>From dc822395634647dfc25c611261fd74f30962e668 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@xxxxxxxxxx>
Date: Sat, 16 Aug 2014 07:37:42 -0400
Subject: [PATCH] Compiled file context files and the original should have the
same permissions
Currently the compiled file context files can end up with different
permissions then the original. This can lead to non priv users
not being able to read the compiled versions.
---
libselinux/utils/sefcontext_compile.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/libselinux/utils/sefcontext_compile.c b/libselinux/utils/sefcontext_compile.c
index 0adc968..9618989 100644
--- a/libselinux/utils/sefcontext_compile.c
+++ b/libselinux/utils/sefcontext_compile.c
@@ -4,6 +4,9 @@
#include <stdint.h>
#include <stdio.h>
#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
#include <linux/limits.h>
@@ -323,6 +326,7 @@ int main(int argc, char *argv[])
int rc;
char *tmp= NULL;
int fd;
+ struct stat buf;
if (argc != 2) {
fprintf(stderr, "usage: %s input_file\n", argv[0]);
@@ -333,6 +337,11 @@ int main(int argc, char *argv[])
path = argv[1];
+ if (stat(path, &buf) < 0) {
+ fprintf(stderr, "Can not stat: %s: %m\n", argv[0]);
+ exit(EXIT_FAILURE);
+ }
+
rc = process_file(&data, path);
if (rc < 0)
return rc;
@@ -352,6 +361,12 @@ int main(int argc, char *argv[])
if (fd < 0)
goto err;
+ rc = fchmod(fd, buf.st_mode);
+ if (rc < 0) {
+ perror("fchmod failed to set permission on compiled regexs");
+ goto err;
+ }
+
rc = write_binary_file(&data, fd);
if (rc < 0)
--
2.0.4
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
