[policycoreutils/f16] Fix bug in glob handling for restorecon
Daniel J Walsh
dwalsh at fedoraproject.org
Tue Aug 23 21:14:29 UTC 2011
commit 9e0cf1ffd5bf7593d0e04fd98b7e9f90766b545e
Author: Dan Walsh <dwalsh at redhat.com>
Date: Tue Aug 23 17:14:13 2011 -0400
Fix bug in glob handling for restorecon
policycoreutils-rhat.patch | 50 ++++++++++++++++++++++++++++++++++++-------
policycoreutils.spec | 5 +++-
2 files changed, 46 insertions(+), 9 deletions(-)
---
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index b73beec..52f6755 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -4140,7 +4140,7 @@ index 0000000..1ce37b0
+ return 0;
+}
diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c
-index e05761a..66cb950 100644
+index e05761a..5bcb44a 100644
--- a/policycoreutils/setfiles/restore.c
+++ b/policycoreutils/setfiles/restore.c
@@ -318,11 +318,16 @@ static int process_one(char *name, int recurse_this_path)
@@ -4163,7 +4163,41 @@ index e05761a..66cb950 100644
do {
rc = 0;
/* Skip the post order nodes. */
-@@ -388,7 +393,7 @@ int process_one_realpath(char *name, int recurse)
+@@ -368,19 +373,21 @@ int process_glob(char *name, int recurse) {
+ int errors;
+ memset(&globbuf, 0, sizeof(globbuf));
+ errors = glob(name, GLOB_TILDE | GLOB_PERIOD, NULL, &globbuf);
+- if (errors)
+- errors = process_one_realpath(name, recurse);
+- else {
+- for (i = 0; i < globbuf.gl_pathc; i++) {
+- int len = strlen(globbuf.gl_pathv[i]) -2;
+- if (len > 0 && strcmp(&globbuf.gl_pathv[i][len--], "/.") == 0)
+- continue;
+- if (len > 0 && strcmp(&globbuf.gl_pathv[i][len], "/..") == 0)
+- continue;
+- errors |= process_one_realpath(globbuf.gl_pathv[i], recurse);
+- }
+- globfree(&globbuf);
++ if (errors == GLOB_NOMATCH)
++ return 0;
++
++ if (errors)
++ return errors;
++
++ for (i = 0; i < globbuf.gl_pathc; i++) {
++ int len = strlen(globbuf.gl_pathv[i]) -2;
++ if (len > 0 && strcmp(&globbuf.gl_pathv[i][len--], "/.") == 0)
++ continue;
++ if (len > 0 && strcmp(&globbuf.gl_pathv[i][len], "/..") == 0)
++ continue;
++ errors |= process_one_realpath(globbuf.gl_pathv[i], recurse);
+ }
++ globfree(&globbuf);
+ return errors;
+ }
+
+@@ -388,7 +395,7 @@ int process_one_realpath(char *name, int recurse)
{
int rc = 0;
char *p;
@@ -4172,7 +4206,7 @@ index e05761a..66cb950 100644
if (r_opts == NULL){
fprintf(stderr,
-@@ -399,7 +404,7 @@ int process_one_realpath(char *name, int recurse)
+@@ -399,7 +406,7 @@ int process_one_realpath(char *name, int recurse)
if (!r_opts->expand_realpath) {
return process_one(name, recurse);
} else {
@@ -4181,7 +4215,7 @@ index e05761a..66cb950 100644
if (rc < 0) {
if (r_opts->ignore_enoent && errno == ENOENT)
return 0;
-@@ -566,7 +571,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
+@@ -566,7 +573,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
{
file_spec_t *prevfl, *fl;
int h, ret;
@@ -4190,7 +4224,7 @@ index e05761a..66cb950 100644
if (!fl_head) {
fl_head = malloc(sizeof(file_spec_t) * HASH_BUCKETS);
-@@ -579,7 +584,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
+@@ -579,7 +586,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
for (prevfl = &fl_head[h], fl = fl_head[h].next; fl;
prevfl = fl, fl = fl->next) {
if (ino == fl->ino) {
@@ -4199,7 +4233,7 @@ index e05761a..66cb950 100644
if (ret < 0 || sb.st_ino != ino) {
freecon(fl->con);
free(fl->file);
-@@ -631,5 +636,67 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
+@@ -631,5 +638,67 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
return -1;
}
@@ -4228,7 +4262,7 @@ index e05761a..66cb950 100644
+ fp = fopen("/proc/mounts", "r");
+ if (!fp)
+ return;
-
++
+ while ((num = getline(&buf, &len, fp)) != -1) {
+ found = 0;
+ index = 0;
@@ -4246,7 +4280,7 @@ index e05761a..66cb950 100644
+ buf);
+ continue;
+ }
-+
+
+ /* remove pre-existing entry */
+ remove_exclude(mount_info[1]);
+
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 928c148..c43f199 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.1.4
-Release: 1%{?dist}
+Release: 2%{?dist}
License: GPLv2
Group: System Environment/Base
# Based on git repository with tag 20101221
@@ -352,6 +352,9 @@ fi
/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
%changelog
+* Thu Aug 18 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.4-2
+- Fix bug in glob handling for restorecon
+
* Thu Aug 18 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.4-1
-Update to upstream
2.1.4 2011-08-17
More information about the scm-commits
mailing list