selinux

mirror of https://github.com/SELinuxProject/selinux synced 2025-01-20 12:30:45 +00:00

History

Christian Göttsche a782abf226 libselinux: emulate O_PATH support in fgetfilecon/fsetfilecon Operating on a file descriptor avoids TOCTOU issues and one opened via O_PATH avoids the requirement of having read access to the file. Since Linux does not natively support file descriptors opened via O_PATH in fgetxattr(2) and at least glibc and musl does not emulate O_PATH support in their implementations, fgetfilecon(3) and fsetfilecon(3) also do not currently support file descriptors opened with O_PATH. Inspired by CVE-2013-4392: https://github.com/systemd/systemd/pull/8583 Implementation adapted from: `2825f10b7f`%5E%21/ Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Acked-by: James Carter <jwcart2@gmail.com>		2022-05-16 10:21:47 -04:00
..
include	selinux_restorecon: introduce SELINUX_RESTORECON_COUNT_ERRORS	2022-05-04 10:31:42 +02:00
man	libselinux: emulate O_PATH support in fgetfilecon/fsetfilecon	2022-05-16 10:21:47 -04:00
src	libselinux: emulate O_PATH support in fgetfilecon/fsetfilecon	2022-05-16 10:21:47 -04:00
utils	libselinux/utils: check for valid contexts to improve error causes	2022-04-12 13:09:27 -04:00
LICENSE	initial import from svn trunk revision 2950	2008-08-19 15:30:36 -04:00
Makefile	libselinux: use PCRE2 by default	2021-12-09 11:07:00 -05:00
VERSION	Update VERSIONs to 3.4-rc3 for release.	2022-05-04 19:20:37 +02:00