fix displaying of security context in stat(#411181)

This commit is contained in:
Ondrej Vasik 2007-12-05 12:23:19 +00:00
parent cfcdd286e6
commit 60e9267535
2 changed files with 211 additions and 1 deletions

View File

@ -0,0 +1,205 @@
diff -urp coreutils-6.9-orig/src/stat.c coreutils-6.9/src/stat.c
--- coreutils-6.9-orig/src/stat.c 2007-12-04 16:26:39.000000000 +0100
+++ coreutils-6.9/src/stat.c 2007-12-05 00:05:11.000000000 +0100
@@ -55,12 +55,7 @@
# include <fs_info.h>
#endif
-#ifdef WITH_SELINUX
#include <selinux/selinux.h>
-#define SECURITY_ID_T security_context_t
-#else
-#define SECURITY_ID_T char *
-#endif
#include "system.h"
@@ -179,6 +174,9 @@ static struct option const long_options[
char *program_name;
+/* Whether to follow symbolic links; True for --dereference (-L). */
+static bool follow_links = false;
+
/* Whether to interpret backslash-escape sequences.
True for --printf=FMT, not for --format=FMT (-c). */
static bool interpret_backslash_escapes;
@@ -402,10 +400,30 @@ out_uint_x (char *pformat, size_t prefix
printf (pformat, arg);
}
+/* Very specialized function (modifies FORMAT), just so as to avoid
+ duplicating this code between both print_statfs and print_stat. */
+static void
+out_file_context (char const *filename, char *pformat, size_t prefix_len)
+{
+ char *scontext;
+ if ((follow_links
+ ? getfilecon (filename, &scontext)
+ : lgetfilecon (filename, &scontext)) < 0)
+ {
+ error (0, errno, _("failed to get security context of %s"),
+ quote (filename));
+ scontext = NULL;
+ }
+ strcpy (pformat + prefix_len, "s");
+ printf (pformat, (scontext ? scontext : "?"));
+ if (scontext)
+ freecon (scontext);
+}
+
/* print statfs info */
static void
print_statfs (char *pformat, size_t prefix_len, char m, char const *filename,
- void const *data, SECURITY_ID_T scontext)
+ void const *data)
{
STRUCT_STATVFS const *statfsbuf = data;
@@ -481,8 +499,7 @@ print_statfs (char *pformat, size_t pref
out_int (pformat, prefix_len, statfsbuf->f_ffree);
break;
case 'C':
- strcat (pformat, "s");
- printf(scontext);
+ out_file_context (filename, pformat, prefix_len);
break;
default:
fputc ('?', stdout);
@@ -493,7 +510,7 @@ print_statfs (char *pformat, size_t pref
/* print stat info */
static void
print_stat (char *pformat, size_t prefix_len, char m,
- char const *filename, void const *data, SECURITY_ID_T scontext)
+ char const *filename, void const *data)
{
struct stat *statbuf = (struct stat *) data;
struct passwd *pw_ent;
@@ -607,8 +624,7 @@ print_stat (char *pformat, size_t prefix
out_uint (pformat, prefix_len, statbuf->st_ctime);
break;
case 'C':
- strcat (pformat, "s");
- printf(pformat,scontext);
+ out_file_context(filename, pformat, prefix_len);
break;
default:
fputc ('?', stdout);
@@ -656,9 +672,8 @@ print_esc_char (char c)
static void
print_it (char const *format, char const *filename,
- void (*print_func) (char *, size_t, char, char const *, void const *,
- SECURITY_ID_T ),
- void const *data, SECURITY_ID_T scontext)
+ void (*print_func) (char *, size_t, char, char const *, void const *),
+ void const *data)
{
/* Add 2 to accommodate our conversion of the stat `%s' format string
to the longer printf `%llu' one. */
@@ -699,7 +714,7 @@ print_it (char const *format, char const
putchar ('%');
break;
default:
- print_func (dest, len + 1, *fmt_char, filename, data, scontext);
+ print_func (dest, len + 1, *fmt_char, filename, data);
break;
}
break;
@@ -765,18 +780,6 @@ static bool
do_statfs (char const *filename, bool terse, bool secure, char const *format)
{
STRUCT_STATVFS statfsbuf;
- SECURITY_ID_T scontext = NULL;
-#ifdef WITH_SELINUX
- if(is_selinux_enabled()) {
- if (getfilecon(filename,&scontext)<0) {
- if (secure) {
- perror (filename);
- return false;
- }
- scontext = NULL;
- }
- }
-#endif
if (STATFS (filename, &statfsbuf) != 0)
{
@@ -812,43 +815,23 @@ do_statfs (char const *filename, bool te
}
}
- print_it (format, filename, print_statfs, &statfsbuf, scontext);
-#ifdef WITH_SELINUX
- if (scontext != NULL)
- freecon(scontext);
-#endif
+ print_it (format, filename, print_statfs, &statfsbuf);
return true;
}
/* stat the file and print what we find */
static bool
-do_stat (char const *filename, bool follow_links, bool terse, bool secure,
+do_stat (char const *filename, bool terse, bool secure,
char const *format)
{
struct stat statbuf;
- SECURITY_ID_T scontext = NULL;
-
+
if ((follow_links ? stat : lstat) (filename, &statbuf) != 0)
{
error (0, errno, _("cannot stat %s"), quote (filename));
return false;
}
-#ifdef WITH_SELINUX
- if(is_selinux_enabled()) {
- int i;
- if (!follow_links)
- i=lgetfilecon(filename, &scontext);
- else
- i=getfilecon(filename, &scontext);
- if (i == -1 && secure)
- {
- perror (filename);
- return false;
- }
- }
-#endif
-
if (format == NULL)
{
if (terse)
@@ -893,11 +876,7 @@ do_stat (char const *filename, bool foll
}
}
}
- print_it (format, filename, print_stat, &statbuf, scontext);
-#ifdef WITH_SELINUX
- if (scontext)
- freecon(scontext);
-#endif
+ print_it (format, filename, print_stat, &statbuf);
return true;
}
@@ -996,7 +975,6 @@ main (int argc, char *argv[])
{
int c;
int i;
- bool follow_links = false;
bool fs = false;
bool terse = false;
bool secure = false;
@@ -1065,7 +1043,7 @@ main (int argc, char *argv[])
for (i = optind; i < argc; i++)
ok &= (fs
? do_statfs (argv[i], terse, secure, format)
- : do_stat (argv[i], follow_links, terse, secure, format));
+ : do_stat (argv[i], terse, secure, format));
exit (ok ? EXIT_SUCCESS : EXIT_FAILURE);
}

View File

@ -1,7 +1,7 @@
Summary: The GNU core utilities: a set of tools commonly used in shell scripts Summary: The GNU core utilities: a set of tools commonly used in shell scripts
Name: coreutils Name: coreutils
Version: 6.9 Version: 6.9
Release: 15%{?dist} Release: 16%{?dist}
License: GPLv2+ License: GPLv2+
Group: System Environment/Base Group: System Environment/Base
Url: http://www.gnu.org/software/coreutils/ Url: http://www.gnu.org/software/coreutils/
@ -50,6 +50,7 @@ Patch916: coreutils-getfacl-exit-code.patch
Patch950: coreutils-selinux.patch Patch950: coreutils-selinux.patch
#SELINUX Patch fix to allow cp -a rewrite file on different filesystem #SELINUX Patch fix to allow cp -a rewrite file on different filesystem
Patch951: coreutils-6.9-requiresecuritycontext.patch Patch951: coreutils-6.9-requiresecuritycontext.patch
Patch952: coreutils-6.9-statsecuritycontext.patch
BuildRequires: libselinux-devel >= 1.25.6-1 BuildRequires: libselinux-devel >= 1.25.6-1
BuildRequires: libacl-devel BuildRequires: libacl-devel
@ -118,6 +119,7 @@ the old GNU fileutils, sh-utils, and textutils packages.
#SELinux #SELinux
%patch950 -p1 -b .selinux %patch950 -p1 -b .selinux
%patch951 -p1 -b .require-preserve %patch951 -p1 -b .require-preserve
%patch952 -p1 -b .statsecuritycontext
# Don't run basic-1 test, since it breaks when run in the background # Don't run basic-1 test, since it breaks when run in the background
# (bug #102033). # (bug #102033).
@ -289,6 +291,9 @@ fi
/sbin/runuser /sbin/runuser
%changelog %changelog
* Wed Dec 05 2007 Ondrej Vasik <ovasik@redhat.com> - 6.9-16
- fix displaying of security context in stat(#411181)
* Thu Nov 29 2007 Ondrej Vasik <ovasik@redhat.com> - 6.9-15 * Thu Nov 29 2007 Ondrej Vasik <ovasik@redhat.com> - 6.9-15
- completed fix of wrong colored broken symlinks in ls(#404511) - completed fix of wrong colored broken symlinks in ls(#404511)