From 3e7a91463476d5f0a98a59b52d9b808629c7ab25 Mon Sep 17 00:00:00 2001 From: Nicolas Iooss Date: Sat, 18 Jan 2014 13:57:31 +0100 Subject: [PATCH 1/2] copy: fix SELinux context preservation for existing directories Apply upstream fix on src/copy.c http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=243128dbf0293be7b170dd47c8dbf3ed1834c093 --- src/copy.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/src/copy.c b/src/copy.c index 0f044d0..2572f3f 100644 --- a/src/copy.c +++ b/src/copy.c @@ -2408,6 +2408,17 @@ copy_internal (char const *src_name, char const *dst_name, else { omitted_permissions = 0; + + /* For directories, the process global context could be reset for + descendents, so use it to set the context for existing dirs here. + This will also give earlier indication of failure to set ctx. */ + if (x->set_security_context || x->preserve_security_context) + if (! set_file_security_ctx (dst_name, x->preserve_security_context, + false, x)) + { + if (x->require_preserve_context) + goto un_backup; + } } /* Decide whether to copy the contents of the directory. */ @@ -2598,7 +2609,7 @@ copy_internal (char const *src_name, char const *dst_name, /* With -Z or --preserve=context, set the context for existing files. Note this is done already for copy_reg() for reasons described therein. */ - if (!new_dst && !x->copy_as_regular + if (!new_dst && !x->copy_as_regular && !S_ISDIR (src_mode) && (x->set_security_context || x->preserve_security_context)) { if (! set_file_security_ctx (dst_name, x->preserve_security_context, -- 1.8.5.3