pptp & pppd_devpts_t
by Paul Howarth
Having rebooted into kernel 2.6.13-1.1532_FC4 at the weekend, I found
that I couldn't get a connection to my ISP (using pptp) until I added
the following rule:
allow pptp_t pppd_devpts_t:chr_file { read write };
I can't figure out what has changed that makes this necessary; pptp was
working just fine until the reboot.
(the machine had not been rebooted for several weeks so it's not easy to
tell which policy or kernel update actually introduced this issue)
Any ideas?
Paul.
18 years, 6 months
New prompt at login time
by Allen, Jack
I have posted this on the redhat-list and the pam-list an no one
responded. So I am trying here. Hopefully someone will have something to
say that will help.
I ran up2date yesterday (now a few days ago) and have my system
completely up to
date. I rebooted this morning (now a few days ago) and now when I login
via telnet, yes that
is just plain old telnet, not ssh, I get the following:
========
Red Hat Enterprise Linux AS release 4 (Nahant Update 2)
Kernel 2.6.9-22.ELsmp on an i686
login: jca
Password:
Your default context is user_u:system_r:unconfined_t.
Do you want to choose a different one? [n]
========
I just entered a CR and thought this would be a one time things. But it
is not. While the prompt was being displayed I did a who and it does not
show me logged in yet. I did a ps -ef | grep log and see a login process
with the host name and -p option. So it appears the prompt is coming
from the login program or its calls to some PAM routine.
Does anybody know where this is controlled so I can set a
default and not be prompted each time?
Also exactly what is this controlling?
If I do id, it shows context=user_u:system_r:unconfined_t
Some things I have been able to find out and more questions.
I did man -k context and discovered the get_default_context routine.
Doing
man get_default_context tells me about get_default_context_list
get_ordered_context_list queries the SE Linux policy database in the
kernel and some configuration files to determine an ordered list of
contexts that may be used for login sessions. The list must be freed
with freeconary. The possible roles and domains will be read from
/etc/security/default_contexts and .default_contexts in the home
directory of the user in question.
My question now is what is the format of the files listed above?
manual_user_enter_context allows the user to manually enter a context
as a fallback if a list of authorized contexts could not be obtained.
Caller must free via freecon.
So I assume this is why I am getting prompted.
I found default_contexts in /etc/selinux/targeted/contexts and it
contains:
system_r:unconfined_t system_r:unconfined_t
I also found that if I removed the multiple option for pam_selinux.so,
in remote located in /etc/pam.d, I do not get the prompt. So is this the
correct place to correct this? That is the next time I run up2date and
there is an update to remote is it going to get replaced and I will have
to remove it again? Or is there another place that controls this that
would be better to change.
Thanks:
Jack Allen
18 years, 7 months
zip unzip - restore xattr patches
by Debora Velarde
Below are patches to zip and unzip that will allow administrators to
restore extended attributes.
I understand star already does this, but this gives administrators another
option.
Usage:
zip
Will store extended attributes in the archive file by default unless the
existing option:
"-X eXclude eXtra file attributes" is used.
unzip
Will NOT restore extended attributes by default.
Will only restore extended attributes if used with the new option:
"-E restore extended attributes".
The new -E option can only be used in conjunction with the existing:
"-X restore UID/GID info" option.
Users can still choose to restore only the UID/GID info with the existing
'-X' option.
Please send me any feedback.
Thanks,
debora
diff -urpN zip-2.3.orig/unix/Makefile zip-2.3/unix/Makefile
--- zip-2.3.orig/unix/Makefile 2005-10-10 13:55:45.000000000 -0500
+++ zip-2.3/unix/Makefile 2005-10-24 15:38:44.000000000 -0500
@@ -59,7 +59,7 @@ OBJN = zipnote.o $(OBJU)
OBJC = zipcloak.o $(OBJU) crctab.o crypt_.o ttyio.o
OBJS = zipsplit.o $(OBJU)
-ZIP_H = zip.h ziperr.h tailor.h unix/osdep.h
+ZIP_H = zip.h ziperr.h tailor.h unix/osdep.h unix/xattr.h
# suffix rules
.SUFFIXES:
diff -urpN zip-2.3.orig/unix/unix.c zip-2.3/unix/unix.c
--- zip-2.3.orig/unix/unix.c 2005-10-10 13:55:45.000000000 -0500
+++ zip-2.3/unix/unix.c 2005-10-24 15:38:44.000000000 -0500
@@ -11,6 +11,7 @@
#ifndef UTIL /* the companion #endif is a bit of ways down ... */
#include <time.h>
+#include "xattr.h"
#if defined(MINIX) || defined(__mpexl)
# ifdef S_IWRITE
@@ -40,6 +41,8 @@
# endif
#endif /* HAVE_DIRENT_H || _POSIX_VERSION */
+#include <attr/xattr.h>
+
#define PAD 0
#define PATH_END '/'
@@ -436,19 +439,80 @@ int set_extra_field(z, z_utim)
struct stat s;
#endif
+char * xa_list;
+char * xa_name;
+char * xa_value;
+ssize_t xa_list_len=0;
+ssize_t xa_name_len=0;
+ssize_t xa_value_len=0;
+int value_len=0;
+int largest_value_len=0;
+int ext_index=0;
+int xa_pairs_found=0;
+int value_index=1;
+int i=0, j=0;
+
/* For the full sized UT local field including the UID/GID fields, we
* have to stat the file again. */
if (LSSTAT(z->name, &s))
return ZE_OPEN;
+
#define EB_L_UT_SIZE (EB_HEADSIZE + EB_UT_LEN(2))
#define EB_C_UT_SIZE (EB_HEADSIZE + EB_UT_LEN(1))
#define EB_L_UX2_SIZE (EB_HEADSIZE + EB_UX2_MINLEN)
#define EB_C_UX2_SIZE EB_HEADSIZE
-#define EF_L_UNIX_SIZE (EB_L_UT_SIZE + EB_L_UX2_SIZE)
-#define EF_C_UNIX_SIZE (EB_C_UT_SIZE + EB_C_UX2_SIZE)
+#define EB_L_XA_SIZE (EB_HEADSIZE + EB_XA_MINLEN)
+#define EB_C_XA_SIZE EB_HEADSIZE
- if ((z->extra = (char *)malloc(EF_L_UNIX_SIZE)) == NULL)
+ /* Get size of xattr name list */
+ /* Calling listxattr with NULL and zero returns the size */
+ xa_list_len = listxattr(z->name, NULL, 0);
+
+ if (xa_list_len > 0) {
+
+ /* now that we know the size, alloc space for list */
+ if ((xa_list = malloc(xa_list_len+1)) == NULL)
+ return ZE_MEM;
+
+ /* Get the list of xattr names */
+ xa_list_len = listxattr(z->name, xa_list, xa_list_len);
+ if (xa_list_len < 0)
+ return ZE_XATTR;
+ xa_name = xa_list;
+ xa_name_len = xa_list_len;
+
+ /* figure out how many xattr names there are in the list */
+ xa_pairs_found=get_xattr_count(xa_list, xa_list_len);
+ if (xa_pairs_found < 1)
+ return ZE_XATTR;
+
+ /* Need to figure out the largest value_len before calling malloc */
+ /* also need the sum of all value_lens; store it in xa_value_len */
+ for (value_index=1; value_index <= xa_pairs_found; value_index++) {
+ xa_name=get_xattr_name(xa_list, xa_list_len, value_index);
+ if (xa_name == (char *)NULL)
+ return ZE_XATTR;
+ value_len=getxattr(z->name, xa_name, xa_value, 0);
+ if (value_len < 0)
+ return ZE_XATTR;
+ if (value_len > largest_value_len)
+ largest_value_len = value_len;
+ xa_value_len=xa_value_len + value_len + 1;
+ }
+ if ((xa_value = malloc(largest_value_len+1)) == NULL)
+ return ZE_MEM;
+ }
+
+#define EB_L_XN_SIZE (EB_HEADSIZE + EB_XA_MINLEN + xa_name_len)
+#define EB_C_XN_SIZE EB_HEADSIZE
+#define EB_L_XV_SIZE (EB_HEADSIZE + EB_XA_MINLEN + xa_value_len)
+#define EB_C_XV_SIZE EB_HEADSIZE
+#define EF_L_UNIX_SIZE (EB_L_UT_SIZE + EB_L_UX2_SIZE + EB_L_XA_SIZE +
EB_L_XN_SIZE + EB_L_XV_SIZE)
+#define EF_C_UNIX_SIZE (EB_C_UT_SIZE + EB_C_UX2_SIZE + EB_C_XA_SIZE +
EB_C_XN_SIZE + EB_C_XV_SIZE)
+
+ z->ext = EF_L_UNIX_SIZE;
+ if ((z->extra = (char *)malloc(z->ext)) == NULL)
return ZE_MEM;
if ((z->cextra = (char *)malloc(EF_C_UNIX_SIZE)) == NULL)
return ZE_MEM;
@@ -474,7 +538,71 @@ int set_extra_field(z, z_utim)
z->extra[18] = (char)(s.st_uid >> 8);
z->extra[19] = (char)(s.st_gid);
z->extra[20] = (char)(s.st_gid >> 8);
- z->ext = EF_L_UNIX_SIZE;
+ z->extra[21] = 'X';
+ z->extra[22] = 'A';
+ z->extra[23] = (char) xa_pairs_found; /* Number of xattr attributes*/
+ z->extra[24] = 0;
+ z->extra[25] = 'X';
+ z->extra[26] = 'N';
+ z->extra[27] = (char) xa_name_len; /* length of xattr name list*/
+ z->extra[28] = 0;
+
+ ext_index=29;
+
+ if (xa_list_len > 0) {
+
+/* Put all the xattr names in extra field */
+ for (i=1; i<=xa_pairs_found; i++) {
+ xa_name=get_xattr_name(xa_list, xa_list_len, i);
+ if (xa_name == (char *)NULL)
+ return ZE_XATTR;
+ xa_name_len=strlen(xa_name);
+ if (xa_name_len < 1)
+ return ZE_XATTR;
+ for (j=0; j<xa_name_len; j++) {
+ z->extra[ext_index+j]=(char) xa_name[j];
+ }
+ ext_index = ext_index+j;
+ z->extra[ext_index] = '\0';
+ ext_index++;
+ }
+
+ z->extra[ext_index] = 'X';
+ ext_index++;
+ z->extra[ext_index] = 'V';
+ ext_index++;
+ z->extra[ext_index] = (char) xa_value_len; /* length of xattr
value list*/
+ ext_index++;
+ z->extra[ext_index] = 0;
+ ext_index++;
+
+/* Put all the xattr values in extra field */
+ for (value_index=1; value_index <= xa_pairs_found; value_index++) {
+ xa_name=get_xattr_name(xa_list, xa_list_len, value_index);
+ if (xa_name == (char *)NULL)
+ return ZE_XATTR;
+ value_len=getxattr(z->name, xa_name, xa_value, 0);
+ if (value_len < 1)
+ return ZE_XATTR;
+ xa_value=memset(xa_value, 0, largest_value_len+1);
+ if (xa_value == (char *) NULL)
+ return ZE_MEM;
+ value_len=getxattr(z->name, xa_name, xa_value, value_len);
+ if (value_len < 1)
+ return ZE_XATTR;
+
+ for (j=0; j<value_len; j++) {
+ z->extra[ext_index+j]=(char) xa_value[j];
+ }
+ ext_index = ext_index+j;
+ z->extra[ext_index] = '\0';
+ ext_index++;
+ }
+
+ } /* if xa_list_len > 0 */
+
+ free(xa_list);
+ free(xa_value);
memcpy(z->cextra, z->extra, EB_C_UT_SIZE);
z->cextra[EB_LEN] = (char)EB_UT_LEN(1);
diff -urpN zip-2.3.orig/unix/xattr.h zip-2.3/unix/xattr.h
--- zip-2.3.orig/unix/xattr.h 1969-12-31 18:00:00.000000000 -0600
+++ zip-2.3/unix/xattr.h 2005-10-24 15:42:43.000000000 -0500
@@ -0,0 +1,67 @@
+/*
+ Copyright (C) 2005 IBM Corporation
+ Copyright (c) 1990-1999 Info-ZIP. All rights reserved.
+
+ See the accompanying file LICENSE, version 1999-Oct-05 or later
+ (the contents of which are also included in zip.h) for terms of use.
+ If, for some reason, both of these files are missing, the Info-ZIP
license
+ also may be found at: ftp://ftp.cdrom.com/pub/infozip/license.html
+*/
+
+
+int get_xattr_count(char * xa_list, int xa_list_size)
+{
+/* xattr names have the form name1.name2 */
+/* A file can have any number of xattr name pairs */
+/* This function returns the number of name pairs found */
+/* If list passed in is NULL or list size is less than 1
+ function returns 0 */
+
+ int i=0;
+ int p=0;
+
+ if ( (xa_list == (char *) NULL) || (xa_list_size < 1))
+ return 0;
+
+ while (i < xa_list_size) {
+ if ( xa_list[i] != '\0') {
+ i++;
+ } else {
+ i++;
+ p++;
+ }
+ }
+ return p;
+}
+
+char * get_xattr_name(char * xa_list, int xa_list_size, int pair)
+{
+/* xattr names have the form name1.name2 */
+/* A file can have any number of xattr name pairs */
+/* This function returns a pointer to the specified name pair */
+/* If list is NULL or size or pair are less than 1, then
+ function returns NULL */
+
+ int i=0;
+ int p=1;
+ char * tmp;
+
+ tmp=NULL;
+
+ if ( (xa_list == (char *) NULL) || (xa_list_size < 1) || (pair < 1) )
+ return NULL;
+
+ while ( (i < xa_list_size) && ( p != pair) ) {
+ if ( xa_list[i] != '\0') {
+ i++;
+ } else {
+ i++;
+ p++;
+ }
+ }
+
+ if ( (p==pair) && (i < xa_list_size) )
+ tmp=&xa_list[i];
+
+ return tmp;
+}
diff -urpN zip-2.3.orig/zip.c zip-2.3/zip.c
--- zip-2.3.orig/zip.c 2005-10-10 14:11:49.000000000 -0500
+++ zip-2.3/zip.c 2005-10-24 15:38:44.000000000 -0500
@@ -980,7 +980,7 @@ char **argv; /* command line
zp_tz_is_valid = VALID_TIMEZONE(p);
#if (defined(AMIGA) || defined(DOS))
if (!zp_tz_is_valid)
- extra_fields = 0; /* disable storing "UT" time stamps and xatter
info*/
+ extra_fields = 0; /* disable storing "UT" time stamps */
#endif /* AMIGA || DOS */
#endif /* IZ_CHECK_TZ && USE_EF_UT_TIME */
diff -urpN zip-2.3.orig/ziperr.h zip-2.3/ziperr.h
--- zip-2.3.orig/ziperr.h 2005-10-10 13:55:45.000000000 -0500
+++ zip-2.3/ziperr.h 2005-10-24 15:38:44.000000000 -0500
@@ -31,8 +31,9 @@
#define ZE_CREAT 15 /* couldn't open to write */
#define ZE_PARMS 16 /* bad command line */
#define ZE_OPEN 18 /* could not open a specified file to
read */
+#define ZE_XATTR 19 /* xattr error occurred */
-#define ZE_MAXERR 18 /* the highest error number */
+#define ZE_MAXERR 19 /* the highest error number */
/* Macro to determine whether to call perror() or not */
#define PERR(e)
(e==ZE_READ||e==ZE_WRITE||e==ZE_CREAT||e==ZE_TEMP||e==ZE_OPEN)
@@ -58,6 +59,7 @@ char *errors[ZE_MAXERR] = {
/* 16 */ "Invalid command arguments",
/* 17 */ "",
/* 18 */ "File not found or no read permission"
+/* 19 */ "Extended attributes failure"
# ifdef AZTEC_C
, /* extremely lame compiler bug workaround */
# endif
diff -urpN zip-2.3.orig/zip.h zip-2.3/zip.h
--- zip-2.3.orig/zip.h 2005-10-10 13:55:45.000000000 -0500
+++ zip-2.3/zip.h 2005-10-24 15:38:44.000000000 -0500
@@ -171,6 +171,9 @@ struct plist {
#define EF_SPARK 0x4341 /* David Pilling's Acorn/SparkFS ("AC") */
#define EF_THEOS 0x6854 /* THEOS ("Th") */
#define EF_TANDEM 0x4154 /* Tandem NSK ("TA") */
+#define EF_XATTR 0x4158 /* XATTR ("XA") */
+#define EF_XA_NAME 0x4e58 /* XATTR NAME ("XN") */
+#define EF_XA_VALUE 0x5658 /* XATTR VALUE ("XV") */
/* Definitions for extra field handling: */
#define EF_SIZE_MAX ((unsigned)0xFFFF) /* hard limit of total e.f.
length */
@@ -199,6 +202,8 @@ struct plist {
#define EB_UX2_GID 2 /* byte offset of GID in "Ux" field data
*/
#define EB_UX2_VALID (1 << 8) /* UID/GID present */
+#define EB_XA_MINLEN 4 /* minimal XA field contains count */
+
/* ASCII definitions for line terminators in text files: */
#define LF 10 /* '\n' on ASCII machines; must be 10 due to
EBCDIC */
#define CR 13 /* '\r' on ASCII machines; must be 13 due to
EBCDIC */
diff -urpN zip-2.3.orig/zip.h.4gb zip-2.3/zip.h.4gb
--- zip-2.3.orig/zip.h.4gb 2005-10-10 13:55:45.000000000 -0500
+++ zip-2.3/zip.h.4gb 2005-10-24 15:38:44.000000000 -0500
@@ -171,6 +171,9 @@ struct plist {
#define EF_SPARK 0x4341 /* David Pilling's Acorn/SparkFS ("AC") */
#define EF_THEOS 0x6854 /* THEOS ("Th") */
#define EF_TANDEM 0x4154 /* Tandem NSK ("TA") */
+#define EF_XATTR 0x4158 /* XATTR ("XA") */
+#define EF_XA_NAME 0x4e58 /* XATTR NAME ("XN") */
+#define EF_XA_VALUE 0x5658 /* XATTR VALUE ("XV") */
/* Definitions for extra field handling: */
#define EF_SIZE_MAX ((unsigned)0xFFFF) /* hard limit of total e.f.
length */
@@ -199,6 +202,8 @@ struct plist {
#define EB_UX2_GID 2 /* byte offset of GID in "Ux" field data
*/
#define EB_UX2_VALID (1 << 8) /* UID/GID present */
+#define EB_XA_MINLEN 4 /* minimal XA field contains count */
+
/* ASCII definitions for line terminators in text files: */
#define LF 10 /* '\n' on ASCII machines; must be 10 due to
EBCDIC */
#define CR 13 /* '\r' on ASCII machines; must be 13 due to
EBCDIC */
diff -urpN zip-2.3.orig/zip.h.zip zip-2.3/zip.h.zip
--- zip-2.3.orig/zip.h.zip 2005-10-10 13:55:45.000000000 -0500
+++ zip-2.3/zip.h.zip 2005-10-24 15:38:44.000000000 -0500
@@ -170,6 +170,10 @@ struct plist {
#define EF_SPARK 0x4341 /* David Pilling's Acorn/SparkFS ("AC") */
#define EF_THEOS 0x6854 /* THEOS ("Th") */
#define EF_TANDEM 0x4154 /* Tandem NSK ("TA") */
+#define EF_XATTR 0x4158 /* XATTR ("XA") */
+#define EF_XA_NAME 0x4e58 /* XATTR NAME ("XN") */
+#define EF_XA_VALUE 0x5658 /* XATTR VALUE ("XV") */
+
/* Definitions for extra field handling: */
#define EF_SIZE_MAX ((unsigned)0xFFFF) /* hard limit of total e.f.
length */
@@ -198,6 +202,8 @@ struct plist {
#define EB_UX2_GID 2 /* byte offset of GID in "Ux" field data
*/
#define EB_UX2_VALID (1 << 8) /* UID/GID present */
+#define EB_XA_MINLEN 4 /* minimal XA field contains count */
+
/* ASCII definitions for line terminators in text files: */
#define LF 10 /* '\n' on ASCII machines; must be 10 due to
EBCDIC */
#define CR 13 /* '\r' on ASCII machines; must be 13 due to
EBCDIC */
diff -urpN unzip-5.51.orig/extract.c unzip-5.51/extract.c
--- unzip-5.51.orig/extract.c 2005-09-08 14:25:57.000000000 -0500
+++ unzip-5.51/extract.c 2005-10-24 16:09:09.000000000 -0500
@@ -1908,6 +1908,9 @@ static int TestExtraField(__G__ ef, ef_l
case EF_ASIUNIX:
case EF_IZVMS:
case EF_IZUNIX:
+ case EF_XATTR:
+ case EF_XA_NAME:
+ case EF_XA_VALUE:
case EF_VMCMS:
case EF_MVS:
case EF_SPARK:
diff -urpN unzip-5.51.orig/fileio.c unzip-5.51/fileio.c
--- unzip-5.51.orig/fileio.c 2005-09-08 14:25:57.000000000 -0500
+++ unzip-5.51/fileio.c 2005-10-24 16:09:09.000000000 -0500
@@ -1833,6 +1833,9 @@ int check_for_newer(__G__ filename) /*
#ifdef USE_EF_UT_TIME
iztimes z_utime;
#endif
+#ifdef USE_EF_XATTR
+ izxattr z_xattr;
+#endif
#ifdef AOS_VS
long dyy, dmm, ddd, dhh, dmin, dss;
@@ -1902,7 +1905,11 @@ int check_for_newer(__G__ filename) /*
G.tz_is_valid &&
#endif
(ef_scan_for_izux(G.extra_field, G.lrec.extra_field_length, 0,
+#ifdef USE_EF_XATTR
+ G.lrec.last_mod_dos_datetime, &z_utime, NULL,
&z_xattr)
+#else
G.lrec.last_mod_dos_datetime, &z_utime, NULL)
+#endif
& EB_UT_FL_MTIME))
{
TTrace((stderr, "check_for_newer: using Unix extra field
mtime\n"));
diff -urpN unzip-5.51.orig/list.c unzip-5.51/list.c
--- unzip-5.51.orig/list.c 2005-09-08 14:25:57.000000000 -0500
+++ unzip-5.51/list.c 2005-10-24 16:09:09.000000000 -0500
@@ -104,6 +104,9 @@ int list_files(__G) /* return PK-type
iztimes z_utime;
struct tm *t;
#endif
+#ifdef USE_EF_XATTR
+ izxattr z_xattr;
+#endif
unsigned yr, mo, dy, hh, mm;
ulg csiz;
unsigned long long tot_csize=0, tot_ucsize=0;
@@ -268,7 +271,12 @@ int list_files(__G) /* return PK-type
G.tz_is_valid &&
#endif
(ef_scan_for_izux(G.extra_field,
G.crec.extra_field_length, 1,
- G.crec.last_mod_dos_datetime, &z_utime,
NULL)
+ G.crec.last_mod_dos_datetime, &z_utime,
+#ifdef USE_EF_XATTR
+ NULL, &z_xattr)
+#else
+ NULL)
+#endif
& EB_UT_FL_MTIME))
{
TIMET_TO_NATIVE(z_utime.mtime) /* NOP unless MSC 7.0,
Mac */
@@ -509,6 +517,9 @@ int get_time_stamp(__G__ last_modtime, n
#ifdef USE_EF_UT_TIME
iztimes z_utime;
#endif
+#ifdef USE_EF_XATTR
+ iztimes z_xattr;
+#endif
min_info info;
@@ -594,7 +605,12 @@ int get_time_stamp(__G__ last_modtime, n
G.tz_is_valid &&
#endif
(ef_scan_for_izux(G.extra_field,
G.crec.extra_field_length, 1,
- G.crec.last_mod_dos_datetime, &z_utime,
NULL)
+ G.crec.last_mod_dos_datetime, &z_utime,
+#ifdef USE_EF_XATTR
+ NULL, &z_xattr)
+#else
+ NULL)
+#endif
& EB_UT_FL_MTIME))
{
if (*last_modtime < z_utime.mtime)
diff -urpN unzip-5.51.orig/Makefile unzip-5.51/Makefile
--- unzip-5.51.orig/Makefile 2005-09-08 14:25:57.000000000 -0500
+++ unzip-5.51/Makefile 2005-10-24 16:09:09.000000000 -0500
@@ -81,14 +81,14 @@ CRC32 = crc32
OSDEP_H =
# object files
-OBJS1 = unzip$O $(CRC32)$O crctab$O crypt$O envargs$O explode$O
+OBJS1 = unzip$O $(CRC32)$O crctab$O crypt$O envargs$O explode$O xattr$O
OBJS2 = extract$O fileio$O globals$O inflate$O list$O match$O
OBJS3 = process$O ttyio$O unreduce$O unshrink$O zipinfo$O
OBJS = $(OBJS1) $(OBJS2) $(OBJS3) $M$O
LOBJS = $(OBJS)
OBJSDLL = $(OBJS:.o=.pic.o) api.pic.o
OBJX = unzipsfx$O $(CRC32)$O crctab_$O crypt_$O extract_$O fileio_$O \
- globals_$O inflate_$O match_$O process_$O ttyio_$O $M_$O
+ globals_$O inflate_$O match_$O process_$O ttyio_$O xattr_$O $M_$O
LOBJX = $(OBJX)
OBJF = funzip$O $(CRC32)$O cryptf$O globalsf$O inflatef$O ttyiof$O
#OBJS_OS2 = $(OBJS1:.o=.obj) $(OBJS2:.o=.obj) os2.obj
@@ -300,6 +300,7 @@ ttyio$O: ttyio.c $(UNZIP_H) zip.h crypt.
unreduce$O: unreduce.c $(UNZIP_H)
unshrink$O: unshrink.c $(UNZIP_H)
unzip$O: unzip.c $(UNZIP_H) crypt.h unzvers.h consts.h
+xattr$O: xattr.c $(UNZIP_H)
zipinfo$O: zipinfo.c $(UNZIP_H)
unzipsfx$O: unzip.c $(UNZIP_H) crypt.h unzvers.h consts.h # unzipsfx
only
@@ -342,6 +343,11 @@ match_$O: match.c $(UNZIP_H) # unzips
$(CC) -c $(CF) -DSFX match_.c
$(RM) match_.c
+xattr_$O: xattr.c $(UNZIP_H) # unzipsfx
only
+ -$(CP) xattr.c xattr_.c
+ $(CC) -c $(CF) -DSFX xattr_.c
+ $(RM) xattr_.c
+
process_$O: process.c $(UNZIP_H) # unzipsfx
only
-$(CP) process.c process_.c
$(CC) -c $(CF) -DSFX process_.c
diff -urpN unzip-5.51.orig/process.c unzip-5.51/process.c
--- unzip-5.51.orig/process.c 2005-09-08 14:25:57.000000000 -0500
+++ unzip-5.51/process.c 2005-10-24 16:09:09.000000000 -0500
@@ -1300,15 +1300,22 @@ int process_local_file_hdr(__G) /* re
/*******************************/
/* Function ef_scan_for_izux() */
/*******************************/
-
+#ifdef USE_EF_XATTR
+unsigned ef_scan_for_izux(ef_buf, ef_len, ef_is_c, dos_mdatetime,
+ z_utim, z_uidgid, z_xattr)
+#else
unsigned ef_scan_for_izux(ef_buf, ef_len, ef_is_c, dos_mdatetime,
z_utim, z_uidgid)
+#endif
ZCONST uch *ef_buf; /* buffer containing extra field */
unsigned ef_len; /* total length of extra field */
int ef_is_c; /* flag indicating "is central extra field" */
ulg dos_mdatetime; /* last_mod_file_date_time in DOS format */
iztimes *z_utim; /* return storage: atime, mtime, ctime */
ush *z_uidgid; /* return storage: uid and gid */
+#ifdef USE_EF_XATTR
+ izxattr *z_xattr; /* return storage: xattr names, values, lens,
count */
+#endif
{
unsigned flags = 0;
unsigned eb_id;
@@ -1342,6 +1349,12 @@ unsigned ef_scan_for_izux(ef_buf, ef_len
if (ef_len == 0 || ef_buf == NULL || (z_utim == 0 && z_uidgid ==
NULL))
return 0;
+#ifdef USE_EF_XATTR
+ if (z_xattr == NULL)
+ return 0;
+ z_xattr->count=0;
+#endif
+
TTrace((stderr,"\nef_scan_for_izux: scanning extra field of length
%u\n",
ef_len));
@@ -1358,6 +1371,56 @@ unsigned ef_scan_for_izux(ef_buf, ef_len
}
switch (eb_id) {
+#ifdef USE_EF_XATTR
+ case EF_XATTR:
+ z_xattr->count=eb_len;
+ if (z_xattr->count > 0) {
+ ef_buf += EB_HEADSIZE;
+ ef_len -= EB_HEADSIZE;
+ eb_id = makeword(EB_ID + ef_buf);
+ } else {
+ break;
+ }
+ case EF_XA_NAME:
+ if (z_xattr->count > 0) {
+ ef_buf += EB_HEADSIZE;
+ ef_len -= EB_HEADSIZE;
+ if ((z_xattr->xa_name=malloc(ef_len)) == (char *)NULL)
{
+ Info(slide, 0x401, ((char *)slide,
+ LoadFarString(CannotAllocateBuffers)));
+ return 0;
+ }
+ z_xattr->xa_name_len=copy_xattr(ef_buf,
z_xattr->xa_name, z_xattr->count);
+ if (z_xattr->xa_name_len < 0) {
+ TTrace((stderr,
+ " XATTR name error; ignore e.f.!\n"));
+ break; /* stop scanning this
field */
+ }
+ ef_buf += z_xattr->xa_name_len;
+ ef_len -= z_xattr->xa_name_len;
+ } else {
+ break;
+ }
+ case EF_XA_VALUE:
+ if (z_xattr->count > 0) {
+ ef_buf += EB_HEADSIZE;
+ ef_len -= EB_HEADSIZE;
+ if ((z_xattr->xa_value=malloc(ef_len)) == (char
*)NULL) {
+ Info(slide, 0x401, ((char *)slide,
+ LoadFarString(CannotAllocateBuffers)));
+ return 0;
+ }
+ z_xattr->xa_value_len=copy_xattr(ef_buf,
z_xattr->xa_value, z_xattr->count);
+ if (z_xattr->xa_value_len <= 0) {
+ TTrace((stderr,
+ " XATTR value error; ignore e.f.!\n"));
+ break; /* stop scanning this
field */
+ }
+ ef_buf += z_xattr->xa_value_len;
+ ef_len -= z_xattr->xa_value_len;
+ }
+ break;
+#endif
case EF_TIME:
flags &= ~0x0ff; /* ignore previous IZUNIX or EF_TIME
fields */
have_new_type_eb = TRUE;
diff -urpN unzip-5.51.orig/unix/Makefile unzip-5.51/unix/Makefile
--- unzip-5.51.orig/unix/Makefile 2005-09-08 14:25:57.000000000
-0500
+++ unzip-5.51/unix/Makefile 2005-10-24 16:09:09.000000000 -0500
@@ -81,14 +81,14 @@ CRC32 = crc32
OSDEP_H =
# object files
-OBJS1 = unzip$O $(CRC32)$O crctab$O crypt$O envargs$O explode$O
+OBJS1 = unzip$O $(CRC32)$O crctab$O crypt$O envargs$O explode$O xattr$O
OBJS2 = extract$O fileio$O globals$O inflate$O list$O match$O
OBJS3 = process$O ttyio$O unreduce$O unshrink$O zipinfo$O
OBJS = $(OBJS1) $(OBJS2) $(OBJS3) $M$O
LOBJS = $(OBJS)
OBJSDLL = $(OBJS:.o=.pic.o) api.pic.o
OBJX = unzipsfx$O $(CRC32)$O crctab_$O crypt_$O extract_$O fileio_$O \
- globals_$O inflate_$O match_$O process_$O ttyio_$O $M_$O
+ globals_$O inflate_$O match_$O process_$O ttyio_$O xattr_$O $M_$O
LOBJX = $(OBJX)
OBJF = funzip$O $(CRC32)$O cryptf$O globalsf$O inflatef$O ttyiof$O
#OBJS_OS2 = $(OBJS1:.o=.obj) $(OBJS2:.o=.obj) os2.obj
@@ -300,6 +300,7 @@ ttyio$O: ttyio.c $(UNZIP_H) zip.h crypt.
unreduce$O: unreduce.c $(UNZIP_H)
unshrink$O: unshrink.c $(UNZIP_H)
unzip$O: unzip.c $(UNZIP_H) crypt.h unzvers.h consts.h
+xattr$O: xattr.c $(UNZIP_H)
zipinfo$O: zipinfo.c $(UNZIP_H)
unzipsfx$O: unzip.c $(UNZIP_H) crypt.h unzvers.h consts.h # unzipsfx
only
@@ -342,6 +343,11 @@ match_$O: match.c $(UNZIP_H) # unzips
$(CC) -c $(CF) -DSFX match_.c
$(RM) match_.c
+xattr_$O: xattr.c $(UNZIP_H) # unzipsfx
only
+ -$(CP) xattr.c xattr_.c
+ $(CC) -c $(CF) -DSFX xattr_.c
+ $(RM) xattr_.c
+
process_$O: process.c $(UNZIP_H) # unzipsfx
only
-$(CP) process.c process_.c
$(CC) -c $(CF) -DSFX process_.c
diff -urpN unzip-5.51.orig/unix/unix.c unzip-5.51/unix/unix.c
--- unzip-5.51.orig/unix/unix.c 2005-09-08 14:25:57.000000000 -0500
+++ unzip-5.51/unix/unix.c 2005-10-24 16:09:09.000000000 -0500
@@ -83,6 +83,7 @@ typedef struct uxdirattr { /* struc
int have_uidgid; /* flag */
ush uidgid[2];
char fnbuf[1]; /* buffer stub for directory name */
+ izxattr z_xattr; /* struct for xattr names and values */
} uxdirattr;
#define UxAtt(d) ((uxdirattr *)d) /* typecast shortcut */
#endif /* SET_DIR_ATTRIB */
@@ -932,12 +933,13 @@ int mkdir(path, mode)
#if (!defined(MTS) || defined(SET_DIR_ATTRIB))
-static int get_extattribs OF((__GPRO__ iztimes *pzt, ush z_uidgid[2]));
+static int get_extattribs OF((__GPRO__ iztimes *pzt, ush z_uidgid[2],
izxattr *pzxattr));
-static int get_extattribs(__G__ pzt, z_uidgid)
+static int get_extattribs(__G__ pzt, z_uidgid, pzxattr)
__GDEF
iztimes *pzt;
ush z_uidgid[2];
+ izxattr *pzxattr;
{
/*---------------------------------------------------------------------------
Convert from MSDOS-format local time and date to Unix-format 32-bit
GMT
@@ -957,7 +959,13 @@ static int get_extattribs(__G__ pzt, z_u
#else
pzt,
#endif
- z_uidgid) : 0);
+ z_uidgid,
+#ifdef USE_EF_XATTR
+ pzxattr) : 0);
+#else
+ NULL) : 0);
+#endif
+
if (eb_izux_flg & EB_UT_FL_MTIME) {
TTrace((stderr, "\nget_extattribs: Unix e.f. modif. time =
%ld\n",
pzt->mtime));
@@ -1000,7 +1008,14 @@ void close_outfile(__G) /* GRR: chang
ztimbuf t2; /* modtime, actime */
} zt;
ush z_uidgid[2];
+ izxattr z_xattr;
int have_uidgid_flg;
+ int rc=0;
+ char *name;
+ char *value;
+ int i;
+ int value_len;
+ int largest_value_len=0;
fchmod(fileno(G.outfile), 0400);
@@ -1090,7 +1105,7 @@ void close_outfile(__G) /* GRR: chang
}
#endif
- have_uidgid_flg = get_extattribs(__G__ &(zt.t3), z_uidgid);
+ have_uidgid_flg = get_extattribs(__G__ &(zt.t3), z_uidgid, &z_xattr);
/* if -X option was specified and we have UID/GID info, restore it */
if (have_uidgid_flg) {
@@ -1108,6 +1123,54 @@ void close_outfile(__G) /* GRR: chang
}
}
+#ifdef USE_EF_XATTR
+/* if -E option was specified attempt to restore extended attribute info
*/
+ if (uO.E_flag && (!have_uidgid_flg)) {
+ Info(slide, 0x201, ((char *)slide,
+ " (warning) unable to restore extended attributes for %s\n",
FnFilter1(G.filename)));
+ }
+ if (uO.E_flag && have_uidgid_flg) {
+ /* Restore extended attributes info */
+ if (z_xattr.count > 0) {
+ /* Need to figure out the largest value_len before calling
malloc */
+ for (i=1; i<=z_xattr.count; i++) {
+ name = get_xattr_name(z_xattr.xa_name,
z_xattr.xa_name_len, i);
+ value_len=getxattr(z_xattr.xa_name, name, value, 0);
+ if (value_len > largest_value_len)
+ largest_value_len = value_len;
+ }
+ if ((value = malloc(largest_value_len+1)) == (char *)NULL) {
+ Info(slide, 0x201, ((char *)slide,
+ "warning: xattr (%s) failed: no mem\n",
+ FnFilter1(G.filename)));
+ return;
+ } else {
+ /* Set all xattr name and value pairs */
+ for (i=1; i<=z_xattr.count; i++) {
+ name = get_xattr_name(z_xattr.xa_name,
z_xattr.xa_name_len, i);
+ if (name == (char *) NULL) {
+ Info(slide, 0x201, ((char *)slide,
+ " (warning) cannot restore extended attributes
for %s\n", FnFilter1(G.filename)));
+ }
+ value = get_xattr_value(z_xattr.xa_value,
z_xattr.xa_value_len, i);
+ if (value == (char *) NULL) {
+ Info(slide, 0x201, ((char *)slide,
+ " (warning) cannot restore extended attributes
for %s\n", FnFilter1(G.filename)));
+ }
+ rc = setxattr(G.filename, name, value, strlen(value),
0);
+ if (rc != 0) {
+ Info(slide, 0x201, ((char *)slide,
+ " (warning) cannot restore extended attributes
for %s\n", FnFilter1(G.filename)));
+ }
+ }
+ }
+ } else {
+ Info(slide, 0x201, ((char *)slide,
+ " (warning) cannot restore extended attributes for %s\n",
FnFilter1(G.filename)));
+ }
+ }
+#endif
+
/* set the file's access and modification times */
if (utime(G.filename, &(zt.t2))) {
#ifdef AOS_VS
@@ -1160,7 +1223,7 @@ int defer_dir_attribs(__G__ pd)
d_entry->perms = G.pInfo->file_attr;
d_entry->have_uidgid = get_extattribs(__G__ &(d_entry->u.t3),
- d_entry->uidgid);
+ d_entry->uidgid,
&(d_entry->z_xattr));
return PK_OK;
} /* end function defer_dir_attribs() */
diff -urpN unzip-5.51.orig/unix/unxcfg.h unzip-5.51/unix/unxcfg.h
--- unzip-5.51.orig/unix/unxcfg.h 2005-09-08 14:25:57.000000000
-0500
+++ unzip-5.51/unix/unxcfg.h 2005-10-24 16:09:09.000000000 -0500
@@ -122,6 +122,8 @@
#endif
#define RESTORE_UIDGID
+#define USE_EF_XATTR
+
/* Static variables that we have to add to Uz_Globs: */
#define SYSTEM_SPECIFIC_GLOBALS \
int created_dir, renamed_fullpath;\
diff -urpN unzip-5.51.orig/unzip.c unzip-5.51/unzip.c
--- unzip-5.51.orig/unzip.c 2005-09-08 14:25:57.000000000 -0500
+++ unzip-5.51/unzip.c 2005-10-24 16:09:09.000000000 -0500
@@ -143,6 +143,8 @@ static ZCONST char Far InvalidOptionsMsg
-fn or any combination of -c, -l, -p, -t, -u and -v options invalid\n";
static ZCONST char Far IgnoreOOptionMsg[] =
"caution: both -n and -o specified; ignoring -o\n";
+static ZCONST char Far InvalidEModifierMsg[] = "error:\
+ -E modifier cannot be used without -X modifier\n";
/* usage() strings */
#ifndef SFX
@@ -238,12 +240,30 @@ M pipe through \"more\" pager
#else /* !VMS */
#ifdef BEO_UNX
static ZCONST char Far local2[] = " -X restore UID/GID info";
+#ifdef USE_EF_XATTR
+#ifdef MORE
+ static ZCONST char Far local3[] = " \
+-E restore extended attributes -M pipe through \"more\"
pager\n";
+#else /* !MORE */
+ static ZCONST char Far local3[] = " \
+-E restore extended attributes\n";
+#endif
+#else /* !USE_EF_XATTR */
+#ifdef MORE
+ static ZCONST char Far local3[] = "\
+ -M pipe through \"more\"
pager\n";
+#else /* !MORE */
+ static ZCONST char Far local3[] = "\n";
+#endif
+#endif
+/*
#ifdef MORE
static ZCONST char Far local3[] = "\
-M pipe through \"more\"
pager\n";
#else
static ZCONST char Far local3[] = "\n";
#endif
+*/
#else /* !BEO_UNX */
#ifdef TANDEM
static ZCONST char Far local2[] = "\
@@ -1222,6 +1242,15 @@ int uz_opts(__G__ pargc, pargv)
}
break;
#endif /* MACOS */
+#ifdef UNIX
+ case ('E'): /* -E [UNIX] restore extended attributes */
+ if( negative ) {
+ uO.E_flag = FALSE, negative = 0;
+ } else {
+ uO.E_flag = TRUE;
+ }
+ break;
+#endif /* MACOS */
case ('f'): /* "freshen" (extract only newer files) */
if (negative)
uO.fflag = uO.uflag = FALSE, negative = 0;
@@ -1521,6 +1550,13 @@ opts_done: /* yes, very ugly...but only
Info(slide, 0x401, ((char *)slide,
LoadFarString(InvalidOptionsMsg)));
error = TRUE;
}
+#ifdef UNIX
+ if (uO.E_flag && (!uO.X_flag))
+ {
+ Info(slide, 0x401, ((char *)slide,
LoadFarString(InvalidEModifierMsg)));
+ error = TRUE;
+ }
+#endif
if (uO.aflag > 2)
uO.aflag = 2;
#ifdef VMS
diff -urpN unzip-5.51.orig/unzip.h unzip-5.51/unzip.h
--- unzip-5.51.orig/unzip.h 2005-09-08 14:25:57.000000000 -0500
+++ unzip-5.51/unzip.h 2005-10-24 16:09:09.000000000 -0500
@@ -438,6 +438,9 @@ typedef struct _UzpOpts {
#ifdef MACOS
int E_flag; /* -E: [MacOS] show Mac extra field during
restoring */
#endif
+#ifdef UNIX
+ int E_flag; /* -E: [Unix] restore extended attributes */
+#endif
int fflag; /* -f: "freshen" (extract only newer files) */
#if (defined(RISCOS) || defined(ACORN_FTYPE_NFS))
int acorn_nfs_ext; /* -F: RISC OS types & NFS filetype extensions */
@@ -571,6 +574,7 @@ typedef struct central_directory_file_he
#define PK_FIND 11 /* no files found */
#define PK_DISK 50 /* disk full */
#define PK_EOF 51 /* unexpected EOF */
+#define PK_XATTR 52 /* extended attributes error */
#define IZ_CTRLC 80 /* user hit ^C to terminate */
#define IZ_UNSUP 81 /* no files found: all unsup.
compr/encrypt. */
diff -urpN unzip-5.51.orig/unzpriv.h unzip-5.51/unzpriv.h
--- unzip-5.51.orig/unzpriv.h 2005-09-08 14:25:57.000000000 -0500
+++ unzip-5.51/unzpriv.h 2005-10-24 16:09:09.000000000 -0500
@@ -1433,6 +1433,9 @@
#define EF_THEOSO 0x4854 /* old Theos port */
#define EF_MD5 0x4b46 /* Fred Kantor's MD5 ("FK") */
#define EF_ASIUNIX 0x756e /* ASi's Unix ("nu") */
+#define EF_XATTR 0x4158 /* XATTR ("XA") */
+#define EF_XA_NAME 0x4e58 /* XATTR NAME ("XN") */
+#define EF_XA_VALUE 0x5658 /* XATTR VALUE ("XV") */
#define EB_HEADSIZE 4 /* length of extra field block header */
#define EB_ID 0 /* offset of block ID in header */
@@ -1459,6 +1462,8 @@
#define EB_UT_FL_ATIME (1 << 1) /* atime present */
#define EB_UT_FL_CTIME (1 << 2) /* ctime present */
+#define EB_XA_MINLEN 4 /* minimal XA size */
+
#define EB_FLGS_OFFS 4 /* offset of flags area in generic
compressed
extra field blocks (BEOS, MAC, and
others) */
#define EB_OS2_HLEN 4 /* size of OS2/ACL compressed data header
*/
@@ -1576,6 +1581,14 @@ typedef struct iztimes {
time_t ctime; /* used for creation time; NOT same as
st_ctime */
} iztimes;
+typedef struct izxattr {
+ char *xa_name; /* xattr names list */
+ char *xa_value; /* xattr values list */
+ ssize_t xa_name_len; /* size of xa_names list */
+ ssize_t xa_value_len; /* size of xa_value list */
+ int count; /* number of xattr name and value pairs */
+} izxattr;
+
#ifdef SET_DIR_ATTRIB
typedef struct direntry { /* head of system-specific struct holding
*/
struct direntry *next; /* defered directory attributes info */
@@ -1812,7 +1825,12 @@ int get_cdir_ent OF((__G
int process_local_file_hdr OF((__GPRO));
unsigned ef_scan_for_izux OF((ZCONST uch *ef_buf, unsigned ef_len,
int ef_is_c, ulg dos_mdatetime,
+#ifdef USE_EF_XATTR
+ iztimes *z_utim, ush *z_uidgid,
+ izxattr *z_xattr));
+#else
iztimes *z_utim, ush *z_uidgid));
+#endif
#if (defined(RISCOS) || defined(ACORN_FTYPE_NFS))
zvoid *getRISCOSexfield OF((ZCONST uch *ef_buf, unsigned
ef_len));
#endif
@@ -1850,6 +1868,15 @@ void fnprint OF((__G
#endif /* !SFX */
/*---------------------------------------------------------------------------
+ Functions in xattr.c:
+
---------------------------------------------------------------------------*/
+
+int get_xattr_count(char *xa_list, int xa_list_size);
+char * get_xattr_name(char *xa_list, int xa_list_size, int pair);
+char * get_xattr_value(char *xa_list, int xa_list_size, int pair);
+int copy_xattr(char *xa_list, char *new_list, int pair);
+
+/*---------------------------------------------------------------------------
Functions in fileio.c:
---------------------------------------------------------------------------*/
diff -urpN unzip-5.51.orig/xattr.c unzip-5.51/xattr.c
--- unzip-5.51.orig/xattr.c 1969-12-31 18:00:00.000000000 -0600
+++ unzip-5.51/xattr.c 2005-10-24 16:12:01.000000000 -0500
@@ -0,0 +1,127 @@
+/*
+*/
+/* xattr.c
+ *
+ * Author: Debora Velarde <dvelarde(a)us.ibm.com>
+ * Created: Sept 14, 2005
+ */
+
+
+#define __XATTR_C /* identifies this source module */
+#define UNZIP_INTERNAL
+#include "unzip.h"
+
+int get_xattr_count(char *xa_list, int xa_list_size)
+{
+/* xattr names have the form name1.name2 */
+/* A file can have any number of xattr name pairs */
+/* This function returns the number of name pairs found */
+/* If list passed in is NULL or list size is less than 1
+ function retunrs 0 */
+
+ int i=0;
+ int p=0;
+
+ if ( (xa_list == (char *) NULL) || (xa_list_size < 1))
+ return 0;
+
+
+ while (i < xa_list_size) {
+ if ( xa_list[i] != '\0') {
+ i++;
+ } else {
+ i++; //move index to one past \0
+ p++;
+ }
+ }
+
+ return p;
+}
+
+char * get_xattr_name(char *xa_list, int xa_list_size, int pair)
+{
+/* xattr names have the form name1.name2 */
+/* A file can have any number of xattr name pairs */
+/* This function returns a pointer to the specified name pair */
+/* If list is NULL or size or pair are less than 1, then
+ function returns NULL */
+
+ int i=0;
+ int p=1;
+ char *tmp;
+
+ tmp=NULL;
+
+ if ( (xa_list == (char *) NULL) || (xa_list_size < 1) || (pair < 1) )
+ return NULL;
+
+ while ( (i < xa_list_size) && ( p != pair) ) {
+ if ( xa_list[i] != '\0') {
+ i++;
+ } else {
+ i++; //move index to one past \0
+ p++;
+ }
+ }
+
+ if ( (p==pair) && (i < xa_list_size) )
+ tmp=&xa_list[i];
+
+ return tmp;
+}
+
+char * get_xattr_value(char *xa_list, int xa_list_size, int pair)
+{
+/* A file can have any number of xattr name and value pairs */
+/* This function returns a pointer to the specified value pair */
+/* If list is NULL or size or pair are less than 1, then
+ function returns NULL */
+
+ int i=0;
+ int p=1;
+ char *tmp;
+
+ tmp=NULL;
+
+ if ( (xa_list == (char *) NULL) || (xa_list_size < 1) || (pair < 1) )
+ return NULL;
+
+ while ( (i < xa_list_size) && ( p != pair) ) {
+ if ( xa_list[i] != '\0') {
+ i++;
+ } else {
+ i++; //move index to one past \0
+ p++;
+ }
+ }
+
+ if ( (p==pair) && (i < xa_list_size) )
+ tmp=&xa_list[i];
+
+ return tmp;
+}
+
+int copy_xattr(char *xa_list, char *new_list, int pair)
+{
+/* A file can have any number of xattr name and value pairs */
+/* This function copies all the names or value from xa_list to new_list
*/
+/* This function returns the size of new_list */
+/* If either list being copied or new list is NULL, then retunrs -1 */
+/* If pair is less than 1 returns -1 */
+
+ int i=0;
+ int p=0;
+
+ if ( (xa_list == (char *) NULL) || (new_list == (char *) NULL) ||
(pair < 1) )
+ return -1;
+
+ while ( p < pair ) {
+ new_list[i] = xa_list[i];
+ if ( xa_list[i] == '\0') {
+ p++;
+ }
+ i++;
+ }
+
+ return i;
+}
diff -urpN unzip-5.51.orig/zipinfo.c unzip-5.51/zipinfo.c
--- unzip-5.51.orig/zipinfo.c 2005-09-08 14:25:57.000000000 -0500
+++ unzip-5.51/zipinfo.c 2005-10-24 16:09:09.000000000 -0500
@@ -330,6 +330,8 @@ static ZCONST char Far efMD5[] = "Fred K
static ZCONST char Far efASiUnix[] = "ASi Unix";
static ZCONST char Far efTandem[] = "Tandem NSK";
static ZCONST char Far efTheos[] = "Theos";
+static ZCONST char Far efXAname[] = "xattr name";
+static ZCONST char Far efXAvalue[] = "xattr value";
static ZCONST char Far efUnknown[] = "unknown";
static ZCONST char Far OS2EAs[] = ".\n\
@@ -935,6 +937,9 @@ static int zi_long(__G__ pEndprev) /*
#ifdef USE_EF_UT_TIME
iztimes z_utime;
#endif
+#ifdef USE_EF_XATTR
+ izxattr z_xattr;
+#endif
int error, error_in_archive=PK_COOL;
unsigned hostnum, hostver, extnum, extver, methnum, xattr;
char workspace[12], attribs[22];
@@ -1076,7 +1081,12 @@ static int zi_long(__G__ pEndprev) /*
G.tz_is_valid &&
#endif
(ef_scan_for_izux(G.extra_field, G.crec.extra_field_length, 1,
- G.crec.last_mod_dos_datetime, &z_utime, NULL)
+ G.crec.last_mod_dos_datetime, &z_utime,
+#ifdef USE_EF_XATTR
+ NULL, &z_xattr)
+#else
+ NULL)
+#endif
& EB_UT_FL_MTIME))
{
TIMET_TO_NATIVE(z_utime.mtime) /* NOP unless MSC 7.0 or
Macintosh */
@@ -1422,6 +1432,12 @@ static int zi_long(__G__ pEndprev) /*
#endif
ef_fieldname = efTheos;
break;
+ case EF_XA_NAME:
+ ef_fieldname = efXAname;
+ break;
+ case EF_XA_VALUE:
+ ef_fieldname = efXAvalue;
+ break;
default:
ef_fieldname = efUnknown;
break;
@@ -1755,6 +1771,9 @@ static int zi_short(__G) /* return PK-
iztimes z_utime;
time_t *z_modtim;
#endif
+#ifdef USE_EF_XATTR
+ izxattr z_xattr;
+#endif
int k, error, error_in_archive=PK_COOL;
unsigned hostnum, hostver, methnum, xattr;
char *p, workspace[12], attribs[16];
@@ -2053,7 +2072,12 @@ static int zi_short(__G) /* return PK-
G.tz_is_valid &&
#endif
(ef_scan_for_izux(G.extra_field,
G.crec.extra_field_length, 1,
- G.crec.last_mod_dos_datetime, &z_utime,
NULL)
+ G.crec.last_mod_dos_datetime, &z_utime,
+#ifdef USE_EF_XATTR
+ NULL, &z_xattr)
+#else
+ NULL)
+#endif
& EB_UT_FL_MTIME)
? &z_utime.mtime : NULL;
TIMET_TO_NATIVE(z_utime.mtime) /* NOP unless MSC 7.0 or Macintosh
*/
18 years, 7 months
dbusd and netlink_selinux_socket ?
by Tom London
Running targeted/enforcing, latest rawhide.
dbusd on my system seems to be having problems starting:
Oct 24 06:48:20 localhost dbus-daemon: Can't send to audit system:
USER_AVC pid=2390 uid=0 loginuid=-1 message=avc: can't open netlink
socket: 13 (Permission denied)
and in audit.log:
type=AVC msg=audit(1130161700.864:93): avc: denied { create } for
pid=2390 comm="dbus-daemon"
scontext=system_u:system_r:system_dbusd_t:s0
tcontext=system_u:system_r:system_dbusd_t:s0
tclass=netlink_selinux_socket
type=SYSCALL msg=audit(1130161700.864:93): arch=40000003 syscall=102
success=no exit=-13 a0=1 a1=bfbaa750 a2=2c2248 a3=19a items=0 pid=2390
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 comm="dbus-daemon" exe="/usr/bin/dbus-daemon"
type=SOCKETCALL msg=audit(1130161700.864:93): nargs=3 a0=10 a1=3 a2=7
dbusd.te seems to want create_socket_perms (or
create_netlink_socket_perms) for self:netlink_selinux_socket
That right? Something else?
tom
--
Tom London
18 years, 7 months
AVC message problem
by Tom Diehl
Hi all,
Since upgrading to EL4-U2 I am getting the following avc messages in my logs:
Oct 23 14:46:21 pocono dbus: Can't send to audit system: USER_AVC pid=3064 uid=81 loginuid=-1 message=avc: denied { send_msg } for scontext=user_u:system_r:unconfined_t tcontext=user_u:system_r:initrc_t tclass=dbus
Can someone tell me how to go about fixing this, short of turning off selinux?
(pocono pts13) # rpm -qa | grep selinux
libselinux-1.19.1-7
libselinux-1.19.1-7
selinux-policy-targeted-1.17.30-2.110
libselinux-devel-1.19.1-7
(pocono pts13) # rpm -qa dbus
dbus-0.22-12.EL.5
(pocono pts13) # uname -r
2.6.9-22.ELsmp
(pocono pts13) #
I get hundreds of these a day. I have tried relabeling but no change.
The system arch is x86_64
Regards,
Tom Diehl tdiehl(a)rogueind.com Spamtrap address mtd123(a)rogueind.com
18 years, 7 months
NTPD vs SELinux question
by Martin Gregorie
I've had to disable SELinux protection on ntpd, which seems a bit
drastic, and would like to know if there's a more restrictive approach.
I'm using an MSF clock to pick up the Rugby (UK) time signal and a
specialised daemon to interrogate the clock. This daemon communicates
with ntpd via shared memory and is configured into ntpd as:
server 127.127.28.0 #SHM reference clock
fudge 127.127.1.0 stratum 2 refid "MSF"
Both daemons are running under the same (ntp) user. This worked under Fedora Core 1 without any problems, but under Core 3 during boot the log contained:
Oct 17 15:21:14 zoogz radioclkd[4639]: entering daemon mode
Oct 17 15:21:14 zoogz radioclkd[4639]: error unable to set real time
scheduling
Oct 17 15:21:14 zoogz radioclkd[4639]: error unable to lock memory pages
Oct 17 16:21:14 zoogz radioclkd: radioclkd startup succeeded
Oct 17 16:21:30 zoogz ntpdate[4649]: step time server 192.36.143.150
offset -0.0Oct 17 16:21:30 zoogz ntpd: succeeded
Oct 17 16:21:30 zoogz ntpd[4653]: ntpd 4.2.0a(a)1.1190-r Fri Aug 26
04:27:20 EDT 2Oct 17 16:21:30 zoogz ntpd: ntpd startup succeeded
Oct 17 16:21:30 zoogz ntpd[4653]: precision = 3.000 usec
Oct 17 16:21:30 zoogz ntpd[4653]: Listening on interface wildcard,
0.0.0.0#123
Oct 17 16:21:30 zoogz ntpd[4653]: Listening on interface wildcard,
::#123
Oct 17 16:21:30 zoogz ntpd[4653]: Listening on interface lo,
127.0.0.1#123
Oct 17 16:21:30 zoogz ntpd[4653]: Listening on interface eth0,
192.168.7.2#123
Oct 17 16:21:30 zoogz ntpd[4653]: kernel time sync status 0040
Oct 17 16:21:30 zoogz kernel: audit(1129562490.239:3): avc: denied {
ipc_owner } for pid=4653 comm="ntpd" capability=15
scontext=root:system_r:ntpd_t tcontext=root:system_r:ntpd_t
tclass=capability
Oct 17 16:21:30 zoogz ntpd[4653]: SHM shmget (unit 0): Permission denied
Oct 17 16:21:30 zoogz ntpd[4653]: configuration of 127.127.28.0 failed
Oct 17 16:21:30 zoogz ntpd[4653]: frequency initialized 126.404 PPM from
/var/liOct 17 16:24:49 zoogz ntpd[4653]: synchronized to 192.36.143.150,
stratum 1
I can get the MSF to connect to ntpd if I turn off SELinux protection
for ntpd, but this seems a bit drastic and in any case radioclkd is
still complaining that it can't turn on realtime scheduling or lock the
memory pages.
Is there a way to:
* allow radioclkd to set realtime scheduling
* allow radioclkd to lock memory pages
* allow ntpd to execute the shmget() call
without turning off SELinux protection for ntpd? What about allowing
radioclkd to set realtime scheduling and lock the required memory
pages?.
I apologise if I've sent this to the wrong list, but it seemed like the
best one from the content of the Fedora SELinux documentation and would
seen to be a general problem for at least some users who run ntpd.
Best regards,
Martin Gregorie
18 years, 7 months
Still issues with SElinux, NetworkManager, and ACPI suspend
by Matthew Saltzman
Recent versions of NetworkManager use dbus signals to control actions
related to suspend/resume (among others).
In enforcing mode, using selinux-policy-targeted-1.27.1-2.7.
The suspend script runs without error when executed from the command line,
but produces these errors when invoked by pressing the suspend key.
On suspend, /var/log/debug reports:
Oct 22 12:59:14 vincent52 dbus: Can't send to audit system: USER_AVC
pid=2180 uid=81 loginuid=-1 message=avc: denied { send_msg } for
msgtype=method_call interface=org.freedesktop.NetworkManager
member=sleep dest=org.freedesktop.NetworkManager spid=31524 tpid=2239
scontext=system_u:system_r:apmd_t
tcontext=system_u:system_r:NetworkManager_t tclass=dbus
On resume, /var/log/debug reports:
Oct 22 12:59:39 vincent52 dbus: Can't send to audit system: USER_AVC
pid=2180 uid=81 loginuid=-1 message=avc: denied { send_msg } for
msgtype=method_call interface=org.freedesktop.NetworkManager
member=wake dest=org.freedesktop.NetworkManager spid=31542 tpid=2239
scontext=system_u:system_r:apmd_t
tcontext=system_u:system_r:NetworkManager_t tclass=dbus
No messages appear in /var/log/audit/audit.log.
The relevant section of the suspend script is:
/usr/bin/dbus-send --system --dest=org.freedesktop.NetworkManager \
--type=method_call /org/freedesktop/NetworkManager \
org.freedesktop.NetworkManager.sleep
sync
echo -n "mem" > /sys/power/state
/usr/bin/dbus-send --system --dest=org.freedesktop.NetworkManager \
--type=method_call /org/freedesktop/NetworkManager \
org.freedesktop.NetworkManager.wake
Thanks.
--
Matthew Saltzman
Clemson University Math Sciences
mjs AT clemson DOT edu
http://www.math.clemson.edu/~mjs
18 years, 7 months
alot of selinux messages after todays rawhide update
by Jason Dravet
After updating my system to todays rawhide I see alot selinux related
messages. I am running selinux-policy-targeted-1.27.1-21. I see these
messages during boot and shutdown. I did a touch /autorelabel and reboot to
see if things got better but they remained the same. The first and third
messages (hwclock and fsck) have me concerned the most. Here are the
messages:
Oct 20 15:52:47 pcjason kernel: audit(1129823524.869:2): avc: denied { use
} for pid=417 comm="hwclock" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:hwclock_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=fd
Oct 20 15:52:50 pcjason kernel: audit(1129841541.911:3): avc: denied {
read } for pid=1164 comm="restorecon" name="VolGroup00-LogVol01" dev=tmpfs
ino=760 scontext=system_u:system_r:restorecon_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:51 pcjason kernel: audit(1129841544.332:4): avc: denied { use
} for pid=1204 comm="fsck" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:fsadm_t:s0 tcontext=system_u:system_r:kernel_t:s0
tclass=fd
Oct 20 15:52:51 pcjason kernel: audit(1129841544.660:5): avc: denied {
read } for pid=1214 comm="restorecon" name="VolGroup00-LogVol01" dev=tmpfs
ino=760 scontext=system_u:system_r:restorecon_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:51 pcjason kernel: audit(1129841544.948:6): avc: denied {
read } for pid=1215 comm="restorecon" name="VolGroup00-LogVol01" dev=tmpfs
ino=760 scontext=system_u:system_r:restorecon_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:51 pcjason kernel: audit(1129841546.084:7): avc: denied {
read } for pid=1257 comm="restorecon" name="VolGroup00-LogVol01" dev=tmpfs
ino=760 scontext=system_u:system_r:restorecon_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:51 pcjason kernel: audit(1129841546.456:8): avc: denied {
read } for pid=1262 comm="restorecon" name="VolGroup00-LogVol01" dev=tmpfs
ino=760 scontext=system_u:system_r:restorecon_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:51 pcjason kernel: audit(1129841546.772:9): avc: denied { use
} for pid=1263 comm="swapon" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:fsadm_t:s0 tcontext=system_u:system_r:kernel_t:s0
tclass=fd
Oct 20 15:52:51 pcjason kernel: audit(1129841551.160:10): avc: denied {
read } for pid=1439 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:51 pcjason kernel: audit(1129841551.228:11): avc: denied {
read } for pid=1441 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:51 pcjason kernel: audit(1129841551.256:12): avc: denied {
read } for pid=1443 comm="iwconfig" name="VolGroup00-LogVol01" dev=tmpfs
ino=760 scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:51 pcjason kernel: audit(1129841551.320:13): avc: denied {
read } for pid=1445 comm="ethtool" name="VolGroup00-LogVol01" dev=tmpfs
ino=760 scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:51 pcjason kernel: audit(1129841551.360:14): avc: denied {
read } for pid=1448 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:51 pcjason kernel: audit(1129841551.388:15): avc: denied {
use } for pid=1449 comm="arping" name="VolGroup00-LogVol01" dev=tmpfs
ino=760 scontext=system_u:system_r:netutils_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=fd
Oct 20 15:52:51 pcjason kernel: audit(1129841551.392:16): avc: denied {
read } for pid=1450 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:51 pcjason kernel: audit(1129841551.424:17): avc: denied {
use } for pid=1452 comm="arping" name="VolGroup00-LogVol01" dev=tmpfs
ino=760 scontext=system_u:system_r:netutils_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=fd
Oct 20 15:52:51 pcjason kernel: audit(1129841551.436:18): avc: denied {
read } for pid=1456 comm="ethtool" name="VolGroup00-LogVol01" dev=tmpfs
ino=760 scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:51 pcjason kernel: audit(1129841551.444:19): avc: denied {
read } for pid=1458 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:51 pcjason kernel: audit(1129841551.584:20): avc: denied {
read } for pid=1470 comm="ifconfig" name="VolGroup00-LogVol01" dev=tmpfs
ino=760 scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:51 pcjason kernel: audit(1129841551.816:21): avc: denied {
read } for pid=1508 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:51 pcjason kernel: audit(1129841551.828:22): avc: denied {
read } for pid=1511 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:51 pcjason kernel: audit(1129841551.844:23): avc: denied {
read } for pid=1514 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:51 pcjason kernel: audit(1129841551.856:24): avc: denied {
read } for pid=1516 comm="iwconfig" name="VolGroup00-LogVol01" dev=tmpfs
ino=760 scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:51 pcjason kernel: audit(1129841551.868:25): avc: denied {
read } for pid=1518 comm="ethtool" name="VolGroup00-LogVol01" dev=tmpfs
ino=760 scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:51 pcjason kernel: audit(1129841551.884:26): avc: denied {
read } for pid=1521 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:51 pcjason kernel: audit(1129841551.892:27): avc: denied {
use } for pid=1522 comm="arping" name="VolGroup00-LogVol01" dev=tmpfs
ino=760 scontext=system_u:system_r:netutils_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=fd
Oct 20 15:52:51 pcjason kernel: audit(1129841553.480:28): avc: denied {
use } for pid=1523 comm="arping" name="VolGroup00-LogVol01" dev=tmpfs
ino=760 scontext=system_u:system_r:netutils_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=fd
Oct 20 15:52:51 pcjason kernel: audit(1129841555.920:29): avc: denied {
read } for pid=1524 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:51 pcjason kernel: audit(1129841555.932:30): avc: denied {
read } for pid=1526 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:51 pcjason kernel: audit(1129841555.936:31): avc: denied {
use } for pid=1527 comm="arping" name="VolGroup00-LogVol01" dev=tmpfs
ino=760 scontext=system_u:system_r:netutils_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=fd
Oct 20 15:52:52 pcjason kernel: audit(1129841555.960:32): avc: denied {
read } for pid=1532 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:52 pcjason kernel: audit(1129841555.968:33): avc: denied {
read } for pid=1533 comm="ethtool" name="VolGroup00-LogVol01" dev=tmpfs
ino=760 scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:52 pcjason kernel: audit(1129841555.976:34): avc: denied {
read } for pid=1535 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:52 pcjason kernel: audit(1129841556.048:35): avc: denied {
read } for pid=1546 comm="ifconfig" name="VolGroup00-LogVol01" dev=tmpfs
ino=760 scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:52 pcjason kernel: audit(1129841556.308:36): avc: denied {
use } for pid=1563 comm="syslogd" name="VolGroup00-LogVol01" dev=tmpfs
ino=760 scontext=system_u:system_r:syslogd_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=fd
Oct 20 15:52:52 pcjason kernel: audit(1129841556.444:37): avc: denied {
use } for pid=1566 comm="klogd" name="VolGroup00-LogVol01" dev=tmpfs
ino=760 scontext=system_u:system_r:klogd_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=fd
Oct 20 15:52:52 pcjason kernel: audit(1129841556.748:38): avc: denied {
use } for pid=1583 comm="portmap" name="VolGroup00-LogVol01" dev=tmpfs
ino=760 scontext=system_u:system_r:portmap_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=fd
Oct 20 15:52:52 pcjason kernel: audit(1129841557.492:39): avc: denied {
use } for pid=1592 comm="auditd" name="VolGroup00-LogVol01" dev=tmpfs
ino=760 scontext=system_u:system_r:auditd_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=fd
Thanks,
Jason
18 years, 7 months
[RFC} sectioned package format
by Chad Sellers
Currently, module package files store policy modules and their corresponding
file_contexts in a format that is not extensible. Eventually, we would like
to be able to add other components to the package (e.g. default_contexts),
or modify the package file format. This was discussed on
fedora-selinux-list a few days ago. To accomplish this, we are proposing
the following simple module package file format.
Policy Package Header
The package begins with the package header. This contains the following
fields:
uint32_t magic_number;
uint32_t package_file_version;
uint32_t num_sections;
uint32_t section_offset;
...
uint32_t is a 4-byte datum stored in little-endian format. magic_number
identifies the file as a module package, and has a value of 0xf97c668f.
package_file_version identifies the version of the package file, and this
first version will be 1. num_sections gives the total number of sections in
this file, which is also the number of section_offset entries that follow.
section_offset identifies the offset in bytes from the beginning of the file
to the beginning of the section. These sections are always listed in
sequence, so the length of a given section is the difference between its
offset and the following offset, except the final section which ends with
the end of the file.
Sections
Sections are generic areas for data from the package perspective. They are
identified by a magic number at the beginning of the section, just as
current policy modules begin with a magic number. We will add a magic
number to the top of the file_contexts section as well to identify it.
Different kinds of sections can be added later simply by assigning them a
new magic number.
Please let us know what you think of this format, and if you see any
problems with it.
Thanks,
Chad Sellers
----------------------
Chad Sellers
Tresys Technology, LLC
csellers(a)tresys.com
(410)290-1411 x117
http://www.tresys.com
18 years, 7 months
Preserving Context with tar
by W. Scott wilburn
Sorry to be asking such a simple question. Is it possible to preserve
file contexts using tar? I would have thought -p would do this, but
it appears no, atleast on RHEL4 and FC4.
The reason to do this is a use tar to install modified config files on
new machines. Having to relabel after doing this is somewhat slow.
Perhaps there is a better solution?
Thanks,
Scott Wilburn
18 years, 7 months