+//usage:#define restorecon_trivial_usage
+//usage:       "[-iFnRv] [-e EXCLUDEDIR]... [-o FILE] [-f FILE]"
+//usage:#define restorecon_full_usage "\n\n"
+//usage:       "Reset security contexts of files in pathname\n"
+//usage:     "\n    -i  Ignore files that don't exist"
+//usage:     "\n    -f FILE File with list of files to process"
+//usage:     "\n    -e DIR  Directory to exclude"
+//usage:     "\n    -R,-r   Recurse"
+//usage:     "\n    -n  Don't change any file labels"
+//usage:     "\n    -o FILE Save list of files with incorrect context"
+//usage:     "\n    -v  Verbose"
+//usage:     "\n    -vv Show changed labels"
+//usage:     "\n    -F  Force reset of context to match file_context"
+//usage:     "\n        for customizable files, or the user section,"
+//usage:     "\n        if it has changed"
 
 #include "libbb.h"
@@ -459 +499 @@
     if (S_ISDIR(sb.st_mode) && recurse) {
         if (recursive_action(name,
-                     ACTION_RECURSE,
-                     apply_spec,
-                     apply_spec,
-                     NULL, 0) != TRUE) {
+                ACTION_RECURSE,
+                apply_spec,
+                apply_spec,
+                NULL, 0) != TRUE
+        ) {
             bb_error_msg("error while labeling %s", name);
             goto err;
@@ -545 +586 @@
                 IF_FEATURE_SETFILES_CHECK_OPTION("c:"),
             &exclude_dir, &input_filename, &rootpath, &out_filename,
-                 IF_FEATURE_SETFILES_CHECK_OPTION(&policyfile,)
+                IF_FEATURE_SETFILES_CHECK_OPTION(&policyfile,)
             &verbose);
     }
@@ -561 +602 @@
 
         /* Only process the specified file_contexts file, not
-           any .homedirs or .local files, and do not perform
-           context translations. */
+         * any .homedirs or .local files, and do not perform
+         * context translations. */
         set_matchpathcon_flags(MATCHPATHCON_BASEONLY |
                        MATCHPATHCON_NOTRANS |
@@ -592 +633 @@
     if (applet_name[0] == 's') { /* setfiles */
         /* Use our own invalid context checking function so that
-           we can support either checking against the active policy or
-           checking against a binary policy file. */
+         * we can support either checking against the active policy or
+         * checking against a binary policy file. */
         set_matchpathcon_canoncon(&canoncon);
         if (!argv[0])

branches/3.2/mindi-busybox/selinux/setsebool.c

@@ -8 +8 @@
  * Licensed under GPLv2, see file LICENSE in this source tree.
  */
+
+//usage:#define setsebool_trivial_usage
+//usage:       "boolean value"
+//usage:#define setsebool_full_usage "\n\n"
+//usage:       "Change boolean setting"
 
 #include "libbb.h"