rpms/coreutils/devel coreutils-6.9-requiresecuritycontext.patch, NONE, 1.1 coreutils.spec, 1.180, 1.181
Ondrej Vasik (ovasik)
fedora-extras-commits at redhat.com
Tue Oct 30 16:31:11 UTC 2007
Author: ovasik
Update of /cvs/extras/rpms/coreutils/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17577
Modified Files:
coreutils.spec
Added Files:
coreutils-6.9-requiresecuritycontext.patch
Log Message:
fix of cp -a rewriting existing file on NFS(#219900)
coreutils-6.9-requiresecuritycontext.patch:
--- NEW FILE coreutils-6.9-requiresecuritycontext.patch ---
diff -ur coreutils-6.9-orig/src/install.c coreutils-6.9/src/install.c
--- a/src/install.c 2007-10-30 12:34:07.000000000 +0100
+++ b/src/install.c 2007-10-30 15:41:15.000000000 +0100
@@ -174,6 +174,7 @@
x->preserve_mode = false;
x->preserve_timestamps = false;
x->require_preserve = false;
+ x->require_preserve_context = false;
x->recursive = false;
x->sparse_mode = SPARSE_AUTO;
x->symbolic_link = false;
diff -ur coreutils-6.9-orig/src/mv.c coreutils-6.9/src/mv.c
--- a/src/mv.c 2007-10-30 12:34:07.000000000 +0100
+++ b/src/mv.c 2007-10-30 15:34:37.000000000 +0100
@@ -131,6 +131,7 @@
x->preserve_timestamps = true;
x->preserve_security_context = selinux_enabled;
x->require_preserve = false; /* FIXME: maybe make this an option */
+ x->require_preserve_context = false;
x->recursive = true;
x->sparse_mode = SPARSE_AUTO; /* FIXME: maybe make this an option */
x->symbolic_link = false;
diff -ur coreutils-6.9-orig/src/copy.c coreutils-6.9/src/copy.c
--- coreutils-6.9-orig/src/copy.c 2007-10-30 12:34:07.000000000 +0100
+++ coreutils-6.9/src/copy.c 2007-10-30 16:01:22.000000000 +0100
@@ -306,25 +307,33 @@
if (! *new_dst)
{
dest_desc = open (dst_name, O_WRONLY | O_TRUNC | O_BINARY);
#ifdef WITH_SELINUX
- if (dest_desc >= 0 && selinux_enabled &&
- (x->preserve_security_context || x->set_security_context))
+ if (x->preserve_security_context && 0 <= dest_desc)
{
- security_context_t con;
- if(getfscreatecon(&con) == -1)
+ security_context_t con = NULL;
+ if(getfscreatecon(&con) < 0)
{
- return_val = false;
- goto close_src_desc;
+ if (x->require_preserve_context)
+ {
+ error(0, errno, _("failed to get file system create context"));
+ return_val = false;
+ goto close_src_desc;
+ }
}
if (con)
{
- if(fsetfilecon(dest_desc, con) == -1)
+ if(fsetfilecon(dest_desc, con) < 0)
{
- return_val = false;
- freecon(con);
- goto close_src_desc;
+ if (x->require_preserve_context)
+ {
+ error(0, errno, _("failed to set security context of %s to %s"),
+ quote_n (0, dst_name), quote_n(1, con));
+ return_val = false;
+ freecon(con);
+ goto close_src_desc;
+ }
}
freecon(con);
}
@@ -1577,10 +1587,10 @@
{
if (setfscreatecon(con) < 0)
{
- error (0, errno, _("cannot set setfscreatecon %s"), quote (con));
- if (x->require_preserve) {
- freecon(con);
- return 1;
+ error (0, errno, _("cannot set default file creation context to %s"), quote (con));
+ if (x->require_preserve_context) {
+ freecon(con);
+ return false;
}
}
freecon(con);
@@ -1588,7 +1598,8 @@
else {
if (( errno != ENOTSUP ) && ( errno != ENODATA )) {
error (0, errno, _("cannot lgetfilecon %s"), quote (src_name));
- return 1;
+ if (x->require_preserve_context)
+ return false;
}
}
}
diff -ur coreutils-6.9-orig/src/copy.h coreutils-6.9/src/copy.h
--- coreutils-6.9-orig/src/copy.h 2007-10-30 12:34:07.000000000 +0100
+++ coreutils-6.9/src/copy.h 2007-10-30 15:52:59.000000000 +0100
@@ -150,6 +150,18 @@
it be zero. */
bool require_preserve;
+ /* Useful only when preserve_security_context is true.
+ If true, a failed attempt to preserve a file's security context
+ propagates failure "out" to the caller. If false, a failure to
+ preserve a file's security context does not change the invoking
+ application's exit status. Give diagnostics for failed syscalls
+ regardless of this setting. For example, with "cp --preserve=context"
+ this flag is "true", while with "cp -a", it is false. That means
+ "cp -a" attempts to preserve any security context, but does not
+ fail if it is unable to do so. */
+ bool require_preserve_context;
+
+
/* If true, copy directories recursively and copy special files
as themselves rather than copying their contents. */
bool recursive;
diff -ur coreutils-6.9-orig/src/cp.c coreutils-6.9/src/cp.c
--- coreutils-6.9-orig/src/cp.c 2007-10-30 12:42:13.000000000 +0100
+++ coreutils-6.9/src/cp.c 2007-10-30 16:00:33.000000000 +0100
@@ -766,7 +766,7 @@
x->preserve_security_context = false;
x->set_security_context = false;
#endif
-
+ x->require_preserve_context = false;
x->require_preserve = false;
x->recursive = false;
x->sparse_mode = SPARSE_AUTO;
@@ -844,6 +844,7 @@
case PRESERVE_CONTEXT:
x->preserve_security_context = on_off;
+ x->require_preserve_context = on_off;
break;
case PRESERVE_ALL:
@@ -851,7 +834,10 @@
x->preserve_timestamps = on_off;
x->preserve_ownership = on_off;
x->preserve_links = on_off;
- x->preserve_security_context = on_off;
+ if (selinux_enabled) {
+ x->preserve_security_context = on_off;
+ x->require_preserve_context = on_off;
+ }
break;
default:
@@ -915,8 +916,9 @@
x.preserve_ownership = true;
x.preserve_mode = true;
x.preserve_timestamps = true;
- x.preserve_security_context = true;
- x.require_preserve = true;
+ if (selinux_enabled)
+ x.preserve_security_context = true;
+ x.require_preserve = true;
x.recursive = true;
break;
Index: coreutils.spec
===================================================================
RCS file: /cvs/extras/rpms/coreutils/devel/coreutils.spec,v
retrieving revision 1.180
retrieving revision 1.181
diff -u -r1.180 -r1.181
--- coreutils.spec 29 Oct 2007 16:12:27 -0000 1.180
+++ coreutils.spec 30 Oct 2007 16:30:38 -0000 1.181
@@ -1,7 +1,7 @@
Summary: The GNU core utilities: a set of tools commonly used in shell scripts
Name: coreutils
Version: 6.9
-Release: 10%{?dist}
+Release: 11%{?dist}
License: GPLv2+
Group: System Environment/Base
Url: http://www.gnu.org/software/coreutils/
@@ -46,6 +46,8 @@
#SELINUX Patch
Patch950: coreutils-selinux.patch
+#SELINUX Patch fix to allow cp -a rewrite file on different filesystem
+Patch951: coreutils-6.9-requiresecuritycontext.patch
BuildRequires: libselinux-devel >= 1.25.6-1
BuildRequires: libacl-devel
@@ -111,6 +113,7 @@
#SELinux
%patch950 -p1 -b .selinux
+%patch951 -p1 -b .require-preserve
# Don't run basic-1 test, since it breaks when run in the background
# (bug #102033).
@@ -282,6 +285,10 @@
/sbin/runuser
%changelog
+* Tue Oct 30 2007 Ondrej Vasik <ovasik at redhat.com> - 6.9-11
+- allow cp -a to rewrite file on different filesystem(#219900)
+ (based on upstream patch)
+
* Mon Oct 29 2007 Ondrej Vasik <ovasik at redhat.com> - 6.9-10
- modified coreutils-i18n.patch because of sort -R in
a non C locales(fix by Andreas Schwab) (#249315)
More information about the fedora-extras-commits
mailing list