diff options
| author | Colin Walters <walters@verbum.org> | 2017-06-16 10:36:28 -0400 |
|---|---|---|
| committer | Atomic Bot <atomic-devel@projectatomic.io> | 2017-06-16 14:54:29 +0000 |
| commit | 371b4a5e7e179da26c18ac40ab0a2f66c3d89150 (patch) | |
| tree | 8cf8e7740ed24e27753d8c35da3f34d408df9be7 | |
| parent | 2bab43fb224edc5b0bfacc79881e387b8de67c4a (diff) | |
| download | ostree-371b4a5e7e179da26c18ac40ab0a2f66c3d89150.tar.gz | |
checkout: Fix SELinux policy labeling when recursing
The code here tried to truncate the string to the previous length,
but that doesn't work when recursing, since further calls change the
length.
What actually ended up happening was the string would get corrupted
after the first level of recursion.
Closes: #936
Approved by: jlebon
| -rw-r--r-- | src/libostree/ostree-repo-checkout.c | 12 | ||||
| -rwxr-xr-x | tests/installed/itest-deploy-selinux.sh | 7 |
2 files changed, 12 insertions, 7 deletions
diff --git a/src/libostree/ostree-repo-checkout.c b/src/libostree/ostree-repo-checkout.c index 4b14dcdb..af5c021f 100644 --- a/src/libostree/ostree-repo-checkout.c +++ b/src/libostree/ostree-repo-checkout.c @@ -693,9 +693,9 @@ checkout_tree_at_recurse (OstreeRepo *self, g_autoptr(GVariant) contents_csum_v = NULL; while (g_variant_iter_loop (&viter, "(&s@ay)", &fname, &contents_csum_v)) { - const size_t namelen = strlen (fname); + const size_t origlen = selabel_path_buf ? selabel_path_buf->len : 0; if (selabel_path_buf) - g_string_append_len (selabel_path_buf, fname, namelen); + g_string_append (selabel_path_buf, fname); char tmp_checksum[OSTREE_SHA256_STRING_LEN+1]; _ostree_checksum_inplace_from_bytes_v (contents_csum_v, tmp_checksum); @@ -707,7 +707,7 @@ checkout_tree_at_recurse (OstreeRepo *self, return FALSE; if (selabel_path_buf) - g_string_truncate (selabel_path_buf, selabel_path_buf->len - namelen); + g_string_truncate (selabel_path_buf, origlen); } contents_csum_v = NULL; /* iter_loop freed it */ } @@ -722,10 +722,10 @@ checkout_tree_at_recurse (OstreeRepo *self, while (g_variant_iter_loop (&viter, "(&s@ay@ay)", &dname, &subdirtree_csum_v, &subdirmeta_csum_v)) { - const size_t namelen = strlen (dname); + const size_t origlen = selabel_path_buf ? selabel_path_buf->len : 0; if (selabel_path_buf) { - g_string_append_len (selabel_path_buf, dname, namelen); + g_string_append (selabel_path_buf, dname); g_string_append_c (selabel_path_buf, '/'); } @@ -740,7 +740,7 @@ checkout_tree_at_recurse (OstreeRepo *self, return FALSE; if (selabel_path_buf) - g_string_truncate (selabel_path_buf, selabel_path_buf->len - namelen); + g_string_truncate (selabel_path_buf, origlen); } } diff --git a/tests/installed/itest-deploy-selinux.sh b/tests/installed/itest-deploy-selinux.sh index c4965f87..f4fccc6d 100755 --- a/tests/installed/itest-deploy-selinux.sh +++ b/tests/installed/itest-deploy-selinux.sh @@ -12,7 +12,12 @@ ostree admin deploy --karg-proc-cmdline ${host_refspec} new_deployment_path=/ostree/deploy/${host_osname}/deploy/${host_commit}.1 # A set of files that have a variety of security contexts -for file in fstab passwd exports hostname sysctl.conf; do +for file in fstab passwd exports hostname sysctl.conf /etc/yum.repos.d \ + /etc/NetworkManager/dispatcher.d/hook-network-manager; do + if ! test -e ${file}; then + continue + fi + current=$(cd /etc && ls -Z ${file}) new=$(cd ${new_deployment_path}/etc && ls -Z ${file}) assert_streq "${current}" "${new}" |