2007-03-12 03:46:02 +05:30
|
|
|
/*
|
|
|
|
* runcon [ context |
|
|
|
|
* ( [ -c ] [ -r role ] [-t type] [ -u user ] [ -l levelrange ] )
|
|
|
|
* command [arg1 [arg2 ...] ]
|
|
|
|
*
|
|
|
|
* attempt to run the specified command with the specified context.
|
|
|
|
*
|
|
|
|
* -r role : use the current context with the specified role
|
|
|
|
* -t type : use the current context with the specified type
|
|
|
|
* -u user : use the current context with the specified user
|
|
|
|
* -l level : use the current context with the specified level range
|
|
|
|
* -c : compute process transition context before modifying
|
|
|
|
*
|
|
|
|
* Contexts are interpreted as follows:
|
|
|
|
*
|
|
|
|
* Number of MLS
|
|
|
|
* components system?
|
|
|
|
*
|
|
|
|
* 1 - type
|
|
|
|
* 2 - role:type
|
|
|
|
* 3 Y role:type:range
|
|
|
|
* 3 N user:role:type
|
|
|
|
* 4 Y user:role:type:range
|
|
|
|
* 4 N error
|
|
|
|
*
|
|
|
|
* Port to busybox: KaiGai Kohei <kaigai@kaigai.gr.jp>
|
|
|
|
* - based on coreutils-5.97 (in Fedora Core 6)
|
2008-12-07 06:22:58 +05:30
|
|
|
*
|
2010-08-16 23:44:46 +05:30
|
|
|
* Licensed under GPLv2, see file LICENSE in this source tree.
|
2007-03-12 03:46:02 +05:30
|
|
|
*/
|
2016-11-23 23:16:40 +05:30
|
|
|
//config:config RUNCON
|
2017-07-19 18:02:54 +05:30
|
|
|
//config: bool "runcon (6.6 kb)"
|
2016-11-23 23:16:40 +05:30
|
|
|
//config: default n
|
|
|
|
//config: depends on SELINUX
|
|
|
|
//config: help
|
2017-07-21 13:20:55 +05:30
|
|
|
//config: Enable support to run command in specified security context.
|
2016-11-23 23:16:40 +05:30
|
|
|
|
|
|
|
//applet:IF_RUNCON(APPLET(runcon, BB_DIR_USR_BIN, BB_SUID_DROP))
|
|
|
|
|
|
|
|
//kbuild:lib-$(CONFIG_RUNCON) += runcon.o
|
2011-04-11 06:59:49 +05:30
|
|
|
|
|
|
|
//usage:#define runcon_trivial_usage
|
|
|
|
//usage: "[-c] [-u USER] [-r ROLE] [-t TYPE] [-l RANGE] PROG ARGS\n"
|
|
|
|
//usage: "runcon CONTEXT PROG ARGS"
|
|
|
|
//usage:#define runcon_full_usage "\n\n"
|
|
|
|
//usage: "Run PROG in a different security context\n"
|
|
|
|
//usage: "\n CONTEXT Complete security context\n"
|
|
|
|
//usage: "\n -c Compute process transition context before modifying"
|
|
|
|
//usage: "\n -t TYPE Type (for same role as parent)"
|
|
|
|
//usage: "\n -u USER User identity"
|
|
|
|
//usage: "\n -r ROLE Role"
|
|
|
|
//usage: "\n -l RNG Levelrange"
|
|
|
|
|
2007-03-12 03:46:02 +05:30
|
|
|
#include <selinux/context.h>
|
2016-12-23 18:22:13 +05:30
|
|
|
/* from deprecated <selinux/flask.h>: */
|
|
|
|
#undef SECCLASS_PROCESS
|
|
|
|
#define SECCLASS_PROCESS 2
|
2007-03-12 03:46:02 +05:30
|
|
|
|
2007-05-27 00:30:18 +05:30
|
|
|
#include "libbb.h"
|
|
|
|
|
2007-03-12 03:46:02 +05:30
|
|
|
static context_t runcon_compute_new_context(char *user, char *role, char *type, char *range,
|
2013-01-14 20:27:44 +05:30
|
|
|
char *command, int compute_trans)
|
2007-03-12 03:46:02 +05:30
|
|
|
{
|
|
|
|
context_t con;
|
|
|
|
security_context_t cur_context;
|
|
|
|
|
|
|
|
if (getcon(&cur_context))
|
libbb: reduce the overhead of single parameter bb_error_msg() calls
Back in 2007, commit 0c97c9d43707 ("'simple' error message functions by
Loic Grenie") introduced bb_simple_perror_msg() to allow for a lower
overhead call to bb_perror_msg() when only a string was being printed
with no parameters. This saves space for some CPU architectures because
it avoids the overhead of a call to a variadic function. However there
has never been a simple version of bb_error_msg(), and since 2007 many
new calls to bb_perror_msg() have been added that only take a single
parameter and so could have been using bb_simple_perror_message().
This changeset introduces 'simple' versions of bb_info_msg(),
bb_error_msg(), bb_error_msg_and_die(), bb_herror_msg() and
bb_herror_msg_and_die(), and replaces all calls that only take a
single parameter, or use something like ("%s", arg), with calls to the
corresponding 'simple' version.
Since it is likely that single parameter calls to the variadic functions
may be accidentally reintroduced in the future a new debugging config
option WARN_SIMPLE_MSG has been introduced. This uses some macro magic
which will cause any such calls to generate a warning, but this is
turned off by default to avoid use of the unpleasant macros in normal
circumstances.
This is a large changeset due to the number of calls that have been
replaced. The only files that contain changes other than simple
substitution of function calls are libbb.h, libbb/herror_msg.c,
libbb/verror_msg.c and libbb/xfuncs_printf.c. In miscutils/devfsd.c,
networking/udhcp/common.h and util-linux/mdev.c additonal macros have
been added for logging so that single parameter and multiple parameter
logging variants exist.
The amount of space saved varies considerably by architecture, and was
found to be as follows (for 'defconfig' using GCC 7.4):
Arm: -92 bytes
MIPS: -52 bytes
PPC: -1836 bytes
x86_64: -938 bytes
Note that for the MIPS architecture only an exception had to be made
disabling the 'simple' calls for 'udhcp' (in networking/udhcp/common.h)
because it made these files larger on MIPS.
Signed-off-by: James Byrne <james.byrne@origamienergy.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2019-07-02 15:05:03 +05:30
|
|
|
bb_simple_error_msg_and_die("can't get current context");
|
2007-03-12 03:46:02 +05:30
|
|
|
|
|
|
|
if (compute_trans) {
|
|
|
|
security_context_t file_context, new_context;
|
|
|
|
|
|
|
|
if (getfilecon(command, &file_context) < 0)
|
2009-11-13 13:38:27 +05:30
|
|
|
bb_error_msg_and_die("can't retrieve attributes of '%s'",
|
2013-01-14 20:27:44 +05:30
|
|
|
command);
|
2007-03-12 03:46:02 +05:30
|
|
|
if (security_compute_create(cur_context, file_context,
|
2013-01-14 20:27:44 +05:30
|
|
|
SECCLASS_PROCESS, &new_context))
|
libbb: reduce the overhead of single parameter bb_error_msg() calls
Back in 2007, commit 0c97c9d43707 ("'simple' error message functions by
Loic Grenie") introduced bb_simple_perror_msg() to allow for a lower
overhead call to bb_perror_msg() when only a string was being printed
with no parameters. This saves space for some CPU architectures because
it avoids the overhead of a call to a variadic function. However there
has never been a simple version of bb_error_msg(), and since 2007 many
new calls to bb_perror_msg() have been added that only take a single
parameter and so could have been using bb_simple_perror_message().
This changeset introduces 'simple' versions of bb_info_msg(),
bb_error_msg(), bb_error_msg_and_die(), bb_herror_msg() and
bb_herror_msg_and_die(), and replaces all calls that only take a
single parameter, or use something like ("%s", arg), with calls to the
corresponding 'simple' version.
Since it is likely that single parameter calls to the variadic functions
may be accidentally reintroduced in the future a new debugging config
option WARN_SIMPLE_MSG has been introduced. This uses some macro magic
which will cause any such calls to generate a warning, but this is
turned off by default to avoid use of the unpleasant macros in normal
circumstances.
This is a large changeset due to the number of calls that have been
replaced. The only files that contain changes other than simple
substitution of function calls are libbb.h, libbb/herror_msg.c,
libbb/verror_msg.c and libbb/xfuncs_printf.c. In miscutils/devfsd.c,
networking/udhcp/common.h and util-linux/mdev.c additonal macros have
been added for logging so that single parameter and multiple parameter
logging variants exist.
The amount of space saved varies considerably by architecture, and was
found to be as follows (for 'defconfig' using GCC 7.4):
Arm: -92 bytes
MIPS: -52 bytes
PPC: -1836 bytes
x86_64: -938 bytes
Note that for the MIPS architecture only an exception had to be made
disabling the 'simple' calls for 'udhcp' (in networking/udhcp/common.h)
because it made these files larger on MIPS.
Signed-off-by: James Byrne <james.byrne@origamienergy.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2019-07-02 15:05:03 +05:30
|
|
|
bb_simple_error_msg_and_die("unable to compute a new context");
|
2007-03-12 03:46:02 +05:30
|
|
|
cur_context = new_context;
|
|
|
|
}
|
|
|
|
|
|
|
|
con = context_new(cur_context);
|
|
|
|
if (!con)
|
|
|
|
bb_error_msg_and_die("'%s' is not a valid context", cur_context);
|
|
|
|
if (user && context_user_set(con, user))
|
2010-03-23 20:55:17 +05:30
|
|
|
bb_error_msg_and_die("can't set new user '%s'", user);
|
2007-03-12 03:46:02 +05:30
|
|
|
if (type && context_type_set(con, type))
|
2010-03-23 20:55:17 +05:30
|
|
|
bb_error_msg_and_die("can't set new type '%s'", type);
|
2007-03-12 03:46:02 +05:30
|
|
|
if (range && context_range_set(con, range))
|
2010-03-23 20:55:17 +05:30
|
|
|
bb_error_msg_and_die("can't set new range '%s'", range);
|
2007-03-12 03:46:02 +05:30
|
|
|
if (role && context_role_set(con, role))
|
2010-03-23 20:55:17 +05:30
|
|
|
bb_error_msg_and_die("can't set new role '%s'", role);
|
2007-03-12 03:46:02 +05:30
|
|
|
|
|
|
|
return con;
|
|
|
|
}
|
|
|
|
|
getopt32: remove applet_long_options
FEATURE_GETOPT_LONG made dependent on LONG_OPTS.
The folloving options are removed, now LONG_OPTS enables long options
for affected applets:
FEATURE_ENV_LONG_OPTIONS FEATURE_EXPAND_LONG_OPTIONS
FEATURE_UNEXPAND_LONG_OPTIONS FEATURE_MKDIR_LONG_OPTIONS
FEATURE_MV_LONG_OPTIONS FEATURE_RMDIR_LONG_OPTIONS
FEATURE_ADDGROUP_LONG_OPTIONS FEATURE_ADDUSER_LONG_OPTIONS
FEATURE_HWCLOCK_LONG_OPTIONS FEATURE_NSENTER_LONG_OPTS
FEATURE_CHCON_LONG_OPTIONS FEATURE_RUNCON_LONG_OPTIONS
They either had a small number of long options, or their long options are
essential.
Example: upstream addgroup and adduser have ONLY longopts,
we should probably go further and get rid
of non-standard short options.
To this end, make addgroup and adduser "select LONG_OPTS".
We had this breakage caused by us even in our own package!
#if ENABLE_LONG_OPTS || !ENABLE_ADDGROUP
/* We try to use --gid, not -g, because "standard" addgroup
* has no short option -g, it has only long --gid.
*/
argv[1] = (char*)"--gid";
#else
/* Breaks if system in fact does NOT use busybox addgroup */
argv[1] = (char*)"-g";
#endif
xargs: its lone longopt no longer depends on DESKTOP, only on LONG_OPTS.
hwclock TODO: get rid of incompatible -t, -l aliases to --systz, --localtime
Shorten help texts by omitting long option when short opt alternative exists.
Reduction of size comes from the fact that store of an immediate
(an address of longopts) to a fixed address (global variable)
is a longer insn than pushing that immediate or passing it in a register.
This effect is CPU-agnostic.
function old new delta
getopt32 1350 22 -1328
vgetopt32 - 1318 +1318
getopt32long - 24 +24
tftpd_main 562 567 +5
scan_recursive 376 380 +4
collect_cpu 545 546 +1
date_main 1096 1095 -1
hostname_main 262 259 -3
uname_main 259 255 -4
setpriv_main 362 358 -4
rmdir_main 191 187 -4
mv_main 562 558 -4
ipcalc_main 548 544 -4
ifenslave_main 641 637 -4
gzip_main 192 188 -4
gunzip_main 77 73 -4
fsfreeze_main 81 77 -4
flock_main 318 314 -4
deluser_main 337 333 -4
cp_main 374 370 -4
chown_main 175 171 -4
applet_long_options 4 - -4
xargs_main 894 889 -5
wget_main 2540 2535 -5
udhcpc_main 2767 2762 -5
touch_main 436 431 -5
tar_main 1014 1009 -5
start_stop_daemon_main 1033 1028 -5
sed_main 682 677 -5
script_main 1082 1077 -5
run_parts_main 330 325 -5
rtcwake_main 459 454 -5
od_main 2169 2164 -5
nl_main 201 196 -5
modprobe_main 773 768 -5
mkdir_main 160 155 -5
ls_main 568 563 -5
install_main 773 768 -5
hwclock_main 411 406 -5
getopt_main 622 617 -5
fstrim_main 256 251 -5
env_main 198 193 -5
dumpleases_main 635 630 -5
dpkg_main 3991 3986 -5
diff_main 1355 1350 -5
cryptpw_main 233 228 -5
cpio_main 593 588 -5
conspy_main 1135 1130 -5
chpasswd_main 313 308 -5
adduser_main 887 882 -5
addgroup_main 416 411 -5
ftpgetput_main 351 345 -6
get_terminal_width_height 242 234 -8
expand_main 690 680 -10
static.expand_longopts 18 - -18
static.unexpand_longopts 27 - -27
mkdir_longopts 28 - -28
env_longopts 30 - -30
static.ifenslave_longopts 34 - -34
mv_longopts 46 - -46
static.rmdir_longopts 48 - -48
packed_usage 31739 31687 -52
------------------------------------------------------------------------------
(add/remove: 2/8 grow/shrink: 3/49 up/down: 1352/-1840) Total: -488 bytes
text data bss dec hex filename
915681 485 6880 923046 e15a6 busybox_old
915428 485 6876 922789 e14a5 busybox_unstripped
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-08 20:08:18 +05:30
|
|
|
#if ENABLE_LONG_OPTS
|
2007-08-13 02:28:27 +05:30
|
|
|
static const char runcon_longopts[] ALIGN1 =
|
2007-07-23 22:44:14 +05:30
|
|
|
"user\0" Required_argument "u"
|
|
|
|
"role\0" Required_argument "r"
|
|
|
|
"type\0" Required_argument "t"
|
|
|
|
"range\0" Required_argument "l"
|
|
|
|
"compute\0" No_argument "c"
|
2007-08-13 16:39:30 +05:30
|
|
|
"help\0" No_argument "h"
|
2007-07-24 21:24:42 +05:30
|
|
|
;
|
2007-03-12 03:46:02 +05:30
|
|
|
#endif
|
|
|
|
|
|
|
|
#define OPTS_ROLE (1<<0) /* r */
|
|
|
|
#define OPTS_TYPE (1<<1) /* t */
|
|
|
|
#define OPTS_USER (1<<2) /* u */
|
|
|
|
#define OPTS_RANGE (1<<3) /* l */
|
|
|
|
#define OPTS_COMPUTE (1<<4) /* c */
|
|
|
|
#define OPTS_HELP (1<<5) /* h */
|
|
|
|
#define OPTS_CONTEXT_COMPONENT (OPTS_ROLE | OPTS_TYPE | OPTS_USER | OPTS_RANGE)
|
|
|
|
|
2007-10-11 15:35:36 +05:30
|
|
|
int runcon_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
|
2008-07-05 14:48:54 +05:30
|
|
|
int runcon_main(int argc UNUSED_PARAM, char **argv)
|
2007-03-12 03:46:02 +05:30
|
|
|
{
|
|
|
|
char *role = NULL;
|
|
|
|
char *range = NULL;
|
|
|
|
char *user = NULL;
|
|
|
|
char *type = NULL;
|
|
|
|
char *context = NULL;
|
|
|
|
unsigned opts;
|
|
|
|
context_t con;
|
|
|
|
|
|
|
|
selinux_or_die();
|
|
|
|
|
2017-08-09 01:25:02 +05:30
|
|
|
opts = getopt32long(argv, "^"
|
|
|
|
"r:t:u:l:ch"
|
|
|
|
"\0" "-1",
|
|
|
|
runcon_longopts,
|
|
|
|
&role, &type, &user, &range
|
|
|
|
);
|
2007-03-12 03:46:02 +05:30
|
|
|
argv += optind;
|
|
|
|
|
|
|
|
if (!(opts & OPTS_CONTEXT_COMPONENT)) {
|
|
|
|
context = *argv++;
|
|
|
|
if (!argv[0])
|
libbb: reduce the overhead of single parameter bb_error_msg() calls
Back in 2007, commit 0c97c9d43707 ("'simple' error message functions by
Loic Grenie") introduced bb_simple_perror_msg() to allow for a lower
overhead call to bb_perror_msg() when only a string was being printed
with no parameters. This saves space for some CPU architectures because
it avoids the overhead of a call to a variadic function. However there
has never been a simple version of bb_error_msg(), and since 2007 many
new calls to bb_perror_msg() have been added that only take a single
parameter and so could have been using bb_simple_perror_message().
This changeset introduces 'simple' versions of bb_info_msg(),
bb_error_msg(), bb_error_msg_and_die(), bb_herror_msg() and
bb_herror_msg_and_die(), and replaces all calls that only take a
single parameter, or use something like ("%s", arg), with calls to the
corresponding 'simple' version.
Since it is likely that single parameter calls to the variadic functions
may be accidentally reintroduced in the future a new debugging config
option WARN_SIMPLE_MSG has been introduced. This uses some macro magic
which will cause any such calls to generate a warning, but this is
turned off by default to avoid use of the unpleasant macros in normal
circumstances.
This is a large changeset due to the number of calls that have been
replaced. The only files that contain changes other than simple
substitution of function calls are libbb.h, libbb/herror_msg.c,
libbb/verror_msg.c and libbb/xfuncs_printf.c. In miscutils/devfsd.c,
networking/udhcp/common.h and util-linux/mdev.c additonal macros have
been added for logging so that single parameter and multiple parameter
logging variants exist.
The amount of space saved varies considerably by architecture, and was
found to be as follows (for 'defconfig' using GCC 7.4):
Arm: -92 bytes
MIPS: -52 bytes
PPC: -1836 bytes
x86_64: -938 bytes
Note that for the MIPS architecture only an exception had to be made
disabling the 'simple' calls for 'udhcp' (in networking/udhcp/common.h)
because it made these files larger on MIPS.
Signed-off-by: James Byrne <james.byrne@origamienergy.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2019-07-02 15:05:03 +05:30
|
|
|
bb_simple_error_msg_and_die("no command given");
|
2007-03-12 03:46:02 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
if (context) {
|
|
|
|
con = context_new(context);
|
|
|
|
if (!con)
|
|
|
|
bb_error_msg_and_die("'%s' is not a valid context", context);
|
|
|
|
} else {
|
|
|
|
con = runcon_compute_new_context(user, role, type, range,
|
|
|
|
argv[0], opts & OPTS_COMPUTE);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (security_check_context(context_str(con)))
|
|
|
|
bb_error_msg_and_die("'%s' is not a valid context",
|
2013-01-14 20:27:44 +05:30
|
|
|
context_str(con));
|
2007-03-12 03:46:02 +05:30
|
|
|
|
|
|
|
if (setexeccon(context_str(con)))
|
2009-04-22 02:10:51 +05:30
|
|
|
bb_error_msg_and_die("can't set up security context '%s'",
|
2013-01-14 20:27:44 +05:30
|
|
|
context_str(con));
|
2007-03-12 03:46:02 +05:30
|
|
|
|
2010-11-28 09:04:09 +05:30
|
|
|
BB_EXECVP_or_die(argv);
|
2007-03-12 03:46:02 +05:30
|
|
|
}
|