The following commit has been merged in the master branch:
commit c3167d85ed7892aba00141e461377309fac1dfa3
Author: Guillem Jover <[email protected]>
Date: Sun Nov 11 00:25:31 2012 +0100
dpkg: Abort installation if we cannot set the security context for a file
Not setting the correct security context for a new file might have
security implications. If the operation is supported by the system
on such path and it fails, abort instead of just printing an error
message and continuing as if nothing happened.
diff --git a/debian/changelog b/debian/changelog
index 087f3ea..0a2c7d5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,6 +5,7 @@ dpkg (1.16.10) UNRELEASED; urgency=low
Thanks to Nicolás Alvarez <[email protected]>.
* Add missing @LIBLZMA_LIBS@ to Libs.Private in libdpkg.pc.in.
* Do not use an undefined va_list variable in dpkg_put_errno().
+ * Abort installation if we cannot set the security context for a file.
[ Updated programs translations ]
* Esperanto (Felipe Castro).
diff --git a/src/archives.c b/src/archives.c
index 4e36347..d05a589 100644
--- a/src/archives.c
+++ b/src/archives.c
@@ -512,9 +512,9 @@ tarobject_set_se_context(const char *matchpath, const char
*path, mode_t mode)
return;
if (strcmp(scontext, "<<none>>") != 0) {
- if (lsetfilecon_raw(path, scontext) < 0)
- /* XXX: This might need to be fatal instead!? */
- perror("Error setting security context for next file object:");
+ ret = lsetfilecon_raw(path, scontext);
+ if (ret < 0 && errno != ENOTSUP)
+ ohshite("cannot set security context for file object '%s'", path);
}
freecon(scontext);
--
dpkg's main repository
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
