*
* Port to busybox: KaiGai Kohei <kaigai@kaigai.gr.jp>
* - based on coreutils-5.97 (in Fedora Core 6)
+ *
+ * Licensed under GPLv2, see file LICENSE in this source tree.
*/
-#include "busybox.h"
+
+//usage:#define runcon_trivial_usage
+//usage: "[-c] [-u USER] [-r ROLE] [-t TYPE] [-l RANGE] PROG ARGS\n"
+//usage: "runcon CONTEXT PROG ARGS"
+//usage:#define runcon_full_usage "\n\n"
+//usage: "Run PROG in a different security context\n"
+//usage: "\n CONTEXT Complete security context\n"
+//usage: IF_FEATURE_RUNCON_LONG_OPTIONS(
+//usage: "\n -c,--compute Compute process transition context before modifying"
+//usage: "\n -t,--type=TYPE Type (for same role as parent)"
+//usage: "\n -u,--user=USER User identity"
+//usage: "\n -r,--role=ROLE Role"
+//usage: "\n -l,--range=RNG Levelrange"
+//usage: )
+//usage: IF_NOT_FEATURE_RUNCON_LONG_OPTIONS(
+//usage: "\n -c Compute process transition context before modifying"
+//usage: "\n -t TYPE Type (for same role as parent)"
+//usage: "\n -u USER User identity"
+//usage: "\n -r ROLE Role"
+//usage: "\n -l RNG Levelrange"
+//usage: )
+
#include <getopt.h>
#include <selinux/context.h>
#include <selinux/flask.h>
+#include "libbb.h"
+
static context_t runcon_compute_new_context(char *user, char *role, char *type, char *range,
char *command, int compute_trans)
{
security_context_t cur_context;
if (getcon(&cur_context))
- bb_error_msg_and_die("cannot get current context");
+ bb_error_msg_and_die("can't get current context");
if (compute_trans) {
security_context_t file_context, new_context;
if (getfilecon(command, &file_context) < 0)
- bb_error_msg_and_die("cannot retrieve attributes of '%s'",
+ bb_error_msg_and_die("can't retrieve attributes of '%s'",
command);
if (security_compute_create(cur_context, file_context,
SECCLASS_PROCESS, &new_context))
if (!con)
bb_error_msg_and_die("'%s' is not a valid context", cur_context);
if (user && context_user_set(con, user))
- bb_error_msg_and_die("failed to set new user '%s'", user);
+ bb_error_msg_and_die("can't set new user '%s'", user);
if (type && context_type_set(con, type))
- bb_error_msg_and_die("failed to set new type '%s'", type);
+ bb_error_msg_and_die("can't set new type '%s'", type);
if (range && context_range_set(con, range))
- bb_error_msg_and_die("failed to set new range '%s'", range);
+ bb_error_msg_and_die("can't set new range '%s'", range);
if (role && context_role_set(con, role))
- bb_error_msg_and_die("failed to set new role '%s'", role);
+ bb_error_msg_and_die("can't set new role '%s'", role);
return con;
}
#if ENABLE_FEATURE_RUNCON_LONG_OPTIONS
-static const struct option runcon_options[] = {
- { "user", 1, NULL, 'u' },
- { "role", 1, NULL, 'r' },
- { "type", 1, NULL, 't' },
- { "range", 1, NULL, 'l' },
- { "compute", 0, NULL, 'c' },
- { "help", 0, NULL, 'h' },
- { NULL, 0, NULL, 0 },
-};
+static const char runcon_longopts[] ALIGN1 =
+ "user\0" Required_argument "u"
+ "role\0" Required_argument "r"
+ "type\0" Required_argument "t"
+ "range\0" Required_argument "l"
+ "compute\0" No_argument "c"
+ "help\0" No_argument "h"
+ ;
#endif
#define OPTS_ROLE (1<<0) /* r */
#define OPTS_HELP (1<<5) /* h */
#define OPTS_CONTEXT_COMPONENT (OPTS_ROLE | OPTS_TYPE | OPTS_USER | OPTS_RANGE)
-int runcon_main(int argc, char *argv[]);
-int runcon_main(int argc, char *argv[])
+int runcon_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
+int runcon_main(int argc UNUSED_PARAM, char **argv)
{
char *role = NULL;
char *range = NULL;
selinux_or_die();
#if ENABLE_FEATURE_RUNCON_LONG_OPTIONS
- applet_long_options = runcon_options;
+ applet_long_options = runcon_longopts;
#endif
opt_complementary = "-1";
- opts = getopt32(argc, argv, "r:t:u:l:ch", &role, &type, &user, &range);
+ opts = getopt32(argv, "r:t:u:l:ch", &role, &type, &user, &range);
argv += optind;
if (!(opts & OPTS_CONTEXT_COMPONENT)) {
context = *argv++;
if (!argv[0])
- bb_error_msg_and_die("no command found");
+ bb_error_msg_and_die("no command given");
}
if (context) {
context_str(con));
if (setexeccon(context_str(con)))
- bb_error_msg_and_die("cannot set up security context '%s'",
+ bb_error_msg_and_die("can't set up security context '%s'",
context_str(con));
- execvp(argv[0], argv);
-
- bb_perror_msg_and_die("cannot execute '%s'", command);
- return 1;
+ BB_EXECVP_or_die(argv);
}
projects / oweals / busybox.git / blobdiff