RepoMirrors
/
selinux
mirror of https://github.com/SELinuxProject/selinux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
selinux/libselinux
History
Stephen Smalley ab2cf74685 libselinux: fix selinux_restorecon() statfs bug 
As reported in https://github.com/SELinuxProject/selinux/issues/248,
setfiles -r (rootpath) fails when the alternate root contains a symlink
that is correct relative to the alternate root but not in the current root.
This is a regression introduced by commit e016502c0a ("libselinux: Save
digest of all partial matches for directory").  Do not call statfs(2) here
if acting on a symbolic link.  Unfortunately there is no lstatfs() call.
Ensure that we initialize the statfs buffer always.  If the supplied
file is a symlink, then we don't need to worry about the later tests of
filesystem type because we wouldn't be setting the digest anyway and
we are not performing a full sysfs relabel.  While here, fix the earlier
test for a directory to use the correct test.

Reproducer:
$ mkdir /root/my-chroot && echo foo > /root/my-chroot/link-target && ln -s /link-target /root/my-chroot/symlink
$ echo "/root/my-chroot/symlink" | setfiles -vFi -r /root/my-chroot -f - /etc/selinux/targeted/contexts/files/file_contexts

Before:
setfiles: statfs(/root/my-chroot/symlink) failed: No such file or directory

After:
Relabeled /root/my-chroot/symlink from unconfined_u:object_r:admin_home_t:s0 to system_u:object_r:default_t:s0

Fixes: https://github.com/SELinuxProject/selinux/issues/248
Fixes: e016502c0a ("libselinux: Save digest of all partial matches for directory")
Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Tested-by: Jonathan Lebon <jlebon@redhat.com>
Acked-by: Petr Lautrbach <plautrba@redhat.com>
 		2020-06-18 19:25:27 +02:00
..
include libselinux: mark security_context_t typedef as deprecated 2020-05-01 10:48:19 -05:00
man libselinux: Add selinux_restorecon option to treat conflicting specifications as an error. 2020-04-14 18:22:17 +02:00
src libselinux: fix selinux_restorecon() statfs bug 2020-06-18 19:25:27 +02:00
utils utils: matchpathcon add deprecated warning 2020-04-30 09:13:25 -05:00
LICENSE
Makefile libselinux: Add support for pcre2 to pkgconfig definition 2017-10-13 15:24:23 -04:00
VERSION Update VERSIONs to 3.1-rc1 for release. 2020-05-15 15:54:08 +02:00