diff options
| author | Pádraig Brady <P@draigBrady.com> | 2020-11-22 17:46:52 +0000 |
|---|---|---|
| committer | Paul Eggert <eggert@cs.ucla.edu> | 2020-11-23 01:00:22 -0800 |
| commit | 7b341f084bce94f4d67e0f65f6746130611b96d5 (patch) | |
| tree | 2813bca614b4dc0b8b4d503cae2c28161071e73b | |
| parent | 344cf0ee5fcc827d0e65d3b76b5f4a8c7176bb4d (diff) | |
maint: use absolute paths with selabel_lookup
* src/selinux.c: selabel_lookup requires absolute paths
(while only older matchpathcon before libselinux < 2.1.5 2011-0826 did).
* po/POTFILES.in: Readd src/selinux.c since we now have
a translatable error message.
| -rw-r--r-- | po/POTFILES.in | 1 | ||||
| -rw-r--r-- | src/selinux.c | 33 |
2 files changed, 32 insertions, 2 deletions
diff --git a/po/POTFILES.in b/po/POTFILES.in index 5ccc0e9a9..074322393 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -109,6 +109,7 @@ src/remove.c src/rm.c src/rmdir.c src/runcon.c +src/selinux.c src/seq.c src/set-fields.c src/shred.c diff --git a/src/selinux.c b/src/selinux.c index 10fa9d8c6..50efb0aec 100644 --- a/src/selinux.c +++ b/src/selinux.c @@ -21,7 +21,9 @@ #include <selinux/context.h> #include <sys/types.h> +#include "die.h" #include "system.h" +#include "canonicalize.h" #include "xfts.h" #include "selinux.h" @@ -113,6 +115,16 @@ defaultcon (struct selabel_handle *selabel_handle, context_t scontext = 0, tcontext = 0; const char *contype; char *constr; + char *newpath = NULL; + + if (! IS_ABSOLUTE_FILE_NAME (path)) + { + newpath = canonicalize_filename_mode (path, CAN_MISSING); + if (! newpath) + die (EXIT_FAILURE, errno, _("error canonicalizing %s"), + quoteaf (path)); + path = newpath; + } if (selabel_lookup (selabel_handle, &scon, path, mode) < 0) { @@ -120,7 +132,7 @@ defaultcon (struct selabel_handle *selabel_handle, when processing files, when in fact it was the associated default context that was not found. Therefore map the error to something more appropriate - to the context in which we're using matchpathcon(). */ + to the context in which we're using selabel_lookup(). */ if (errno == ENOENT) errno = ENODATA; goto quit; @@ -146,6 +158,7 @@ quit: context_free (tcontext); freecon (scon); freecon (tcon); + free (newpath); return rc; } @@ -269,8 +282,23 @@ bool restorecon (struct selabel_handle *selabel_handle, char const *path, bool recurse) { + char *newpath = NULL; + + if (! IS_ABSOLUTE_FILE_NAME (path)) + { + newpath = canonicalize_filename_mode (path, CAN_MISSING); + if (! newpath) + die (EXIT_FAILURE, errno, _("error canonicalizing %s"), + quoteaf (path)); + path = newpath; + } + if (! recurse) - return restorecon_private (selabel_handle, path) == 0; + { + bool ok = restorecon_private (selabel_handle, path) != -1; + free (newpath); + return ok; + } char const *ftspath[2] = { path, NULL }; FTS *fts = xfts_open ((char *const *) ftspath, FTS_PHYSICAL, NULL); @@ -286,6 +314,7 @@ restorecon (struct selabel_handle *selabel_handle, if (fts_close (fts) != 0) err = errno; + free (newpath); return !err; } #endif |