From unknown Tue Aug 19 02:59:21 2025 X-Loop: help-debbugs@gnu.org Subject: bug#5940: [PATCH] cp: treat selinux warnings consistently Resent-From: =?UTF-8?Q?P=C3=A1draig?= Brady Original-Sender: debbugs-submit-bounces@debbugs.gnu.org Resent-To: owner@debbugs.gnu.org Resent-CC: bug-coreutils@gnu.org Resent-Date: Tue, 13 Apr 2010 12:16:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 5940 X-GNU-PR-Package: coreutils X-GNU-PR-Keywords: patch To: 5940@debbugs.gnu.org Cc: =?UTF-8?Q?Ond=C5=99ej_?= =?UTF-8?Q?Va=C5=A1=C3=ADk?= X-Debbugs-Original-To: Report bugs to Received: via spool by submit@debbugs.gnu.org id=B.127116092210935 (code B ref -1); Tue, 13 Apr 2010 12:16:02 +0000 Received: (at submit) by debbugs.gnu.org; 13 Apr 2010 12:15:22 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1O1f1U-0002qK-8P for submit@debbugs.gnu.org; Tue, 13 Apr 2010 08:15:22 -0400 Received: from mx10.gnu.org ([199.232.76.166]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1O1f1S-0002qD-Ah for submit@debbugs.gnu.org; Tue, 13 Apr 2010 08:15:19 -0400 Received: from lists.gnu.org ([199.232.76.165]:40304) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1O1f1N-0000ZC-9R for submit@debbugs.gnu.org; Tue, 13 Apr 2010 08:15:13 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1O1f1M-0000Zh-P7 for bug-coreutils@gnu.org; Tue, 13 Apr 2010 08:15:12 -0400 Received: from [140.186.70.92] (port=43893 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1O1f1J-0000YS-Qu for bug-coreutils@gnu.org; Tue, 13 Apr 2010 08:15:12 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.0 (2010-01-18) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=unavailable version=3.3.0 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69) (envelope-from ) id 1O1f1H-0008C8-Jx for bug-coreutils@gnu.org; Tue, 13 Apr 2010 08:15:09 -0400 Received: from mail1.slb.deg.dub.stisp.net ([84.203.253.98]:11854) by eggs.gnu.org with smtp (Exim 4.69) (envelope-from ) id 1O1f1H-0008Bw-1q for bug-coreutils@gnu.org; Tue, 13 Apr 2010 08:15:07 -0400 Received: (qmail 57272 invoked from network); 13 Apr 2010 12:15:05 -0000 Received: from unknown (HELO ?192.168.2.25?) (84.203.137.218) by mail1.slb.deg.dub.stisp.net with SMTP; 13 Apr 2010 12:15:05 -0000 Message-ID: <4BC4602C.1020507@draigBrady.com> Date: Tue, 13 Apr 2010 13:14:36 +0100 From: =?UTF-8?Q?P=C3=A1draig?= Brady User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.8) Gecko/20100227 Thunderbird/3.0.3 MIME-Version: 1.0 References: <4BACA045.3070906@draigBrady.com> <4BBFBDD0.3030309@draigBrady.com> <871vemt8iu.fsf@meyering.net> <4BC1E825.6060401@draigBrady.com> <874ojirnxo.fsf@meyering.net> <4BC1F15D.608@draigBrady.com> <87mxx9rgcl.fsf@meyering.net> <4BC2FF17.401@draigBrady.com> <87y6gsoqwz.fsf@meyering.net> In-Reply-To: <87y6gsoqwz.fsf@meyering.net> X-Enigmail-Version: 1.0.1 Content-Type: multipart/mixed; boundary="------------080902050901090103080403" X-detected-operating-system: by eggs.gnu.org: FreeBSD 4.6-4.9 X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6, seldom 2.4 (older, 4) X-Spam-Score: -4.3 (----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -5.6 (-----) This is a multi-part message in MIME format. --------------080902050901090103080403 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit I noticed some inconsistencies in how ENOTSUP errors were handled by cp. $ dd bs=1M count=10 if=/dev/zero of=t.vfat $ mkfs.vfat t.vfat $ mkdir m.vfat $ sudo mount -o loop t.vfat m.vfat $ ./src/cp --preserve=all a m.vfat/ ./src/cp: setting attribute `user.foo' for `user.foo': Permission denied ./src/cp: setting attribute `user.foo2' for `user.foo2': Permission denied ./src/cp: setting attribute `security.capability' for `security.capability': Operation not permitted ./src/cp: preserving permissions for `m.vfat/a': Operation not supported $ sudo ./src/cp --preserve=all a m.vfat/a ./src/cp: failed to set the security context of `m.vfat/a' to `system_u:object_r:user_home_t:s0': Operation not supported ./src/cp: failed to preserve ownership for `m.vfat/a': Operation not permitted Notice how one gets "Operation not supported" when the target exists. The attached should fix it up. cheers, Pádraig. --------------080902050901090103080403 Content-Type: text/x-patch; name="cp-enotsup-existing.diff" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="cp-enotsup-existing.diff" >From 584e38d8b3199924ce24f9fa075d27d0d82a2a8b Mon Sep 17 00:00:00 2001 From: =?utf-8?q?P=C3=A1draig=20Brady?= Date: Tue, 13 Apr 2010 12:49:05 +0100 Subject: [PATCH] cp: treat selinux warnings consistently * src/copy.c (copy_reg): Suppress SELinux ENOTSUP warnings consistently between the destination being present or not. Previously we did not suppress ENOTSUP messages when the destination was present. (copy_internal): Use the same ENOTSUP supression method as copy_reg() even though the issue was not seen in this case. * tests/cp/cp-a-selinux: Add a test case for the issue and group the other test cases in the file more coherently. * tests/cp/cp-mv-enotsup-xattr: Do the same check for xattr warnings, even though they did not have the issue. --- src/copy.c | 23 ++++++++++-------- tests/cp/cp-a-selinux | 51 ++++++++++++++++++++++++----------------- tests/cp/cp-mv-enotsup-xattr | 7 +++++- 3 files changed, 49 insertions(+), 32 deletions(-) diff --git a/src/copy.c b/src/copy.c index 3c32fa3..0fa148e 100644 --- a/src/copy.c +++ b/src/copy.c @@ -531,7 +531,8 @@ copy_reg (char const *src_name, char const *dst_name, security_context_t con = NULL; if (getfscreatecon (&con) < 0) { - if (!x->reduce_diagnostics || x->require_preserve_context) + if (x->require_preserve_context || + (!x->reduce_diagnostics && !errno_unsupported (errno))) error (0, errno, _("failed to get file system create context")); if (x->require_preserve_context) { @@ -544,7 +545,8 @@ copy_reg (char const *src_name, char const *dst_name, { if (fsetfilecon (dest_desc, con) < 0) { - if (!x->reduce_diagnostics || x->require_preserve_context) + if (x->require_preserve_context || + (!x->reduce_diagnostics && !errno_unsupported (errno))) error (0, errno, _("failed to set the security context of %s to %s"), quote_n (0, dst_name), quote_n (1, con)); @@ -1825,7 +1827,8 @@ copy_internal (char const *src_name, char const *dst_name, { if (setfscreatecon (con) < 0) { - if (!x->reduce_diagnostics || x->require_preserve_context) + if (x->require_preserve_context || + (!x->reduce_diagnostics && !errno_unsupported (errno))) error (0, errno, _("failed to set default file creation context to %s"), quote (con)); @@ -1839,15 +1842,15 @@ copy_internal (char const *src_name, char const *dst_name, } else { - if (!errno_unsupported (errno) || x->require_preserve_context) + if (x->require_preserve_context || + (!x->reduce_diagnostics && !errno_unsupported (errno))) { - if (!x->reduce_diagnostics || x->require_preserve_context) - error (0, errno, - _("failed to get security context of %s"), - quote (src_name)); - if (x->require_preserve_context) - return false; + error (0, errno, + _("failed to get security context of %s"), + quote (src_name)); } + if (x->require_preserve_context) + return false; } } diff --git a/tests/cp/cp-a-selinux b/tests/cp/cp-a-selinux index 770dcc4..b65070a 100755 --- a/tests/cp/cp-a-selinux +++ b/tests/cp/cp-a-selinux @@ -60,51 +60,60 @@ test $skip = 1 \ cd mnt || framework_failure echo > f || framework_failure -echo > g || framework_failure - +echo > g || framework_failure # /bin/cp from coreutils-6.7-3.fc7 would fail this test by letting cp # succeed (giving no diagnostics), yet leaving the destination file empty. cp -a f g 2>err || fail=1 test -s g || fail=1 # The destination file must not be empty. test -s err && fail=1 # There must be no stderr output. -rm -f g err +# ===================================================== +# Here, we expect cp to succeed and not warn with "Operation not supported" +rm -f g echo > g +cp --preserve=all f g 2>err || fail=1 +test -s g || fail=1 +grep "Operation not supported" err && fail=1 # ===================================================== +# The same as above except destination does not exist +rm -f g +cp --preserve=all f g 2>err || fail=1 +test -s g || fail=1 +grep "Operation not supported" err && fail=1 + +# An alternative to the following approach would be to run in a confined +# domain (maybe creating/loading it) that lacks the required permissions +# to the file type. +# Note: this test could also be run by a regular (non-root) user in an +# NFS mounted directory. When doing that, I get this diagnostic: +# cp: failed to set the security context of `g' to `system_u:object_r:nfs_t': \ +# Operation not supported +cat <<\EOF > exp || framework_failure=1 +cp: failed to set the security context of +EOF + +rm -f g +echo > g +# ===================================================== # Here, we expect cp to fail, because it cannot set the SELinux # security context through NFS or a mount with fixed context. cp --preserve=context f g 2> out && fail=1 - # Here, we *do* expect the destination to be empty. test -s g && fail=1 +sed "s/ .g' to .*//" out > k +mv k out +compare out exp || fail=1 rm -f g echo > g # Check if -a option doesn't silence --preserve=context option diagnostics cp -a --preserve=context f g 2> out2 && fail=1 - # Here, we *do* expect the destination to be empty. test -s g && fail=1 - -# An alternative to the current approach would be to run in a confined -# domain (maybe creating/loading it) that lacks the required permissions -# to the file type. -# Note: this test could also be run by a regular (non-root) user in an -# NFS mounted directory. When doing that, I get this diagnostic: -# cp: failed to set the security context of `g' to `system_u:object_r:nfs_t': \ -# Operation not supported -sed "s/ .g' to .*//" out > k -mv k out sed "s/ .g' to .*//" out2 > k mv k out2 - -cat <<\EOF > exp || fail=1 -cp: failed to set the security context of -EOF - -compare out exp || fail=1 compare out2 exp || fail=1 Exit $fail diff --git a/tests/cp/cp-mv-enotsup-xattr b/tests/cp/cp-mv-enotsup-xattr index 0239abb..7e7b645 100755 --- a/tests/cp/cp-mv-enotsup-xattr +++ b/tests/cp/cp-mv-enotsup-xattr @@ -77,7 +77,12 @@ test -s err && fail=1 # there must be no stderr output rm -f err noxattr/a -# This should pass without diagnostics +# This should pass without diagnostics (new file) +cp --preserve=all xattr/a noxattr/ 2>err || fail=1 +test -s noxattr/a || fail=1 # destination file must not be empty +test -s err && fail=1 # there must be no stderr output + +# This should pass without diagnostics (existing file) cp --preserve=all xattr/a noxattr/ 2>err || fail=1 test -s noxattr/a || fail=1 # destination file must not be empty test -s err && fail=1 # there must be no stderr output -- 1.6.2.5 --------------080902050901090103080403-- From unknown Tue Aug 19 02:59:21 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.427 (Entity 5.427) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: =?UTF-8?Q?P=C3=A1draig?= Brady Subject: bug#5940 closed by =?UTF-8?Q?P=C3=A1draig?= Brady (Re: bug#5940: [PATCH] cp: treat selinux warnings consistently) Message-ID: References: <4BC5052E.2080308@draigBrady.com> <4BC4602C.1020507@draigBrady.com> X-Gnu-PR-Message: they-closed 5940 X-Gnu-PR-Package: coreutils X-Gnu-PR-Keywords: patch Reply-To: 5940@debbugs.gnu.org Date: Wed, 14 Apr 2010 00:00:04 +0000 Content-Type: multipart/mixed; boundary="----------=_1271203204-2671-1" This is a multi-part message in MIME format... ------------=_1271203204-2671-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" This is an automatic notification regarding your bug report which was filed against the coreutils package: #5940: [PATCH] cp: treat selinux warnings consistently It has been closed by P=C3=A1draig Brady . Their explanation is attached below along with your original report. If this explanation is unsatisfactory and you have not received a better one in a separate message then please contact P=C3=A1draig Brady by replying to this email. --=20 5940: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D5940 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1271203204-2671-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 5940-done) by debbugs.gnu.org; 13 Apr 2010 23:59:17 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1O1q0i-0000gd-Uw for submit@debbugs.gnu.org; Tue, 13 Apr 2010 19:59:17 -0400 Received: from mail1.slb.deg.dub.stisp.net ([84.203.253.98]) by debbugs.gnu.org with smtp (Exim 4.69) (envelope-from ) id 1O1q0g-0000gS-Jh for 5940-done@debbugs.gnu.org; Tue, 13 Apr 2010 19:59:15 -0400 Received: (qmail 16655 invoked from network); 13 Apr 2010 23:59:09 -0000 Received: from unknown (HELO ?192.168.2.25?) (84.203.137.218) by mail1.slb.deg.dub.stisp.net with SMTP; 13 Apr 2010 23:59:09 -0000 Message-ID: <4BC5052E.2080308@draigBrady.com> Date: Wed, 14 Apr 2010 00:58:38 +0100 From: =?UTF-8?B?UMOhZHJhaWcgQnJhZHk=?= User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.8) Gecko/20100227 Thunderbird/3.0.3 MIME-Version: 1.0 To: 5940-done@debbugs.gnu.org Subject: Re: bug#5940: [PATCH] cp: treat selinux warnings consistently References: <4BACA045.3070906@draigBrady.com> <4BBFBDD0.3030309@draigBrady.com> <871vemt8iu.fsf@meyering.net> <4BC1E825.6060401@draigBrady.com> <874ojirnxo.fsf@meyering.net> <4BC1F15D.608@draigBrady.com> <87mxx9rgcl.fsf@meyering.net> <4BC2FF17.401@draigBrady.com> <87y6gsoqwz.fsf@meyering.net> <4BC4602C.1020507@draigBrady.com> In-Reply-To: <4BC4602C.1020507@draigBrady.com> X-Enigmail-Version: 1.0.1 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -3.6 (---) X-Debbugs-Envelope-To: 5940-done X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -3.5 (---) On 13/04/10 13:14, Pádraig Brady wrote: > I noticed some inconsistencies in how ENOTSUP errors were handled by cp. > > The attached should fix it up. I've just pushed this. cheers, Pádraig ------------=_1271203204-2671-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 13 Apr 2010 12:15:22 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1O1f1U-0002qK-8P for submit@debbugs.gnu.org; Tue, 13 Apr 2010 08:15:22 -0400 Received: from mx10.gnu.org ([199.232.76.166]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1O1f1S-0002qD-Ah for submit@debbugs.gnu.org; Tue, 13 Apr 2010 08:15:19 -0400 Received: from lists.gnu.org ([199.232.76.165]:40304) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1O1f1N-0000ZC-9R for submit@debbugs.gnu.org; Tue, 13 Apr 2010 08:15:13 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1O1f1M-0000Zh-P7 for bug-coreutils@gnu.org; Tue, 13 Apr 2010 08:15:12 -0400 Received: from [140.186.70.92] (port=43893 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1O1f1J-0000YS-Qu for bug-coreutils@gnu.org; Tue, 13 Apr 2010 08:15:12 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.0 (2010-01-18) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=unavailable version=3.3.0 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69) (envelope-from ) id 1O1f1H-0008C8-Jx for bug-coreutils@gnu.org; Tue, 13 Apr 2010 08:15:09 -0400 Received: from mail1.slb.deg.dub.stisp.net ([84.203.253.98]:11854) by eggs.gnu.org with smtp (Exim 4.69) (envelope-from ) id 1O1f1H-0008Bw-1q for bug-coreutils@gnu.org; Tue, 13 Apr 2010 08:15:07 -0400 Received: (qmail 57272 invoked from network); 13 Apr 2010 12:15:05 -0000 Received: from unknown (HELO ?192.168.2.25?) (84.203.137.218) by mail1.slb.deg.dub.stisp.net with SMTP; 13 Apr 2010 12:15:05 -0000 Message-ID: <4BC4602C.1020507@draigBrady.com> Date: Tue, 13 Apr 2010 13:14:36 +0100 From: =?UTF-8?B?UMOhZHJhaWcgQnJhZHk=?= User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.8) Gecko/20100227 Thunderbird/3.0.3 MIME-Version: 1.0 To: Report bugs to Subject: [PATCH] cp: treat selinux warnings consistently References: <4BACA045.3070906@draigBrady.com> <4BBFBDD0.3030309@draigBrady.com> <871vemt8iu.fsf@meyering.net> <4BC1E825.6060401@draigBrady.com> <874ojirnxo.fsf@meyering.net> <4BC1F15D.608@draigBrady.com> <87mxx9rgcl.fsf@meyering.net> <4BC2FF17.401@draigBrady.com> <87y6gsoqwz.fsf@meyering.net> In-Reply-To: <87y6gsoqwz.fsf@meyering.net> X-Enigmail-Version: 1.0.1 Content-Type: multipart/mixed; boundary="------------080902050901090103080403" X-detected-operating-system: by eggs.gnu.org: FreeBSD 4.6-4.9 X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6, seldom 2.4 (older, 4) X-Spam-Score: -4.3 (----) X-Debbugs-Envelope-To: submit Cc: =?UTF-8?B?T25kxZllaiBWYcWhw61r?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -5.6 (-----) This is a multi-part message in MIME format. --------------080902050901090103080403 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit I noticed some inconsistencies in how ENOTSUP errors were handled by cp. $ dd bs=1M count=10 if=/dev/zero of=t.vfat $ mkfs.vfat t.vfat $ mkdir m.vfat $ sudo mount -o loop t.vfat m.vfat $ ./src/cp --preserve=all a m.vfat/ ./src/cp: setting attribute `user.foo' for `user.foo': Permission denied ./src/cp: setting attribute `user.foo2' for `user.foo2': Permission denied ./src/cp: setting attribute `security.capability' for `security.capability': Operation not permitted ./src/cp: preserving permissions for `m.vfat/a': Operation not supported $ sudo ./src/cp --preserve=all a m.vfat/a ./src/cp: failed to set the security context of `m.vfat/a' to `system_u:object_r:user_home_t:s0': Operation not supported ./src/cp: failed to preserve ownership for `m.vfat/a': Operation not permitted Notice how one gets "Operation not supported" when the target exists. The attached should fix it up. cheers, Pádraig. --------------080902050901090103080403 Content-Type: text/x-patch; name="cp-enotsup-existing.diff" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="cp-enotsup-existing.diff" >From 584e38d8b3199924ce24f9fa075d27d0d82a2a8b Mon Sep 17 00:00:00 2001 From: =?utf-8?q?P=C3=A1draig=20Brady?= Date: Tue, 13 Apr 2010 12:49:05 +0100 Subject: [PATCH] cp: treat selinux warnings consistently * src/copy.c (copy_reg): Suppress SELinux ENOTSUP warnings consistently between the destination being present or not. Previously we did not suppress ENOTSUP messages when the destination was present. (copy_internal): Use the same ENOTSUP supression method as copy_reg() even though the issue was not seen in this case. * tests/cp/cp-a-selinux: Add a test case for the issue and group the other test cases in the file more coherently. * tests/cp/cp-mv-enotsup-xattr: Do the same check for xattr warnings, even though they did not have the issue. --- src/copy.c | 23 ++++++++++-------- tests/cp/cp-a-selinux | 51 ++++++++++++++++++++++++----------------- tests/cp/cp-mv-enotsup-xattr | 7 +++++- 3 files changed, 49 insertions(+), 32 deletions(-) diff --git a/src/copy.c b/src/copy.c index 3c32fa3..0fa148e 100644 --- a/src/copy.c +++ b/src/copy.c @@ -531,7 +531,8 @@ copy_reg (char const *src_name, char const *dst_name, security_context_t con = NULL; if (getfscreatecon (&con) < 0) { - if (!x->reduce_diagnostics || x->require_preserve_context) + if (x->require_preserve_context || + (!x->reduce_diagnostics && !errno_unsupported (errno))) error (0, errno, _("failed to get file system create context")); if (x->require_preserve_context) { @@ -544,7 +545,8 @@ copy_reg (char const *src_name, char const *dst_name, { if (fsetfilecon (dest_desc, con) < 0) { - if (!x->reduce_diagnostics || x->require_preserve_context) + if (x->require_preserve_context || + (!x->reduce_diagnostics && !errno_unsupported (errno))) error (0, errno, _("failed to set the security context of %s to %s"), quote_n (0, dst_name), quote_n (1, con)); @@ -1825,7 +1827,8 @@ copy_internal (char const *src_name, char const *dst_name, { if (setfscreatecon (con) < 0) { - if (!x->reduce_diagnostics || x->require_preserve_context) + if (x->require_preserve_context || + (!x->reduce_diagnostics && !errno_unsupported (errno))) error (0, errno, _("failed to set default file creation context to %s"), quote (con)); @@ -1839,15 +1842,15 @@ copy_internal (char const *src_name, char const *dst_name, } else { - if (!errno_unsupported (errno) || x->require_preserve_context) + if (x->require_preserve_context || + (!x->reduce_diagnostics && !errno_unsupported (errno))) { - if (!x->reduce_diagnostics || x->require_preserve_context) - error (0, errno, - _("failed to get security context of %s"), - quote (src_name)); - if (x->require_preserve_context) - return false; + error (0, errno, + _("failed to get security context of %s"), + quote (src_name)); } + if (x->require_preserve_context) + return false; } } diff --git a/tests/cp/cp-a-selinux b/tests/cp/cp-a-selinux index 770dcc4..b65070a 100755 --- a/tests/cp/cp-a-selinux +++ b/tests/cp/cp-a-selinux @@ -60,51 +60,60 @@ test $skip = 1 \ cd mnt || framework_failure echo > f || framework_failure -echo > g || framework_failure - +echo > g || framework_failure # /bin/cp from coreutils-6.7-3.fc7 would fail this test by letting cp # succeed (giving no diagnostics), yet leaving the destination file empty. cp -a f g 2>err || fail=1 test -s g || fail=1 # The destination file must not be empty. test -s err && fail=1 # There must be no stderr output. -rm -f g err +# ===================================================== +# Here, we expect cp to succeed and not warn with "Operation not supported" +rm -f g echo > g +cp --preserve=all f g 2>err || fail=1 +test -s g || fail=1 +grep "Operation not supported" err && fail=1 # ===================================================== +# The same as above except destination does not exist +rm -f g +cp --preserve=all f g 2>err || fail=1 +test -s g || fail=1 +grep "Operation not supported" err && fail=1 + +# An alternative to the following approach would be to run in a confined +# domain (maybe creating/loading it) that lacks the required permissions +# to the file type. +# Note: this test could also be run by a regular (non-root) user in an +# NFS mounted directory. When doing that, I get this diagnostic: +# cp: failed to set the security context of `g' to `system_u:object_r:nfs_t': \ +# Operation not supported +cat <<\EOF > exp || framework_failure=1 +cp: failed to set the security context of +EOF + +rm -f g +echo > g +# ===================================================== # Here, we expect cp to fail, because it cannot set the SELinux # security context through NFS or a mount with fixed context. cp --preserve=context f g 2> out && fail=1 - # Here, we *do* expect the destination to be empty. test -s g && fail=1 +sed "s/ .g' to .*//" out > k +mv k out +compare out exp || fail=1 rm -f g echo > g # Check if -a option doesn't silence --preserve=context option diagnostics cp -a --preserve=context f g 2> out2 && fail=1 - # Here, we *do* expect the destination to be empty. test -s g && fail=1 - -# An alternative to the current approach would be to run in a confined -# domain (maybe creating/loading it) that lacks the required permissions -# to the file type. -# Note: this test could also be run by a regular (non-root) user in an -# NFS mounted directory. When doing that, I get this diagnostic: -# cp: failed to set the security context of `g' to `system_u:object_r:nfs_t': \ -# Operation not supported -sed "s/ .g' to .*//" out > k -mv k out sed "s/ .g' to .*//" out2 > k mv k out2 - -cat <<\EOF > exp || fail=1 -cp: failed to set the security context of -EOF - -compare out exp || fail=1 compare out2 exp || fail=1 Exit $fail diff --git a/tests/cp/cp-mv-enotsup-xattr b/tests/cp/cp-mv-enotsup-xattr index 0239abb..7e7b645 100755 --- a/tests/cp/cp-mv-enotsup-xattr +++ b/tests/cp/cp-mv-enotsup-xattr @@ -77,7 +77,12 @@ test -s err && fail=1 # there must be no stderr output rm -f err noxattr/a -# This should pass without diagnostics +# This should pass without diagnostics (new file) +cp --preserve=all xattr/a noxattr/ 2>err || fail=1 +test -s noxattr/a || fail=1 # destination file must not be empty +test -s err && fail=1 # there must be no stderr output + +# This should pass without diagnostics (existing file) cp --preserve=all xattr/a noxattr/ 2>err || fail=1 test -s noxattr/a || fail=1 # destination file must not be empty test -s err && fail=1 # there must be no stderr output -- 1.6.2.5 --------------080902050901090103080403-- ------------=_1271203204-2671-1--