diff options
| author | Robert Watson <rwatson@FreeBSD.org> | 2002-10-23 03:19:34 +0000 |
|---|---|---|
| committer | Robert Watson <rwatson@FreeBSD.org> | 2002-10-23 03:19:34 +0000 |
| commit | 1494905bb6e4aab3a0a034b667ac44e091e567d6 (patch) | |
| tree | 99bf913c042891ee89b412a42025ac2a45b8a480 /usr.bin/su | |
| parent | 84333872d83f830bd84559cf2e16dfc6bdde15df (diff) | |
| download | src-1494905bb6e4aab3a0a034b667ac44e091e567d6.tar.gz src-1494905bb6e4aab3a0a034b667ac44e091e567d6.zip | |
Notes
Diffstat (limited to 'usr.bin/su')
| -rw-r--r-- | usr.bin/su/su.1 | 10 | ||||
| -rw-r--r-- | usr.bin/su/su.c | 18 |
2 files changed, 23 insertions, 5 deletions
diff --git a/usr.bin/su/su.1 b/usr.bin/su/su.1 index 472d5db3ba29..a3f2a2965fdd 100644 --- a/usr.bin/su/su.1 +++ b/usr.bin/su/su.1 @@ -41,7 +41,7 @@ .Sh SYNOPSIS .Nm .Op Fl -.Op Fl flm +.Op Fl flms .Op Fl c Ar class .Op Ar login Op Ar args .Sh DESCRIPTION @@ -122,6 +122,14 @@ and the caller's real uid is non-zero, .Nm will fail. +.It Fl s +Set the MAC label to the user's default label as part of the user +credential setup. +Setting the MAC label may fail if the MAC label of the invoking process +isn't sufficient to transition to the user's default MAC label. +If the label cannot be set, +.Nm +will fail. .It Fl c Ar class Use the settings of the specified login class. Only allowed for the super-user. diff --git a/usr.bin/su/su.c b/usr.bin/su/su.c index 9191b87a42d8..434b4c7b4419 100644 --- a/usr.bin/su/su.c +++ b/usr.bin/su/su.c @@ -127,7 +127,7 @@ main(int argc, char *argv[]) } np; uid_t ruid; int asme, ch, asthem, fastlogin, prio, i, setwhat, retcode, - statusp, child_pid, child_pgrp, ret_pid; + statusp, child_pid, child_pgrp, ret_pid, setmaclabel; char *username, *cleanenv, *class, shellbuf[MAXPATHLEN]; const char *p, *user, *shell, *mytty, **nargv; @@ -137,8 +137,9 @@ main(int argc, char *argv[]) asme = asthem = fastlogin = statusp = 0; user = "root"; iscsh = UNSET; + setmaclabel = 0; - while ((ch = getopt(argc, argv, "-flmc:")) != -1) + while ((ch = getopt(argc, argv, "-flmsc:")) != -1) switch ((char)ch) { case 'f': fastlogin = 1; @@ -152,6 +153,9 @@ main(int argc, char *argv[]) asme = 1; asthem = 0; break; + case 's': + setmaclabel = 1; + break; case 'c': class = optarg; break; @@ -359,7 +363,13 @@ main(int argc, char *argv[]) * Umask Login records (wtmp, etc) Path */ setwhat = LOGIN_SETALL & ~(LOGIN_SETENV | LOGIN_SETUMASK | - LOGIN_SETLOGIN | LOGIN_SETPATH | LOGIN_SETGROUP); + LOGIN_SETLOGIN | LOGIN_SETPATH | LOGIN_SETGROUP | + LOGIN_SETMAC); + /* + * If -s is present, also set the MAC label. + */ + if (setmaclabel) + setwhat |= LOGIN_SETMAC; /* * Don't touch resource/priority settings if -m has been used * or -l and -c hasn't, and we're not su'ing to root. @@ -462,7 +472,7 @@ static void usage(void) { - fprintf(stderr, "usage: su [-] [-flm] [-c class] [login [args]]\n"); + fprintf(stderr, "usage: su [-] [-flms] [-c class] [login [args]]\n"); exit(1); } |