From 679010d6cc7ab90f1de2c3c4661b9de3261ba28d Mon Sep 17 00:00:00 2001 From: Sylvestre Ledru Date: Mon, 25 Aug 2025 21:32:23 +0200 Subject: [PATCH] build: only use feat_selinux and remove selinux --- Cargo.lock | 1 + Cargo.toml | 19 ++++++++++--------- GNUmakefile | 4 ++-- src/uu/cp/src/cp.rs | 6 +++--- src/uu/id/src/id.rs | 18 ++++++++++++------ src/uu/install/Cargo.toml | 2 +- src/uu/install/src/install.rs | 12 ++++++------ src/uu/ls/src/ls.rs | 8 ++++---- src/uu/mkdir/Cargo.toml | 2 +- src/uu/mkdir/src/mkdir.rs | 2 +- src/uu/mkfifo/Cargo.toml | 2 +- src/uu/mkfifo/src/mkfifo.rs | 2 +- src/uu/mknod/Cargo.toml | 2 +- src/uu/mknod/src/mknod.rs | 2 +- src/uu/mv/Cargo.toml | 2 +- src/uu/mv/src/mv.rs | 4 ++-- src/uu/stat/Cargo.toml | 2 +- src/uu/stat/src/stat.rs | 4 ++-- tests/by-util/test_chcon.rs | 12 ++++++------ tests/uutests/Cargo.toml | 4 ++++ util/build-gnu.sh | 2 +- 21 files changed, 62 insertions(+), 50 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 601fa92e2ff..857fad209e4 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4154,6 +4154,7 @@ dependencies = [ "rand 0.9.2", "regex", "rlimit", + "selinux", "tempfile", "uucore", "xattr", diff --git a/Cargo.toml b/Cargo.toml index 1ad3c2c0eb0..b47687acc0c 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -56,16 +56,16 @@ feat_acl = ["cp/feat_acl"] # * The selinux(-sys) crate requires `libselinux` headers and shared library to be accessible in the C toolchain at compile time. # * Running a uutils compiled with `feat_selinux` requires an SELinux enabled Kernel at run time. feat_selinux = [ - "cp/selinux", + "cp/feat_selinux", "feat_require_selinux", - "id/selinux", - "install/selinux", - "ls/selinux", - "mkdir/selinux", - "mkfifo/selinux", - "mknod/selinux", - "selinux", - "stat/selinux", + "id/feat_selinux", + "install/feat_selinux", + "ls/feat_selinux", + "mkdir/feat_selinux", + "mkfifo/feat_selinux", + "mknod/feat_selinux", + "stat/feat_selinux", + "uutests/feat_selinux", ] ## ## feature sets @@ -532,6 +532,7 @@ num-prime.workspace = true pretty_assertions = "1.4.0" rand.workspace = true regex.workspace = true +selinux = { workspace = true } sha1 = { workspace = true, features = ["std"] } tempfile.workspace = true time = { workspace = true, features = ["local-offset"] } diff --git a/GNUmakefile b/GNUmakefile index 20dc731d3b0..25d18dd310f 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -288,8 +288,8 @@ TEST_NO_FAIL_FAST :=--no-fail-fast TEST_SPEC_FEATURE := test_unimplemented else ifeq ($(SELINUX_ENABLED),1) TEST_NO_FAIL_FAST := -TEST_SPEC_FEATURE := selinux -BUILD_SPEC_FEATURE := selinux +TEST_SPEC_FEATURE := feat_selinux +BUILD_SPEC_FEATURE := feat_selinux endif define TEST_BUSYBOX diff --git a/src/uu/cp/src/cp.rs b/src/uu/cp/src/cp.rs index 0c3a6ca0c5e..12e9760f3a2 100644 --- a/src/uu/cp/src/cp.rs +++ b/src/uu/cp/src/cp.rs @@ -1116,7 +1116,7 @@ impl Options { } } - #[cfg(not(feature = "selinux"))] + #[cfg(not(feature = "feat_selinux"))] if let Preserve::Yes { required } = attributes.context { let selinux_disabled_error = CpError::Error(translate!("cp-error-selinux-not-enabled")); if required { @@ -1713,7 +1713,7 @@ pub(crate) fn copy_attributes( Ok(()) })?; - #[cfg(feature = "selinux")] + #[cfg(feature = "feat_selinux")] handle_preserve(&attributes.context, || -> CopyResult<()> { // Get the source context and apply it to the destination if let Ok(context) = selinux::SecurityContext::of_path(source, false, false) { @@ -2469,7 +2469,7 @@ fn copy_file( copy_attributes(source, dest, &options.attributes)?; } - #[cfg(feature = "selinux")] + #[cfg(feature = "feat_selinux")] if options.set_selinux_context && uucore::selinux::is_selinux_enabled() { // Set the given selinux permissions on the copied file. if let Err(e) = diff --git a/src/uu/id/src/id.rs b/src/uu/id/src/id.rs index 0852d99276f..005f9530ab0 100644 --- a/src/uu/id/src/id.rs +++ b/src/uu/id/src/id.rs @@ -63,9 +63,9 @@ macro_rules! cstr2cow { } fn get_context_help_text() -> String { - #[cfg(not(feature = "selinux"))] + #[cfg(not(feature = "feat_selinux"))] return translate!("id-context-help-disabled"); - #[cfg(feature = "selinux")] + #[cfg(feature = "feat_selinux")] return translate!("id-context-help-enabled"); } @@ -139,11 +139,11 @@ pub fn uumain(args: impl uucore::Args) -> UResult<()> { cflag: matches.get_flag(options::OPT_CONTEXT), selinux_supported: { - #[cfg(feature = "selinux")] + #[cfg(feature = "feat_selinux")] { uucore::selinux::is_selinux_enabled() } - #[cfg(not(feature = "selinux"))] + #[cfg(not(feature = "feat_selinux"))] { false } @@ -183,7 +183,10 @@ pub fn uumain(args: impl uucore::Args) -> UResult<()> { if state.cflag { return if state.selinux_supported { // print SElinux context and exit - #[cfg(all(any(target_os = "linux", target_os = "android"), feature = "selinux"))] + #[cfg(all( + any(target_os = "linux", target_os = "android"), + feature = "feat_selinux" + ))] if let Ok(context) = selinux::SecurityContext::current(false) { let bytes = context.as_bytes(); print!("{}{line_ending}", String::from_utf8_lossy(bytes)); @@ -644,7 +647,10 @@ fn id_print(state: &State, groups: &[u32]) { .join(",") ); - #[cfg(all(any(target_os = "linux", target_os = "android"), feature = "selinux"))] + #[cfg(all( + any(target_os = "linux", target_os = "android"), + feature = "feat_selinux" + ))] if state.selinux_supported && !state.user_specified && std::env::var_os("POSIXLY_CORRECT").is_none() diff --git a/src/uu/install/Cargo.toml b/src/uu/install/Cargo.toml index dc249b5d0f8..cb683b05f72 100644 --- a/src/uu/install/Cargo.toml +++ b/src/uu/install/Cargo.toml @@ -34,7 +34,7 @@ uucore = { workspace = true, default-features = true, features = [ fluent = { workspace = true } [features] -selinux = ["uucore/selinux"] +feat_selinux = ["uucore/selinux"] [[bin]] name = "install" diff --git a/src/uu/install/src/install.rs b/src/uu/install/src/install.rs index 903f3928d58..54347ac0b51 100644 --- a/src/uu/install/src/install.rs +++ b/src/uu/install/src/install.rs @@ -27,7 +27,7 @@ use uucore::fs::dir_strip_dot_for_creation; use uucore::mode::get_umask; use uucore::perms::{Verbosity, VerbosityLevel, wrap_chown}; use uucore::process::{getegid, geteuid}; -#[cfg(feature = "selinux")] +#[cfg(feature = "feat_selinux")] use uucore::selinux::{contexts_differ, set_selinux_security_context}; use uucore::translate; use uucore::{format_usage, show, show_error, show_if_err}; @@ -113,7 +113,7 @@ enum InstallError { #[error("{}", translate!("install-error-extra-operand", "operand" => .0.quote(), "usage" => .1.clone()))] ExtraOperand(String, String), - #[cfg(feature = "selinux")] + #[cfg(feature = "feat_selinux")] #[error("{}", .0)] SelinuxContextFailed(String), } @@ -482,7 +482,7 @@ fn directory(paths: &[OsString], b: &Behavior) -> UResult<()> { show_if_err!(chown_optional_user_group(path, b)); // Set SELinux context for directory if needed - #[cfg(feature = "selinux")] + #[cfg(feature = "feat_selinux")] show_if_err!(set_selinux_context(path, b)); } // If the exit code was set, or show! has been called at least once @@ -956,7 +956,7 @@ fn copy(from: &Path, to: &Path, b: &Behavior) -> UResult<()> { preserve_timestamps(from, to)?; } - #[cfg(feature = "selinux")] + #[cfg(feature = "feat_selinux")] if b.preserve_context { uucore::selinux::preserve_security_context(from, to) .map_err(|e| InstallError::SelinuxContextFailed(e.to_string()))?; @@ -1071,7 +1071,7 @@ fn need_copy(from: &Path, to: &Path, b: &Behavior) -> bool { return true; } - #[cfg(feature = "selinux")] + #[cfg(feature = "feat_selinux")] if b.preserve_context && contexts_differ(from, to) { return true; } @@ -1102,7 +1102,7 @@ fn need_copy(from: &Path, to: &Path, b: &Behavior) -> bool { false } -#[cfg(feature = "selinux")] +#[cfg(feature = "feat_selinux")] fn set_selinux_context(path: &Path, behavior: &Behavior) -> UResult<()> { if !behavior.preserve_context && behavior.context.is_some() { // Use the provided context set by -Z/--context diff --git a/src/uu/ls/src/ls.rs b/src/uu/ls/src/ls.rs index b25924c3fd9..a60f64c4d55 100644 --- a/src/uu/ls/src/ls.rs +++ b/src/uu/ls/src/ls.rs @@ -1083,11 +1083,11 @@ impl Config { time_format_older, context, selinux_supported: { - #[cfg(feature = "selinux")] + #[cfg(feature = "feat_selinux")] { uucore::selinux::is_selinux_enabled() } - #[cfg(not(feature = "selinux"))] + #[cfg(not(feature = "feat_selinux"))] { false } @@ -3278,7 +3278,7 @@ fn get_security_context(config: &Config, p_buf: &Path, must_dereference: bool) - } } if config.selinux_supported { - #[cfg(feature = "selinux")] + #[cfg(feature = "feat_selinux")] { match selinux::SecurityContext::of_path(p_buf, must_dereference.to_owned(), false) { Err(_r) => { @@ -3302,7 +3302,7 @@ fn get_security_context(config: &Config, p_buf: &Path, must_dereference: bool) - } } } - #[cfg(not(feature = "selinux"))] + #[cfg(not(feature = "feat_selinux"))] { substitute_string } diff --git a/src/uu/mkdir/Cargo.toml b/src/uu/mkdir/Cargo.toml index 7d81094cb06..1cd48fc5d18 100644 --- a/src/uu/mkdir/Cargo.toml +++ b/src/uu/mkdir/Cargo.toml @@ -23,7 +23,7 @@ uucore = { workspace = true, features = ["fs", "mode", "fsxattr"] } fluent = { workspace = true } [features] -selinux = ["uucore/selinux"] +feat_selinux = ["uucore/selinux"] [[bin]] name = "mkdir" diff --git a/src/uu/mkdir/src/mkdir.rs b/src/uu/mkdir/src/mkdir.rs index fb82d963ce1..e63a450ba01 100644 --- a/src/uu/mkdir/src/mkdir.rs +++ b/src/uu/mkdir/src/mkdir.rs @@ -277,7 +277,7 @@ fn create_dir(path: &Path, is_parent: bool, config: &Config) -> UResult<()> { chmod(path, new_mode)?; // Apply SELinux context if requested - #[cfg(feature = "selinux")] + #[cfg(feature = "feat_selinux")] if config.set_selinux_context && uucore::selinux::is_selinux_enabled() { if let Err(e) = uucore::selinux::set_selinux_security_context(path, config.context) { diff --git a/src/uu/mkfifo/Cargo.toml b/src/uu/mkfifo/Cargo.toml index 5edbfa6bde1..51cc35414e6 100644 --- a/src/uu/mkfifo/Cargo.toml +++ b/src/uu/mkfifo/Cargo.toml @@ -24,7 +24,7 @@ uucore = { workspace = true, features = ["fs", "mode"] } fluent = { workspace = true } [features] -selinux = ["uucore/selinux"] +feat_selinux = ["uucore/selinux"] [[bin]] name = "mkfifo" diff --git a/src/uu/mkfifo/src/mkfifo.rs b/src/uu/mkfifo/src/mkfifo.rs index 5cae85cc87b..7831edcfd06 100644 --- a/src/uu/mkfifo/src/mkfifo.rs +++ b/src/uu/mkfifo/src/mkfifo.rs @@ -60,7 +60,7 @@ pub fn uumain(args: impl uucore::Args) -> UResult<()> { } // Apply SELinux context if requested - #[cfg(feature = "selinux")] + #[cfg(feature = "feat_selinux")] { // Extract the SELinux related flags and options let set_selinux_context = matches.get_flag(options::SELINUX); diff --git a/src/uu/mknod/Cargo.toml b/src/uu/mknod/Cargo.toml index 50e7e2fce3c..ee9f7b4c8d4 100644 --- a/src/uu/mknod/Cargo.toml +++ b/src/uu/mknod/Cargo.toml @@ -25,7 +25,7 @@ uucore = { workspace = true, features = ["mode"] } fluent = { workspace = true } [features] -selinux = ["uucore/selinux"] +feat_selinux = ["uucore/selinux"] [[bin]] name = "mknod" diff --git a/src/uu/mknod/src/mknod.rs b/src/uu/mknod/src/mknod.rs index d922c3b82e0..dd8c27b053f 100644 --- a/src/uu/mknod/src/mknod.rs +++ b/src/uu/mknod/src/mknod.rs @@ -93,7 +93,7 @@ fn mknod(file_name: &str, config: Config) -> i32 { } // Apply SELinux context if requested - #[cfg(feature = "selinux")] + #[cfg(feature = "feat_selinux")] if config.set_selinux_context { if let Err(e) = uucore::selinux::set_selinux_security_context( std::path::Path::new(file_name), diff --git a/src/uu/mv/Cargo.toml b/src/uu/mv/Cargo.toml index 329bb78ba78..edc3cdc7405 100644 --- a/src/uu/mv/Cargo.toml +++ b/src/uu/mv/Cargo.toml @@ -42,7 +42,7 @@ windows-sys = { workspace = true, features = [ libc = { workspace = true } [features] -selinux = ["uucore/selinux"] +feat_selinux = ["uucore/selinux"] [[bin]] name = "mv" diff --git a/src/uu/mv/src/mv.rs b/src/uu/mv/src/mv.rs index b8929014974..00b0f1c8147 100644 --- a/src/uu/mv/src/mv.rs +++ b/src/uu/mv/src/mv.rs @@ -45,7 +45,7 @@ use uucore::fs::{ }; #[cfg(all(unix, not(any(target_os = "macos", target_os = "redox"))))] use uucore::fsxattr; -#[cfg(feature = "selinux")] +#[cfg(feature = "feat_selinux")] use uucore::selinux::set_selinux_security_context; use uucore::translate; use uucore::update_control; @@ -767,7 +767,7 @@ fn rename( rename_with_fallback(from, to, multi_progress, None, None)?; } - #[cfg(feature = "selinux")] + #[cfg(feature = "feat_selinux")] if let Some(ref context) = opts.context { set_selinux_security_context(to, Some(context)) .map_err(|e| io::Error::other(e.to_string()))?; diff --git a/src/uu/stat/Cargo.toml b/src/uu/stat/Cargo.toml index 21adecd90af..41d2e1c6574 100644 --- a/src/uu/stat/Cargo.toml +++ b/src/uu/stat/Cargo.toml @@ -30,7 +30,7 @@ thiserror = { workspace = true } fluent = { workspace = true } [features] -selinux = ["uucore/selinux"] +feat_selinux = ["uucore/selinux"] [[bin]] name = "stat" diff --git a/src/uu/stat/src/stat.rs b/src/uu/stat/src/stat.rs index 4d5dde94950..68043e800ca 100644 --- a/src/uu/stat/src/stat.rs +++ b/src/uu/stat/src/stat.rs @@ -953,7 +953,7 @@ impl Stater { 'B' => OutputType::Unsigned(512), // SELinux security context string 'C' => { - #[cfg(feature = "selinux")] + #[cfg(feature = "feat_selinux")] { if uucore::selinux::is_selinux_enabled() { match uucore::selinux::get_selinux_security_context( @@ -969,7 +969,7 @@ impl Stater { OutputType::Str(translate!("stat-selinux-unsupported-system")) } } - #[cfg(not(feature = "selinux"))] + #[cfg(not(feature = "feat_selinux"))] { OutputType::Str(translate!("stat-selinux-unsupported-os")) } diff --git a/tests/by-util/test_chcon.rs b/tests/by-util/test_chcon.rs index 12c8c6e85ba..1b324dc7579 100644 --- a/tests/by-util/test_chcon.rs +++ b/tests/by-util/test_chcon.rs @@ -10,6 +10,7 @@ use std::ffi::CString; use std::path::Path; use std::{io, iter, str}; +use selinux::{SecurityContext, errors}; use uutests::at_and_ucmd; use uutests::new_ucmd; @@ -590,9 +591,9 @@ fn valid_reference_multi() { ); } -fn get_file_context(path: impl AsRef) -> Result, selinux::errors::Error> { +fn get_file_context(path: impl AsRef) -> Result, errors::Error> { let path = path.as_ref(); - match selinux::SecurityContext::of_path(path, false, false) { + match SecurityContext::of_path(path, false, false) { Err(r) => { println!("get_file_context failed: '{}': {r}.", path.display()); Err(r) @@ -619,15 +620,14 @@ fn get_file_context(path: impl AsRef) -> Result, selinux::e } } -fn set_file_context(path: impl AsRef, context: &str) -> Result<(), selinux::errors::Error> { - let c_context = CString::new(context.as_bytes()).map_err(|_r| selinux::errors::Error::IO { +fn set_file_context(path: impl AsRef, context: &str) -> Result<(), errors::Error> { + let c_context = CString::new(context.as_bytes()).map_err(|_r| errors::Error::IO { source: io::Error::from(io::ErrorKind::InvalidInput), operation: "CString::new", })?; let path = path.as_ref(); - let r = - selinux::SecurityContext::from_c_str(&c_context, false).set_for_path(path, false, false); + let r = SecurityContext::from_c_str(&c_context, false).set_for_path(path, false, false); if let Err(r) = &r { println!( "set_file_context failed: '{context}' => '{}': {r}.", diff --git a/tests/uutests/Cargo.toml b/tests/uutests/Cargo.toml index e73ea59022d..e1dc31841a7 100644 --- a/tests/uutests/Cargo.toml +++ b/tests/uutests/Cargo.toml @@ -34,8 +34,12 @@ uucore = { workspace = true, features = [ ] } [target.'cfg(any(target_os = "linux", target_os = "android"))'.dependencies] +selinux = { workspace = true, optional = true } [target.'cfg(unix)'.dependencies] nix = { workspace = true, features = ["process", "signal", "user", "term"] } rlimit = "0.10.1" xattr = { workspace = true } + +[features] +feat_selinux = ["selinux"] diff --git a/util/build-gnu.sh b/util/build-gnu.sh index ae85dc63fc2..8be5bb6d76c 100755 --- a/util/build-gnu.sh +++ b/util/build-gnu.sh @@ -108,7 +108,7 @@ cd "${path_UUTILS}" && echo "[ pwd:'${PWD}' ]" if [ "$(uname)" == "Linux" ]; then # Only attempt to enable SELinux features on Linux export SELINUX_ENABLED=1 - CARGO_FEATURE_FLAGS="${CARGO_FEATURE_FLAGS} selinux" + CARGO_FEATURE_FLAGS="${CARGO_FEATURE_FLAGS} feat_selinux" fi # Trim leading whitespace from feature flags