luc14n0/glib
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/glib.git synced 2025-03-15 04:05:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

Support setting selinux attributes

Browse Source 
svn path=/trunk/; revision=7241
This commit is contained in:
Matthias Clasen 2008-07-23 04:11:02 +00:00
parent 00fc19abea
commit ed86835786
2 changed files with 97 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
gio/ChangeLog
View File

@ -1,10 +1,17 @@
2008-07-23 Matthias Clasen <mclasen@redhat.com>
529694 SELinux context setting support
* gfileinfo.c: Support setting selinux attributes.
Patch by Tomas Bzatek
2008-07-22 Priit Laes <plaes@plaes.org> 2008-07-22 Priit Laes <plaes@plaes.org>
Bug 544140 - fam-helper 64-bit issue? Bug 544140 - fam-helper 64-bit issue?
* fam/fam-helper.c: Added missing include so compiler doesn't complain. * fam/fam-helper.c: Added missing include so compiler doesn't complain.
2008-07-21 Matthias Clasen <mclasen2redhat.com> 2008-07-21 Matthias Clasen <mclasen@redhat.com>
* === Released 2.17.4 === * === Released 2.17.4 ===

89
gio/glocalfileinfo.c
View File

@ -1785,6 +1785,24 @@ get_byte_string (const GFileAttributeValue *value,
} }
#endif #endif
static gboolean
get_string (const GFileAttributeValue *value,
const char **val_out,
GError **error)
{
if (value->type != G_FILE_ATTRIBUTE_TYPE_STRING)
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_INVALID_ARGUMENT,
_("Invalid attribute type (byte string expected)"));
return FALSE;
}
*val_out = value->u.string;
return TRUE;
}
static gboolean static gboolean
set_unix_mode (char *filename, set_unix_mode (char *filename,
const GFileAttributeValue *value, const GFileAttributeValue *value,
@ -2028,6 +2046,52 @@ set_mtime_atime (char *filename,
} }
#endif #endif
static gboolean
set_selinux_context (char *filename,
const GFileAttributeValue *value,
GError **error)
{
const char *val;
if (!get_string (value, &val, error))
return FALSE;
if (val == NULL)
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_INVALID_ARGUMENT,
_("SELinux context must be non-NULL"));
return FALSE;
}
#ifdef HAVE_SELINUX
if (is_selinux_enabled ()) {
security_context_t val_s;
val_s = g_strdup (val);
if (setfilecon_raw (filename, val_s) < 0)
{
int errsv = errno;
g_set_error (error, G_IO_ERROR,
g_io_error_from_errno (errsv),
_("Error setting SELinux context: %s"),
g_strerror (errsv));
return FALSE;
}
g_free (val_s);
} else {
g_set_error (error, G_IO_ERROR, G_IO_ERROR_INVALID_ARGUMENT,
_("SELinux is not enabled on this system"));
return FALSE;
}
#endif
return TRUE;
}
gboolean gboolean
_g_local_file_info_set_attribute (char *filename, _g_local_file_info_set_attribute (char *filename,
const char *attribute, const char *attribute,
@ -2074,6 +2138,11 @@ _g_local_file_info_set_attribute (char *filename,
return set_xattr (filename, attribute, &value, error); return set_xattr (filename, attribute, &value, error);
#endif #endif
#ifdef HAVE_SELINUX
else if (strcmp (attribute, G_FILE_ATTRIBUTE_SELINUX_CONTEXT) == 0)
return set_selinux_context (filename, &value, error);
#endif
g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED, g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED,
_("Setting attribute %s not supported"), attribute); _("Setting attribute %s not supported"), attribute);
return FALSE; return FALSE;
@ -2197,5 +2266,25 @@ _g_local_file_info_set_attributes (char *filename,
/* xattrs are handled by default callback */ /* xattrs are handled by default callback */
/* SELinux context */
#ifdef HAVE_SELINUX
if (is_selinux_enabled ()) {
value = _g_file_info_get_attribute_value (info, G_FILE_ATTRIBUTE_SELINUX_CONTEXT);
if (value)
{
if (!set_selinux_context (filename, value, error))
{
value->status = G_FILE_ATTRIBUTE_STATUS_ERROR_SETTING;
res = FALSE;
/* Don't set error multiple times */
error = NULL;
}
else
value->status = G_FILE_ATTRIBUTE_STATUS_SET;
}
}
#endif
return res; return res;
} }