File coreutils-acl-nofollow.patch of Package coreutils
commit 95f7c57ff4090a5dee062044d2c7b99879077808
Author: Kamil Dudka <kdudka@redhat.com>
Date: Fri Jul 22 14:48:42 2011 +0200
file-has-acl: use acl_extended_file_nofollow if available
* lib/acl-internal.h (HAVE_ACL_EXTENDED_FILE): New macro.
(acl_extended_file): New macro.
* lib/file-has-acl.c (file_has_acl): Use acl_extended_file_nofollow.
* m4/acl.m4 (gl_FUNC_ACL): Check for acl_extended_file_nofollow.
This addresses http://bugzilla.redhat.com/692823.
Index: lib/acl-internal.h
===================================================================
--- lib/acl-internal.h.orig 2012-03-09 08:31:00.000000000 +0100
+++ lib/acl-internal.h 2012-04-16 13:17:12.470016537 +0200
@@ -142,6 +142,12 @@ rpl_acl_set_fd (int fd, acl_t acl)
# endif
/* Linux-specific */
+# ifndef HAVE_ACL_EXTENDED_FILE_NOFOLLOW
+# define HAVE_ACL_EXTENDED_FILE_NOFOLLOW false
+# define acl_extended_file_nofollow(name) (-1)
+# endif
+
+/* Linux-specific */
# ifndef HAVE_ACL_FROM_MODE
# define HAVE_ACL_FROM_MODE false
# define acl_from_mode(mode) (NULL)
Index: lib/file-has-acl.c
===================================================================
--- lib/file-has-acl.c.orig 2012-03-09 08:31:00.000000000 +0100
+++ lib/file-has-acl.c 2012-04-16 13:17:12.471016513 +0200
@@ -492,12 +492,20 @@ file_has_acl (char const *name, struct s
/* Linux, FreeBSD, MacOS X, IRIX, Tru64 */
int ret;
- if (HAVE_ACL_EXTENDED_FILE) /* Linux */
+ if (HAVE_ACL_EXTENDED_FILE || HAVE_ACL_EXTENDED_FILE_NOFOLLOW) /* Linux */
{
+# if HAVE_ACL_EXTENDED_FILE_NOFOLLOW
+ /* acl_extended_file_nofollow() uses lgetxattr() in order to prevent
+ unnecessary mounts, but it returns the same result as we already
+ know that NAME is not a symbolic link at this point (modulo the
+ TOCTTOU race condition). */
+ ret = acl_extended_file_nofollow (name);
+# else
/* On Linux, acl_extended_file is an optimized function: It only
makes two calls to getxattr(), one for ACL_TYPE_ACCESS, one for
ACL_TYPE_DEFAULT. */
ret = acl_extended_file (name);
+# endif
}
else /* FreeBSD, MacOS X, IRIX, Tru64 */
{
Index: m4/acl.m4
===================================================================
--- m4/acl.m4.orig 2012-01-06 10:14:31.000000000 +0100
+++ m4/acl.m4 2012-04-16 13:17:12.471016513 +0200
@@ -33,7 +33,7 @@ AC_DEFUN([gl_FUNC_ACL],
AC_CHECK_FUNCS(
[acl_get_file acl_get_fd acl_set_file acl_set_fd \
acl_free acl_from_mode acl_from_text \
- acl_delete_def_file acl_extended_file \
+ acl_delete_def_file acl_extended_file acl_extended_file_nofollow \
acl_delete_fd_np acl_delete_file_np \
acl_copy_ext_native acl_create_entry_np \
acl_to_short_text acl_free_text])
Index: ChangeLog
===================================================================
--- ChangeLog.orig 2012-03-26 14:15:03.000000000 +0200
+++ ChangeLog 2012-04-16 13:17:12.474016441 +0200
@@ -2815,6 +2815,14 @@
MacOS X 10.7 has an fdatasync that is not declared, and is rumored to
be ineffective. (Bug#9141)
+2011-07-22 Kamil Dudka <kdudka@redhat.com>
+
+ file-has-acl: use acl_extended_file_nofollow if available
+ * lib/acl-internal.h (HAVE_ACL_EXTENDED_FILE): New macro.
+ (acl_extended_file): New macro.
+ * lib/file-has-acl.c (file_has_acl): Use acl_extended_file_nofollow.
+ * m4/acl.m4 (gl_FUNC_ACL): Check for acl_extended_file_nofollow.
+
2011-07-20 Mike Frysinger <vapier@gentoo.org>
dircolors: add screen.Eterm terminal type
