diff options
author | Bernhard Voelker <mail@bernhard-voelker.de> | 2021-12-25 16:14:59 +0100 |
---|---|---|
committer | Bernhard Voelker <mail@bernhard-voelker.de> | 2021-12-25 16:55:49 +0100 |
commit | 68979e578cbea71211af45685561df52232623d1 (patch) | |
tree | 50b532ac6f936cc46f5beac1efb4cbdfd1689996 | |
parent | b1b58be2b290ffa600988e747d29bd8759a61052 (diff) | |
download | findutils-68979e578cbea71211af45685561df52232623d1.tar.gz |
find: avoid '-D stat' side effect on SELinux handling with -L or -H
With the '-D stat' debugging option turned on, 'find -L' determined the
SELinux context information as if the -L (or -H) option was not given:
$ strace -ve getxattr,lgetxattr find -L . -maxdepth 0 -printf '%Z:%p\n'
getxattr(".", "security.selinux", 0x55b29a2b2d40, 255) = -1 ENODATA (No data available)
...
$ strace -ve getxattr,lgetxattr find -D stat -L . -maxdepth 0 -printf '%Z:%p\n'
lgetxattr(".", "security.selinux", 0x5649c91d8d40, 255) = -1 ENODATA (No data available)
...
* find/parser.c (set_follow_state): Move the DebugStat handling after
the switch statement, thus eliminating the if/else.
Bug present since adding the SELinux implementation in v4.5.5-42-g1a05af6a.
-rw-r--r-- | NEWS | 6 | ||||
-rw-r--r-- | find/parser.c | 49 |
2 files changed, 30 insertions, 25 deletions
@@ -14,6 +14,12 @@ GNU findutils NEWS - User visible changes. -*- outline -*- (allout) update now skips (fuse-mounted) s3fs filesystems by default, i.e., unless PRUNEFS is set. +** Bug Fixes + + 'find -D stat -L ...' no longer determines SELinux security information as + if the -L option was not given. + [Bug present since the SELinux implementation in 4.5.6] + ** Documentation Changes The find.1 man page and the Texinfo manual now show environment variables diff --git a/find/parser.c b/find/parser.c index f5d100a2..454764f3 100644 --- a/find/parser.c +++ b/find/parser.c @@ -503,6 +503,30 @@ get_stat_Ytime (const struct stat *p, void set_follow_state (enum SymlinkOption opt) { + switch (opt) + { + case SYMLINK_ALWAYS_DEREF: /* -L */ + options.xstat = optionl_stat; + options.x_getfilecon = optionl_getfilecon; + options.no_leaf_check = true; + break; + + case SYMLINK_NEVER_DEREF: /* -P (default) */ + options.xstat = optionp_stat; + options.x_getfilecon = optionp_getfilecon; + /* Can't turn no_leaf_check off because the user might have specified + * -noleaf anyway + */ + break; + + case SYMLINK_DEREF_ARGSONLY: /* -H */ + options.xstat = optionh_stat; + options.x_getfilecon = optionh_getfilecon; + options.no_leaf_check = true; + } + + options.symlink_handling = opt; + if (options.debug_options & DebugStat) { /* For DebugStat, the choice is made at runtime within debug_stat() @@ -510,31 +534,6 @@ set_follow_state (enum SymlinkOption opt) */ options.xstat = debug_stat; } - else - { - switch (opt) - { - case SYMLINK_ALWAYS_DEREF: /* -L */ - options.xstat = optionl_stat; - options.x_getfilecon = optionl_getfilecon; - options.no_leaf_check = true; - break; - - case SYMLINK_NEVER_DEREF: /* -P (default) */ - options.xstat = optionp_stat; - options.x_getfilecon = optionp_getfilecon; - /* Can't turn no_leaf_check off because the user might have specified - * -noleaf anyway - */ - break; - - case SYMLINK_DEREF_ARGSONLY: /* -H */ - options.xstat = optionh_stat; - options.x_getfilecon = optionh_getfilecon; - options.no_leaf_check = true; - } - } - options.symlink_handling = opt; } |