Decoded: chcon (coreutils)

[Back to Project Main Page]

Note: This page explores the design of command-line utilities. It is not a user guide.
[GNU Manual] [No POSIX requirement] [Linux man] [No FreeBSD requirement]

Logical flow of chcon command (coreutils)

Summary

chcon - change selinux context of file

[Source] [Code Walkthrough]

Lines of code: 588
Principal syscall: None
Support syscalls: None
Options: 23 (10 short, 13 long, does not include perm digits)

Added to Coreutils in March 2007 [First version]
Number of revisions: 55 [Code Evolution]

The chcon utility is only applicable for Linux systems and uses the context creation features in the SELInux API Helpers:

  • change_file_context() - The core context-change procedure
  • compute_context_from_mask() - Creates a new context
  • process_file() - Processes a single file
  • process_files() - Wrapper to find and open all input files via FTS
  • SET_COMPONENT() - Applies a context component (user, range, role, or type)
External non-standard helpers:
  • context_new() - Returns a new context intialized to a context string
  • context_range_set() - Sets the range component of an input context
  • context_role_set() - Sets the role component of an input context
  • context_type_set() - Sets the type component of an input context
  • context_user_set() - Sets the user component of an input context
  • die() - Exit with mandatory non-zero error and message to stderr
  • error() - Outputs error message to standard error with possible process termination

Setup

At global scope, chcon.c defines the flags recure and verbosity set during parsing of user-provided execution options.

Afterward, main() initializes the following:

  • bit_flags - Bit flags for behavior of the file traversal systems
  • component_specified - Flag set if the user provides components
  • dereference - Flag for how to handle symlinks (link or target)
  • ok - The final return status. Note overloaded usage
  • optc - The character for the next option to process
  • preserve_root - Flag set to preserve root (--preserve-root option)
  • reference_file - The user provided name of the reference file

Parsing

Parsing, collects options and arguments to answer the following questions:

  • Is the context provided directly, as components, or via reference?
  • Do we preserve root from operations?
  • Should we follow links or operate directly on links?
  • Do we provide verbose feedback to the user?

Parsing failures

These failure cases are explicitly checked:

  • No dereference rule provided
  • Missing file arguments (context or target file)
  • Unknown option used

User specified parsing failures result in a short error message followed by the usage instructions. Access related parsing errors die with an error message.

Execution

The first step is to get the new context from one of three sources:

  • Check the reference file's security context with getfilecon()
  • Directly provided as a context string
  • Components provided (User, Role, Type, Range)

With the target files and the security context, we're ready for the chcon operation:

  • Open the target file using FTS
  • Verify that the file info is available (FTS stat ok)
  • Get the current file context
  • Compute the component context change (if needed)
  • Set the final context via setfileconat()
  • Close the file

Failure cases:

  • Unable to pull the security context of the reference file
  • User provides an unknown context
  • User provides reference file and specified componenets
  • Unable to access root
  • Unable to access target file/directory
  • Unable to change security context

All failures at this stage output an error message to STDERR and return without displaying usage help

[Back to Project Main Page]