Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
> On Mon, 2007-11-12 at 12:06 +0100, Jim Meyering wrote:
>> Coreutils' install.c currently compares a context against the
>> magic string, "<<none>>":
>>
>> /* If there's an error determining the context, or it has none,
>> return to allow default context */
>> if ((matchpathcon (file, st.st_mode, &scontext) != 0) ||
>> STREQ (scontext, "<<none>>"))
>> {
>> if (scontext != NULL)
>> freecon (scontext);
>> return;
>> }
>>
>> BTW, matchpathcon(8) does, too.
>> Is there a better way to test for that condition?
>> It'd be nice if that string were available via a libselinux header,
>> but I don't see it on rawhide:
>>
>> $ grep none $(rpm -ql libselinux-devel|grep -F .h)
>> [Exit 1]
>>
>
> matchpathcon(3) should never return "<<none>>" at all to the caller.
> If it hits a <<none>> in the spec, it returns -1 with errno ENOENT.
I'm sure that's the way it's supposed to work (now),
but I debugged a failure (over a year ago) in which matchpathcon
returned 0 with scontext equal to that string.
libselinux logs suggest that this was fixed in early 2005:
1.20 2005-01-04
* Changed matchpathcon to return -1 with errno ENOENT for
<<none>> entries, and also for an empty file_contexts configuration.
so maybe we'll have to wait a while longer for all legacy implementations
to disappear.
Since this is solely to work around old, buggy behavior,
there's no reason to provide anything more aesthetic.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
