Description of problem: In ls.c, function gobble_file(), there are 2 #ifdefs for SELINUX that include cals for getfilecon() and lgetfilecon() respectively. The problem is that although the global variable format_needs_stat is correctly set up, the code in gobble_file() will call the ?getfilecon() functions on *ANY* needs_stat file, even if we're doing just an 'ls -l' and did *not* ask for one of the selinux extensions. This has two implications: a) We're doing (probably expensive) calls every time, even when not needed. This is a performance issue. b) It's quite possible to try to 'ls' a directory on a filesystem that doesn't support extended attributes (Reiserfs, JFS, or XFS, for example). This will get an 'op not supported' error on the getfilecon() and kill the ls while we're retrieving data the user didn't even ask for. Version-Release number of selected component (if applicable): 5.0-14 How reproducible: Build with WITH_SELINUX, then try to 'ls' a filesystem that doesn't support extended attributes. Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: Totally untested, but "looks right" patch attached.
Created attachment 94109 [details] Patch to only use getfilecon() if actually needed
Blech. Somebody check the precidence rules - that 'format == security_format' might need another set of parens around it.
This has been fixed in the latest release. ftp://people.redhat.com/dwalsh/SELinux/packages/coreutils-5.0-15.sel.src.rpm Basically the security context will say none if the file system does not support extended attributes. Dan