RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2025-02-28 15:30:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Patch to change *setfilecon to not return ENOSUP if context matches.

Browse Source 
Tools like cp -A try to maintain the context of a program and call *setfilecon,
currently if the file system does not support XAttrs we return ENOSUPP.  We have
been requested to check if the context that is being set is the same to not return this
error.  So if I try to set the label on an nfs share to system_u:object_r:nfs_t:s0 and I get
ENOSUPP, it will not return an error.
This commit is contained in:
Dan Walsh 2013-10-09 15:15:35 -04:00 committed by Stephen Smalley
parent 756013edc5
commit 51d9a078c2
3 changed files with 39 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
libselinux/src/fsetfilecon.c
View File

@ -9,8 +9,20 @@
int fsetfilecon_raw(int fd, const security_context_t context)
{
return fsetxattr(fd, XATTR_NAME_SELINUX, context, strlen(context) + 1,
int rc = fsetxattr(fd, XATTR_NAME_SELINUX, context, strlen(context) + 1,
0);
if (rc < 0 && errno == ENOTSUP) {
security_context_t ccontext = NULL;
int err = errno;
if ((fgetfilecon_raw(fd, &ccontext) >= 0) &&
(strcmp(context,ccontext) == 0)) {
rc = 0;
} else {
errno = err;
}
freecon(ccontext);
}
return rc;
}
hidden_def(fsetfilecon_raw)

14
libselinux/src/lsetfilecon.c
View File

@ -9,8 +9,20 @@
int lsetfilecon_raw(const char *path, const security_context_t context)
{
return lsetxattr(path, XATTR_NAME_SELINUX, context, strlen(context) + 1,
int rc = lsetxattr(path, XATTR_NAME_SELINUX, context, strlen(context) + 1,
0);
if (rc < 0 && errno == ENOTSUP) {
security_context_t ccontext = NULL;
int err = errno;
if ((lgetfilecon_raw(path, &ccontext) >= 0) &&
(strcmp(context,ccontext) == 0)) {
rc = 0;
} else {
errno = err;
}
freecon(ccontext);
}
return rc;
}
hidden_def(lsetfilecon_raw)

14
libselinux/src/setfilecon.c
View File

@ -9,8 +9,20 @@
int setfilecon_raw(const char *path, const security_context_t context)
{
return setxattr(path, XATTR_NAME_SELINUX, context, strlen(context) + 1,
int rc = setxattr(path, XATTR_NAME_SELINUX, context, strlen(context) + 1,
0);
if (rc < 0 && errno == ENOTSUP) {
security_context_t ccontext = NULL;
int err = errno;
if ((getfilecon_raw(path, &ccontext) >= 0) &&
(strcmp(context,ccontext) == 0)) {
rc = 0;
} else {
errno = err;
}
freecon(ccontext);
}
return rc;
}
hidden_def(setfilecon_raw)