Some files/directories have '+' when they are displayed with ls -Z. For example, # ls -dZ /lost+found/ drwx------+ root root system_u:object_r:lost_found_t /lost+found/
What does the '+' after the mode 'rwx------' mean?
--Ling
On Mon, 7 Jun 2004 16:26, Ling Li liling@gmail.com wrote:
Some files/directories have '+' when they are displayed with ls -Z. For example, # ls -dZ /lost+found/ drwx------+ root root system_u:object_r:lost_found_t /lost+found/
What does the '+' after the mode 'rwx------' mean?
From the SE Linux patch to ls.c:
+ modebuf[10] = (FILE_HAS_ACL (f) ? '+' : ' ');
I have repeated the same test on my system and found a '+' entry when it's not appropriate. I have verified that the directory in question has no acl, and also verified that /bin/ls does not even check for the presence of an acl by stracing it and seeing that it did not query the "system.posix_acl_access" or "system.posix_acl_default" xattrs, and it did not call listxattr() (to determine whether those xattr's existed).
At the moment I believe that there is some memory corruption in the SE Linux code.
On Mon, 2004-06-07 at 08:36, Russell Coker wrote:
From the SE Linux patch to ls.c:
- modebuf[10] = (FILE_HAS_ACL (f) ? '+' : ' ');
That is copied from the corresponding code for computing the mode string in print_long_format. In turn, FILE_HAS_ACL is based on the f->have_acl flag. But f->have_acl is only assigned a value if format == long_format in gobble_file(). Hence, the flag is not getting initialized properly for the security_format. Patch below should fix.
--- ls.c.old 2004-06-07 08:51:24.000000000 -0400 +++ ls.c 2004-06-07 08:51:34.000000000 -0400 @@ -2528,7 +2528,7 @@ }
#if HAVE_ACL || USE_ACL - if (format == long_format) + if (format == long_format || format == security_format) { int n = file_has_acl (path, &f->stat); f->have_acl = (0 < n);
On Mon, 7 Jun 2004 22:52, Stephen Smalley sds@epoch.ncsc.mil wrote:
On Mon, 2004-06-07 at 08:36, Russell Coker wrote:
From the SE Linux patch to ls.c:
- modebuf[10] = (FILE_HAS_ACL (f) ? '+' : ' ');
That is copied from the corresponding code for computing the mode string in print_long_format. In turn, FILE_HAS_ACL is based on the f->have_acl flag. But f->have_acl is only assigned a value if format == long_format
Great work! I've filed the following bugzilla report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=125447
On Mon, Jun 07, 2004 at 11:13:48PM +1000, Russell Coker wrote:
I used a slightly different patch:
--- coreutils-5.2.1/src/ls.c 2004-06-04 09:55:05.010506573 +0100 +++ coreutils-5.2.1/src/ls.c 2004-06-07 14:18:07.448963915 +0100 @@ -2530,7 +2530,11 @@ }
#if HAVE_ACL || USE_ACL - if (format == long_format) + if (format == long_format +#ifdef WITH_SELINUX + || format == security_format +#endif + ) { int n = file_has_acl (path, &f->stat); f->have_acl = (0 < n);
Fixed in coreutils-5.2.1-15.
Thanks, Tim. */
selinux@lists.fedoraproject.org