mirror of
git://git.sv.gnu.org/coreutils.git
synced 2026-03-20 20:04:10 +02:00
4ce7488e8d
When the parent directory exists and has a different default context to the final directory, the context was incorrectly left as that of the parent directory. * src/mkdir.c (process_dir): Because defaultcon() is called for existing ancestors (as it must be to avoid races), then we must unconditionally call restorecon() on the last component due to the already documented caveat with make_dir_parents(). Alternatively you could temp disable o->set_security_context around make_dir_parents(), but that would be subject to races. * tests (tests/mkdir/restorecon.sh): Add a TODO for improvement. Reference mknod and mkfifo with print_ver_. * NEWS: Mention the bug fix. Fixes http://bugs.gnu.org/20616
74 lines
2.8 KiB
Bash
Executable File
74 lines
2.8 KiB
Bash
Executable File
#!/bin/sh
|
|
# test mkdir, mknod, mkfifo -Z
|
|
|
|
# Copyright (C) 2013-2015 Free Software Foundation, Inc.
|
|
|
|
# This program is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src
|
|
print_ver_ mkdir mknod mkfifo
|
|
require_selinux_
|
|
|
|
|
|
get_selinux_type() { ls -Zd "$1" | sed -n 's/.*:\(.*_t\):.*/\1/p'; }
|
|
|
|
mkdir subdir || framework_failure_
|
|
chcon 'root:object_r:tmp_t:s0' subdir || framework_failure_
|
|
cd subdir
|
|
|
|
# --- mkdir -Z ---
|
|
# Since in a tmp_t dir, dirs can be created as user_tmp_t ...
|
|
mkdir standard || framework_failure_
|
|
mkdir restored || framework_failure_
|
|
if restorecon restored 2>/dev/null; then
|
|
# ... but when restored can be set to user_home_t
|
|
# So ensure the type for these mkdir -Z cases matches
|
|
# the directory type as set by restorecon.
|
|
mkdir -Z single || fail=1
|
|
# Run these as separate processes in case global context
|
|
# set for an arg, impacts on another arg
|
|
# TODO: Have the defaultcon() vary over these directories
|
|
for dir in single_p single_p/existing multi/ple; do
|
|
mkdir -Zp "$dir" || fail=1
|
|
done
|
|
restored_type=$(get_selinux_type 'restored')
|
|
test "$(get_selinux_type 'single')" = "$restored_type" || fail=1
|
|
test "$(get_selinux_type 'single_p')" = "$restored_type" || fail=1
|
|
test "$(get_selinux_type 'single_p/existing')" = "$restored_type" || fail=1
|
|
test "$(get_selinux_type 'multi')" = "$restored_type" || fail=1
|
|
test "$(get_selinux_type 'multi/ple')" = "$restored_type" || fail=1
|
|
fi
|
|
if test "$fail" = '1'; then
|
|
ls -UZd standard restored
|
|
ls -UZd single single_p single_p/existing multi multi/ple
|
|
fi
|
|
|
|
# --- mknod -Z and mkfifo -Z ---
|
|
# Assume if selinux present that we can create fifos
|
|
for cmd_w_arg in 'mknod' 'mkfifo'; do
|
|
# In OpenBSD's /bin/sh, mknod is a shell built-in.
|
|
# Running via "env" ensures we run our program and not the built-in.
|
|
basename="$cmd_w_arg"
|
|
test "$basename" = 'mknod' && nt='p' || nt=''
|
|
env -- $cmd_w_arg $basename $nt || fail=1
|
|
env -- $cmd_w_arg ${basename}_restore $nt || fail=1
|
|
if restorecon ${basename}_restore 2>/dev/null; then
|
|
env -- $cmd_w_arg -Z ${basename}_Z $nt || fail=1
|
|
restored_type=$(get_selinux_type "${basename}_restore")
|
|
test "$(get_selinux_type ${basename}_Z)" = "$restored_type" || fail=1
|
|
fi
|
|
done
|
|
|
|
Exit $fail
|