[prev in list] [next in list] [prev in thread] [next in thread]
List: busybox
Subject: Re: [patch] ps -Z can not be used when ENABLE_DESKTOP is enabled
From: Yuichi Nakamura <ynakam () hitachisoft ! jp>
Date: 2007-05-24 0:55:10
Message-ID: 20070524095510.e34b02f3.ynakam () hitachisoft ! jp
[Download RAW message or body]
Hello.
Sorry for late reply.
We made updated patch.
> I added ENABLE_SELINUX checks, and did some other changes,
> but did not move /proc/NN/attr/current parsing into procps_scan().
> Can you do it?
I addedPSSCAN_CONTEXT flag to libb.h,
and added logic to obtain SELinux attribute
to procps_scan. I also modified ps.c to use procps_scan.
Please look at attached patch.
On Sat, 12 May 2007 12:17:10 +0200
Denis Vlasenko wrote:
> On Friday 11 May 2007 07:06, Yuichi Nakamura wrote:
> >
> > There was a bug in previous patch.
> > I have received ver 2 from Shinji.
> > Please review this one.
>
> #if ENABLE_SELINUX are missing.
>
> +static void func_label(char *buf, int size, const procps_status_t *ps)
> +{
> + char procfilename[30];
> + FILE *fp;
> + snprintf(procfilename, 30, "/proc/%d/attr/current", ps->pid);
> + buf[0] = '\0';
> + if ((fp = fopen(procfilename, "r")) != NULL) {
> + fgets(buf, size+1, fp);
> + fclose(fp);
> + }
> +}
>
> /proc parsing code should be in libbb, in procps_scan() function,
> this allows to share code between ps and top. PSSCAN_LABEL bit should indicate
> to procps_scan() that we need label retrieved.
>
> You coded it so that ps reads label by itself, thus in the patch
> PSSCAN_LABEL seems to have no purpose.
>
> I added ENABLE_SELINUX checks, and did some other changes,
> but did not move /proc/NN/attr/current parsing into procps_scan().
> Can you do it?
>
> See attached.
> --
> vda
>
--
Yuichi Nakamura
Hitachi Software Engineering Co., Ltd.
Japan SELinux Users Group(JSELUG)
SELinux Policy Editor: http://seedit.sourceforge.net/
["2.patch" (application/octet-stream)]
Index: libbb/procps.c
===================================================================
--- libbb/procps.c (revision 18671)
+++ libbb/procps.c (working copy)
@@ -4,7 +4,8 @@
*
* Copyright 1998 by Albert Cahalan; all rights reserved.
* Copyright (C) 2002 by Vladimir Oleynik <dzo@simtreas.ru>
- *
+ * SELinux support: (c) 2007 by Yuichi Nakamura <ynakam@hitachisoft.jp>
+ *
* Licensed under GPLv2 or later, see file LICENSE in this tarball for details.
*/
@@ -95,6 +96,7 @@
{
closedir(sp->dir);
free(sp->cmd);
+ USE_SELINUX(free(sp->context);)
free(sp);
}
@@ -109,6 +111,7 @@
unsigned pid;
int n;
struct stat sb;
+ USE_SELINUX(security_context_t sid = NULL;)
if (!sp)
sp = alloc_procps_scan(flags);
@@ -132,6 +135,25 @@
sp->pid = pid;
if (!(flags & ~PSSCAN_PID)) break;
+#if ENABLE_SELINUX
+ if (flags & PSSCAN_CONTEXT) {
+ free(sp->context);
+ sp->context = NULL;
+ if (is_selinux_enabled()) {
+ if (getpidcon(sp->pid, &sid) < 0)
+ sid = NULL;
+ }
+ if (sid) {
+ safe_strncpy(buf, sid, sizeof(buf) - 1);
+ freecon(sid);
+ sid = NULL;
+ } else {
+ safe_strncpy(buf, "unknown", 7);
+ }
+ sp->context = xstrdup(buf);
+ }
+#endif
+
filename_tail = filename + sprintf(filename, "/proc/%d", pid);
if (flags & PSSCAN_UIDGID) {
Index: include/libbb.h
===================================================================
--- include/libbb.h (revision 18671)
+++ include/libbb.h (working copy)
@@ -831,6 +831,7 @@
/* basename of executable in exec(2), read from /proc/N/stat, */
/* size from sizeof(task_struct.comm) in /usr/include/linux/sched.h */
char comm[COMM_LEN];
+ USE_SELINUX(char *context;)
/* user/group? - use passwd/group parsing functions */
} procps_status_t;
enum {
@@ -847,12 +848,13 @@
PSSCAN_STIME = 1 << 10,
PSSCAN_UTIME = 1 << 11,
PSSCAN_TTY = 1 << 12,
+ USE_SELINUX(PSSCAN_CONTEXT = 1 << 13,)
/* These are all retrieved from proc/NN/stat in one go: */
PSSCAN_STAT = PSSCAN_PPID | PSSCAN_PGID | PSSCAN_SID
| PSSCAN_COMM | PSSCAN_STATE
| PSSCAN_VSZ | PSSCAN_RSS
| PSSCAN_STIME | PSSCAN_UTIME
- | PSSCAN_TTY,
+ | PSSCAN_TTY USE_SELINUX(| PSSCAN_CONTEXT) ,
};
procps_status_t* alloc_procps_scan(int flags);
void free_procps_scan(procps_status_t* sp);
Index: procps/ps.c
===================================================================
--- procps/ps.c (revision 18671)
+++ procps/ps.c (working copy)
@@ -3,6 +3,8 @@
* Mini ps implementation(s) for busybox
*
* Copyright (C) 1999-2004 by Erik Andersen <andersen@codepoet.org>
+ * Fix for SELinux Support:(c)2007 Hiroshi Shinji <shiroshi@my.email.ne.jp>
+ (c)2007 Yuichi Nakamura <ynakam@hitachisoft.jp>
*
* Licensed under the GPL version 2, see the file LICENSE in this tarball.
*/
@@ -68,6 +70,14 @@
{
safe_strncpy(buf, ps->tty_str, size+1);
}
+
+#if ENABLE_SELINUX
+static void func_label(char *buf, int size, const procps_status_t *ps)
+{
+ safe_strncpy(buf, ps->context, size+1);
+}
+#endif
+
/*
static void func_nice(char *buf, int size, const procps_status_t *ps)
{
@@ -116,11 +126,19 @@
{ 4 , "vsz" ,"VSZ" ,func_vsz ,PSSCAN_VSZ },
// Not mandated by POSIX, but useful:
{ 4 , "rss" ,"RSS" ,func_rss ,PSSCAN_RSS },
+#if ENABLE_SELINUX
+ { 35 , "label" ,"LABEL" ,func_label ,PSSCAN_CONTEXT },
+#endif
};
#define VEC_SIZE(v) ( sizeof(v) / sizeof((v)[0]) )
-#define DEFAULT_O_STR "pid,user" /* TODO: ,vsz,stat */ ",args"
+#if ENABLE_SELINUX
+#define SELINIX_O_PREFIX "label,"
+#define DEFAULT_O_STR SELINIX_O_PREFIX "pid,user" /* TODO: ,vsz,stat */ ",args"
+#else
+#define DEFAULT_O_STR "pid,user" /* TODO: ,vsz,stat */ ",args"
+#endif
struct globals {
ps_out_t* out;
@@ -261,10 +279,8 @@
{
procps_status_t *p;
llist_t* opt_o = NULL;
+ USE_SELINUX(int opt;)
- /* Cannot be const: parse_o() will choke */
- strcpy(default_o, DEFAULT_O_STR);
-
// POSIX:
// -a Write information for all processes associated with terminals
// Implementations may omit session leaders from this list
@@ -277,14 +293,24 @@
// Select which columns to display
/* We allow (and ignore) most of the above. FIXME */
opt_complementary = "o::";
- getopt32(argc, argv, "o:aAdefl", &opt_o);
+ USE_SELINUX(opt =) getopt32(argc, argv, "Zo:aAdefl", &opt_o);
if (opt_o) {
do {
parse_o(opt_o->data);
opt_o = opt_o->link;
} while (opt_o);
- } else
+ } else {
+ /* Below: parse_o() needs char*, NOT const char*... */
+#if ENABLE_SELINUX
+ if (!(opt & 1)) { /* no -Z: do not show LABEL */
+ strcpy(default_o, DEFAULT_O_STR + sizeof(SELINIX_O_PREFIX)-1);
+ } else
+#endif
+ {
+ strcpy(default_o, DEFAULT_O_STR);
+ }
parse_o(default_o);
+ }
post_process();
/* Was INT_MAX, but some libc's go belly up with printf("%.*s")
@@ -314,7 +340,6 @@
procps_status_t *p = NULL;
int i, len;
SKIP_SELINUX(const) int use_selinux = 0;
- USE_SELINUX(security_context_t sid = NULL;)
#if !ENABLE_FEATURE_PS_WIDE
enum { terminal_width = 79 };
#else
@@ -356,27 +381,13 @@
| PSSCAN_STATE
| PSSCAN_VSZ
| PSSCAN_CMD
+ USE_SELINUX(| PSSCAN_CONTEXT)
))) {
char *namecmd = p->cmd;
#if ENABLE_SELINUX
if (use_selinux) {
char sbuf[128];
- len = sizeof(sbuf);
-
- if (is_selinux_enabled()) {
- if (getpidcon(p->pid, &sid) < 0)
- sid = NULL;
- }
-
- if (sid) {
- /* I assume sid initialized with NULL */
- len = strlen(sid) + 1;
- safe_strncpy(sbuf, sid, len);
- freecon(sid);
- sid = NULL;
- } else {
- safe_strncpy(sbuf, "unknown", 7);
- }
+ safe_strncpy(sbuf, p->context, sizeof(sbuf)-1);
len = printf("%5u %-32s %s ", p->pid, sbuf, p->state);
} else
#endif
_______________________________________________
busybox mailing list
busybox@busybox.net
http://busybox.net/cgi-bin/mailman/listinfo/busybox
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic