diff mbox series

[2/2] policycoreutils: Resolve path in restorecon_xattr

Message ID 20210216141446.171306-2-plautrba@redhat.com (mailing list archive)
State Accepted
Headers show
Series [1/2] libselinux: fix segfault in add_xattr_entry() | expand

Commit Message

Petr Lautrbach Feb. 16, 2021, 2:14 p.m. UTC
Resolve pathname before selinux_restorecon_xattr() to prevent problems
with 'No Match' when relative path is used.

Fixes:
    # restorecon_xattr -v tmp
    ...
    tmp Digest: f9cd2da7141068bd2c08bc02fa471db63ac7d44c No Match

    # restorecon_xattr -v `pwd`/tmp
    ...
    /root/tmp Digest: f9cd2da7141068bd2c08bc02fa471db63ac7d44c Match

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
 policycoreutils/setfiles/restorecon_xattr.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)
diff mbox series

Patch

diff --git a/policycoreutils/setfiles/restorecon_xattr.c b/policycoreutils/setfiles/restorecon_xattr.c
index 59b1f748b8c5..56f6f9d0e043 100644
--- a/policycoreutils/setfiles/restorecon_xattr.c
+++ b/policycoreutils/setfiles/restorecon_xattr.c
@@ -38,7 +38,7 @@  int main(int argc, char **argv)
 	unsigned int xattr_flags = 0, delete_digest = 0, recurse = 0;
 	unsigned int delete_all_digests = 0, ignore_mounts = 0;
 	bool display_digest = false;
-	char *sha1_buf, **specfiles, *fc_file = NULL;
+	char *sha1_buf, **specfiles, *fc_file = NULL, *pathname = NULL;
 	unsigned char *fc_digest = NULL;
 	size_t i, fc_digest_len = 0, num_specfiles;
 
@@ -163,7 +163,16 @@  int main(int argc, char **argv)
 	xattr_flags = delete_digest | delete_all_digests |
 		      ignore_mounts | recurse;
 
-	if (selinux_restorecon_xattr(argv[optind], xattr_flags, &xattr_list)) {
+	pathname = realpath(argv[optind], NULL);
+	if (!pathname) {
+		fprintf(stderr,
+			    "restorecon_xattr: realpath(%s) failed: %s\n",
+			    argv[optind], strerror(errno));
+		rc = -1;
+		goto out;
+	}
+
+	if (selinux_restorecon_xattr(pathname, xattr_flags, &xattr_list)) {
 		fprintf(stderr,
 			"Error selinux_restorecon_xattr: %s\n",
 			strerror(errno));
@@ -215,6 +224,7 @@  int main(int argc, char **argv)
 
 	rc = 0;
 out:
+	free(pathname);
 	selabel_close(hnd);
 	restore_finish();
 	return rc;