Hello,
as requested in rhbz #449985 by sectools team it will be good to have
capability displaying support in ls. This patch has no effect on systems
without function cap_get_file supported since libcap 2.x. You have to run
configure with parameter --enable-libcap.
Greetings
Kamil Dudka
From d4fde447cae7d5e40320dd8f7240cd8cb248a127 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <[EMAIL PROTECTED]>
Date: Mon, 14 Jul 2008 13:45:04 +0200
Subject: [PATCH] Added support for capabilities to ls.
configure.ac: --enable-libcap configure parameter, check for libcap 2.x version
src/Makefile.am: libcap library linking
src/ls.c(hasCapability): new function for capability detection
src/ls.c(print_color_indicator): colorize file with capability
NEWS: mentioned the change
---
configure.ac | 12 ++++++++++++
src/Makefile.am | 6 +++---
src/ls.c | 40 +++++++++++++++++++++++++++++++++++++++-
NEWS | 2 ++
4 files changed, 56 insertions(+), 4 deletions(-)
diff --git a/configure.ac b/configure.ac
index ac93e1c..b8567ac 100644
--- a/configure.ac
+++ b/configure.ac
@@ -44,6 +44,18 @@ gl_EARLY
gl_INIT
coreutils_MACROS
+dnl Check whether support for libcap 2.x should be built
+AC_ARG_ENABLE(libcap,
+ [ --enable-libcap Enable use of the libcap 2.x library],
+ [AC_CHECK_LIB([cap], [cap_get_file],
+ [AC_CHECK_HEADER([sys/capability.h],
+ [LIB_CAP2="-lcap" AC_DEFINE(HAVE_CAP2, 1, [libcap 2.x availability])],
+ [AC_MSG_WARN([header sys/capability.h was not found, support for libcap will not be built])]
+ )],
+ [AC_MSG_WARN([libcap 2.x library was not found, support for libcap will not be built])])
+ ])
+AC_SUBST([LIB_CAP2])
+
AC_FUNC_FORK
optional_bin_progs=
diff --git a/src/Makefile.am b/src/Makefile.am
index 65b20a2..e96f98d 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -101,15 +101,15 @@ __LDADD = $(LDADD) $(LIB_EACCESS)
# for clock_gettime and fdatasync
dd_LDADD = $(LDADD) $(LIB_GETHRXTIME) $(LIB_FDATASYNC)
-dir_LDADD = $(LDADD) $(LIB_CLOCK_GETTIME) $(LIB_SELINUX)
+dir_LDADD = $(LDADD) $(LIB_CLOCK_GETTIME) $(LIB_SELINUX) $(LIB_CAP2)
id_LDADD = $(LDADD) $(LIB_SELINUX)
-ls_LDADD = $(LDADD) $(LIB_CLOCK_GETTIME) $(LIB_SELINUX)
+ls_LDADD = $(LDADD) $(LIB_CLOCK_GETTIME) $(LIB_SELINUX) $(LIB_CAP2)
mktemp_LDADD = $(LDADD) $(LIB_GETHRXTIME)
pr_LDADD = $(LDADD) $(LIB_CLOCK_GETTIME)
shred_LDADD = $(LDADD) $(LIB_GETHRXTIME) $(LIB_FDATASYNC)
shuf_LDADD = $(LDADD) $(LIB_GETHRXTIME)
tac_LDADD = $(LDADD) $(LIB_CLOCK_GETTIME)
-vdir_LDADD = $(LDADD) $(LIB_CLOCK_GETTIME) $(LIB_SELINUX)
+vdir_LDADD = $(LDADD) $(LIB_CLOCK_GETTIME) $(LIB_SELINUX) $(LIB_CAP2)
## If necessary, add -lm to resolve use of pow in lib/strtod.c.
sort_LDADD = $(LDADD) $(POW_LIB) $(LIB_GETHRXTIME)
diff --git a/src/ls.c b/src/ls.c
index 4b69f7d..6fc7197 100644
--- a/src/ls.c
+++ b/src/ls.c
@@ -38,6 +38,10 @@
#include <config.h>
#include <sys/types.h>
+#ifdef HAVE_CAP2
+# include <sys/capability.h>
+#endif
+
#if HAVE_TERMIOS_H
# include <termios.h>
#endif
@@ -3896,6 +3900,34 @@ print_type_indicator (bool stat_ok, mode_t mode, enum filetype type)
DIRED_PUTCHAR (c);
}
+#ifdef HAVE_CAP2
+static bool
+/* returns true if file has capability (see linux/capability.h) */
+hasCapability(const char *name)
+{
+ cap_t cap_d;
+ char *result;
+ bool hasCap;
+
+ cap_d = cap_get_file(name);
+ if (cap_d == NULL)
+ return false;
+
+ result = cap_to_text(cap_d, NULL);
+ if (!result) {
+ cap_free(cap_d);
+ return false;
+ }
+
+ /* check if human-readable capability string is empty */
+ hasCap = *result;
+
+ cap_free(cap_d);
+ cap_free(result);
+ return hasCap;
+}
+#endif
+
/* Returns whether any color sequence was printed. */
static bool
print_color_indicator (const char *name, mode_t mode, int linkok,
@@ -3919,7 +3951,13 @@ print_color_indicator (const char *name, mode_t mode, int linkok,
if (S_ISREG (mode))
{
type = C_FILE;
- if ((mode & S_ISUID) != 0)
+ if (
+ ((mode & S_ISUID) != 0)
+#ifdef HAVE_CAP2
+/* highlights file with capability (see linux/capability.h) */
+ || hasCapability(name)
+#endif
+ )
type = C_SETUID;
else if ((mode & S_ISGID) != 0)
type = C_SETGID;
diff --git a/NEWS b/NEWS
index d6ed89e..16b721e 100644
--- a/NEWS
+++ b/NEWS
@@ -27,6 +27,8 @@ GNU coreutils NEWS -*- outline -*-
represents the maximum number of inputs that will be merged at once.
When processing more than NMERGE inputs, sort uses temporary files.
+ ls now colorizes files with capabilities if libcap is available
+
** Bug fixes
chcon --verbose now prints a newline after each message
--
1.5.4.1
_______________________________________________
Bug-coreutils mailing list
Bug-coreutils@gnu.org
http://lists.gnu.org/mailman/listinfo/bug-coreutils
