From unknown Mon Jun 23 18:27:26 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#16335 <16335@debbugs.gnu.org> To: bug#16335 <16335@debbugs.gnu.org> Subject: Status: Segmentation fault when using cp -a with SELinux and fakeroot Reply-To: bug#16335 <16335@debbugs.gnu.org> Date: Tue, 24 Jun 2025 01:27:26 +0000 retitle 16335 Segmentation fault when using cp -a with SELinux and fakeroot reassign 16335 coreutils submitter 16335 Nicolas Iooss severity 16335 normal thanks From debbugs-submit-bounces@debbugs.gnu.org Fri Jan 03 19:37:07 2014 Received: (at submit) by debbugs.gnu.org; 4 Jan 2014 00:37:07 +0000 Received: from localhost ([127.0.0.1]:60803 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VzFEg-0000F8-G7 for submit@debbugs.gnu.org; Fri, 03 Jan 2014 19:37:07 -0500 Received: from eggs.gnu.org ([208.118.235.92]:35313) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VzCvO-0003RT-Qx for submit@debbugs.gnu.org; Fri, 03 Jan 2014 17:09:03 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1VzCvJ-0008UK-68 for submit@debbugs.gnu.org; Fri, 03 Jan 2014 17:09:02 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:49729) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VzCvJ-0008UF-2U for submit@debbugs.gnu.org; Fri, 03 Jan 2014 17:08:57 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:37012) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VzCvE-0007OW-3e for bug-coreutils@gnu.org; Fri, 03 Jan 2014 17:08:56 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1VzCv9-0008T3-8r for bug-coreutils@gnu.org; Fri, 03 Jan 2014 17:08:52 -0500 Received: from mx1.polytechnique.org ([129.104.30.34]:42692) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VzCv9-0008Sr-1r for bug-coreutils@gnu.org; Fri, 03 Jan 2014 17:08:47 -0500 Received: from [10.5.5.101] (11.147.102.84.rev.sfr.net [84.102.147.11]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ssl.polytechnique.org (Postfix) with ESMTPSA id 1451914091336 for ; Fri, 3 Jan 2014 23:08:44 +0100 (CET) Message-ID: <52C734EA.9040701@m4x.org> Date: Fri, 03 Jan 2014 23:08:42 +0100 From: Nicolas Iooss Organization: M4X User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: bug-coreutils@gnu.org Subject: Segmentation fault when using cp -a with SELinux and fakeroot X-Enigmail-Version: 1.6 Content-Type: multipart/mixed; boundary="------------040106080205060909030506" X-AV-Checked: ClamAV using ClamSMTP at svoboda.polytechnique.org (Fri Jan 3 23:08:44 2014 +0100 (CET)) X-Org-Mail: nicolas.iooss.2010@polytechnique.org X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.1 (----) X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Fri, 03 Jan 2014 19:37:05 -0500 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -4.1 (----) This is a multi-part message in MIME format. --------------040106080205060909030506 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Hello, After upgrading to coreutils 8.22 I can no longer build packages which uses "cp -a" to copy files due to a segmentation fault happening in libselinux. I've tried to reproduce this bug with few commands, in a directory which doesn't have any default context: $ mkdir /tmp/foobar $ matchpathcon /tmp/foobar <> $ touch /tmp/foobar/a $ fakeroot cp -a /tmp/foobar/a /tmp/foobar/b $ fakeroot cp -a /tmp/foobar/a /tmp/foobar/b /usr/bin/fakeroot: line 181: 9207 Segmentation fault Without fakeroot there is no segmentation fault. Even if the message says "/usr/bin/fakeroot", a coredump has been created for cp. I've analyzed this dump using gdb and after some debugging, I found out that restorecon_private (from src/selinux.c) was calling lsetfilecon with a NULL security context which was obtained by getfscreatecon (case "local = true" in the code [1]). This causes a null pointer dereference in libselinux and so a SIGSEGV. I've reported this bug to libselinux maintainers [2] and got the reply that calling lsetfilecon with a NULL security context was like calling strlen with a NULL string and that this was a problem in caller's code [3]. Hence I propose the attached patch to fix the segmentation fault. Could you please accept it? When you reply, please Cc me as I'm not subscribed. Thanks, Nicolas Iooss ----------- System configuration during my tests: * distro: ArchLinux which SELinux packages * CPU arch: x86_64 * SELinux in permissive mode * coreutils 8.22 * libselinux 2.2.1 * fakeroot 1.20 [1] http://git.savannah.gnu.org/gitweb/?p=coreutils.git;a=blob;f=src/selinux.c;hb=v8.22#l191 [2] http://marc.info/?l=selinux&m=138763485330568&w=2 [3] http://marc.info/?l=selinux&m=138842015508829&w=2 --------------040106080205060909030506 Content-Type: text/x-patch; name="0001-Fix-segmentation-fault-in-restorecon_private.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename*0="0001-Fix-segmentation-fault-in-restorecon_private.patch" >>From 2d9940379927d2536675a7970f16767e4d209f27 Mon Sep 17 00:00:00 2001 From: Nicolas Iooss Date: Fri, 3 Jan 2014 22:47:17 +0100 Subject: [PATCH] Fix segmentation fault in restorecon_private --- src/selinux.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/selinux.c b/src/selinux.c index cd38a81..e4deba3 100644 --- a/src/selinux.c +++ b/src/selinux.c @@ -190,7 +190,7 @@ restorecon_private (char const *path, bool local) if (local) { - if (getfscreatecon (&tcon) < 0) + if (getfscreatecon (&tcon) < 0 || tcon == NULL) return rc; rc = lsetfilecon (path, tcon); freecon (tcon); -- 1.8.5.2 --------------040106080205060909030506-- From debbugs-submit-bounces@debbugs.gnu.org Fri Jan 03 20:42:16 2014 Received: (at 16335) by debbugs.gnu.org; 4 Jan 2014 01:42:16 +0000 Received: from localhost ([127.0.0.1]:60873 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VzGFh-00021D-PW for submit@debbugs.gnu.org; Fri, 03 Jan 2014 20:42:15 -0500 Received: from mail4.vodafone.ie ([213.233.128.170]:7522) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VzGFZ-00020n-Bm for 16335@debbugs.gnu.org; Fri, 03 Jan 2014 20:42:06 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApMBAJxmx1JtTev4/2dsb2JhbAANS4NDuXmBIoMZAQEBBDIBRhALDQsJFg8JAwIBAgFFBg0BBwEBiAUIqEeaZBeOTEIHhDcEmUeFPI5VgWo Received: from unknown (HELO [192.168.1.79]) ([109.77.235.248]) by mail3.vodafone.ie with ESMTP; 04 Jan 2014 01:42:02 +0000 Message-ID: <52C766E9.5020202@draigBrady.com> Date: Sat, 04 Jan 2014 01:42:01 +0000 From: =?ISO-8859-1?Q?P=E1draig_Brady?= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130110 Thunderbird/17.0.2 MIME-Version: 1.0 To: Nicolas Iooss Subject: Re: bug#16335: Segmentation fault when using cp -a with SELinux and fakeroot References: <52C734EA.9040701@m4x.org> In-Reply-To: <52C734EA.9040701@m4x.org> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 16335 Cc: 16335@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) On 01/03/2014 10:08 PM, Nicolas Iooss wrote: > Hello, > > After upgrading to coreutils 8.22 I can no longer build packages which > uses "cp -a" to copy files due to a segmentation fault happening in > libselinux. > > I've tried to reproduce this bug with few commands, in a directory which > doesn't have any default context: > > $ mkdir /tmp/foobar > $ matchpathcon > /tmp/foobar <> > $ touch /tmp/foobar/a > $ fakeroot cp -a /tmp/foobar/a /tmp/foobar/b > $ fakeroot cp -a /tmp/foobar/a /tmp/foobar/b > /usr/bin/fakeroot: line 181: 9207 Segmentation fault > > Without fakeroot there is no segmentation fault. > > Even if the message says "/usr/bin/fakeroot", a coredump has been > created for cp. I've analyzed this dump using gdb and after some > debugging, I found out that restorecon_private (from src/selinux.c) was > calling lsetfilecon with a NULL security context which was obtained by > getfscreatecon (case "local = true" in the code [1]). This causes a null > pointer dereference in libselinux and so a SIGSEGV. > > I've reported this bug to libselinux maintainers [2] and got the reply > that calling lsetfilecon with a NULL security context was like calling > strlen with a NULL string and that this was a problem in caller's code [3]. > > Hence I propose the attached patch to fix the segmentation fault. Could > you please accept it? > > When you reply, please Cc me as I'm not subscribed. > > Thanks, > > Nicolas Iooss > > ----------- > > System configuration during my tests: > > * distro: ArchLinux which SELinux packages > * CPU arch: x86_64 > * SELinux in permissive mode > * coreutils 8.22 > * libselinux 2.2.1 > * fakeroot 1.20 > > [1] > http://git.savannah.gnu.org/gitweb/?p=coreutils.git;a=blob;f=src/selinux.c;hb=v8.22#l191 > [2] http://marc.info/?l=selinux&m=138763485330568&w=2 > [3] http://marc.info/?l=selinux&m=138842015508829&w=2 Thanks for the very thorough analysis and patch. The patch looks correct as getfscreatecon() is documented to return a NULL context in some cases. I'll see if I can add a robust test and will apply this in your name. thanks, Pádraig. From debbugs-submit-bounces@debbugs.gnu.org Fri Jan 03 22:03:12 2014 Received: (at 16335) by debbugs.gnu.org; 4 Jan 2014 03:03:12 +0000 Received: from localhost ([127.0.0.1]:60925 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VzHW4-0004Cs-4p for submit@debbugs.gnu.org; Fri, 03 Jan 2014 22:03:12 -0500 Received: from mail4.vodafone.ie ([213.233.128.170]:56104) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VzHW1-0004Cj-C1 for 16335@debbugs.gnu.org; Fri, 03 Jan 2014 22:03:10 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApMBAGp5x1JtTev4/2dsb2JhbAANS4NDuXqBIoMZAQEBBDIBRhALDQsJFg8JAwIBAgFFBg0BBwEBiAUIqE2aZBeOTEIHhDcEmUeFPI5VgWo Received: from unknown (HELO [192.168.1.79]) ([109.77.235.248]) by mail3.vodafone.ie with ESMTP; 04 Jan 2014 03:03:07 +0000 Message-ID: <52C779EA.2040202@draigBrady.com> Date: Sat, 04 Jan 2014 03:03:06 +0000 From: =?ISO-8859-1?Q?P=E1draig_Brady?= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130110 Thunderbird/17.0.2 MIME-Version: 1.0 To: Nicolas Iooss Subject: Re: bug#16335: Segmentation fault when using cp -a with SELinux and fakeroot References: <52C734EA.9040701@m4x.org> <52C766E9.5020202@draigBrady.com> In-Reply-To: <52C766E9.5020202@draigBrady.com> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 16335 Cc: 16335@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) On 01/04/2014 01:42 AM, Pádraig Brady wrote: > On 01/03/2014 10:08 PM, Nicolas Iooss wrote: >> Hello, >> >> After upgrading to coreutils 8.22 I can no longer build packages which >> uses "cp -a" to copy files due to a segmentation fault happening in >> libselinux. >> >> I've tried to reproduce this bug with few commands, in a directory which >> doesn't have any default context: >> >> $ mkdir /tmp/foobar >> $ matchpathcon >> /tmp/foobar <> >> $ touch /tmp/foobar/a >> $ fakeroot cp -a /tmp/foobar/a /tmp/foobar/b >> $ fakeroot cp -a /tmp/foobar/a /tmp/foobar/b >> /usr/bin/fakeroot: line 181: 9207 Segmentation fault >> >> Without fakeroot there is no segmentation fault. >> >> Even if the message says "/usr/bin/fakeroot", a coredump has been >> created for cp. I've analyzed this dump using gdb and after some >> debugging, I found out that restorecon_private (from src/selinux.c) was >> calling lsetfilecon with a NULL security context which was obtained by >> getfscreatecon (case "local = true" in the code [1]). This causes a null >> pointer dereference in libselinux and so a SIGSEGV. >> >> I've reported this bug to libselinux maintainers [2] and got the reply >> that calling lsetfilecon with a NULL security context was like calling >> strlen with a NULL string and that this was a problem in caller's code [3]. >> >> Hence I propose the attached patch to fix the segmentation fault. Could >> you please accept it? >> >> When you reply, please Cc me as I'm not subscribed. >> >> Thanks, >> >> Nicolas Iooss >> >> ----------- >> >> System configuration during my tests: >> >> * distro: ArchLinux which SELinux packages >> * CPU arch: x86_64 >> * SELinux in permissive mode >> * coreutils 8.22 >> * libselinux 2.2.1 >> * fakeroot 1.20 >> >> [1] >> http://git.savannah.gnu.org/gitweb/?p=coreutils.git;a=blob;f=src/selinux.c;hb=v8.22#l191 >> [2] http://marc.info/?l=selinux&m=138763485330568&w=2 >> [3] http://marc.info/?l=selinux&m=138842015508829&w=2 > > Thanks for the very thorough analysis and patch. > The patch looks correct as getfscreatecon() is > documented to return a NULL context in some cases. > I'll see if I can add a robust test and will apply > this in your name. Actually what's errno set to with tcon is NULL. If if was 0 you might get the classic "error success" message if using the --preserve=context option rather than -a for example. I.E. the following might be more appropriate. Note neither Fedora 15 or 20 here produce a NULL value with fakeroot. thanks, Pádraig. diff --git a/src/selinux.c b/src/selinux.c index cd38a81..016db16 100644 --- a/src/selinux.c +++ b/src/selinux.c @@ -192,6 +192,11 @@ restorecon_private (char const *path, bool local) { if (getfscreatecon (&tcon) < 0) return rc; + if (!tcon) + { + errno = ENODATA; + return rc; + } rc = lsetfilecon (path, tcon); freecon (tcon); return rc; From debbugs-submit-bounces@debbugs.gnu.org Sat Jan 04 06:02:21 2014 Received: (at 16335) by debbugs.gnu.org; 4 Jan 2014 11:02:21 +0000 Received: from localhost ([127.0.0.1]:33085 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VzOzl-00020H-50 for submit@debbugs.gnu.org; Sat, 04 Jan 2014 06:02:21 -0500 Received: from mx1.polytechnique.org ([129.104.30.34]:34409) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VzOzi-000206-0y for 16335@debbugs.gnu.org; Sat, 04 Jan 2014 06:02:19 -0500 Received: from [10.5.5.101] (11.147.102.84.rev.sfr.net [84.102.147.11]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ssl.polytechnique.org (Postfix) with ESMTPSA id 0A39E1406E70A for <16335@debbugs.gnu.org>; Sat, 4 Jan 2014 12:02:15 +0100 (CET) Message-ID: <52C7EA36.8020302@m4x.org> Date: Sat, 04 Jan 2014 12:02:14 +0100 From: Nicolas Iooss Organization: M4X User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: 16335@debbugs.gnu.org Subject: Re: bug#16335: Segmentation fault when using cp -a with SELinux and fakeroot References: <52C734EA.9040701@m4x.org> <52C766E9.5020202@draigBrady.com> <52C779EA.2040202@draigBrady.com> In-Reply-To: <52C779EA.2040202@draigBrady.com> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-AV-Checked: ClamAV using ClamSMTP at svoboda.polytechnique.org (Sat Jan 4 12:02:16 2014 +0100 (CET)) X-Spam-Flag: No, tests=bogofilter, spamicity=0.000000, queueID=52D3414091316 X-Org-Mail: nicolas.iooss.2010@polytechnique.org X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 16335 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) On 04/01/2014 04:03, Pádraig Brady wrote : > On 01/04/2014 01:42 AM, Pádraig Brady wrote: >> On 01/03/2014 10:08 PM, Nicolas Iooss wrote: >>> Hello, >>> >>> After upgrading to coreutils 8.22 I can no longer build packages which >>> uses "cp -a" to copy files due to a segmentation fault happening in >>> libselinux. >>> >>> I've tried to reproduce this bug with few commands, in a directory which >>> doesn't have any default context: >>> >>> $ mkdir /tmp/foobar >>> $ matchpathcon >>> /tmp/foobar <> >>> $ touch /tmp/foobar/a >>> $ fakeroot cp -a /tmp/foobar/a /tmp/foobar/b >>> $ fakeroot cp -a /tmp/foobar/a /tmp/foobar/b >>> /usr/bin/fakeroot: line 181: 9207 Segmentation fault >>> >>> Without fakeroot there is no segmentation fault. >>> >>> Even if the message says "/usr/bin/fakeroot", a coredump has been >>> created for cp. I've analyzed this dump using gdb and after some >>> debugging, I found out that restorecon_private (from src/selinux.c) was >>> calling lsetfilecon with a NULL security context which was obtained by >>> getfscreatecon (case "local = true" in the code [1]). This causes a null >>> pointer dereference in libselinux and so a SIGSEGV. >>> >>> I've reported this bug to libselinux maintainers [2] and got the reply >>> that calling lsetfilecon with a NULL security context was like calling >>> strlen with a NULL string and that this was a problem in caller's code [3]. >>> >>> Hence I propose the attached patch to fix the segmentation fault. Could >>> you please accept it? >>> >>> When you reply, please Cc me as I'm not subscribed. >>> >>> Thanks, >>> >>> Nicolas Iooss >>> >>> ----------- >>> >>> System configuration during my tests: >>> >>> * distro: ArchLinux which SELinux packages >>> * CPU arch: x86_64 >>> * SELinux in permissive mode >>> * coreutils 8.22 >>> * libselinux 2.2.1 >>> * fakeroot 1.20 >>> >>> [1] >>> http://git.savannah.gnu.org/gitweb/?p=coreutils.git;a=blob;f=src/selinux.c;hb=v8.22#l191 >>> [2] http://marc.info/?l=selinux&m=138763485330568&w=2 >>> [3] http://marc.info/?l=selinux&m=138842015508829&w=2 >> >> Thanks for the very thorough analysis and patch. >> The patch looks correct as getfscreatecon() is >> documented to return a NULL context in some cases. >> I'll see if I can add a robust test and will apply >> this in your name. Thanks for your quick reply. > > Actually what's errno set to with tcon is NULL. > If if was 0 you might get the classic "error success" message > if using the --preserve=context option rather than -a for example. According to libselinux code [4], when "fscreate" attribute is empty, getfscreatecon sets the security context to NULL and returns 0 without setting errno. Hence if it remains zero, set_file_security_ctx from src/copy.c will report the "error success" message. > > I.E. the following might be more appropriate. I agree. With your patch I get this (as expected): $ fakeroot cp --preserve=context a b cp: failed to get security context of 'a': No data available > Note neither Fedora 15 or 20 here produce a NULL value with fakeroot. On my system, fakeroot (version 1.20) doesn't seem to support xattr: $ fakeroot getfattr -m - -d /tmp/foobar/a $ getfattr -m - -d /tmp/foobar/a getfattr: Suppression des « / » en tęte des chemins absolus # file: tmp/foobar/a security.selinux="unconfined_u:object_r:user_tmp_t:s0" > > thanks, > Pádraig. > > diff --git a/src/selinux.c b/src/selinux.c > index cd38a81..016db16 100644 > --- a/src/selinux.c > +++ b/src/selinux.c > @@ -192,6 +192,11 @@ restorecon_private (char const *path, bool local) > { > if (getfscreatecon (&tcon) < 0) > return rc; > + if (!tcon) > + { > + errno = ENODATA; > + return rc; > + } > rc = lsetfilecon (path, tcon); > freecon (tcon); > return rc; > Nicolas [4] http://userspace.selinuxproject.org/trac/browser/libselinux/src/procattr.c?rev=edc2e99687b050d5be21a78a66d038aa1fc068d9#L176 From debbugs-submit-bounces@debbugs.gnu.org Mon Jan 13 09:50:27 2014 Received: (at 16335-done) by debbugs.gnu.org; 13 Jan 2014 14:50:27 +0000 Received: from localhost ([127.0.0.1]:48670 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1W2iqQ-0007JH-2I for submit@debbugs.gnu.org; Mon, 13 Jan 2014 09:50:26 -0500 Received: from mail1.vodafone.ie ([213.233.128.43]:49691) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1W2iqN-0007J2-7r for 16335-done@debbugs.gnu.org; Mon, 13 Jan 2014 09:50:24 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AqMBAPj701JtTCfK/2dsb2JhbAANTYNDULlzgSeDGQEBAQR5EAsNBAMBAgoWDwkDAgECAT0IBg0BAQQCAQEFEYdvA6kWm3QXjnYRBwmELgSQM4kUhTyFcYhl Received: from unknown (HELO [192.168.1.79]) ([109.76.39.202]) by mail1.vodafone.ie with ESMTP; 13 Jan 2014 14:50:21 +0000 Message-ID: <52D3FD25.3020704@draigBrady.com> Date: Mon, 13 Jan 2014 14:50:13 +0000 From: =?ISO-8859-1?Q?P=E1draig_Brady?= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130110 Thunderbird/17.0.2 MIME-Version: 1.0 To: Nicolas Iooss Subject: Re: bug#16335: Segmentation fault when using cp -a with SELinux and fakeroot References: <52C734EA.9040701@m4x.org> <52C766E9.5020202@draigBrady.com> <52C779EA.2040202@draigBrady.com> <52C7EA36.8020302@m4x.org> In-Reply-To: <52C7EA36.8020302@m4x.org> X-Enigmail-Version: 1.6 Content-Type: multipart/mixed; boundary="------------090006030202030409000509" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 16335-done Cc: 16335-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) This is a multi-part message in MIME format. --------------090006030202030409000509 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit I'm going to push the attached very soon, to address this. thanks, Pádraig. --------------090006030202030409000509 Content-Type: text/x-patch; name="cp-selinux-segfault.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="cp-selinux-segfault.patch" >From 2b3b5bfcd5f4161d17c0bc3d43f6edcfc4a2b294 Mon Sep 17 00:00:00 2001 From: Nicolas Looss Date: Sat, 4 Jan 2014 03:03:51 +0000 Subject: [PATCH] copy: fix a segfault in SELinux context copying code * src/selinux.c (restorecon_private): On ArchLinux the `fakeroot cp -a file1 file2` command segfaulted due to getfscreatecon() returning a NULL context. So map this to the sometimes ignored ENODATA error, rather than crashing. * tests/cp/no-ctx.sh: Add a new test case. * tests/local.mk: Reference the new test. * NEWS: Mention the fix. Fixes http://bugs.gnu.org/16335 --- NEWS | 5 ++++ src/selinux.c | 5 ++++ tests/cp/no-ctx.sh | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++++ tests/local.mk | 1 + 4 files changed, 64 insertions(+), 0 deletions(-) create mode 100755 tests/cp/no-ctx.sh diff --git a/NEWS b/NEWS index 3e1f9c6..699a7d3 100644 --- a/NEWS +++ b/NEWS @@ -9,6 +9,11 @@ GNU coreutils NEWS -*- outline -*- the context of an existing directory to that of its last copied descendent. [bug introduced in coreutils-8.22] + cp -a, mv, and install --preserve-context, no longer seg fault when running + with SELinux enabled, when copying from file systems that return an error + when reading the SELinux context for a file. + [bug introduced in coreutils-8.22] + * Noteworthy changes in release 8.22 (2013-12-13) [stable] diff --git a/src/selinux.c b/src/selinux.c index cd38a81..016db16 100644 --- a/src/selinux.c +++ b/src/selinux.c @@ -192,6 +192,11 @@ restorecon_private (char const *path, bool local) { if (getfscreatecon (&tcon) < 0) return rc; + if (!tcon) + { + errno = ENODATA; + return rc; + } rc = lsetfilecon (path, tcon); freecon (tcon); return rc; diff --git a/tests/cp/no-ctx.sh b/tests/cp/no-ctx.sh new file mode 100755 index 0000000..59d30de --- /dev/null +++ b/tests/cp/no-ctx.sh @@ -0,0 +1,53 @@ +#!/bin/sh +# Ensure we handle file systems returning no SELinux context, +# which triggered a segmentation fault in coreutils-8.22. +# This test is skipped on systems that lack LD_PRELOAD support; that's fine. +# Similarly, on a system that lacks lgetfilecon altogether, skipping it is fine. + +# Copyright (C) 2014 Free Software Foundation, Inc. + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src +print_ver_ cp +require_gcc_shared_ + +# Replace each getfilecon and lgetfilecon call with a call to these stubs. +cat > k.c <<'EOF' || framework_failure_ +#include +#include + +int getfilecon (const char *path, security_context_t *con) +{ errno=ENODATA; return -1; } +int lgetfilecon (const char *path, security_context_t *con) +{ errno=ENODATA; return -1; } +EOF + +# Then compile/link it: +$CC -shared -fPIC -O2 k.c -o k.so \ + || framework_failure_ 'failed to build SELinux shared library' + +touch file_src + +# New file with SELinux context optionally included +LD_PRELOAD=./k.so cp -a file_src file_dst || fail=1 + +# Existing file with SELinux context optionally included +LD_PRELOAD=./k.so cp -a file_src file_dst || fail=1 + +# ENODATA should give an immediate error when required to preserve ctx +# This is debatable, and maybe we should not fail when no context available? +LD_PRELOAD=./k.so cp --preserve=context file_src file_dst && fail=1 + +Exit $fail diff --git a/tests/local.mk b/tests/local.mk index dc7341c..9d556f6 100644 --- a/tests/local.mk +++ b/tests/local.mk @@ -161,6 +161,7 @@ all_tests = \ tests/rm/ext3-perf.sh \ tests/rm/cycle.sh \ tests/cp/link-heap.sh \ + tests/cp/no-ctx.sh \ tests/misc/tty-eof.pl \ tests/tail-2/inotify-hash-abuse.sh \ tests/tail-2/inotify-hash-abuse2.sh \ -- 1.7.7.6 --------------090006030202030409000509-- From debbugs-submit-bounces@debbugs.gnu.org Mon Jan 13 09:57:55 2014 Received: (at 16335) by debbugs.gnu.org; 13 Jan 2014 14:57:55 +0000 Received: from localhost ([127.0.0.1]:49135 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1W2ixa-0007by-MT for submit@debbugs.gnu.org; Mon, 13 Jan 2014 09:57:54 -0500 Received: from mail1.vodafone.ie ([213.233.128.43]:23762) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1W2ixP-0007bi-8W for 16335@debbugs.gnu.org; Mon, 13 Jan 2014 09:57:42 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApMBAJP+01JtTCfK/2dsb2JhbAANTYNDukOBKIMZAQEBBDIBVgsNCwkWDwkDAgECAUUHDAgBAYgFqRabdhePDoQ3AQOfA45W Received: from unknown (HELO [192.168.1.79]) ([109.76.39.202]) by mail1.vodafone.ie with ESMTP; 13 Jan 2014 14:57:30 +0000 Message-ID: <52D3FED0.3020100@draigBrady.com> Date: Mon, 13 Jan 2014 14:57:20 +0000 From: =?ISO-8859-1?Q?P=E1draig_Brady?= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130110 Thunderbird/17.0.2 MIME-Version: 1.0 To: 16335@debbugs.gnu.org, nicolas.iooss@m4x.org Subject: Re: bug#16335: Segmentation fault when using cp -a with SELinux and fakeroot References: <52C734EA.9040701@m4x.org> <52C766E9.5020202@draigBrady.com> <52C779EA.2040202@draigBrady.com> <52C7EA36.8020302@m4x.org> <52D3FD25.3020704@draigBrady.com> In-Reply-To: <52D3FD25.3020704@draigBrady.com> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 16335 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) On 01/13/2014 02:50 PM, Pádraig Brady wrote: > +# Then compile/link it: > +$CC -shared -fPIC -O2 k.c -o k.so \ > + || framework_failure_ 'failed to build SELinux shared library' I'll change that to a || skip_ ... so that we avoid issues with no (stub) being available. thanks, Pádraig. From debbugs-submit-bounces@debbugs.gnu.org Mon Jan 13 10:28:02 2014 Received: (at 16335) by debbugs.gnu.org; 13 Jan 2014 15:28:02 +0000 Received: from localhost ([127.0.0.1]:49172 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1W2jQo-0008Uz-2N for submit@debbugs.gnu.org; Mon, 13 Jan 2014 10:28:02 -0500 Received: from moutng.kundenserver.de ([212.227.126.171]:49255) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1W2jQj-0008Uc-5F for 16335@debbugs.gnu.org; Mon, 13 Jan 2014 10:27:58 -0500 Received: from [10.0.2.15] (gw.camline.com [62.153.148.194]) by mrelayeu.kundenserver.de (node=mrbap3) with ESMTP (Nemesis) id 0LhePx-1VYObo3rrV-00maGK; Mon, 13 Jan 2014 16:27:54 +0100 Message-ID: <52D405EC.3000609@bernhard-voelker.de> Date: Mon, 13 Jan 2014 16:27:40 +0100 From: Bernhard Voelker User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: =?ISO-8859-1?Q?P=E1draig_Brady?= , 16335@debbugs.gnu.org, nicolas.iooss@m4x.org Subject: Re: bug#16335: Segmentation fault when using cp -a with SELinux and fakeroot References: <52C734EA.9040701@m4x.org> <52C766E9.5020202@draigBrady.com> <52C779EA.2040202@draigBrady.com> <52C7EA36.8020302@m4x.org> <52D3FD25.3020704@draigBrady.com> <52D3FED0.3020100@draigBrady.com> In-Reply-To: <52D3FED0.3020100@draigBrady.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Provags-ID: V02:K0:+rIIxwjgbHpZsBgOZF2+3ra2ijgq5xI7vAVrIijVPB6 OUS8xiucVsKHRkIRX51TxFiFFr+xb2T+DvfIDaQEXYysbRZTI+ jAICP3ZJ5dfMoFMt69AskY3eNMsE01w5TMZVGOyAGpb7Rk2sNm P+o4tQrmeqSjbboeNmlDFQAtS4qF1W6QoPMCuJnWqp33avNJma XbttxQqaXJUKID+Z+JYohLPXNE8Ujq9+HSEPDIvd+hlUOG7yJ/ +tbxh2WF/mGqlaPwIzcirSmd4zfCMGL0zpJjY+cslPMwWOw9zv YT2JP/ab5sCqwO7TmZlog+cERyQ3qplTJLWXfJpygQD9BECsD0 /7vh81PY5CNOXyKrwG3WYENCwx6gKK9iNVoUNxaqe X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 16335 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) On 01/13/2014 03:57 PM, Pádraig Brady wrote: > On 01/13/2014 02:50 PM, Pádraig Brady wrote: >> +# Then compile/link it: >> +$CC -shared -fPIC -O2 k.c -o k.so \ >> + || framework_failure_ 'failed to build SELinux shared library' > > I'll change that to a || skip_ ... > so that we avoid issues with no (stub) being available. LD_PRELOADed tests are sometimes a bit tricky, so doing double checks is a good idea: I'd add a fclose(fopen("x")); inside the dummies, and check if that file has really been created. Otherwise, you can't be sure if replacing the functions really worked. Furthermore, when I added a LD_PRELOADed test a while ago, I think Paul suggested to add -ldl for some non-GNU/Linux platforms. I'd also specify 'gcc' hardcoded ... probably with -Wall. +1 otherwise. Thanks & have a nice day, Berny From debbugs-submit-bounces@debbugs.gnu.org Mon Jan 13 12:09:58 2014 Received: (at 16335) by debbugs.gnu.org; 13 Jan 2014 17:09:58 +0000 Received: from localhost ([127.0.0.1]:49309 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1W2l1S-00039N-BR for submit@debbugs.gnu.org; Mon, 13 Jan 2014 12:09:58 -0500 Received: from mail1.vodafone.ie ([213.233.128.43]:20702) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1W2l1Q-00039E-Ef for 16335@debbugs.gnu.org; Mon, 13 Jan 2014 12:09:57 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApMBAAMd1FJtTCfK/2dsb2JhbAANTYNDukWBK4MZAQEBAwEyAUYFCwsNAQoJFg8JAwIBAgFFBg0BBwEBh3gNqR+bTxePBweENwEDnwOOVg Received: from unknown (HELO [192.168.1.79]) ([109.76.39.202]) by mail1.vodafone.ie with ESMTP; 13 Jan 2014 17:09:55 +0000 Message-ID: <52D41DE2.7060608@draigBrady.com> Date: Mon, 13 Jan 2014 17:09:54 +0000 From: =?ISO-8859-1?Q?P=E1draig_Brady?= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130110 Thunderbird/17.0.2 MIME-Version: 1.0 To: Bernhard Voelker Subject: Re: bug#16335: Segmentation fault when using cp -a with SELinux and fakeroot References: <52C734EA.9040701@m4x.org> <52C766E9.5020202@draigBrady.com> <52C779EA.2040202@draigBrady.com> <52C7EA36.8020302@m4x.org> <52D3FD25.3020704@draigBrady.com> <52D3FED0.3020100@draigBrady.com> <52D405EC.3000609@bernhard-voelker.de> In-Reply-To: <52D405EC.3000609@bernhard-voelker.de> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 16335 Cc: nicolas.iooss@m4x.org, 16335@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) On 01/13/2014 03:27 PM, Bernhard Voelker wrote: > On 01/13/2014 03:57 PM, Pádraig Brady wrote: >> On 01/13/2014 02:50 PM, Pádraig Brady wrote: >>> +# Then compile/link it: >>> +$CC -shared -fPIC -O2 k.c -o k.so \ >>> + || framework_failure_ 'failed to build SELinux shared library' >> >> I'll change that to a || skip_ ... >> so that we avoid issues with no (stub) being available. > > LD_PRELOADed tests are sometimes a bit tricky, so doing > double checks is a good idea: I'd add a > fclose(fopen("x")); > inside the dummies, and check if that file has really been > created. Otherwise, you can't be sure if replacing the functions > really worked. Right, I'll skip_ in that case to warn about stale tests. > Furthermore, when I added a LD_PRELOADed test a while ago, > I think Paul suggested to add -ldl for some non-GNU/Linux > platforms. Right. I'll refactor all those calls to a gcc_shared_() for consistency. > I'd also specify 'gcc' hardcoded ... probably with -Wall. Hmm, icc and clang support this gcc interface, so I'm inclined to leave it as $CC so as not preclude those from this part of the testing matrix. We can always beef up require_gcc_shared_() if this ever becomes an issue. thanks! Pádraig. From debbugs-submit-bounces@debbugs.gnu.org Mon Jan 13 15:09:57 2014 Received: (at 16335) by debbugs.gnu.org; 13 Jan 2014 20:09:57 +0000 Received: from localhost ([127.0.0.1]:49392 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1W2npc-0008JC-Ij for submit@debbugs.gnu.org; Mon, 13 Jan 2014 15:09:57 -0500 Received: from mail1.vodafone.ie ([213.233.128.43]:12460) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1W2npY-0008Iw-7K for 16335@debbugs.gnu.org; Mon, 13 Jan 2014 15:09:54 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AqQBAF9H1FJtTCfK/2dsb2JhbAANQwqDQ1C5eYEvgxkBAQEEeRALDQEDAwECAQkWDwkDAgECAT0IBg0BAQQCAQEFEYdvA6kmm1cXjitLEQcJhC4EkDOJFIU8hXGIZQ Received: from unknown (HELO [192.168.1.79]) ([109.76.39.202]) by mail1.vodafone.ie with ESMTP; 13 Jan 2014 20:09:50 +0000 Message-ID: <52D4480D.8030703@draigBrady.com> Date: Mon, 13 Jan 2014 20:09:49 +0000 From: =?ISO-8859-1?Q?P=E1draig_Brady?= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130110 Thunderbird/17.0.2 MIME-Version: 1.0 To: Bernhard Voelker Subject: Re: bug#16335: Segmentation fault when using cp -a with SELinux and fakeroot References: <52C734EA.9040701@m4x.org> <52C766E9.5020202@draigBrady.com> <52C779EA.2040202@draigBrady.com> <52C7EA36.8020302@m4x.org> <52D3FD25.3020704@draigBrady.com> <52D3FED0.3020100@draigBrady.com> <52D405EC.3000609@bernhard-voelker.de> <52D41DE2.7060608@draigBrady.com> In-Reply-To: <52D41DE2.7060608@draigBrady.com> X-Enigmail-Version: 1.6 Content-Type: multipart/mixed; boundary="------------010901080605040602050206" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 16335 Cc: nicolas.iooss@m4x.org, 16335@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) This is a multi-part message in MIME format. --------------010901080605040602050206 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit On 01/13/2014 05:09 PM, Pádraig Brady wrote: > On 01/13/2014 03:27 PM, Bernhard Voelker wrote: >> On 01/13/2014 03:57 PM, Pádraig Brady wrote: >>> On 01/13/2014 02:50 PM, Pádraig Brady wrote: >>>> +# Then compile/link it: >>>> +$CC -shared -fPIC -O2 k.c -o k.so \ >>>> + || framework_failure_ 'failed to build SELinux shared library' >>> >>> I'll change that to a || skip_ ... >>> so that we avoid issues with no (stub) being available. >> >> LD_PRELOADed tests are sometimes a bit tricky, so doing >> double checks is a good idea: I'd add a >> fclose(fopen("x")); >> inside the dummies, and check if that file has really been >> created. Otherwise, you can't be sure if replacing the functions >> really worked. > > Right, I'll skip_ in that case to warn > about stale tests. > >> Furthermore, when I added a LD_PRELOADed test a while ago, >> I think Paul suggested to add -ldl for some non-GNU/Linux >> platforms. > > Right. I'll refactor all those calls to a gcc_shared_() for consistency. > >> I'd also specify 'gcc' hardcoded ... probably with -Wall. > > Hmm, icc and clang support this gcc interface, > so I'm inclined to leave it as $CC so as not > preclude those from this part of the testing matrix. > We can always beef up require_gcc_shared_() if > this ever becomes an issue. Pushing the attached 2 patches in a while. thanks, Pádraig. --------------010901080605040602050206 Content-Type: text/x-patch; name="cp-selinux-segfault.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="cp-selinux-segfault.patch" >From 33825d7c872f1ad4887a448f6d1348fb7dcbb178 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?P=C3=A1draig=20Brady?= Date: Mon, 13 Jan 2014 19:39:52 +0000 Subject: [PATCH 1/2] maint: refactor gcc commands to build a shared lib in tests * init.cfg (gcc_shared_): A new function refactored from tests. (require_gcc_shared_): Adjust to call gcc_shared_() to build the test library, and remove that library before the function returns. * tests/cp/nfs-removal-race.sh: Call the new gcc_shared_(). * tests/df/no-mtab-status.sh: Likewise. * tests/df/skip-duplicates.sh: Likewise. * tests/ls/getxattr-speedup.sh: Likewise. * tests/rm/r-root.sh: Likewise. --- init.cfg | 11 ++++++++++- tests/cp/nfs-removal-race.sh | 2 +- tests/df/no-mtab-status.sh | 2 +- tests/df/skip-duplicates.sh | 2 +- tests/ls/getxattr-speedup.sh | 2 +- tests/rm/r-root.sh | 2 +- 6 files changed, 15 insertions(+), 6 deletions(-) diff --git a/init.cfg b/init.cfg index af3963c..876f5e6 100644 --- a/init.cfg +++ b/init.cfg @@ -500,13 +500,22 @@ require_sparse_support_() fi } +# Compile a shared lib using the GCC options for doing so. +# Pass input and output file as parameters respectively. +# Any other optional parmeters are passed to $CC. +gcc_shared_() +{ + $CC -Wall -shared --std=gnu99 -fPIC -ldl -O2 $3 "$1" -o "$2" +} + # There are a myriad of ways to build shared libs, # so we only consider running tests requiring shared libs, # on platforms that support building them as follows. require_gcc_shared_() { - $CC -shared -fPIC -O2 -xc -o d.so -ldl - < /dev/null 2>&1 \ + gcc_shared_ '-' 'd.so' -xc < /dev/null 2>&1 \ || skip_ '$CC -shared ... failed to build a shared lib' + rm -f d.so } mkfifo_or_skip_() diff --git a/tests/cp/nfs-removal-race.sh b/tests/cp/nfs-removal-race.sh index 0638db1..6969e8b 100755 --- a/tests/cp/nfs-removal-race.sh +++ b/tests/cp/nfs-removal-race.sh @@ -58,7 +58,7 @@ __xstat (int ver, const char *path, struct stat *st) EOF # Then compile/link it: -$CC -shared -fPIC -O2 k.c -o k.so -ldl \ +gcc_shared_ k.c k.so \ || framework_failure_ 'failed to build shared library' touch d2 || framework_failure_ diff --git a/tests/df/no-mtab-status.sh b/tests/df/no-mtab-status.sh index 58f1b46..f2fda5e 100755 --- a/tests/df/no-mtab-status.sh +++ b/tests/df/no-mtab-status.sh @@ -45,7 +45,7 @@ struct mntent *getmntent (FILE *fp) EOF # Then compile/link it: -$CC -shared -fPIC -ldl -O2 k.c -o k.so \ +gcc_shared_ k.c k.so \ || framework_failure_ 'failed to build shared library' # Test if LD_PRELOAD works: diff --git a/tests/df/skip-duplicates.sh b/tests/df/skip-duplicates.sh index 69182d2..266520a 100755 --- a/tests/df/skip-duplicates.sh +++ b/tests/df/skip-duplicates.sh @@ -60,7 +60,7 @@ struct mntent *getmntent (FILE *fp) EOF # Then compile/link it: -gcc --std=gnu99 -shared -fPIC -ldl -O2 k.c -o k.so \ +gcc_shared_ k.c k.so \ || framework_failure_ 'failed to build shared library' # Test if LD_PRELOAD works: diff --git a/tests/ls/getxattr-speedup.sh b/tests/ls/getxattr-speedup.sh index 5725fa5..0144571 100755 --- a/tests/ls/getxattr-speedup.sh +++ b/tests/ls/getxattr-speedup.sh @@ -48,7 +48,7 @@ ssize_t lgetxattr(const char *path, const char *name, void *value, size_t size) EOF # Then compile/link it: -$CC -shared -fPIC -O2 k.c -o k.so \ +gcc_shared_ k.c k.so \ || framework_failure_ 'failed to build shared library' # Create a few files: diff --git a/tests/rm/r-root.sh b/tests/rm/r-root.sh index 06e5769..04a88eb 100755 --- a/tests/rm/r-root.sh +++ b/tests/rm/r-root.sh @@ -60,7 +60,7 @@ int unlinkat (int dirfd, const char *pathname, int flags) EOF # Then compile/link it: -gcc -Wall --std=gnu99 -shared -fPIC -ldl -O2 k.c -o k.so \ +gcc_shared_ k.c k.so \ || framework_failure_ 'failed to build shared library' #------------------------------------------------------------------------------- -- 1.7.7.6 >From 6f54e3ffeeee69fa75dff00527f0c0bd96b3a6b9 Mon Sep 17 00:00:00 2001 From: Nicolas Looss Date: Sat, 4 Jan 2014 03:03:51 +0000 Subject: [PATCH 2/2] copy: fix a segfault in SELinux context copying code * src/selinux.c (restorecon_private): On ArchLinux the `fakeroot cp -a file1 file2` command segfaulted due to getfscreatecon() returning a NULL context. So map this to the sometimes ignored ENODATA error, rather than crashing. * tests/cp/no-ctx.sh: Add a new test case. * tests/local.mk: Reference the new test. * NEWS: Mention the fix. Fixes http://bugs.gnu.org/16335 --- NEWS | 5 ++++ src/selinux.c | 5 ++++ tests/cp/no-ctx.sh | 63 ++++++++++++++++++++++++++++++++++++++++++++++++++++ tests/local.mk | 1 + 4 files changed, 74 insertions(+), 0 deletions(-) create mode 100755 tests/cp/no-ctx.sh diff --git a/NEWS b/NEWS index 3e1f9c6..699a7d3 100644 --- a/NEWS +++ b/NEWS @@ -9,6 +9,11 @@ GNU coreutils NEWS -*- outline -*- the context of an existing directory to that of its last copied descendent. [bug introduced in coreutils-8.22] + cp -a, mv, and install --preserve-context, no longer seg fault when running + with SELinux enabled, when copying from file systems that return an error + when reading the SELinux context for a file. + [bug introduced in coreutils-8.22] + * Noteworthy changes in release 8.22 (2013-12-13) [stable] diff --git a/src/selinux.c b/src/selinux.c index cd38a81..016db16 100644 --- a/src/selinux.c +++ b/src/selinux.c @@ -192,6 +192,11 @@ restorecon_private (char const *path, bool local) { if (getfscreatecon (&tcon) < 0) return rc; + if (!tcon) + { + errno = ENODATA; + return rc; + } rc = lsetfilecon (path, tcon); freecon (tcon); return rc; diff --git a/tests/cp/no-ctx.sh b/tests/cp/no-ctx.sh new file mode 100755 index 0000000..3b5eb82 --- /dev/null +++ b/tests/cp/no-ctx.sh @@ -0,0 +1,63 @@ +#!/bin/sh +# Ensure we handle file systems returning no SELinux context, +# which triggered a segmentation fault in coreutils-8.22. +# This test is skipped on systems that lack LD_PRELOAD support; that's fine. +# Similarly, on a system that lacks lgetfilecon altogether, skipping it is fine. + +# Copyright (C) 2014 Free Software Foundation, Inc. + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src +print_ver_ cp +require_gcc_shared_ + +# Replace each getfilecon and lgetfilecon call with a call to these stubs. +cat > k.c <<'EOF' || framework_failure_ +#include +#include +#include + +int getfilecon (const char *path, security_context_t *con) +{ + /* Leave a marker so we can identify if the function was intercepted. */ + fclose(fopen("preloaded", "w")); + + errno=ENODATA; + return -1; +} + +int lgetfilecon (const char *path, security_context_t *con) +{ return getfilecon (path, con); } +EOF + +# Then compile/link it: +gcc_shared_ k.c k.so \ + || skip_ 'failed to build SELinux shared library' + +touch file_src + +# New file with SELinux context optionally included +LD_PRELOAD=./k.so cp -a file_src file_dst || fail=1 + +# Existing file with SELinux context optionally included +LD_PRELOAD=./k.so cp -a file_src file_dst || fail=1 + +# ENODATA should give an immediate error when required to preserve ctx +# This is debatable, and maybe we should not fail when no context available? +LD_PRELOAD=./k.so cp --preserve=context file_src file_dst && fail=1 + +test -e preloaded || skip_ 'LD_PRELOAD interception failed' + +Exit $fail diff --git a/tests/local.mk b/tests/local.mk index dc7341c..9d556f6 100644 --- a/tests/local.mk +++ b/tests/local.mk @@ -161,6 +161,7 @@ all_tests = \ tests/rm/ext3-perf.sh \ tests/rm/cycle.sh \ tests/cp/link-heap.sh \ + tests/cp/no-ctx.sh \ tests/misc/tty-eof.pl \ tests/tail-2/inotify-hash-abuse.sh \ tests/tail-2/inotify-hash-abuse2.sh \ -- 1.7.7.6 --------------010901080605040602050206-- From debbugs-submit-bounces@debbugs.gnu.org Mon Jan 13 15:12:51 2014 Received: (at 16335) by debbugs.gnu.org; 13 Jan 2014 20:12:51 +0000 Received: from localhost ([127.0.0.1]:49396 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1W2nsQ-0008Oc-VE for submit@debbugs.gnu.org; Mon, 13 Jan 2014 15:12:51 -0500 Received: from mx1.polytechnique.org ([129.104.30.34]:50176) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1W2nsO-0008OQ-2J for 16335@debbugs.gnu.org; Mon, 13 Jan 2014 15:12:49 -0500 Received: from [10.5.5.101] (11.147.102.84.rev.sfr.net [84.102.147.11]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ssl.polytechnique.org (Postfix) with ESMTPSA id 81FA0140000B3; Mon, 13 Jan 2014 21:12:46 +0100 (CET) Message-ID: <52D448BD.3000200@m4x.org> Date: Mon, 13 Jan 2014 21:12:45 +0100 From: Nicolas Iooss Organization: M4X User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: =?ISO-8859-1?Q?P=E1draig_Brady?= Subject: Re: bug#16335: Segmentation fault when using cp -a with SELinux and fakeroot References: <52C734EA.9040701@m4x.org> <52C766E9.5020202@draigBrady.com> <52C779EA.2040202@draigBrady.com> <52C7EA36.8020302@m4x.org> <52D3FD25.3020704@draigBrady.com> In-Reply-To: <52D3FD25.3020704@draigBrady.com> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-AV-Checked: ClamAV using ClamSMTP at svoboda.polytechnique.org (Mon Jan 13 21:12:46 2014 +0100 (CET)) X-Spam-Flag: No, tests=bogofilter, spamicity=0.000000, queueID=BFF2A1406E735 X-Org-Mail: nicolas.iooss.2010@polytechnique.org X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 16335 Cc: 16335@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) Le 13/01/2014 15:50, Pádraig Brady a écrit : > I'm going to push the attached very soon, to address this. > > thanks, > Pádraig. > Thanks for setting me as the author of this patch. Nevertheless my name (Iooss) spells with and I (like India) and not L (Lima). Could you fix this? Nicolas From debbugs-submit-bounces@debbugs.gnu.org Mon Jan 13 18:14:31 2014 Received: (at 16335) by debbugs.gnu.org; 13 Jan 2014 23:14:31 +0000 Received: from localhost ([127.0.0.1]:49493 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1W2qiE-0005CR-UV for submit@debbugs.gnu.org; Mon, 13 Jan 2014 18:14:31 -0500 Received: from mail1.vodafone.ie ([213.233.128.43]:43054) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1W2qiC-0005CI-D1 for 16335@debbugs.gnu.org; Mon, 13 Jan 2014 18:14:29 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApMBAPBy1FJtTCfK/2dsb2JhbAANTYNDukqBK4MZAQEBBDIBRhALDQsJFg8JAwIBAgFFBg0BBwEBiAUIqRybfxePBweENwEDnwOOVg Received: from unknown (HELO [192.168.1.79]) ([109.76.39.202]) by mail1.vodafone.ie with ESMTP; 13 Jan 2014 23:14:27 +0000 Message-ID: <52D4734D.4070609@draigBrady.com> Date: Mon, 13 Jan 2014 23:14:21 +0000 From: =?ISO-8859-1?Q?P=E1draig_Brady?= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130110 Thunderbird/17.0.2 MIME-Version: 1.0 To: Nicolas Iooss Subject: Re: bug#16335: Segmentation fault when using cp -a with SELinux and fakeroot References: <52C734EA.9040701@m4x.org> <52C766E9.5020202@draigBrady.com> <52C779EA.2040202@draigBrady.com> <52C7EA36.8020302@m4x.org> <52D3FD25.3020704@draigBrady.com> <52D448BD.3000200@m4x.org> In-Reply-To: <52D448BD.3000200@m4x.org> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 16335 Cc: 16335@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) On 01/13/2014 08:12 PM, Nicolas Iooss wrote: > Le 13/01/2014 15:50, Pádraig Brady a écrit : >> I'm going to push the attached very soon, to address this. >> >> thanks, >> Pádraig. >> > > Thanks for setting me as the author of this patch. Nevertheless my name > (Iooss) spells with and I (like India) and not L (Lima). Could you fix this? Done and pushed. http://git.sv.gnu.org/gitweb/?p=coreutils.git;a=commit;h=d718331e5 thanks again, Pádraig. From debbugs-submit-bounces@debbugs.gnu.org Tue Jan 14 05:54:37 2014 Received: (at 16335) by debbugs.gnu.org; 14 Jan 2014 10:54:37 +0000 Received: from localhost ([127.0.0.1]:49756 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1W31dk-0000bP-D0 for submit@debbugs.gnu.org; Tue, 14 Jan 2014 05:54:36 -0500 Received: from moutng.kundenserver.de ([212.227.17.9]:53629) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1W31dh-0000bB-Ax for 16335@debbugs.gnu.org; Tue, 14 Jan 2014 05:54:34 -0500 Received: from [10.0.2.15] (gw.camline.com [62.153.148.194]) by mrelayeu.kundenserver.de (node=mrbap4) with ESMTP (Nemesis) id 0LlVhP-1VT8K119E7-00bI4O; Tue, 14 Jan 2014 11:54:30 +0100 Message-ID: <52D51760.8070001@bernhard-voelker.de> Date: Tue, 14 Jan 2014 11:54:24 +0100 From: Bernhard Voelker User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: =?ISO-8859-1?Q?P=E1draig_Brady?= Subject: Re: bug#16335: Segmentation fault when using cp -a with SELinux and fakeroot References: <52C734EA.9040701@m4x.org> <52C766E9.5020202@draigBrady.com> <52C779EA.2040202@draigBrady.com> <52C7EA36.8020302@m4x.org> <52D3FD25.3020704@draigBrady.com> <52D3FED0.3020100@draigBrady.com> <52D405EC.3000609@bernhard-voelker.de> <52D41DE2.7060608@draigBrady.com> <52D4480D.8030703@draigBrady.com> In-Reply-To: <52D4480D.8030703@draigBrady.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Provags-ID: V02:K0:8b0LEHSEhWMqUaryYaX0ZmFpw33gRcYk8R2CqcGNi1a EQ1U3OuJ6r9TjdbHfD+iu2/Svwiy7hM1+dsAazogzx3grzVNc9 06nYwIi9DtGQouMKQlKD76F/hmxbENWHR9oE9vJ0owNnGSodHV QeLd7r+OCaRykg0fAK2Z4Oa4n6cMNPfdVlrv4pqVw5H+t7Ne/l ay+zE5JC7S1ms0atJ5r1jR9GGueDYeDYK53Gfh/sw8cgi2SGqc gWXxNTBS3AFcJWgEcDxlzCAL0QIpyVQt7kin5bEz/286UuhR6W cXYoyc1h9ww+eQ8yRjRAsPCLElOb7JLBa9yiqK0TXmZZXC48Ni CMpr66qxxsrE4IH3zZ93XJ1Q6VJkhRusZRvbU51bN X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 16335 Cc: nicolas.iooss@m4x.org, 16335@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) On 01/13/2014 09:09 PM, Pádraig Brady wrote: > Pushing the attached 2 patches in a while. Hi Padraig, thanks, the refactoring into gcc_shared_ is a good idea. But I missed this one: when selinux is not supported, the new no-ctx.sh test is skipped with the wrong and misleading "LD_PRELOAD interception failed" diagnostic: + gcc -std=gnu99 -Wall -shared --std=gnu99 -fPIC -ldl -O2 k.c -o k.so + touch file_src + LD_PRELOAD=./k.so + cp -a file_src file_dst + LD_PRELOAD=./k.so + cp -a file_src file_dst + LD_PRELOAD=./k.so + cp --preserve=context file_src file_dst cp: cannot preserve security context without an SELinux-enabled kernel + test -e preloaded + skip_ 'LD_PRELOAD interception failed' + warn_ 'no-ctx.sh: skipped test: LD_PRELOAD interception failed' + case $IFS in + printf '%s\n' 'no-ctx.sh: skipped test: LD_PRELOAD interception failed' no-ctx.sh: skipped test: LD_PRELOAD interception failed + test 9 = 2 + printf '%s\n' 'no-ctx.sh: skipped test: LD_PRELOAD interception failed' + sed 1q + Exit 77 I've no time now to analyze further, unfortunately. Have a nice day, Berny From debbugs-submit-bounces@debbugs.gnu.org Tue Jan 14 06:35:20 2014 Received: (at 16335) by debbugs.gnu.org; 14 Jan 2014 11:35:20 +0000 Received: from localhost ([127.0.0.1]:49772 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1W32H9-0001mx-Di for submit@debbugs.gnu.org; Tue, 14 Jan 2014 06:35:19 -0500 Received: from mail6.vodafone.ie ([213.233.128.184]:42578) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1W32H6-0001mj-1B for 16335@debbugs.gnu.org; Tue, 14 Jan 2014 06:35:17 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApMBAMgf1VJtTnzz/2dsb2JhbAANTYNDuyiBKIMZAQEBBDIBRhALDQEGBAklD0gGDQEFAgEBiAWpPpt1F48HB4Q3AQOZToU8jlY Received: from unknown (HELO [192.168.1.79]) ([109.78.124.243]) by mail3.vodafone.ie with ESMTP; 14 Jan 2014 11:35:14 +0000 Message-ID: <52D520F1.4@draigBrady.com> Date: Tue, 14 Jan 2014 11:35:13 +0000 From: =?ISO-8859-1?Q?P=E1draig_Brady?= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130110 Thunderbird/17.0.2 MIME-Version: 1.0 To: Bernhard Voelker Subject: Re: bug#16335: Segmentation fault when using cp -a with SELinux and fakeroot References: <52C734EA.9040701@m4x.org> <52C766E9.5020202@draigBrady.com> <52C779EA.2040202@draigBrady.com> <52C7EA36.8020302@m4x.org> <52D3FD25.3020704@draigBrady.com> <52D3FED0.3020100@draigBrady.com> <52D405EC.3000609@bernhard-voelker.de> <52D41DE2.7060608@draigBrady.com> <52D4480D.8030703@draigBrady.com> <52D51760.8070001@bernhard-voelker.de> In-Reply-To: <52D51760.8070001@bernhard-voelker.de> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 16335 Cc: nicolas.iooss@m4x.org, 16335@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) On 01/14/2014 10:54 AM, Bernhard Voelker wrote: > On 01/13/2014 09:09 PM, Pádraig Brady wrote: >> Pushing the attached 2 patches in a while. > > Hi Padraig, > > thanks, the refactoring into gcc_shared_ is a good idea. > > But I missed this one: > when selinux is not supported, the new no-ctx.sh test is skipped > with the wrong and misleading "LD_PRELOAD interception failed" diagnostic: > + test -e preloaded > + skip_ 'LD_PRELOAD interception failed' Oh right. I think this should restrict the test appropriately... commit 3620df245a2211dc441e019845f98b91333bda77 Author: Pádraig Brady Date: Tue Jan 14 11:30:51 2014 +0000 tests: restrict a recent SELinux test to SELinux systems * tests/cp/no-ctx.sh: Since the test diagnoses whether the intercepted lgetfilecon() calls are actually called or not, restrict the test to systems where that occurs. The test cases are minimal on non SELinux systems and should be well covered by other tests. Reported-by: Bernhard Voelker diff --git a/tests/cp/no-ctx.sh b/tests/cp/no-ctx.sh index 3b5eb82..6851785 100755 --- a/tests/cp/no-ctx.sh +++ b/tests/cp/no-ctx.sh @@ -22,6 +22,7 @@ . "${srcdir=.}/tests/init.sh"; path_prepend_ ./src print_ver_ cp require_gcc_shared_ +requires_selinux_ # Replace each getfilecon and lgetfilecon call with a call to these stubs. cat > k.c <<'EOF' || framework_failure_ From debbugs-submit-bounces@debbugs.gnu.org Tue Jan 14 07:38:35 2014 Received: (at 16335) by debbugs.gnu.org; 14 Jan 2014 12:38:35 +0000 Received: from localhost ([127.0.0.1]:49791 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1W33GN-0004hX-1D for submit@debbugs.gnu.org; Tue, 14 Jan 2014 07:38:35 -0500 Received: from moutng.kundenserver.de ([212.227.126.187]:59072) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1W33GK-0004hN-8J for 16335@debbugs.gnu.org; Tue, 14 Jan 2014 07:38:33 -0500 Received: from [10.0.2.15] (gw.camline.com [62.153.148.194]) by mrelayeu.kundenserver.de (node=mrbap3) with ESMTP (Nemesis) id 0MMnSJ-1W01nP31wd-008Fch; Tue, 14 Jan 2014 13:38:29 +0100 Message-ID: <52D52FC3.4030304@bernhard-voelker.de> Date: Tue, 14 Jan 2014 13:38:27 +0100 From: Bernhard Voelker User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: =?ISO-8859-1?Q?P=E1draig_Brady?= Subject: Re: bug#16335: Segmentation fault when using cp -a with SELinux and fakeroot References: <52C734EA.9040701@m4x.org> <52C766E9.5020202@draigBrady.com> <52C779EA.2040202@draigBrady.com> <52C7EA36.8020302@m4x.org> <52D3FD25.3020704@draigBrady.com> <52D3FED0.3020100@draigBrady.com> <52D405EC.3000609@bernhard-voelker.de> <52D41DE2.7060608@draigBrady.com> <52D4480D.8030703@draigBrady.com> <52D51760.8070001@bernhard-voelker.de> <52D520F1.4@draigBrady.com> In-Reply-To: <52D520F1.4@draigBrady.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Provags-ID: V02:K0:M2LLj8wmZTn+bJEXYB6N9K9cTR1uiAHQMFesdYJedOR b+gRru7dLv6rl/khsIl+EpbqKGW9Tbj7eRJb6EyLz/iPe0vNQy WUNJdcCg7AyDVnoull7zPqw6h4UM9GyREp4HAsXAM2Rwgxp3MM ohUKRQrydO6p1MImBQZ0opnwmuwq+7rrxFTq2bEBf1Ca1Jw04p z6yDuSFWn7I7LQJZr1xcUUIKrZSc7F0qyrANFQ+pUmNYst0khp T+bpsKQOlGwdYFQwiDUdNCISEKa+DpJdIhztNlPOXBHs0LzUuF k++qClZBUxlMSGTc7NWW75oUla7p4TqQemNPJkB1vqq/Hy7dFG HlAxgWpJNAGe1uQRLsZCHni+WMykSCV3zuBiK9Hrv X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 16335 Cc: nicolas.iooss@m4x.org, 16335@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) On 01/14/2014 12:35 PM, Pádraig Brady wrote: > On 01/14/2014 10:54 AM, Bernhard Voelker wrote: >> + test -e preloaded >> + skip_ 'LD_PRELOAD interception failed' > > Oh right. I think this should restrict the test appropriately... > > commit 3620df245a2211dc441e019845f98b91333bda77 > Author: Pádraig Brady > Date: Tue Jan 14 11:30:51 2014 +0000 > > tests: restrict a recent SELinux test to SELinux systems > > * tests/cp/no-ctx.sh: Since the test diagnoses whether the > intercepted lgetfilecon() calls are actually called or not, The witness file is only created for getfilecon() - not for lgetfilecon(). > restrict the test to systems where that occurs. > The test cases are minimal on non SELinux systems and should > be well covered by other tests. > Reported-by: Bernhard Voelker > > diff --git a/tests/cp/no-ctx.sh b/tests/cp/no-ctx.sh > index 3b5eb82..6851785 100755 > --- a/tests/cp/no-ctx.sh > +++ b/tests/cp/no-ctx.sh > @@ -22,6 +22,7 @@ > . "${srcdir=.}/tests/init.sh"; path_prepend_ ./src > print_ver_ cp > require_gcc_shared_ > +requires_selinux_ > > # Replace each getfilecon and lgetfilecon call with a call to these stubs. > cat > k.c <<'EOF' || framework_failure_ I'm a bit biased about this patch. Okay, it's perfectly valid to skip the test if the system doesn't support SELinux, but OTOH it may be quite valuable to verify the exit codes like that on non-SELinux systems, i.e., based on stderr of the last cp call, the "preloaded" file must exist or not. The test could verify that. WDYT? Thanks & have a nice day, Berny From debbugs-submit-bounces@debbugs.gnu.org Tue Jan 14 08:55:33 2014 Received: (at 16335) by debbugs.gnu.org; 14 Jan 2014 13:55:33 +0000 Received: from localhost ([127.0.0.1]:49838 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1W34Sp-0006tg-OZ for submit@debbugs.gnu.org; Tue, 14 Jan 2014 08:55:32 -0500 Received: from mail6.vodafone.ie ([213.233.128.184]:23672) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1W34Si-0006tS-MF for 16335@debbugs.gnu.org; Tue, 14 Jan 2014 08:55:26 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApMBALZA1VJtTnzz/2dsb2JhbAANTYNDuy2BKYMZAQEBAwEyAUYFCwsNAQYECSUPAkYGDQEFAgEBh3gNqEGbeBePBweENwSZToU8jlY Received: from unknown (HELO [192.168.1.79]) ([109.78.124.243]) by mail3.vodafone.ie with ESMTP; 14 Jan 2014 13:55:23 +0000 Message-ID: <52D541CA.30904@draigBrady.com> Date: Tue, 14 Jan 2014 13:55:22 +0000 From: =?ISO-8859-1?Q?P=E1draig_Brady?= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130110 Thunderbird/17.0.2 MIME-Version: 1.0 To: Bernhard Voelker Subject: Re: bug#16335: Segmentation fault when using cp -a with SELinux and fakeroot References: <52C734EA.9040701@m4x.org> <52C766E9.5020202@draigBrady.com> <52C779EA.2040202@draigBrady.com> <52C7EA36.8020302@m4x.org> <52D3FD25.3020704@draigBrady.com> <52D3FED0.3020100@draigBrady.com> <52D405EC.3000609@bernhard-voelker.de> <52D41DE2.7060608@draigBrady.com> <52D4480D.8030703@draigBrady.com> <52D51760.8070001@bernhard-voelker.de> <52D520F1.4@draigBrady.com> <52D52FC3.4030304@bernhard-voelker.de> In-Reply-To: <52D52FC3.4030304@bernhard-voelker.de> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 16335 Cc: nicolas.iooss@m4x.org, 16335@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) On 01/14/2014 12:38 PM, Bernhard Voelker wrote: > On 01/14/2014 12:35 PM, Pádraig Brady wrote: >> On 01/14/2014 10:54 AM, Bernhard Voelker wrote: >>> + test -e preloaded >>> + skip_ 'LD_PRELOAD interception failed' >> >> Oh right. I think this should restrict the test appropriately... >> >> commit 3620df245a2211dc441e019845f98b91333bda77 >> Author: Pádraig Brady >> Date: Tue Jan 14 11:30:51 2014 +0000 >> >> tests: restrict a recent SELinux test to SELinux systems >> >> * tests/cp/no-ctx.sh: Since the test diagnoses whether the >> intercepted lgetfilecon() calls are actually called or not, > > The witness file is only created for getfilecon() - not for > lgetfilecon(). In the wrapper, lgetfilecon() calls getfilecon() ? >> restrict the test to systems where that occurs. >> The test cases are minimal on non SELinux systems and should >> be well covered by other tests. >> Reported-by: Bernhard Voelker >> >> diff --git a/tests/cp/no-ctx.sh b/tests/cp/no-ctx.sh >> index 3b5eb82..6851785 100755 >> --- a/tests/cp/no-ctx.sh >> +++ b/tests/cp/no-ctx.sh >> @@ -22,6 +22,7 @@ >> . "${srcdir=.}/tests/init.sh"; path_prepend_ ./src >> print_ver_ cp >> require_gcc_shared_ >> +requires_selinux_ BTW that should be require_selinux_ It's dangerous that we don't diagnose such typos. I wonder would it be appropriate to have a test_require_() wrapper that would catch such things, and be called like: test_require_ gcc_shared selinux >> # Replace each getfilecon and lgetfilecon call with a call to these stubs. >> cat > k.c <<'EOF' || framework_failure_ > > I'm a bit biased about this patch. Okay, it's perfectly valid to > skip the test if the system doesn't support SELinux, but OTOH it may > be quite valuable to verify the exit codes like that on non-SELinux > systems, Well I did state that "The test cases are minimal on non SELinux systems and should be well covered by other tests"... > i.e., based on stderr of the last cp call, the "preloaded" > file must exist or not. The test could verify that. WDYT? ...and if the last cp fails it could be due to the wrapper running, or SELinux not being supported. We'd need something else to distinguish here, and require_selinux_ is the best I can think of at present. I suppose an alternative would be to refactor require_selinux_ to a function that just determines if it's available and do: test -e preloaded || { have_selinux_ && framework_failure_ 'LD_PRELOAD interception failed'; } thanks, Pádraig. From debbugs-submit-bounces@debbugs.gnu.org Tue Jan 14 11:36:21 2014 Received: (at 16335) by debbugs.gnu.org; 14 Jan 2014 16:36:21 +0000 Received: from localhost ([127.0.0.1]:50502 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1W36yS-0003IP-Oo for submit@debbugs.gnu.org; Tue, 14 Jan 2014 11:36:21 -0500 Received: from moutng.kundenserver.de ([212.227.126.171]:56287) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1W36yP-0003IB-3C for 16335@debbugs.gnu.org; Tue, 14 Jan 2014 11:36:18 -0500 Received: from [10.0.2.15] (gw.camline.com [62.153.148.194]) by mrelayeu.kundenserver.de (node=mrbap2) with ESMTP (Nemesis) id 0MfSEV-1VjXc406cF-00Owyl; Tue, 14 Jan 2014 17:36:15 +0100 Message-ID: <52D5677E.5080202@bernhard-voelker.de> Date: Tue, 14 Jan 2014 17:36:14 +0100 From: Bernhard Voelker User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: =?ISO-8859-1?Q?P=E1draig_Brady?= Subject: Re: bug#16335: Segmentation fault when using cp -a with SELinux and fakeroot References: <52C734EA.9040701@m4x.org> <52C766E9.5020202@draigBrady.com> <52C779EA.2040202@draigBrady.com> <52C7EA36.8020302@m4x.org> <52D3FD25.3020704@draigBrady.com> <52D3FED0.3020100@draigBrady.com> <52D405EC.3000609@bernhard-voelker.de> <52D41DE2.7060608@draigBrady.com> <52D4480D.8030703@draigBrady.com> <52D51760.8070001@bernhard-voelker.de> <52D520F1.4@draigBrady.com> <52D52FC3.4030304@bernhard-voelker.de> <52D541CA.30904@draigBrady.com> In-Reply-To: <52D541CA.30904@draigBrady.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Provags-ID: V02:K0:1S/XrrAbAT86GzUA0fdR8aFVZmoBBHvRLEH3dloX2dK oZTVqO5S0FDU8RekJFzEyJHReJ8zkQPGHQfy3NzG4AbdNZAZF7 0nXyRQHEbPVWPCKaWcODZp2Ato/Uaz9o8PPDtNXNH54FKlud7b g2UovdzK1VkYkuZjYDuWwZb4SN0r96LNKoRcTnAgpka7H3OMVn aFigGa/3X3PiPlxniS9o/XLxRy8cBRLj40iwQruS8DpKOnQGCw ntwfTl3QKFvRP7xkAsWrzbWjnjUqDK69BsVOHDkUtu6POKw1oL DeCEpUyIWVR9bHYbnyLfRCVQ3nYgP/Bs9W9tlxMzXrx+GJ31Wq 4c87Hosv+u8pbBetHWX0a2BvXp7YLTgo1jvn8PRSq X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 16335 Cc: nicolas.iooss@m4x.org, 16335@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) On 01/14/2014 02:55 PM, Pádraig Brady wrote: > On 01/14/2014 12:38 PM, Bernhard Voelker wrote: >>> * tests/cp/no-ctx.sh: Since the test diagnoses whether the >>> intercepted lgetfilecon() calls are actually called or not, >> >> The witness file is only created for getfilecon() - not for >> lgetfilecon(). > > In the wrapper, lgetfilecon() calls getfilecon() ? Ah, sure. I missed that, sorry. >>> diff --git a/tests/cp/no-ctx.sh b/tests/cp/no-ctx.sh >>> index 3b5eb82..6851785 100755 >>> --- a/tests/cp/no-ctx.sh >>> +++ b/tests/cp/no-ctx.sh >>> @@ -22,6 +22,7 @@ >>> . "${srcdir=.}/tests/init.sh"; path_prepend_ ./src >>> print_ver_ cp >>> require_gcc_shared_ >>> +requires_selinux_ > > BTW that should be require_selinux_ > It's dangerous that we don't diagnose such typos. > I wonder would it be appropriate to have a test_require_() > wrapper that would catch such things, and be called like: > test_require_ gcc_shared selinux Hmm, but that would imply the same problem - if someone misspells "test_require_" ... for which we could maybe add a syntax-check rule. I'm not sure if it's worth the effort - when adding/changing a test, we have to look into the .log file anyway. >>> # Replace each getfilecon and lgetfilecon call with a call to these stubs. >>> cat > k.c <<'EOF' || framework_failure_ >> >> I'm a bit biased about this patch. Okay, it's perfectly valid to >> skip the test if the system doesn't support SELinux, but OTOH it may >> be quite valuable to verify the exit codes like that on non-SELinux >> systems, > > Well I did state that "The test cases are minimal on non SELinux systems > and should be well covered by other tests"... okay, I'm fine with that. >> i.e., based on stderr of the last cp call, the "preloaded" >> file must exist or not. The test could verify that. WDYT? > > ...and if the last cp fails it could be due to the wrapper running, > or SELinux not being supported. We'd need something else to > distinguish here, and require_selinux_ is the best I can think of > at present. > > I suppose an alternative would be to refactor require_selinux_ > to a function that just determines if it's available and do: > > test -e preloaded || > { have_selinux_ && framework_failure_ 'LD_PRELOAD interception failed'; } I think we should keep it as simple as possible, therefore I'd now favor your initial version of the patch (with the typo corrected). Thanks & have a nice day, Berny From unknown Mon Jun 23 18:27:26 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Wed, 12 Feb 2014 12:24:03 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator