|
 |
709a1f |
From 76371721bafed56efcb7a83b3fa3285383ede5b7 Mon Sep 17 00:00:00 2001
|
|
|
709a1f |
From: Baichuan Kong <kongbaichuan@huawei.com>
|
|
|
709a1f |
Date: Thu, 14 Nov 2019 10:48:07 +0800
|
|
|
709a1f |
Subject: [PATCH] restorecond: Fix redundant console log output error
|
|
|
709a1f |
|
|
|
709a1f |
When starting restorecond without any option the following redundant
|
|
|
709a1f |
console log is outputed:
|
|
|
709a1f |
|
|
|
709a1f |
/dev/log 100.0%
|
|
|
709a1f |
/var/volatile/run/syslogd.pid 100.0%
|
|
|
709a1f |
...
|
|
|
709a1f |
|
|
|
709a1f |
This is caused by two global variables of same name r_opts. When
|
|
|
709a1f |
executes r_opts = opts in restore_init(), it originally intends
|
|
|
709a1f |
to assign the address of struct r_opts in "restorecond.c" to the
|
|
|
709a1f |
pointer *r_opts in "restore.c".
|
|
|
709a1f |
|
|
|
709a1f |
However, the address is assigned to the struct r_opts and covers
|
|
|
709a1f |
the value of low eight bytes in it. That causes unexpected value
|
|
|
709a1f |
of member varibale 'nochange' and 'verbose' in struct r_opts, thus
|
|
|
709a1f |
affects value of 'restorecon_flags' and executes unexpected operations
|
|
|
709a1f |
when restorecon the files such as the redundant console log output or
|
|
|
709a1f |
file label nochange.
|
|
|
709a1f |
|
|
|
709a1f |
Cause restorecond/restore.c is copied from policycoreutils/setfiles,
|
|
|
709a1f |
which share the same pattern. It also has potential risk to generate
|
|
|
709a1f |
same problems, So fix it in case.
|
|
|
709a1f |
|
|
|
709a1f |
Signed-off-by: Baichuan Kong <kongbaichuan@huawei.com>
|
|
|
709a1f |
|
|
|
709a1f |
(cherry-picked from SElinuxProject
|
|
|
709a1f |
commit ad2208ec220f55877a4d31084be2b4d6413ee082)
|
|
|
709a1f |
|
|
|
709a1f |
Resolves: rhbz#1626468
|
|
|
709a1f |
---
|
|
|
709a1f |
policycoreutils/setfiles/restore.c | 42 ++++++++++++++----------------
|
|
|
709a1f |
restorecond/restore.c | 40 +++++++++++++---------------
|
|
|
709a1f |
2 files changed, 37 insertions(+), 45 deletions(-)
|
|
|
709a1f |
|
|
|
709a1f |
diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c
|
|
|
709a1f |
index 9dea5656..d3335d1a 100644
|
|
|
709a1f |
--- a/policycoreutils/setfiles/restore.c
|
|
|
709a1f |
+++ b/policycoreutils/setfiles/restore.c
|
|
|
709a1f |
@@ -17,40 +17,37 @@
|
|
|
709a1f |
char **exclude_list;
|
|
|
709a1f |
int exclude_count;
|
|
|
709a1f |
|
|
|
709a1f |
-struct restore_opts *r_opts;
|
|
|
709a1f |
-
|
|
|
709a1f |
void restore_init(struct restore_opts *opts)
|
|
|
709a1f |
{
|
|
|
709a1f |
int rc;
|
|
|
709a1f |
|
|
|
709a1f |
- r_opts = opts;
|
|
|
709a1f |
struct selinux_opt selinux_opts[] = {
|
|
|
709a1f |
- { SELABEL_OPT_VALIDATE, r_opts->selabel_opt_validate },
|
|
|
709a1f |
- { SELABEL_OPT_PATH, r_opts->selabel_opt_path },
|
|
|
709a1f |
- { SELABEL_OPT_DIGEST, r_opts->selabel_opt_digest }
|
|
|
709a1f |
+ { SELABEL_OPT_VALIDATE, opts->selabel_opt_validate },
|
|
|
709a1f |
+ { SELABEL_OPT_PATH, opts->selabel_opt_path },
|
|
|
709a1f |
+ { SELABEL_OPT_DIGEST, opts->selabel_opt_digest }
|
|
|
709a1f |
};
|
|
|
709a1f |
|
|
|
709a1f |
- r_opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts, 3);
|
|
|
709a1f |
- if (!r_opts->hnd) {
|
|
|
709a1f |
- perror(r_opts->selabel_opt_path);
|
|
|
709a1f |
+ opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts, 3);
|
|
|
709a1f |
+ if (!opts->hnd) {
|
|
|
709a1f |
+ perror(opts->selabel_opt_path);
|
|
|
709a1f |
exit(1);
|
|
|
709a1f |
}
|
|
|
709a1f |
|
|
|
709a1f |
- r_opts->restorecon_flags = 0;
|
|
|
709a1f |
- r_opts->restorecon_flags = r_opts->nochange | r_opts->verbose |
|
|
|
709a1f |
- r_opts->progress | r_opts->set_specctx |
|
|
|
709a1f |
- r_opts->add_assoc | r_opts->ignore_digest |
|
|
|
709a1f |
- r_opts->recurse | r_opts->userealpath |
|
|
|
709a1f |
- r_opts->xdev | r_opts->abort_on_error |
|
|
|
709a1f |
- r_opts->syslog_changes | r_opts->log_matches |
|
|
|
709a1f |
- r_opts->ignore_noent | r_opts->ignore_mounts |
|
|
|
709a1f |
- r_opts->mass_relabel;
|
|
|
709a1f |
+ opts->restorecon_flags = 0;
|
|
|
709a1f |
+ opts->restorecon_flags = opts->nochange | opts->verbose |
|
|
|
709a1f |
+ opts->progress | opts->set_specctx |
|
|
|
709a1f |
+ opts->add_assoc | opts->ignore_digest |
|
|
|
709a1f |
+ opts->recurse | opts->userealpath |
|
|
|
709a1f |
+ opts->xdev | opts->abort_on_error |
|
|
|
709a1f |
+ opts->syslog_changes | opts->log_matches |
|
|
|
709a1f |
+ opts->ignore_noent | opts->ignore_mounts |
|
|
|
709a1f |
+ opts->mass_relabel;
|
|
|
709a1f |
|
|
|
709a1f |
/* Use setfiles, restorecon and restorecond own handles */
|
|
|
709a1f |
- selinux_restorecon_set_sehandle(r_opts->hnd);
|
|
|
709a1f |
+ selinux_restorecon_set_sehandle(opts->hnd);
|
|
|
709a1f |
|
|
|
709a1f |
- if (r_opts->rootpath) {
|
|
|
709a1f |
- rc = selinux_restorecon_set_alt_rootpath(r_opts->rootpath);
|
|
|
709a1f |
+ if (opts->rootpath) {
|
|
|
709a1f |
+ rc = selinux_restorecon_set_alt_rootpath(opts->rootpath);
|
|
|
709a1f |
if (rc) {
|
|
|
709a1f |
fprintf(stderr,
|
|
|
709a1f |
"selinux_restorecon_set_alt_rootpath error: %s.\n",
|
|
|
709a1f |
@@ -81,7 +78,6 @@ int process_glob(char *name, struct restore_opts *opts)
|
|
|
709a1f |
size_t i = 0;
|
|
|
709a1f |
int len, rc, errors;
|
|
|
709a1f |
|
|
|
709a1f |
- r_opts = opts;
|
|
|
709a1f |
memset(&globbuf, 0, sizeof(globbuf));
|
|
|
709a1f |
|
|
|
709a1f |
errors = glob(name, GLOB_TILDE | GLOB_PERIOD |
|
|
|
709a1f |
@@ -96,7 +92,7 @@ int process_glob(char *name, struct restore_opts *opts)
|
|
|
709a1f |
if (len > 0 && strcmp(&globbuf.gl_pathv[i][len], "/..") == 0)
|
|
|
709a1f |
continue;
|
|
|
709a1f |
rc = selinux_restorecon(globbuf.gl_pathv[i],
|
|
|
709a1f |
- r_opts->restorecon_flags);
|
|
|
709a1f |
+ opts->restorecon_flags);
|
|
|
709a1f |
if (rc < 0)
|
|
|
709a1f |
errors = rc;
|
|
|
709a1f |
}
|
|
|
709a1f |
diff --git a/restorecond/restore.c b/restorecond/restore.c
|
|
|
709a1f |
index f6e30001..b93b5fdb 100644
|
|
|
709a1f |
--- a/restorecond/restore.c
|
|
|
709a1f |
+++ b/restorecond/restore.c
|
|
|
709a1f |
@@ -12,39 +12,36 @@
|
|
|
709a1f |
char **exclude_list;
|
|
|
709a1f |
int exclude_count;
|
|
|
709a1f |
|
|
|
709a1f |
-struct restore_opts *r_opts;
|
|
|
709a1f |
-
|
|
|
709a1f |
void restore_init(struct restore_opts *opts)
|
|
|
709a1f |
{
|
|
|
709a1f |
int rc;
|
|
|
709a1f |
|
|
|
709a1f |
- r_opts = opts;
|
|
|
709a1f |
struct selinux_opt selinux_opts[] = {
|
|
|
709a1f |
- { SELABEL_OPT_VALIDATE, r_opts->selabel_opt_validate },
|
|
|
709a1f |
- { SELABEL_OPT_PATH, r_opts->selabel_opt_path },
|
|
|
709a1f |
- { SELABEL_OPT_DIGEST, r_opts->selabel_opt_digest }
|
|
|
709a1f |
+ { SELABEL_OPT_VALIDATE, opts->selabel_opt_validate },
|
|
|
709a1f |
+ { SELABEL_OPT_PATH, opts->selabel_opt_path },
|
|
|
709a1f |
+ { SELABEL_OPT_DIGEST, opts->selabel_opt_digest }
|
|
|
709a1f |
};
|
|
|
709a1f |
|
|
|
709a1f |
- r_opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts, 3);
|
|
|
709a1f |
- if (!r_opts->hnd) {
|
|
|
709a1f |
- perror(r_opts->selabel_opt_path);
|
|
|
709a1f |
+ opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts, 3);
|
|
|
709a1f |
+ if (!opts->hnd) {
|
|
|
709a1f |
+ perror(opts->selabel_opt_path);
|
|
|
709a1f |
exit(1);
|
|
|
709a1f |
}
|
|
|
709a1f |
|
|
|
709a1f |
- r_opts->restorecon_flags = 0;
|
|
|
709a1f |
- r_opts->restorecon_flags = r_opts->nochange | r_opts->verbose |
|
|
|
709a1f |
- r_opts->progress | r_opts->set_specctx |
|
|
|
709a1f |
- r_opts->add_assoc | r_opts->ignore_digest |
|
|
|
709a1f |
- r_opts->recurse | r_opts->userealpath |
|
|
|
709a1f |
- r_opts->xdev | r_opts->abort_on_error |
|
|
|
709a1f |
- r_opts->syslog_changes | r_opts->log_matches |
|
|
|
709a1f |
- r_opts->ignore_noent | r_opts->ignore_mounts;
|
|
|
709a1f |
+ opts->restorecon_flags = 0;
|
|
|
709a1f |
+ opts->restorecon_flags = opts->nochange | opts->verbose |
|
|
|
709a1f |
+ opts->progress | opts->set_specctx |
|
|
|
709a1f |
+ opts->add_assoc | opts->ignore_digest |
|
|
|
709a1f |
+ opts->recurse | opts->userealpath |
|
|
|
709a1f |
+ opts->xdev | opts->abort_on_error |
|
|
|
709a1f |
+ opts->syslog_changes | opts->log_matches |
|
|
|
709a1f |
+ opts->ignore_noent | opts->ignore_mounts;
|
|
|
709a1f |
|
|
|
709a1f |
/* Use setfiles, restorecon and restorecond own handles */
|
|
|
709a1f |
- selinux_restorecon_set_sehandle(r_opts->hnd);
|
|
|
709a1f |
+ selinux_restorecon_set_sehandle(opts->hnd);
|
|
|
709a1f |
|
|
|
709a1f |
- if (r_opts->rootpath) {
|
|
|
709a1f |
- rc = selinux_restorecon_set_alt_rootpath(r_opts->rootpath);
|
|
|
709a1f |
+ if (opts->rootpath) {
|
|
|
709a1f |
+ rc = selinux_restorecon_set_alt_rootpath(opts->rootpath);
|
|
|
709a1f |
if (rc) {
|
|
|
709a1f |
fprintf(stderr,
|
|
|
709a1f |
"selinux_restorecon_set_alt_rootpath error: %s.\n",
|
|
|
709a1f |
@@ -75,7 +72,6 @@ int process_glob(char *name, struct restore_opts *opts)
|
|
|
709a1f |
size_t i = 0;
|
|
|
709a1f |
int len, rc, errors;
|
|
|
709a1f |
|
|
|
709a1f |
- r_opts = opts;
|
|
|
709a1f |
memset(&globbuf, 0, sizeof(globbuf));
|
|
|
709a1f |
|
|
|
709a1f |
errors = glob(name, GLOB_TILDE | GLOB_PERIOD |
|
|
|
709a1f |
@@ -90,7 +86,7 @@ int process_glob(char *name, struct restore_opts *opts)
|
|
|
709a1f |
if (len > 0 && strcmp(&globbuf.gl_pathv[i][len], "/..") == 0)
|
|
|
709a1f |
continue;
|
|
|
709a1f |
rc = selinux_restorecon(globbuf.gl_pathv[i],
|
|
|
709a1f |
- r_opts->restorecon_flags);
|
|
|
709a1f |
+ opts->restorecon_flags);
|
|
|
709a1f |
if (rc < 0)
|
|
|
709a1f |
errors = rc;
|
|
|
709a1f |
}
|
|
|
709a1f |
--
|
|
|
709a1f |
2.21.0
|
|
|
709a1f |
|