michal-grzedzicki / rpms / rpm

Forked from rpms/rpm 6 months ago
Clone
2a5b6a
From d519580bd638ceb48829ae66557ca3c5941b4a5f Mon Sep 17 00:00:00 2001
2a5b6a
From: Florian Festi <ffesti@redhat.com>
2a5b6a
Date: Wed, 4 May 2016 14:05:06 +0200
2a5b6a
Subject: [PATCH] Set permissions before moving new files to their final place
2a5b6a
2a5b6a
---
2a5b6a
 lib/fsm.c | 37 ++++++++++++++++++++-----------------
2a5b6a
 1 file changed, 20 insertions(+), 17 deletions(-)
2a5b6a
2a5b6a
diff --git a/lib/fsm.c b/lib/fsm.c
2a5b6a
index 1ee7e67..3bb23a4 100644
2a5b6a
--- a/lib/fsm.c
2a5b6a
+++ b/lib/fsm.c
2a5b6a
@@ -621,14 +621,15 @@ static FSM_t fsmFree(FSM_t fsm)
2a5b6a
 
2a5b6a
 /* Find and set file security context */
2a5b6a
 static int fsmSetSELabel(struct selabel_handle *sehandle,
2a5b6a
-			 const char *path, mode_t mode)
2a5b6a
+			 const char *path, const char * nominalpath,
2a5b6a
+			 mode_t mode)
2a5b6a
 {
2a5b6a
     int rc = 0;
2a5b6a
 #if WITH_SELINUX
2a5b6a
     if (sehandle) {
2a5b6a
 	security_context_t scon = NULL;
2a5b6a
 
2a5b6a
-	if (selabel_lookup_raw(sehandle, &scon, path, mode) == 0) {
2a5b6a
+	if (selabel_lookup_raw(sehandle, &scon, nominalpath, mode) == 0) {
2a5b6a
 	    rc = lsetfilecon(path, scon);
2a5b6a
 
2a5b6a
 	    if (_fsm_debug) {
2a5b6a
@@ -1215,7 +1216,7 @@ static int fsmMkdirs(rpmfi fi, rpmfs fs, struct selabel_handle *sehandle)
2a5b6a
 		mode_t mode = S_IFDIR | (_dirPerms & 07777);
2a5b6a
 		rc = fsmMkdir(dn, mode);
2a5b6a
 		if (!rc) {
2a5b6a
-		    rc = fsmSetSELabel(sehandle, dn, mode);
2a5b6a
+		    rc = fsmSetSELabel(sehandle, dn, dn, mode);
2a5b6a
 
2a5b6a
 		    rpmlog(RPMLOG_DEBUG,
2a5b6a
 			    "%s directory created with perms %04o\n",
2a5b6a
@@ -1534,22 +1535,11 @@ static int fsmCommit(FSM_t fsm, int ix)
2a5b6a
 	/* Backup on-disk file if needed. Directories are handled earlier */
2a5b6a
 	if (!S_ISDIR(st->st_mode))
2a5b6a
 	    rc = fsmBackup(fsm);
2a5b6a
-        /* Rename temporary to final file name. */
2a5b6a
-        if (!S_ISDIR(st->st_mode) && (fsm->suffix || fsm->nsuffix)) {
2a5b6a
-            char *npath = fsmFsPath(fsm, 0, fsm->nsuffix);
2a5b6a
-            rc = fsmRename(fsm->path, npath, fsm->mapFlags);
2a5b6a
-            if (!rc && fsm->nsuffix) {
2a5b6a
-                char * opath = fsmFsPath(fsm, 0, NULL);
2a5b6a
-                rpmlog(RPMLOG_WARNING, _("%s created as %s\n"),
2a5b6a
-                       opath, npath);
2a5b6a
-                free(opath);
2a5b6a
-            }
2a5b6a
-            free(fsm->path);
2a5b6a
-            fsm->path = npath;
2a5b6a
-        }
2a5b6a
         /* Set file security context (if enabled) */
2a5b6a
         if (!rc && !getuid()) {
2a5b6a
-            rc = fsmSetSELabel(fsm->sehandle, fsm->path, fsm->sb.st_mode);
2a5b6a
+	    char * opath = fsmFsPath(fsm, 0, NULL);
2a5b6a
+	    rc = fsmSetSELabel(fsm->sehandle, fsm->path, opath, fsm->sb.st_mode);
2a5b6a
+	    opath = _free(opath);
2a5b6a
         }
2a5b6a
         if (S_ISLNK(st->st_mode)) {
2a5b6a
             if (!rc && !getuid())
2a5b6a
@@ -1571,6 +1561,19 @@ static int fsmCommit(FSM_t fsm, int ix)
2a5b6a
                 rc = fsmSetFCaps(fsm->path, rpmfiFCapsIndex(fi, ix));
2a5b6a
             }
2a5b6a
         }
2a5b6a
+        /* Rename temporary to final file name. */
2a5b6a
+        if (!rc && !S_ISDIR(st->st_mode) && (fsm->suffix || fsm->nsuffix)) {
2a5b6a
+            char *npath = fsmFsPath(fsm, 0, fsm->nsuffix);
2a5b6a
+            rc = fsmRename(fsm->path, npath, fsm->mapFlags);
2a5b6a
+            if (!rc && fsm->nsuffix) {
2a5b6a
+                char * opath = fsmFsPath(fsm, 0, NULL);
2a5b6a
+                rpmlog(RPMLOG_WARNING, _("%s created as %s\n"),
2a5b6a
+                       opath, npath);
2a5b6a
+                free(opath);
2a5b6a
+            }
2a5b6a
+            free(fsm->path);
2a5b6a
+            fsm->path = npath;
2a5b6a
+        }
2a5b6a
     }
2a5b6a
 
2a5b6a
     if (rc && fsm->failedFile && *fsm->failedFile == NULL) {
2a5b6a
-- 
2a5b6a
2.5.5
2a5b6a