Permalink
Commits on Nov 18, 2013
  1. cp: -Z: add tests for mkdir, mknod, mkfifo -Z

    * tests/mkdir/restorecon.sh: Add a new test for the
    more involved mkdir -Z handling, since the directory changing
    and non existent directories need to be specially handled.
    Also check the similar but simpler handling of -Z by mk{nod,fifo}.
    * tests/local.mk: Reference the new test.
    committed Nov 18, 2013
  2. cp: -Z: mknod: fix -Z handling for fifos

    * src/mknod.c (main): -z was ignored when creating fifos with mknod,
    so handle appropriately.
    committed Nov 18, 2013
  3. cp: -Z: avoid using dirname() in selinux.c

    * src/selinux.c (computecon): Use the more portable dir_name(),
    which is consistent with the rest of coreutils.
    committed Nov 18, 2013
  4. cp: -Z: fix mkdir to honor -Z for last component of path

    * src/mkdir.c (process_dir): Call defaultcon() here to
    handle the case where -p is not used.  Also even with
    -p we need to call defaultcon() for the final component
    of the path, as make_parent_dirs calls mkdir() itself
    for the final component.
    (make_ancestor): Diagnose failure to set the system
    default context for a compoment of the path.
    committed Nov 18, 2013
  5. cp: -Z: test cp -Z functionality

    * tests/cp/cp-a-selinux.sh: Ensure cp -Z sets the type component
    for destination files and directories as restorecon would do.
    committed Nov 18, 2013
  6. cp: -Z: don't overwrite selinux attributes with -a

    With cp -aZ we will explicitly restore selinux context.
    In the normal case where this is stored as an extended
    attribute of the file, we don't wan't a subsequent xattr
    copy to overwrite these carefully adjusted SELinux contexts.
    
    * src/copy.c (copy_attr): If we're handling SELinux explicitly,
    then exclude to avoid the redudant copy with --preserve=context,
    and the problematic copy with -Z.  Note SELinux attribute exclusion
    also now honors cp -a --no-preserve=context.  Note there was a
    very small window over 10 years ago, where attr_copy_file was
    available, while attr_copy_check_permissions was not, so we
    don't bother adding an explict m4 check for the latter function.
    committed Nov 17, 2013
  7. cp: -Z: refactor setting of security context

    Refactor to two separate functions that set the
    process and file security context.  These are then
    used to consistently fail and/or warn as required.
    
    * src/copy.c (set_process_security_ctx): A new function,
    refactored to set the default context from the source file,
    or with the type adjusted as per the system default for
    the destination path.
    (set_file_security_ctx): A new function refactored to
    set the security context of an existing file, either based on
    the process context or the default system context for a path.
    (copy_internal): Use the refactored functions to simplify
    error handling and consistently fail or warn as needed.
    (copy_reg): Likewise.
    committed Nov 15, 2013
  8. cp: -Z: also preserve the context for existing non regular files

    * src/copy.c (copy_internal): With --preserve=context, also copy
    context from non regular files.  Note for directories this may
    impact the copying of subsequent files to that directory?
    committed Nov 17, 2013
  9. cp: -Z: only set the context once for regular files

    *src/copy.c (copy_internal): Avoid calling restorecon() again
    for regular files, and this is alret brady done within copy_reg.
    Also note why it needs to be done within copy_reg().
    committed Nov 17, 2013
  10. cp: -Z: adjust restorecon to run after files created

    * src/copy.c (copy_internal): Don't call restorecon()
    for all destination files, which may not even exist yet.
    Instead call defaultcon() to cater for non existing
    destination files (including non regular files).
    Also call restorecon() to handle existing files.
    (copy_reg): Ensure defaultcon() is called for
    a newly created file if we --force remove an existing file.
    committed Jul 26, 2013
  11. cp: -Z: remove redundant restorecon() call from copy_req()

    * src/copy.c (copy_reg): The previous defaultcon() and restorecon()
    in this function should have handled this.  Also the recurse flag
    was set for regular files?
    committed Jul 26, 2013
  12. cp: -Z: update the texinfo documentation

    * doc/coreutils.texi (cp invocation): Update as per interface changes.
    (mv invocation): Likewise.
    (install invocation): Likewise.
    (mkfifo invocation): Likewise.
    (mknod invocation): Likewise.
    (mkdir invocation): Likewise.
    committed Jul 5, 2013
  13. cp: -Z: add tests for the new cp -Z interface combinations

    * tests/cp/cp-a-selinux.sh: Augment this test with cases
    testing basic -Z functionality, and also test the various
    invalid option combinations and option precedence.
    committed Jul 5, 2013
  14. cp: -Z: only fail when context preservation is required

    * src/copy.c (copy_reg): Previously we only aborted the copy
    when the require_preserve_context setting was set.
    Reinstate that, so we only warn about failure to set context
    with cp -a or cp -Z etc.
    committed Jul 3, 2013
  15. cp: -Z: report less confusing errors if matchpathcon() didn't match

    * src/selinux.c (defaultcon): "No such file or directory" is a
    confusing error, when processing paths.  Map such errors to
    "No data available", which is more appropriate for our usage at least.
    committed Jul 5, 2013
  16. cp: -Z: handle relative paths on older libselinux

    * src/selinux.c (defaultcon): Generate absolute path with the gnulib
    canonicalization routines to support older libselinux < 2.1.5 2011-0826.
    (restorecon): Likewise.  Also generating absolute paths before the FTS
    walk, will generate absolute paths for each entry, which may reduce
    canonicalization overhead within newer libselinux.
    committed Jul 5, 2013
  17. cp: -Z: adjust error diagnostic so tests pass

    * src/copy.c (copy_reg): s/file system context/security context/
    since this seems more descriptive.
    * tests/cp/cp-a-selinux.sh: Adjust for the fact that we no
    longer report the specific context we tried to set.
    committed Jul 5, 2013
  18. cp: -Z: fix error propagation from restorecon()

    * src/selinux.c (restorecon): Map the int error from
    restorcon_private() correctky.
    * src/copy.c (copy_reg): Check the return from restorecon()
    as a boolean rather than an int.
    committed Jul 5, 2013
  19. cp: -Z: remove tests for opts mutually exclusive to set_security_context

    * src/copy.c (copy_reg): set_security_context can not be set when
    preserve_security_context or require_preserve_context are set.
    Also clarify the situation and reason where defaultcon() are called.
    committed Jul 4, 2013
  20. cp: -Z: fix the comment about setting context on existing files

    * src/copy.c (copy_reg): The existing comment about not setting
    the context as per the source was misleading and the default
    context is already set as per the source in copy_internal()
    when the preserve_security_context is set.
    Also add a comment for the set_security_context (-Z) case.
    committed Jul 4, 2013
  21. cp: -Z: clarify what the defaultcon() call is doing

    * src/copy.c (copy_reg): Since this is dependent on global
    state (default security context), document when it's called
    exactly and what it does.
    committed Jul 4, 2013
  22. cp: -Z: cater for SMACK in --context option handling

    * src/mkdir.c (main): Handle the SMACK case for --context.
    Note we currently silently ignore -Z with SMACK.
    * src/mkfifo.c (main): Likewise.
    * src/mknod.c (main): Likewise.
    committed Jul 2, 2013
  23. cp: -Z: issue a warning for an ignored --context=

    If a specific context is specified, then issue a warning
    if the request can't be honored due to an LSM not being
    enabled in the kernel.
    
    * src/cp.c (main): Issue the warning as appropriate.
    * src/install.c (main): Likewise.
    * src/mkdir.c (main): Likewise.
    * src/mkfifo.c (main): Likewise.
    * src/mknod.c (main): Likewise.
    committed Jul 2, 2013
  24. cp: -Z: use bool rather than int, where appropriate

    * src/id.c: s/int/bool/.
    * src/mkdir.c: Likewise.
    * src/mkfifo.c: Likewise.
    * src/mknod.c: Likewise.
    committed Jul 2, 2013
  25. cp: -Z: install: fix setting of system default context

    install(1) by default sets the context for target files
    to their system default.  So disable the older method
    to do this when -Z specified, to avoid redundant processing.
    
    Also allow the -Z option (that doesn't now take a context argument)
    to select between the new and old context restoration behavior.
    
    Document the differences and details for how context restoration
    is done in new and old methods, with a view disabling the
    old method entirely in future.
    
    * src/install.c (main): When -Z specified, disable the old
    setdefaultcon() method.
    Also ensure it's disabled for --preserve-context.
    committed Jun 21, 2013
  26. cp: -Z: cp: fix validation of --preserve=context with -Z

    * src/cp.c (struct cp_options): Document the options
    options related to context handling.
    (main): Check/adjust option combinations after all
    options are processed, to both simplify processing
    and to make handling independent of order of options
    on the command line.  Also improve the diagnostics
    from a failed call to setfscreatecon().
    committed Jul 4, 2013
  27. cp: -Z: install: fix validation of --preserve-context with -Z

    * src/install.c (struct cp_options): Group and document the
    options related to context handling.
    (main): Validate/simplify combinations of options
    controlling context after the option processing loop, so that
    invalid combinations are checked no matter what the order specified
    on the command line.
    committed Jun 21, 2013
  28. cp: -Z: setdefaultfilecon(): say why "<<none>>" check is needed

    * src/install.c: Comment to aid in possible merge with restorecon()
    committed Dec 4, 2012
  29. cp: -Z: fix handling of open errors in restorecon()

    * src/selinux.c (restorecon_private): open() returns -1 on error.
    committed Dec 4, 2012
  30. cp: -Z: rename PRESERVE bool param to LOCAL

    * src/selinux.c (restorcon): PRESERVE is badly named,
    since there is no distinction as to what context is being set.
    Also clarify the function comments as to what the boolean
    controls exactly.
    committed Dec 4, 2012
  31. cp: -Z: tweak comments for selinux routines

    * src/selinux.c: Remove debugging comments and
    standardise existing comments a bit.
    committed Dec 4, 2012
  32. cp: -Z: check for more errors in selinux routines

    * src/selinux.c (defaultconf): Handle error returns from
    context_type_get(), context_type_set() and context_str().
    (retorecon_private): Likewise.
    committed Dec 4, 2012
  33. cp: -Z: simplify return code handling in selinux routines

    * src/selinux.c: Since we don't have to distinguish
    return codes other than -1, simplify the handling of
    rc in these routines.
    committed Dec 4, 2012
  34. cp: -Z: restorecon(): fix detection and indication of errors

    * src/selinux.c (restorecon_private): Check for correct error code
    from [lf]getfilecon().  Note gnulib ensures these functions
    always return -1 on error.  Also indicate return with an error if
    context_new() fails.
    committed Dec 4, 2012