File star-selinux.patch of Package star
--- conf/configure.in
+++ conf/configure.in
@@ -530,6 +530,15 @@
AC_SUBST(may_linux_src_include)
+AC_CHECK_HEADERS(selinux/selinux.h)
+if test "$ac_cv_header_selinux_selinux_h" = yes; then
+ AC_CHECKING(for SELinux support)
+ AC_CHECK_LIB(selinux, is_selinux_enabled, lib_selinux="-lselinux -lattr")
+ ac_save_LIBS="$LIBS"
+ LIBS="$LIBS $lib_selinux"
+ AC_CHECK_FUNCS(is_selinux_enabled)
+fi
+
AC_SUBST(largefile_cc_opt)
AC_SUBST(lib_crypt)
@@ -545,5 +554,6 @@
AC_SUBST(lib_gen)
AC_SUBST(lib_pthread)
AC_SUBST(lib_rt)
+AC_SUBST(lib_selinux)
AC_OUTPUT(rules.cnf)
--- conf/rules.cnf.in
+++ conf/rules.cnf.in
@@ -17,6 +17,7 @@
LIB_ACL= @lib_acl@ # Full (test/set) ACL users like star
LIB_ACL_TEST= @lib_acl_test@ # Test only ACL users like libfind
LIB_ATTR = @lib_attr@
+LIB_SELINUX = @lib_selinux@
LIB_SECDB = @lib_secdb@
LIB_GEN = @lib_gen@
LIB_PTHREAD = @lib_pthread@
--- star/Makefile
+++ star/Makefile
@@ -25,6 +25,7 @@
CPPOPTS += -DUSE_FIND
CPPOPTS += -DUSE_ACL
CPPOPTS += -DUSE_XATTR
+CPPOPTS += -DWITH_SELINUX
CPPOPTS += -DUSE_FFLAGS
CPPOPTS += -DCOPY_LINKS_DELAYED
CPPOPTS += -DSTAR_FAT
@@ -48,7 +49,7 @@
#LIBS= -lunos
#LIBS= -lschily -lc /usr/local/lib/gcc-gnulib
-LIBS= -ldeflt -lrmt -lfind -lschily $(LIB_ACL) $(LIB_ATTR) $(LIB_SOCKET) $(LIB_INTL)
+LIBS= -ldeflt -lrmt -lfind -lschily $(LIB_ACL) $(LIB_ATTR) $(LIB_SELINUX) $(LIB_SOCKET) $(LIB_INTL)
#
# Wenn -lfind, dann auch $(LIB_INTL)
#
--- star/extract.c
+++ star/extract.c
@@ -238,6 +238,16 @@
if (prblockno)
(void) tblocks(); /* set curblockno */
+#ifdef WITH_SELINUX
+ if (!to_stdout && selinux_enabled) {
+ if (setselinux(&finfo) == FALSE) {
+ errmsgno(EX_BAD,
+ "Can not setup security context for '%s'. Not created.\n",
+ finfo.f_name);
+ }
+ }
+#endif
+
if (is_volhdr(&finfo)) {
if (!get_volhdr(&finfo, vhname)) {
excomerrno(EX_BAD,
--- star/pax.mk
+++ star/pax.mk
@@ -18,6 +18,7 @@
CPPOPTS += -DUSE_FIND
CPPOPTS += -DUSE_ACL
CPPOPTS += -DUSE_XATTR
+CPPOPTS += -DWITH_SELINUX
CPPOPTS += -DUSE_FFLAGS
CPPOPTS += -DPAX
CPPOPTS += -DSCHILY_PRINT
@@ -35,7 +36,7 @@
HFILES= star.h starsubs.h dirtime.h xtab.h xutimes.h \
movearch.h table.h props.h fifo.h diff.h \
checkerr.h dumpdate.h bitstring.h
-LIBS= -ldeflt -lrmt -lfind -lschily $(LIB_ACL) $(LIB_ATTR) $(LIB_SOCKET) $(LIB_INTL)
+LIBS= -ldeflt -lrmt -lfind -lschily $(LIB_ACL) $(LIB_ATTR) $(LIB_SELINUX) $(LIB_SOCKET) $(LIB_INTL)
XMK_FILE= spaxman.mk
###########################################################################
--- star/star.c
+++ star/star.c
@@ -39,6 +39,11 @@
#include <schily/idcache.h>
#include "fifo.h" /* Needed for #undef FIFO */
#include "dumpdate.h"
+
+#ifdef WITH_SELINUX
+int selinux_enabled=0;
+#endif
+
#ifdef USE_FIND
#include <schily/walk.h>
#include <schily/find.h>
@@ -387,6 +392,11 @@
#endif
comerr("Panic cannot set back effective uid.\n");
}
+
+#ifdef WITH_SELINUX
+ selinux_enabled = is_selinux_enabled() > 0;
+#endif
+
my_uid = geteuid();
/*
* WARNING: We now are no more able to open a new remote connection
--- star/starsubs.h
+++ star/starsubs.h
@@ -304,6 +304,11 @@
extern BOOL get_xattr __PR((register FINFO *info));
extern BOOL set_xattr __PR((register FINFO *info));
extern void free_xattr __PR((star_xattr_t **xattr));
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+extern BOOL setselinux __PR((register FINFO *info));
+extern int selinux_enabled;
+#endif
#endif
/*
--- star/xattr.c
+++ star/xattr.c
@@ -196,6 +196,27 @@
#endif /* USE_XATTR */
}
+#ifdef WITH_SELINUX
+EXPORT BOOL
+setselinux(info)
+ register FINFO *info;
+{
+#if defined(USE_XATTR) && defined(HAVE_SETXATTR) && defined(WITH_SELINUX)
+ if (info->f_xattr) {
+ star_xattr_t *xap;
+ for (xap = info->f_xattr; xap->name != NULL; xap++) {
+ if (strcmp(xap->name, "security.selinux") == 0) {
+ if (setfscreatecon(xap->value)) {
+ return FALSE;
+ }
+ }
+ }
+ }
+#endif /* USE_XATTR && WITH_SELINUX */
+ return TRUE;
+}
+#endif
+
/* ARGSUSED */
EXPORT BOOL
set_xattr(info)
@@ -209,6 +230,10 @@
return (TRUE);
for (xap = info->f_xattr; xap->name != NULL; xap++) {
+#ifdef WITH_SELINUX
+ if (selinux_enabled && (strcmp(xap->name, "security.selinux") == 0))
+ continue;
+#endif
if (lsetxattr(info->f_name, xap->name, xap->value,
xap->value_len, 0) != 0) {
if (!errhidden(E_SETXATTR, info->f_name)) {
