On Tue, May 25, 2010 at 5:36 PM, Chad Sellers <csellers@xxxxxxxxxx> wrote: > I just found a problem with /usr/bin/install. It appears that it will label > things improperly if they have an extra / in the target name. For instance: > > # install foo /usr > # ls -lZ /usr/foo > -rwxr-xr-x. root root system_u:object_r:usr_t:s0 /usr/foo > > but > > # install foo //usr > # ls -lZ /usr/foo > -rwxr-xr-x. root root system_u:object_r:default_t:s0 /usr/foo > > The same thing goes for targets like /var/www//foo, where the // is later in > the filename. > > This appears to result from install calling matchpathcon() with the target > passed in directly. My question is, whose responsibility should this be? > Should matchpatchcon() scrub filenames passed into it, or should callers be > required to pass proper filenames to matchpathcon()? I suppose matchpathcon / selabel_lookup could handle the trivial cases (e.g. duplicate /), but we don't want it to internally canonicalize the pathname via realpath() or equivalent - leave that to the callers (as is already done by e.g. restorecon). -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
