[PATCH] sandbox/seunshare: fix error checking for setfsuid()

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] sandbox/seunshare: fix error checking for setfsuid()
@ 2026-05-12 19:35 Stephen Smalley
  2026-05-14 12:44 ` Petr Lautrbach
  0 siblings, 1 reply; 3+ messages in thread
From: Stephen Smalley @ 2026-05-12 19:35 UTC (permalink / raw)
  To: selinux; +Cc: jwcart2, plautrba, omosnace, paul, perfinion, Stephen Smalley

setfsuid() doesn't reliably set errno or return anything indicating
an error.

Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
---
 sandbox/seunshare.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sandbox/seunshare.c b/sandbox/seunshare.c
index 17a727e7..b9c85bf2 100644
--- a/sandbox/seunshare.c
+++ b/sandbox/seunshare.c
@@ -858,8 +858,8 @@ int main(int argc, char **argv) {
 	/* Changing fsuid is usually required when user-specified directory is
 	 * on an NFS mount.  It's also desired to avoid leaking info about
 	 * existence of the files not accessible to the user. */
-	if (((uid_t)setfsuid(uid) != 0)   && (errno != 0)) {
-		fprintf(stderr, _("Error: unable to setfsuid %m\n"));
+	if ((uid_t)setfsuid(uid) != 0) {
+		fprintf(stderr, _("Error: unable to setfsuid\n"));
 
 		return -1;
 	}
-- 
2.54.0


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] sandbox/seunshare: fix error checking for setfsuid()
  2026-05-12 19:35 [PATCH] sandbox/seunshare: fix error checking for setfsuid() Stephen Smalley
@ 2026-05-14 12:44 ` Petr Lautrbach
  2026-05-15 14:08   ` Petr Lautrbach
  0 siblings, 1 reply; 3+ messages in thread
From: Petr Lautrbach @ 2026-05-14 12:44 UTC (permalink / raw)
  To: Stephen Smalley, selinux
  Cc: jwcart2, omosnace, paul, perfinion, Stephen Smalley

Stephen Smalley <stephen.smalley.work@gmail.com> writes:

> setfsuid() doesn't reliably set errno or return anything indicating
> an error.
>
> Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>

Acked-by: Petr Lautrbach <lautrbach@redhat.com>

> ---
>  sandbox/seunshare.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/sandbox/seunshare.c b/sandbox/seunshare.c
> index 17a727e7..b9c85bf2 100644
> --- a/sandbox/seunshare.c
> +++ b/sandbox/seunshare.c
> @@ -858,8 +858,8 @@ int main(int argc, char **argv) {
>  	/* Changing fsuid is usually required when user-specified directory is
>  	 * on an NFS mount.  It's also desired to avoid leaking info about
>  	 * existence of the files not accessible to the user. */
> -	if (((uid_t)setfsuid(uid) != 0)   && (errno != 0)) {
> -		fprintf(stderr, _("Error: unable to setfsuid %m\n"));
> +	if ((uid_t)setfsuid(uid) != 0) {
> +		fprintf(stderr, _("Error: unable to setfsuid\n"));
>  
>  		return -1;
>  	}
> -- 
> 2.54.0


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] sandbox/seunshare: fix error checking for setfsuid()
  2026-05-14 12:44 ` Petr Lautrbach
@ 2026-05-15 14:08   ` Petr Lautrbach
  0 siblings, 0 replies; 3+ messages in thread
From: Petr Lautrbach @ 2026-05-15 14:08 UTC (permalink / raw)
  To: Stephen Smalley, selinux
  Cc: jwcart2, omosnace, paul, perfinion, Stephen Smalley

Petr Lautrbach <plautrba@redhat.com> writes:

> Stephen Smalley <stephen.smalley.work@gmail.com> writes:
>
>> setfsuid() doesn't reliably set errno or return anything indicating
>> an error.
>>
>> Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
>
> Acked-by: Petr Lautrbach <lautrbach@redhat.com>

Merged, thanks!


>> ---
>>  sandbox/seunshare.c | 4 ++--
>>  1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/sandbox/seunshare.c b/sandbox/seunshare.c
>> index 17a727e7..b9c85bf2 100644
>> --- a/sandbox/seunshare.c
>> +++ b/sandbox/seunshare.c
>> @@ -858,8 +858,8 @@ int main(int argc, char **argv) {
>>  	/* Changing fsuid is usually required when user-specified directory is
>>  	 * on an NFS mount.  It's also desired to avoid leaking info about
>>  	 * existence of the files not accessible to the user. */
>> -	if (((uid_t)setfsuid(uid) != 0)   && (errno != 0)) {
>> -		fprintf(stderr, _("Error: unable to setfsuid %m\n"));
>> +	if ((uid_t)setfsuid(uid) != 0) {
>> +		fprintf(stderr, _("Error: unable to setfsuid\n"));
>>  
>>  		return -1;
>>  	}
>> -- 
>> 2.54.0


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2026-05-15 14:09 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-12 19:35 [PATCH] sandbox/seunshare: fix error checking for setfsuid() Stephen Smalley
2026-05-14 12:44 ` Petr Lautrbach
2026-05-15 14:08   ` Petr Lautrbach

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.