This works around a bug in the libc currently in use. FTS functions are supposed to change the current working directory as they walk the file hierarchy. The fts_accpath member of the FTSENT structure relies on this behavior and without it the path is not relative to cwd as expected. Supplying the FTS_NOCHDIR disables this optimization and causes fts_accpath to be relative to the directory where the traversal started.
An alternative fix could replace the use of fts_accpath with fts_path which is absolute. Signed-off-by: Philip Tricca <[email protected]> --- .../policycoreutils-setfiles-path.patch | 27 ++++++++++++++++++++++ recipes-security/selinux/policycoreutils_2.3.bb | 1 + 2 files changed, 28 insertions(+) create mode 100644 recipes-security/selinux/policycoreutils/policycoreutils-setfiles-path.patch diff --git a/recipes-security/selinux/policycoreutils/policycoreutils-setfiles-path.patch b/recipes-security/selinux/policycoreutils/policycoreutils-setfiles-path.patch new file mode 100644 index 0000000..c87af98 --- /dev/null +++ b/recipes-security/selinux/policycoreutils/policycoreutils-setfiles-path.patch @@ -0,0 +1,27 @@ +Subject: Replace fts_accpath with fts_path in restore.c. +Author: Philip Tricca <[email protected]> + +To label filesystems in an alternative root directory we need to use the +'-r' flag with the setfiles utility. The current implementation uses the +fts_accpath member of the FTSENT structure which is reletive to the "current +directory". This fails in the pseudo environment but for a reason I don't +fully understand. + +This patch replaces the use of fts_accpath with fts_path which is relative +to the root specified in the traversal. By invoking setfiles with an absolute +path we're ensured that fts_path will be an absolute path to the file being +relabeled. + +Index: policycoreutils/setfiles/setfiles.c +=================================================================== +--- policycoreutils.orig/setfiles/setfiles.c ++++ policycoreutils/setfiles/setfiles.c +@@ -194,7 +194,7 @@ int main(int argc, char **argv) + r_opts.expand_realpath = 0; + r_opts.abort_on_error = 1; + r_opts.add_assoc = 1; +- r_opts.fts_flags = FTS_PHYSICAL | FTS_XDEV; ++ r_opts.fts_flags = FTS_PHYSICAL | FTS_XDEV | FTS_NOCHDIR; + ctx_validate = 1; + } else { + /* diff --git a/recipes-security/selinux/policycoreutils_2.3.bb b/recipes-security/selinux/policycoreutils_2.3.bb index 447e6c9..2dee62e 100644 --- a/recipes-security/selinux/policycoreutils_2.3.bb +++ b/recipes-security/selinux/policycoreutils_2.3.bb @@ -13,4 +13,5 @@ SRC_URI += "\ file://policycoreutils-semanage-edit-user.patch \ file://policycoreutils-process-ValueError-for-sepolicy-seobject.patch \ file://policycoreutils-fix-TypeError-for-seobject.py.patch \ + file://policycoreutils-setfiles-path.patch \ " -- 2.1.4 -- _______________________________________________ yocto mailing list [email protected] https://lists.yoctoproject.org/listinfo/yocto
