Package: coreutils Version: 8.32-4+b1 Severity: minor Dear Maintainer,
chcon doesn't setfilecon() when the current context is already the one
requested, mirroring chgrp.
Observe, however chgrp -v:
$ chgrp -v users fips180-2withchangenotice.pdf fips180-3_final.pdf
group of 'fips180-2withchangenotice.pdf' retained as users
changed group of 'fips180-3_final.pdf' from nabijaczleweli to users
as contrasted with chcon -v:
# ls -Z /mnt/*_t | cat
unconfined_u:object_r:tmp_t:s0 /mnt/tmp_t
unconfined_u:object_r:unlabeled_t:s0 /mnt/unlabeled_t
# chcon -v -t tmp_t /mnt/*_t
changing security context of '/mnt/tmp_t'
changing security context of '/mnt/unlabeled_t'
A re-run confirms this is a lie:
# strace chcon -v -t tmp_t /mnt/*_t 2>&1 | grep xattr
getxattr("/mnt/tmp_t", "security.selinux", "unconfined_u:object_r:tmp_t:s0",
255) = 31
getxattr("/mnt/unlabeled_t", "security.selinux",
"unconfined_u:object_r:unlabeled_"..., 255) = 37
setxattr("/mnt/unlabeled_t", "security.selinux",
"unconfined_u:object_r:tmp_t:s0", 31, 0) = 0
Best,
наб
-- System Information:
Debian Release: 11.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500,
'stable-debug'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.10.0-16-amd64 (SMP w/24 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_FIRMWARE_WORKAROUND,
TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages coreutils depends on:
ii libacl1 2.2.53-10
ii libattr1 1:2.4.48-6
ii libc6 2.31-13+deb11u3
ii libgmp10 2:6.2.1+dfsg-1+deb11u1
ii libselinux1 3.1-3
coreutils recommends no packages.
coreutils suggests no packages.
-- no debconf information
signature.asc
Description: PGP signature
