util-linux/util-linux-2.13-mount-context.patch

154 lines
4.7 KiB
Diff

This patch adds to the mount man page docs about context, fscontext and
defcontext mount options and translate context options from human to raw
selinux context format. -- 03/30/2006 Karel Zak <kzak@redhat.com>
--- util-linux-2.13-pre7/mount/mount.8.cxt 2006-03-30 17:15:06.000000000 +0200
+++ util-linux-2.13-pre7/mount/mount.8 2006-03-30 17:15:06.000000000 +0200
@@ -661,6 +661,50 @@
.BR noexec ", " nosuid ", and " nodev
(unless overridden by subsequent options, as in the option line
.BR users,exec,dev,suid ).
+.TP
+\fBcontext=\fP\fIcontext\fP, \fBfscontext=\fP\fIcontext\fP and \fBdefcontext=\fP\fIcontext\fP
+The
+.BR context=
+option is useful when mounting filesystems that do not support
+extended attributes, such as a floppy or hard disk formatted with VFAT, or
+systems that are not normally running under SELinux, such as an ext3 formatted
+disk from a non-SELinux workstation. You can also use
+.BR context=
+on filesystems you do not trust, such as a floppy. It also helps in compatibility with
+xattr-supporting filesystems on earlier 2.4.<x> kernel versions. Even where
+xattrs are supported, you can save time not having to label every file by
+assigning the entire disk one security context.
+
+A commonly used option for removable media is
+.BR context=system_u:object_r:removable_t .
+
+Two other options are
+.BR fscontext=
+and
+.BR defcontext= ,
+both of which are mutually exclusive of the context option. This means you
+can use fscontext and defcontext with each other, but neither can be used with
+context.
+
+The
+.BR fscontext=
+option works for all filesystems, regardless of their xattr
+support. The fscontext option sets the overarching filesystem label to a
+specific security context. This filesystem label is separate from the
+individual labels on the files. It represents the entire filesystem for
+certain kinds of permission checks, such as during mount or file creation.
+Individual file labels are still obtained from the xattrs on the files
+themselves. The context option actually sets the aggregate context that
+fscontext provides, in addition to supplying the same label for individual
+files.
+
+You can set the default security context for unlabeled files using
+.BR defcontext=
+option. This overrides the value set for unlabeled files in the policy and requires a
+file system that supports xattr labeling.
+
+For more details see
+.BR selinux (8)
.RE
.TP
.B \-\-bind
--- util-linux-2.13-pre7/mount/mount.c.cxt 2006-03-30 17:15:06.000000000 +0200
+++ util-linux-2.13-pre7/mount/mount.c 2006-03-30 20:16:57.000000000 +0200
@@ -21,6 +21,11 @@
#include <sys/wait.h>
#include <sys/mount.h>
+#ifdef HAVE_LIBSELINUX
+#include <selinux/selinux.h>
+#include <selinux/context.h>
+#endif
+
#include "mount_blkid.h"
#include "mount_constants.h"
#include "sundries.h"
@@ -255,6 +260,49 @@
free((void *) s);
}
+#ifdef HAVE_LIBSELINUX
+/* translates SELinux context from human to raw format and
+ * appends it to the mount extra options.
+ *
+ * returns -1 on error and 0 on success
+ */
+static int
+append_context(const char *optname, const char *optdata, char *extra_opts, int *len)
+{
+ security_context_t raw = NULL;
+ char *buf = NULL;
+ int bufsz;
+
+ if (!is_selinux_enabled())
+ /* ignore the option if we running without selinux */
+ return 0;
+
+ if (optdata==NULL || *optdata=='\0' || optname==NULL)
+ return -1;
+
+ if (selinux_trans_to_raw_context(
+ (security_context_t) optdata, &raw)==-1 ||
+ raw==NULL)
+ return -1;
+
+ if (verbose)
+ printf(_("mount: translated %s '%s' to '%s'\n"),
+ optname, optdata, (char *) raw);
+
+ bufsz = strlen(optname) + strlen(raw) + 2; /* 2 is \0 and '=' */
+ buf = xmalloc(bufsz);
+
+ snprintf(buf, bufsz, "%s=%s", optname, (char *) raw);
+ freecon(raw);
+
+ if ((*len -= bufsz-1) > 0)
+ strcat(extra_opts, buf);
+
+ my_free(buf);
+ return 0;
+}
+#endif
+
/*
* Look for OPT in opt_map table and return mask value.
* If OPT isn't found, tack it onto extra_opts (which is non-NULL).
@@ -313,7 +361,20 @@
return;
}
}
-
+#ifdef HAVE_LIBSELINUX
+ if (strncmp(opt, "context=", 8)==0 && *(opt+8)) {
+ if (append_context("context", opt+8, extra_opts, &len)==0)
+ return;
+ }
+ if (strncmp(opt, "fscontext=", 10)==0 && *(opt+10)) {
+ if (append_context("fscontext", opt+10, extra_opts, &len)==0)
+ return;
+ }
+ if (strncmp(opt, "defcontext=", 11)==0 && *(opt+11)) {
+ if (append_context("defcontext", opt+11, extra_opts, &len)==0)
+ return;
+ }
+#endif
if ((len -= strlen(opt)) > 0)
strcat(extra_opts, opt);
}
@@ -330,7 +391,7 @@
if (options != NULL) {
char *opts = xstrdup(options);
char *opt;
- int len = strlen(opts) + 20;
+ int len = strlen(opts) + 256;
*extra_opts = xmalloc(len);
**extra_opts = '\0';