Re: [PATCH] id: fix: check return value of smack_new_label_from

coreutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] id: fix: check return value of smack_new_label_from_path() <

From:	Pádraig Brady
Subject:	Re: [PATCH] id: fix: check return value of smack_new_label_from_path() < 0
Date:	Tue, 04 Jun 2013 23:54:02 +0100
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130110 Thunderbird/17.0.2

On 06/04/2013 08:39 PM, Jarkko Sakkinen wrote:
> 
> 
> On Tue, Jun 4, 2013, at 2:23, Pádraig Brady wrote:
>> On 06/03/2013 06:15 PM, Jarkko Sakkinen wrote:
>>> Check that smack_new_label_from_path() < 0 and not just non-zero.
>>> There was slight change to libsmack such that positive values are
>>> reserved for returning length of the label.
>>> ---
>>>  src/id.c | 3 ++-
>>>  1 file changed, 2 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/src/id.c b/src/id.c
>>> index 937b723..c91dbcd 100644
>>> --- a/src/id.c
>>> +++ b/src/id.c
>>> @@ -210,7 +210,8 @@ main (int argc, char **argv)
>>>        if (selinux_enabled && getcon (&context) && just_context)
>>>          error (EXIT_FAILURE, 0, _("can't get process context"));
>>>  #ifdef HAVE_SMACK
>>> -      else if (smack_enabled && smack_new_label_from_self ((char **) 
>>> &context))
>>> +      else if (smack_enabled
>>> +               && smack_new_label_from_self ((char **) &context) < 0)
>>>          error (EXIT_FAILURE, 0, _("can't get process context"));
>>>  #endif
>>>      }
>>
>> That's not a slight change, it seems to be a backwards incompat
>> change that would break all existing users of
>> smack_new_label_from_self().
>> Are you assuming that one is always using the latest libsmack?
>> Should there be checks in m4 etc. to enforce any of this?
> 
> We are planning to freeze and tag 1.0 version of libsmack after changes
> for 'id' and 'ls are accepted. This is last API change before doing
> that.
> 
> I think there should be checks in m4 to check both
> smack_new_label_from_self() and smack_label_from_path() so I will put
> effort to get those checks in.
> 
> Other thing I've been thinking should I also update man pages? They
> speak now specifically about SELinux. Should they talk about LSM or
> security context instead?

The man pages are generated from usage() in ls, id etc.
That could be modified based on HAVE_SMACK though it
would be best to be generic if possible.

thanks,
Pádraig

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] id: fix: check return value of smack_new_label_from_path() < 0, Jarkko Sakkinen, 2013/06/03
- Re: [PATCH] id: fix: check return value of smack_new_label_from_path() < 0, Pádraig Brady, 2013/06/03
  - Re: [PATCH] id: fix: check return value of smack_new_label_from_path() < 0, Jarkko Sakkinen, 2013/06/04
    - Re: [PATCH] id: fix: check return value of smack_new_label_from_path() < 0, Pádraig Brady <=
    - Re: [PATCH] id: fix: check return value of smack_new_label_from_path() < 0, Jarkko Sakkinen, 2013/06/04

Prev by Date: Re: suggestion for 'ls' coreutil, comma'd filesizes in -l output
Next by Date: Re: [PATCH] id: fix: check return value of smack_new_label_from_path() < 0
Previous by thread: Re: [PATCH] id: fix: check return value of smack_new_label_from_path() < 0
Next by thread: Re: [PATCH] id: fix: check return value of smack_new_label_from_path() < 0
Index(es):
- Date
- Thread