[prev in list] [next in list] [prev in thread] [next in thread] 

List:       busybox
Subject:    [PATCH v2] cp: Have -a imply -c when SELinux is enabled.
From:       Chris PeBenito <chpebeni () linux ! microsoft ! com>
Date:       2019-04-30 13:25:08
Message-ID: 20190430132508.21310-1-chpebeni () linux ! microsoft ! com
[Download RAW message or body]

Have cp preserve SELinux context when using -a.  Coreutils cp also does
this.

Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
---
 coreutils/cp.c  | 11 ++++++++---
 include/libbb.h |  2 +-
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/coreutils/cp.c b/coreutils/cp.c
index 59e3d2f80..48b23fd0a 100644
--- a/coreutils/cp.c
+++ b/coreutils/cp.c
@@ -41,8 +41,7 @@
 //usage:       "[OPTIONS] SOURCE... DEST"
 //usage:#define cp_full_usage "\n\n"
 //usage:       "Copy SOURCE(s) to DEST\n"
-//usage:     "\n	-a	Same as -dpR"
-//usage:	IF_SELINUX(
+//usage:     "\n	-a	Same as -dpR" IF_SELINUX("c"
 //usage:     "\n	-c	Preserve security context"
 //usage:	)
 //usage:     "\n	-R,-r	Recurse"
@@ -93,7 +92,7 @@ int cp_main(int argc, char **argv)
 		// -P and -d are the same (-P is POSIX, -d is GNU)
 		// -r and -R are the same
 		// -R (and therefore -r) turns on -d (coreutils does this)
-		// -a = -pdR
+		// -a = -pdR (-c added in ENABLE_SELINUX block below)
 		"-2:l--s:s--l:Pd:rRd:Rd:apdR",
 		"archive\0"        No_argument "a"
 		"force\0"          No_argument "f"
@@ -189,6 +188,12 @@ int cp_main(int argc, char **argv)
 		flags |= FILEUTILS_DEREFERENCE;
 
 #if ENABLE_SELINUX
+	/* for -a, imply -c if SELinux is enabled. */
+	if ((flags & FILEUTILS_ARCHIVE) && is_selinux_enabled() > 0) {
+		flags |= FILEUTILS_PRESERVE_SECURITY_CONTEXT;
+	}
+
+	/* -c may be explicitly set */
 	if (flags & FILEUTILS_PRESERVE_SECURITY_CONTEXT) {
 		selinux_or_die();
 	}
diff --git a/include/libbb.h b/include/libbb.h
index 57cfce385..ef7be211d 100644
--- a/include/libbb.h
+++ b/include/libbb.h
@@ -400,7 +400,7 @@ enum {	/* cp.c, mv.c, install.c depend on these values. CAREFUL when changing th
 	FILEUTILS_MAKE_SOFTLINK   = 1 << 6, /* -s */
 	FILEUTILS_DEREF_SOFTLINK  = 1 << 7, /* -L */
 	FILEUTILS_DEREFERENCE_L0  = 1 << 8, /* -H */
-	/* -a = -pdR (mapped in cp.c) */
+	FILEUTILS_ARCHIVE         = 1 << 9, /* -a = -pdR (mapped in cp.c) */
 	/* -r = -dR  (mapped in cp.c) */
 	/* -P = -d   (mapped in cp.c) */
 	FILEUTILS_VERBOSE         = (1 << 12) * ENABLE_FEATURE_VERBOSE,	/* -v */
-- 
2.20.1

_______________________________________________
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic