Re: [PATCH] selinux-h: add stubs for selabel_open etc.

Mon, 23 Nov 2020 01:04:12 -0800 

On 11/22/20 10:08 AM, Pádraig Brady wrote:


Non leaky version attached.



Thanks, I installed that, along with the attached further coreutils patch to fix 
some bugs in the nearby errno handling. Most likely there are other issues in 
the SELinux area but I ran out of time to look into this right now.


Is there an SELinux crew at Red Hat that can look at coreutils as a sanity 
check?

From 6ac67d13567f4ab10722c612d3ef05d0f2ad80ed Mon Sep 17 00:00:00 2001
From: Paul Eggert <egg...@cs.ucla.edu>
Date: Mon, 23 Nov 2020 00:52:00 -0800
Subject: [PATCH] maint: propagate errno better in selinux.c
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* src/selinux.c: Don’t include die.h; no longer needed.
(computecon, defaultcon, restorecon): Propagate errno.
(defaultcon, restorecon): Don’t diagnose errors or exit, as that’s
the caller’s responsibility.
---
 src/selinux.c | 21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/src/selinux.c b/src/selinux.c
index 50efb0aec..92b6b6b52 100644
--- a/src/selinux.c
+++ b/src/selinux.c
@@ -21,7 +21,6 @@
 #include <selinux/context.h>
 #include <sys/types.h>
 
-#include "die.h"
 #include "system.h"
 #include "canonicalize.h"
 #include "xfts.h"
@@ -89,10 +88,12 @@ computecon (char const *path, mode_t mode, char **con)
     goto quit;
   rc = security_compute_create (scon, tcon, tclass, con);
 
-quit:
+ quit:;
+  int err = errno;
   free (dir);
   freecon (scon);
   freecon (tcon);
+  errno = err;
   return rc;
 }
 
@@ -119,10 +120,10 @@ defaultcon (struct selabel_handle *selabel_handle,
 
   if (! IS_ABSOLUTE_FILE_NAME (path))
     {
+      /* Generate absolute name as required by subsequent selabel_lookup.  */
       newpath = canonicalize_filename_mode (path, CAN_MISSING);
       if (! newpath)
-        die (EXIT_FAILURE, errno, _("error canonicalizing %s"),
-             quoteaf (path));
+        goto quit;
       path = newpath;
     }
 
@@ -153,12 +154,14 @@ defaultcon (struct selabel_handle *selabel_handle,
 
   rc = setfscreatecon (constr);
 
-quit:
+ quit:;
+  int err = errno;
   context_free (scontext);
   context_free (tcontext);
   freecon (scon);
   freecon (tcon);
   free (newpath);
+  errno = err;
   return rc;
 }
 
@@ -286,17 +289,21 @@ restorecon (struct selabel_handle *selabel_handle,
 
   if (! IS_ABSOLUTE_FILE_NAME (path))
     {
+      /* Generate absolute name as required by subsequent selabel_lookup.
+         When RECURSE, this also generates absolute names in the
+         fts entries, which may be quicker to process in any case.  */
       newpath = canonicalize_filename_mode (path, CAN_MISSING);
       if (! newpath)
-        die (EXIT_FAILURE, errno, _("error canonicalizing %s"),
-             quoteaf (path));
+        return false;
       path = newpath;
     }
 
   if (! recurse)
     {
       bool ok = restorecon_private (selabel_handle, path) != -1;
+      int err = errno;
       free (newpath);
+      errno = err;
       return ok;
     }
 
-- 
2.27.0























					Reply via email to