diff options
| author | Pádraig Brady <P@draigBrady.com> | 2015-05-21 11:38:13 +0100 |
|---|---|---|
| committer | Pádraig Brady <P@draigBrady.com> | 2015-05-23 02:04:24 +0100 |
| commit | 4ce7488e8d96080f18b518bcf6a6356e0c392dda (patch) | |
| tree | d6ab80621d20c4eea51f817f105d68785434e789 /src | |
| parent | b5f332cfe06956f972aa385b38a40d2a0c675d09 (diff) | |
| download | coreutils-4ce7488e8d96080f18b518bcf6a6356e0c392dda.tar.xz | |
mkdir: fix -pZ with existing parent directories
When the parent directory exists and has a different
default context to the final directory, the context
was incorrectly left as that of the parent directory.
* src/mkdir.c (process_dir): Because defaultcon() is called for
existing ancestors (as it must be to avoid races), then we must
unconditionally call restorecon() on the last component due to
the already documented caveat with make_dir_parents().
Alternatively you could temp disable o->set_security_context
around make_dir_parents(), but that would be subject to races.
* tests (tests/mkdir/restorecon.sh): Add a TODO for improvement.
Reference mknod and mkfifo with print_ver_.
* NEWS: Mention the bug fix.
Fixes http://bugs.gnu.org/20616
Diffstat (limited to 'src')
| -rw-r--r-- | src/mkdir.c | 17 |
1 files changed, 3 insertions, 14 deletions
diff --git a/src/mkdir.c b/src/mkdir.c index 404a04a71..ff51ae1e6 100644 --- a/src/mkdir.c +++ b/src/mkdir.c @@ -151,23 +151,11 @@ static int process_dir (char *dir, struct savewd *wd, void *options) { struct mkdir_options const *o = options; - bool set_defaultcon = false; /* If possible set context before DIR created. */ if (o->set_security_context) { - if (! o->make_ancestor_function) - set_defaultcon = true; - else - { - char *pdir = dir_name (dir); - struct stat st; - if (STREQ (pdir, ".") - || (stat (pdir, &st) == 0 && S_ISDIR (st.st_mode))) - set_defaultcon = true; - free (pdir); - } - if (set_defaultcon && defaultcon (dir, S_IFDIR) < 0 + if (! o->make_ancestor_function && defaultcon (dir, S_IFDIR) < 0 && ! ignorable_ctx_err (errno)) error (0, errno, _("failed to set default creation context for %s"), quote (dir)); @@ -184,7 +172,8 @@ process_dir (char *dir, struct savewd *wd, void *options) final component of DIR is created. So for now, create the final component with the context from previous component and here we set the context for the final component. */ - if (ret == EXIT_SUCCESS && o->set_security_context && ! set_defaultcon) + if (ret == EXIT_SUCCESS && o->set_security_context + && o->make_ancestor_function) { if (! restorecon (last_component (dir), false, false) && ! ignorable_ctx_err (errno)) |