On 22/11/2020 14:27, Bernhard Voelker wrote:
On 11/22/20 1:28 PM, Kamil Dudka wrote:
The coreutils patch introduced tab-indented lines into src/mv.c, which
otherwise does not use tabs for indentation.
This is caught by a syntax-check rule as well.
Fixed with the attached patch - as well as 2 other sc failures.
I can see 3 tests failing
on Fedora 32, which seems to be related. My test-suite.log is attached.
I didn't have a look at the failures - I don't get them here as
my system skips all those SELinux-related tests.
Thanks for the testing.
It seems selabel_lookup requires absolute paths.
Reinstating that code with the attached,
gets all tests to pass here on Fedora 32
with selinux enabled.
cheers,
Pádraig
>From 031469f54c6614e02754c34b6ef0faec0281691d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C3=A1draig=20Brady?= <p...@draigbrady.com>
Date: Sun, 22 Nov 2020 17:46:52 +0000
Subject: [PATCH] maint: use absolute paths with selabel_lookup
* src/selinux.c: selabel_lookup requires absolute paths
(while only older matchpathcon before libselinux < 2.1.5 2011-0826 did).
* po/POTFILES.in: Readd src/selinux.c since we now have
a translatable error message.
---
po/POTFILES.in | 1 +
src/selinux.c | 25 +++++++++++++++++++++++++
2 files changed, 26 insertions(+)
diff --git a/po/POTFILES.in b/po/POTFILES.in
index 5ccc0e9a9..074322393 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -109,6 +109,7 @@ src/remove.c
src/rm.c
src/rmdir.c
src/runcon.c
+src/selinux.c
src/seq.c
src/set-fields.c
src/shred.c
diff --git a/src/selinux.c b/src/selinux.c
index 10fa9d8c6..432e03018 100644
--- a/src/selinux.c
+++ b/src/selinux.c
@@ -21,7 +21,9 @@
#include <selinux/context.h>
#include <sys/types.h>
+#include "die.h"
#include "system.h"
+#include "canonicalize.h"
#include "xfts.h"
#include "selinux.h"
@@ -113,6 +115,16 @@ defaultcon (struct selabel_handle *selabel_handle,
context_t scontext = 0, tcontext = 0;
const char *contype;
char *constr;
+ char *newpath = NULL;
+
+ if (! IS_ABSOLUTE_FILE_NAME (path))
+ {
+ newpath = canonicalize_filename_mode (path, CAN_MISSING);
+ if (! newpath)
+ die (EXIT_FAILURE, errno, _("error canonicalizing %s"),
+ quoteaf (path));
+ path = newpath;
+ }
if (selabel_lookup (selabel_handle, &scon, path, mode) < 0)
{
@@ -146,6 +158,7 @@ quit:
context_free (tcontext);
freecon (scon);
freecon (tcon);
+ free (newpath);
return rc;
}
@@ -269,6 +282,17 @@ bool
restorecon (struct selabel_handle *selabel_handle,
char const *path, bool recurse)
{
+ char *newpath = NULL;
+
+ if (! IS_ABSOLUTE_FILE_NAME (path))
+ {
+ newpath = canonicalize_filename_mode (path, CAN_MISSING);
+ if (! newpath)
+ die (EXIT_FAILURE, errno, _("error canonicalizing %s"),
+ quoteaf (path));
+ path = newpath;
+ }
+
if (! recurse)
return restorecon_private (selabel_handle, path) == 0;
@@ -286,6 +310,7 @@ restorecon (struct selabel_handle *selabel_handle,
if (fts_close (fts) != 0)
err = errno;
+ free (newpath);
return !err;
}
#endif
--
2.26.2
