[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 1/2] find: add SELinux support
|
From: |
Jim Meyering |
|
Subject: |
Re: [PATCH 1/2] find: add SELinux support |
|
Date: |
Thu, 30 Jul 2009 13:57:00 +0200 |
Kamil Dudka wrote:
> On Tue July 14 2009 21:31:22 Eric Blake wrote:
>> Kamil Dudka <kdudka <at> redhat.com> writes:
>> > In other words on Debian find does not change the working directory
>> > before calling lgetxattr syscall. That's why lgetxattr does not see the
>> > file and returns ENOENT (No such file or directory).
>>
>> One thing to look at would be kernel versions; not all kernels support
>> openat and friends, so on older kernels, the fts traversal algorithms have
>> to fake openat by using chdir, but on newer kernels, there are no chdir.
>> Meanwhile, it may be worth begging the kernel and glibc folks to consider
>> implementing lgetxattrat and friends.
>
> Sorry for confusion. My previous testing was completely wrong because I ran
> older version of findutils on Fedora. With the current git version it fails
> on Fedora, too. It means something has been changed within findutils and/or
> gnulib in the meantime.
>
> The attached incremental patch fixes it. Now it works on both Fedora and
> Debian. But unfortunately it does not work with the stable version (4.4.2)
> of findutils. Could anybody point me to the relevant change in findutils
> code? Thanks in advance!
With the FTS_CWDFD-adding change you spotted,
I suspect that you should be using an FD-based function,
like getfileconat or lgetfileconat from coreutils.
> diff --git a/find/pred.c b/find/pred.c
> index 77c2aac..ffc239b 100644
> --- a/find/pred.c
> +++ b/find/pred.c
> @@ -1061,7 +1061,7 @@ do_fprintf(struct format_val *dest,
> case 'Z': /* SELinux security context */
> {
> security_context_t scontext;
> - int rv = (*options.x_getfilecon) (state.rel_pathname, &scontext);
> + int rv = (*options.x_getfilecon) (pathname, &scontext);
> if (rv < 0)
> {
> /* If getfilecon fails, there will in the general case
> @@ -1899,7 +1899,7 @@ pred_context (const char *pathname, struct stat
> *stat_buf,
> struct predicate *pred_ptr)
> {
> security_context_t scontext;
> - int rv = (*options.x_getfilecon) (state.rel_pathname, &scontext);
> + int rv = (*options.x_getfilecon) (pathname, &scontext);
> if (rv < 0)
> {
> error (0, errno, "getfilecon: %s", safely_quote_err_filename (0,
> pathname));
- [PATCH 1/2] find: add SELinux support, James Youngman, 2009/07/11
- [PATCH 2/2] Bugfixes to the handling of %Z in the Red Hat SELinux patch., James Youngman, 2009/07/11
- Re: [PATCH 1/2] find: add SELinux support, Kamil Dudka, 2009/07/11
- Message not available
- Re: [PATCH 1/2] find: add SELinux support, Kamil Dudka, 2009/07/13
- Re: [PATCH 1/2] find: add SELinux support, Kamil Dudka, 2009/07/14
- Re: [PATCH 1/2] find: add SELinux support, Kamil Dudka, 2009/07/14
- Re: [PATCH 1/2] find: add SELinux support, Eric Blake, 2009/07/14
- Re: [PATCH 1/2] find: add SELinux support, Kamil Dudka, 2009/07/20
- Re: [PATCH 1/2] find: add SELinux support, Kamil Dudka, 2009/07/20
- Re: [PATCH 1/2] find: add SELinux support,
Jim Meyering <=