|
 |
0c92807 |
--- net-tools-1.60/Makefile~ 2005-12-24 06:56:57.000000000 -0500
|
|
|
0c92807 |
+++ net-tools-1.60/Makefile 2005-12-29 16:54:06.000000000 -0500
|
|
|
0c92807 |
@@ -113,6 +113,12 @@
|
|
|
0c92807 |
|
|
|
0c92807 |
NET_LIB = $(NET_LIB_PATH)/lib$(NET_LIB_NAME).a
|
|
|
0c92807 |
|
|
|
0c92807 |
+ifeq ($(HAVE_SELINUX),1)
|
|
|
0c92807 |
+LDFLAGS += -lselinux
|
|
|
0c92807 |
+CFLAGS += -DHAVE_SELINUX
|
|
|
0c92807 |
+else
|
|
|
0c92807 |
+endif
|
|
|
0c92807 |
+
|
|
|
0c92807 |
CFLAGS += $(COPTS) -I. -idirafter ./include/ -I$(NET_LIB_PATH)
|
|
|
0c92807 |
LDFLAGS += $(LOPTS) -L$(NET_LIB_PATH)
|
|
|
0c92807 |
|
|
|
0c92807 |
--- net-tools-1.60/netstat.c~ 2005-12-24 06:56:57.000000000 -0500
|
|
|
0c92807 |
+++ net-tools-1.60/netstat.c 2005-12-29 16:54:07.000000000 -0500
|
|
|
0c92807 |
@@ -86,6 +86,11 @@
|
|
|
0c92807 |
#include <net/if.h>
|
|
|
0c92807 |
#include <dirent.h>
|
|
|
0c92807 |
|
|
|
0c92807 |
+#if HAVE_SELINUX
|
|
|
0c92807 |
+#include <selinux/selinux.h>
|
|
|
0c92807 |
+#else
|
|
|
0c92807 |
+#define security_context_t char*
|
|
|
0c92807 |
+#endif
|
|
|
0c92807 |
#include "net-support.h"
|
|
|
0c92807 |
#include "pathnames.h"
|
|
|
0c92807 |
#include "version.h"
|
|
|
0c92807 |
@@ -96,6 +101,7 @@
|
|
|
0c92807 |
#include "util.h"
|
|
|
0c92807 |
|
|
|
0c92807 |
#define PROGNAME_WIDTH 20
|
|
|
0c92807 |
+#define SELINUX_WIDTH 50
|
|
|
0c92807 |
|
|
|
0c92807 |
#if !defined(s6_addr32) && defined(in6a_words)
|
|
|
0c92807 |
#define s6_addr32 in6a_words /* libinet6 */
|
|
|
0c92807 |
@@ -150,6 +156,7 @@
|
|
|
0c92807 |
int flag_prg = 0;
|
|
|
0c92807 |
int flag_arg = 0;
|
|
|
0c92807 |
int flag_ver = 0;
|
|
|
0c92807 |
+int flag_selinux = 0;
|
|
|
0c92807 |
|
|
|
0c92807 |
FILE *procinfo;
|
|
|
0c92807 |
|
|
|
0c92807 |
@@ -213,12 +220,17 @@
|
|
|
0c92807 |
#define PROGNAME_WIDTH1(s) PROGNAME_WIDTH2(s)
|
|
|
0c92807 |
#define PROGNAME_WIDTH2(s) #s
|
|
|
0c92807 |
|
|
|
0c92807 |
+#define SELINUX_WIDTHs SELINUX_WIDTH1(SELINUX_WIDTH)
|
|
|
0c92807 |
+#define SELINUX_WIDTH1(s) SELINUX_WIDTH2(s)
|
|
|
0c92807 |
+#define SELINUX_WIDTH2(s) #s
|
|
|
0c92807 |
+
|
|
|
0c92807 |
#define PRG_HASH_SIZE 211
|
|
|
0c92807 |
|
|
|
0c92807 |
static struct prg_node {
|
|
|
0c92807 |
struct prg_node *next;
|
|
|
0c92807 |
int inode;
|
|
|
0c92807 |
char name[PROGNAME_WIDTH];
|
|
|
0c92807 |
+ char scon[SELINUX_WIDTH];
|
|
|
0c92807 |
} *prg_hash[PRG_HASH_SIZE];
|
|
|
0c92807 |
|
|
|
0c92807 |
static char prg_cache_loaded = 0;
|
|
|
0c92807 |
@@ -226,9 +238,12 @@
|
|
|
0c92807 |
#define PRG_HASHIT(x) ((x) % PRG_HASH_SIZE)
|
|
|
0c92807 |
|
|
|
0c92807 |
#define PROGNAME_BANNER "PID/Program name"
|
|
|
0c92807 |
+#define SELINUX_BANNER "Security Context"
|
|
|
0c92807 |
|
|
|
0c92807 |
#define print_progname_banner() do { if (flag_prg) printf("%-" PROGNAME_WIDTHs "s"," " PROGNAME_BANNER); } while (0)
|
|
|
0c92807 |
|
|
|
0c92807 |
+#define print_selinux_banner() do { if (flag_selinux) printf("%-" SELINUX_WIDTHs "s"," " SELINUX_BANNER); } while (0)
|
|
|
0c92807 |
+
|
|
|
0c92807 |
#define PRG_LOCAL_ADDRESS "local_address"
|
|
|
0c92807 |
#define PRG_INODE "inode"
|
|
|
0c92807 |
#define PRG_SOCKET_PFX "socket:["
|
|
|
0c92807 |
@@ -250,7 +265,7 @@
|
|
|
0c92807 |
/* NOT working as of glibc-2.0.7: */
|
|
|
0c92807 |
#undef DIRENT_HAVE_D_TYPE_WORKS
|
|
|
0c92807 |
|
|
|
0c92807 |
-static void prg_cache_add(int inode, char *name)
|
|
|
0c92807 |
+static void prg_cache_add(int inode, char *name, char *scon)
|
|
|
0c92807 |
{
|
|
|
0c92807 |
unsigned hi = PRG_HASHIT(inode);
|
|
|
0c92807 |
struct prg_node **pnp,*pn;
|
|
|
0c92807 |
@@ -271,6 +286,14 @@
|
|
|
0c92807 |
if (strlen(name)>sizeof(pn->name)-1)
|
|
|
0c92807 |
name[sizeof(pn->name)-1]='\0';
|
|
|
0c92807 |
strcpy(pn->name,name);
|
|
|
0c92807 |
+
|
|
|
0c92807 |
+ {
|
|
|
0c92807 |
+ int len=(strlen(scon)-sizeof(pn->scon))+1;
|
|
|
0c92807 |
+ if (len > 0)
|
|
|
0c92807 |
+ strcpy(pn->scon,&scon[len+1]);
|
|
|
0c92807 |
+ else
|
|
|
0c92807 |
+ strcpy(pn->scon,scon);
|
|
|
0c92807 |
+ }
|
|
|
0c92807 |
}
|
|
|
0c92807 |
|
|
|
0c92807 |
static const char *prg_cache_get(unsigned long inode)
|
|
|
0c92807 |
@@ -283,6 +306,16 @@
|
|
|
0c92807 |
return("-");
|
|
|
0c92807 |
}
|
|
|
0c92807 |
|
|
|
0c92807 |
+static const char *prg_cache_get_con(unsigned long inode)
|
|
|
0c92807 |
+{
|
|
|
0c92807 |
+ unsigned hi=PRG_HASHIT(inode);
|
|
|
0c92807 |
+ struct prg_node *pn;
|
|
|
0c92807 |
+
|
|
|
0c92807 |
+ for (pn=prg_hash[hi];pn;pn=pn->next)
|
|
|
0c92807 |
+ if (pn->inode==inode) return(pn->scon);
|
|
|
0c92807 |
+ return("-");
|
|
|
0c92807 |
+}
|
|
|
0c92807 |
+
|
|
|
0c92807 |
static void prg_cache_clear(void)
|
|
|
0c92807 |
{
|
|
|
0c92807 |
struct prg_node **pnp,*pn;
|
|
|
0c92807 |
@@ -348,6 +381,7 @@
|
|
|
0c92807 |
const char *cs,*cmdlp;
|
|
|
0c92807 |
DIR *dirproc=NULL,*dirfd=NULL;
|
|
|
0c92807 |
struct dirent *direproc,*direfd;
|
|
|
0c92807 |
+ security_context_t scon=NULL;
|
|
|
0c92807 |
|
|
|
0c92807 |
if (prg_cache_loaded || !flag_prg) return;
|
|
|
0c92807 |
prg_cache_loaded=1;
|
|
|
0c92807 |
@@ -415,7 +449,15 @@
|
|
|
0c92807 |
}
|
|
|
0c92807 |
|
|
|
0c92807 |
snprintf(finbuf, sizeof(finbuf), "%s/%s", direproc->d_name, cmdlp);
|
|
|
0c92807 |
- prg_cache_add(inode, finbuf);
|
|
|
0c92807 |
+#if HAVE_SELINUX
|
|
|
0c92807 |
+ if (getpidcon(atoi(direproc->d_name), &scon) == -1) {
|
|
|
0c92807 |
+ scon=strdup("-");
|
|
|
0c92807 |
+ }
|
|
|
0c92807 |
+ prg_cache_add(inode, finbuf, scon);
|
|
|
0c92807 |
+ freecon(scon);
|
|
|
0c92807 |
+#else
|
|
|
0c92807 |
+ prg_cache_add(inode, finbuf, "-");
|
|
|
0c92807 |
+#endif
|
|
|
0c92807 |
}
|
|
|
0c92807 |
closedir(dirfd);
|
|
|
0c92807 |
dirfd = NULL;
|
|
|
0c92807 |
@@ -1385,6 +1428,8 @@
|
|
|
0c92807 |
printf("- ");
|
|
|
0c92807 |
if (flag_prg)
|
|
|
0c92807 |
printf("%-" PROGNAME_WIDTHs "s",(has & HAS_INODE?prg_cache_get(inode):"-"));
|
|
|
0c92807 |
+ if (flag_selinux)
|
|
|
0c92807 |
+ printf("%-" SELINUX_WIDTHs "s",(has & HAS_INODE?prg_cache_get_con(inode):"-"));
|
|
|
0c92807 |
puts(path);
|
|
|
0c92807 |
}
|
|
|
0c92807 |
|
|
|
0c92807 |
@@ -1403,6 +1448,7 @@
|
|
|
0c92807 |
|
|
|
0c92807 |
printf(_("\nProto RefCnt Flags Type State I-Node"));
|
|
|
0c92807 |
print_progname_banner();
|
|
|
0c92807 |
+ print_selinux_banner();
|
|
|
0c92807 |
printf(_(" Path\n")); /* xxx */
|
|
|
0c92807 |
|
|
|
0c92807 |
{
|
|
|
0c92807 |
@@ -1682,6 +1728,7 @@
|
|
|
0c92807 |
fprintf(stderr, _(" -o, --timers display timers\n"));
|
|
|
0c92807 |
fprintf(stderr, _(" -F, --fib display Forwarding Information Base (default)\n"));
|
|
|
0c92807 |
fprintf(stderr, _(" -C, --cache display routing cache instead of FIB\n\n"));
|
|
|
0c92807 |
+ fprintf(stderr, _(" -Z, --context display SELinux security context for sockets\n\n"));
|
|
|
0c92807 |
|
|
|
0c92807 |
fprintf(stderr, _(" <Iface>: Name of interface to monitor/list.\n"));
|
|
|
0c92807 |
fprintf(stderr, _(" <Socket>={-t|--tcp} {-u|--udp} {-w|--raw} {-x|--unix} --ax25 --ipx --netrom\n"));
|
|
|
0c92807 |
@@ -1729,6 +1776,7 @@
|
|
|
0c92807 |
{"cache", 0, 0, 'C'},
|
|
|
0c92807 |
{"fib", 0, 0, 'F'},
|
|
|
0c92807 |
{"groups", 0, 0, 'g'},
|
|
|
0c92807 |
+ {"context", 0, 0, 'Z'},
|
|
|
0c92807 |
{NULL, 0, 0, 0}
|
|
|
0c92807 |
};
|
|
|
0c92807 |
|
|
|
0c92807 |
@@ -1741,7 +1789,7 @@
|
|
|
0c92807 |
|
|
|
0c92807 |
afname[0] = '\0';
|
|
|
0c92807 |
|
|
|
0c92807 |
- while ((i = getopt_long(argc, argv, "MCFA:acdegphiI::nNorstuVv?wxl", longopts, &lop)) != EOF)
|
|
|
0c92807 |
+ while ((i = getopt_long(argc, argv, "MCFA:acdegphiI::nNorstuVv?wxlZ", longopts, &lop)) != EOF)
|
|
|
0c92807 |
switch (i) {
|
|
|
0c92807 |
case -1:
|
|
|
0c92807 |
break;
|
|
|
0c92807 |
@@ -1838,6 +1886,20 @@
|
|
|
0c92807 |
if (aftrans_opt("unix"))
|
|
|
0c92807 |
exit(1);
|
|
|
0c92807 |
break;
|
|
|
0c92807 |
+ case 'Z':
|
|
|
0c92807 |
+#if HAVE_SELINUX
|
|
|
0c92807 |
+ if (is_selinux_enabled() <= 0) {
|
|
|
0c92807 |
+ fprintf(stderr, _("SELinux is not enabled on this machine.\n"));
|
|
|
0c92807 |
+ exit(1);
|
|
|
0c92807 |
+ }
|
|
|
0c92807 |
+ flag_prg++;
|
|
|
0c92807 |
+ flag_selinux++;
|
|
|
0c92807 |
+#else
|
|
|
0c92807 |
+ fprintf(stderr, _("SELinux is not enabled for this application.\n"));
|
|
|
0c92807 |
+ exit(1);
|
|
|
0c92807 |
+#endif
|
|
|
0c92807 |
+
|
|
|
0c92807 |
+ break;
|
|
|
0c92807 |
case '?':
|
|
|
0c92807 |
case 'h':
|
|
|
0c92807 |
usage();
|
|
|
5fc1756 |
--- net-tools-1.60/netstat.c.sel 2007-05-21 14:02:08.000000000 -0400
|
|
|
5fc1756 |
+++ net-tools-1.60/netstat.c 2007-05-21 14:03:23.000000000 -0400
|
|
|
5fc1756 |
@@ -769,6 +769,9 @@ static void finish_this_one(int uid, uns
|
|
|
5fc1756 |
}
|
|
|
5fc1756 |
if (flag_prg)
|
|
|
5fc1756 |
printf("%-" PROGNAME_WIDTHs "s",prg_cache_get(inode));
|
|
|
5fc1756 |
+ if (flag_selinux)
|
|
|
5fc1756 |
+ printf("%-" SELINUX_WIDTHs "s",prg_cache_get_con(inode));
|
|
|
5fc1756 |
+
|
|
|
5fc1756 |
if (flag_opt)
|
|
|
5fc1756 |
printf("%s", timers);
|
|
|
5fc1756 |
putchar('\n');
|
|
|
5fc1756 |
@@ -2420,6 +2423,7 @@ int main
|
|
|
5fc1756 |
if (flag_exp > 1)
|
|
|
5fc1756 |
printf(_(" User Inode "));
|
|
|
5fc1756 |
print_progname_banner();
|
|
|
5fc1756 |
+ print_selinux_banner();
|
|
|
5fc1756 |
if (flag_opt)
|
|
|
5fc1756 |
printf(_(" Timer")); /* xxx */
|
|
|
5fc1756 |
printf("\n");
|