fix displaying of security context in stat(#411181)
This commit is contained in:
parent
cfcdd286e6
commit
60e9267535
205
coreutils-6.9-statsecuritycontext.patch
Normal file
205
coreutils-6.9-statsecuritycontext.patch
Normal file
@ -0,0 +1,205 @@
|
|||||||
|
diff -urp coreutils-6.9-orig/src/stat.c coreutils-6.9/src/stat.c
|
||||||
|
--- coreutils-6.9-orig/src/stat.c 2007-12-04 16:26:39.000000000 +0100
|
||||||
|
+++ coreutils-6.9/src/stat.c 2007-12-05 00:05:11.000000000 +0100
|
||||||
|
@@ -55,12 +55,7 @@
|
||||||
|
# include <fs_info.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
|
-#ifdef WITH_SELINUX
|
||||||
|
#include <selinux/selinux.h>
|
||||||
|
-#define SECURITY_ID_T security_context_t
|
||||||
|
-#else
|
||||||
|
-#define SECURITY_ID_T char *
|
||||||
|
-#endif
|
||||||
|
|
||||||
|
#include "system.h"
|
||||||
|
|
||||||
|
@@ -179,6 +174,9 @@ static struct option const long_options[
|
||||||
|
|
||||||
|
char *program_name;
|
||||||
|
|
||||||
|
+/* Whether to follow symbolic links; True for --dereference (-L). */
|
||||||
|
+static bool follow_links = false;
|
||||||
|
+
|
||||||
|
/* Whether to interpret backslash-escape sequences.
|
||||||
|
True for --printf=FMT, not for --format=FMT (-c). */
|
||||||
|
static bool interpret_backslash_escapes;
|
||||||
|
@@ -402,10 +400,30 @@ out_uint_x (char *pformat, size_t prefix
|
||||||
|
printf (pformat, arg);
|
||||||
|
}
|
||||||
|
|
||||||
|
+/* Very specialized function (modifies FORMAT), just so as to avoid
|
||||||
|
+ duplicating this code between both print_statfs and print_stat. */
|
||||||
|
+static void
|
||||||
|
+out_file_context (char const *filename, char *pformat, size_t prefix_len)
|
||||||
|
+{
|
||||||
|
+ char *scontext;
|
||||||
|
+ if ((follow_links
|
||||||
|
+ ? getfilecon (filename, &scontext)
|
||||||
|
+ : lgetfilecon (filename, &scontext)) < 0)
|
||||||
|
+ {
|
||||||
|
+ error (0, errno, _("failed to get security context of %s"),
|
||||||
|
+ quote (filename));
|
||||||
|
+ scontext = NULL;
|
||||||
|
+ }
|
||||||
|
+ strcpy (pformat + prefix_len, "s");
|
||||||
|
+ printf (pformat, (scontext ? scontext : "?"));
|
||||||
|
+ if (scontext)
|
||||||
|
+ freecon (scontext);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
/* print statfs info */
|
||||||
|
static void
|
||||||
|
print_statfs (char *pformat, size_t prefix_len, char m, char const *filename,
|
||||||
|
- void const *data, SECURITY_ID_T scontext)
|
||||||
|
+ void const *data)
|
||||||
|
{
|
||||||
|
STRUCT_STATVFS const *statfsbuf = data;
|
||||||
|
|
||||||
|
@@ -481,8 +499,7 @@ print_statfs (char *pformat, size_t pref
|
||||||
|
out_int (pformat, prefix_len, statfsbuf->f_ffree);
|
||||||
|
break;
|
||||||
|
case 'C':
|
||||||
|
- strcat (pformat, "s");
|
||||||
|
- printf(scontext);
|
||||||
|
+ out_file_context (filename, pformat, prefix_len);
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
fputc ('?', stdout);
|
||||||
|
@@ -493,7 +510,7 @@ print_statfs (char *pformat, size_t pref
|
||||||
|
/* print stat info */
|
||||||
|
static void
|
||||||
|
print_stat (char *pformat, size_t prefix_len, char m,
|
||||||
|
- char const *filename, void const *data, SECURITY_ID_T scontext)
|
||||||
|
+ char const *filename, void const *data)
|
||||||
|
{
|
||||||
|
struct stat *statbuf = (struct stat *) data;
|
||||||
|
struct passwd *pw_ent;
|
||||||
|
@@ -607,8 +624,7 @@ print_stat (char *pformat, size_t prefix
|
||||||
|
out_uint (pformat, prefix_len, statbuf->st_ctime);
|
||||||
|
break;
|
||||||
|
case 'C':
|
||||||
|
- strcat (pformat, "s");
|
||||||
|
- printf(pformat,scontext);
|
||||||
|
+ out_file_context(filename, pformat, prefix_len);
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
fputc ('?', stdout);
|
||||||
|
@@ -656,9 +672,8 @@ print_esc_char (char c)
|
||||||
|
|
||||||
|
static void
|
||||||
|
print_it (char const *format, char const *filename,
|
||||||
|
- void (*print_func) (char *, size_t, char, char const *, void const *,
|
||||||
|
- SECURITY_ID_T ),
|
||||||
|
- void const *data, SECURITY_ID_T scontext)
|
||||||
|
+ void (*print_func) (char *, size_t, char, char const *, void const *),
|
||||||
|
+ void const *data)
|
||||||
|
{
|
||||||
|
/* Add 2 to accommodate our conversion of the stat `%s' format string
|
||||||
|
to the longer printf `%llu' one. */
|
||||||
|
@@ -699,7 +714,7 @@ print_it (char const *format, char const
|
||||||
|
putchar ('%');
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
- print_func (dest, len + 1, *fmt_char, filename, data, scontext);
|
||||||
|
+ print_func (dest, len + 1, *fmt_char, filename, data);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
@@ -765,18 +780,6 @@ static bool
|
||||||
|
do_statfs (char const *filename, bool terse, bool secure, char const *format)
|
||||||
|
{
|
||||||
|
STRUCT_STATVFS statfsbuf;
|
||||||
|
- SECURITY_ID_T scontext = NULL;
|
||||||
|
-#ifdef WITH_SELINUX
|
||||||
|
- if(is_selinux_enabled()) {
|
||||||
|
- if (getfilecon(filename,&scontext)<0) {
|
||||||
|
- if (secure) {
|
||||||
|
- perror (filename);
|
||||||
|
- return false;
|
||||||
|
- }
|
||||||
|
- scontext = NULL;
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
-#endif
|
||||||
|
|
||||||
|
if (STATFS (filename, &statfsbuf) != 0)
|
||||||
|
{
|
||||||
|
@@ -812,43 +815,23 @@ do_statfs (char const *filename, bool te
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- print_it (format, filename, print_statfs, &statfsbuf, scontext);
|
||||||
|
-#ifdef WITH_SELINUX
|
||||||
|
- if (scontext != NULL)
|
||||||
|
- freecon(scontext);
|
||||||
|
-#endif
|
||||||
|
+ print_it (format, filename, print_statfs, &statfsbuf);
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* stat the file and print what we find */
|
||||||
|
static bool
|
||||||
|
-do_stat (char const *filename, bool follow_links, bool terse, bool secure,
|
||||||
|
+do_stat (char const *filename, bool terse, bool secure,
|
||||||
|
char const *format)
|
||||||
|
{
|
||||||
|
struct stat statbuf;
|
||||||
|
- SECURITY_ID_T scontext = NULL;
|
||||||
|
-
|
||||||
|
+
|
||||||
|
if ((follow_links ? stat : lstat) (filename, &statbuf) != 0)
|
||||||
|
{
|
||||||
|
error (0, errno, _("cannot stat %s"), quote (filename));
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
-#ifdef WITH_SELINUX
|
||||||
|
- if(is_selinux_enabled()) {
|
||||||
|
- int i;
|
||||||
|
- if (!follow_links)
|
||||||
|
- i=lgetfilecon(filename, &scontext);
|
||||||
|
- else
|
||||||
|
- i=getfilecon(filename, &scontext);
|
||||||
|
- if (i == -1 && secure)
|
||||||
|
- {
|
||||||
|
- perror (filename);
|
||||||
|
- return false;
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
-#endif
|
||||||
|
-
|
||||||
|
if (format == NULL)
|
||||||
|
{
|
||||||
|
if (terse)
|
||||||
|
@@ -893,11 +876,7 @@ do_stat (char const *filename, bool foll
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
- print_it (format, filename, print_stat, &statbuf, scontext);
|
||||||
|
-#ifdef WITH_SELINUX
|
||||||
|
- if (scontext)
|
||||||
|
- freecon(scontext);
|
||||||
|
-#endif
|
||||||
|
+ print_it (format, filename, print_stat, &statbuf);
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -996,7 +975,6 @@ main (int argc, char *argv[])
|
||||||
|
{
|
||||||
|
int c;
|
||||||
|
int i;
|
||||||
|
- bool follow_links = false;
|
||||||
|
bool fs = false;
|
||||||
|
bool terse = false;
|
||||||
|
bool secure = false;
|
||||||
|
@@ -1065,7 +1043,7 @@ main (int argc, char *argv[])
|
||||||
|
for (i = optind; i < argc; i++)
|
||||||
|
ok &= (fs
|
||||||
|
? do_statfs (argv[i], terse, secure, format)
|
||||||
|
- : do_stat (argv[i], follow_links, terse, secure, format));
|
||||||
|
+ : do_stat (argv[i], terse, secure, format));
|
||||||
|
|
||||||
|
exit (ok ? EXIT_SUCCESS : EXIT_FAILURE);
|
||||||
|
}
|
||||||
|
|
@ -1,7 +1,7 @@
|
|||||||
Summary: The GNU core utilities: a set of tools commonly used in shell scripts
|
Summary: The GNU core utilities: a set of tools commonly used in shell scripts
|
||||||
Name: coreutils
|
Name: coreutils
|
||||||
Version: 6.9
|
Version: 6.9
|
||||||
Release: 15%{?dist}
|
Release: 16%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Url: http://www.gnu.org/software/coreutils/
|
Url: http://www.gnu.org/software/coreutils/
|
||||||
@ -50,6 +50,7 @@ Patch916: coreutils-getfacl-exit-code.patch
|
|||||||
Patch950: coreutils-selinux.patch
|
Patch950: coreutils-selinux.patch
|
||||||
#SELINUX Patch fix to allow cp -a rewrite file on different filesystem
|
#SELINUX Patch fix to allow cp -a rewrite file on different filesystem
|
||||||
Patch951: coreutils-6.9-requiresecuritycontext.patch
|
Patch951: coreutils-6.9-requiresecuritycontext.patch
|
||||||
|
Patch952: coreutils-6.9-statsecuritycontext.patch
|
||||||
|
|
||||||
BuildRequires: libselinux-devel >= 1.25.6-1
|
BuildRequires: libselinux-devel >= 1.25.6-1
|
||||||
BuildRequires: libacl-devel
|
BuildRequires: libacl-devel
|
||||||
@ -118,6 +119,7 @@ the old GNU fileutils, sh-utils, and textutils packages.
|
|||||||
#SELinux
|
#SELinux
|
||||||
%patch950 -p1 -b .selinux
|
%patch950 -p1 -b .selinux
|
||||||
%patch951 -p1 -b .require-preserve
|
%patch951 -p1 -b .require-preserve
|
||||||
|
%patch952 -p1 -b .statsecuritycontext
|
||||||
|
|
||||||
# Don't run basic-1 test, since it breaks when run in the background
|
# Don't run basic-1 test, since it breaks when run in the background
|
||||||
# (bug #102033).
|
# (bug #102033).
|
||||||
@ -289,6 +291,9 @@ fi
|
|||||||
/sbin/runuser
|
/sbin/runuser
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Dec 05 2007 Ondrej Vasik <ovasik@redhat.com> - 6.9-16
|
||||||
|
- fix displaying of security context in stat(#411181)
|
||||||
|
|
||||||
* Thu Nov 29 2007 Ondrej Vasik <ovasik@redhat.com> - 6.9-15
|
* Thu Nov 29 2007 Ondrej Vasik <ovasik@redhat.com> - 6.9-15
|
||||||
- completed fix of wrong colored broken symlinks in ls(#404511)
|
- completed fix of wrong colored broken symlinks in ls(#404511)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user