Menu
▾
▴
[Selinux-commits] SF.net SVN: selinux:[2932] trunk/libselinux/src/label_file.c
|
From: <ssm...@us...> - 2008-07-29 12:21:10
|
Revision: 2932
http://selinux.svn.sourceforge.net/selinux/?rev=2932&view=rev
Author: ssmalley
Date: 2008-07-29 12:21:08 +0000 (Tue, 29 Jul 2008)
Log Message:
-----------
Author: Stephen Smalley
Email: sd...@ty...
Subject: libselinux: handle duplicate file context entries as a fatal error
Date: Fri, 18 Jul 2008 15:09:15 -0400
Take two. Ensure that duplicate file context entry errors are
propagated to the caller, causing setfiles -c to exit with an error
status and libsemanage to roll back the transaction. Do it for both
duplicate same entries and for duplicate conflicting entries.
Signed-off-by: Stephen Smalley <sd...@ty...>
Modified Paths:
--------------
trunk/libselinux/src/label_file.c
Modified: trunk/libselinux/src/label_file.c
===================================================================
--- trunk/libselinux/src/label_file.c 2008-07-29 12:20:45 UTC (rev 2931)
+++ trunk/libselinux/src/label_file.c 2008-07-29 12:21:08 UTC (rev 2932)
@@ -146,8 +146,9 @@
/*
* Warn about duplicate specifications.
*/
-static void nodups_specs(struct saved_data *data, const char *path)
+static int nodups_specs(struct saved_data *data, const char *path)
{
+ int rc = 0;
unsigned int ii, jj;
struct spec *curr_spec, *spec_arr = data->spec_arr;
@@ -158,24 +159,27 @@
(spec_arr[jj].regex_str, curr_spec->regex_str))
&& (!spec_arr[jj].mode || !curr_spec->mode
|| spec_arr[jj].mode == curr_spec->mode)) {
+ rc = -1;
+ errno = EINVAL;
if (strcmp
(spec_arr[jj].lr.ctx_raw,
curr_spec->lr.ctx_raw)) {
COMPAT_LOG
- (SELINUX_WARNING,
+ (SELINUX_ERROR,
"%s: Multiple different specifications for %s (%s and %s).\n",
path, curr_spec->regex_str,
spec_arr[jj].lr.ctx_raw,
curr_spec->lr.ctx_raw);
} else {
COMPAT_LOG
- (SELINUX_WARNING,
+ (SELINUX_ERROR,
"%s: Multiple same specifications for %s.\n",
path, curr_spec->regex_str);
}
}
}
}
+ return rc;
}
/* Determine if the regular expression specification has any meta characters. */
@@ -503,6 +507,10 @@
}
free(line_buf);
+ status = nodups_specs(data, path);
+ if (status)
+ goto finish;
+
/* Move exact pathname specifications to the end. */
spec_copy = malloc(sizeof(spec_t) * data->nspec);
if (!spec_copy)
@@ -519,8 +527,6 @@
free(data->spec_arr);
data->spec_arr = spec_copy;
- nodups_specs(data, path);
-
status = 0;
finish:
fclose(fp);
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
