filepath needs to be resolved first in order to be correctly found by
selabel_lookup_raw()
Fixes:
$ matchpathcon -V passwd
passwd has context system_u:object_r:passwd_file_t:s0, should be
system_u:object_r:passwd_file_t:s0
$ echo $?
1
Signed-off-by: Petr Lautrbach <plautrba@xxxxxxxxxx>
---
libselinux/src/matchpathcon.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/libselinux/src/matchpathcon.c b/libselinux/src/matchpathcon.c
index 3868711..a2f2c3e 100644
--- a/libselinux/src/matchpathcon.c
+++ b/libselinux/src/matchpathcon.c
@@ -471,6 +471,17 @@ int selinux_file_context_verify(const char *path, mode_t mode)
char * con = NULL;
char * fcontext = NULL;
int rc = 0;
+ char stackpath[PATH_MAX + 1];
+ char *p = NULL;
+
+ if (S_ISLNK(mode)) {
+ if (!realpath_not_final(path, stackpath))
+ path = stackpath;
+ } else {
+ p = realpath(path, stackpath);
+ if (p)
+ path = p;
+ }
rc = lgetfilecon_raw(path, &con);
if (rc == -1) {
--
2.7.4
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
