On Thursday 06 of August 2009 14:01:37 Jim Meyering wrote:
> ...
>
> >> I'll move them to gnulib.
> >
> > Thanks!
> >
> > Just let me note there is no explicit dependency on the openat module
> > (namely lib/at-func.c). Is the dependency implied somehow?
>
> Good point.
> I'll add that module dependency. Thanks.
>
> I'll also do a stand-alone test, which should
> expose any other missing dependencies.
Thanks for the quick response. An incremental patch is attached for review.
I'll merge it with the original patch if the change is ok.
Kamil
diff --git a/find/defs.h b/find/defs.h
index c834baa..481c013 100644
--- a/find/defs.h
+++ b/find/defs.h
@@ -613,7 +613,7 @@ struct options
int regex_options;
/* function used to get file context */
- int (*x_getfilecon) ();
+ int (*x_getfilecon) (int, const char *, security_context_t *);
/* Optimisation level. One is the default.
*/
diff --git a/find/parser.c b/find/parser.c
index c8b847f..330eb38 100644
--- a/find/parser.c
+++ b/find/parser.c
@@ -53,7 +53,7 @@
#include <unistd.h>
#include <sys/stat.h>
-#include <selinux/selinux.h>
+#include "selinux-at.h"
#if ENABLE_NLS
# include <libintl.h>
@@ -352,7 +352,8 @@ static const char *first_nonoption_arg = NULL;
static const struct parser_table *noop = NULL;
static int
-fallback_getfilecon (const char *name, security_context_t *p, int prev_rv)
+fallback_getfilecon (int fd, const char *name, security_context_t *p,
+ int prev_rv)
{
/* Our original getfilecon () call failed. Perhaps we can't follow a
* symbolic link. If that might be the problem, lgetfilecon () the link.
@@ -365,7 +366,7 @@ fallback_getfilecon (const char *name, security_context_t *p, int prev_rv)
fprintf (stderr, "fallback_getfilecon(): getfilecon(%s) failed; falling "
"back on lgetfilecon()\n", name);
#endif
- return lgetfilecon (name, p);
+ return lgetfileconat (fd, name, p);
case EACCES:
case EIO:
@@ -389,23 +390,23 @@ fallback_getfilecon (const char *name, security_context_t *p, int prev_rv)
* If the item to be examined is not a command-line argument, we
* examine the link itself. */
int
-optionh_getfilecon (const char *name, security_context_t *p)
+optionh_getfilecon (int fd, const char *name, security_context_t *p)
{
int rv;
if (0 == state.curdepth)
{
/* This file is from the command line; dereference the link (if it is
a link). */
- rv = getfilecon (name, p);
+ rv = getfileconat (fd, name, p);
if (0 == rv)
return 0; /* success */
else
- return fallback_getfilecon (name, p, rv);
+ return fallback_getfilecon (fd, name, p, rv);
}
else
{
/* Not a file on the command line; do not dereference the link. */
- return lgetfilecon (name, p);
+ return lgetfileconat (fd, name, p);
}
}
@@ -413,22 +414,22 @@ optionh_getfilecon (const char *name, security_context_t *p)
* -L option is in effect. That option makes us examine the thing the
* symbolic link points to, not the symbolic link itself. */
int
-optionl_getfilecon (const char *name, security_context_t *p)
+optionl_getfilecon (int fd, const char *name, security_context_t *p)
{
- int rv = getfilecon (name, p);
+ int rv = getfileconat (fd, name, p);
if (0 == rv)
return 0; /* normal case. */
else
- return fallback_getfilecon (name, p, rv);
+ return fallback_getfilecon (fd, name, p, rv);
}
/* optionp_getfilecon () implements the stat operation when the -P
* option is in effect (this is also the default). That option makes
* us examine the symbolic link itself, not the thing it points to. */
int
-optionp_getfilecon (const char *name, security_context_t *p)
+optionp_getfilecon (int fd, const char *name, security_context_t *p)
{
- return lgetfilecon (name, p);
+ return lgetfileconat (fd, name, p);
}
void
@@ -2706,7 +2707,7 @@ parse_context (const struct parser_table* entry, char **argv, int *arg_ptr)
error (1, 0, _("invalid predicate -context: SELinux is not enabled."));
return false;
}
- our_pred = insert_primary (entry);
+ our_pred = insert_primary (entry, NULL);
our_pred->est_success_rate = 0.01f;
our_pred->need_stat = false;
#ifdef DEBUG
diff --git a/find/pred.c b/find/pred.c
index 77c2aac..5c47290 100644
--- a/find/pred.c
+++ b/find/pred.c
@@ -1061,7 +1061,8 @@ do_fprintf(struct format_val *dest,
case 'Z': /* SELinux security context */
{
security_context_t scontext;
- int rv = (*options.x_getfilecon) (state.rel_pathname, &scontext);
+ int rv = (*options.x_getfilecon) (state.cwd_dir_fd, state.rel_pathname,
+ &scontext);
if (rv < 0)
{
/* If getfilecon fails, there will in the general case
@@ -1899,7 +1900,8 @@ pred_context (const char *pathname, struct stat *stat_buf,
struct predicate *pred_ptr)
{
security_context_t scontext;
- int rv = (*options.x_getfilecon) (state.rel_pathname, &scontext);
+ int rv = (*options.x_getfilecon) (state.cwd_dir_fd, state.rel_pathname,
+ &scontext);
if (rv < 0)
{
error (0, errno, "getfilecon: %s", safely_quote_err_filename (0, pathname));
diff --git a/import-gnulib.config b/import-gnulib.config
index cbb384e..699c417 100644
--- a/import-gnulib.config
+++ b/import-gnulib.config
@@ -1,7 +1,7 @@
# findutils gnulib.config -*- sh -*-
# What version of gnulib to use?
-gnulib_version="b653eda3ac4864de205419d9f41eec267cb89eeb"
+gnulib_version="27aa230554a630b52c2ce1540f6274c0aa4eaed1"
destdir="gnulib"
# Random extra gnulib files needed for findutils.
@@ -65,7 +65,7 @@ realloc
regex
rpmatch
savedir
-selinux-h
+selinux-at
stat-macros
stat-time
stdint
