mkdir: fix -pZ with existing parent directories

When the parent directory exists and has a different default context to the final directory, the context was incorrectly left as that of the parent directory. * src/mkdir.c (process_dir): Because defaultcon() is called for existing ancestors (as it must be to avoid races), then we must unconditionally call restorecon() on the last component due to the already documented caveat with make_dir_parents(). Alternatively you could temp disable o->set_security_context around make_dir_parents(), but that would be subject to races. * tests (tests/mkdir/restorecon.sh): Add a TODO for improvement. Reference mknod and mkfifo with print_ver_. * NEWS: Mention the bug fix. Fixes http://bugs.gnu.org/20616
2026-04-21 11:16:16 +02:00 · 2015-05-21 11:38:13 +01:00
parent b5f332cfe0
commit 4ce7488e8d
3 changed files with 9 additions and 15 deletions
--- a/tests/mkdir/restorecon.sh
+++ b/tests/mkdir/restorecon.sh
@@ -17,7 +17,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.

 . "${srcdir=.}/tests/init.sh"; path_prepend_ ./src
-print_ver_ mkdir
+print_ver_ mkdir mknod mkfifo
 require_selinux_


@@ -38,6 +38,7 @@ if restorecon restored 2>/dev/null; then
  mkdir -Z single || fail=1
  # Run these as separate processes in case global context
  # set for an arg, impacts on another arg
+  # TODO: Have the defaultcon() vary over these directories
  for dir in single_p single_p/existing multi/ple; do
    mkdir -Zp "$dir" || fail=1
  done