rpms/policycoreutils
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix bug in glob handling for restorecon

Browse Source
This commit is contained in:
Dan Walsh 2011-08-23 17:13:19 -04:00
parent dafba41234
commit 8b0727dc56
2 changed files with 46 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
policycoreutils-rhat.patch
View File

@ -4140,7 +4140,7 @@ index 0000000..1ce37b0
+ return 0; + return 0;
+} +}
diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c
index e05761a..66cb950 100644 index e05761a..5bcb44a 100644
--- a/policycoreutils/setfiles/restore.c --- a/policycoreutils/setfiles/restore.c
+++ b/policycoreutils/setfiles/restore.c +++ b/policycoreutils/setfiles/restore.c
@@ -318,11 +318,16 @@ static int process_one(char *name, int recurse_this_path) @@ -318,11 +318,16 @@ static int process_one(char *name, int recurse_this_path)
@ -4163,7 +4163,41 @@ index e05761a..66cb950 100644
do { do {
rc = 0; rc = 0;
/* Skip the post order nodes. */ /* Skip the post order nodes. */
@@ -388,7 +393,7 @@ int process_one_realpath(char *name, int recurse) @@ -368,19 +373,21 @@ int process_glob(char *name, int recurse) {
int errors;
memset(&globbuf, 0, sizeof(globbuf));
errors = glob(name, GLOB_TILDE | GLOB_PERIOD, NULL, &globbuf);
- if (errors)
- errors = process_one_realpath(name, recurse);
- else {
- for (i = 0; i < globbuf.gl_pathc; i++) {
- int len = strlen(globbuf.gl_pathv[i]) -2;
- if (len > 0 && strcmp(&globbuf.gl_pathv[i][len--], "/.") == 0)
- continue;
- if (len > 0 && strcmp(&globbuf.gl_pathv[i][len], "/..") == 0)
- continue;
- errors |= process_one_realpath(globbuf.gl_pathv[i], recurse);
- }
- globfree(&globbuf);
+ if (errors == GLOB_NOMATCH)
+ return 0;
+
+ if (errors)
+ return errors;
+
+ for (i = 0; i < globbuf.gl_pathc; i++) {
+ int len = strlen(globbuf.gl_pathv[i]) -2;
+ if (len > 0 && strcmp(&globbuf.gl_pathv[i][len--], "/.") == 0)
+ continue;
+ if (len > 0 && strcmp(&globbuf.gl_pathv[i][len], "/..") == 0)
+ continue;
+ errors |= process_one_realpath(globbuf.gl_pathv[i], recurse);
}
+ globfree(&globbuf);
return errors;
}
@@ -388,7 +395,7 @@ int process_one_realpath(char *name, int recurse)
{ {
int rc = 0; int rc = 0;
char *p; char *p;
@ -4172,7 +4206,7 @@ index e05761a..66cb950 100644
if (r_opts == NULL){ if (r_opts == NULL){
fprintf(stderr, fprintf(stderr,
@@ -399,7 +404,7 @@ int process_one_realpath(char *name, int recurse) @@ -399,7 +406,7 @@ int process_one_realpath(char *name, int recurse)
if (!r_opts->expand_realpath) { if (!r_opts->expand_realpath) {
return process_one(name, recurse); return process_one(name, recurse);
} else { } else {
@ -4181,7 +4215,7 @@ index e05761a..66cb950 100644
if (rc < 0) { if (rc < 0) {
if (r_opts->ignore_enoent && errno == ENOENT) if (r_opts->ignore_enoent && errno == ENOENT)
return 0; return 0;
@@ -566,7 +571,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil @@ -566,7 +573,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
{ {
file_spec_t *prevfl, *fl; file_spec_t *prevfl, *fl;
int h, ret; int h, ret;
@ -4190,7 +4224,7 @@ index e05761a..66cb950 100644
if (!fl_head) { if (!fl_head) {
fl_head = malloc(sizeof(file_spec_t) * HASH_BUCKETS); fl_head = malloc(sizeof(file_spec_t) * HASH_BUCKETS);
@@ -579,7 +584,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil @@ -579,7 +586,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
for (prevfl = &fl_head[h], fl = fl_head[h].next; fl; for (prevfl = &fl_head[h], fl = fl_head[h].next; fl;
prevfl = fl, fl = fl->next) { prevfl = fl, fl = fl->next) {
if (ino == fl->ino) { if (ino == fl->ino) {
@ -4199,7 +4233,7 @@ index e05761a..66cb950 100644
if (ret < 0 || sb.st_ino != ino) { if (ret < 0 || sb.st_ino != ino) {
freecon(fl->con); freecon(fl->con);
free(fl->file); free(fl->file);
@@ -631,5 +636,67 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil @@ -631,5 +638,67 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
return -1; return -1;
} }
@ -4228,7 +4262,7 @@ index e05761a..66cb950 100644
+ fp = fopen("/proc/mounts", "r"); + fp = fopen("/proc/mounts", "r");
+ if (!fp) + if (!fp)
+ return; + return;
+
+ while ((num = getline(&buf, &len, fp)) != -1) { + while ((num = getline(&buf, &len, fp)) != -1) {
+ found = 0; + found = 0;
+ index = 0; + index = 0;
@ -4246,7 +4280,7 @@ index e05761a..66cb950 100644
+ buf); + buf);
+ continue; + continue;
+ } + }
+
+ /* remove pre-existing entry */ + /* remove pre-existing entry */
+ remove_exclude(mount_info[1]); + remove_exclude(mount_info[1]);
+ +

5
policycoreutils.spec
View File

@ -7,7 +7,7 @@
Summary: SELinux policy core utilities Summary: SELinux policy core utilities
Name: policycoreutils Name: policycoreutils
Version: 2.1.4 Version: 2.1.4
Release: 1%{?dist} Release: 2%{?dist}
License: GPLv2 License: GPLv2
Group: System Environment/Base Group: System Environment/Base
# Based on git repository with tag 20101221 # Based on git repository with tag 20101221
@ -352,6 +352,9 @@ fi
/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || : /bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
%changelog %changelog
* Thu Aug 18 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-2
- Fix bug in glob handling for restorecon
* Thu Aug 18 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-1 * Thu Aug 18 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-1
-Update to upstream -Update to upstream
2.1.4 2011-08-17 2.1.4 2011-08-17