[Rpm-maint] [PATCH 01/12] Execute matchpathcon_init in a chroot
Steve Lawrence
slawrence at tresys.com
Thu Oct 22 18:25:38 UTC 2009
If the --root option is given and matchpathcon_init is called outside of
the chroot, it will read the host policy configuration and file context
rather than those in the chroot. This leads to potentially mislabeled
files (if host and root policies differ) and wrong data from libselinux
(e.g. selinux_getpolicytype).
---
lib/transaction.c | 35 +++++++++++++++++++++++++++--------
1 files changed, 27 insertions(+), 8 deletions(-)
diff --git a/lib/transaction.c b/lib/transaction.c
index 50334dd..912ca93 100644
--- a/lib/transaction.c
+++ b/lib/transaction.c
@@ -1007,14 +1007,6 @@ static int rpmtsSetup(rpmts ts, rpmprobFilterFlags ignoreSet)
rpmtsSetFlags(ts, (rpmtsFlags(ts) | RPMTRANS_FLAG_NOCONTEXTS));
}
- if (!(rpmtsFlags(ts) & RPMTRANS_FLAG_NOCONTEXTS)) {
- char *fn = rpmGetPath("%{?_install_file_context_path}", NULL);
- if (matchpathcon_init(fn) == -1) {
- rpmtsSetFlags(ts, (rpmtsFlags(ts) | RPMTRANS_FLAG_NOCONTEXTS));
- }
- free(fn);
- }
-
/* XXX Make sure the database is open RDWR for package install/erase. */
if (rpmtsOpenDB(ts, dbmode)) {
return -1; /* XXX W2DO? */
@@ -1031,6 +1023,33 @@ static int rpmtsSetup(rpmts ts, rpmprobFilterFlags ignoreSet)
(void) rpmtsSetChrootDone(ts, 0);
(void) rpmtsSetTid(ts, tid);
+ if (!(rpmtsFlags(ts) & RPMTRANS_FLAG_NOCONTEXTS)) {
+ const char * rootDir = rpmtsRootDir(ts);
+ int dochroot = (rootDir != NULL && !rstreq(rootDir, "/") && *rootDir == '/');
+ if (dochroot) {
+ if (chdir("/") == -1) {
+ rpmlog(RPMLOG_ERR, "Failed to change directory: %s\n", strerror(errno));
+ return -1;
+ }
+ if (chroot(rootDir) == -1) {
+ rpmlog(RPMLOG_ERR, "Failed to chroot to %s: %s\n", rootDir, strerror(errno));
+ return -1;
+ }
+ }
+ char *fn = rpmGetPath("%{?_install_file_context_path}", NULL);
+ if (matchpathcon_init(fn) == -1) {
+ rpmtsSetFlags(ts, (rpmtsFlags(ts) | RPMTRANS_FLAG_NOCONTEXTS));
+ }
+ _free(fn);
+ if (dochroot) {
+ if (chroot(".") == -1) {
+ rpmlog(RPMLOG_ERR, "Failed to exit chroot: %s\n", strerror(errno));
+ return -1;
+ }
+ chdir(rpmtsCurrDir(ts));
+ }
+ }
+
/* Get available space on mounted file systems. */
(void) rpmtsInitDSI(ts);
--
1.6.0.6
More information about the Rpm-maint
mailing list