diff options
author | Pádraig Brady <P@draigBrady.com> | 2013-12-04 19:10:37 +0000 |
---|---|---|
committer | Pádraig Brady <P@draigBrady.com> | 2013-12-05 00:18:36 +0000 |
commit | 0013de3e603162081c4464ea1f7ad3285f633d78 (patch) | |
tree | d93f83bc57d79b098b7d20d9cb60cf1b8296779e /src/mv.c | |
parent | b53b0fd940382497e58a9e912f1262c2084fe534 (diff) | |
download | coreutils-0013de3e603162081c4464ea1f7ad3285f633d78.tar.xz |
selinux: fix --context=CTX for cp and diagnose defaultcon() errors
* src/selinux.h (ignorable_ctx_err): A new function used
to determine if a warning should be given after a call
to defaultcon() or restorecon().
* src/cp.c (main): Fix the setfscreatecon() call to use
the argument passed by the user.
* src/mkdir.c (make_ancestor): Show all but "ignoreable" errors
from defaultcon() and restorecon().
* tests/misc/selinux.sh: Add a test run as root in selinux enforcing
mode, to ensure cp --context=invalid is honored and fails immediately.
Diffstat (limited to 'src/mv.c')
-rw-r--r-- | src/mv.c | 3 |
1 files changed, 2 insertions, 1 deletions
@@ -424,7 +424,8 @@ main (int argc, char **argv) backup_suffix_string = optarg; break; case 'Z': - /* politely decline if we're not on a selinux-enabled kernel. */ + /* As a performance enhancement, don't even bother trying + to "restorecon" when not on an selinux-enabled kernel. */ if (selinux_enabled) { x.preserve_security_context = false; |