diff options
| author | Ondřej Vašík <ovasik@redhat.com> | 2009-10-05 09:20:48 +0200 |
|---|---|---|
| committer | Jim Meyering <meyering@redhat.com> | 2009-10-06 10:10:51 +0200 |
| commit | 3a97d664b9f639fddb5a245775f47d27bfbb56c9 (patch) | |
| tree | 032b3fddc63fa728cbc176ab2fdba66b87244f4b | |
| parent | addb62da9264f6277968bdb04a647f68b955eba7 (diff) | |
| download | coreutils-3a97d664b9f639fddb5a245775f47d27bfbb56c9.tar.xz | |
chcon: exit immediately if SELinux is disabled
This change happens to avoid an abort in chcon when SELinux is
disabled while operating on a file with an "unlabeled" context from
back in 2006. However, that same abort can still be triggered by the
same file when running chcon with SELinux enabled. This bug in chcon
will be fixed in a subsequent commit via a getfilecon wrapper. See
http://thread.gmane.org/gmane.comp.gnu.coreutils.bugs/18378/focus=18384
for how to correct your disk attributes to avoid triggering this bug.
* src/chcon.c (main): Exit immediately if SELinux is disabled.
Reported in http://bugzilla.redhat.com/527142 by Yanko Kaneti.
* src/runcon.c (main): Do not hardcode program name in error message.
* THANKS: Update.
| -rw-r--r-- | THANKS | 1 | ||||
| -rw-r--r-- | src/chcon.c | 4 | ||||
| -rw-r--r-- | src/runcon.c | 2 |
3 files changed, 6 insertions, 1 deletions
@@ -612,6 +612,7 @@ Wis Macomson wis.macomson@intel.com Wojciech Purczynski cliph@isec.pl Wolfram Kleff kleff@cs.uni-bonn.de Won-kyu Park wkpark@chem.skku.ac.kr +Yanko Kaneti yaneti@declera.com Yann Dirson dirson@debian.org Zvi Har'El rl@math.technion.ac.il diff --git a/src/chcon.c b/src/chcon.c index fbfdb4d29..c0da6949a 100644 --- a/src/chcon.c +++ b/src/chcon.c @@ -519,6 +519,10 @@ main (int argc, char **argv) usage (EXIT_FAILURE); } + if (is_selinux_enabled () != 1) + error (EXIT_FAILURE, 0, + _("%s may be used only on a SELinux kernel"), program_name); + if (reference_file) { if (getfilecon (reference_file, &ref_context) < 0) diff --git a/src/runcon.c b/src/runcon.c index e0019da2a..f87eada6a 100644 --- a/src/runcon.c +++ b/src/runcon.c @@ -195,7 +195,7 @@ main (int argc, char **argv) if (is_selinux_enabled () != 1) error (EXIT_FAILURE, 0, - _("runcon may be used only on a SELinux kernel")); + _("%s may be used only on a SELinux kernel"), program_name); if (context) { |