diff --git a/.vscode/cspell.dictionaries/jargon.wordlist.txt b/.vscode/cspell.dictionaries/jargon.wordlist.txt index 33f4959487c..5cf27df62a7 100644 --- a/.vscode/cspell.dictionaries/jargon.wordlist.txt +++ b/.vscode/cspell.dictionaries/jargon.wordlist.txt @@ -219,3 +219,4 @@ VMULL vmull SETFL tmpfs +ENOTSUP diff --git a/src/uu/cp/locales/en-US.ftl b/src/uu/cp/locales/en-US.ftl index a0b95cf6c66..342e7d5ea5e 100644 --- a/src/uu/cp/locales/en-US.ftl +++ b/src/uu/cp/locales/en-US.ftl @@ -85,6 +85,7 @@ cp-error-selinux-not-enabled = SELinux was not enabled during the compile time! cp-error-selinux-set-context = failed to set the security context of { $path }: { $error } cp-error-selinux-get-context = failed to get security context of { $path } cp-error-selinux-error = SELinux error: { $error } +cp-error-selinux-context-conflict = cannot combine --context (-Z) with --preserve=context cp-error-cannot-create-fifo = cannot create fifo { $path }: File exists cp-error-invalid-attribute = invalid attribute { $value } cp-error-failed-to-create-whole-tree = failed to create whole tree diff --git a/src/uu/cp/locales/fr-FR.ftl b/src/uu/cp/locales/fr-FR.ftl index cc58eeab736..9e56bf130de 100644 --- a/src/uu/cp/locales/fr-FR.ftl +++ b/src/uu/cp/locales/fr-FR.ftl @@ -85,6 +85,7 @@ cp-error-selinux-not-enabled = SELinux n'était pas activé lors de la compilati cp-error-selinux-set-context = échec de la définition du contexte de sécurité de { $path } : { $error } cp-error-selinux-get-context = échec de l'obtention du contexte de sécurité de { $path } cp-error-selinux-error = Erreur SELinux : { $error } +cp-error-selinux-context-conflict = impossible de combiner --context (-Z) avec --preserve=context cp-error-cannot-create-fifo = impossible de créer le fifo { $path } : Le fichier existe cp-error-invalid-attribute = attribut invalide { $value } cp-error-failed-to-create-whole-tree = échec de la création de l'arborescence complète diff --git a/src/uu/cp/src/copydir.rs b/src/uu/cp/src/copydir.rs index db2f4ff1986..ae26fbf950f 100644 --- a/src/uu/cp/src/copydir.rs +++ b/src/uu/cp/src/copydir.rs @@ -26,6 +26,8 @@ use uucore::translate; use uucore::uio_error; use walkdir::{DirEntry, WalkDir}; +#[cfg(all(feature = "selinux", target_os = "linux"))] +use crate::set_selinux_context; use crate::{ CopyMode, CopyResult, CpError, Options, aligned_ancestors, context_for, copy_attributes, copy_file, @@ -475,6 +477,7 @@ pub(crate) fn copy_directory( &entry.source_absolute, &entry.local_to_target, &options.attributes, + options.set_selinux_context, )?; continue; } @@ -513,6 +516,7 @@ pub(crate) fn copy_directory( &entry.source_absolute, &entry.local_to_target, &options.attributes, + options.set_selinux_context, )?; } } @@ -529,7 +533,17 @@ pub(crate) fn copy_directory( // Fix permissions for all directories we created // This ensures that even sibling directories get their permissions fixed for (source_path, dest_path) in dirs_needing_permissions { - copy_attributes(&source_path, &dest_path, &options.attributes)?; + copy_attributes( + &source_path, + &dest_path, + &options.attributes, + options.set_selinux_context, + )?; + + #[cfg(all(feature = "selinux", target_os = "linux"))] + if options.set_selinux_context { + set_selinux_context(&dest_path, options.context.as_ref())?; + } } // Also fix permissions for parent directories, @@ -538,7 +552,12 @@ pub(crate) fn copy_directory( let dest = target.join(root.file_name().unwrap()); for (x, y) in aligned_ancestors(root, dest.as_path()) { if let Ok(src) = canonicalize(x, MissingHandling::Normal, ResolveMode::Physical) { - copy_attributes(&src, y, &options.attributes)?; + copy_attributes(&src, y, &options.attributes, options.set_selinux_context)?; + + #[cfg(all(feature = "selinux", target_os = "linux"))] + if options.set_selinux_context { + set_selinux_context(y, options.context.as_ref())?; + } } } } diff --git a/src/uu/cp/src/cp.rs b/src/uu/cp/src/cp.rs index b8745d64937..19a2103fa5e 100644 --- a/src/uu/cp/src/cp.rs +++ b/src/uu/cp/src/cp.rs @@ -1159,6 +1159,21 @@ impl Options { None }; + // -Z/--context conflicts with explicit --preserve=context but overrides implicit (from -a) + if set_selinux_context || context.is_some() { + match attributes.context { + Preserve::Yes { required: true } => { + return Err(CpError::Error(translate!( + "cp-error-selinux-context-conflict" + ))); + } + Preserve::Yes { required: false } => { + attributes.context = Preserve::No { explicit: false }; + } + Preserve::No { .. } => {} + } + } + let options = Self { attributes_only: matches.get_flag(options::ATTRIBUTES_ONLY), copy_contents: matches.get_flag(options::COPY_CONTENTS), @@ -1532,7 +1547,7 @@ fn copy_source( if options.parents { for (x, y) in aligned_ancestors(source, dest.as_path()) { if let Ok(src) = canonicalize(x, MissingHandling::Normal, ResolveMode::Physical) { - copy_attributes(&src, y, &options.attributes)?; + copy_attributes(&src, y, &options.attributes, options.set_selinux_context)?; } } } @@ -1627,9 +1642,6 @@ impl OverwriteMode { } } -/// Handles errors for attributes preservation. If the attribute is not required, and -/// errored, tries to show error (see `show_error_if_needed` for additional behavior details). -/// If it's required, then the error is thrown. fn handle_preserve CopyResult<()>>(p: &Preserve, f: F) -> CopyResult<()> { match p { Preserve::No { .. } => {} @@ -1637,20 +1649,33 @@ fn handle_preserve CopyResult<()>>(p: &Preserve, f: F) -> CopyResult< let result = f(); if *required { result?; - } else if let Err(error) = result { - show_error_if_needed(&error); } } } Ok(()) } +#[cfg(all(feature = "selinux", target_os = "linux"))] +pub(crate) fn set_selinux_context(path: &Path, context: Option<&String>) -> CopyResult<()> { + if !uucore::selinux::is_selinux_enabled() { + return Ok(()); + } + + match uucore::selinux::set_selinux_security_context(path, context) { + Ok(()) => Ok(()), + Err(uucore::selinux::SeLinuxError::OperationNotSupported) => Ok(()), + Err(e) => Err(CpError::Error( + translate!("cp-error-selinux-error", "error" => e), + )), + } +} + /// Copies extended attributes (xattrs) from `source` to `dest`, ensuring that `dest` is temporarily /// user-writable if needed and restoring its original permissions afterward. This avoids "Operation /// not permitted" errors on read-only files. Returns an error if permission or metadata operations fail, /// or if xattr copying fails. #[cfg(all(unix, not(target_os = "android")))] -fn copy_extended_attrs(source: &Path, dest: &Path) -> CopyResult<()> { +fn copy_extended_attrs(source: &Path, dest: &Path, skip_selinux: bool) -> CopyResult<()> { let metadata = fs::symlink_metadata(dest)?; // Check if the destination file is currently read-only for the user. @@ -1666,7 +1691,13 @@ fn copy_extended_attrs(source: &Path, dest: &Path) -> CopyResult<()> { // Perform the xattr copy and capture any potential error, // so we can restore permissions before returning. - let copy_xattrs_result = copy_xattrs(source, dest); + let copy_xattrs_result = if skip_selinux { + // When -Z is used, skip copying security.selinux xattr so that + // the default context can be set instead of preserving from source + copy_xattrs_skip_selinux(source, dest) + } else { + copy_xattrs(source, dest) + }; // Restore read-only if we changed it. if was_readonly { @@ -1681,11 +1712,30 @@ fn copy_extended_attrs(source: &Path, dest: &Path) -> CopyResult<()> { Ok(()) } +/// Copy extended attributes but skip security.selinux +#[cfg(all(unix, not(target_os = "android")))] +fn copy_xattrs_skip_selinux(source: &Path, dest: &Path) -> std::io::Result<()> { + for attr_name in xattr::list(source)? { + // Skip security.selinux when -Z is used to set default context + if attr_name.to_string_lossy() == "security.selinux" { + continue; + } + if let Some(value) = xattr::get(source, &attr_name)? { + xattr::set(dest, &attr_name, &value)?; + } + } + Ok(()) +} + /// Copy the specified attributes from one path to another. +/// If `skip_selinux_xattr` is true, the security.selinux xattr will not be copied +/// (used when -Z is specified to set the default context instead). +#[allow(unused_variables)] pub(crate) fn copy_attributes( source: &Path, dest: &Path, attributes: &Attributes, + skip_selinux_xattr: bool, ) -> CopyResult<()> { let context = &*format!("{} -> {}", source.quote(), dest.quote()); let source_metadata = @@ -1781,9 +1831,10 @@ pub(crate) fn copy_attributes( handle_preserve(&attributes.xattr, || -> CopyResult<()> { #[cfg(all(unix, not(target_os = "android")))] { - copy_extended_attrs(source, dest)?; + copy_extended_attrs(source, dest, skip_selinux_xattr)?; } #[cfg(not(all(unix, not(target_os = "android"))))] + #[allow(unused_variables)] { // The documentation for GNU cp states: // @@ -2538,33 +2589,42 @@ fn copy_file( fs::set_permissions(dest, dest_permissions).ok(); } - if options.dereference(source_in_command_line) { + let copy_attributes_result = if options.dereference(source_in_command_line) { // Try to canonicalize, but if it fails (e.g., due to inaccessible parent directories), // fall back to the original source path let src_for_attrs = canonicalize(source, MissingHandling::Normal, ResolveMode::Physical) .ok() .filter(|p| p.exists()) .unwrap_or_else(|| source.to_path_buf()); - copy_attributes(&src_for_attrs, dest, &options.attributes)?; + copy_attributes( + &src_for_attrs, + dest, + &options.attributes, + options.set_selinux_context, + ) } else if source_is_stream && !source.exists() { // Some stream files may not exist after we have copied it, // like anonymous pipes. Thus, we can't really copy its // attributes. However, this is already handled in the stream // copy function (see `copy_stream` under platform/linux.rs). + Ok(()) } else { - copy_attributes(source, dest, &options.attributes)?; - } + copy_attributes( + source, + dest, + &options.attributes, + options.set_selinux_context, + ) + }; + + // GNU cp truncates the destination when a required attribute cannot be preserved + copy_attributes_result.inspect_err(|_| { + fs::File::create(dest).map(|f| f.set_len(0)).ok(); + })?; #[cfg(all(feature = "selinux", target_os = "linux"))] - if options.set_selinux_context && uucore::selinux::is_selinux_enabled() { - // Set the given selinux permissions on the copied file. - if let Err(e) = - uucore::selinux::set_selinux_security_context(dest, options.context.as_ref()) - { - return Err(CpError::Error( - translate!("cp-error-selinux-error", "error" => e), - )); - } + if options.set_selinux_context { + set_selinux_context(dest, options.context.as_ref())?; } // Skip tracking copied files when using --link mode since hard link @@ -2734,7 +2794,12 @@ fn copy_link( delete_path(dest, options)?; } symlink_file(&link, dest, symlinked_files)?; - copy_attributes(source, dest, &options.attributes) + copy_attributes( + source, + dest, + &options.attributes, + options.set_selinux_context, + ) } /// Generate an error message if `target` is not the correct `target_type` diff --git a/src/uucore/locales/en-US.ftl b/src/uucore/locales/en-US.ftl index 36cd9d942a9..15896209526 100644 --- a/src/uucore/locales/en-US.ftl +++ b/src/uucore/locales/en-US.ftl @@ -45,6 +45,7 @@ selinux-error-file-open-failure = failed to open the file: { $error } selinux-error-context-retrieval-failure = failed to retrieve the security context: { $error } selinux-error-context-set-failure = failed to set default file creation context to '{ $context }': { $error } selinux-error-context-conversion-failure = failed to set default file creation context to '{ $context }': { $error } +selinux-error-operation-not-supported = operation not supported # SMACK error messages smack-error-not-enabled = SMACK is not enabled on this system diff --git a/src/uucore/locales/fr-FR.ftl b/src/uucore/locales/fr-FR.ftl index 9a60c87f21b..e9ff4abe475 100644 --- a/src/uucore/locales/fr-FR.ftl +++ b/src/uucore/locales/fr-FR.ftl @@ -45,6 +45,7 @@ selinux-error-file-open-failure = échec de l'ouverture du fichier : { $error } selinux-error-context-retrieval-failure = échec de la récupération du contexte de sécurité : { $error } selinux-error-context-set-failure = échec de la définition du contexte de création de fichier par défaut à '{ $context }' : { $error } selinux-error-context-conversion-failure = échec de la définition du contexte de création de fichier par défaut à '{ $context }' : { $error } +selinux-error-operation-not-supported = opération non prise en charge # Messages d'erreur de traversée sécurisée safe-traversal-error-path-contains-null = le chemin contient un octet null diff --git a/src/uucore/src/lib/features/selinux.rs b/src/uucore/src/lib/features/selinux.rs index 04d6e4464f4..fc1e00c9604 100644 --- a/src/uucore/src/lib/features/selinux.rs +++ b/src/uucore/src/lib/features/selinux.rs @@ -30,6 +30,9 @@ pub enum SeLinuxError { #[error("{}", translate!("selinux-error-context-conversion-failure", "context" => .0.clone(), "error" => .1.clone()))] ContextConversionFailure(String, String), + + #[error("{}", translate!("selinux-error-operation-not-supported"))] + OperationNotSupported, } impl UError for SeLinuxError { @@ -40,6 +43,7 @@ impl UError for SeLinuxError { Self::ContextRetrievalFailure(_) => 3, Self::ContextSetFailure(_, _) => 4, Self::ContextConversionFailure(_, _) => 5, + Self::OperationNotSupported => 6, } } } @@ -154,13 +158,23 @@ pub fn set_selinux_security_context( false, ) .set_for_path(path, false, false) - .map_err(|e| { - SeLinuxError::ContextSetFailure(ctx_str.to_owned(), selinux_error_description(&e)) + .map_err(|e| match &e { + selinux::errors::Error::IO1Path { source, .. } + if source.raw_os_error() == Some(libc::ENOTSUP) => + { + SeLinuxError::OperationNotSupported + } + _ => SeLinuxError::ContextSetFailure(ctx_str.to_owned(), selinux_error_description(&e)), }) } else { // If no context provided, set the default SELinux context for the path - SecurityContext::set_default_for_path(path).map_err(|e| { - SeLinuxError::ContextSetFailure(String::new(), selinux_error_description(&e)) + SecurityContext::set_default_for_path(path).map_err(|e| match &e { + selinux::errors::Error::IO1Path { source, .. } + if source.raw_os_error() == Some(libc::ENOTSUP) => + { + SeLinuxError::OperationNotSupported + } + _ => SeLinuxError::ContextSetFailure(String::new(), selinux_error_description(&e)), }) } } @@ -205,6 +219,7 @@ pub fn set_selinux_security_context( /// Err(SeLinuxError::ContextRetrievalFailure(e)) => println!("Failed to retrieve the security context: {e}"), /// Err(SeLinuxError::ContextConversionFailure(ctx, e)) => println!("Failed to convert context '{ctx}': {e}"), /// Err(SeLinuxError::ContextSetFailure(ctx, e)) => println!("Failed to set context '{ctx}': {e}"), +/// Err(SeLinuxError::OperationNotSupported) => println!("Operation not supported"), /// } /// ``` pub fn get_selinux_security_context( @@ -532,6 +547,9 @@ mod tests { "File open failure occurred despite file being created: {e}" ); } + Err(e @ SeLinuxError::OperationNotSupported) => { + println!("{e}"); + } } } diff --git a/tests/by-util/test_cp.rs b/tests/by-util/test_cp.rs index 2d252c56010..c76ac82e1a3 100644 --- a/tests/by-util/test_cp.rs +++ b/tests/by-util/test_cp.rs @@ -6776,8 +6776,7 @@ fn test_cp_preserve_selinux_admin_context() { #[test] #[cfg(feature = "feat_selinux")] fn test_cp_selinux_context_priority() { - // This test verifies that the priority order is respected: - // -Z > --context > --preserve=context + // This test verifies that -Z takes priority over --context let ts = TestScenario::new(util_name!()); let at = &ts.fixtures; @@ -6829,21 +6828,12 @@ fn test_cp_selinux_context_priority() { .arg("z_and_context.txt") .succeeds(); - // 5. Using both -Z and --preserve=context (Z should win) - ts.ucmd() - .arg("-Z") - .arg("--preserve=context") - .arg(TEST_HELLO_WORLD_SOURCE) - .arg("z_and_preserve.txt") - .succeeds(); - // Get all the contexts let source_ctx = get_getfattr_output(&at.plus_as_string(TEST_HELLO_WORLD_SOURCE)); let preserve_ctx = get_getfattr_output(&at.plus_as_string("preserve.txt")); let context_ctx = get_getfattr_output(&at.plus_as_string("context.txt")); let z_ctx = get_getfattr_output(&at.plus_as_string("z_flag.txt")); let z_and_context_ctx = get_getfattr_output(&at.plus_as_string("z_and_context.txt")); - let z_and_preserve_ctx = get_getfattr_output(&at.plus_as_string("z_and_preserve.txt")); if source_ctx.is_empty() { println!("Skipping test assertions: Failed to get SELinux contexts"); @@ -6861,10 +6851,6 @@ fn test_cp_selinux_context_priority() { z_ctx, z_and_context_ctx, "-Z context should be the same regardless of --context" ); - assert_eq!( - z_ctx, z_and_preserve_ctx, - "-Z context should be the same regardless of --preserve=context" - ); } #[test] @@ -7508,3 +7494,54 @@ fn test_cp_to_existing_file_permissions() { let new_dst_mode = std::fs::metadata(&dst_path).unwrap().permissions().mode(); assert_eq!(dst_mode, new_dst_mode); } + +#[test] +#[cfg(feature = "feat_selinux")] +fn test_cp_a_z_overrides_context() { + // Verifies -aZ succeeds (-Z overrides implicit --preserve=context from -a) + use std::path::Path; + use uucore::selinux::set_selinux_security_context; + + let (at, mut ucmd) = at_and_ucmd!(); + at.touch("src"); + + let ctx = "unconfined_u:object_r:user_tmp_t:s0".to_string(); + if set_selinux_security_context(Path::new(&at.plus_as_string("src")), Some(&ctx)).is_err() { + return; + } + + ucmd.args(&["-aZ", "src", "dst"]).succeeds(); +} + +#[test] +#[cfg(feature = "feat_selinux")] +fn test_cp_a_preserves_context() { + use std::path::Path; + use uucore::selinux::{get_selinux_security_context, set_selinux_security_context}; + + let (at, mut ucmd) = at_and_ucmd!(); + at.touch("src"); + + let ctx = "unconfined_u:object_r:user_tmp_t:s0".to_string(); + if set_selinux_security_context(Path::new(&at.plus_as_string("src")), Some(&ctx)).is_err() { + return; + } + + let src_ctx = + get_selinux_security_context(Path::new(&at.plus_as_string("src")), false).unwrap(); + ucmd.args(&["-a", "src", "dst"]).succeeds(); + let dst_ctx = + get_selinux_security_context(Path::new(&at.plus_as_string("dst")), false).unwrap(); + + assert_eq!(src_ctx, dst_ctx, "-a should preserve SELinux context"); +} + +#[test] +#[cfg(feature = "feat_selinux")] +fn test_cp_preserve_context_with_z_fails() { + let (at, mut ucmd) = at_and_ucmd!(); + at.touch("src"); + ucmd.args(&["--preserve=context", "-Z", "src", "dst"]) + .fails() + .stderr_contains("cannot combine"); +} diff --git a/util/build-gnu.sh b/util/build-gnu.sh index dfefa6d2641..2e85056616e 100755 --- a/util/build-gnu.sh +++ b/util/build-gnu.sh @@ -92,7 +92,7 @@ export CARGOFLAGS # tell to make [ -e "${UU_BUILD_DIR}/ginstall" ] || ln -vf "${UU_BUILD_DIR}/install" "${UU_BUILD_DIR}/ginstall" # The GNU tests use renamed install to ginstall if [ "${SELINUX_ENABLED}" = 1 ];then # Build few utils for SELinux for faster build. MULTICALL=y fails... - "${MAKE}" UTILS="cat chcon chmod cp cut dd echo env groups id ln ls mkdir mkfifo mknod mktemp mv printf rm rmdir runcon seq stat test touch tr true uname wc whoami" + "${MAKE}" UTILS="cat chcon chmod cp cut dd echo env groups id ln ls mkdir mkfifo mknod mktemp mv printf realpath rm rmdir runcon seq stat test touch tr true uname wc whoami" else # Use MULTICALL=y for faster build "${MAKE}" MULTICALL=y SKIP_UTILS="install more"