selinux.c: use modern selabel interface instead of deprecated matchpathcon
matchpathcon(3) is deprecated in favor of selabel_lookup(3). Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Acked-by: James Carter <jwcart2@gmail.com>
This commit is contained in:
parent
e367d111e5
commit
5f7649fb37
@ -35,7 +35,7 @@
|
||||
#include "defines.h"
|
||||
|
||||
#include <selinux/selinux.h>
|
||||
#include <selinux/context.h>
|
||||
#include <selinux/label.h>
|
||||
#include "prototypes.h"
|
||||
|
||||
static bool selinux_checked = false;
|
||||
@ -53,8 +53,6 @@ static bool selinux_enabled;
|
||||
*/
|
||||
int set_selinux_file_context (const char *dst_name)
|
||||
{
|
||||
/*@null@*/char *scontext = NULL;
|
||||
|
||||
if (!selinux_checked) {
|
||||
selinux_enabled = is_selinux_enabled () > 0;
|
||||
selinux_checked = true;
|
||||
@ -62,20 +60,34 @@ int set_selinux_file_context (const char *dst_name)
|
||||
|
||||
if (selinux_enabled) {
|
||||
/* Get the default security context for this file */
|
||||
if (matchpathcon (dst_name, 0, &scontext) < 0) {
|
||||
if (security_getenforce () != 0) {
|
||||
return 1;
|
||||
|
||||
/*@null@*/char *fcontext_raw = NULL;
|
||||
struct selabel_handle *hnd;
|
||||
int r;
|
||||
|
||||
hnd = selabel_open(SELABEL_CTX_FILE, NULL, 0);
|
||||
if (hnd == NULL) {
|
||||
return security_getenforce () != 0;
|
||||
}
|
||||
|
||||
r = selabel_lookup_raw(hnd, &fcontext_raw, dst_name, 0);
|
||||
selabel_close(hnd);
|
||||
if (r < 0) {
|
||||
/* No context specified for the searched path */
|
||||
if (errno == ENOENT) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
return security_getenforce () != 0;
|
||||
}
|
||||
|
||||
/* Set the security context for the next created file */
|
||||
if (setfscreatecon (scontext) < 0) {
|
||||
if (security_getenforce () != 0) {
|
||||
freecon (scontext);
|
||||
return 1;
|
||||
r = setfscreatecon_raw (fcontext_raw);
|
||||
freecon (fcontext_raw);
|
||||
if (r < 0) {
|
||||
return security_getenforce () != 0;
|
||||
}
|
||||
}
|
||||
freecon (scontext);
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user