[coreutils] use acl_extended_file_nofollow() if available (#692823)

Ondrej Vasik ovasik at fedoraproject.org
Fri Jul 29 13:12:34 UTC 2011 

commit c9c477adae50a5ede3a4b48b9a39344e7fc0d51a
Author: Ondřej Vašík <ovasik at redhat.com>
Date:   Fri Jul 29 15:12:18 2011 +0200

    use acl_extended_file_nofollow() if available (#692823)

 coreutils-acl-extended-file-nofollow.patch |   74 ++++++++++++++++++++++++++++
 coreutils.spec                             |    8 +++-
 2 files changed, 81 insertions(+), 1 deletions(-)
---
diff --git a/coreutils-acl-extended-file-nofollow.patch b/coreutils-acl-extended-file-nofollow.patch
new file mode 100644
index 0000000..ad72293
--- /dev/null
+++ b/coreutils-acl-extended-file-nofollow.patch
@@ -0,0 +1,74 @@
+From 95f7c57ff4090a5dee062044d2c7b99879077808 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka <at> redhat.com>
+Date: Fri, 22 Jul 2011 14:48:42 +0200
+Subject: [PATCH] file-has-acl: use acl_extended_file_nofollow if available
+
+* lib/acl-internal.h (HAVE_ACL_EXTENDED_FILE): New macro.
+(acl_extended_file): New macro.
+* lib/file-has-acl.c (file_has_acl): Use acl_extended_file_nofollow.
+* m4/acl.m4 (gl_FUNC_ACL): Check for acl_extended_file_nofollow.
+This addresses http://bugzilla.redhat.com/692823.
+---
+ lib/acl-internal.h |    6 ++++++
+ lib/file-has-acl.c |   10 +++++++++-
+ m4/acl.m4          |    2 +-
+ 3 files changed, 16 insertions(+), 2 deletions(-)
+
+diff --git a/lib/acl-internal.h b/lib/acl-internal.h
+index b3160a7..b509666 100644
+--- a/lib/acl-internal.h
++++ b/lib/acl-internal.h
+@@ -133,6 +133,12 @@ rpl_acl_set_fd (int fd, acl_t acl)
+ #  endif
+
+ /* Linux-specific */
++#  ifndef HAVE_ACL_EXTENDED_FILE_NOFOLLOW
++#   define HAVE_ACL_EXTENDED_FILE_NOFOLLOW false
++#   define acl_extended_file_nofollow(name) (-1)
++#  endif
++
++/* Linux-specific */
+ #  ifndef HAVE_ACL_FROM_MODE
+ #   define HAVE_ACL_FROM_MODE false
+ #   define acl_from_mode(mode) (NULL)
+diff --git a/lib/file-has-acl.c b/lib/file-has-acl.c
+index 3d4d5c1..2ee6ba2 100644
+--- a/lib/file-has-acl.c
++++ b/lib/file-has-acl.c
+@@ -366,12 +366,20 @@ file_has_acl (char const *name, struct stat const *sb)
+       /* Linux, FreeBSD, MacOS X, IRIX, Tru64 */
+       int ret;
+
+-      if (HAVE_ACL_EXTENDED_FILE) /* Linux */
++      if (HAVE_ACL_EXTENDED_FILE || HAVE_ACL_EXTENDED_FILE_NOFOLLOW) /* Linux */
+         {
++#  if HAVE_ACL_EXTENDED_FILE_NOFOLLOW
++          /* acl_extended_file_nofollow() uses lgetxattr() in order to prevent
++             unnecessary mounts, but it returns the same result as we already
++             know that NAME is not a symbolic link at this point (modulo the
++             TOCTTOU race condition).  */
++          ret = acl_extended_file_nofollow (name);
++#  else
+           /* On Linux, acl_extended_file is an optimized function: It only
+              makes two calls to getxattr(), one for ACL_TYPE_ACCESS, one for
+              ACL_TYPE_DEFAULT.  */
+           ret = acl_extended_file (name);
++#  endif
+         }
+       else /* FreeBSD, MacOS X, IRIX, Tru64 */
+         {
+diff --git a/m4/acl.m4 b/m4/acl.m4
+index d6a448a..ecf0384 100644
+--- a/m4/acl.m4
++++ b/m4/acl.m4
+@@ -33,7 +33,7 @@ AC_DEFUN([gl_FUNC_ACL],
+            AC_CHECK_FUNCS(
+              [acl_get_file acl_get_fd acl_set_file acl_set_fd \
+               acl_free acl_from_mode acl_from_text \
+-              acl_delete_def_file acl_extended_file \
++              acl_delete_def_file acl_extended_file acl_extended_file_nofollow \
+               acl_delete_fd_np acl_delete_file_np \
+               acl_copy_ext_native acl_create_entry_np \
+               acl_to_short_text acl_free_text])
+--
+1.7.6.586.g302e6
diff --git a/coreutils.spec b/coreutils.spec
index 2784cdc..09422e3 100644
--- a/coreutils.spec
+++ b/coreutils.spec
@@ -1,7 +1,7 @@
 Summary: A set of basic GNU tools commonly used in shell scripts
 Name:    coreutils
 Version: 8.12
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: GPLv3+
 Group:   System Environment/Base
 Url:     http://www.gnu.org/software/coreutils/
@@ -32,6 +32,8 @@ Patch103: coreutils-8.2-uname-processortype.patch
 Patch104: coreutils-df-direct.patch
 #add note about mkdir --mode behaviour into info documentation(#610559)
 Patch107: coreutils-8.4-mkdir-modenote.patch
+#use acl_extended_file_nofollow if available (#692823)
+Patch108: coreutils-acl-extended-file-nofollow.patch
 
 # sh-utils
 #add info about TZ envvar to date manpage
@@ -121,6 +123,7 @@ Libraries for coreutils package.
 %patch103 -p1 -b .sysinfo
 %patch104 -p1 -b .dfdirect
 %patch107 -p1 -b .mkdirmode
+%patch108 -p1 -b .nofollow
 
 # sh-utils
 %patch703 -p1 -b .dateman
@@ -329,6 +332,9 @@ fi
 %{_libdir}/coreutils
 
 %changelog
+* Fri Jul 29 2011 Ondrej Vasik <ovasik at redhat.com> - 8.12-3
+- use acl_extended_file_nofollow() if available (#692823)
+
 * Fri Jul 15 2011 Ondrej Vasik <ovasik at redhat.com> - 8.12-2
 - support ecryptfs mount of Private (postlogin into su.pamd)
   (#722323)

More information about the scm-commits mailing list