From 27ce8a54bbd529e12ccb4f3433ac5a6aa944e2d1 Mon Sep 17 00:00:00 2001 From: Miloslav Trmac Date: Mon, 30 Jan 2006 21:28:09 +0000 Subject: [PATCH] - Updated SELinux patch, --context is no longer valid (use -context) --- findutils-selinux.patch | 571 +++++++++++++++++++++------------------- findutils.spec | 5 +- 2 files changed, 304 insertions(+), 272 deletions(-) diff --git a/findutils-selinux.patch b/findutils-selinux.patch index 8f371f4..cfea0a1 100644 --- a/findutils-selinux.patch +++ b/findutils-selinux.patch @@ -1,107 +1,61 @@ ---- findutils-4.2.27/find/parser.c.selinux 2005-12-04 03:07:52.000000000 +0100 -+++ findutils-4.2.27/find/parser.c 2006-01-12 07:36:36.000000000 +0100 -@@ -47,6 +47,10 @@ - /* We need for isatty(). */ - #include +diff -ur --exclude '*.o' --exclude '*~' --exclude '*.selinux' findutils-4.2.27/configure.in findutils/configure.in +--- findutils-4.2.27/configure.in 2005-12-06 07:53:12.000000000 +0100 ++++ findutils/configure.in 2006-01-30 21:10:04.000000000 +0100 +@@ -95,6 +95,16 @@ + AC_CHECK_FUNC(getpwnam, [], + [AC_CHECK_LIB(sun, getpwnam)]) -+#ifdef WITH_SELINUX -+#include -+#endif /*WITH_SELINUX*/ ++AC_ARG_WITH([selinux], ++ AS_HELP_STRING([--without-selinux], [disable SELinux support]), ++ [:], ++[AC_CHECK_LIB([selinux], [is_selinux_enabled], ++ [with_selinux=yes], [with_selinux=no])]) ++if test x$with_selinux != xno; then ++ AC_DEFINE([WITH_SELINUX], [1], [Define to support SELinux]) ++ AC_SUBST([LIBSELINUX], [-lselinux]) ++fi + - #if ENABLE_NLS - # include - # define _(Text) gettext (Text) -@@ -147,6 +151,9 @@ - static boolean parse_warn PARAMS((const struct parser_table*, char *argv[], int *arg_ptr)); - static boolean parse_xtype PARAMS((const struct parser_table*, char *argv[], int *arg_ptr)); - static boolean parse_quit PARAMS((const struct parser_table*, char *argv[], int *arg_ptr)); -+#ifdef WITH_SELINUX -+static boolean parse_scontext PARAMS((const struct parser_table*, char *argv[], int *arg_ptr)); -+#endif /*WITH_SELINUX*/ + dnl Checks for header files. + AC_HEADER_STDC + dnl Assume unistd.h is present - coreutils does too. +diff -ur --exclude '*.o' --exclude '*~' --exclude '*.selinux' findutils-4.2.27/doc/find.texi findutils/doc/find.texi +--- findutils-4.2.27/doc/find.texi 2005-12-05 08:35:33.000000000 +0100 ++++ findutils/doc/find.texi 2006-01-30 21:20:10.000000000 +0100 +@@ -1091,6 +1091,14 @@ + @end deffn ++@deffn Test -context pattern ++True if file's SELinux context matches the pattern @var{pattern}. ++The pattern uses shell glob matching. ++ ++This predicate is supported only on @code{find} versions compiled with ++SELinux support and only when SELinux is enabled. ++@end deffn ++ + @node Contents + @section Contents -@@ -298,6 +305,8 @@ - {ARG_TEST, "-help", parse_help, NULL}, /* GNU */ - {ARG_TEST, "version", parse_version, NULL}, /* GNU */ - {ARG_TEST, "-version", parse_version, NULL}, /* GNU */ -+ {ARG_TEST, "context", parse_scontext, pred_scontext}, /* SELinux */ -+ {ARG_TEST, "-context", parse_scontext, pred_scontext}, /* SELinux */ - {0, 0, 0, 0} - }; - -@@ -803,6 +812,10 @@ - -nouser -nogroup -path PATTERN -perm [+-]MODE -regex PATTERN\n\ - -wholename PATTERN -size N[bcwkMG] -true -type [bcdpflsD] -uid N\n\ - -used N -user NAME -xtype [bcdpfls]\n")); -+#ifdef WITH_SELINUX -+ puts (_("\ -+ -context CONTEXT\n")); -+#endif /*WITH_SELINUX*/ - puts (_("\ - actions: -delete -print0 -printf FORMAT -fprintf FILE FORMAT -print \n\ - -fprint0 FILE -fprint FILE -ls -fls FILE -prune -quit\n\ -@@ -1727,6 +1740,29 @@ - exit (0); - } +@@ -1610,6 +1618,9 @@ + file is a sparse file (that is, it has ``holes''). + @item %s + File's size in bytes. ++@item %Z ++File's SELinux context, or empty string if the file has no SELinux context ++or this version of find does not support SELinux. + @end table -+#ifdef WITH_SELINUX -+ -+static boolean -+parse_scontext ( const struct parser_table* entry, char **argv, int *arg_ptr) -+{ -+ struct predicate *our_pred; -+ -+ if ( (argv == NULL) || (argv[*arg_ptr] == NULL) ) -+ return( false ); -+ -+ our_pred = insert_primary(entry); -+ our_pred->need_stat = false; -+#ifdef DEBUG -+ our_pred->p_name = find_pred_name (pred_scontext); -+#endif /*DEBUG*/ -+ our_pred->args.scontext = argv[*arg_ptr];; -+ -+ (*arg_ptr)++; -+ return( true ); -+} -+ -+#endif /*WITH_SELINUX*/ -+ - static boolean - parse_xdev (const struct parser_table* entry, char **argv, int *arg_ptr) - { -@@ -1964,7 +2000,11 @@ - if (*scan2 == '.') - for (scan2++; ISDIGIT (*scan2); scan2++) - /* Do nothing. */ ; -+#ifdef WITH_SELINUX -+ if (strchr ("abcdDfFgGhHiklmMnpPstuUyYZ", *scan2)) -+#else /* WITH_SELINUX */ - if (strchr ("abcdDfFgGhHiklmMnpPstuUyY", *scan2)) -+#endif /* WITH_SELINUX */ - { - segmentp = make_segment (segmentp, format, scan2 - format, - (int) *scan2); -@@ -2046,6 +2086,9 @@ - case 'H': /* ARGV element file was found under */ - case 'p': /* pathname */ - case 'P': /* pathname with ARGV element stripped */ -+#ifdef WITH_SELINUX -+ case 'Z': /* SELinux security context */ -+#endif /* WITH_SELINUX */ - *fmt++ = 's'; - break; - ---- findutils-4.2.27/find/defs.h.selinux 2005-09-04 19:59:34.000000000 +0200 -+++ findutils-4.2.27/find/defs.h 2006-01-12 07:36:19.000000000 +0100 + @node Location Directives +diff -ur --exclude '*.o' --exclude '*~' --exclude '*.selinux' findutils-4.2.27/find/defs.h findutils/find/defs.h +--- findutils-4.2.27/find/defs.h 2005-09-04 19:59:34.000000000 +0200 ++++ findutils/find/defs.h 2006-01-30 21:15:38.000000000 +0100 @@ -131,6 +131,10 @@ #define MODE_RWX (S_IXUSR | S_IXGRP | S_IXOTH | MODE_RW) #define MODE_ALL (S_ISUID | S_ISGID | S_ISVTX | MODE_RWX) +#ifdef WITH_SELINUX +#include -+#endif /*WITH_SELINUX*/ ++#endif + #if 1 #include @@ -112,7 +66,7 @@ FILE *stream; /* ls fls fprint0 */ +#ifdef WITH_SELINUX + security_context_t scontext; /* scontext */ -+#endif /*WITH_SELINUX*/ ++#endif struct format_val printf_vec; /* printf fprintf fprint */ } args; @@ -121,8 +75,8 @@ boolean pred_user PARAMS((char *pathname, struct stat *stat_buf, struct predicate *pred_ptr)); boolean pred_xtype PARAMS((char *pathname, struct stat *stat_buf, struct predicate *pred_ptr)); +#ifdef WITH_SELINUX -+boolean pred_scontext PARAMS((char *pathname, struct stat *stat_buf, struct predicate *pred_ptr)); -+#endif /* WITH_SELINUX */ ++boolean pred_context PARAMS((char *pathname, struct stat *stat_buf, struct predicate *pred_ptr)); ++#endif @@ -133,58 +87,24 @@ + +#ifdef WITH_SELINUX + int (*x_getfilecon) (); -+#endif /* WITH_SELINUX */ ++#endif }; extern struct options options; ---- findutils-4.2.27/find/Makefile.am.selinux 2005-07-03 18:07:08.000000000 +0200 -+++ findutils-4.2.27/find/Makefile.am 2006-01-12 07:36:19.000000000 +0100 -@@ -5,8 +5,9 @@ - # regexprops_SOURCES = regexprops.c - find_SOURCES = find.c fstype.c parser.c pred.c tree.c util.c version.c - EXTRA_DIST = defs.h $(man_MANS) -+DEFS = @DEFS@ -I. -I$(srcdir) -I.. -DWITH_SELINUX - INCLUDES = -I../gnulib/lib -I$(top_srcdir)/lib -I$(top_srcdir)/gnulib/lib -I../intl -DLOCALEDIR=\"$(localedir)\" --LDADD = ../lib/libfind.a ../gnulib/lib/libgnulib.a @INTLLIBS@ -+LDADD = ../lib/libfind.a ../gnulib/lib/libgnulib.a @INTLLIBS@ -lselinux - man_MANS = find.1 - SUBDIRS = testsuite - ---- findutils-4.2.27/find/find.1.selinux 2005-12-05 18:05:02.000000000 +0100 -+++ findutils-4.2.27/find/find.1 2006-01-12 07:36:19.000000000 +0100 -@@ -483,6 +483,9 @@ - link to a file of type \fIc\fR; if the \-L option has been given, true - if \fIc\fR is `l'. In other words, for symbolic links, \-xtype checks - the type of the file that \-type does not check. -+.IP "\-context \fIscontext\fR" -+.IP "\--context \fIscontext\fR" -+(SELinux only) File has the security context \fIscontext\fR. - - .SS ACTIONS - .IP "\-delete\fR" -@@ -785,6 +788,8 @@ - File's type (like in ls \-l), U=unknown type (shouldn't happen) - .IP %Y - File's type (like %y), plus follow symlinks: L=loop, N=nonexistent -+.IP %Z -+(SELinux only) file's security context. - .PP - A `%' character followed by any other character is discarded (but the - other character is printed). ---- findutils-4.2.27/find/find.c.selinux 2005-11-11 08:41:37.000000000 +0100 -+++ findutils-4.2.27/find/find.c 2006-01-12 07:36:19.000000000 +0100 -@@ -244,6 +244,93 @@ - { +diff -ur --exclude '*.o' --exclude '*~' --exclude '*.selinux' findutils-4.2.27/find/find.c findutils/find/find.c +--- findutils-4.2.27/find/find.c 2005-11-11 08:41:37.000000000 +0100 ++++ findutils/find/find.c 2006-01-30 21:15:21.000000000 +0100 +@@ -245,6 +245,93 @@ return lstat(name, p); } + +#ifdef WITH_SELINUX -+ +static int +fallback_getfilecon(const char *name, security_context_t *p, int prev_rv) +{ + /* Our original getfilecon() call failed. Perhaps we can't follow a -+ * symbolic link. If that might be the problem, lgetfilecon() the link. -+ * Otherwise, admit defeat. ++ * symbolic link. If that might be the problem, lgetfilecon() the link. ++ * Otherwise, admit defeat. + */ + switch (errno) + { @@ -210,7 +130,7 @@ + +/* optionh_getfilecon() implements the getfilecon operation when the + * -H option is in effect. -+ * ++ * + * If the item to be examined is a command-line argument, we follow + * symbolic links. If the getfilecon() call fails on the command-line + * item, we fall back on the properties of the symbolic link. @@ -218,13 +138,13 @@ + * If the item to be examined is not a command-line argument, we + * examine the link itself. + */ -+int ++int +optionh_getfilecon(const char *name, security_context_t *p) +{ -+ if (0 == state.curdepth) ++ if (0 == state.curdepth) + { + /* This file is from the command line; deference the link (if it -+ * is a link). ++ * is a link). + */ + int rv = getfilecon(name, p); + if (0 == rv) @@ -244,7 +164,7 @@ + * -L option is in effect. That option makes us examine the thing the + * symbolic link points to, not the symbolic link itself. + */ -+int ++int +optionl_getfilecon(const char *name, security_context_t *p) +{ + int rv = getfilecon(name, p); @@ -258,22 +178,23 @@ + * option is in effect (this is also the default). That option makes + * us examine the symbolic link itself, not the thing it points to. + */ -+int ++int +optionp_getfilecon(const char *name, security_context_t *p) +{ + return lgetfilecon(name, p); +} +#endif /* WITH_SELINUX */ - ++ #ifdef DEBUG_STAT static uintmax_t stat_count = 0u; + @@ -272,11 +359,17 @@ { case SYMLINK_ALWAYS_DEREF: /* -L */ options.xstat = optionl_stat; +#ifdef WITH_SELINUX + options.x_getfilecon = optionl_getfilecon; -+#endif /* WITH_SELINUX */ ++#endif options.no_leaf_check = true; break; @@ -281,7 +202,7 @@ options.xstat = optionp_stat; +#ifdef WITH_SELINUX + options.x_getfilecon = optionp_getfilecon; -+#endif /* WITH_SELINUX */ ++#endif /* Can't turn no_leaf_check off because the user might have specified * -noleaf anyway */ @@ -291,36 +212,11 @@ options.xstat = optionh_stat; +#ifdef WITH_SELINUX + options.x_getfilecon = optionh_getfilecon; -+#endif /* WITH_SELINUX */ ++#endif options.no_leaf_check = true; } -@@ -389,6 +485,9 @@ - int - main (int argc, char **argv) - { -+#ifdef WITH_SELINUX -+ int is_selinux_enabled_flag = is_selinux_enabled()>0; -+#endif /* WITH_SELINUX */ - int i; - const struct parser_table *entry_close, *entry_print, *entry_open; - const struct parser_table *parse_entry; /* Pointer to the parsing table entry for this expression. */ -@@ -538,6 +637,14 @@ - if (strchr ("-!(),", argv[i][0]) == NULL) - usage (_("paths must precede expression")); - predicate_name = argv[i]; -+#ifdef WITH_SELINUX -+ if (! is_selinux_enabled_flag) { -+ if ((strncmp(predicate_name,"-context",strlen("-context"))==0) || -+ (strncmp(predicate_name,"--context",strlen("--context"))==0)) { -+ error (1, 0,_("Error: invalid predicate %s: the kernel is not selinux-enabled.\n"),predicate_name); -+ } -+ } -+#endif - parse_entry = find_parser (predicate_name); - if (parse_entry == NULL) - { -@@ -1807,7 +1914,7 @@ +@@ -1807,7 +1903,7 @@ static void process_dir (char *pathname, char *name, int pathlen, struct stat *statp, char *parent) { @@ -329,8 +225,237 @@ boolean subdirs_unreliable; /* if true, cannot use dir link count as subdir limif (if false, it may STILL be unreliable) */ int idx; /* Which entry are we on? */ struct stat stat_buf; ---- findutils-4.2.27/find/util.c.selinux 2005-07-01 23:45:18.000000000 +0200 -+++ findutils-4.2.27/find/util.c 2006-01-12 07:36:19.000000000 +0100 +diff -ur --exclude '*.o' --exclude '*~' --exclude '*.selinux' findutils-4.2.27/find/find.1 findutils/find/find.1 +--- findutils-4.2.27/find/find.1 2005-12-05 18:05:02.000000000 +0100 ++++ findutils/find/find.1 2006-01-30 21:46:01.000000000 +0100 +@@ -483,6 +483,8 @@ + link to a file of type \fIc\fR; if the \-L option has been given, true + if \fIc\fR is `l'. In other words, for symbolic links, \-xtype checks + the type of the file that \-type does not check. ++.IP "\-context \fIpattern\fR" ++(SELinux only) Security context of the file matches glob \fIpattern\fR. + + .SS ACTIONS + .IP "\-delete\fR" +@@ -785,6 +787,8 @@ + File's type (like in ls \-l), U=unknown type (shouldn't happen) + .IP %Y + File's type (like %y), plus follow symlinks: L=loop, N=nonexistent ++.IP %Z ++(SELinux only) file's security context. + .PP + A `%' character followed by any other character is discarded (but the + other character is printed). +diff -ur --exclude '*.o' --exclude '*~' --exclude '*.selinux' findutils-4.2.27/find/Makefile.am findutils/find/Makefile.am +--- findutils-4.2.27/find/Makefile.am 2005-07-03 18:07:08.000000000 +0200 ++++ findutils/find/Makefile.am 2006-01-30 21:46:39.000000000 +0100 +@@ -6,7 +6,7 @@ + find_SOURCES = find.c fstype.c parser.c pred.c tree.c util.c version.c + EXTRA_DIST = defs.h $(man_MANS) + INCLUDES = -I../gnulib/lib -I$(top_srcdir)/lib -I$(top_srcdir)/gnulib/lib -I../intl -DLOCALEDIR=\"$(localedir)\" +-LDADD = ../lib/libfind.a ../gnulib/lib/libgnulib.a @INTLLIBS@ ++LDADD = ../lib/libfind.a ../gnulib/lib/libgnulib.a @INTLLIBS@ @LIBSELINUX@ + man_MANS = find.1 + SUBDIRS = testsuite + +diff -ur --exclude '*.o' --exclude '*~' --exclude '*.selinux' findutils-4.2.27/find/parser.c findutils/find/parser.c +--- findutils-4.2.27/find/parser.c 2005-12-04 03:07:52.000000000 +0100 ++++ findutils/find/parser.c 2006-01-30 21:14:46.000000000 +0100 +@@ -47,6 +47,10 @@ + /* We need for isatty(). */ + #include + ++#ifdef WITH_SELINUX ++#include ++#endif ++ + #if ENABLE_NLS + # include + # define _(Text) gettext (Text) +@@ -147,6 +151,9 @@ + static boolean parse_warn PARAMS((const struct parser_table*, char *argv[], int *arg_ptr)); + static boolean parse_xtype PARAMS((const struct parser_table*, char *argv[], int *arg_ptr)); + static boolean parse_quit PARAMS((const struct parser_table*, char *argv[], int *arg_ptr)); ++#ifdef WITH_SELINUX ++static boolean parse_context PARAMS((const struct parser_table*, char *argv[], int *arg_ptr)); ++#endif + + + +@@ -217,6 +224,9 @@ + PARSE_TEST ("cmin", cmin), /* GNU */ + PARSE_TEST ("cnewer", cnewer), /* GNU */ + PARSE_TEST ("ctime", ctime), ++#ifdef WITH_SELINUX ++ PARSE_TEST ("context", context), /* GNU */ ++#endif + PARSE_POSOPT ("daystart", daystart), /* GNU */ + PARSE_ACTION ("delete", delete), /* GNU, Mac OS, FreeBSD */ + PARSE_OPTION ("d", d), /* Mac OS X, FreeBSD, NetBSD, OpenBSD, but deprecated in favour of -depth */ +@@ -802,8 +812,12 @@ + puts (_("\ + -nouser -nogroup -path PATTERN -perm [+-]MODE -regex PATTERN\n\ + -wholename PATTERN -size N[bcwkMG] -true -type [bcdpflsD] -uid N\n\ +- -used N -user NAME -xtype [bcdpfls]\n")); ++ -used N -user NAME -xtype [bcdpfls]")); ++#ifdef WITH_SELINUX + puts (_("\ ++ -context CONTEXT\n")); ++#endif ++ puts (_("\n\ + actions: -delete -print0 -printf FORMAT -fprintf FILE FORMAT -print \n\ + -fprint0 FILE -fprint FILE -ls -fls FILE -prune -quit\n\ + -exec COMMAND ; -exec COMMAND {} + -ok COMMAND ;\n\ +@@ -1716,6 +1730,10 @@ + printf("LEAF_OPTIMISATION "); + ++features; + #endif ++#if defined(WITH_SELINUX) ++ printf("SELINUX "); ++ ++features; ++#endif + if (0 == features) + { + /* For the moment, leave this as English in case someone wants +@@ -1727,6 +1745,32 @@ + exit (0); + } + ++#ifdef WITH_SELINUX ++static boolean ++parse_context (const struct parser_table* entry, char **argv, int *arg_ptr) ++{ ++ struct predicate *our_pred; ++ ++ if ((argv == NULL) || (argv[*arg_ptr] == NULL)) ++ return false; ++ ++ if (is_selinux_enabled() <= 0) ++ { ++ error (1, 0, _("invalid predicate -context: SELinux is not enabled.")); ++ return false; ++ } ++ our_pred = insert_primary (entry); ++ our_pred->need_stat = false; ++#ifdef DEBUG ++ our_pred->p_name = find_pred_name (pred_context); ++#endif /*DEBUG*/ ++ our_pred->args.scontext = argv[*arg_ptr]; ++ ++ (*arg_ptr)++; ++ return true; ++} ++#endif /* WITH_SELINUX */ ++ + static boolean + parse_xdev (const struct parser_table* entry, char **argv, int *arg_ptr) + { +@@ -1964,7 +2008,7 @@ + if (*scan2 == '.') + for (scan2++; ISDIGIT (*scan2); scan2++) + /* Do nothing. */ ; +- if (strchr ("abcdDfFgGhHiklmMnpPstuUyY", *scan2)) ++ if (strchr ("abcdDfFgGhHiklmMnpPstuUyYZ", *scan2)) + { + segmentp = make_segment (segmentp, format, scan2 - format, + (int) *scan2); +@@ -2046,6 +2090,7 @@ + case 'H': /* ARGV element file was found under */ + case 'p': /* pathname */ + case 'P': /* pathname with ARGV element stripped */ ++ case 'Z': /* SELinux security context */ + *fmt++ = 's'; + break; + +diff -ur --exclude '*.o' --exclude '*~' --exclude '*.selinux' findutils-4.2.27/find/pred.c findutils/find/pred.c +--- findutils-4.2.27/find/pred.c 2005-11-30 07:17:15.000000000 +0100 ++++ findutils/find/pred.c 2006-01-30 21:13:18.000000000 +0100 +@@ -38,6 +38,10 @@ + #include "buildcmd.h" + #include "yesno.h" + ++#ifdef WITH_SELINUX ++#include ++#endif /*WITH_SELINUX*/ ++ + #if ENABLE_NLS + # include + # define _(Text) gettext (Text) +@@ -215,6 +219,9 @@ + {pred_used, "used "}, + {pred_user, "user "}, + {pred_xtype, "xtype "}, ++#ifdef WITH_SELINUX ++ {pred_context, "context"}, ++#endif /*WITH_SELINUX*/ + {0, "none "} + }; + +@@ -903,6 +910,27 @@ + mode_to_filetype(stat_buf->st_mode & S_IFMT)); + } + break; ++ case 'Z': /* SELinux security context */ ++#ifdef WITH_SELINUX ++ { ++ security_context_t scontext; ++ int rv; ++ rv = (*options.x_getfilecon) (state.rel_pathname, &scontext); ++ ++ if (rv < 0) ++ { ++ fprintf (stderr, "getfilecon(%s): %s", pathname, ++ strerror(errno)); ++ fflush (stderr); ++ } ++ else ++ { ++ fprintf (fp, segment->text, scontext); ++ freecon (scontext); ++ } ++ } ++#endif /* WITH_SELINUX */ ++ break; + } + } + return true; +@@ -1493,6 +1521,33 @@ + */ + return (pred_type (pathname, &sbuf, pred_ptr)); + } ++ ++ ++#ifdef WITH_SELINUX ++ ++boolean ++pred_context (char *pathname, struct stat *stat_buf, ++ struct predicate *pred_ptr) ++{ ++ int rv; ++ security_context_t scontext; ++ ++ rv = (*options.x_getfilecon) (state.rel_pathname, &scontext); ++ ++ if (rv < 0) ++ { ++ fprintf (stderr, "getfilecon(%s): %s\n", pathname, strerror(errno)); ++ fflush (stderr); ++ return false; ++ } ++ ++ rv = (fnmatch (pred_ptr->args.scontext, scontext, 0) == 0); ++ freecon (scontext); ++ return rv; ++} ++ ++#endif /*WITH_SELINUX*/ ++ + + /* 1) fork to get a child; parent remembers the child pid + 2) child execs the command requested +diff -ur --exclude '*.o' --exclude '*~' --exclude '*.selinux' findutils-4.2.27/find/util.c findutils/find/util.c +--- findutils-4.2.27/find/util.c 2005-07-01 23:45:18.000000000 +0200 ++++ findutils/find/util.c 2006-01-27 14:38:43.000000000 +0100 @@ -78,6 +78,9 @@ last_pred->need_stat = true; last_pred->need_type = true; @@ -341,99 +466,3 @@ last_pred->pred_next = NULL; last_pred->pred_left = NULL; last_pred->pred_right = NULL; ---- findutils-4.2.27/find/pred.c.selinux 2005-11-30 07:17:15.000000000 +0100 -+++ findutils-4.2.27/find/pred.c 2006-01-12 07:36:28.000000000 +0100 -@@ -38,6 +38,14 @@ - #include "buildcmd.h" - #include "yesno.h" - -+#ifdef WITH_SELINUX -+#include -+#endif /*WITH_SELINUX*/ -+ -+#ifndef FNM_CASEFOLD -+#define FNM_CASEFOLD (1<<4) -+#endif /*FNM_CASEFOLD*/ -+ - #if ENABLE_NLS - # include - # define _(Text) gettext (Text) -@@ -83,7 +91,6 @@ - - - -- - /* Get or fake the disk device blocksize. - Usually defined by sys/param.h (if at all). */ - #ifndef DEV_BSIZE -@@ -215,6 +222,9 @@ - {pred_used, "used "}, - {pred_user, "user "}, - {pred_xtype, "xtype "}, -+#ifdef WITH_SELINUX -+ {pred_scontext, "context"}, -+#endif /*WITH_SELINUX*/ - {0, "none "} - }; - -@@ -903,6 +913,25 @@ - mode_to_filetype(stat_buf->st_mode & S_IFMT)); - } - break; -+#ifdef WITH_SELINUX -+ case 'Z': /* SELinux security context */ -+ { -+ security_context_t scontext; -+ int rv; -+ rv = (*options.x_getfilecon)(state.rel_pathname, &scontext); -+ -+ if ( rv < 0 ) { -+ (void) fprintf(stderr, "getfileconf(%s): %s", -+ pathname, strerror(errno)); -+ (void) fflush(stderr); -+ } -+ else { -+ (void) fprintf (fp, segment->text, scontext); -+ freecon(scontext); -+ } -+ } -+ break ; -+#endif /* WITH_SELINUX */ - } - } - return true; -@@ -1493,6 +1522,34 @@ - */ - return (pred_type (pathname, &sbuf, pred_ptr)); - } -+ -+ -+#ifdef WITH_SELINUX -+ -+boolean -+pred_scontext ( pathname, stat_buf, pred_ptr ) -+ char *pathname; -+ struct stat *stat_buf; -+ struct predicate *pred_ptr; -+{ -+ int rv; -+ security_context_t scontext; -+ -+ rv = (* options.x_getfilecon)(state.rel_pathname, &scontext); -+ -+ if ( rv < 0 ) { -+ (void) fprintf(stderr, "getfilecon(%s): %s\n", pathname, strerror(errno)); -+ (void) fflush(stderr); -+ return ( false ); -+ } -+ -+ rv = (fnmatch(pred_ptr->args.scontext, scontext,0)==0); -+ freecon(scontext); -+ return rv; -+} -+ -+#endif /*WITH_SELINUX*/ -+ - - /* 1) fork to get a child; parent remembers the child pid - 2) child execs the command requested diff --git a/findutils.spec b/findutils.spec index 7e80ad0..415450c 100644 --- a/findutils.spec +++ b/findutils.spec @@ -1,7 +1,7 @@ Summary: The GNU versions of find utilities (find and xargs). Name: findutils Version: 4.2.27 -Release: 2 +Release: 3 Epoch: 1 License: GPL Group: Applications/File @@ -71,6 +71,9 @@ rm -rf %{buildroot} %{_infodir}/find.info* %changelog +* Mon Jan 30 2006 Miloslav Trmac - 1:4.2.27-3 +- Updated SELinux patch, --context is no longer valid (use -context) + * Thu Jan 12 2006 Miloslav Trmac - 1:4.2.27-2 - Don't use uninitialized memory in -printf %%Z (#174485) - Ship more documentation files