| Age | Commit message (Collapse) | Author |
|---|
|
Run "make update-copyright" and then...
* tests/sample-test: Adjust to use the single most recent year.
* tests/du/bind-mount-dir-cycle-v2.sh: Fix case in copyright message,
so that year is updated automatically in future.
|
|
The security_context_t type was always an artificial separation
from a standard char* string, and various libselinux using code
assumed both were synonymous. In addition, prior to libselinux 2.3
function declarations were incorrect wrt constness of this type.
Here we replace security_context_t with char*, and also
provide a wrapper function to cater for the const issue on
older libselinux.
* src/system.h (se_const): A new function to avoid and identify
the const issue on older libselinux.
* src/copy.c: s/security_context_t/char */.
* src/cp.c: Likewise.
* src/id.c: Likewise.
* src/install.c: Likewise.
* src/ls.c: Likewise.
* src/mkdir.c: Likewise.
* src/mkfifo.c: Likewise.
* src/mknod.c: Likewise.
* src/runcon.c: Likewise.
* src/selinux.c: Likewise.
* tests/cp/no-ctx.sh: Likewise.
* src/chcon.c: Likesize.
|
|
* src/selinux.c (restorecon_private): On ArchLinux the
`fakeroot cp -a file1 file2` command segfaulted due
to getfscreatecon() returning a NULL context.
So map this to the sometimes ignored ENODATA error,
rather than crashing.
* tests/cp/no-ctx.sh: Add a new test case.
* tests/local.mk: Reference the new test.
* NEWS: Mention the fix.
Fixes http://bugs.gnu.org/16335
|
|
* src/selinux.c: As the copyright is assigned to the FSF for all
of coreutils, replace the copyright holder from "Red Hat, Inc."
to "Free Software Foundation, Inc.". Prompted by a warning of
'make update-copyright'. Also update the copyright year.
|
|
* src/selinux.c: Don't include the system "fts.h" as
that disallows _FILE_OFFSET_BITS=64 which gnulib auto enables
to support large files on 32 bit systems. Instead include
our "xfts.h" which includes the less limited gnulib replacement,
and also a checked version of xfts_open().
(restorecon): Use the checked xfts_open() rather than the standard
fts_open().
Prompted by the continuous integration build failure at:
http://hydra.nixos.org/build/6934169
|
|
Handle both newer selinux libraries with mode_to_security_class(),
and systems without selinux at all. We could easily adjust
gnulib to provide the necessary stubs for use by this module,
but it's more efficient to just stub out the module completely,
when not using selinux.
* src/selinux.h: Define stubs for the two module functions,
when SELinux is not available.
* src/selinux.c: Exclude all logic in preference for the stubs
when selinux isn't used. Also when newer selinux libs are used,
don't use our conflicting static version of mode_to_security_class().
m4/jm-macros.m4: Check for the system mode_to_security_class().
|
|
* src/selinux.c: This module introduced in commit v8.21-159-gd8e27ab
doesn't need to include <selinux/flask.h>. That header file
isn't catered for by gnulib, but is not needed as we're not
explicitly referencing any class IDs.
Prompted by the continuous integration build failure at:
http://hydra.nixos.org/build/6920020
|
|
* src/selinux.c: A new module implementing "restorecon" functionality.
There are two main functions to adjust the type of the referenced
file system item. defaultcon() will setup the process context so
that new items will have the required context without races. This is
the preferred method. For existing files, the equivalent restorecon()
is available which has two modes. With the "local" parameter set to
false, restorecon() will adjust the type according to the system
configuration for that file, and set to true will update the context
as per the context for the current process (disregarding type).
* src/selinux.h: Likewise.
* po/POTFILES.in: Reference the new module.
|
