lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1392556690.15615.97.camel@deadeye.wl.decadent.org.uk>
Date:	Sun, 16 Feb 2014 13:18:10 +0000
From:	Ben Hutchings <ben@...adent.org.uk>
To:	Richard Haines <richard_c_haines@...nternet.com>
Cc:	netdev@...r.kernel.org, selinux@...ho.nsa.gov
Subject: Re: [PATCH] ss: Add support for retrieving SELinux contexts

On Fri, 2014-02-14 at 15:20 +0000, Richard Haines wrote:
> The process SELinux contexts can be added to the output using the -Z
> option. Using the -z option will show the process and socket contexts (see
> the man page for details).
> For netlink sockets: if valid process show process context, if pid = 0
> show kernel initial context, if unknown show "not available".
> 
> Signed-off-by: Richard Haines <richard_c_haines@...nternet.com>
> ---
>  configure     |  16 +++
>  man/man8/ss.8 |  34 ++++++
>  misc/Makefile |  12 ++
>  misc/ss.c     | 375 ++++++++++++++++++++++++++++++++++++++++++++++++++--------
>  4 files changed, 387 insertions(+), 50 deletions(-)
> 
> diff --git a/configure b/configure
> index da01c19..854837e 100755
> --- a/configure
> +++ b/configure
> @@ -231,6 +231,19 @@ EOF
>      rm -f $TMPDIR/ipsettest.c $TMPDIR/ipsettest
>  }
>  
> +check_selinux()
> +# SELinux is a compile time option in the ss utility
> +{
> +	SELINUX_LIB=$(${PKG_CONFIG} --silence-errors libselinux --libs)
> +	if [ -n "$SELINUX_LIB" ]

This should be just:
	if pkg-config libselinux --exists

> +	then
> +	echo "HAVE_SELINUX:=y" >>Config
> +	echo "yes"
> +    else
> +	echo "no"
> +	fi
> +}
[...]
> --- a/misc/Makefile
> +++ b/misc/Makefile
> @@ -8,6 +8,18 @@ include ../Config
>  all: $(TARGETS)
>  
>  ss: $(SSOBJ)
> +ifeq ($(HAVE_SELINUX),y)
> +	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(SSOBJ) $(LDLIBS) -lselinux

This should use the output of 'pkg-config libselinux --libs'.

> +else
> +	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(SSOBJ) $(LDLIBS)
> +endif
> +
> +ss.o: ss.c
> +ifeq ($(HAVE_SELINUX),y)
> +	$(CC) $(CFLAGS) -DHAVE_SELINUX -c $+

This should use the output of 'pkg-config libselinux --cflags'.

> +else
> +	$(CC) $(CFLAGS) -c $+
> +endif
[...]

Ben.

-- 
Ben Hutchings
Any sufficiently advanced bug is indistinguishable from a feature.

Download attachment "signature.asc" of type "application/pgp-signature" (812 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ