From 0013de3e603162081c4464ea1f7ad3285f633d78 Mon Sep 17 00:00:00 2001
From: Pádraig Brady <P@draigBrady.com>
Date: Wed, 4 Dec 2013 19:10:37 +0000
Subject: selinux: fix --context=CTX for cp and diagnose defaultcon() errors

* src/selinux.h (ignorable_ctx_err): A new function used
to determine if a warning should be given after a call
to defaultcon() or restorecon().
* src/cp.c (main): Fix the setfscreatecon() call to use
the argument passed by the user.
* src/mkdir.c (make_ancestor): Show all but "ignoreable" errors
from defaultcon() and restorecon().
* tests/misc/selinux.sh: Add a test run as root in selinux enforcing
mode, to ensure cp --context=invalid is honored and fails immediately.
---
 src/mkdir.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

(limited to 'src/mkdir.c')

diff --git a/src/mkdir.c b/src/mkdir.c
index 25b1da5e7..adc293019 100644
--- a/src/mkdir.c
+++ b/src/mkdir.c
@@ -118,7 +118,8 @@ make_ancestor (char const *dir, char const *component, void *options)
 {
   struct mkdir_options const *o = options;
 
-  if (o->set_security_context && defaultcon (dir, S_IFDIR) < 0)
+  if (o->set_security_context && defaultcon (dir, S_IFDIR) < 0
+      && ! ignorable_ctx_err (errno))
     error (0, errno, _("failed to set default creation context for %s"),
            quote (dir));
 
@@ -162,7 +163,8 @@ process_dir (char *dir, struct savewd *wd, void *options)
             set_defaultcon = true;
           free (pdir);
         }
-      if (set_defaultcon && defaultcon (dir, S_IFDIR) < 0)
+      if (set_defaultcon && defaultcon (dir, S_IFDIR) < 0
+          && ! ignorable_ctx_err (errno))
         error (0, errno, _("failed to set default creation context for %s"),
                quote (dir));
     }
@@ -180,8 +182,9 @@ process_dir (char *dir, struct savewd *wd, void *options)
      and here we set the context for the final component. */
   if (ret == EXIT_SUCCESS && o->set_security_context && ! set_defaultcon)
     {
-      if (restorecon (last_component (dir), false, false) < 0)
-        error (0, errno, _("failed to set restore context for %s"),
+      if (! restorecon (last_component (dir), false, false)
+          && ! ignorable_ctx_err (errno))
+        error (0, errno, _("failed to restore context for %s"),
                quote (dir));
     }
 
-- 
cgit v1.2.3-54-g00ecf