On 07/22/2014 03:20 AM, Peter Krempa wrote:
When restoring security labels in the dac driver the code would
resolve
the file path and use the resolved one to be chown-ed. The setting code
doesn't do that. Remove the unnecessary code.
chown() on a symlink changes the underlying file, not the link itself;
you need the BSD extension lchown() to change the owner of a symlink
(and even then, changing the owner of a symlink seldom has any
noticeable impact - per 'man 7 symlink' on Linux, "The only time that
the ownership of a symbolic link matters is when the link is being
removed or renamed in a directory that has the sticky bit set"). So
resolving a symlink before chown()ing it is pointless, since chown()
will resolve it anyways, and we really don't need to care about
lchown(). Likewise, on Linux, chmod() cannot alter a symlink to
anything other than a pointless 0777 access mode.
BSD is a bit different - there, lchown() coupled with chmod() can be
used to alter whether a user can resolve through the symlink in pathname
resolution, depending on the mount parameters of the current file
system. But this is still a seldom used extension to POSIX.
---
src/security/security_dac.c | 19 +------------------
1 file changed, 1 insertion(+), 18 deletions(-)
ACK.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library
http://libvirt.org