1 |
--- net-tools-1.60/Makefile~ 2005-12-24 06:56:57.000000000 -0500 |
2 |
+++ net-tools-1.60/Makefile 2005-12-29 16:54:06.000000000 -0500 |
3 |
@@ -113,6 +113,12 @@ |
4 |
|
5 |
NET_LIB = $(NET_LIB_PATH)/lib$(NET_LIB_NAME).a |
6 |
|
7 |
+ifeq ($(HAVE_SELINUX),1) |
8 |
+LDFLAGS += -lselinux |
9 |
+CFLAGS += -DHAVE_SELINUX |
10 |
+else |
11 |
+endif |
12 |
+ |
13 |
CFLAGS += $(COPTS) -I. -idirafter ./include/ -I$(NET_LIB_PATH) |
14 |
LDFLAGS += $(LOPTS) -L$(NET_LIB_PATH) |
15 |
|
16 |
--- net-tools-1.60/netstat.c~ 2005-12-24 06:56:57.000000000 -0500 |
17 |
+++ net-tools-1.60/netstat.c 2005-12-29 16:54:07.000000000 -0500 |
18 |
@@ -86,6 +86,11 @@ |
19 |
#include <net/if.h> |
20 |
#include <dirent.h> |
21 |
|
22 |
+#if HAVE_SELINUX |
23 |
+#include <selinux/selinux.h> |
24 |
+#else |
25 |
+#define security_context_t char* |
26 |
+#endif |
27 |
#include "net-support.h" |
28 |
#include "pathnames.h" |
29 |
#include "version.h" |
30 |
@@ -96,6 +101,7 @@ |
31 |
#include "util.h" |
32 |
|
33 |
#define PROGNAME_WIDTH 20 |
34 |
+#define SELINUX_WIDTH 50 |
35 |
|
36 |
#if !defined(s6_addr32) && defined(in6a_words) |
37 |
#define s6_addr32 in6a_words /* libinet6 */ |
38 |
@@ -150,6 +156,7 @@ |
39 |
int flag_prg = 0; |
40 |
int flag_arg = 0; |
41 |
int flag_ver = 0; |
42 |
+int flag_selinux = 0; |
43 |
|
44 |
FILE *procinfo; |
45 |
|
46 |
@@ -213,12 +220,17 @@ |
47 |
#define PROGNAME_WIDTH1(s) PROGNAME_WIDTH2(s) |
48 |
#define PROGNAME_WIDTH2(s) #s |
49 |
|
50 |
+#define SELINUX_WIDTHs SELINUX_WIDTH1(SELINUX_WIDTH) |
51 |
+#define SELINUX_WIDTH1(s) SELINUX_WIDTH2(s) |
52 |
+#define SELINUX_WIDTH2(s) #s |
53 |
+ |
54 |
#define PRG_HASH_SIZE 211 |
55 |
|
56 |
static struct prg_node { |
57 |
struct prg_node *next; |
58 |
int inode; |
59 |
char name[PROGNAME_WIDTH]; |
60 |
+ char scon[SELINUX_WIDTH]; |
61 |
} *prg_hash[PRG_HASH_SIZE]; |
62 |
|
63 |
static char prg_cache_loaded = 0; |
64 |
@@ -226,9 +238,12 @@ |
65 |
#define PRG_HASHIT(x) ((x) % PRG_HASH_SIZE) |
66 |
|
67 |
#define PROGNAME_BANNER "PID/Program name" |
68 |
+#define SELINUX_BANNER "Security Context" |
69 |
|
70 |
#define print_progname_banner() do { if (flag_prg) printf("%-" PROGNAME_WIDTHs "s"," " PROGNAME_BANNER); } while (0) |
71 |
|
72 |
+#define print_selinux_banner() do { if (flag_selinux) printf("%-" SELINUX_WIDTHs "s"," " SELINUX_BANNER); } while (0) |
73 |
+ |
74 |
#define PRG_LOCAL_ADDRESS "local_address" |
75 |
#define PRG_INODE "inode" |
76 |
#define PRG_SOCKET_PFX "socket:[" |
77 |
@@ -250,7 +265,7 @@ |
78 |
/* NOT working as of glibc-2.0.7: */ |
79 |
#undef DIRENT_HAVE_D_TYPE_WORKS |
80 |
|
81 |
-static void prg_cache_add(int inode, char *name) |
82 |
+static void prg_cache_add(int inode, char *name, char *scon) |
83 |
{ |
84 |
unsigned hi = PRG_HASHIT(inode); |
85 |
struct prg_node **pnp,*pn; |
86 |
@@ -271,6 +286,14 @@ |
87 |
if (strlen(name)>sizeof(pn->name)-1) |
88 |
name[sizeof(pn->name)-1]='\0'; |
89 |
strcpy(pn->name,name); |
90 |
+ |
91 |
+ { |
92 |
+ int len=(strlen(scon)-sizeof(pn->scon))+1; |
93 |
+ if (len > 0) |
94 |
+ strcpy(pn->scon,&scon[len+1]); |
95 |
+ else |
96 |
+ strcpy(pn->scon,scon); |
97 |
+ } |
98 |
} |
99 |
|
100 |
static const char *prg_cache_get(unsigned long inode) |
101 |
@@ -283,6 +306,16 @@ |
102 |
return("-"); |
103 |
} |
104 |
|
105 |
+static const char *prg_cache_get_con(unsigned long inode) |
106 |
+{ |
107 |
+ unsigned hi=PRG_HASHIT(inode); |
108 |
+ struct prg_node *pn; |
109 |
+ |
110 |
+ for (pn=prg_hash[hi];pn;pn=pn->next) |
111 |
+ if (pn->inode==inode) return(pn->scon); |
112 |
+ return("-"); |
113 |
+} |
114 |
+ |
115 |
static void prg_cache_clear(void) |
116 |
{ |
117 |
struct prg_node **pnp,*pn; |
118 |
@@ -348,6 +381,7 @@ |
119 |
const char *cs,*cmdlp; |
120 |
DIR *dirproc=NULL,*dirfd=NULL; |
121 |
struct dirent *direproc,*direfd; |
122 |
+ security_context_t scon=NULL; |
123 |
|
124 |
if (prg_cache_loaded || !flag_prg) return; |
125 |
prg_cache_loaded=1; |
126 |
@@ -415,7 +449,15 @@ |
127 |
} |
128 |
|
129 |
snprintf(finbuf, sizeof(finbuf), "%s/%s", direproc->d_name, cmdlp); |
130 |
- prg_cache_add(inode, finbuf); |
131 |
+#if HAVE_SELINUX |
132 |
+ if (getpidcon(atoi(direproc->d_name), &scon) == -1) { |
133 |
+ scon=strdup("-"); |
134 |
+ } |
135 |
+ prg_cache_add(inode, finbuf, scon); |
136 |
+ freecon(scon); |
137 |
+#else |
138 |
+ prg_cache_add(inode, finbuf, "-"); |
139 |
+#endif |
140 |
} |
141 |
closedir(dirfd); |
142 |
dirfd = NULL; |
143 |
@@ -1385,6 +1428,8 @@ |
144 |
printf("- "); |
145 |
if (flag_prg) |
146 |
printf("%-" PROGNAME_WIDTHs "s",(has & HAS_INODE?prg_cache_get(inode):"-")); |
147 |
+ if (flag_selinux) |
148 |
+ printf("%-" SELINUX_WIDTHs "s",(has & HAS_INODE?prg_cache_get_con(inode):"-")); |
149 |
puts(path); |
150 |
} |
151 |
|
152 |
@@ -1403,6 +1448,7 @@ |
153 |
|
154 |
printf(_("\nProto RefCnt Flags Type State I-Node")); |
155 |
print_progname_banner(); |
156 |
+ print_selinux_banner(); |
157 |
printf(_(" Path\n")); /* xxx */ |
158 |
|
159 |
{ |
160 |
@@ -1682,6 +1728,7 @@ |
161 |
fprintf(stderr, _(" -o, --timers display timers\n")); |
162 |
fprintf(stderr, _(" -F, --fib display Forwarding Information Base (default)\n")); |
163 |
fprintf(stderr, _(" -C, --cache display routing cache instead of FIB\n\n")); |
164 |
+ fprintf(stderr, _(" -Z, --context display SELinux security context for sockets\n\n")); |
165 |
|
166 |
fprintf(stderr, _(" <Iface>: Name of interface to monitor/list.\n")); |
167 |
fprintf(stderr, _(" <Socket>={-t|--tcp} {-u|--udp} {-w|--raw} {-x|--unix} --ax25 --ipx --netrom\n")); |
168 |
@@ -1729,6 +1776,7 @@ |
169 |
{"cache", 0, 0, 'C'}, |
170 |
{"fib", 0, 0, 'F'}, |
171 |
{"groups", 0, 0, 'g'}, |
172 |
+ {"context", 0, 0, 'Z'}, |
173 |
{NULL, 0, 0, 0} |
174 |
}; |
175 |
|
176 |
@@ -1741,7 +1789,7 @@ |
177 |
|
178 |
afname[0] = '\0'; |
179 |
|
180 |
- while ((i = getopt_long(argc, argv, "MCFA:acdegphiI::nNorstuVv?wxl", longopts, &lop)) != EOF) |
181 |
+ while ((i = getopt_long(argc, argv, "MCFA:acdegphiI::nNorstuVv?wxlZ", longopts, &lop)) != EOF) |
182 |
switch (i) { |
183 |
case -1: |
184 |
break; |
185 |
@@ -1838,6 +1886,20 @@ |
186 |
if (aftrans_opt("unix")) |
187 |
exit(1); |
188 |
break; |
189 |
+ case 'Z': |
190 |
+#if HAVE_SELINUX |
191 |
+ if (is_selinux_enabled() <= 0) { |
192 |
+ fprintf(stderr, _("SELinux is not enabled on this machine.\n")); |
193 |
+ exit(1); |
194 |
+ } |
195 |
+ flag_prg++; |
196 |
+ flag_selinux++; |
197 |
+#else |
198 |
+ fprintf(stderr, _("SELinux is not enabled for this application.\n")); |
199 |
+ exit(1); |
200 |
+#endif |
201 |
+ |
202 |
+ break; |
203 |
case '?': |
204 |
case 'h': |
205 |
usage(); |
206 |
--- net-tools-1.60/netstat.c.sel 2007-05-21 14:02:08.000000000 -0400 |
207 |
+++ net-tools-1.60/netstat.c 2007-05-21 14:03:23.000000000 -0400 |
208 |
@@ -769,6 +769,9 @@ static void finish_this_one(int uid, uns |
209 |
} |
210 |
if (flag_prg) |
211 |
printf("%-" PROGNAME_WIDTHs "s",prg_cache_get(inode)); |
212 |
+ if (flag_selinux) |
213 |
+ printf("%-" SELINUX_WIDTHs "s",prg_cache_get_con(inode)); |
214 |
+ |
215 |
if (flag_opt) |
216 |
printf("%s", timers); |
217 |
putchar('\n'); |
218 |
@@ -2420,6 +2423,7 @@ int main |
219 |
if (flag_exp > 1) |
220 |
printf(_(" User Inode ")); |
221 |
print_progname_banner(); |
222 |
+ print_selinux_banner(); |
223 |
if (flag_opt) |
224 |
printf(_(" Timer")); /* xxx */ |
225 |
printf("\n"); |