The usage message reflected an obsolete version of
the utility. This change fixes that.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>

chsmack: Avoid duplicate slashs

Add the command 'test' to smackctl

When the command chsmack is called for recursive
exploration, if the given path(s) end with /, it
produced output with 2 slashes.

Exemple before:

  $ chsmack -r here/
  here//i-am: access="_"
  here//you-are: access="_"

Exemple after:

  $ chsmack -r here/
  here/i-am: access="_"
  here/you-are: access="_"

Note that slash at tail are often produced by
automatic completion and/or scripts.

The command 'test' is similar to the
command 'status' but instead of displaying
the status, it returns a status: 0 if smackFS
is mounted or 1 otherwise.

The intention is to provide a cleaner interface
for scripting. Instead of writing

 if smackctl status | grep -qv ' not '; then ...

the script progreammer can simply write

 if smackctl test; then ...

Signed-off-by: José Bollo <jose.bollo@iot.bzh>

Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Make the libsmack code more defensive with regard to filling memory buffers.

Fix potential buffer overflow in smack_set_onlycap_from_file()

While reading Smack onlycap labels from a file, take care of possibility
to read a label that is longer than SMACK_LABEL_LEN.

Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Until now libsmack provided only function for returning Smack label of the
calling process. But it is often needed to get label of another process.
User programs needed to implement this by themselves by accessing appropriate
procfs interface.

Add new function smack_new_label_from_process that takes PID of the process
and returns its label.

Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Modify the explore() function providing abstract processing of directories
and files inside them:
- replace usage of readdir_r() (which is now deprecated in glibc) by
  readdir()
- use more meaningful names for local variables
- don't use magic numbers for padding buffer size "just in case", calculate
  actual needed buffer size with care
- prevent memory leak when realloc() fails

Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

smack_set_onlycap applies the list of supplied labels to kernel.
Its usage in smack_load_policy() searches for the text file
with list of labels in /etc/smack/onlycap (each label
in separate line). smack_set_onlycap_from_file usage was also added
to smack_load_policy() function.

Signed-off-by: Tomasz Swierczek <t.swierczek@samsung.com>

Unify smack function behaviour and fix description in headers.

The new implementation does not count NULL char to string length.

Description of this function has been changed:
 * smack_set_label_for_path
 * smack_set_label_for_file
Both functions return 0 on success and negative
value on error.

Fix debian changelog and library symbols information.

Change-Id: I3803edabb995dc0579a40751857253c63e88574f

Support filesystems that don't fill in d_type.

this closes #103 issue

Signed-off-by: José Bollo <jose.bollo@iot.bzh>

Signed-off-by: José Bollo <jose.bollo@iot.bzh>

The option if set will enter the directories
and apply the settings of properties or just
list properties of files.

The symbolic links will not be followed except
if present in the command line.

Signed-off-by: José Bollo <jose.bollo@iot.bzh>

Signed-off-by: José Bollo <jose.bollo@iot.bzh>

This commit prepares implementation of
recursive processing.

Signed-off-by: José Bollo <jose.bollo@iot.bzh>

The function 'set_state' greatly improves the
readability of the code.

Signed-off-by: José Bollo <jose.bollo@iot.bzh>

Signed-off-by: José Bollo <jose.bollo@iot.bzh>

4 new options allow to drop Smack properties
either in the same time that others are set
or specifically.

Signed-off-by: José Bollo <jose.bollo@iot.bzh>

This option allows to drop any property that
is not explicitely set. This option is intended
to prevent to call chsmack times.

By eample, the following sequence:

 chsmack -d file
 chsmask -a User::Item file

becomes

 chsmack -D -a User::Item file

Signed-off-by: José Bollo <jose.bollo@iot.bzh>

The two separate loops, one for deleting,
one for setting are now merged in only
one loop.

It prepares implementation of future
options.

Signed-off-by: José Bollo <jose.bollo@iot.bzh>

The name 'option_flag' wasn't very good.
The new name 'modify' is more explicit.

Signed-off-by: José Bollo <jose.bollo@iot.bzh>

The state for attribute now reflects the expected
action: positive for adding attribute, negative for
removing it.

Signed-off-by: José Bollo <jose.bollo@iot.bzh>

Is it really an error to remove an attribute
that doesn't exists? I don't think so because
the final result is the expected result.

Signed-off-by: José Bollo <jose.bollo@iot.bzh>

This is an intermediate commits that prepare
the evolution of how settings and removings
are handled.

Signed-off-by: José Bollo <jose.bollo@iot.bzh>

The array 'option_map' is mostly needed for
printing errors.

Thus why to loose very little time
for setting it if it will not be needed?

Signed-off-by: José Bollo <jose.bollo@iot.bzh>

If the filesystem doesn't fill in the d_type dirent field, stat the name
to figure out the inode type. This can happen on older XFS filesystems
created with old mkfs options.

Signed-off-by: James Peach <jpeach@apache.org>

Ends the smackcipso usage with a newline

Implement smack_set_relabel_self() libsmack function for updating list
of labels to which the current process will be allowed to switch.
The caller must hold CAP_MAC_ADMIN capability, but if it drops
capabilities later, it will be permitted to change its label only to one
of labels permitted.

Bump the library version to 1.2.0 and put the new function there.

Change-Id: I9bb252baa9e8238781c66fa60111997c79047439
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

libsmack/common.c: Include <limits.h> for PATH_MAX