packaging
/
ostree
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sepolicy: Fix regressions from introduction of sepolicy_new_at() 

Being bitten by lack of PR testing here.  There are two bugs:

- First and foremost, I forgot that GObject will call the property setters with
  the defaults.  This meant we were getting both path="/var/tmp/blah" and fd=-1,
  and we were accepting -1 as a fd, which then got converted into AT_FDCWD
  which was wrong.
- Since these properties are construct only and mutually exclusive, don't
  try to handle one resetting the other.  Assert that exactly one of them is set.

Closes: #769
Approved by: jlebon
This commit is contained in:
Colin Walters 2017-03-30 13:38:08 -04:00 committed by Atomic Bot
parent 305db981d4
commit 8d4dec1b53
1 changed files with 19 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/libostree/ostree-sepolicy.c
View File

@ -112,15 +112,18 @@ ostree_sepolicy_set_property(GObject *object,
{ {
/* Canonicalize */ /* Canonicalize */
self->path = g_file_new_for_path (gs_file_get_path_cached (path)); self->path = g_file_new_for_path (gs_file_get_path_cached (path));
g_assert_cmpint (self->rootfs_dfd, ==, -1);
} }
self->rootfs_dfd = -1;
} }
break; break;
case PROP_ROOTFS_DFD: case PROP_ROOTFS_DFD:
{ {
self->rootfs_dfd = g_value_get_int (value); int fd = g_value_get_int (value);
g_clear_object (&self->path); if (fd != -1)
self->path = ot_fdrel_to_gfile (self->rootfs_dfd, "."); {
g_assert (self->path == NULL);
self->rootfs_dfd = fd;
}
} }
break; break;
default: default:
@ -282,6 +285,7 @@ initable_init (GInitable *initable,
#ifdef HAVE_SELINUX #ifdef HAVE_SELINUX
gboolean ret = FALSE; gboolean ret = FALSE;
OstreeSePolicy *self = OSTREE_SEPOLICY (initable); OstreeSePolicy *self = OSTREE_SEPOLICY (initable);
g_autoptr(GFile) path = NULL;
g_autoptr(GFile) etc_selinux_dir = NULL; g_autoptr(GFile) etc_selinux_dir = NULL;
g_autoptr(GFile) policy_config_path = NULL; g_autoptr(GFile) policy_config_path = NULL;
g_autoptr(GFile) policy_root = NULL; g_autoptr(GFile) policy_root = NULL;
@ -293,19 +297,27 @@ initable_init (GInitable *initable,
const char *selinuxtype_prefix = "SELINUXTYPE="; const char *selinuxtype_prefix = "SELINUXTYPE=";
/* TODO - use this below */ /* TODO - use this below */
if (self->rootfs_dfd == -1) if (self->rootfs_dfd != -1)
path = ot_fdrel_to_gfile (self->rootfs_dfd, ".");
else if (self->path)
{ {
path = g_object_ref (self->path);
#if 0
/* TODO - use this below */
if (!glnx_opendirat (AT_FDCWD, gs_file_get_path_cached (self->path), TRUE, if (!glnx_opendirat (AT_FDCWD, gs_file_get_path_cached (self->path), TRUE,
&self->rootfs_dfd_owned, error)) &self->rootfs_dfd_owned, error))
goto out; goto out;
self->rootfs_dfd = self->rootfs_dfd_owned; self->rootfs_dfd = self->rootfs_dfd_owned;
#endif
} }
else
g_assert_not_reached ();
etc_selinux_dir = g_file_resolve_relative_path (self->path, "etc/selinux"); etc_selinux_dir = g_file_resolve_relative_path (path, "etc/selinux");
if (!g_file_query_exists (etc_selinux_dir, NULL)) if (!g_file_query_exists (etc_selinux_dir, NULL))
{ {
g_object_unref (etc_selinux_dir); g_object_unref (etc_selinux_dir);
etc_selinux_dir = g_file_resolve_relative_path (self->path, "usr/etc/selinux"); etc_selinux_dir = g_file_resolve_relative_path (path, "usr/etc/selinux");
} }
policy_config_path = g_file_get_child (etc_selinux_dir, "config"); policy_config_path = g_file_get_child (etc_selinux_dir, "config");