diff options
Diffstat (limited to 'src/mkfifo.c')
| -rw-r--r-- | src/mkfifo.c | 132 |
1 files changed, 92 insertions, 40 deletions
diff --git a/src/mkfifo.c b/src/mkfifo.c index d329b79..5136173 100644 --- a/src/mkfifo.c +++ b/src/mkfifo.c @@ -1,10 +1,10 @@ /* mkfifo -- make fifo's (named pipes) - Copyright (C) 90, 91, 1995-2006 Free Software Foundation, Inc. + Copyright (C) 1990-2016 Free Software Foundation, Inc. - This program is free software; you can redistribute it and/or modify + This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2, or (at your option) - any later version. + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of @@ -12,8 +12,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software Foundation, - Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ + along with this program. If not, see <http://www.gnu.org/licenses/>. */ /* David MacKenzie <djm@ai.mit.edu> */ @@ -21,22 +20,23 @@ #include <stdio.h> #include <getopt.h> #include <sys/types.h> +#include <selinux/selinux.h> #include "system.h" #include "error.h" #include "modechange.h" #include "quote.h" +#include "selinux.h" +#include "smack.h" -/* The official name of this program (e.g., no `g' prefix). */ +/* The official name of this program (e.g., no 'g' prefix). */ #define PROGRAM_NAME "mkfifo" -#define AUTHORS "David MacKenzie" - -/* The name this program was run with. */ -char *program_name; +#define AUTHORS proper_name ("David MacKenzie") static struct option const longopts[] = { + {GETOPT_SELINUX_CONTEXT_OPTION_DECL}, {"mode", required_argument, NULL, 'm'}, {GETOPT_HELP_OPTION_DECL}, {GETOPT_VERSION_OPTION_DECL}, @@ -47,24 +47,27 @@ void usage (int status) { if (status != EXIT_SUCCESS) - fprintf (stderr, _("Try `%s --help' for more information.\n"), - program_name); + emit_try_help (); else { - printf (_("Usage: %s [OPTION] NAME...\n"), program_name); + printf (_("Usage: %s [OPTION]... NAME...\n"), program_name); fputs (_("\ Create named pipes (FIFOs) with the given NAMEs.\n\ -\n\ "), stdout); + + emit_mandatory_arg_note (); + fputs (_("\ -Mandatory arguments to long options are mandatory for short options too.\n\ + -m, --mode=MODE set file permission bits to MODE, not a=rw - umask\n\ "), stdout); fputs (_("\ - -m, --mode=MODE set file permission bits to MODE, not a=rw - umask\n\ + -Z set the SELinux security context to default type\n\ + --context[=CTX] like -Z, or if CTX is specified then set the SELinux\n\ + or SMACK security context to CTX\n\ "), stdout); fputs (HELP_OPTION_DESCRIPTION, stdout); fputs (VERSION_OPTION_DESCRIPTION, stdout); - printf (_("\nReport bugs to <%s>.\n"), PACKAGE_BUGREPORT); + emit_ancillary_info (PROGRAM_NAME); } exit (status); } @@ -76,27 +79,49 @@ main (int argc, char **argv) char const *specified_mode = NULL; int exit_status = EXIT_SUCCESS; int optc; + char const *scontext = NULL; + bool set_security_context = false; initialize_main (&argc, &argv); - program_name = argv[0]; + set_program_name (argv[0]); setlocale (LC_ALL, ""); bindtextdomain (PACKAGE, LOCALEDIR); textdomain (PACKAGE); atexit (close_stdout); - while ((optc = getopt_long (argc, argv, "m:", longopts, NULL)) != -1) + while ((optc = getopt_long (argc, argv, "m:Z", longopts, NULL)) != -1) { switch (optc) - { - case 'm': - specified_mode = optarg; - break; - case_GETOPT_HELP_CHAR; - case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS); - default: - usage (EXIT_FAILURE); - } + { + case 'm': + specified_mode = optarg; + break; + case 'Z': + if (is_smack_enabled ()) + { + /* We don't yet support -Z to restore context with SMACK. */ + scontext = optarg; + } + else if (is_selinux_enabled () > 0) + { + if (optarg) + scontext = optarg; + else + set_security_context = true; + } + else if (optarg) + { + error (0, 0, + _("warning: ignoring --context; " + "it requires an SELinux/SMACK-enabled kernel")); + } + break; + case_GETOPT_HELP_CHAR; + case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS); + default: + usage (EXIT_FAILURE); + } } if (optind == argc) @@ -105,25 +130,52 @@ main (int argc, char **argv) usage (EXIT_FAILURE); } - newmode = (S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH); + if (scontext) + { + int ret = 0; + if (is_smack_enabled ()) + ret = smack_set_label_for_self (scontext); + else + ret = setfscreatecon (se_const (scontext)); + + if (ret < 0) + error (EXIT_FAILURE, errno, + _("failed to set default file creation context to %s"), + quote (scontext)); + } + + newmode = MODE_RW_UGO; if (specified_mode) { + mode_t umask_value; struct mode_change *change = mode_compile (specified_mode); if (!change) - error (EXIT_FAILURE, 0, _("invalid mode")); - newmode = mode_adjust (newmode, false, umask (0), change, NULL); + error (EXIT_FAILURE, 0, _("invalid mode")); + umask_value = umask (0); + umask (umask_value); + newmode = mode_adjust (newmode, false, umask_value, change, NULL); free (change); if (newmode & ~S_IRWXUGO) - error (EXIT_FAILURE, 0, - _("mode must specify only file permission bits")); + error (EXIT_FAILURE, 0, + _("mode must specify only file permission bits")); } for (; optind < argc; ++optind) - if (mkfifo (argv[optind], newmode) != 0) - { - error (0, errno, _("cannot create fifo %s"), quote (argv[optind])); - exit_status = EXIT_FAILURE; - } + { + if (set_security_context) + defaultcon (argv[optind], S_IFIFO); + if (mkfifo (argv[optind], newmode) != 0) + { + error (0, errno, _("cannot create fifo %s"), quoteaf (argv[optind])); + exit_status = EXIT_FAILURE; + } + else if (specified_mode && lchmod (argv[optind], newmode) != 0) + { + error (0, errno, _("cannot set permissions of %s"), + quoteaf (argv[optind])); + exit_status = EXIT_FAILURE; + } + } - exit (exit_status); + return exit_status; } |