acl-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Acl-devel] [PATCH 2/2] Suppress error messages when copying security.im


From: Stefan Berger
Subject: [Acl-devel] [PATCH 2/2] Suppress error messages when copying security.ima fails
Date: Tue, 25 Oct 2016 13:36:35 -0400

From: Stefan Berger <address@hidden>

The security.ima extended attribute may be copied when it contains
a digital signature. In case it is a hash, the copying will fail
and we suppress the error message in that case.

Signed-off-by: Stefan Berger <address@hidden>
---
 libattr/attr_copy_fd.c   | 4 +++-
 libattr/attr_copy_file.c | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/libattr/attr_copy_fd.c b/libattr/attr_copy_fd.c
index af237c9..515a2fb 100644
--- a/libattr/attr_copy_fd.c
+++ b/libattr/attr_copy_fd.c
@@ -139,7 +139,9 @@ attr_copy_fd(const char *src_path, int src_fd,
                if (fsetxattr (dst_fd, name, value, size, 0) != 0) {
                        if (errno == ENOTSUP)
                                setxattr_ENOTSUP++;
-                       else {
+                       else if (!strcmp(name, "security.ima")) {
+                               /* security.ima may not be copyable if it's a 
hash */
+                       } else {
                                const char *qpath = quote (ctx, dst_path);
 
                                if (errno == ENOSYS) {
diff --git a/libattr/attr_copy_file.c b/libattr/attr_copy_file.c
index 6cd8f81..fa38653 100644
--- a/libattr/attr_copy_file.c
+++ b/libattr/attr_copy_file.c
@@ -137,7 +137,9 @@ attr_copy_file(const char *src_path, const char *dst_path,
                if (lsetxattr (dst_path, name, value, size, 0) != 0) {
                        if (errno == ENOTSUP)
                                setxattr_ENOTSUP++;
-                       else {
+                       else if (!strcmp(name, "security.ima")) {
+                               /* security.ima may not be copyable if it's a 
hash */
+                       } else {
                                const char *qpath = quote (ctx, dst_path);
                                if (errno == ENOSYS) {
                                        error (ctx, _("setting attributes for "
-- 
2.7.0




reply via email to

[Prev in Thread] Current Thread [Next in Thread]