From 8b0727dc56d47a5893516e725d7a898566b3db78 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Tue, 23 Aug 2011 17:13:19 -0400
Subject: [PATCH] Fix bug in glob handling for restorecon

---
 policycoreutils-rhat.patch | 50 ++++++++++++++++++++++++++++++++------
 policycoreutils.spec       |  5 +++-
 2 files changed, 46 insertions(+), 9 deletions(-)

diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index b73beec..52f6755 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -4140,7 +4140,7 @@ index 0000000..1ce37b0
 +	return 0;
 +}
 diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c
-index e05761a..66cb950 100644
+index e05761a..5bcb44a 100644
 --- a/policycoreutils/setfiles/restore.c
 +++ b/policycoreutils/setfiles/restore.c
 @@ -318,11 +318,16 @@ static int process_one(char *name, int recurse_this_path)
@@ -4163,7 +4163,41 @@ index e05761a..66cb950 100644
  	do {
  		rc = 0;
  		/* Skip the post order nodes. */
-@@ -388,7 +393,7 @@ int process_one_realpath(char *name, int recurse)
+@@ -368,19 +373,21 @@ int process_glob(char *name, int recurse) {
+ 	int errors;
+ 	memset(&globbuf, 0, sizeof(globbuf));
+ 	errors = glob(name, GLOB_TILDE | GLOB_PERIOD, NULL, &globbuf);
+-	if (errors)
+-		errors = process_one_realpath(name, recurse);
+-	else {
+-		for (i = 0; i < globbuf.gl_pathc; i++) {
+-			int len = strlen(globbuf.gl_pathv[i]) -2;
+-			if (len > 0 && strcmp(&globbuf.gl_pathv[i][len--], "/.") == 0)
+-				continue;
+-			if (len > 0 && strcmp(&globbuf.gl_pathv[i][len], "/..") == 0)
+-				continue;
+-			errors |= process_one_realpath(globbuf.gl_pathv[i], recurse);
+-		}
+-		globfree(&globbuf);
++	if (errors == GLOB_NOMATCH)
++		return 0;
++
++	if (errors) 
++		return errors;
++
++	for (i = 0; i < globbuf.gl_pathc; i++) {
++		int len = strlen(globbuf.gl_pathv[i]) -2;
++		if (len > 0 && strcmp(&globbuf.gl_pathv[i][len--], "/.") == 0)
++			continue;
++		if (len > 0 && strcmp(&globbuf.gl_pathv[i][len], "/..") == 0)
++			continue;
++		errors |= process_one_realpath(globbuf.gl_pathv[i], recurse);
+ 	}
++	globfree(&globbuf);
+ 	return errors;
+ }
+ 
+@@ -388,7 +395,7 @@ int process_one_realpath(char *name, int recurse)
  {
  	int rc = 0;
  	char *p;
@@ -4172,7 +4206,7 @@ index e05761a..66cb950 100644
  
  	if (r_opts == NULL){
  		fprintf(stderr,
-@@ -399,7 +404,7 @@ int process_one_realpath(char *name, int recurse)
+@@ -399,7 +406,7 @@ int process_one_realpath(char *name, int recurse)
  	if (!r_opts->expand_realpath) {
  		return process_one(name, recurse);
  	} else {
@@ -4181,7 +4215,7 @@ index e05761a..66cb950 100644
  		if (rc < 0) {
  			if (r_opts->ignore_enoent && errno == ENOENT)
  				return 0;
-@@ -566,7 +571,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
+@@ -566,7 +573,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
  {
  	file_spec_t *prevfl, *fl;
  	int h, ret;
@@ -4190,7 +4224,7 @@ index e05761a..66cb950 100644
  
  	if (!fl_head) {
  		fl_head = malloc(sizeof(file_spec_t) * HASH_BUCKETS);
-@@ -579,7 +584,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
+@@ -579,7 +586,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
  	for (prevfl = &fl_head[h], fl = fl_head[h].next; fl;
  	     prevfl = fl, fl = fl->next) {
  		if (ino == fl->ino) {
@@ -4199,7 +4233,7 @@ index e05761a..66cb950 100644
  			if (ret < 0 || sb.st_ino != ino) {
  				freecon(fl->con);
  				free(fl->file);
-@@ -631,5 +636,67 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
+@@ -631,5 +638,67 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
  	return -1;
  }
  
@@ -4228,7 +4262,7 @@ index e05761a..66cb950 100644
 +	fp = fopen("/proc/mounts", "r");
 +	if (!fp)
 +		return;
- 
++
 +	while ((num = getline(&buf, &len, fp)) != -1) {
 +		found = 0;
 +		index = 0;
@@ -4246,7 +4280,7 @@ index e05761a..66cb950 100644
 +				buf);
 +			continue;
 +		}
-+
+ 
 +		/* remove pre-existing entry */
 +		remove_exclude(mount_info[1]);
 +
diff --git a/policycoreutils.spec b/policycoreutils.spec
index c275768..10dff19 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.1.4
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2
 Group:	 System Environment/Base
 # Based on git repository with tag 20101221
@@ -352,6 +352,9 @@ fi
 /bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
 
 %changelog
+* Thu Aug 18 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-2
+- Fix bug in glob handling for restorecon
+
 * Thu Aug 18 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-1
 -Update to upstream
 2.1.4 2011-08-17