runcon: ensure --compute runs the file it inspects

* src/runcon.c (main): With -c avoid searching the path
to ensure the file specified to --compute is executed.
* tests/misc/runcon-compute.sh: Add a new test.
* tests/local.mk: Reference the new test.
* NEWS: Mention the bug fix.
Reported in https://bugs.debian.org/1013924

diff --git a/NEWS b/NEWS
index 816025255a8027d6d1cea55ec4c7cc1526aa9ddd..b5b8990f869e97d3602b0f8ce9a0350080d7fbff 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -10,6 +10,10 @@ GNU coreutils NEWS                                    -*- outline -*-
   'mv --backup=simple f d/' no longer mistakenly backs up d/f to f~.
   [bug introduced in coreutils-9.1]
 
+  runcon --compute no longer looks up the specified command in the $PATH
+  so that there is no mismatch between the inspected and executed file.
+  [bug introduced when runcon was introduced in coreutils-6.9.90]
+
   'sort -g' no longer infloops when given multiple NaNs on platforms
   like x86_64 where 'long double' has padding bits in memory.
   Although the fix alters sort -g's NaN ordering, that ordering has

diff --git a/src/runcon.c b/src/runcon.c
index c4227c784587d40198b89d18c9a02467d6ec95d4..d85411c79f7cbd033989802d634036ddf303da9e 100644 (file)
--- a/src/runcon.c
+++ b/src/runcon.c
@@ -255,7 +255,7 @@ main (int argc, char **argv)
   if (cur_context != NULL)
     freecon (cur_context);
 
-  execvp (argv[optind], argv + optind);
+  (compute_trans ? execv : execvp) (argv[optind], argv + optind);
 
   int exit_status = errno == ENOENT ? EXIT_ENOENT : EXIT_CANNOT_INVOKE;
   error (0, errno, "%s", quote (argv[optind]));

diff --git a/tests/local.mk b/tests/local.mk
index 0f77786192b764872a2ff4f3b961cbc69cf2b052..0496c2873ac268a7021729af3b973bbf6e8a7dea 100644 (file)
--- a/tests/local.mk
+++ b/tests/local.mk
@@ -351,6 +351,7 @@ all_tests =                                 \
   tests/misc/readlink-fp-loop.sh               \
   tests/misc/readlink-root.sh                  \
   tests/misc/realpath.sh                       \
+  tests/misc/runcon-compute.sh                 \
   tests/misc/runcon-no-reorder.sh              \
   tests/misc/sha1sum.pl                                \
   tests/misc/sha1sum-vec.pl                    \

diff --git a/tests/misc/runcon-compute.sh b/tests/misc/runcon-compute.sh
new file mode 100755 (executable)
index 0000000..1c4e0c0
--- /dev/null
+++ b/tests/misc/runcon-compute.sh
@@ -0,0 +1,28 @@
+#!/bin/sh
+# Ensure that runcon -c uses absolute file names
+
+# Copyright (C) 2022 Free Software Foundation, Inc.
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src
+print_ver_ runcon
+
+# Create an executable that's sure to fail
+printf '%s\n' '#!/bin/sh' 'exit 1' >> 'true' || framework_failure_
+chmod a+x 'true' || framework_failure_
+
+returns_ 1 runcon -c true || fail=1
+
+Exit $fail