| 1 |
--- net-tools-1.60/Makefile~ 2005-12-24 06:56:57.000000000 -0500 |
| 2 |
+++ net-tools-1.60/Makefile 2005-12-29 16:54:06.000000000 -0500 |
| 3 |
@@ -113,6 +113,12 @@ |
| 4 |
|
| 5 |
NET_LIB = $(NET_LIB_PATH)/lib$(NET_LIB_NAME).a |
| 6 |
|
| 7 |
+ifeq ($(HAVE_SELINUX),1) |
| 8 |
+LDFLAGS += -lselinux |
| 9 |
+CFLAGS += -DHAVE_SELINUX |
| 10 |
+else |
| 11 |
+endif |
| 12 |
+ |
| 13 |
CFLAGS += $(COPTS) -I. -idirafter ./include/ -I$(NET_LIB_PATH) |
| 14 |
LDFLAGS += $(LOPTS) -L$(NET_LIB_PATH) |
| 15 |
|
| 16 |
--- net-tools-1.60/netstat.c~ 2005-12-24 06:56:57.000000000 -0500 |
| 17 |
+++ net-tools-1.60/netstat.c 2005-12-29 16:54:07.000000000 -0500 |
| 18 |
@@ -86,6 +86,11 @@ |
| 19 |
#include <net/if.h> |
| 20 |
#include <dirent.h> |
| 21 |
|
| 22 |
+#if HAVE_SELINUX |
| 23 |
+#include <selinux/selinux.h> |
| 24 |
+#else |
| 25 |
+#define security_context_t char* |
| 26 |
+#endif |
| 27 |
#include "net-support.h" |
| 28 |
#include "pathnames.h" |
| 29 |
#include "version.h" |
| 30 |
@@ -96,6 +101,7 @@ |
| 31 |
#include "util.h" |
| 32 |
|
| 33 |
#define PROGNAME_WIDTH 20 |
| 34 |
+#define SELINUX_WIDTH 50 |
| 35 |
|
| 36 |
#if !defined(s6_addr32) && defined(in6a_words) |
| 37 |
#define s6_addr32 in6a_words /* libinet6 */ |
| 38 |
@@ -150,6 +156,7 @@ |
| 39 |
int flag_prg = 0; |
| 40 |
int flag_arg = 0; |
| 41 |
int flag_ver = 0; |
| 42 |
+int flag_selinux = 0; |
| 43 |
|
| 44 |
FILE *procinfo; |
| 45 |
|
| 46 |
@@ -213,12 +220,17 @@ |
| 47 |
#define PROGNAME_WIDTH1(s) PROGNAME_WIDTH2(s) |
| 48 |
#define PROGNAME_WIDTH2(s) #s |
| 49 |
|
| 50 |
+#define SELINUX_WIDTHs SELINUX_WIDTH1(SELINUX_WIDTH) |
| 51 |
+#define SELINUX_WIDTH1(s) SELINUX_WIDTH2(s) |
| 52 |
+#define SELINUX_WIDTH2(s) #s |
| 53 |
+ |
| 54 |
#define PRG_HASH_SIZE 211 |
| 55 |
|
| 56 |
static struct prg_node { |
| 57 |
struct prg_node *next; |
| 58 |
int inode; |
| 59 |
char name[PROGNAME_WIDTH]; |
| 60 |
+ char scon[SELINUX_WIDTH]; |
| 61 |
} *prg_hash[PRG_HASH_SIZE]; |
| 62 |
|
| 63 |
static char prg_cache_loaded = 0; |
| 64 |
@@ -226,9 +238,12 @@ |
| 65 |
#define PRG_HASHIT(x) ((x) % PRG_HASH_SIZE) |
| 66 |
|
| 67 |
#define PROGNAME_BANNER "PID/Program name" |
| 68 |
+#define SELINUX_BANNER "Security Context" |
| 69 |
|
| 70 |
#define print_progname_banner() do { if (flag_prg) printf("%-" PROGNAME_WIDTHs "s"," " PROGNAME_BANNER); } while (0) |
| 71 |
|
| 72 |
+#define print_selinux_banner() do { if (flag_selinux) printf("%-" SELINUX_WIDTHs "s"," " SELINUX_BANNER); } while (0) |
| 73 |
+ |
| 74 |
#define PRG_LOCAL_ADDRESS "local_address" |
| 75 |
#define PRG_INODE "inode" |
| 76 |
#define PRG_SOCKET_PFX "socket:[" |
| 77 |
@@ -250,7 +265,7 @@ |
| 78 |
/* NOT working as of glibc-2.0.7: */ |
| 79 |
#undef DIRENT_HAVE_D_TYPE_WORKS |
| 80 |
|
| 81 |
-static void prg_cache_add(int inode, char *name) |
| 82 |
+static void prg_cache_add(int inode, char *name, char *scon) |
| 83 |
{ |
| 84 |
unsigned hi = PRG_HASHIT(inode); |
| 85 |
struct prg_node **pnp,*pn; |
| 86 |
@@ -271,6 +286,14 @@ |
| 87 |
if (strlen(name)>sizeof(pn->name)-1) |
| 88 |
name[sizeof(pn->name)-1]='\0'; |
| 89 |
strcpy(pn->name,name); |
| 90 |
+ |
| 91 |
+ { |
| 92 |
+ int len=(strlen(scon)-sizeof(pn->scon))+1; |
| 93 |
+ if (len > 0) |
| 94 |
+ strcpy(pn->scon,&scon[len+1]); |
| 95 |
+ else |
| 96 |
+ strcpy(pn->scon,scon); |
| 97 |
+ } |
| 98 |
} |
| 99 |
|
| 100 |
static const char *prg_cache_get(unsigned long inode) |
| 101 |
@@ -283,6 +306,16 @@ |
| 102 |
return("-"); |
| 103 |
} |
| 104 |
|
| 105 |
+static const char *prg_cache_get_con(unsigned long inode) |
| 106 |
+{ |
| 107 |
+ unsigned hi=PRG_HASHIT(inode); |
| 108 |
+ struct prg_node *pn; |
| 109 |
+ |
| 110 |
+ for (pn=prg_hash[hi];pn;pn=pn->next) |
| 111 |
+ if (pn->inode==inode) return(pn->scon); |
| 112 |
+ return("-"); |
| 113 |
+} |
| 114 |
+ |
| 115 |
static void prg_cache_clear(void) |
| 116 |
{ |
| 117 |
struct prg_node **pnp,*pn; |
| 118 |
@@ -348,6 +381,7 @@ |
| 119 |
const char *cs,*cmdlp; |
| 120 |
DIR *dirproc=NULL,*dirfd=NULL; |
| 121 |
struct dirent *direproc,*direfd; |
| 122 |
+ security_context_t scon=NULL; |
| 123 |
|
| 124 |
if (prg_cache_loaded || !flag_prg) return; |
| 125 |
prg_cache_loaded=1; |
| 126 |
@@ -415,7 +449,15 @@ |
| 127 |
} |
| 128 |
|
| 129 |
snprintf(finbuf, sizeof(finbuf), "%s/%s", direproc->d_name, cmdlp); |
| 130 |
- prg_cache_add(inode, finbuf); |
| 131 |
+#if HAVE_SELINUX |
| 132 |
+ if (getpidcon(atoi(direproc->d_name), &scon) == -1) { |
| 133 |
+ scon=strdup("-"); |
| 134 |
+ } |
| 135 |
+ prg_cache_add(inode, finbuf, scon); |
| 136 |
+ freecon(scon); |
| 137 |
+#else |
| 138 |
+ prg_cache_add(inode, finbuf, "-"); |
| 139 |
+#endif |
| 140 |
} |
| 141 |
closedir(dirfd); |
| 142 |
dirfd = NULL; |
| 143 |
@@ -1385,6 +1428,8 @@ |
| 144 |
printf("- "); |
| 145 |
if (flag_prg) |
| 146 |
printf("%-" PROGNAME_WIDTHs "s",(has & HAS_INODE?prg_cache_get(inode):"-")); |
| 147 |
+ if (flag_selinux) |
| 148 |
+ printf("%-" SELINUX_WIDTHs "s",(has & HAS_INODE?prg_cache_get_con(inode):"-")); |
| 149 |
puts(path); |
| 150 |
} |
| 151 |
|
| 152 |
@@ -1403,6 +1448,7 @@ |
| 153 |
|
| 154 |
printf(_("\nProto RefCnt Flags Type State I-Node")); |
| 155 |
print_progname_banner(); |
| 156 |
+ print_selinux_banner(); |
| 157 |
printf(_(" Path\n")); /* xxx */ |
| 158 |
|
| 159 |
{ |
| 160 |
@@ -1682,6 +1728,7 @@ |
| 161 |
fprintf(stderr, _(" -o, --timers display timers\n")); |
| 162 |
fprintf(stderr, _(" -F, --fib display Forwarding Information Base (default)\n")); |
| 163 |
fprintf(stderr, _(" -C, --cache display routing cache instead of FIB\n\n")); |
| 164 |
+ fprintf(stderr, _(" -Z, --context display SELinux security context for sockets\n\n")); |
| 165 |
|
| 166 |
fprintf(stderr, _(" <Iface>: Name of interface to monitor/list.\n")); |
| 167 |
fprintf(stderr, _(" <Socket>={-t|--tcp} {-u|--udp} {-w|--raw} {-x|--unix} --ax25 --ipx --netrom\n")); |
| 168 |
@@ -1729,6 +1776,7 @@ |
| 169 |
{"cache", 0, 0, 'C'}, |
| 170 |
{"fib", 0, 0, 'F'}, |
| 171 |
{"groups", 0, 0, 'g'}, |
| 172 |
+ {"context", 0, 0, 'Z'}, |
| 173 |
{NULL, 0, 0, 0} |
| 174 |
}; |
| 175 |
|
| 176 |
@@ -1741,7 +1789,7 @@ |
| 177 |
|
| 178 |
afname[0] = '\0'; |
| 179 |
|
| 180 |
- while ((i = getopt_long(argc, argv, "MCFA:acdegphiI::nNorstuVv?wxl", longopts, &lop)) != EOF) |
| 181 |
+ while ((i = getopt_long(argc, argv, "MCFA:acdegphiI::nNorstuVv?wxlZ", longopts, &lop)) != EOF) |
| 182 |
switch (i) { |
| 183 |
case -1: |
| 184 |
break; |
| 185 |
@@ -1838,6 +1886,20 @@ |
| 186 |
if (aftrans_opt("unix")) |
| 187 |
exit(1); |
| 188 |
break; |
| 189 |
+ case 'Z': |
| 190 |
+#if HAVE_SELINUX |
| 191 |
+ if (is_selinux_enabled() <= 0) { |
| 192 |
+ fprintf(stderr, _("SELinux is not enabled on this machine.\n")); |
| 193 |
+ exit(1); |
| 194 |
+ } |
| 195 |
+ flag_prg++; |
| 196 |
+ flag_selinux++; |
| 197 |
+#else |
| 198 |
+ fprintf(stderr, _("SELinux is not enabled for this application.\n")); |
| 199 |
+ exit(1); |
| 200 |
+#endif |
| 201 |
+ |
| 202 |
+ break; |
| 203 |
case '?': |
| 204 |
case 'h': |
| 205 |
usage(); |
| 206 |
--- net-tools-1.60/netstat.c.sel 2007-05-21 14:02:08.000000000 -0400 |
| 207 |
+++ net-tools-1.60/netstat.c 2007-05-21 14:03:23.000000000 -0400 |
| 208 |
@@ -769,6 +769,9 @@ static void finish_this_one(int uid, uns |
| 209 |
} |
| 210 |
if (flag_prg) |
| 211 |
printf("%-" PROGNAME_WIDTHs "s",prg_cache_get(inode)); |
| 212 |
+ if (flag_selinux) |
| 213 |
+ printf("%-" SELINUX_WIDTHs "s",prg_cache_get_con(inode)); |
| 214 |
+ |
| 215 |
if (flag_opt) |
| 216 |
printf("%s", timers); |
| 217 |
putchar('\n'); |
| 218 |
@@ -2420,6 +2423,7 @@ int main |
| 219 |
if (flag_exp > 1) |
| 220 |
printf(_(" User Inode ")); |
| 221 |
print_progname_banner(); |
| 222 |
+ print_selinux_banner(); |
| 223 |
if (flag_opt) |
| 224 |
printf(_(" Timer")); /* xxx */ |
| 225 |
printf("\n"); |
Parent Directory
| 
Revision Log