mirror of
https://github.com/uutils/coreutils.git
synced 2026-06-10 15:48:22 -07:00
cp: fix SELinux context handling for cp-a-selinux GNU test
This commit is contained in:
committed by
Sylvestre Ledru
parent
9922135bea
commit
102c94fa78
@@ -85,6 +85,7 @@ cp-error-selinux-not-enabled = SELinux was not enabled during the compile time!
|
||||
cp-error-selinux-set-context = failed to set the security context of { $path }: { $error }
|
||||
cp-error-selinux-get-context = failed to get security context of { $path }
|
||||
cp-error-selinux-error = SELinux error: { $error }
|
||||
cp-error-selinux-context-conflict = cannot combine --context (-Z) with --preserve=context
|
||||
cp-error-cannot-create-fifo = cannot create fifo { $path }: File exists
|
||||
cp-error-invalid-attribute = invalid attribute { $value }
|
||||
cp-error-failed-to-create-whole-tree = failed to create whole tree
|
||||
|
||||
@@ -85,6 +85,7 @@ cp-error-selinux-not-enabled = SELinux n'était pas activé lors de la compilati
|
||||
cp-error-selinux-set-context = échec de la définition du contexte de sécurité de { $path } : { $error }
|
||||
cp-error-selinux-get-context = échec de l'obtention du contexte de sécurité de { $path }
|
||||
cp-error-selinux-error = Erreur SELinux : { $error }
|
||||
cp-error-selinux-context-conflict = impossible de combiner --context (-Z) avec --preserve=context
|
||||
cp-error-cannot-create-fifo = impossible de créer le fifo { $path } : Le fichier existe
|
||||
cp-error-invalid-attribute = attribut invalide { $value }
|
||||
cp-error-failed-to-create-whole-tree = échec de la création de l'arborescence complète
|
||||
|
||||
@@ -26,6 +26,8 @@ use uucore::translate;
|
||||
use uucore::uio_error;
|
||||
use walkdir::{DirEntry, WalkDir};
|
||||
|
||||
#[cfg(all(feature = "selinux", target_os = "linux"))]
|
||||
use crate::set_selinux_context;
|
||||
use crate::{
|
||||
CopyMode, CopyResult, CpError, Options, aligned_ancestors, context_for, copy_attributes,
|
||||
copy_file,
|
||||
@@ -492,6 +494,7 @@ pub(crate) fn copy_directory(
|
||||
&entry.local_to_target,
|
||||
&options.attributes,
|
||||
false,
|
||||
options.set_selinux_context,
|
||||
)?;
|
||||
continue;
|
||||
}
|
||||
@@ -534,6 +537,7 @@ pub(crate) fn copy_directory(
|
||||
&entry.local_to_target,
|
||||
&options.attributes,
|
||||
false,
|
||||
options.set_selinux_context,
|
||||
)?;
|
||||
}
|
||||
}
|
||||
@@ -550,7 +554,18 @@ pub(crate) fn copy_directory(
|
||||
// Fix permissions for all directories we created
|
||||
// This ensures that even sibling directories get their permissions fixed
|
||||
for dir in dirs_needing_permissions {
|
||||
copy_attributes(&dir.source, &dir.dest, &options.attributes, dir.was_created)?;
|
||||
copy_attributes(
|
||||
&dir.source,
|
||||
&dir.dest,
|
||||
&options.attributes,
|
||||
dir.was_created,
|
||||
options.set_selinux_context,
|
||||
)?;
|
||||
|
||||
#[cfg(all(feature = "selinux", target_os = "linux"))]
|
||||
if options.set_selinux_context {
|
||||
set_selinux_context(&dir.dest, options.context.as_ref())?;
|
||||
}
|
||||
}
|
||||
|
||||
// Also fix permissions for parent directories,
|
||||
@@ -559,7 +574,12 @@ pub(crate) fn copy_directory(
|
||||
let dest = target.join(root.file_name().unwrap());
|
||||
for (x, y) in aligned_ancestors(root, dest.as_path()) {
|
||||
if let Ok(src) = canonicalize(x, MissingHandling::Normal, ResolveMode::Physical) {
|
||||
copy_attributes(&src, y, &options.attributes, false)?;
|
||||
copy_attributes(&src, y, &options.attributes, false, options.set_selinux_context)?;
|
||||
|
||||
#[cfg(all(feature = "selinux", target_os = "linux"))]
|
||||
if options.set_selinux_context {
|
||||
set_selinux_context(y, options.context.as_ref())?;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
+92
-19
@@ -1159,6 +1159,21 @@ impl Options {
|
||||
None
|
||||
};
|
||||
|
||||
// -Z/--context conflicts with explicit --preserve=context but overrides implicit (from -a)
|
||||
if set_selinux_context || context.is_some() {
|
||||
match attributes.context {
|
||||
Preserve::Yes { required: true } => {
|
||||
return Err(CpError::Error(translate!(
|
||||
"cp-error-selinux-context-conflict"
|
||||
)));
|
||||
}
|
||||
Preserve::Yes { required: false } => {
|
||||
attributes.context = Preserve::No { explicit: false };
|
||||
}
|
||||
Preserve::No { .. } => {}
|
||||
}
|
||||
}
|
||||
|
||||
let options = Self {
|
||||
attributes_only: matches.get_flag(options::ATTRIBUTES_ONLY),
|
||||
copy_contents: matches.get_flag(options::COPY_CONTENTS),
|
||||
@@ -1550,7 +1565,7 @@ fn copy_source(
|
||||
if options.parents {
|
||||
for (x, y) in aligned_ancestors(source, dest.as_path()) {
|
||||
if let Ok(src) = canonicalize(x, MissingHandling::Normal, ResolveMode::Physical) {
|
||||
copy_attributes(&src, y, &options.attributes, false)?;
|
||||
copy_attributes(&src, y, &options.attributes, false, options.set_selinux_context)?;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1671,12 +1686,27 @@ fn handle_preserve<F: Fn() -> CopyResult<()>>(p: Preserve, f: F) -> CopyResult<(
|
||||
Ok(())
|
||||
}
|
||||
|
||||
#[cfg(all(feature = "selinux", target_os = "linux"))]
|
||||
pub(crate) fn set_selinux_context(path: &Path, context: Option<&String>) -> CopyResult<()> {
|
||||
if !uucore::selinux::is_selinux_enabled() {
|
||||
return Ok(());
|
||||
}
|
||||
|
||||
match uucore::selinux::set_selinux_security_context(path, context) {
|
||||
Ok(()) => Ok(()),
|
||||
Err(uucore::selinux::SeLinuxError::OperationNotSupported) => Ok(()),
|
||||
Err(e) => Err(CpError::Error(
|
||||
translate!("cp-error-selinux-error", "error" => e),
|
||||
)),
|
||||
}
|
||||
}
|
||||
|
||||
/// Copies extended attributes (xattrs) from `source` to `dest`, ensuring that `dest` is temporarily
|
||||
/// user-writable if needed and restoring its original permissions afterward. This avoids "Operation
|
||||
/// not permitted" errors on read-only files. Returns an error if permission or metadata operations fail,
|
||||
/// or if xattr copying fails.
|
||||
#[cfg(all(unix, not(target_os = "android")))]
|
||||
fn copy_extended_attrs(source: &Path, dest: &Path) -> CopyResult<()> {
|
||||
fn copy_extended_attrs(source: &Path, dest: &Path, skip_selinux: bool) -> CopyResult<()> {
|
||||
let metadata = fs::symlink_metadata(dest)?;
|
||||
|
||||
// Check if the destination file is currently read-only for the user.
|
||||
@@ -1692,7 +1722,13 @@ fn copy_extended_attrs(source: &Path, dest: &Path) -> CopyResult<()> {
|
||||
|
||||
// Perform the xattr copy and capture any potential error,
|
||||
// so we can restore permissions before returning.
|
||||
let copy_xattrs_result = copy_xattrs(source, dest);
|
||||
let copy_xattrs_result = if skip_selinux {
|
||||
// When -Z is used, skip copying security.selinux xattr so that
|
||||
// the default context can be set instead of preserving from source
|
||||
copy_xattrs_skip_selinux(source, dest)
|
||||
} else {
|
||||
copy_xattrs(source, dest)
|
||||
};
|
||||
|
||||
// Restore read-only if we changed it.
|
||||
if was_readonly {
|
||||
@@ -1712,12 +1748,31 @@ fn copy_extended_attrs(source: &Path, dest: &Path) -> CopyResult<()> {
|
||||
Ok(())
|
||||
}
|
||||
|
||||
/// Copy extended attributes but skip security.selinux
|
||||
#[cfg(all(unix, not(target_os = "android")))]
|
||||
fn copy_xattrs_skip_selinux(source: &Path, dest: &Path) -> std::io::Result<()> {
|
||||
for attr_name in xattr::list(source)? {
|
||||
// Skip security.selinux when -Z is used to set default context
|
||||
if attr_name.to_string_lossy() == "security.selinux" {
|
||||
continue;
|
||||
}
|
||||
if let Some(value) = xattr::get(source, &attr_name)? {
|
||||
xattr::set(dest, &attr_name, &value)?;
|
||||
}
|
||||
}
|
||||
Ok(())
|
||||
}
|
||||
|
||||
/// Copy the specified attributes from one path to another.
|
||||
/// If `skip_selinux_xattr` is true, the security.selinux xattr will not be copied
|
||||
/// (used when -Z is specified to set the default context instead).
|
||||
#[allow(unused_variables)]
|
||||
pub(crate) fn copy_attributes(
|
||||
source: &Path,
|
||||
dest: &Path,
|
||||
attributes: &Attributes,
|
||||
dest_is_freshly_created_dir: bool,
|
||||
skip_selinux_xattr: bool,
|
||||
) -> CopyResult<()> {
|
||||
let context = &*format!("{} -> {}", source.quote(), dest.quote());
|
||||
let source_metadata =
|
||||
@@ -1822,9 +1877,10 @@ pub(crate) fn copy_attributes(
|
||||
handle_preserve(attributes.xattr, || -> CopyResult<()> {
|
||||
#[cfg(all(unix, not(target_os = "android")))]
|
||||
{
|
||||
copy_extended_attrs(source, dest)?;
|
||||
copy_extended_attrs(source, dest, skip_selinux_xattr)?;
|
||||
}
|
||||
#[cfg(not(all(unix, not(target_os = "android"))))]
|
||||
#[allow(unused_variables)]
|
||||
{
|
||||
// The documentation for GNU cp states:
|
||||
//
|
||||
@@ -2576,33 +2632,44 @@ fn copy_file(
|
||||
fs::set_permissions(dest, dest_permissions).ok();
|
||||
}
|
||||
|
||||
if options.dereference(source_in_command_line) {
|
||||
let copy_attributes_result = if options.dereference(source_in_command_line) {
|
||||
// Try to canonicalize, but if it fails (e.g., due to inaccessible parent directories),
|
||||
// fall back to the original source path
|
||||
let src_for_attrs = canonicalize(source, MissingHandling::Normal, ResolveMode::Physical)
|
||||
.ok()
|
||||
.filter(|p| p.exists())
|
||||
.unwrap_or_else(|| source.to_path_buf());
|
||||
copy_attributes(&src_for_attrs, dest, &options.attributes, false)?;
|
||||
copy_attributes(
|
||||
&src_for_attrs,
|
||||
dest,
|
||||
&options.attributes,
|
||||
false,
|
||||
options.set_selinux_context,
|
||||
)
|
||||
} else if source_is_stream && !source.exists() {
|
||||
// Some stream files may not exist after we have copied it,
|
||||
// like anonymous pipes. Thus, we can't really copy its
|
||||
// attributes. However, this is already handled in the stream
|
||||
// copy function (see `copy_stream` under platform/linux.rs).
|
||||
Ok(())
|
||||
} else {
|
||||
copy_attributes(source, dest, &options.attributes, false)?;
|
||||
}
|
||||
copy_attributes(
|
||||
source,
|
||||
dest,
|
||||
&options.attributes,
|
||||
false,
|
||||
options.set_selinux_context,
|
||||
)
|
||||
};
|
||||
|
||||
#[cfg(all(feature = "selinux", any(target_os = "linux", target_os = "android")))]
|
||||
if options.set_selinux_context && uucore::selinux::is_selinux_enabled() {
|
||||
// Set the given selinux permissions on the copied file.
|
||||
if let Err(e) =
|
||||
uucore::selinux::set_selinux_security_context(dest, options.context.as_ref())
|
||||
{
|
||||
return Err(CpError::Error(
|
||||
translate!("cp-error-selinux-error", "error" => e),
|
||||
));
|
||||
}
|
||||
// GNU cp truncates the destination when a required attribute cannot be preserved
|
||||
copy_attributes_result.inspect_err(|_| {
|
||||
fs::File::create(dest).map(|f| f.set_len(0)).ok();
|
||||
})?;
|
||||
|
||||
#[cfg(all(feature = "selinux", target_os = "linux"))]
|
||||
if options.set_selinux_context {
|
||||
set_selinux_context(dest, options.context.as_ref())?;
|
||||
}
|
||||
|
||||
// Skip tracking copied files when using --link mode since hard link
|
||||
@@ -2772,7 +2839,13 @@ fn copy_link(
|
||||
delete_path(dest, options)?;
|
||||
}
|
||||
symlink_file(&link, dest, symlinked_files)?;
|
||||
copy_attributes(source, dest, &options.attributes, false)
|
||||
copy_attributes(
|
||||
source,
|
||||
dest,
|
||||
&options.attributes,
|
||||
false,
|
||||
options.set_selinux_context,
|
||||
)
|
||||
}
|
||||
|
||||
/// Generate an error message if `target` is not the correct `target_type`
|
||||
|
||||
@@ -45,6 +45,7 @@ selinux-error-file-open-failure = failed to open the file: { $error }
|
||||
selinux-error-context-retrieval-failure = failed to retrieve the security context: { $error }
|
||||
selinux-error-context-set-failure = failed to set default file creation context to '{ $context }': { $error }
|
||||
selinux-error-context-conversion-failure = failed to set default file creation context to '{ $context }': { $error }
|
||||
selinux-error-operation-not-supported = operation not supported
|
||||
|
||||
# SMACK error messages
|
||||
smack-error-not-enabled = SMACK is not enabled on this system
|
||||
|
||||
@@ -45,6 +45,7 @@ selinux-error-file-open-failure = échec de l'ouverture du fichier : { $error }
|
||||
selinux-error-context-retrieval-failure = échec de la récupération du contexte de sécurité : { $error }
|
||||
selinux-error-context-set-failure = échec de la définition du contexte de création de fichier par défaut à '{ $context }' : { $error }
|
||||
selinux-error-context-conversion-failure = échec de la définition du contexte de création de fichier par défaut à '{ $context }' : { $error }
|
||||
selinux-error-operation-not-supported = opération non prise en charge
|
||||
|
||||
# Messages d'erreur de traversée sécurisée
|
||||
safe-traversal-error-path-contains-null = le chemin contient un octet null
|
||||
|
||||
@@ -30,6 +30,9 @@ pub enum SeLinuxError {
|
||||
|
||||
#[error("{}", translate!("selinux-error-context-conversion-failure", "context" => .0.clone(), "error" => .1.clone()))]
|
||||
ContextConversionFailure(String, String),
|
||||
|
||||
#[error("{}", translate!("selinux-error-operation-not-supported"))]
|
||||
OperationNotSupported,
|
||||
}
|
||||
|
||||
impl UError for SeLinuxError {
|
||||
@@ -40,6 +43,7 @@ impl UError for SeLinuxError {
|
||||
Self::ContextRetrievalFailure(_) => 3,
|
||||
Self::ContextSetFailure(_, _) => 4,
|
||||
Self::ContextConversionFailure(_, _) => 5,
|
||||
Self::OperationNotSupported => 6,
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -154,13 +158,23 @@ pub fn set_selinux_security_context(
|
||||
false,
|
||||
)
|
||||
.set_for_path(path, false, false)
|
||||
.map_err(|e| {
|
||||
SeLinuxError::ContextSetFailure(ctx_str.to_owned(), selinux_error_description(&e))
|
||||
.map_err(|e| match &e {
|
||||
selinux::errors::Error::IO1Path { source, .. }
|
||||
if source.raw_os_error() == Some(libc::ENOTSUP) =>
|
||||
{
|
||||
SeLinuxError::OperationNotSupported
|
||||
}
|
||||
_ => SeLinuxError::ContextSetFailure(ctx_str.to_owned(), selinux_error_description(&e)),
|
||||
})
|
||||
} else {
|
||||
// If no context provided, set the default SELinux context for the path
|
||||
SecurityContext::set_default_for_path(path).map_err(|e| {
|
||||
SeLinuxError::ContextSetFailure(String::new(), selinux_error_description(&e))
|
||||
SecurityContext::set_default_for_path(path).map_err(|e| match &e {
|
||||
selinux::errors::Error::IO1Path { source, .. }
|
||||
if source.raw_os_error() == Some(libc::ENOTSUP) =>
|
||||
{
|
||||
SeLinuxError::OperationNotSupported
|
||||
}
|
||||
_ => SeLinuxError::ContextSetFailure(String::new(), selinux_error_description(&e)),
|
||||
})
|
||||
}
|
||||
}
|
||||
@@ -532,6 +546,9 @@ mod tests {
|
||||
"File open failure occurred despite file being created: {e}"
|
||||
);
|
||||
}
|
||||
Err(e @ SeLinuxError::OperationNotSupported) => {
|
||||
println!("{e}");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -7671,3 +7671,59 @@ fn test_cp_gnu_preserve_mode() {
|
||||
|
||||
assert_eq!(d1_mode, d3_mode);
|
||||
}
|
||||
|
||||
#[test]
|
||||
#[cfg(feature = "feat_selinux")]
|
||||
fn test_cp_a_z_overrides_context() {
|
||||
use std::path::Path;
|
||||
use uucore::selinux::{get_selinux_security_context, set_selinux_security_context};
|
||||
|
||||
let (at, mut ucmd) = at_and_ucmd!();
|
||||
at.touch("src");
|
||||
|
||||
let ctx = "unconfined_u:object_r:user_tmp_t:s0".to_string();
|
||||
if set_selinux_security_context(Path::new(&at.plus_as_string("src")), Some(&ctx)).is_err() {
|
||||
return;
|
||||
}
|
||||
|
||||
let src_ctx =
|
||||
get_selinux_security_context(Path::new(&at.plus_as_string("src")), false).unwrap();
|
||||
ucmd.args(&["-aZ", "src", "dst"]).succeeds();
|
||||
let dst_ctx =
|
||||
get_selinux_security_context(Path::new(&at.plus_as_string("dst")), false).unwrap();
|
||||
|
||||
assert_ne!(src_ctx, dst_ctx, "-aZ should override context from -a");
|
||||
}
|
||||
|
||||
#[test]
|
||||
#[cfg(feature = "feat_selinux")]
|
||||
fn test_cp_a_preserves_context() {
|
||||
use std::path::Path;
|
||||
use uucore::selinux::{get_selinux_security_context, set_selinux_security_context};
|
||||
|
||||
let (at, mut ucmd) = at_and_ucmd!();
|
||||
at.touch("src");
|
||||
|
||||
let ctx = "unconfined_u:object_r:user_tmp_t:s0".to_string();
|
||||
if set_selinux_security_context(Path::new(&at.plus_as_string("src")), Some(&ctx)).is_err() {
|
||||
return;
|
||||
}
|
||||
|
||||
let src_ctx =
|
||||
get_selinux_security_context(Path::new(&at.plus_as_string("src")), false).unwrap();
|
||||
ucmd.args(&["-a", "src", "dst"]).succeeds();
|
||||
let dst_ctx =
|
||||
get_selinux_security_context(Path::new(&at.plus_as_string("dst")), false).unwrap();
|
||||
|
||||
assert_eq!(src_ctx, dst_ctx, "-a should preserve SELinux context");
|
||||
}
|
||||
|
||||
#[test]
|
||||
#[cfg(feature = "feat_selinux")]
|
||||
fn test_cp_preserve_context_with_z_fails() {
|
||||
let (at, mut ucmd) = at_and_ucmd!();
|
||||
at.touch("src");
|
||||
ucmd.args(&["--preserve=context", "-Z", "src", "dst"])
|
||||
.fails()
|
||||
.stderr_contains("cannot combine");
|
||||
}
|
||||
|
||||
+1
-1
@@ -90,7 +90,7 @@ cd -
|
||||
export CARGOFLAGS # tell to make
|
||||
if [ "${SELINUX_ENABLED}" = 1 ];then
|
||||
# Build few utils for SELinux for faster build. MULTICALL=y fails...
|
||||
make UTILS="cat chcon chmod cp cut dd echo env groups id install ln ls mkdir mkfifo mknod mktemp mv printf rm rmdir runcon seq stat test touch tr true uname wc whoami"
|
||||
"${MAKE}" UTILS="cat chcon chmod cp cut dd echo env groups id install ln ls mkdir mkfifo mknod mktemp mv printf realpath rm rmdir runcon seq stat test touch tr true uname wc whoami"
|
||||
else
|
||||
# Use MULTICALL=y for faster build
|
||||
make MULTICALL=y SKIP_UTILS=more
|
||||
|
||||
Reference in New Issue
Block a user