mirror of
https://github.com/topjohnwu/selinux.git
synced 2025-01-22 02:44:24 +00:00
libselinux: matchpathcon: add -m option to force file type check
We may want to force matchpathcon to respond if the path is question is a dir, sockfile, chr, blk, etc. Add an option so you can force it to hit the right rule types. Signed-off-by: Eric Paris <eparis@redhat.com>
This commit is contained in:
parent
b0b22829eb
commit
1db01640ee
@ -3,7 +3,7 @@
|
||||
matchpathcon \- get the default SELinux security context for the specified path from the file contexts configuration.
|
||||
|
||||
.SH "SYNOPSIS"
|
||||
.B matchpathcon [-V] [-N] [-n] [-f file_contexts_file ] [-p prefix ] filepath...
|
||||
.B matchpathcon [-V] [-N] [-n] [-m type] [-f file_contexts_file ] [-p prefix ] filepath...
|
||||
.SH "DESCRIPTION"
|
||||
.B matchpathcon
|
||||
queries the system policy and outputs the default security context associated with the filepath.
|
||||
@ -14,6 +14,10 @@ Note: Identical paths can have different security contexts, depending on the fil
|
||||
will also take the file type into consideration in determining the default security context if the file exists. If the file does not exist, no file type matching will occur.
|
||||
|
||||
.SH OPTIONS
|
||||
.B \-m type
|
||||
Force file type for the lookup.
|
||||
Valid types are file, dir, pipe, chr_file, blk_file, lnk_file, sock_file
|
||||
|
||||
.B \-n
|
||||
Do not display path.
|
||||
|
||||
|
@ -43,9 +43,32 @@ static int printmatchpathcon(const char *path, int header, int mode)
|
||||
return 0;
|
||||
}
|
||||
|
||||
static mode_t string_to_mode(char *s)
|
||||
{
|
||||
switch (s[0]) {
|
||||
case 'b':
|
||||
return S_IFBLK;
|
||||
case 'c':
|
||||
return S_IFCHR;
|
||||
case 'd':
|
||||
return S_IFDIR;
|
||||
case 'p':
|
||||
return S_IFIFO;
|
||||
case 'l':
|
||||
return S_IFLNK;
|
||||
case 's':
|
||||
return S_IFSOCK;
|
||||
case 'f':
|
||||
return S_IFREG;
|
||||
default:
|
||||
return -1;
|
||||
};
|
||||
return -1;
|
||||
}
|
||||
|
||||
int main(int argc, char **argv)
|
||||
{
|
||||
int i, init = 0;
|
||||
int i, init = 0, force_mode = 0;
|
||||
int header = 1, opt;
|
||||
int verify = 0;
|
||||
int notrans = 0;
|
||||
@ -55,11 +78,18 @@ int main(int argc, char **argv)
|
||||
if (argc < 2)
|
||||
usage(argv[0]);
|
||||
|
||||
while ((opt = getopt(argc, argv, "Nnf:p:Vq")) > 0) {
|
||||
while ((opt = getopt(argc, argv, "m:Nnf:p:Vq")) > 0) {
|
||||
switch (opt) {
|
||||
case 'n':
|
||||
header = 0;
|
||||
break;
|
||||
case 'm':
|
||||
force_mode = string_to_mode(optarg);
|
||||
if (force_mode < 0) {
|
||||
fprintf(stderr, "%s: mode %s is invalid\n", argv[0], optarg);
|
||||
exit(1);
|
||||
}
|
||||
break;
|
||||
case 'V':
|
||||
verify = 1;
|
||||
break;
|
||||
@ -116,6 +146,8 @@ int main(int argc, char **argv)
|
||||
|
||||
if (lstat(path, &buf) == 0)
|
||||
mode = buf.st_mode;
|
||||
if (force_mode)
|
||||
mode = force_mode;
|
||||
|
||||
if (verify) {
|
||||
rc = selinux_file_context_verify(path, mode);
|
||||
|
Loading…
x
Reference in New Issue
Block a user