From: Christian Göttsche <[email protected]>
When using the -Z option to use the default security context for
directories the context gets looked-up and registered in the kernel via
the internal defaultcon() helper. But afterwards it is not cleaned up,
potentially leaking it for the next created directory if the lookup for
that next directory fails to find a context (common for e.g. /tmp
entries).
Example:
mkdir -Z a /tmp/a
mkdir -Z b
mkdir -Z /tmp/b
ls -lZ /tmp/a /tmp/b
drwxr-xr-x. 1 u u unconfined_u:object_r:user_home_t:s0 0 ... a
drwxr-xr-x. 1 u u unconfined_u:object_r:user_home_t:s0 0 ... b
drwxr-xr-x. 2 u u unconfined_u:object_r:user_home_t:s0 40 ... /tmp/a
drwxr-xr-x. 2 u u unconfined_u:object_r:user_tmp_t:s0 40 ... /tmp/b
Reset the stored context used for creating new file system objects after
the mkdir(3) call, if it was set via defaultcon() beforehand.
---
src/mkdir.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/src/mkdir.c b/src/mkdir.c
index d52a498e7..93cbe7ecb 100644
--- a/src/mkdir.c
+++ b/src/mkdir.c
@@ -145,6 +145,12 @@ make_ancestor (char const *dir, char const *component,
void *options)
if (o->umask_ancestor != o->umask_self)
umask (o->umask_ancestor);
int r = mkdir (component, S_IRWXUGO);
+ if (o->set_security_context)
+ {
+ int mkdir_errno = errno;
+ setfscreatecon_raw (NULL);
+ errno = mkdir_errno;
+ }
if (o->umask_ancestor != o->umask_self)
{
int mkdir_errno = errno;
@@ -181,6 +187,13 @@ process_dir (char *dir, struct savewd *wd, void *options)
? EXIT_SUCCESS
: EXIT_FAILURE);
+ if (o->set_security_context && ! o->make_ancestor_function)
+ {
+ int mkdir_errno = errno;
+ setfscreatecon_raw (NULL);
+ errno = mkdir_errno;
+ }
+
/* FIXME: Due to the current structure of make_dir_parents()
we don't have the facility to call defaultcon() before the
final component of DIR is created. So for now, create the
--
2.51.0
