Re: [PATCH v2] libselinux: set errno to EBADF on O_PATH emulation ENOENT failure

James Carter <jwcart2@xxxxxxxxx> · Thu, 7 Jul 2022 13:44:57 -0400



On Wed, Jul 6, 2022 at 7:42 AM Christian Göttsche
<cgzones@xxxxxxxxxxxxxx> wrote:
>
> When the O_PATH emulation fails due to getxattr(2)/setxattr(2) failing
> with ENOENT, e.g. because no procfs being available, override the errno
> value to EBADF.  This avoids confusion to the caller as it would suggest
> the target of the operation does not exist, which is not the case:
>
>     setfiles: Could not set context for /:  No such file or directory
>
> Fixes: a782abf2 ("libselinux: emulate O_PATH support in fgetfilecon/fsetfilecon")
> Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>

Acked-by: James Carter <jwcart2@xxxxxxxxx>

> ---
> v2:
>    only override errno on ENOENT
> Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
> ---
>  libselinux/src/fgetfilecon.c | 5 ++++-
>  libselinux/src/fsetfilecon.c | 5 ++++-
>  2 files changed, 8 insertions(+), 2 deletions(-)
>
> diff --git a/libselinux/src/fgetfilecon.c b/libselinux/src/fgetfilecon.c
> index baf38ec1..d7051171 100644
> --- a/libselinux/src/fgetfilecon.c
> +++ b/libselinux/src/fgetfilecon.c
> @@ -26,7 +26,10 @@ static ssize_t fgetxattr_wrapper(int fd, const char *name, void *value, size_t s
>
>         snprintf(buf, sizeof(buf), "/proc/self/fd/%d", fd);
>         errno = saved_errno;
> -       return getxattr(buf, name, value, size);
> +       ret = getxattr(buf, name, value, size);
> +       if (ret < 0 && errno == ENOENT)
> +               errno = EBADF;
> +       return ret;
>  }
>
>  int fgetfilecon_raw(int fd, char ** context)
> diff --git a/libselinux/src/fsetfilecon.c b/libselinux/src/fsetfilecon.c
> index be821c7a..19ea15b7 100644
> --- a/libselinux/src/fsetfilecon.c
> +++ b/libselinux/src/fsetfilecon.c
> @@ -25,7 +25,10 @@ static int fsetxattr_wrapper(int fd, const char* name, const void* value, size_t
>
>         snprintf(buf, sizeof(buf), "/proc/self/fd/%d", fd);
>         errno = saved_errno;
> -       return setxattr(buf, name, value, size, flags);
> +       rc = setxattr(buf, name, value, size, flags);
> +       if (rc < 0 && errno == ENOENT)
> +               errno = EBADF;
> +       return rc;
>  }
>
>  int fsetfilecon_raw(int fd, const char * context)
> --
> 2.36.1
>