I had mentioned this problem in passing to dchinner, and came away with
a vague sense that I might be Doing It Wrong. So I should have labeled
the patch RFC, I suppose.
An easy way to demonstrate the selinux label result is with this test
program, as provided by the bug reporter. ls -lZ will then show you
the resulting labels on each file.
#define _GNU_SOURCE
#include <sys/mount.h>
#include <sys/stat.h>
#include <errno.h>
#include <fcntl.h>
#include <sched.h>
#include <stdio.h>
#include <unistd.h>
int main(int argc, char **argv) {
int rc, fd, dirfd;
rc = mkdir("upper", 0700);
if ((rc != 0) && (errno != EEXIST)) {
perror("mkdir");
return rc;
}
rc = unlink("upper/0");
if ((rc != 0) && (errno != ENOENT)) {
perror("unlink");
return rc;
}
rc = unlink("upper/empty");
if ((rc != 0) && (errno != ENOENT)) {
perror("unlink");
return rc;
}
dirfd = open("upper", O_PATH);
if (dirfd == -1) {
perror("open");
return dirfd;
}
fd = creat("upper/empty", 0600);
if (fd == -1) {
perror("creat");
return fd;
}
close(fd);
rc = renameat2(dirfd, "empty", dirfd, "0", RENAME_WHITEOUT);
if (rc == -1) {
perror("renameat2");
return rc;
}
close(dirfd);
return 0;
}
