do not modify SELinux contexts of existing parent directories when copying files (fix by P.Brady, #1045122)

2014-01-03 08:38:06 +01:00 · 2014-01-03 08:38:06 +01:00 · 31d3fdd040
commit 31d3fdd040
parent d6d7448c6a
2 changed files with 28 additions and 13 deletions
--- a/coreutils-selinux.patch
+++ b/coreutils-selinux.patch
@ -34,7 +34,25 @@ diff -urNp coreutils-8.21-orig/man/runcon.x coreutils-8.21/man/runcon.x
 diff -urNp coreutils-8.21-orig/src/copy.c coreutils-8.21/src/copy.c
 --- coreutils-8.21-orig/src/copy.c	2013-02-07 10:37:05.000000000 +0100
 +++ coreutils-8.21/src/copy.c	2013-02-15 14:31:58.941467872 +0100
-@@ -2315,6 +2315,8 @@ copy_internal (char const *src_name, cha
+@@ -2410,6 +2410,17 @@ copy_internal (char const *src_name, cha
       else
         {
           omitted_permissions = 0;
 +
 +          /* For directories, the process global context could be reset for
 +             descendents, so use it to set the context for existing dirs here.
 +             This will also give earlier indication of failure to set ctx.  */
 +          if (x->set_security_context || x->preserve_security_context)
 +            if (! set_file_security_ctx (dst_name, x->preserve_security_context,
 +                                         false, x))
 +              {
 +                if (x->require_preserve_context)
 +                  goto un_backup;
 +              }
         }
       /* Decide whether to copy the contents of the directory.  */
@@ -2415,6 +2426,8 @@ copy_internal (char const *src_name, cha
         {
           /* Here, we are crossing a file system boundary and cp's -x option
              is in effect: so don't copy the contents of this directory. */
@ -43,22 +61,15 @@ diff -urNp coreutils-8.21-orig/src/copy.c coreutils-8.21/src/copy.c
         }
       else
         {
-@@ -2600,6 +2600,7 @@ copy_internal (char const *src_name, cha
+@@ -2602,7 +2613,7 @@ copy_internal (char const *src_name, cha
   /* With -Z or --preserve=context, set the context for existing files.
      Note this is done already for copy_reg() for reasons described therein.  */
-+  /*
+-  if (!new_dst && !x->copy_as_regular
-   if (!new_dst && !x->copy_as_regular
+  if (!new_dst && !x->copy_as_regular && !S_ISDIR (src_mode)
       && (x->set_security_context || x->preserve_security_context))
     {
-@@ -2610,6 +2611,7 @@ copy_internal (char const *src_name, cha
+       if (! set_file_security_ctx (dst_name, x->preserve_security_context,
              goto un_backup;
         }
     }
 +  Temporarily disabled, it screws up the destination CTX for cp -a */
   if (command_line_arg && x->dest_info)
     {
 diff -urNp coreutils-8.21-orig/src/cp.c coreutils-8.21/src/cp.c
 --- coreutils-8.21-orig/src/cp.c	2013-02-07 10:37:05.000000000 +0100
 +++ coreutils-8.21/src/cp.c	2013-02-15 14:31:58.945468929 +0100
--- a/coreutils.spec
+++ b/coreutils.spec
@ -1,7 +1,7 @@
 Summary: A set of basic GNU tools commonly used in shell scripts
 Name:    coreutils
 Version: 8.22
-Release: 5%{?dist}
+Release: 6%{?dist}
 License: GPLv3+
 Group:   System Environment/Base
 Url:     http://www.gnu.org/software/coreutils/
@ -372,6 +372,10 @@ fi
 %{_sbindir}/chroot
 %changelog
 * Fri Jan 03 2014 Ondrej Vasik <ovasik@redhat.com> 8.22-6
 - do not modify SELinux contexts of existing parent
  directories when copying files (fix by P.Brady, #1045122)
 * Thu Jan 02 2014 Ondrej Oprala <ooprala@redhat.com> 8.22-5
 - reverted an old change and constricted it's condition
 - turned off two multibyte tests (wrong strcoll return value)