Attachment #377200 for bug #508684

View | Details | Raw Unified | Return to bug 508684
Collapse All | Expand All

Lines 9-14 GNU coreutils NEWS -- outline -- Link Here

(-)a/NEWS (+5 lines)
9	the context of an existing directory to that of its last copied descendent.	9	the context of an existing directory to that of its last copied descendent.
10	[bug introduced in coreutils-8.22]	10	[bug introduced in coreutils-8.22]
11		11
		12	cp -a, mv, and install --preserve-context, no longer seg fault when running
		13	with SELinux enabled, when copying from file systems that return an error
		14	when reading the SELinux context for a file.
		15	[bug introduced in coreutils-8.22]
		16
12		17
13	* Noteworthy changes in release 8.22 (2013-12-13) [stable]	18	* Noteworthy changes in release 8.22 (2013-12-13) [stable]
14		19

Lines 192-197 restorecon_private (char const *path, bool local) Link Here

(-)a/src/selinux.c (+5 lines)
192	{	192	{
193	if (getfscreatecon (&tcon) < 0)	193	if (getfscreatecon (&tcon) < 0)
194	return rc;	194	return rc;
		195	if (!tcon)
		196	{
		197	errno = ENODATA;
		198	return rc;
		199	}
195	rc = lsetfilecon (path, tcon);	200	rc = lsetfilecon (path, tcon);
196	freecon (tcon);	201	freecon (tcon);
197	return rc;	202	return rc;




#!/bin/sh
# Ensure we handle file systems returning no SELinux context,
# which triggered a segmentation fault in coreutils-8.22.
# This test is skipped on systems that lack LD_PRELOAD support; that's fine.
# Similarly, on a system that lacks lgetfilecon altogether, skipping it is fine.

# Copyright (C) 2014 Free Software Foundation, Inc.

# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.

# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.

# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src
print_ver_ cp
require_gcc_shared_

# Replace each getfilecon and lgetfilecon call with a call to these stubs.
cat > k.c <<'EOF' || framework_failure_
#include <stdio.h>
#include <selinux/selinux.h>
#include <errno.h>

int getfilecon (const char *path, security_context_t *con)
{
  /* Leave a marker so we can identify if the function was intercepted.  */
  fclose(fopen("preloaded", "w"));

  errno=ENODATA;
  return -1;
}

int lgetfilecon (const char *path, security_context_t *con)
{ return getfilecon (path, con); }
EOF

# Then compile/link it:
gcc_shared_ k.c k.so \
  || skip_ 'failed to build SELinux shared library'

touch file_src

# New file with SELinux context optionally included
LD_PRELOAD=./k.so cp -a file_src file_dst || fail=1

# Existing file with SELinux context optionally included
LD_PRELOAD=./k.so cp -a file_src file_dst || fail=1

# ENODATA should give an immediate error when required to preserve ctx
# This is debatable, and maybe we should not fail when no context available?
LD_PRELOAD=./k.so cp --preserve=context file_src file_dst && fail=1

test -e preloaded || skip_ 'LD_PRELOAD interception failed'

Exit $fail

Lines 161-166 all_tests = \ Link Here

(-)a/tests/local.mk (-1 / +1 lines)
161	tests/rm/ext3-perf.sh \	161	tests/rm/ext3-perf.sh \
162	tests/rm/cycle.sh \	162	tests/rm/cycle.sh \
163	tests/cp/link-heap.sh \	163	tests/cp/link-heap.sh \
		164	tests/cp/no-ctx.sh \
164	tests/misc/tty-eof.pl \	165	tests/misc/tty-eof.pl \
165	tests/tail-2/inotify-hash-abuse.sh \	166	tests/tail-2/inotify-hash-abuse.sh \
166	tests/tail-2/inotify-hash-abuse2.sh \	167	tests/tail-2/inotify-hash-abuse2.sh \
167	-

Return to bug 508684

Line 0 Link Here

(-)a/tests/cp/no-ctx.sh (+63 lines)
	1	#!/bin/sh
	2	# Ensure we handle file systems returning no SELinux context,
	3	# which triggered a segmentation fault in coreutils-8.22.
	4	# This test is skipped on systems that lack LD_PRELOAD support; that's fine.
	5	# Similarly, on a system that lacks lgetfilecon altogether, skipping it is fine.
	6
	7	# Copyright (C) 2014 Free Software Foundation, Inc.
	8
	9	# This program is free software: you can redistribute it and/or modify
	10	# it under the terms of the GNU General Public License as published by
	11	# the Free Software Foundation, either version 3 of the License, or
	12	# (at your option) any later version.
	13
	14	# This program is distributed in the hope that it will be useful,
	15	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	16	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	17	# GNU General Public License for more details.
	18
	19	# You should have received a copy of the GNU General Public License
	20	# along with this program. If not, see <http://www.gnu.org/licenses/>.
	21
	22	. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src
	23	print_ver_ cp
	24	require_gcc_shared_
	25
	26	# Replace each getfilecon and lgetfilecon call with a call to these stubs.
	27	cat > k.c <<'EOF' \|\| framework_failure_
	28	#include <stdio.h>
	29	#include <selinux/selinux.h>
	30	#include <errno.h>
	31
	32	int getfilecon (const char path, security_context_t con)
	33	{
	34	/* Leave a marker so we can identify if the function was intercepted. */
	35	fclose(fopen("preloaded", "w"));
	36
	37	errno=ENODATA;
	38	return -1;
	39	}
	40
	41	int lgetfilecon (const char path, security_context_t con)
	42	{ return getfilecon (path, con); }
	43	EOF
	44
	45	# Then compile/link it:
	46	gcc_shared_ k.c k.so \
	47	\|\| skip_ 'failed to build SELinux shared library'
	48
	49	touch file_src
	50
	51	# New file with SELinux context optionally included
	52	LD_PRELOAD=./k.so cp -a file_src file_dst \|\| fail=1
	53
	54	# Existing file with SELinux context optionally included
	55	LD_PRELOAD=./k.so cp -a file_src file_dst \|\| fail=1
	56
	57	# ENODATA should give an immediate error when required to preserve ctx
	58	# This is debatable, and maybe we should not fail when no context available?
	59	LD_PRELOAD=./k.so cp --preserve=context file_src file_dst && fail=1
	60
	61	test -e preloaded \|\| skip_ 'LD_PRELOAD interception failed'
	62
	63	Exit $fail