blob: 75a0de9e4f39e3fc2904124c9c31b5975352337f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
|
.TH CL 8
.CT 1 sa_nonmortals
.SH NAME
cl, integrity \- file system label check
.SH SYNOPSIS
.B /etc/cl
[
.IR specfile " | " dir
] ...
.PP
.B /etc/integrity
[
.I rootdir
]
.SH DESCRIPTION
.I Cl
examines file trees for correctness of labels.
Each
.I specfile
argument names a file containing a description
of the labels expected in a given subtree of a file system.
Each line of a
.I specfile
has the form
.IP
.L
filename uid,gid mode capabilities licenses label
.LP
User and group ids are specified in the style of
.IR chown (8).
The mode is specified in the style of
.IR chmod (2);
only the 07777 bits are significant.
Capabilities and licenses are in the style of
.IR atopriv ;
see
.IR labtoa (3).
The label is in the style of
.IR atolab,
without capabilities or licenses.
.PP
The first valid line names the root of the tree in question.
Subsequent lines name particular files in the tree.
A report is made for each `suspicious' file and for each
particular file which does
not match its description in
.IR specfile .
.LP
A suspicious file is a file that is not named in the
.I specfile
for which one of the following holds:
.IP
The label has flag
.B L_UNDEF
or
.BR L_YES .
.br
The file is a special file the label flag is
.BR L_NO .
.br
The file is not a special file the label flag is not
.BR L_NO .
.br
The lattice value of the label is not dominated by the
label in the first line of
.IR specfile .
.br
The capability or license is not dominated by the corresponding
value in the first line of
.IR specfile .
.LP
Each named directory argument
.I dir
is treated as if there were a
.I specfile
argument
consisting of just a single line
.IP
.EX
\fIdir\fP bin,bin 666 ----- ----- 0000...
.EE
.I Integrity
surveys the directory tree dependent from
.I rootdir,
or
.L /
if no
.I rootdir
is given.
It reports non-bottom labels, which are possible signs
of loss of integrity \- modification without privilege.
The search cuts off at directories with non-bottom labels.
.SH "SEE ALSO"
.IR getflab (2),
.IR ftw (3),
.IR lcheck (8)
.SH BUGS
Extraneous diagnostics
may be produced if this command is applied to
active file systems.
|
