fix displaying of security context in stat(#411181)

2007-12-05 12:23:19 +00:00 · 2007-12-05 12:23:19 +00:00 · 60e9267535
commit 60e9267535
parent cfcdd286e6
2 changed files with 211 additions and 1 deletions
--- a/coreutils-6.9-statsecuritycontext.patch
+++ b/coreutils-6.9-statsecuritycontext.patch
@ -0,0 +1,205 @@
+diff -urp coreutils-6.9-orig/src/stat.c coreutils-6.9/src/stat.c
+--- coreutils-6.9-orig/src/stat.c	2007-12-04 16:26:39.000000000 +0100
+++ coreutils-6.9/src/stat.c	2007-12-05 00:05:11.000000000 +0100
+@@ -55,12 +55,7 @@
+ # include <fs_info.h>
+ #endif
+ 
+-#ifdef WITH_SELINUX
+ #include <selinux/selinux.h>
+-#define SECURITY_ID_T security_context_t
+-#else
+-#define SECURITY_ID_T char *
+-#endif
+ 
+ #include "system.h"
+ 
+@@ -179,6 +174,9 @@ static struct option const long_options[
+ 
+ char *program_name;
+ 
+/* Whether to follow symbolic links;  True for --dereference (-L).  */
+static bool follow_links = false;
+
+ /* Whether to interpret backslash-escape sequences.
+    True for --printf=FMT, not for --format=FMT (-c).  */
+ static bool interpret_backslash_escapes;
+@@ -402,10 +400,30 @@ out_uint_x (char *pformat, size_t prefix
+   printf (pformat, arg);
+ }
+ 
+/* Very specialized function (modifies FORMAT), just so as to avoid
+   duplicating this code between both print_statfs and print_stat.  */
+static void
+out_file_context (char const *filename, char *pformat, size_t prefix_len)
+{
+  char *scontext;
+  if ((follow_links
+       ? getfilecon (filename, &scontext)
+       : lgetfilecon (filename, &scontext)) < 0)
+    {
+      error (0, errno, _("failed to get security context of %s"),
+	     quote (filename));
+      scontext = NULL;
+    }
+  strcpy (pformat + prefix_len, "s");
+  printf (pformat, (scontext ? scontext : "?"));
+  if (scontext)
+    freecon (scontext);
+}
+
+ /* print statfs info */
+ static void
+ print_statfs (char *pformat, size_t prefix_len, char m, char const *filename,
+-	      void const *data, SECURITY_ID_T scontext)
+	      void const *data)
+ {
+   STRUCT_STATVFS const *statfsbuf = data;
+ 
+@@ -481,8 +499,7 @@ print_statfs (char *pformat, size_t pref
+       out_int (pformat, prefix_len, statfsbuf->f_ffree);
+       break;
+     case 'C':
+-      strcat (pformat, "s");
+-      printf(scontext);
+      out_file_context (filename, pformat, prefix_len);
+       break;
+     default:
+       fputc ('?', stdout);
+@@ -493,7 +510,7 @@ print_statfs (char *pformat, size_t pref
+ /* print stat info */
+ static void
+ print_stat (char *pformat, size_t prefix_len, char m,
+-	    char const *filename, void const *data, SECURITY_ID_T scontext)
+	    char const *filename, void const *data)
+ {
+   struct stat *statbuf = (struct stat *) data;
+   struct passwd *pw_ent;
+@@ -607,8 +624,7 @@ print_stat (char *pformat, size_t prefix
+ 	out_uint (pformat, prefix_len, statbuf->st_ctime);
+       break;
+     case 'C':
+-      strcat (pformat, "s");
+-      printf(pformat,scontext);
+      out_file_context(filename, pformat, prefix_len);
+       break;
+     default:
+       fputc ('?', stdout);
+@@ -656,9 +672,8 @@ print_esc_char (char c)
+ 
+ static void
+ print_it (char const *format, char const *filename,
+-	  void (*print_func) (char *, size_t, char, char const *, void const *,
+-			      SECURITY_ID_T ),
+-	  void const *data, SECURITY_ID_T scontext)
+	  void (*print_func) (char *, size_t, char, char const *, void const *),
+	  void const *data)
+ {
+   /* Add 2 to accommodate our conversion of the stat `%s' format string
+      to the longer printf `%llu' one.  */
+@@ -699,7 +714,7 @@ print_it (char const *format, char const
+ 		putchar ('%');
+ 		break;
+ 	      default:
+-		print_func (dest, len + 1, *fmt_char, filename, data, scontext);
+		print_func (dest, len + 1, *fmt_char, filename, data);
+ 		break;
+ 	      }
+ 	    break;
+@@ -765,18 +780,6 @@ static bool
+ do_statfs (char const *filename, bool terse, bool secure, char const *format)
+ {
+   STRUCT_STATVFS statfsbuf;
+-  SECURITY_ID_T scontext = NULL;
+-#ifdef WITH_SELINUX
+-  if(is_selinux_enabled()) {
+-    if (getfilecon(filename,&scontext)<0) {
+-      if (secure) {
+-        perror (filename);
+-        return false;
+-      }
+-      scontext = NULL;
+-    }
+-  }
+-#endif
+ 
+   if (STATFS (filename, &statfsbuf) != 0)
+     {
+@@ -812,43 +815,23 @@ do_statfs (char const *filename, bool te
+ 	}
+     }
+ 
+-  print_it (format, filename, print_statfs, &statfsbuf, scontext);
+-#ifdef WITH_SELINUX
+-  if (scontext != NULL)
+-    freecon(scontext);
+-#endif
+  print_it (format, filename, print_statfs, &statfsbuf);
+   return true;
+ }
+ 
+ /* stat the file and print what we find */
+ static bool
+-do_stat (char const *filename, bool follow_links, bool terse, bool secure,
+do_stat (char const *filename, bool terse, bool secure,
+ 	 char const *format)
+ {
+   struct stat statbuf;
+-  SECURITY_ID_T scontext = NULL;
+-
+  
+   if ((follow_links ? stat : lstat) (filename, &statbuf) != 0)
+     {
+       error (0, errno, _("cannot stat %s"), quote (filename));
+       return false;
+     }
+ 
+-#ifdef WITH_SELINUX
+-  if(is_selinux_enabled()) {
+-    int i;
+-    if (!follow_links) 
+-      i=lgetfilecon(filename, &scontext);
+-    else
+-      i=getfilecon(filename, &scontext);
+-    if (i == -1 && secure)
+-      {
+-	perror (filename);
+-	return false;
+-      }
+-  }
+-#endif
+-
+   if (format == NULL)
+     {
+       if (terse)
+@@ -893,11 +876,7 @@ do_stat (char const *filename, bool foll
+ 	    }
+ 	}
+     }
+-  print_it (format, filename, print_stat, &statbuf, scontext);
+-#ifdef WITH_SELINUX
+-  if (scontext) 
+-    freecon(scontext);
+-#endif
+  print_it (format, filename, print_stat, &statbuf);
+   return true;
+ }
+ 
+@@ -996,7 +975,6 @@ main (int argc, char *argv[])
+ {
+   int c;
+   int i;
+-  bool follow_links = false;
+   bool fs = false;
+   bool terse = false;
+   bool secure = false;
+@@ -1065,7 +1043,7 @@ main (int argc, char *argv[])
+   for (i = optind; i < argc; i++)
+     ok &= (fs
+ 	   ? do_statfs (argv[i], terse, secure, format)
+-	   : do_stat (argv[i], follow_links, terse, secure, format));
+	   : do_stat (argv[i], terse, secure, format));
+ 
+   exit (ok ? EXIT_SUCCESS : EXIT_FAILURE);
+ }
+
--- a/coreutils.spec
+++ b/coreutils.spec
@ -1,7 +1,7 @@
 Summary: The GNU core utilities: a set of tools commonly used in shell scripts
 Name:    coreutils
 Version: 6.9
-Release: 15%{?dist}
+Release: 16%{?dist}
 License: GPLv2+
 Group:   System Environment/Base
 Url:     http://www.gnu.org/software/coreutils/
@ -50,6 +50,7 @@ Patch916: coreutils-getfacl-exit-code.patch
 Patch950: coreutils-selinux.patch
 #SELINUX Patch fix to allow cp -a rewrite file on different filesystem
 Patch951: coreutils-6.9-requiresecuritycontext.patch
+Patch952: coreutils-6.9-statsecuritycontext.patch

 BuildRequires: libselinux-devel >= 1.25.6-1
 BuildRequires: libacl-devel
@ -118,6 +119,7 @@ the old GNU fileutils, sh-utils, and textutils packages.
 #SELinux
 %patch950 -p1 -b .selinux
 %patch951 -p1 -b .require-preserve
+%patch952 -p1 -b .statsecuritycontext

 # Don't run basic-1 test, since it breaks when run in the background
 # (bug #102033).
@ -289,6 +291,9 @@ fi
 /sbin/runuser

 %changelog
+* Wed Dec 05 2007 Ondrej Vasik <ovasik@redhat.com> - 6.9-16
+- fix displaying of security context in stat(#411181)
+
 * Thu Nov 29 2007 Ondrej Vasik <ovasik@redhat.com> - 6.9-15
 - completed fix of wrong colored broken symlinks in ls(#404511)