[Reproducible-commits] [dpkg] 27/32: dpkg: Do not translate SE Linux context to human readable form

Holger Levsen holger at layer-acht.org
Tue May 3 08:43:15 UTC 2016 

This is an automated email from the git hooks/post-receive script.

holger pushed a commit to annotated tag 1.15.10
in repository dpkg.

commit 2ae83164adde81c74ebdb88a8b56af7ce0bf2235
Author: Russell Coker <russell at coker.com.au>
Date:   Sat Jun 30 15:28:50 2012 +0200

    dpkg: Do not translate SE Linux context to human readable form
    
    Cherry picked from commit 7db83375c952383540631244ace9cfefdfc908a7.
    
    The SE Linux context in computer readable form get translated to human
    readable form if the mcstransd daemon is running. But if the daemon
    fails inbetween then dpkg might try to write wrong data to disk. To
    avoid the flakines implied in relying on the state of that daemon,
    just never translate the context.
    
    As a side effect this should incur in a slight speed up.
    
    [guillem at debian.org:
     - Coding style fixes.
     - Added code comment. ]
    
    Closes: #679641
    
    Signed-off-by: Guillem Jover <guillem at debian.org>
---
 debian/changelog |  6 ++++++
 src/archives.c   | 10 ++++++++--
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index e4fb873..b48bd1c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,11 @@
 dpkg (1.15.8.13) UNRELEASED; urgency=low
 
+  [ Guillem Jover ]
+  * Do not translate SE Linux context to human readable form while unpacking,
+    as that might cause the operation to fail if the mcstransd daemon
+    stopped running during the transaction. Closes: #679641
+    Thanks to Russell Coker <russell at coker.com.au>.
+
   [ Updated man page translations ]
   * German (Helge Kreutzmann). Fix sub optimal translation of package states
     LP: #368783, a fix by Chris Leick and other fixes.
diff --git a/src/archives.c b/src/archives.c
index 0e9c113..3c67b1d 100644
--- a/src/archives.c
+++ b/src/archives.c
@@ -276,9 +276,15 @@ set_selinux_path_context(const char *matchpath, const char *path, mode_t mode)
     return;
 
   /* Set selinux_enabled if it is not already set (singleton). */
-  if (selinux_enabled < 0)
+  if (selinux_enabled < 0) {
     selinux_enabled = (is_selinux_enabled() > 0);
 
+    /* Do not translate from computer to human readable forms, to avoid
+     * issues when mcstransd has disappeared during the unpack process. */
+    if (selinux_enabled)
+      set_matchpathcon_flags(MATCHPATHCON_NOTRANS);
+  }
+
   /* If SE Linux is not enabled just do nothing. */
   if (!selinux_enabled)
     return;
@@ -293,7 +299,7 @@ set_selinux_path_context(const char *matchpath, const char *path, mode_t mode)
     return;
 
   if (strcmp(scontext, "<<none>>") != 0) {
-    if (lsetfilecon(path, scontext) < 0)
+    if (lsetfilecon_raw(path, scontext) < 0)
       /* XXX: This might need to be fatal instead!? */
       perror("Error setting security context for next file object:");
   }

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/dpkg.git

More information about the Reproducible-commits mailing list