emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

set_selinux_file_context(): prepare context for actual file type

Browse Source 
Search the SELinux selabel database for the file type to be created.
Not specifying the file mode can cause an incorrect file context to be
returned.

Also prepare contexts in commonio_close() for the generic database
filename, not with the backup suffix appended, to ensure the desired
file context after the final rename.

Closes: #322

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
This commit is contained in:
Christian Göttsche
2021-04-09 18:21:00 +02:00
parent 5f7649fb37
commit eb1d2de0e9
5 changed files with 11 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
libmisc/copydir.c
View File

@ -484,7 +484,7 @@ static int copy_dir (const char *src, const char *dst,
*/
#ifdef WITH_SELINUX
if (set_selinux_file_context (dst) != 0) {
if (set_selinux_file_context (dst, S_IFDIR) != 0) {
return -1;
}
#endif /* WITH_SELINUX */
@ -605,7 +605,7 @@ static int copy_symlink (const char *src, const char *dst,
}
#ifdef WITH_SELINUX
if (set_selinux_file_context (dst) != 0) {
if (set_selinux_file_context (dst, S_IFLNK) != 0) {
free (oldlink);
return -1;
}
@ -684,7 +684,7 @@ static int copy_special (const char *src, const char *dst,
int err = 0;
#ifdef WITH_SELINUX
if (set_selinux_file_context (dst) != 0) {
if (set_selinux_file_context (dst, statp->st_mode & S_IFMT) != 0) {
return -1;
}
#endif /* WITH_SELINUX */
@ -744,7 +744,7 @@ static int copy_file (const char *src, const char *dst,
return -1;
}
#ifdef WITH_SELINUX
if (set_selinux_file_context (dst) != 0) {
if (set_selinux_file_context (dst, S_IFREG) != 0) {
return -1;
}
#endif /* WITH_SELINUX */