From 66c52f0d0a281b2fc2adc9327492ae9d67d7e853 Mon Sep 17 00:00:00 2001
From: James Youngman <address@hidden>
Date: Sun, 12 Apr 2009 15:30:14 +0100
Subject: [PATCH] Bugfixes to the handling of %Z in the Red Hat SELinux patch.
To: address@hidden

* find/pred.c (do_fprintf): If getfilecon fails, print the
relevant segment anyway, with the file context expanding to an
empty string.
* find/parser.c (make_segment): For %Z, set the cost to
NeedsAccessInfo.

Signed-off-by: James Youngman <address@hidden>
---
 ChangeLog     |    9 +++++++++
 find/parser.c |    5 +++++
 find/pred.c   |    7 +++++++
 3 files changed, 21 insertions(+), 0 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index fc87147..6fdbea1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2009-08-16  James Youngman  <address@hidden>
+
+	Bugfixes to the handling of %Z in the Red Hat SELinux patch.
+	* find/pred.c (do_fprintf): If getfilecon fails, print the
+	relevant segment anyway, with the file context expanding to an
+	empty string.
+	* find/parser.c (make_segment): For %Z, set the cost to
+	NeedsAccessInfo.
+
 2009-08-11  Kamil Dudka  <address@hidden>
 
 	find: add SELinux support
diff --git a/find/parser.c b/find/parser.c
index 0d2451b..330eb38 100644
--- a/find/parser.c
+++ b/find/parser.c
@@ -3101,7 +3101,12 @@ make_segment (struct segment **segment,
     case 'f':			/* basename of path */
     case 'h':			/* leading directories part of path */
     case 'p':			/* pathname */
+    case 'P':			/* pathname with ARGV element stripped */
+      *fmt++ = 's';
+      break;
+
     case 'Z':			/* SELinux security context */
+      mycost = NeedsAccessInfo;
       *fmt++ = 's';
       break;
 
diff --git a/find/pred.c b/find/pred.c
index 24dbae6..5c47290 100644
--- a/find/pred.c
+++ b/find/pred.c
@@ -1057,6 +1057,7 @@ do_fprintf(struct format_val *dest,
 			     mode_to_filetype(stat_buf->st_mode & S_IFMT));
 	  }
 	  break;
+
 	case 'Z':               /* SELinux security context */
 	  {
 	    security_context_t scontext;
@@ -1064,8 +1065,14 @@ do_fprintf(struct format_val *dest,
 					      &scontext);
 	    if (rv < 0)
 	      {
+		/* If getfilecon fails, there will in the general case
+		   still be some text to print.   We just make %Z expand
+		   to an empty string. */
+		checked_fprintf (dest, segment->text, "");
+
 		error (0, errno, "getfilecon: %s",
 		    safely_quote_err_filename (0, pathname));
+		state.exit_status = 1;
 	      }
 	    else
 	      {
-- 
1.5.6.5