Hello, as reported in https://bugzilla.redhat.com/show_bug.cgi?id=527142 by Yanko Kaneti, chcon aborts on SELinux disabled kernel due to missing check for SELinux enabled kernel. Attached patch is fixing the issue.
Additionally - for consistency - error message of this check in runcon was changed to not hardcode "runcon" program name. Greetings, Ondřej Vašík
From 3dbd792b3e9379a4795d1becdc4252de236429bc Mon Sep 17 00:00:00 2001 From: =?utf-8?q?Ond=C5=99ej=20Va=C5=A1=C3=ADk?= <ova...@redhat.com> Date: Mon, 5 Oct 2009 09:20:48 +0200 Subject: [PATCH] chcon: no longer abort on SELinux disabled kernel * src/chcon.c (main): Check SELinux enabled kernel. Reported in https://bugzilla.redhat.com/show_bug.cgi?id=527142 by Yanko Kaneti. * src/runcon.c (main): Do not hardcode program name in error message of SELinux enabled kernel check. * NEWS: Mention it. * THANKS: Update. --- NEWS | 3 +++ THANKS | 1 + src/chcon.c | 4 ++++ src/runcon.c | 2 +- 4 files changed, 9 insertions(+), 1 deletions(-) diff --git a/NEWS b/NEWS index aff0744..3ed2d75 100644 --- a/NEWS +++ b/NEWS @@ -28,6 +28,9 @@ GNU coreutils NEWS -*- outline -*- [The race was introduced in coreutils-7.5, and the unnecessary delay was present since textutils-1.22o] + chcon no longer aborts on SELinux disabled system. + [the bug dates back to the initial implementation] + ** Portability On Solaris 9, many commands would mistakenly treat file/ the same as diff --git a/THANKS b/THANKS index e0e14e5..65ac1bb 100644 --- a/THANKS +++ b/THANKS @@ -612,6 +612,7 @@ Wis Macomson wis.macom...@intel.com Wojciech Purczynski cl...@isec.pl Wolfram Kleff kl...@cs.uni-bonn.de Won-kyu Park wkp...@chem.skku.ac.kr +Yanko Kaneti yan...@declera.com Yann Dirson dir...@debian.org Zvi Har'El r...@math.technion.ac.il diff --git a/src/chcon.c b/src/chcon.c index fbfdb4d..c0da694 100644 --- a/src/chcon.c +++ b/src/chcon.c @@ -519,6 +519,10 @@ main (int argc, char **argv) usage (EXIT_FAILURE); } + if (is_selinux_enabled () != 1) + error (EXIT_FAILURE, 0, + _("%s may be used only on a SELinux kernel"), program_name); + if (reference_file) { if (getfilecon (reference_file, &ref_context) < 0) diff --git a/src/runcon.c b/src/runcon.c index e0019da..f87eada 100644 --- a/src/runcon.c +++ b/src/runcon.c @@ -195,7 +195,7 @@ main (int argc, char **argv) if (is_selinux_enabled () != 1) error (EXIT_FAILURE, 0, - _("runcon may be used only on a SELinux kernel")); + _("%s may be used only on a SELinux kernel"), program_name); if (context) { -- 1.5.6.1.156.ge903b
signature.asc
Description: Toto je digitálně podepsaná část zprávy