From: Martin Orr <martin@martinorr.name>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Manoj Srivastava <srivasta@golden-gryphon.com>,
selinux@tycho.nsa.gov, 544215-forwarded@bugs.debian.org,
Chad Sellers <csellers@tresys.com>,
Joshua Brindle <jbrindle@tresys.com>
Subject: Re: restorecon and symbolic links
Date: Wed, 02 Sep 2009 13:24:38 +0100 [thread overview]
Message-ID: <4A9E6406.5000501@martinorr.name> (raw)
In-Reply-To: <1251816403.27334.114.camel@moss-pluto.epoch.ncsc.mil>
On 01/09/09 15:46, Stephen Smalley wrote:
> On Tue, 2009-09-01 at 15:34 +0100, Martin Orr wrote:
>> Here's a patch that works, and does what I want.
>>
>> It moves most of process_one into process_one_realpath, which assumes that
>> the path it is given requires no further expansion.
>> Now if given a symlink, call symlink_realpath to get the real path ignoring
>> the last component, and give that to process_one_realpath; tell
>> process_one_realpath not to recurse so this acts on the symlink only.
>> Then call process_one_realpath again with the real path of the target, to
>> recurse into it.
>
> The function naming seems the reverse of what one might expect (the
> function with _realpath in the name doesn't call realpath). Also, you
> can pass NULL for the resolved path argument to realpath() rather than
> giving it a fixed-size buffer from the stack and let it allocate the
> buffer for you, as we already do elsewhere.
The reason I named the function that way was because the function with
_realpath expects a real path as an argument, but if this is confusing or
goes against a convention used elsewhere then it could be changed.
I copied the symlink_realpath code from what used to be in match. I assumed
that it needed a buffer on the stack because it then concatenates the last
component of the path on to that buffer, and realpath might not allocate a
long enough buffer.
> > Not sure it is worth warning about the broken symlink case, and that
> > will trigger warnings for your existing users in the
> > restorecon /dev/stdin case, right?
I agree, it is not worth warning about broken symlinks, except maybe if -v
is specified.
>> diff --git a/policycoreutils/setfiles/setfiles.c b/policycoreutils/setfiles/setfiles.c
>> index 4c47f21..c84cd6f 100644
>> --- a/policycoreutils/setfiles/setfiles.c
>> +++ b/policycoreutils/setfiles/setfiles.c
>> @@ -545,7 +545,47 @@ int canoncon(char **contextp)
>> return rc;
>> }
>>
>> -static int process_one(char *name)
>> +static int symlink_realpath(char *name, char *path)
>> +{
>> + char *p = NULL, *file_sep;
>> + char *tmp_path = strdupa(name);
>> + size_t len = 0;
>> +
>> + if (!tmp_path) {
>> + fprintf(stderr, "strdupa on %s failed: %s\n", name,
>> + strerror(errno));
>> + return -1;
>> + }
>> + file_sep = strrchr(tmp_path, '/');
>> + if (file_sep == tmp_path) {
>> + file_sep++;
>> + p = strcpy(path, "");
>> + } else if (file_sep) {
>> + *file_sep = 0;
>> + file_sep++;
>> + p = realpath(tmp_path, path);
>> + } else {
>> + file_sep = tmp_path;
>> + p = realpath("./", path);
>> + }
>> + if (p)
>> + len = strlen(p);
>> + if (!p || len + strlen(file_sep) + 2 > PATH_MAX) {
>> + fprintf(stderr, "symlink_realpath(%s) failed %s\n", name,
>> + strerror(errno));
>> + return -1;
>> + }
>> + p += len;
>> + /* ensure trailing slash of directory name */
>> + if (len == 0 || *(p - 1) != '/') {
>> + *p = '/';
>> + p++;
>> + }
>> + strcpy(p, file_sep);
>> + return 0;
>> +}
>> +
>> +static int process_one_realpath(char *name, int recurse_this_path)
>> {
>> int rc = 0;
>> const char *namelist[2];
>> @@ -553,18 +593,6 @@ static int process_one(char *name)
>> FTS *fts_handle;
>> FTSENT *ftsent;
>>
>> - if (expand_realpath) {
>> - char *p;
>> - p = realpath(name, NULL);
>> - if (!p) {
>> - fprintf(stderr, "realpath(%s) failed %s\n", name,
>> - strerror(errno));
>> - return -1;
>> - }
>> - name = p;
>> - }
>> -
>> -
>> if (!strcmp(name, "/"))
>> mass_relabel = 1;
>>
>> @@ -604,7 +632,7 @@ static int process_one(char *name)
>> fts_set(fts_handle, ftsent, FTS_SKIP);
>> if (rc == ERR)
>> goto err;
>> - if (!recurse)
>> + if (!recurse_this_path)
>> break;
>> } while ((ftsent = fts_read(fts_handle)) != NULL);
>>
>> @@ -619,8 +647,6 @@ out:
>> }
>> if (fts_handle)
>> fts_close(fts_handle);
>> - if (expand_realpath)
>> - free(name);
>> return rc;
>>
>> err:
>> @@ -630,6 +656,55 @@ err:
>> goto out;
>> }
>>
>> +static int process_one(char *name)
>> +{
>> + int rc = 0;
>> + char *p;
>> + struct stat sb;
>> +
>> + if (!expand_realpath) {
>> + return process_one_realpath(name, recurse);
>> + } else {
>> + rc = lstat(name, &sb);
>> + if (rc < 0) {
>> + fprintf(stderr, "%s: lstat(%s) failed: %s\n",
>> + progname, name, strerror(errno));
>> + return -1;
>> + }
>> +
>> + if (S_ISLNK(sb.st_mode)) {
>> + char path[PATH_MAX + 1];
>> +
>> + rc = symlink_realpath(name, path);
>> + if (rc < 0)
>> + return rc;
>> + rc = process_one_realpath(path, 0);
>> + if (rc < 0)
>> + return rc;
>> +
>> + p = realpath(name, NULL);
>> + if (!p) {
>> + fprintf(stderr, "Warning: %s: Broken symlink: %s\n",
>> + name, strerror(errno));
>> + return 0;
>> + }
>> + rc = process_one_realpath(p, recurse);
>> + free(p);
>> + return rc;
>> + } else {
>> + p = realpath(name, NULL);
>> + if (!p) {
>> + fprintf(stderr, "realpath(%s) failed %s\n", name,
>> + strerror(errno));
>> + return -1;
>> + }
>> + rc = process_one_realpath(p, recurse);
>> + free(p);
>> + return rc;
>> + }
>> + }
>> +}
>> +
>> #ifndef USE_AUDIT
>> static void maybe_audit_mass_relabel(void)
>> {
>>
--
Martin Orr
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2009-09-02 12:24 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-08-29 17:10 restorecon and symbolic links Martin Orr
2009-08-29 23:19 ` Manoj Srivastava
2009-08-31 12:17 ` Stephen Smalley
2009-08-31 12:20 ` Stephen Smalley
2009-08-31 13:24 ` Martin Orr
2009-08-31 13:21 ` Martin Orr
2009-08-31 20:27 ` Stephen Smalley
2009-09-01 13:43 ` Martin Orr
2009-09-01 14:34 ` Martin Orr
2009-09-01 14:46 ` Stephen Smalley
2009-09-02 12:24 ` Martin Orr [this message]
2009-09-02 12:52 ` Stephen Smalley
2009-09-03 9:47 ` Martin Orr
2009-09-03 15:25 ` Stephen Smalley
2009-09-03 20:17 ` SELinux and SSH Timers ? Hasan Rezaul-CHR010
2009-09-03 20:32 ` Stephen Smalley
2009-09-04 11:49 ` Stephen Smalley
2009-09-04 14:45 ` Hasan Rezaul-CHR010
2009-09-04 14:56 ` Stephen Smalley
2009-09-04 14:55 ` Hasan Rezaul-CHR010
2009-09-04 15:17 ` Hasan Rezaul-CHR010
2009-09-04 16:06 ` Stephen Smalley
2009-09-04 16:15 ` Hasan Rezaul-CHR010
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A9E6406.5000501@martinorr.name \
--to=martin@martinorr.name \
--cc=544215-forwarded@bugs.debian.org \
--cc=csellers@tresys.com \
--cc=jbrindle@tresys.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
--cc=srivasta@golden-gryphon.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.