From unknown Sun Jun 22 17:17:54 2025 X-Loop: help-debbugs@gnu.org Subject: bug#5956: [PATCH] cp: preserve "capabilities" when also preserving file ownership Resent-From: =?UTF-8?Q?P=C3=A1draig?= Brady Original-Sender: debbugs-submit-bounces@debbugs.gnu.org Resent-To: owner@debbugs.gnu.org Resent-CC: bug-coreutils@gnu.org Resent-Date: Fri, 16 Apr 2010 08:43:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 5956 X-GNU-PR-Package: coreutils X-GNU-PR-Keywords: patch To: 5956@debbugs.gnu.org X-Debbugs-Original-To: Report bugs to Received: via spool by submit@debbugs.gnu.org id=B.127140736919540 (code B ref -1); Fri, 16 Apr 2010 08:43:01 +0000 Received: (at submit) by debbugs.gnu.org; 16 Apr 2010 08:42:49 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1O2h8S-000557-N1 for submit@debbugs.gnu.org; Fri, 16 Apr 2010 04:42:49 -0400 Received: from mail.gnu.org ([199.232.76.166] helo=mx10.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1O2h8Q-000552-5O for submit@debbugs.gnu.org; Fri, 16 Apr 2010 04:42:47 -0400 Received: from lists.gnu.org ([199.232.76.165]:43101) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1O2h8M-0006H9-Rr for submit@debbugs.gnu.org; Fri, 16 Apr 2010 04:42:42 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1O2h8M-0003uF-6L for bug-coreutils@gnu.org; Fri, 16 Apr 2010 04:42:42 -0400 Received: from [140.186.70.92] (port=36456 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1O2h81-0006Qh-64 for bug-coreutils@gnu.org; Fri, 16 Apr 2010 04:42:41 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.0 (2010-01-18) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=unavailable version=3.3.0 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69) (envelope-from ) id 1O2h7S-000825-KR for bug-coreutils@gnu.org; Fri, 16 Apr 2010 04:42:11 -0400 Received: from mail1.slb.deg.dub.stisp.net ([84.203.253.98]:16961) by eggs.gnu.org with smtp (Exim 4.69) (envelope-from ) id 1O2h7S-00081h-CL for bug-coreutils@gnu.org; Fri, 16 Apr 2010 04:41:46 -0400 Received: (qmail 99847 invoked from network); 16 Apr 2010 08:41:43 -0000 Received: from unknown (HELO ?192.168.2.25?) (84.203.137.218) by mail1.slb.deg.dub.stisp.net with SMTP; 16 Apr 2010 08:41:43 -0000 Message-ID: <4BC8229C.3060002@draigBrady.com> Date: Fri, 16 Apr 2010 09:41:00 +0100 From: =?UTF-8?Q?P=C3=A1draig?= Brady User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.8) Gecko/20100227 Thunderbird/3.0.3 MIME-Version: 1.0 X-Enigmail-Version: 1.0.1 Content-Type: multipart/mixed; boundary="------------090102070108040105030901" X-detected-operating-system: by eggs.gnu.org: FreeBSD 4.6-4.9 X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6, seldom 2.4 (older, 4) X-Spam-Score: -3.9 (---) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -5.2 (-----) This is a multi-part message in MIME format. --------------090102070108040105030901 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit `sudo cp -a non-root-file copy` would not preserve capabilities. The attached fixes this and passes all tests. cheers, Pádraig. --------------090102070108040105030901 Content-Type: text/x-patch; name="cp-capabilities.diff" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="cp-capabilities.diff" >From 01fb46436854d197f3b3f0bbd196631ba088c73c Mon Sep 17 00:00:00 2001 From: =?utf-8?q?P=C3=A1draig=20Brady?= Date: Fri, 16 Apr 2010 08:39:11 +0100 Subject: [PATCH] cp: preserve "capabilities" when also preserving file ownership * src/copy.c (copy_reg): Copy xattrs _after_ setting file ownership so that capabilities are not cleared when setting ownership. * tests/cp/capability: A new root test. * tests/Makefile.am (root_tests): Reference the new test. * NEWS: Mention the fix. --- NEWS | 2 + src/copy.c | 30 ++++++++++++++------------ tests/Makefile.am | 1 + tests/cp/capability | 56 +++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 75 insertions(+), 14 deletions(-) create mode 100755 tests/cp/capability diff --git a/NEWS b/NEWS index 2be9633..8714d1e 100644 --- a/NEWS +++ b/NEWS @@ -4,6 +4,8 @@ GNU coreutils NEWS -*- outline -*- ** Bug fixes + cp now preserves "capabilities" when also preserving file ownership. + ls --color once again honors the 'NORMAL' dircolors directive. [bug introduced in coreutils-6.11] diff --git a/src/copy.c b/src/copy.c index 0fa148e..4e70c21 100644 --- a/src/copy.c +++ b/src/copy.c @@ -826,6 +826,22 @@ copy_reg (char const *src_name, char const *dst_name, } } + /* We set ownership before xattrs as changing owners will + clear capabilities. */ + if (x->preserve_ownership && ! SAME_OWNER_AND_GROUP (*src_sb, sb)) + { + switch (set_owner (x, dst_name, dest_desc, src_sb, *new_dst, &sb)) + { + case -1: + return_val = false; + goto close_src_and_dst_desc; + + case 0: + src_mode &= ~ (S_ISUID | S_ISGID | S_ISVTX); + break; + } + } + /* To allow copying xattrs on read-only files, temporarily chmod u+rw. This workaround is required as an inode permission check is done by xattr_permission() in fs/xattr.c of the GNU/Linux kernel tree. */ @@ -844,20 +860,6 @@ copy_reg (char const *src_name, char const *dst_name, fchmod_or_lchmod (dest_desc, dst_name, dst_mode & ~omitted_permissions); } - if (x->preserve_ownership && ! SAME_OWNER_AND_GROUP (*src_sb, sb)) - { - switch (set_owner (x, dst_name, dest_desc, src_sb, *new_dst, &sb)) - { - case -1: - return_val = false; - goto close_src_and_dst_desc; - - case 0: - src_mode &= ~ (S_ISUID | S_ISGID | S_ISVTX); - break; - } - } - set_author (dst_name, dest_desc, src_sb); if (x->preserve_mode || x->move_mode) diff --git a/tests/Makefile.am b/tests/Makefile.am index db1610d..a943ff3 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -23,6 +23,7 @@ root_tests = \ cp/preserve-gid \ cp/special-bits \ cp/cp-mv-enotsup-xattr \ + cp/capability \ dd/skip-seek-past-dev \ install/install-C-root \ ls/capability \ diff --git a/tests/cp/capability b/tests/cp/capability new file mode 100755 index 0000000..d575dbc --- /dev/null +++ b/tests/cp/capability @@ -0,0 +1,56 @@ +#!/bin/sh +# Ensure cp --preserves copies capabilities + +# Copyright (C) 2010 Free Software Foundation, Inc. + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +if test "$VERBOSE" = yes; then + set -x + ls --version +fi + +. $srcdir/test-lib.sh +require_root_ + +grep '^#define HAVE_CAP 1' $CONFIG_HEADER > /dev/null \ + || skip_test_ "configured without libcap support" + +(setcap --help) 2>&1 |grep 'usage: setcap' > /dev/null \ + || skip_test_ "setcap utility not found" +(getcap --help) 2>&1 |grep 'usage: getcap' > /dev/null \ + || skip_test_ "getcap utility not found" + +# Don't let a different umask perturb the results. +umask 22 + +touch file || framework_failure +chown $NON_ROOT_USERNAME file || framework_failure + +setcap 'cap_net_bind_service=ep' file || + skip_test_ "setcap doesn't work" +getcap file | grep cap_net_bind_service >/dev/null || + skip_test_ "getcap doesn't work" + +cp --preserve=xattr file copy1 || fail=1 + +# Before coreutils 8.5 the capabilities would not be preserved, +# as the owner was set _after_ copying xattrs, thus clearing any capabilities. +cp --preserve=all file copy2 || fail=1 + +for file in copy1 copy2; do + getcap $file | grep cap_net_bind_service >/dev/null || fail=1 +done + +Exit $fail -- 1.6.2.5 --------------090102070108040105030901-- From unknown Sun Jun 22 17:17:54 2025 X-Loop: help-debbugs@gnu.org Subject: bug#5956: [PATCH] cp: preserve "capabilities" when also preserving file ownership Resent-From: Jim Meyering Original-Sender: debbugs-submit-bounces@debbugs.gnu.org Resent-To: owner@debbugs.gnu.org Resent-CC: bug-coreutils@gnu.org Resent-Date: Fri, 16 Apr 2010 20:14:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 5956 X-GNU-PR-Package: coreutils X-GNU-PR-Keywords: patch To: =?UTF-8?Q?P=C3=A1draig?= Brady Cc: 5956@debbugs.gnu.org Received: via spool by 5956-submit@debbugs.gnu.org id=B5956.127144882912774 (code B ref 5956); Fri, 16 Apr 2010 20:14:01 +0000 Received: (at 5956) by debbugs.gnu.org; 16 Apr 2010 20:13:49 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1O2rvB-0003Jz-Dy for submit@debbugs.gnu.org; Fri, 16 Apr 2010 16:13:49 -0400 Received: from smtp6-g21.free.fr ([212.27.42.6]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1O2rv8-0003Ju-B9 for 5956@debbugs.gnu.org; Fri, 16 Apr 2010 16:13:48 -0400 Received: from smtp6-g21.free.fr (localhost [127.0.0.1]) by smtp6-g21.free.fr (Postfix) with ESMTP id 184A4E08169 for <5956@debbugs.gnu.org>; Fri, 16 Apr 2010 22:13:38 +0200 (CEST) Received: from mx.meyering.net (mx.meyering.net [82.230.74.64]) by smtp6-g21.free.fr (Postfix) with ESMTP id 39660E0804A for <5956@debbugs.gnu.org>; Fri, 16 Apr 2010 22:13:36 +0200 (CEST) Received: by rho.meyering.net (Acme Bit-Twister, from userid 1000) id 19A71A24; Fri, 16 Apr 2010 22:13:36 +0200 (CEST) From: Jim Meyering In-Reply-To: <4BC8229C.3060002@draigBrady.com> =?UTF-8?Q?("P=C3=A1draig?= Brady"'s message of "Fri, 16 Apr 2010 09:41:00 +0100") References: <4BC8229C.3060002@draigBrady.com> Date: Fri, 16 Apr 2010 22:13:36 +0200 Message-ID: <87k4s7nojz.fsf@meyering.net> Lines: 75 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -3.1 (---) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -3.1 (---) P=C3=A1draig Brady wrote: > `sudo cp -a non-root-file copy` would not preserve capabilities. > The attached fixes this and passes all tests. ... > Subject: [PATCH] cp: preserve "capabilities" when also preserving file ow= nership > > * src/copy.c (copy_reg): Copy xattrs _after_ setting file ownership > so that capabilities are not cleared when setting ownership. > * tests/cp/capability: A new root test. > * tests/Makefile.am (root_tests): Reference the new test. > * NEWS: Mention the fix. Good catch! The patch looks fine. Some tiny suggestions: > diff --git a/NEWS b/NEWS ... > + cp now preserves "capabilities" when also preserving file ownership. s/when also/also when/ > ls --color once again honors the 'NORMAL' dircolors directive. > [bug introduced in coreutils-6.11] > > diff --git a/src/copy.c b/src/copy.c > index 0fa148e..4e70c21 100644 > --- a/src/copy.c > +++ b/src/copy.c > @@ -826,6 +826,22 @@ copy_reg (char const *src_name, char const *dst_name, > } > } > > + /* We set ownership before xattrs as changing owners will > + clear capabilities. */ Please use an active/imperative voice: /* Set ownership before setting xattrs, since setting ownership clears capabilities. */ > + if (x->preserve_ownership && ! SAME_OWNER_AND_GROUP (*src_sb, sb)) > + { > + switch (set_owner (x, dst_name, dest_desc, src_sb, *new_dst, &sb)) ... > diff --git a/tests/Makefile.am b/tests/Makefile.am > index db1610d..a943ff3 100644 > --- a/tests/Makefile.am > +++ b/tests/Makefile.am > @@ -23,6 +23,7 @@ root_tests =3D \ > cp/preserve-gid \ > cp/special-bits \ > cp/cp-mv-enotsup-xattr \ > + cp/capability \ > dd/skip-seek-past-dev \ > install/install-C-root \ > ls/capability \ > diff --git a/tests/cp/capability b/tests/cp/capability ... > +(setcap --help) 2>&1 |grep 'usage: setcap' > /dev/null \ > + || skip_test_ "setcap utility not found" > +(getcap --help) 2>&1 |grep 'usage: getcap' > /dev/null \ > + || skip_test_ "getcap utility not found" > + > +# Don't let a different umask perturb the results. > +umask 22 It's slightly better to use this function in place of the above two lines: working_umask_or_skip_ > +touch file || framework_failure > +chown $NON_ROOT_USERNAME file || framework_failure ... From unknown Sun Jun 22 17:17:54 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.427 (Entity 5.427) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: =?UTF-8?Q?P=C3=A1draig?= Brady Subject: bug#5956 closed by =?UTF-8?Q?P=C3=A1draig?= Brady (Re: bug#5956: [PATCH] cp: preserve "capabilities" when also preserving file ownership) Message-ID: References: <4BC8E0EB.3080802@draigBrady.com> <4BC8229C.3060002@draigBrady.com> X-Gnu-PR-Message: they-closed 5956 X-Gnu-PR-Package: coreutils X-Gnu-PR-Keywords: patch Reply-To: 5956@debbugs.gnu.org Date: Fri, 16 Apr 2010 22:14:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1271456042-15703-1" This is a multi-part message in MIME format... ------------=_1271456042-15703-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" This is an automatic notification regarding your bug report which was filed against the coreutils package: #5956: [PATCH] cp: preserve "capabilities" when also preserving file owners= hip It has been closed by P=C3=A1draig Brady . Their explanation is attached below along with your original report. If this explanation is unsatisfactory and you have not received a better one in a separate message then please contact P=C3=A1draig Brady by replying to this email. --=20 5956: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D5956 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1271456042-15703-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 5956-done) by debbugs.gnu.org; 16 Apr 2010 22:13:53 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1O2tnL-000454-UR for submit@debbugs.gnu.org; Fri, 16 Apr 2010 18:13:52 -0400 Received: from mail1.slb.deg.dub.stisp.net ([84.203.253.98]) by debbugs.gnu.org with smtp (Exim 4.69) (envelope-from ) id 1O2tnK-00044x-7Q for 5956-done@debbugs.gnu.org; Fri, 16 Apr 2010 18:13:50 -0400 Received: (qmail 91979 invoked from network); 16 Apr 2010 22:13:45 -0000 Received: from unknown (HELO ?192.168.2.25?) (84.203.137.218) by mail1.slb.deg.dub.stisp.net with SMTP; 16 Apr 2010 22:13:45 -0000 Message-ID: <4BC8E0EB.3080802@draigBrady.com> Date: Fri, 16 Apr 2010 23:12:59 +0100 From: =?UTF-8?B?UMOhZHJhaWcgQnJhZHk=?= User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.8) Gecko/20100227 Thunderbird/3.0.3 MIME-Version: 1.0 To: Jim Meyering Subject: Re: bug#5956: [PATCH] cp: preserve "capabilities" when also preserving file ownership References: <4BC8229C.3060002@draigBrady.com> <87k4s7nojz.fsf@meyering.net> In-Reply-To: <87k4s7nojz.fsf@meyering.net> X-Enigmail-Version: 1.0.1 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -3.2 (---) X-Debbugs-Envelope-To: 5956-done Cc: 5956-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -3.2 (---) On 16/04/10 21:13, Jim Meyering wrote: > Pádraig Brady wrote: >> `sudo cp -a non-root-file copy` would not preserve capabilities. >> The attached fixes this and passes all tests. > ... >> Subject: [PATCH] cp: preserve "capabilities" when also preserving file ownership >> >> * src/copy.c (copy_reg): Copy xattrs _after_ setting file ownership >> so that capabilities are not cleared when setting ownership. >> * tests/cp/capability: A new root test. >> * tests/Makefile.am (root_tests): Reference the new test. >> * NEWS: Mention the fix. > > Good catch! > The patch looks fine. > Some tiny suggestions: Thanks for the review. I've just pushed that. cheers, Pádraig. ------------=_1271456042-15703-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 16 Apr 2010 08:42:49 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1O2h8S-000557-N1 for submit@debbugs.gnu.org; Fri, 16 Apr 2010 04:42:49 -0400 Received: from mail.gnu.org ([199.232.76.166] helo=mx10.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1O2h8Q-000552-5O for submit@debbugs.gnu.org; Fri, 16 Apr 2010 04:42:47 -0400 Received: from lists.gnu.org ([199.232.76.165]:43101) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1O2h8M-0006H9-Rr for submit@debbugs.gnu.org; Fri, 16 Apr 2010 04:42:42 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1O2h8M-0003uF-6L for bug-coreutils@gnu.org; Fri, 16 Apr 2010 04:42:42 -0400 Received: from [140.186.70.92] (port=36456 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1O2h81-0006Qh-64 for bug-coreutils@gnu.org; Fri, 16 Apr 2010 04:42:41 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.0 (2010-01-18) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=unavailable version=3.3.0 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69) (envelope-from ) id 1O2h7S-000825-KR for bug-coreutils@gnu.org; Fri, 16 Apr 2010 04:42:11 -0400 Received: from mail1.slb.deg.dub.stisp.net ([84.203.253.98]:16961) by eggs.gnu.org with smtp (Exim 4.69) (envelope-from ) id 1O2h7S-00081h-CL for bug-coreutils@gnu.org; Fri, 16 Apr 2010 04:41:46 -0400 Received: (qmail 99847 invoked from network); 16 Apr 2010 08:41:43 -0000 Received: from unknown (HELO ?192.168.2.25?) (84.203.137.218) by mail1.slb.deg.dub.stisp.net with SMTP; 16 Apr 2010 08:41:43 -0000 Message-ID: <4BC8229C.3060002@draigBrady.com> Date: Fri, 16 Apr 2010 09:41:00 +0100 From: =?UTF-8?B?UMOhZHJhaWcgQnJhZHk=?= User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.8) Gecko/20100227 Thunderbird/3.0.3 MIME-Version: 1.0 To: Report bugs to Subject: [PATCH] cp: preserve "capabilities" when also preserving file ownership X-Enigmail-Version: 1.0.1 Content-Type: multipart/mixed; boundary="------------090102070108040105030901" X-detected-operating-system: by eggs.gnu.org: FreeBSD 4.6-4.9 X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6, seldom 2.4 (older, 4) X-Spam-Score: -3.9 (---) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -5.2 (-----) This is a multi-part message in MIME format. --------------090102070108040105030901 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit `sudo cp -a non-root-file copy` would not preserve capabilities. The attached fixes this and passes all tests. cheers, Pádraig. --------------090102070108040105030901 Content-Type: text/x-patch; name="cp-capabilities.diff" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="cp-capabilities.diff" >From 01fb46436854d197f3b3f0bbd196631ba088c73c Mon Sep 17 00:00:00 2001 From: =?utf-8?q?P=C3=A1draig=20Brady?= Date: Fri, 16 Apr 2010 08:39:11 +0100 Subject: [PATCH] cp: preserve "capabilities" when also preserving file ownership * src/copy.c (copy_reg): Copy xattrs _after_ setting file ownership so that capabilities are not cleared when setting ownership. * tests/cp/capability: A new root test. * tests/Makefile.am (root_tests): Reference the new test. * NEWS: Mention the fix. --- NEWS | 2 + src/copy.c | 30 ++++++++++++++------------ tests/Makefile.am | 1 + tests/cp/capability | 56 +++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 75 insertions(+), 14 deletions(-) create mode 100755 tests/cp/capability diff --git a/NEWS b/NEWS index 2be9633..8714d1e 100644 --- a/NEWS +++ b/NEWS @@ -4,6 +4,8 @@ GNU coreutils NEWS -*- outline -*- ** Bug fixes + cp now preserves "capabilities" when also preserving file ownership. + ls --color once again honors the 'NORMAL' dircolors directive. [bug introduced in coreutils-6.11] diff --git a/src/copy.c b/src/copy.c index 0fa148e..4e70c21 100644 --- a/src/copy.c +++ b/src/copy.c @@ -826,6 +826,22 @@ copy_reg (char const *src_name, char const *dst_name, } } + /* We set ownership before xattrs as changing owners will + clear capabilities. */ + if (x->preserve_ownership && ! SAME_OWNER_AND_GROUP (*src_sb, sb)) + { + switch (set_owner (x, dst_name, dest_desc, src_sb, *new_dst, &sb)) + { + case -1: + return_val = false; + goto close_src_and_dst_desc; + + case 0: + src_mode &= ~ (S_ISUID | S_ISGID | S_ISVTX); + break; + } + } + /* To allow copying xattrs on read-only files, temporarily chmod u+rw. This workaround is required as an inode permission check is done by xattr_permission() in fs/xattr.c of the GNU/Linux kernel tree. */ @@ -844,20 +860,6 @@ copy_reg (char const *src_name, char const *dst_name, fchmod_or_lchmod (dest_desc, dst_name, dst_mode & ~omitted_permissions); } - if (x->preserve_ownership && ! SAME_OWNER_AND_GROUP (*src_sb, sb)) - { - switch (set_owner (x, dst_name, dest_desc, src_sb, *new_dst, &sb)) - { - case -1: - return_val = false; - goto close_src_and_dst_desc; - - case 0: - src_mode &= ~ (S_ISUID | S_ISGID | S_ISVTX); - break; - } - } - set_author (dst_name, dest_desc, src_sb); if (x->preserve_mode || x->move_mode) diff --git a/tests/Makefile.am b/tests/Makefile.am index db1610d..a943ff3 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -23,6 +23,7 @@ root_tests = \ cp/preserve-gid \ cp/special-bits \ cp/cp-mv-enotsup-xattr \ + cp/capability \ dd/skip-seek-past-dev \ install/install-C-root \ ls/capability \ diff --git a/tests/cp/capability b/tests/cp/capability new file mode 100755 index 0000000..d575dbc --- /dev/null +++ b/tests/cp/capability @@ -0,0 +1,56 @@ +#!/bin/sh +# Ensure cp --preserves copies capabilities + +# Copyright (C) 2010 Free Software Foundation, Inc. + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +if test "$VERBOSE" = yes; then + set -x + ls --version +fi + +. $srcdir/test-lib.sh +require_root_ + +grep '^#define HAVE_CAP 1' $CONFIG_HEADER > /dev/null \ + || skip_test_ "configured without libcap support" + +(setcap --help) 2>&1 |grep 'usage: setcap' > /dev/null \ + || skip_test_ "setcap utility not found" +(getcap --help) 2>&1 |grep 'usage: getcap' > /dev/null \ + || skip_test_ "getcap utility not found" + +# Don't let a different umask perturb the results. +umask 22 + +touch file || framework_failure +chown $NON_ROOT_USERNAME file || framework_failure + +setcap 'cap_net_bind_service=ep' file || + skip_test_ "setcap doesn't work" +getcap file | grep cap_net_bind_service >/dev/null || + skip_test_ "getcap doesn't work" + +cp --preserve=xattr file copy1 || fail=1 + +# Before coreutils 8.5 the capabilities would not be preserved, +# as the owner was set _after_ copying xattrs, thus clearing any capabilities. +cp --preserve=all file copy2 || fail=1 + +for file in copy1 copy2; do + getcap $file | grep cap_net_bind_service >/dev/null || fail=1 +done + +Exit $fail -- 1.6.2.5 --------------090102070108040105030901-- ------------=_1271456042-15703-1--