matchpathcon -V does not always work as expected.

Daniel J Walsh <dwalsh@xxxxxxxxxx> · Tue, 30 Sep 2008 08:54:18 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

matchpathcon -V should be passing the mode when checking whether the
file context on a file is correct.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkjiIXoACgkQrlYvE4MpobPXJwCeOgcA2Zj05Mwdmqv0NGxyl3RZ
lr8AmwYglOU6ubFXO0r9jh1Z2v6cAO9u
=wk/a
-----END PGP SIGNATURE-----
diff --exclude-from=exclude -N -u -r nsalibselinux/utils/matchpathcon.c libselinux-2.0.71/utils/matchpathcon.c

--- nsalibselinux/utils/matchpathcon.c	2008-08-28 09:34:24.000000000 -0400
+++ libselinux-2.0.71/utils/matchpathcon.c	2008-09-26 10:21:43.000000000 -0400
@@ -106,12 +106,12 @@
 
 		if (verify) {
 			if (quiet) {
-				if (selinux_file_context_verify(argv[i], 0))
+				if (selinux_file_context_verify(argv[i], mode))
 					continue;
 				else
 					exit(1);
 			}
-			if (selinux_file_context_verify(argv[i], 0)) {
+			if (selinux_file_context_verify(argv[i], mode)) {
 				printf("%s verified.\n", argv[i]);
 			} else {
 				security_context_t con;
Attachment:
libselinux-matchpathcon.patch.sig

Description: Binary data




