Instead of only doing path simplification and symlink following for the
matchpathcon helper instead do it in the library potion. This was an
issue when in python some called selinux.matchpatchcon("//lib64", 0) and
got the wrong answer (because the // wasn't being dealt with)
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
matchpathcon cannot handle ./ or ../ in pathnames and doesn't do well
with symlinks. This patch uses the glibc function realpath() to try to
determine a real path with resolved symlinks and dot directories. For
example before this pach we would see:
$ matchpathcon /tmp/../eric
/tmp/../eric <<none>>
$ matchpathcon /eric
/eric system_u:object_r:default_t:s0
Whereas after the path we get the same results. The one quirk with the
patch is that we need special code to make sure that realpath() does not
follow a symlink if it is the final component. aka if we have a symlink
from /eric to /tmp/eric we do not want to resolv to /tmp/eric. We want
to just resolv to the actual symlink /eric.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
There is a .gitignore at the head of the directory but only contains
entries for the utils directory. Move to the utils directory.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
This utility will tell what context a new task will have after exec
based on the pathname and the context of the launching task.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Email: dwalsh@redhat.com
Subject: Patch to getdefaultcon to print just the correct match and add verbose option
Date: Wed, 04 Mar 2009 15:41:37 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I really want to rename this to selinuxdefaultcon, which is what we ship
in Fedora.
Also exit with proper error on failure.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkmu54AACgkQrlYvE4MpobNoZACdHgQDP2Hp/KDBpGCD7G08HjOX
p68An25Uu83SlOqjKyy9EG8ZgdIcuTCB
=L6UU
-----END PGP SIGNATURE-----
Signed-off-by: Chad Sellers <csellers@tresys.com>
Email: dwalsh@redhat.com
Subject: We have moved matchpathcon to /sbin from /usr/sbin
Date: Wed, 01 Apr 2009 10:21:53 -0400
Some init scripts wanted to use matchpathcon before /usr is mounted.
Author: Chad Sellers
Email: csellers@tresys.com
Added matchpathcon to clean target
Signed-off-by: Chad Sellers <csellers@tresys.com>
Email: dwalsh@redhat.com
Subject: Patch matchpathcon to eliminate file "/"
Date: Wed, 04 Mar 2009 15:39:31 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
So
matchpathcon /etc/
Will work the same as
matchpathcon /etc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkmu5wMACgkQrlYvE4MpobNK4gCgiVeXXEZcCMsJKXM7jqh6r1u3
OScAoLcmXBIR63gpvA8RS3g07pcPC6IF
=e+Re
-----END PGP SIGNATURE-----
Signed-off-by: Chad Sellers <csellers@tresys.com>
Email: dwalsh@redhat.com
Subject: matchpathcon -V does not always work as expected.
Date: Tue, 30 Sep 2008 08:54:18 -0400
matchpathcon -V should be passing the mode when checking whether the
file context on a file is correct.
Signed-off-by: Joshua Brindle <method@manicmethod.com>
