coreutils-8.25HEADcoreutils-8.25master

1 files changed, 125 insertions, 72 deletions

diff --git a/src/mknod.c b/src/mknod.c
index 43a1b9d..42bdf90 100644
--- a/src/mknod.c
+++ b/src/mknod.c
@@ -1,10 +1,10 @@
 /* mknod -- make special files
-   Copyright (C) 90, 91, 1995-2006 Free Software Foundation, Inc.
+   Copyright (C) 1990-2016 Free Software Foundation, Inc.
 
-   This program is free software; you can redistribute it and/or modify
+   This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2, or (at your option)
-   any later version.
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
 
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -12,8 +12,7 @@
    GNU General Public License for more details.
 
    You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software Foundation,
-   Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.  */
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.  */
 
 /* Written by David MacKenzie <djm@ai.mit.edu>  */
 
@@ -21,23 +20,24 @@
 #include <stdio.h>
 #include <getopt.h>
 #include <sys/types.h>
+#include <selinux/selinux.h>
 
 #include "system.h"
 #include "error.h"
 #include "modechange.h"
 #include "quote.h"
+#include "selinux.h"
+#include "smack.h"
 #include "xstrtol.h"
 
-/* The official name of this program (e.g., no `g' prefix).  */
+/* The official name of this program (e.g., no 'g' prefix).  */
 #define PROGRAM_NAME "mknod"
 
-#define AUTHORS "David MacKenzie"
-
-/* The name this program was run with. */
-char *program_name;
+#define AUTHORS proper_name ("David MacKenzie")
 
 static struct option const longopts[] =
 {
+  {GETOPT_SELINUX_CONTEXT_OPTION_DECL},
   {"mode", required_argument, NULL, 'm'},
   {GETOPT_HELP_OPTION_DECL},
   {GETOPT_VERSION_OPTION_DECL},
@@ -48,21 +48,24 @@ void
 usage (int status)
 {
   if (status != EXIT_SUCCESS)
-    fprintf (stderr, _("Try `%s --help' for more information.\n"),
-	     program_name);
+    emit_try_help ();
   else
     {
       printf (_("Usage: %s [OPTION]... NAME TYPE [MAJOR MINOR]\n"),
-	      program_name);
+              program_name);
       fputs (_("\
 Create the special file NAME of the given TYPE.\n\
-\n\
 "), stdout);
+
+      emit_mandatory_arg_note ();
+
       fputs (_("\
-Mandatory arguments to long options are mandatory for short options too.\n\
+  -m, --mode=MODE    set file permission bits to MODE, not a=rw - umask\n\
 "), stdout);
       fputs (_("\
-  -m, --mode=MODE   set file permission bits to MODE, not a=rw - umask\n\
+  -Z                   set the SELinux security context to default type\n\
+      --context[=CTX]  like -Z, or if CTX is specified then set the SELinux\n\
+                         or SMACK security context to CTX\n\
 "), stdout);
       fputs (HELP_OPTION_DESCRIPTION, stdout);
       fputs (VERSION_OPTION_DESCRIPTION, stdout);
@@ -79,7 +82,8 @@ otherwise, as decimal.  TYPE may be:\n\
   c, u   create a character (unbuffered) special file\n\
   p      create a FIFO\n\
 "), stdout);
-      printf (_("\nReport bugs to <%s>.\n"), PACKAGE_BUGREPORT);
+      printf (USAGE_BUILTIN_WARNING, PROGRAM_NAME);
+      emit_ancillary_info (PROGRAM_NAME);
     }
   exit (status);
 }
@@ -90,79 +94,118 @@ main (int argc, char **argv)
   mode_t newmode;
   char const *specified_mode = NULL;
   int optc;
-  int expected_operands;
+  size_t expected_operands;
   mode_t node_type;
+  char const *scontext = NULL;
+  bool set_security_context = false;
 
   initialize_main (&argc, &argv);
-  program_name = argv[0];
+  set_program_name (argv[0]);
   setlocale (LC_ALL, "");
   bindtextdomain (PACKAGE, LOCALEDIR);
   textdomain (PACKAGE);
 
   atexit (close_stdout);
 
-  while ((optc = getopt_long (argc, argv, "m:", longopts, NULL)) != -1)
+  while ((optc = getopt_long (argc, argv, "m:Z", longopts, NULL)) != -1)
     {
       switch (optc)
-	{
-	case 'm':
-	  specified_mode = optarg;
-	  break;
-	case_GETOPT_HELP_CHAR;
-	case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
-	default:
-	  usage (EXIT_FAILURE);
-	}
+        {
+        case 'm':
+          specified_mode = optarg;
+          break;
+        case 'Z':
+          if (is_smack_enabled ())
+            {
+              /* We don't yet support -Z to restore context with SMACK.  */
+              scontext = optarg;
+            }
+          else if (is_selinux_enabled () > 0)
+            {
+              if (optarg)
+                scontext = optarg;
+              else
+                set_security_context = true;
+            }
+          else if (optarg)
+            {
+              error (0, 0,
+                     _("warning: ignoring --context; "
+                       "it requires an SELinux/SMACK-enabled kernel"));
+            }
+          break;
+        case_GETOPT_HELP_CHAR;
+        case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
+        default:
+          usage (EXIT_FAILURE);
+        }
     }
 
-  newmode = (S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH);
+  newmode = MODE_RW_UGO;
   if (specified_mode)
     {
+      mode_t umask_value;
       struct mode_change *change = mode_compile (specified_mode);
       if (!change)
-	error (EXIT_FAILURE, 0, _("invalid mode"));
-      newmode = mode_adjust (newmode, false, umask (0), change, NULL);
+        error (EXIT_FAILURE, 0, _("invalid mode"));
+      umask_value = umask (0);
+      umask (umask_value);
+      newmode = mode_adjust (newmode, false, umask_value, change, NULL);
       free (change);
       if (newmode & ~S_IRWXUGO)
-	error (EXIT_FAILURE, 0,
-	       _("mode must specify only file permission bits"));
+        error (EXIT_FAILURE, 0,
+               _("mode must specify only file permission bits"));
     }
 
   /* If the number of arguments is 0 or 1,
-     or (if it's 2 or more and the second one starts with `p'), then there
+     or (if it's 2 or more and the second one starts with 'p'), then there
      must be exactly two operands.  Otherwise, there must be four.  */
   expected_operands = (argc <= optind
-		       || (optind + 1 < argc && argv[optind + 1][0] == 'p')
-		       ? 2 : 4);
+                       || (optind + 1 < argc && argv[optind + 1][0] == 'p')
+                       ? 2 : 4);
 
   if (argc - optind < expected_operands)
     {
       if (argc <= optind)
-	error (0, 0, _("missing operand"));
+        error (0, 0, _("missing operand"));
       else
-	error (0, 0, _("missing operand after %s"), quote (argv[argc - 1]));
+        error (0, 0, _("missing operand after %s"), quote (argv[argc - 1]));
       if (expected_operands == 4 && argc - optind == 2)
-	fprintf (stderr, "%s\n",
-		 _("Special files require major and minor device numbers."));
+        fprintf (stderr, "%s\n",
+                 _("Special files require major and minor device numbers."));
       usage (EXIT_FAILURE);
     }
 
   if (expected_operands < argc - optind)
     {
       error (0, 0, _("extra operand %s"),
-	     quote (argv[optind + expected_operands]));
+             quote (argv[optind + expected_operands]));
       if (expected_operands == 2 && argc - optind == 4)
-	fprintf (stderr, "%s\n",
-		 _("Fifos do not have major and minor device numbers."));
+        fprintf (stderr, "%s\n",
+                 _("Fifos do not have major and minor device numbers."));
       usage (EXIT_FAILURE);
     }
 
+  if (scontext)
+    {
+      int ret = 0;
+      if (is_smack_enabled ())
+        ret = smack_set_label_for_self (scontext);
+      else
+        ret = setfscreatecon (se_const (scontext));
+
+      if (ret < 0)
+        error (EXIT_FAILURE, errno,
+               _("failed to set default file creation context to %s"),
+               quote (scontext));
+    }
+
   /* Only check the first character, to allow mnemonic usage like
-     `mknod /dev/rst0 character 18 0'. */
+     'mknod /dev/rst0 character 18 0'. */
 
   switch (argv[optind + 1][0])
     {
-    case 'b':			/* `block' or `buffered' */
+    case 'b':			/* 'block' or 'buffered' */
 #ifndef S_IFBLK
       error (EXIT_FAILURE, 0, _("block special files not supported"));
 #else
@@ -170,8 +213,8 @@ main (int argc, char **argv)
 #endif
       goto block_or_character;
 
-    case 'c':			/* `character' */
-    case 'u':			/* `unbuffered' */
+    case 'c':			/* 'character' */
+    case 'u':			/* 'unbuffered' */
 #ifndef S_IFCHR
       error (EXIT_FAILURE, 0, _("character special files not supported"));
 #else
@@ -181,35 +224,41 @@ main (int argc, char **argv)
 
     block_or_character:
       {
-	char const *s_major = argv[optind + 2];
-	char const *s_minor = argv[optind + 3];
-	uintmax_t i_major, i_minor;
-	dev_t device;
-
-	if (xstrtoumax (s_major, NULL, 0, &i_major, NULL) != LONGINT_OK
-	    || i_major != (major_t) i_major)
-	  error (EXIT_FAILURE, 0,
-		 _("invalid major device number %s"), quote (s_major));
-
-	if (xstrtoumax (s_minor, NULL, 0, &i_minor, NULL) != LONGINT_OK
-	    || i_minor != (minor_t) i_minor)
-	  error (EXIT_FAILURE, 0,
-		 _("invalid minor device number %s"), quote (s_minor));
-
-	device = makedev (i_major, i_minor);
+        char const *s_major = argv[optind + 2];
+        char const *s_minor = argv[optind + 3];
+        uintmax_t i_major, i_minor;
+        dev_t device;
+
+        if (xstrtoumax (s_major, NULL, 0, &i_major, NULL) != LONGINT_OK
+            || i_major != (major_t) i_major)
+          error (EXIT_FAILURE, 0,
+                 _("invalid major device number %s"), quote (s_major));
+
+        if (xstrtoumax (s_minor, NULL, 0, &i_minor, NULL) != LONGINT_OK
+            || i_minor != (minor_t) i_minor)
+          error (EXIT_FAILURE, 0,
+                 _("invalid minor device number %s"), quote (s_minor));
+
+        device = makedev (i_major, i_minor);
 #ifdef NODEV
-	if (device == NODEV)
-	  error (EXIT_FAILURE, 0, _("invalid device %s %s"), s_major, s_minor);
+        if (device == NODEV)
+          error (EXIT_FAILURE, 0, _("invalid device %s %s"),
+                 s_major, s_minor);
 #endif
 
-	if (mknod (argv[optind], newmode | node_type, device) != 0)
-	  error (EXIT_FAILURE, errno, "%s", quote (argv[optind]));
+        if (set_security_context)
+          defaultcon (argv[optind], node_type);
+
+        if (mknod (argv[optind], newmode | node_type, device) != 0)
+          error (EXIT_FAILURE, errno, "%s", quotef (argv[optind]));
       }
       break;
 
-    case 'p':			/* `pipe' */
+    case 'p':			/* 'pipe' */
+      if (set_security_context)
+        defaultcon (argv[optind], S_IFIFO);
       if (mkfifo (argv[optind], newmode) != 0)
-	error (EXIT_FAILURE, errno, "%s", quote (argv[optind]));
+        error (EXIT_FAILURE, errno, "%s", quotef (argv[optind]));
       break;
 
     default:
@@ -217,5 +266,9 @@ main (int argc, char **argv)
       usage (EXIT_FAILURE);
     }
 
-  exit (EXIT_SUCCESS);
+  if (specified_mode && lchmod (argv[optind], newmode) != 0)
+    error (EXIT_FAILURE, errno, _("cannot set permissions of %s"),
+           quoteaf (argv[optind]));
+
+  return EXIT_SUCCESS;
 }