Fix bug in glob handling for restorecon
This commit is contained in:
Dan Walsh
parent
dafba41234
commit
8b0727dc56
@ -4140,7 +4140,7 @@ index 0000000..1ce37b0
|
||||
+ return 0;
|
||||
+}
|
||||
diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c
|
||||
index e05761a..66cb950 100644
|
||||
index e05761a..5bcb44a 100644
|
||||
--- a/policycoreutils/setfiles/restore.c
|
||||
+++ b/policycoreutils/setfiles/restore.c
|
||||
@@ -318,11 +318,16 @@ static int process_one(char *name, int recurse_this_path)
|
||||
@ -4163,7 +4163,41 @@ index e05761a..66cb950 100644
|
||||
do {
|
||||
rc = 0;
|
||||
/* Skip the post order nodes. */
|
||||
@@ -388,7 +393,7 @@ int process_one_realpath(char *name, int recurse)
|
||||
@@ -368,19 +373,21 @@ int process_glob(char *name, int recurse) {
|
||||
int errors;
|
||||
memset(&globbuf, 0, sizeof(globbuf));
|
||||
errors = glob(name, GLOB_TILDE | GLOB_PERIOD, NULL, &globbuf);
|
||||
- if (errors)
|
||||
- errors = process_one_realpath(name, recurse);
|
||||
- else {
|
||||
- for (i = 0; i < globbuf.gl_pathc; i++) {
|
||||
- int len = strlen(globbuf.gl_pathv[i]) -2;
|
||||
- if (len > 0 && strcmp(&globbuf.gl_pathv[i][len--], "/.") == 0)
|
||||
- continue;
|
||||
- if (len > 0 && strcmp(&globbuf.gl_pathv[i][len], "/..") == 0)
|
||||
- continue;
|
||||
- errors |= process_one_realpath(globbuf.gl_pathv[i], recurse);
|
||||
- }
|
||||
- globfree(&globbuf);
|
||||
+ if (errors == GLOB_NOMATCH)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (errors)
|
||||
+ return errors;
|
||||
+
|
||||
+ for (i = 0; i < globbuf.gl_pathc; i++) {
|
||||
+ int len = strlen(globbuf.gl_pathv[i]) -2;
|
||||
+ if (len > 0 && strcmp(&globbuf.gl_pathv[i][len--], "/.") == 0)
|
||||
+ continue;
|
||||
+ if (len > 0 && strcmp(&globbuf.gl_pathv[i][len], "/..") == 0)
|
||||
+ continue;
|
||||
+ errors |= process_one_realpath(globbuf.gl_pathv[i], recurse);
|
||||
}
|
||||
+ globfree(&globbuf);
|
||||
return errors;
|
||||
}
|
||||
|
||||
@@ -388,7 +395,7 @@ int process_one_realpath(char *name, int recurse)
|
||||
{
|
||||
int rc = 0;
|
||||
char *p;
|
||||
@ -4172,7 +4206,7 @@ index e05761a..66cb950 100644
|
||||
|
||||
if (r_opts == NULL){
|
||||
fprintf(stderr,
|
||||
@@ -399,7 +404,7 @@ int process_one_realpath(char *name, int recurse)
|
||||
@@ -399,7 +406,7 @@ int process_one_realpath(char *name, int recurse)
|
||||
if (!r_opts->expand_realpath) {
|
||||
return process_one(name, recurse);
|
||||
} else {
|
||||
@ -4181,7 +4215,7 @@ index e05761a..66cb950 100644
|
||||
if (rc < 0) {
|
||||
if (r_opts->ignore_enoent && errno == ENOENT)
|
||||
return 0;
|
||||
@@ -566,7 +571,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
|
||||
@@ -566,7 +573,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
|
||||
{
|
||||
file_spec_t *prevfl, *fl;
|
||||
int h, ret;
|
||||
@ -4190,7 +4224,7 @@ index e05761a..66cb950 100644
|
||||
|
||||
if (!fl_head) {
|
||||
fl_head = malloc(sizeof(file_spec_t) * HASH_BUCKETS);
|
||||
@@ -579,7 +584,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
|
||||
@@ -579,7 +586,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
|
||||
for (prevfl = &fl_head[h], fl = fl_head[h].next; fl;
|
||||
prevfl = fl, fl = fl->next) {
|
||||
if (ino == fl->ino) {
|
||||
@ -4199,7 +4233,7 @@ index e05761a..66cb950 100644
|
||||
if (ret < 0 || sb.st_ino != ino) {
|
||||
freecon(fl->con);
|
||||
free(fl->file);
|
||||
@@ -631,5 +636,67 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
|
||||
@@ -631,5 +638,67 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
|
||||
return -1;
|
||||
}
|
||||
|
||||
@ -4228,7 +4262,7 @@ index e05761a..66cb950 100644
|
||||
+ fp = fopen("/proc/mounts", "r");
|
||||
+ if (!fp)
|
||||
+ return;
|
||||
|
||||
+
|
||||
+ while ((num = getline(&buf, &len, fp)) != -1) {
|
||||
+ found = 0;
|
||||
+ index = 0;
|
||||
@ -4246,7 +4280,7 @@ index e05761a..66cb950 100644
|
||||
+ buf);
|
||||
+ continue;
|
||||
+ }
|
||||
+
|
||||
|
||||
+ /* remove pre-existing entry */
|
||||
+ remove_exclude(mount_info[1]);
|
||||
+
|
||||
|
||||
@ -7,7 +7,7 @@
|
||||
Summary: SELinux policy core utilities
|
||||
Name: policycoreutils
|
||||
Version: 2.1.4
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
License: GPLv2
|
||||
Group: System Environment/Base
|
||||
# Based on git repository with tag 20101221
|
||||
@ -352,6 +352,9 @@ fi
|
||||
/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
|
||||
|
||||
%changelog
|
||||
* Thu Aug 18 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-2
|
||||
- Fix bug in glob handling for restorecon
|
||||
|
||||
* Thu Aug 18 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-1
|
||||
-Update to upstream
|
||||
2.1.4 2011-08-17
|
||||
|
||||
Loading…
Reference in New Issue
Block a user