GNU bug report logs -
#20616
mkdir: -p breaks -Z
Previous Next
Reported by: Hannes Reich <hannes <at> skynet.ie>
Date: Wed, 20 May 2015 15:30:06 UTC
Severity: normal
Done: Pádraig Brady <P <at> draigBrady.com>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 20616 in the body.
You can then email your comments to 20616 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-coreutils <at> gnu.org:
bug#20616; Package
coreutils.
(Wed, 20 May 2015 15:30:07 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Hannes Reich <hannes <at> skynet.ie>:
New bug report received and forwarded. Copy sent to
bug-coreutils <at> gnu.org.
(Wed, 20 May 2015 15:30:08 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
The "-Z" (set SELinux context) option to mkdir appears to have no effect
when "-p" (no error if existing, create parents) is also specified.
For example, on my CentOS 7 system, the correct context for
subdirectories of "/home" is "user_home_dir_t", but when I create such a
directory with "mkdir -p -Z", it has the "home_root_t" context:
# rm -rf /home/with-p
# mkdir -p -Z /home/with-p
# ls -Zd /home/with-p
drwxr-xr-x. root root unconfined_u:object_r:home_root_t:s0 /home/with-p
#
That's wrong. Running restorecon(1) fixes it:
# restorecon -v /home/with-p
restorecon reset /home/with-p context
unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:user_home_dir_t:s0
#
Without the "-p" option, "-Z" works as expected:
# mkdir -Z /home/without-p
# ls -Zd /home/without-p
drwxr-xr-x. root root unconfined_u:object_r:user_home_dir_t:s0
/home/without-p
# restorecon -v /home/without-p
#
The coreutils version in CentOS 7 is 8.22.
coreutils-8.23 compiled from source has the same behaviour.
Information forwarded
to
bug-coreutils <at> gnu.org:
bug#20616; Package
coreutils.
(Thu, 21 May 2015 10:11:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 20616 <at> debbugs.gnu.org (full text, mbox):
On 20/05/15 13:03, Hannes Reich wrote:
> The "-Z" (set SELinux context) option to mkdir appears to have no effect
> when "-p" (no error if existing, create parents) is also specified.
>
> For example, on my CentOS 7 system, the correct context for
> subdirectories of "/home" is "user_home_dir_t", but when I create such a
> directory with "mkdir -p -Z", it has the "home_root_t" context:
>
> # rm -rf /home/with-p
> # mkdir -p -Z /home/with-p
> # ls -Zd /home/with-p
> drwxr-xr-x. root root unconfined_u:object_r:home_root_t:s0 /home/with-p
> #
>
> That's wrong. Running restorecon(1) fixes it:
>
> # restorecon -v /home/with-p
> restorecon reset /home/with-p context
> unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:user_home_dir_t:s0
> #
>
> Without the "-p" option, "-Z" works as expected:
>
> # mkdir -Z /home/without-p
> # ls -Zd /home/without-p
> drwxr-xr-x. root root unconfined_u:object_r:user_home_dir_t:s0
> /home/without-p
> # restorecon -v /home/without-p
> #
>
> The coreutils version in CentOS 7 is 8.22.
>
> coreutils-8.23 compiled from source has the same behaviour.
I see the issue. I had assumed that defaultcon() for the
ancestors was not called if they existed. That can't be
done without races, so we must call restorecon for the final
component, even if only creating a single dir.
Alternatively you could temp disable o->set_security_context around
make_dir_parents(), but that would be subject to TOCTOU races.
I'll apply something like the following.
thanks!
Pádraig.
diff --git a/src/mkdir.c b/src/mkdir.c
index 404a04a..ff51ae1 100644
--- a/src/mkdir.c
+++ b/src/mkdir.c
@@ -151,23 +151,11 @@ static int
process_dir (char *dir, struct savewd *wd, void *options)
{
struct mkdir_options const *o = options;
- bool set_defaultcon = false;
/* If possible set context before DIR created. */
if (o->set_security_context)
{
- if (! o->make_ancestor_function)
- set_defaultcon = true;
- else
- {
- char *pdir = dir_name (dir);
- struct stat st;
- if (STREQ (pdir, ".")
- || (stat (pdir, &st) == 0 && S_ISDIR (st.st_mode)))
- set_defaultcon = true;
- free (pdir);
- }
- if (set_defaultcon && defaultcon (dir, S_IFDIR) < 0
+ if (! o->make_ancestor_function && defaultcon (dir, S_IFDIR) < 0
&& ! ignorable_ctx_err (errno))
error (0, errno, _("failed to set default creation context for %s"),
quote (dir));
@@ -184,7 +172,8 @@ process_dir (char *dir, struct savewd *wd, void *options)
final component of DIR is created. So for now, create the
final component with the context from previous component
and here we set the context for the final component. */
- if (ret == EXIT_SUCCESS && o->set_security_context && ! set_defaultcon)
+ if (ret == EXIT_SUCCESS && o->set_security_context
+ && o->make_ancestor_function)
{
if (! restorecon (last_component (dir), false, false)
&& ! ignorable_ctx_err (errno))
Reply sent
to
Pádraig Brady <P <at> draigBrady.com>:
You have taken responsibility.
(Sat, 23 May 2015 01:08:01 GMT)
Full text and
rfc822 format available.
Notification sent
to
Hannes Reich <hannes <at> skynet.ie>:
bug acknowledged by developer.
(Sat, 23 May 2015 01:08:02 GMT)
Full text and
rfc822 format available.
Message #13 received at 20616-done <at> debbugs.gnu.org (full text, mbox):
Fix pushed at:
http://git.sv.gnu.org/gitweb/?p=coreutils.git;a=commitdiff;h=4ce7488
cheers,
Pádraig.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Sat, 20 Jun 2015 11:24:05 GMT)
Full text and
rfc822 format available.
This bug report was last modified 10 years and 80 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.