mirror of
https://github.com/termux/termux-packages.git
synced 2025-02-22 15:47:26 +00:00
02a64ac6d0
Disable the ability for `install` to setup default file context for now Fixes (termux/termux-packages)#21597
162 lines
5.6 KiB
Diff
162 lines
5.6 KiB
Diff
--- coreutils-9.5.orig/src/cp.c
|
|
+++ coreutils-9.5/src/cp.c
|
|
@@ -994,7 +992,7 @@
|
|
|
|
atexit (close_stdin);
|
|
|
|
- selinux_enabled = (0 < is_selinux_enabled ());
|
|
+ selinux_enabled = (0 < is_selinux_enabled () && geteuid () == 0);
|
|
cp_option_init (&x);
|
|
|
|
while ((c = getopt_long (argc, argv, "abdfHilLnprst:uvxPRS:TZ",
|
|
@@ -1201,7 +1197,7 @@
|
|
{
|
|
error (0, 0,
|
|
_("warning: ignoring --context; "
|
|
- "it requires an SELinux-enabled kernel"));
|
|
+ "it requires an SELinux-enabled kernel and root access"));
|
|
}
|
|
break;
|
|
|
|
@@ -1277,7 +1273,7 @@
|
|
if (x.require_preserve_context && ! selinux_enabled)
|
|
error (EXIT_FAILURE, 0,
|
|
_("cannot preserve security context "
|
|
- "without an SELinux-enabled kernel"));
|
|
+ "without an SELinux-enabled kernel and root access"));
|
|
|
|
/* FIXME: This handles new files. But what about existing files?
|
|
I.e., if updating a tree, new files would have the specified context,
|
|
--- coreutils-9.5.orig/src/mkdir.c
|
|
+++ coreutils-9.5/src/mkdir.c
|
|
@@ -228,7 +228,7 @@
|
|
/* We don't yet support -Z to restore context with SMACK. */
|
|
scontext = optarg;
|
|
}
|
|
- else if (is_selinux_enabled () > 0)
|
|
+ else if (is_selinux_enabled () > 0 && geteuid () == 0)
|
|
{
|
|
if (optarg)
|
|
scontext = optarg;
|
|
@@ -244,7 +244,7 @@
|
|
{
|
|
error (0, 0,
|
|
_("warning: ignoring --context; "
|
|
- "it requires an SELinux/SMACK-enabled kernel"));
|
|
+ "it requires an SELinux/SMACK-enabled kernel and root access"));
|
|
}
|
|
break;
|
|
case_GETOPT_HELP_CHAR;
|
|
--- coreutils-9.5.orig/src/mkfifo.c
|
|
+++ coreutils-9.5/src/mkfifo.c
|
|
@@ -102,7 +102,7 @@
|
|
/* We don't yet support -Z to restore context with SMACK. */
|
|
scontext = optarg;
|
|
}
|
|
- else if (is_selinux_enabled () > 0)
|
|
+ else if (is_selinux_enabled () > 0 && geteuid () == 0)
|
|
{
|
|
if (optarg)
|
|
scontext = optarg;
|
|
@@ -118,7 +118,7 @@
|
|
{
|
|
error (0, 0,
|
|
_("warning: ignoring --context; "
|
|
- "it requires an SELinux/SMACK-enabled kernel"));
|
|
+ "it requires an SELinux/SMACK-enabled kernel and root access"));
|
|
}
|
|
break;
|
|
case_GETOPT_HELP_CHAR;
|
|
--- coreutils-9.5.orig/src/mknod.c
|
|
+++ coreutils-9.5/src/mknod.c
|
|
@@ -119,7 +119,7 @@
|
|
/* We don't yet support -Z to restore context with SMACK. */
|
|
scontext = optarg;
|
|
}
|
|
- else if (is_selinux_enabled () > 0)
|
|
+ else if (is_selinux_enabled () > 0 && geteuid () == 0)
|
|
{
|
|
if (optarg)
|
|
scontext = optarg;
|
|
@@ -135,7 +135,7 @@
|
|
{
|
|
error (0, 0,
|
|
_("warning: ignoring --context; "
|
|
- "it requires an SELinux/SMACK-enabled kernel"));
|
|
+ "it requires an SELinux/SMACK-enabled kernel and root access"));
|
|
}
|
|
break;
|
|
case_GETOPT_HELP_CHAR;
|
|
--- coreutils-9.5.orig/src/mv.c
|
|
+++ coreutils-9.5/src/mv.c
|
|
@@ -120,7 +120,7 @@
|
|
static void
|
|
cp_option_init (struct cp_options *x)
|
|
{
|
|
- bool selinux_enabled = (0 < is_selinux_enabled ());
|
|
+ bool selinux_enabled = (0 < is_selinux_enabled () && geteuid () == 0);
|
|
|
|
cp_options_default (x);
|
|
x->copy_as_regular = false; /* FIXME: maybe make this an option */
|
|
@@ -326,7 +326,7 @@
|
|
bool no_target_directory = false;
|
|
int n_files;
|
|
char **file;
|
|
- bool selinux_enabled = (0 < is_selinux_enabled ());
|
|
+ bool selinux_enabled = (0 < is_selinux_enabled () && geteuid () == 0);
|
|
bool no_clobber = false;
|
|
|
|
initialize_main (&argc, &argv);
|
|
--- coreutils-9.5.orig/src/runcon.c
|
|
+++ coreutils-9.5/src/runcon.c
|
|
@@ -190,8 +190,8 @@
|
|
usage (EXIT_CANCELED);
|
|
}
|
|
|
|
- if (is_selinux_enabled () != 1)
|
|
- error (EXIT_CANCELED, 0, _("%s may be used only on a SELinux kernel"),
|
|
+ if (is_selinux_enabled () != 1 || geteuid () != 0)
|
|
+ error (EXIT_CANCELED, 0, _("%s may be used only on a SELinux kernel and must be run as root"),
|
|
program_name);
|
|
|
|
if (context)
|
|
--- coreutils-9.5.orig/src/install.c
|
|
+++ coreutils-9.5/src/install.c
|
|
@@ -325,6 +325,9 @@
|
|
struct stat st;
|
|
char *scontext_raw = nullptr;
|
|
|
|
+ /* FIXME: Return early for now until a suitable workaround has been found */
|
|
+ return;
|
|
+
|
|
if (selinux_enabled != 1)
|
|
{
|
|
/* Indicate no context found. */
|
|
@@ -789,7 +792,7 @@
|
|
bool strip_program_specified = false;
|
|
char const *scontext = nullptr;
|
|
/* set iff kernel has extra selinux system calls */
|
|
- selinux_enabled = (0 < is_selinux_enabled ());
|
|
+ selinux_enabled = (0 < is_selinux_enabled () && geteuid () == 0);
|
|
|
|
initialize_main (&argc, &argv);
|
|
set_program_name (argv[0]);
|
|
@@ -876,7 +879,7 @@
|
|
if (! selinux_enabled)
|
|
{
|
|
error (0, 0, _("WARNING: ignoring --preserve-context; "
|
|
- "this kernel is not SELinux-enabled"));
|
|
+ "it requires an SELinux-enabled kernel and root access"));
|
|
break;
|
|
}
|
|
x.preserve_security_context = true;
|
|
@@ -902,7 +905,7 @@
|
|
{
|
|
error (0, 0,
|
|
_("warning: ignoring --context; "
|
|
- "it requires an SELinux-enabled kernel"));
|
|
+ "it requires an SELinux-enabled kernel and root access"));
|
|
}
|
|
break;
|
|
case_GETOPT_HELP_CHAR;
|