aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAvatar Stephen P. Bennett <spb@exherbo.org> 2007-12-04 20:37:10 +0000
committerAvatar Stephen P. Bennett <spb@exherbo.org> 2007-12-04 20:37:10 +0000
commit0a9057a6a670eb308b4cc73894c815ebf78e6904 (patch)
treee647ebfe468867daa2d425b58f33a65b94ced9eb
parentb954baed8b3979216e4079f62b1a7ee8d616e3b8 (diff)
downloadpaludis-0a9057a6a670eb308b4cc73894c815ebf78e6904.tar.gz
paludis-0a9057a6a670eb308b4cc73894c815ebf78e6904.tar.xz
Add setfilecon wrapper
-rw-r--r--paludis/selinux/security_context.cc28
-rw-r--r--paludis/selinux/security_context.hh9
2 files changed, 33 insertions, 4 deletions
diff --git a/paludis/selinux/security_context.cc b/paludis/selinux/security_context.cc
index f6425a2..fdb5472 100644
--- a/paludis/selinux/security_context.cc
+++ b/paludis/selinux/security_context.cc
@@ -46,6 +46,7 @@ namespace
int (*_setfscreatecon)(security_context_t);
int (*_matchpathcon)(const char *, mode_t, security_context_t*);
int (*_matchpathcon_init)(const char *);
+ int (*_setfilecon)(const char *, security_context_t);
int (*_is_selinux_enabled)(void);
public:
@@ -60,12 +61,18 @@ namespace
{
_freecon = STUPID_CAST(void (*)(security_context_t), dlsym(_handle, "freecon"));
_getcon = STUPID_CAST(int (*)(security_context_t*), dlsym(_handle, "getcon"));
- _getfscreatecon = STUPID_CAST(int (*) (security_context_t*), dlsym(_handle, "getfscreatecon"));
- _setfscreatecon = STUPID_CAST(int (*) (security_context_t), dlsym(_handle, "setfscreatecon"));
+ _getfscreatecon = STUPID_CAST(int (*) (security_context_t*),
+ dlsym(_handle, "getfscreatecon"));
+ _setfscreatecon = STUPID_CAST(int (*) (security_context_t),
+ dlsym(_handle, "setfscreatecon"));
_matchpathcon = STUPID_CAST(int (*) (const char *, mode_t, security_context_t *),
dlsym(_handle, "matchpathcon"));
- _matchpathcon_init = STUPID_CAST(int (*) (const char *), dlsym(_handle, "matchpathcon_init"));
- _is_selinux_enabled = STUPID_CAST(int (*)(void), dlsym(_handle, "is_selinux_enabled"));
+ _matchpathcon_init = STUPID_CAST(int (*) (const char *),
+ dlsym(_handle, "matchpathcon_init"));
+ _setfilecon = STUPID_CAST(int (*) (const char *, security_context_t),
+ dlsym(_handle, "setfilecon"));
+ _is_selinux_enabled = STUPID_CAST(int (*)(void),
+ dlsym(_handle, "is_selinux_enabled"));
}
}
@@ -109,6 +116,13 @@ namespace
return 0;
}
+ int setfilecon(const char *path, security_context_t con)
+ {
+ if (0 != _setfilecon && is_selinux_enabled())
+ return _setfilecon(path, con);
+ return 0;
+ }
+
int matchpathcon_init(const char *path)
{
if (0 != _matchpathcon_init && is_selinux_enabled())
@@ -241,3 +255,9 @@ tr1::shared_ptr<const SecurityContext> MatchPathCon::match(const std::string & p
}
return p;
}
+
+int paludis::setfilecon(const paludis::FSEntry & path, tr1::shared_ptr<const SecurityContext> con)
+{
+ return libselinux.setfilecon(stringify(path).c_str(), con->_imp->_context);
+}
+
diff --git a/paludis/selinux/security_context.hh b/paludis/selinux/security_context.hh
index 07016fe..5598967 100644
--- a/paludis/selinux/security_context.hh
+++ b/paludis/selinux/security_context.hh
@@ -24,6 +24,7 @@
#include <paludis/util/exception.hh>
#include <paludis/util/instantiation_policy.hh>
#include <paludis/util/private_implementation_pattern.hh>
+#include <paludis/util/fs_entry.hh>
/** \file
* Declarations for SecurityContext and associated classes.
@@ -81,6 +82,7 @@ namespace paludis
friend std::ostream& paludis::operator<<(std::ostream&, const SecurityContext &);
friend class paludis::FSCreateCon;
friend class paludis::MatchPathCon;
+ friend int paludis::setfilecon(const paludis::FSEntry &, tr1::shared_ptr<const SecurityContext>);
/**
* Returns a SecurityContext referring to the current process's context
@@ -163,6 +165,13 @@ namespace paludis
bool good() const;
};
+ /**
+ * Thin wrapper around setfilecon()
+ *
+ * \ingroup grplibpaludisselinux
+ */
+ int setfilecon(const FSEntry & file, tr1::shared_ptr<const SecurityContext> con);
+
}
#endif