| author | Russell Coker <russell@coker.com.au> | |
| Sat, 30 Jun 2012 13:28:50 +0000 (15:28 +0200) | ||
| committer | Guillem Jover <guillem@debian.org> | |
| Sat, 30 Jun 2012 19:38:37 +0000 (21:38 +0200) |
The SE Linux context in computer readable form get translated to human
readable form if the mcstransd daemon is running. But if the daemon
fails inbetween then dpkg might try to write wrong data to disk. To
avoid the flakines implied in relying on the state of that daemon,
just never translate the context.
As a side effect this should incur in a slight speed up.
[guillem@debian.org:
- Coding style fixes.
- Added code comment. ]
Closes: #679641
Signed-off-by: Guillem Jover <guillem@debian.org>
readable form if the mcstransd daemon is running. But if the daemon
fails inbetween then dpkg might try to write wrong data to disk. To
avoid the flakines implied in relying on the state of that daemon,
just never translate the context.
As a side effect this should incur in a slight speed up.
[guillem@debian.org:
- Coding style fixes.
- Added code comment. ]
Closes: #679641
Signed-off-by: Guillem Jover <guillem@debian.org>
| debian/changelog | patch | blob | history | |
| src/archives.c | patch | blob | history |
diff --git a/debian/changelog b/debian/changelog
--- a/debian/changelog
+++ b/debian/changelog
dpkg (1.16.6) UNRELEASED; urgency=low
+ [ Guillem Jover ]
+ * Do not translate SE Linux context to human readable form while unpacking,
+ as that might cause the operation to fail if the mcstransd daemon
+ stopped running during the transaction. Closes: #679641
+ Thanks to Russell Coker <russell@coker.com.au>.
+
[ Updated scripts translations ]
* German (Helge Kreutzmann).
diff --git a/src/archives.c b/src/archives.c
--- a/src/archives.c
+++ b/src/archives.c
return;
/* Set selinux_enabled if it is not already set (singleton). */
- if (selinux_enabled < 0)
+ if (selinux_enabled < 0) {
selinux_enabled = (is_selinux_enabled() > 0);
+ /* Do not translate from computer to human readable forms, to avoid
+ * issues when mcstransd has disappeared during the unpack process. */
+ if (selinux_enabled)
+ set_matchpathcon_flags(MATCHPATHCON_NOTRANS);
+ }
+
/* If SE Linux is not enabled just do nothing. */
if (!selinux_enabled)
return;
return;
if (strcmp(scontext, "<<none>>") != 0) {
- if (lsetfilecon(path, scontext) < 0)
+ if (lsetfilecon_raw(path, scontext) < 0)
/* XXX: This might need to be fatal instead!? */
perror("Error setting security context for next file object:");
}