mirror of
https://github.com/SELinuxProject/selinux
synced 2024-12-22 22:12:16 +00:00
4ad1896954
matchpathcon cannot handle ./ or ../ in pathnames and doesn't do well with symlinks. This patch uses the glibc function realpath() to try to determine a real path with resolved symlinks and dot directories. For example before this pach we would see: $ matchpathcon /tmp/../eric /tmp/../eric <<none>> $ matchpathcon /eric /eric system_u:object_r:default_t:s0 Whereas after the path we get the same results. The one quirk with the patch is that we need special code to make sure that realpath() does not follow a symlink if it is the final component. aka if we have a symlink from /eric to /tmp/eric we do not want to resolv to /tmp/eric. We want to just resolv to the actual symlink /eric. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> |
||
---|---|---|
.. | ||
.gitignore | ||
avcstat.c | ||
compute_av.c | ||
compute_create.c | ||
compute_member.c | ||
compute_relabel.c | ||
compute_user.c | ||
getconlist.c | ||
getdefaultcon.c | ||
getenforce.c | ||
getfilecon.c | ||
getpidcon.c | ||
getsebool.c | ||
getseuser.c | ||
Makefile | ||
matchpathcon.c | ||
policyvers.c | ||
selinux_check_securetty_context.c | ||
selinuxenabled.c | ||
selinuxexeccon.c | ||
setenforce.c | ||
setfilecon.c | ||
togglesebool.c |