do not modify SELinux contexts of existing parent directories when copying files (fix by P.Brady, #1045122)
This commit is contained in:
Ondřej Vašík
parent
d6d7448c6a
commit
31d3fdd040
@ -34,7 +34,25 @@ diff -urNp coreutils-8.21-orig/man/runcon.x coreutils-8.21/man/runcon.x
|
||||
diff -urNp coreutils-8.21-orig/src/copy.c coreutils-8.21/src/copy.c
|
||||
--- coreutils-8.21-orig/src/copy.c 2013-02-07 10:37:05.000000000 +0100
|
||||
+++ coreutils-8.21/src/copy.c 2013-02-15 14:31:58.941467872 +0100
|
||||
@@ -2315,6 +2315,8 @@ copy_internal (char const *src_name, cha
|
||||
@@ -2410,6 +2410,17 @@ copy_internal (char const *src_name, cha
|
||||
else
|
||||
{
|
||||
omitted_permissions = 0;
|
||||
+
|
||||
+ /* For directories, the process global context could be reset for
|
||||
+ descendents, so use it to set the context for existing dirs here.
|
||||
+ This will also give earlier indication of failure to set ctx. */
|
||||
+ if (x->set_security_context || x->preserve_security_context)
|
||||
+ if (! set_file_security_ctx (dst_name, x->preserve_security_context,
|
||||
+ false, x))
|
||||
+ {
|
||||
+ if (x->require_preserve_context)
|
||||
+ goto un_backup;
|
||||
+ }
|
||||
}
|
||||
|
||||
/* Decide whether to copy the contents of the directory. */
|
||||
@@ -2415,6 +2426,8 @@ copy_internal (char const *src_name, cha
|
||||
{
|
||||
/* Here, we are crossing a file system boundary and cp's -x option
|
||||
is in effect: so don't copy the contents of this directory. */
|
||||
@ -43,22 +61,15 @@ diff -urNp coreutils-8.21-orig/src/copy.c coreutils-8.21/src/copy.c
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -2600,6 +2600,7 @@ copy_internal (char const *src_name, cha
|
||||
@@ -2602,7 +2613,7 @@ copy_internal (char const *src_name, cha
|
||||
|
||||
/* With -Z or --preserve=context, set the context for existing files.
|
||||
Note this is done already for copy_reg() for reasons described therein. */
|
||||
+ /*
|
||||
if (!new_dst && !x->copy_as_regular
|
||||
- if (!new_dst && !x->copy_as_regular
|
||||
+ if (!new_dst && !x->copy_as_regular && !S_ISDIR (src_mode)
|
||||
&& (x->set_security_context || x->preserve_security_context))
|
||||
{
|
||||
@@ -2610,6 +2611,7 @@ copy_internal (char const *src_name, cha
|
||||
goto un_backup;
|
||||
}
|
||||
}
|
||||
+ Temporarily disabled, it screws up the destination CTX for cp -a */
|
||||
|
||||
if (command_line_arg && x->dest_info)
|
||||
{
|
||||
if (! set_file_security_ctx (dst_name, x->preserve_security_context,
|
||||
diff -urNp coreutils-8.21-orig/src/cp.c coreutils-8.21/src/cp.c
|
||||
--- coreutils-8.21-orig/src/cp.c 2013-02-07 10:37:05.000000000 +0100
|
||||
+++ coreutils-8.21/src/cp.c 2013-02-15 14:31:58.945468929 +0100
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
Summary: A set of basic GNU tools commonly used in shell scripts
|
||||
Name: coreutils
|
||||
Version: 8.22
|
||||
Release: 5%{?dist}
|
||||
Release: 6%{?dist}
|
||||
License: GPLv3+
|
||||
Group: System Environment/Base
|
||||
Url: http://www.gnu.org/software/coreutils/
|
||||
@ -372,6 +372,10 @@ fi
|
||||
%{_sbindir}/chroot
|
||||
|
||||
%changelog
|
||||
* Fri Jan 03 2014 Ondrej Vasik <ovasik@redhat.com> 8.22-6
|
||||
- do not modify SELinux contexts of existing parent
|
||||
directories when copying files (fix by P.Brady, #1045122)
|
||||
|
||||
* Thu Jan 02 2014 Ondrej Oprala <ooprala@redhat.com> 8.22-5
|
||||
- reverted an old change and constricted it's condition
|
||||
- turned off two multibyte tests (wrong strcoll return value)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user