Question about stat

All of lore.kernel.org
 help / color / mirror / Atom feed

* Question about stat
@ 2006-11-21 12:24 KaiGai Kohei
  2006-11-21 14:12 ` Stephen Smalley
  0 siblings, 1 reply; 3+ messages in thread
From: KaiGai Kohei @ 2006-11-21 12:24 UTC (permalink / raw)
  To: selinux; +Cc: Yoshinori Sato, Yuichi Nakamura

[-- Attachment #1: Type: text/plain, Size: 471 bytes --]

I found a strange behavior of the stat in coreutils-5.97-14.fc7.src.rpm.

see below,

[kaigai@masu ~]$ stat -c "%C" mytest.sql
(null)
[kaigai@masu ~]$ stat -Z -c "%C" mytest.sql
user_u:object_r:user_home_t:s0
[kaigai@masu ~]$

Because stat command without '-Z' option doesn't try to obtain
the security context of the files specified, the format string
which contains "%C" doesn't work correctly.

Is it expected behavior?

Thanks,
-- 
KaiGai Kohei <kaigai@kaigai.gr.jp>

[-- Attachment #2: coreutils-selinux-fix-stat.patch --]
[-- Type: text/x-patch, Size: 1174 bytes --]

--- coreutils-5.97.orig/src/stat.c	2006-11-21 20:44:35.000000000 +0900
+++ coreutils-5.97.kg/src/stat.c	2006-11-21 20:53:31.000000000 +0900
@@ -711,11 +711,15 @@ do_statfs (char const *filename, bool te
   STRUCT_STATVFS statfsbuf;
   SECURITY_ID_T scontext = NULL;
 #ifdef WITH_SELINUX
-  if(secure)
-    if (getfilecon(filename,&scontext)<0) {
-      perror (filename);
-      return false;
+  if (is_selinux_enabled()) {
+    if (getfilecon(filename,&scontext) < 0) {
+      if (secure) {
+	perror (filename);
+	return false;
+      }
+      scontext = NULL;
     }
+  }
 #endif
 
   if (STATFS (filename, &statfsbuf) != 0)
@@ -775,17 +779,17 @@ do_stat (char const *filename, bool foll
     }
 
 #ifdef WITH_SELINUX
-  if(secure) {
-    int i;
-    if (!follow_links) 
-      i=lgetfilecon(filename, &scontext);
-    else
-      i=getfilecon(filename, &scontext);
-    if (i == -1)
-      {
+  if (is_selinux_enabled()) {
+    int rc = (!follow_links
+	      ? lgetfilecon(filename, &scontext)
+	      : getfilecon(filename, &scontext));
+    if (rc < 0) {
+      scontext = NULL;
+      if (secure) {
 	perror (filename);
 	return false;
       }
+    }
   }
 #endif
 

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Question about stat
  2006-11-21 12:24 Question about stat KaiGai Kohei
@ 2006-11-21 14:12 ` Stephen Smalley
  2006-11-21 14:49   ` KaiGai Kohei
  0 siblings, 1 reply; 3+ messages in thread
From: Stephen Smalley @ 2006-11-21 14:12 UTC (permalink / raw)
  To: KaiGai Kohei; +Cc: selinux, Yoshinori Sato, Yuichi Nakamura

On Tue, 2006-11-21 at 21:24 +0900, KaiGai Kohei wrote:
> I found a strange behavior of the stat in coreutils-5.97-14.fc7.src.rpm.
> 
> see below,
> 
> [kaigai@masu ~]$ stat -c "%C" mytest.sql
> (null)
> [kaigai@masu ~]$ stat -Z -c "%C" mytest.sql
> user_u:object_r:user_home_t:s0
> [kaigai@masu ~]$
> 
> Because stat command without '-Z' option doesn't try to obtain
> the security context of the files specified, the format string
> which contains "%C" doesn't work correctly.
> 
> Is it expected behavior?

That sounds like a bug to me; the use of '%C' in the format string
should implicitly enable the invocation of getfilecon.  I'd suggest
filing a bug against coreutils in fedora devel at bugzilla.redhat.com,
as there is no "upstream" repository presently for the coreutils selinux
patch.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Question about stat
  2006-11-21 14:12 ` Stephen Smalley
@ 2006-11-21 14:49   ` KaiGai Kohei
  0 siblings, 0 replies; 3+ messages in thread
From: KaiGai Kohei @ 2006-11-21 14:49 UTC (permalink / raw)
  To: Stephen Smalley; +Cc: selinux, Yoshinori Sato, Yuichi Nakamura

Stephen Smalley wrote:
> On Tue, 2006-11-21 at 21:24 +0900, KaiGai Kohei wrote:
>> I found a strange behavior of the stat in coreutils-5.97-14.fc7.src.rpm.
>>
>> see below,
>>
>> [kaigai@masu ~]$ stat -c "%C" mytest.sql
>> (null)
>> [kaigai@masu ~]$ stat -Z -c "%C" mytest.sql
>> user_u:object_r:user_home_t:s0
>> [kaigai@masu ~]$
>>
>> Because stat command without '-Z' option doesn't try to obtain
>> the security context of the files specified, the format string
>> which contains "%C" doesn't work correctly.
>>
>> Is it expected behavior?
> 
> That sounds like a bug to me; the use of '%C' in the format string
> should implicitly enable the invocation of getfilecon.  I'd suggest
> filing a bug against coreutils in fedora devel at bugzilla.redhat.com,
> as there is no "upstream" repository presently for the coreutils selinux
> patch.

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=216672

I filed it at bugzilla.redhat.com.

Thanks,
-- 
KaiGai Kohei <kaigai@kaigai.gr.jp>

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2006-11-21 14:51 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-11-21 12:24 Question about stat KaiGai Kohei
2006-11-21 14:12 ` Stephen Smalley
2006-11-21 14:49   ` KaiGai Kohei

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.