I've just pushed this: >From e11a0319b3b1af2c521cdcf37e09a02b157c3e76 Mon Sep 17 00:00:00 2001 From: Jim Meyering <[email protected]> Date: Fri, 9 Oct 2009 13:57:02 +0200 Subject: [PATCH 1/3] build: update gnulib submodule to latest, for getfilecon wrappers
--- gnulib | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/gnulib b/gnulib index 6f6420c..f4dc806 160000 --- a/gnulib +++ b/gnulib @@ -1 +1 @@ -Subproject commit 6f6420cc9705dcfa545a28c674fddf5703e72c86 +Subproject commit f4dc80620e25623a69aa852bec5a52e150cedd4a -- 1.6.5.rc3.193.gdf7a >From 57d9263ca54a35e76fc8ed2ec3ec8dc36f8da60b Mon Sep 17 00:00:00 2001 From: Jim Meyering <[email protected]> Date: Wed, 7 Oct 2009 22:29:12 +0200 Subject: [PATCH 2/3] ls: remove explicit getfilecon work-around * src/ls.c (gobble_file): Remove l?getfilecon work-around, now that the gnulib wrappers handle it for us. --- src/ls.c | 11 ----------- 1 files changed, 0 insertions(+), 11 deletions(-) diff --git a/src/ls.c b/src/ls.c index 30df92c..08fdf5f 100644 --- a/src/ls.c +++ b/src/ls.c @@ -2802,17 +2802,6 @@ gobble_file (char const *name, enum filetype type, ino_t inode, : lgetfilecon (absolute_name, &f->scontext)); err = (attr_len < 0); - /* Contrary to its documented API, getfilecon may return 0, - yet set f->scontext to NULL (on at least Debian's libselinux1 - 2.0.15-2+b1), so work around that bug. - FIXME: remove this work-around in 2011, or whenever affected - versions of libselinux are long gone. */ - if (attr_len == 0) - { - err = 0; - f->scontext = xstrdup ("unlabeled"); - } - if (err == 0) have_selinux = ! STREQ ("unlabeled", f->scontext); else -- 1.6.5.rc3.193.gdf7a >From 0023f65fd7a2ba53b0209c7b1a66c5c30612d0c2 Mon Sep 17 00:00:00 2001 From: Jim Meyering <[email protected]> Date: Wed, 7 Oct 2009 15:31:17 +0200 Subject: [PATCH 3/3] chcon: don't disable just because SELinux is disabled * src/chcon.c (main): Now that gnulib provides getfilecon wrappers, we can revert most of the 2009-10-05 commit 3a97d664, "chcon: exit immediately if SELinux is disabled", since chcon is still useful as long as the file system provides handlers for the security.* name space. gnulib's getfilecon wrappers ensure that an offending context now evokes a return value of -1. Prompted by comments from Stephen Smalley in http://thread.gmane.org/gmane.comp.gnu.coreutils.bugs/18378/focus=18394 * NEWS (Bug fixes): Mention it. --- NEWS | 4 ++++ src/chcon.c | 4 ---- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/NEWS b/NEWS index 75a4207..f8269fc 100644 --- a/NEWS +++ b/NEWS @@ -4,6 +4,10 @@ GNU coreutils NEWS -*- outline -*- ** Bug fixes + chcon no longer exits immediately just because SELinux is disabled. + Even then, chcon may still be useful. + [bug introduced in coreutils-8.0] + stat -f recognizes more file system types: afs, cifs, anon-inode FS, btrfs, cgroupfs, cramfs-wend, debugfs, futexfs, hfs, inotifyfs, minux3, nilfs, securityfs, selinux, xenfs diff --git a/src/chcon.c b/src/chcon.c index c0da694..fbfdb4d 100644 --- a/src/chcon.c +++ b/src/chcon.c @@ -519,10 +519,6 @@ main (int argc, char **argv) usage (EXIT_FAILURE); } - if (is_selinux_enabled () != 1) - error (EXIT_FAILURE, 0, - _("%s may be used only on a SELinux kernel"), program_name); - if (reference_file) { if (getfilecon (reference_file, &ref_context) < 0) -- 1.6.5.rc3.193.gdf7a
