The underlying performance problem is being dealt with in Automake
by limiting the number of install invocations, and in SELinux with
incremental changes as well as a potential new implementation.
* src/Makefile.am (ginstall_CPPFLAGS) [ENABLE_MATCHPATHCON]: Define.
* src/install.c [ENABLE_WHEN_MATCHPATHCON_IS_MORE_EFFICIENT]:
Rename to ENABLE_MATCHPATHCON.
* NEWS: mention this change
* src/install.c (setdefaultfilecon)
[ENABLE_WHEN_MATCHPATHCON_IS_MORE_EFFICIENT]:
Call matchpathcon_init_prefix only once.
Suggestion from Stephen Smalley. Reported by Ben Webb in
<http://bugzilla.redhat.com/447410>.
* src/install.c (announce_mkdir): Write verbose output to stdout,
not to stderr.
* src/mkdir.c (announce mkdir): Use prog_fprintf for verbose output.
* src/prog-fprintf.c (prog_fprintf): New function and file.
* src/prog-fprintf.h: New file.
* src/rmdir.c (main): Write verbose output to stdout, not to stderr.
Quote directory name in a diagnostic.
* src/rmdir.c (remove_parents): Write verbose output to stdout,
not to stderr.
* doc/coreutils.texi: Mention that shred verbose output is to stderr.
* NEWS: Mention the changes.
Signed-off-by: Ondřej Vašík <ovasik@redhat.com>
* src/copy.h (struct cp_options): New member owner_privileges.
* src/copy.c (USE_ACL): Define to 0 if not defined, for convenience.
(owner_failure_ok): New function.
(set_owner): Avoid a security-related race by doing an extra chmod
first if it looks like there might be trouble right after a chown.
Accept a source struct stat rather than a uid and gid, and
accept a boolean NEW_DST and destination struct stat.
All callers changed.
* src/copy.h (cp_options_default): New function, replacing the
old chown_privileges.
* src/copy.c (cp_options_default): Likewise.
* src/cp.c (cp_option_init): Use it.
* src/install.c (cp_option_init): Likewise.
* src/mv.c (cp_option_init): Likewise.
* NEWS: Mention this change.
* doc/coreutils.texi (cp invocation): Describe the new behavior.
* src/copy.c: No longer include "canonicalize.h".
(copy_reg): Upon failure to open a dangling destination symlink, don't
canonicalize the name, but rather fail (default) or, with POSIXLY_CORRECT,
repeat the open call without O_EXCL (potentially dangerous).
* src/copy.h (struct cp_options) [open_dangling_dest_symlink]:
New member. Reorder the others, grouping "bool" and "enum"
members together.
* tests/cp/thru-dangling: Test for changed and new behavior.
* src/cp.c (cp_option_init): Initialize new member.
* src/install.c (cp_option_init): Likewise.
* src/mv.c (cp_option_init): Likewise.
Signed-off-by: Jim Meyering <meyering@redhat.com>
* src/install.c (setdefaultfilecon): Call matchpathcon_init_prefix,
to mitigate what would otherwise be a large performance hit due to
the use of matchpathcon.
Dan Walsh suggested the use of matchpathcon_init_prefix.
* gl/lib/se-selinux.in.h (matchpathcon_init_prefix): Define.
Signed-off-by: Jim Meyering <meyering@redhat.com>
--parents and symlinks. Close some race conditions possible when
the destination replaces a newly-created file with a symlink.
* NEWS: Document that 'cp --parents' no longer mishandles
symlinks in file name components of source.
* src/copy.c (HAVE_LCHOWN): Default to false.
(lchown) [!defined HAVE_LCHOWN]: Define to chown, for convenience.
* src/cp.c (lchown) [!HAVE_LCHOWN]: Likewise.
* src/install.c (lchown [!HAVE_LCHOWN]: Likewise.
* src/copy.c (set_owner): Use lchown instead of chown, for safety
in case the file got replaced by a symlink in the meantime.
* src/cp.c (re_protect): Likewise.
* src/install.c (change_attributes): Likewise.
* src/copy.c (copy_internal): Use ordinary C rather than an #if.
* src/cp.c (lchown) [!HAVE_LCHOWN]: Define to chown, for convenience.
(struct dir_attr): Cache the entire struct stat of the directory,
rather than just its mode, so that we needn't stat the directory
twice (which can lead to races).
(re_protect): Don't use XSTAT as that's not appropriate in
this context (symlinks should be followed here). Instead, use
the cached stat value.
(make_dir_parents_private): Save dir's entire struct stat, not
just its mode.
* tests/cp/cp-parents: Add test to check against bug with
cp --parents and symlinks.
* tests/cp/Makefile.am (TESTS): Add cp-a-selinux.
* tests/selinux: New file.
* tests/Makefile.am (EXTRA_DIST): Add selinux.
* tests/misc/selinux: Source the new script, rather than open coding it.
Change how "cp -a" and "cp --preserve=context" work with SELinux.
Now, cp -a attempts to preserve context, but failure to do so does
not change cp's exit status. However "cp --preserve=context" is
similar, but failure *does* cause cp to exit with nonzero status.
* src/copy.h (struct cp_options) [require_preserve_context]: New member.
* src/copy.c (copy_reg, copy_internal): Implement the above.
* src/mv.c (cp_option_init): Initialize the new member.
* src/install.c (cp_option_init): Likewise.
* src/cp.c (cp_option_init): Likewise.
(decode_preserve_arg): Set it or reset it.
FIXME: add an on-writable-NFS-only test
patch, mv and cp do not provide the "-Z context" option.
* src/copy.c: Include <selinux/selinux.h>.
(restore_default_fscreatecon): New function.
(copy_reg): Make cp --preserve=context work for existing destination.
(copy_internal): Likewise for new destinations.
* src/copy.h (cp_options) [preserve_security_context]: New member.
* src/cp.c: Include <selinux/selinux.h>.
(selinux_enabled): New global.
(usage): Mention new --preserve=context option.
(PRESERVE_CONTEXT): Define/use.
(decode_preserve_arg): Handle PRESERVE_CONTEXT.
(main): Remove an obsolete comment.
If --preserve=context is specified on a system without SELinux
enabled, give a diagnostic and fail.
* src/mv.c: Include <selinux/selinux.h>.
Set x->preserve_security_context if SELinux is enabled.
* src/install.c: Accept new "-Z, --context=C" option.
Accept --preserve-context option (but not -P option).
Accept alternate spelling: --preserve_context, for now.
Include <selinux/selinux.h> and "quotearg.h".
(selinux_enabled, use_default_selinux_context): New globals.
(PRESERVE_CONTEXT_OPTION): Define.
(cp_option_init): Default: do not preserve security context.
(setdefaultfilecon): New function.
(main): Honor new options.
* src/Makefile.am (mv_LDADD, cp_LDADD, ginstall_LDADD):
Add $(LIB_SELINUX).
each option string from its description, so help2man formats
the derived man page properly. Reported by Thomas Huriaux in
<http://bugs.debian.org/410407>.
* src/df.c (usage): Likewise.
* src/du.c (usage): Likewise.
* src/install.c (usage): Likewise.
* src/ls.c (usage): Likewise.
wrong file name in some cases.
* src/install.c (struct install_options): New type.
(install_file_in_file_parents, main):
Use it instead of struct cp_options.
(process_dir): Remember the full name.
(announce_mkdir, make_ancestor): Use the full name in announcements.
* src/mkdir.c (struct mkdir_options): Add full_name member.
(make_ancestor): Use the full name in announcements.
(process_dir): Remember the full name.
* tests/mkdir/Makefile.am (TESTS): Add p-v.
* tests/mkdir/p-v: New file, to test this bug.
* bootstrap.conf (gnulib_modules): Add savewd.
* src/install.c: Include savewd.h.
(process_dir): New function.
(main, install_file_in_file_parents): Use it, along with the new
savewd module, to avoid some race conditions.
* src/mkdir.c: Include savewd.h.
(struct mkdir_options): New members make_ancestor_function, mode,
mode_bits.
(make_ancestor): Return 1 if the resulting directory is not readable.
(process_dir): New function.
(main): Use it, along with new savewd module, to avoid some
race conditions. Fill in new slots of struct mkdir_options, so
that callees get the values.
* tests/install/basic-1: Test for coreutils 5.97 bug that was
fixed in coreutils 6.0, and which should still be fixed with
this change.
* tests/mkdir/p-3: Likewise.
(announce_mkdir, make_ancestor): New functions.
(DEFAULT_MODE): New macro, specifying initial value of 'mode'.
(mode): Use it.
(dir_mode, dir_mode_bits): New vars.
(main): Set dir modes separately from nondir, so that the X
op of -m works correctly.
(main): Remove cwd_errno cruft, since make_dir_parents no longer
affects cwd. Adjust to new make_dir_parents API.
(install_file_in_file_parents): 2nd arg is now char *, not char
const *. Use mkancesdirs instead of rolling our own code.
(change_attributes): Don't worry about AFS, since that kludge
should not be needed any more.
struct stat, not file name. All uses changed.
(install_file_in_file): Stat the source file if necessary.
Don't try to change time stamps if copy_file did it.
restore_cwd failure, and report errno.
(install_file_in_file_parents): Fail if restore_cwd fails and
one of the files is relative. This fixes a bug (albeit unlikely).
directory, give a diagnostic about each subsequent failure to create
a dot-relative directory.
(install_file_in_file_parents): Update make_dir_parents caller.
Bo Borgerson
Jim Meyering
Ondřej Vašík
Paul Eggert
Eric Blake
Jim Meyering