summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTimo Teras <timo.teras@iki.fi>2009-07-30 10:42:20 +0300
committerTimo Teras <timo.teras@iki.fi>2009-07-30 10:42:20 +0300
commit5b48b855600aa316e3c9385e998c68ad757794a2 (patch)
tree05a0c84623a1360a513aa13f4e6192e969ea5060
parent60c668f1dccc77800548ec54587724ee9e61f4e3 (diff)
downloadapk-tools-5b48b855600aa316e3c9385e998c68ad757794a2.tar.gz
apk-tools-5b48b855600aa316e3c9385e998c68ad757794a2.tar.bz2
apk-tools-5b48b855600aa316e3c9385e998c68ad757794a2.tar.xz
apk-tools-5b48b855600aa316e3c9385e998c68ad757794a2.zip
audit: protection mask for "symlinks only"
and use it for /etc/init.d by default. fixes #99.
-rw-r--r--src/apk_database.h1
-rw-r--r--src/audit.c5
-rw-r--r--src/database.c26
-rw-r--r--src/io.c2
4 files changed, 27 insertions, 7 deletions
diff --git a/src/apk_database.h b/src/apk_database.h
index 35b0da1..241719d 100644
--- a/src/apk_database.h
+++ b/src/apk_database.h
@@ -37,6 +37,7 @@ struct apk_db_file {
};
#define APK_DBDIRF_PROTECTED 0x0001
+#define APK_DBDIRF_SYMLINKS_ONLY 0x0002
struct apk_db_dir {
apk_hash_node hash_node;
diff --git a/src/audit.c b/src/audit.c
index fe72c88..31965df 100644
--- a/src/audit.c
+++ b/src/audit.c
@@ -56,6 +56,11 @@ static int audit_directory(apk_hash_item item, void *ctx)
if (apk_file_get_info(tmp, APK_CHECKSUM_NONE, &fi) < 0)
continue;
+ if (!(actx->type & AUDIT_SYSTEM) &&
+ (dbd->flags & APK_DBDIRF_SYMLINKS_ONLY) &&
+ !S_ISLNK(fi.mode))
+ continue;
+
if (S_ISDIR(fi.mode)) {
if (apk_db_dir_query(db, APK_BLOB_STR(tmp)) != NULL)
continue;
diff --git a/src/database.c b/src/database.c
index f308e48..968d55e 100644
--- a/src/database.c
+++ b/src/database.c
@@ -235,11 +235,25 @@ static struct apk_db_dir *apk_db_dir_get(struct apk_database *db,
dir->flags = dir->parent->flags;
for (i = 0; i < db->protected_paths->num; i++) {
- if (db->protected_paths->item[i][0] == '-' &&
- strcmp(&db->protected_paths->item[i][1], dir->name) == 0)
- dir->flags &= ~APK_DBDIRF_PROTECTED;
- else if (strcmp(db->protected_paths->item[i], dir->name) == 0)
- dir->flags |= APK_DBDIRF_PROTECTED;
+ int flags = dir->flags, j;
+
+ flags |= APK_DBDIRF_PROTECTED;
+ for (j = 0; ; j++) {
+ switch (db->protected_paths->item[i][j]) {
+ case '-':
+ flags &= ~(APK_DBDIRF_PROTECTED |
+ APK_DBDIRF_SYMLINKS_ONLY);
+ continue;
+ case '*':
+ flags |= APK_DBDIRF_SYMLINKS_ONLY |
+ APK_DBDIRF_PROTECTED;
+ continue;
+ }
+ break;
+ }
+
+ if (strcmp(&db->protected_paths->item[i][j], dir->name) == 0)
+ dir->flags = flags;
}
return dir;
@@ -895,7 +909,7 @@ int apk_db_open(struct apk_database *db, const char *root, unsigned int flags)
}
}
- blob = APK_BLOB_STR("etc:-etc/init.d");
+ blob = APK_BLOB_STR("etc:*etc/init.d");
apk_blob_for_each_segment(blob, ":", add_protected_path, db);
if (root != NULL) {
diff --git a/src/io.c b/src/io.c
index 8739752..18e89d3 100644
--- a/src/io.c
+++ b/src/io.c
@@ -468,7 +468,7 @@ int apk_file_get_info(const char *filename, int checksum, struct apk_file_info *
struct stat st;
struct apk_bstream *bs;
- if (stat(filename, &st) != 0)
+ if (lstat(filename, &st) != 0)
return -errno;
*fi = (struct apk_file_info) {