rpms/coreutils/devel coreutils-6.9-requiresecuritycontext.patch, NONE, 1.1 coreutils.spec, 1.180, 1.181

Tue Oct 30 16:31:11 UTC 2007

Author: ovasik

Update of /cvs/extras/rpms/coreutils/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17577

Modified Files:
	coreutils.spec 
Added Files:
	coreutils-6.9-requiresecuritycontext.patch 
Log Message:
fix of cp -a rewriting existing file on NFS(#219900)

coreutils-6.9-requiresecuritycontext.patch:

--- NEW FILE coreutils-6.9-requiresecuritycontext.patch ---
diff -ur coreutils-6.9-orig/src/install.c coreutils-6.9/src/install.c
--- a/src/install.c 2007-10-30 12:34:07.000000000 +0100
+++ b/src/install.c 2007-10-30 15:41:15.000000000 +0100
@@ -174,6 +174,7 @@
   x->preserve_mode = false;
   x->preserve_timestamps = false;
   x->require_preserve = false;
+  x->require_preserve_context = false;
   x->recursive = false;
   x->sparse_mode = SPARSE_AUTO;
   x->symbolic_link = false;
diff -ur coreutils-6.9-orig/src/mv.c coreutils-6.9/src/mv.c
--- a/src/mv.c 2007-10-30 12:34:07.000000000 +0100
+++ b/src/mv.c 2007-10-30 15:34:37.000000000 +0100
@@ -131,6 +131,7 @@
   x->preserve_timestamps = true;
   x->preserve_security_context = selinux_enabled;
   x->require_preserve = false;  /* FIXME: maybe make this an option */
+  x->require_preserve_context = false;
   x->recursive = true;
   x->sparse_mode = SPARSE_AUTO;  /* FIXME: maybe make this an option */
   x->symbolic_link = false;
diff -ur coreutils-6.9-orig/src/copy.c coreutils-6.9/src/copy.c
--- coreutils-6.9-orig/src/copy.c	2007-10-30 12:34:07.000000000 +0100
+++ coreutils-6.9/src/copy.c	2007-10-30 16:01:22.000000000 +0100
@@ -306,25 +307,33 @@
   if (! *new_dst)
     {
       dest_desc = open (dst_name, O_WRONLY | O_TRUNC | O_BINARY);
 
 #ifdef WITH_SELINUX
-      if (dest_desc >= 0 && selinux_enabled &&
-	  (x->preserve_security_context || x->set_security_context))
+      if (x->preserve_security_context && 0 <= dest_desc)
 	{
-	  security_context_t con;
-	  if(getfscreatecon(&con) == -1)
+	  security_context_t con = NULL;
+	  if(getfscreatecon(&con) < 0)
 	    {
-	      return_val = false;
-	      goto close_src_desc;
+        if (x->require_preserve_context)
+        {
+         error(0, errno, _("failed to get file system create context"));
+	        return_val = false;
+	        goto close_src_desc;
+        }
 	    }
 
 	  if (con)
 	    {
-	      if(fsetfilecon(dest_desc, con) == -1)
+	      if(fsetfilecon(dest_desc, con) < 0)
 		{
-		  return_val = false;
-		  freecon(con);
-		  goto close_src_desc;
+      if (x->require_preserve_context)
+      {
+        error(0, errno, _("failed to set security context of %s to %s"), 
+              quote_n (0, dst_name), quote_n(1, con));
+        return_val = false;
+		    freecon(con);
+		    goto close_src_desc;
+      }
 		}
 	      freecon(con);
 	    }
@@ -1577,10 +1587,10 @@
 	{
 	  if (setfscreatecon(con) < 0) 
 	    {
-	      error (0, errno, _("cannot set setfscreatecon %s"), quote (con));
-	      if (x->require_preserve) {
-		freecon(con);
-		return 1;
+	      error (0, errno, _("cannot set default file creation context to %s"), quote (con));
+	      if (x->require_preserve_context) {
+            freecon(con);
+            return false;
 	      }
 	    }
 	  freecon(con);
@@ -1588,7 +1598,8 @@
       else {
 	if (( errno != ENOTSUP ) && ( errno != ENODATA )) {
 	  error (0, errno, _("cannot lgetfilecon %s"), quote (src_name));
-	  return 1;
+	  if (x->require_preserve_context)
+	    return false;
 	}
       }
   }
diff -ur coreutils-6.9-orig/src/copy.h coreutils-6.9/src/copy.h
--- coreutils-6.9-orig/src/copy.h	2007-10-30 12:34:07.000000000 +0100
+++ coreutils-6.9/src/copy.h	2007-10-30 15:52:59.000000000 +0100
@@ -150,6 +150,18 @@
      it be zero.  */
   bool require_preserve;
 
+  /* Useful only when preserve_security_context is true.
+     If true, a failed attempt to preserve a file's security context
+     propagates failure "out" to the caller.  If false, a failure to
+     preserve a file's security context does not change the invoking
+     application's exit status.  Give diagnostics for failed syscalls
+     regardless of this setting.  For example, with "cp --preserve=context"
+     this flag is "true", while with "cp -a", it is false.  That means
+     "cp -a" attempts to preserve any security context, but does not
+     fail if it is unable to do so.  */
+  bool require_preserve_context;
+
+
   /* If true, copy directories recursively and copy special files
      as themselves rather than copying their contents. */
   bool recursive;
diff -ur coreutils-6.9-orig/src/cp.c coreutils-6.9/src/cp.c
--- coreutils-6.9-orig/src/cp.c	2007-10-30 12:42:13.000000000 +0100
+++ coreutils-6.9/src/cp.c	2007-10-30 16:00:33.000000000 +0100
@@ -766,7 +766,7 @@
   x->preserve_security_context = false;
   x->set_security_context = false;
 #endif
-
+  x->require_preserve_context  = false;
   x->require_preserve = false;
   x->recursive = false;
   x->sparse_mode = SPARSE_AUTO;
@@ -844,6 +844,7 @@
 
 	case PRESERVE_CONTEXT:
 	  x->preserve_security_context = on_off;
+    x->require_preserve_context = on_off;
 	  break;
 
 	case PRESERVE_ALL:
@@ -851,7 +834,10 @@
 	  x->preserve_timestamps = on_off;
 	  x->preserve_ownership = on_off;
 	  x->preserve_links = on_off;
-	  x->preserve_security_context = on_off;
+	  if (selinux_enabled) {
+	    x->preserve_security_context = on_off;
+     x->require_preserve_context = on_off;
+   }
 	  break;
 
 	default:
@@ -915,8 +916,9 @@
 	  x.preserve_ownership = true;
 	  x.preserve_mode = true;
 	  x.preserve_timestamps = true;
-	  x.preserve_security_context = true;
-	  x.require_preserve = true;
+		if (selinux_enabled)
+	  	x.preserve_security_context = true;
+    x.require_preserve = true;
 	  x.recursive = true;
 	  break;
 


Index: coreutils.spec
===================================================================
RCS file: /cvs/extras/rpms/coreutils/devel/coreutils.spec,v
retrieving revision 1.180
retrieving revision 1.181
diff -u -r1.180 -r1.181
--- coreutils.spec	29 Oct 2007 16:12:27 -0000	1.180
+++ coreutils.spec	30 Oct 2007 16:30:38 -0000	1.181
@@ -1,7 +1,7 @@
 Summary: The GNU core utilities: a set of tools commonly used in shell scripts
 Name:    coreutils
 Version: 6.9
-Release: 10%{?dist}
+Release: 11%{?dist}
 License: GPLv2+
 Group:   System Environment/Base
 Url:     http://www.gnu.org/software/coreutils/
@@ -46,6 +46,8 @@
 
 #SELINUX Patch
 Patch950: coreutils-selinux.patch
+#SELINUX Patch fix to allow cp -a rewrite file on different filesystem
+Patch951: coreutils-6.9-requiresecuritycontext.patch
 
 BuildRequires: libselinux-devel >= 1.25.6-1
 BuildRequires: libacl-devel
@@ -111,6 +113,7 @@
 
 #SELinux
 %patch950 -p1 -b .selinux
+%patch951 -p1 -b .require-preserve
 
 # Don't run basic-1 test, since it breaks when run in the background
 # (bug #102033).
@@ -282,6 +285,10 @@
 /sbin/runuser
 
 %changelog
+* Tue Oct 30 2007 Ondrej Vasik <ovasik at redhat.com> - 6.9-11
+- allow cp -a to rewrite file on different filesystem(#219900)
+  (based on upstream patch)
+
 * Mon Oct 29 2007 Ondrej Vasik <ovasik at redhat.com> - 6.9-10
 - modified coreutils-i18n.patch because of sort -R in
   a non C locales(fix by Andreas Schwab) (#249315)


