AuxXxilium/eudev
1
0
Fork 0
mirror of https://github.com/AuxXxilium/eudev.git synced 2024-12-28 06:35:34 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity

selinux: figure out selinux context applied on exec() before closing all fds

Browse Source 
We need original socket_fd around otherwise mac_selinux_get_child_mls_label
fails with -EINVAL return code. Also don't call setexeccon twice but rather pass
context value of SELinuxContext option as an extra argument.

Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
This commit is contained in:
Michal Sekletar 2014-11-12 13:53:27 +01:00 committed by Anthony G. Basile
parent a0d05ead08
commit a2e46b539b
2 changed files with 3 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/shared/selinux-util.c
View File

@ -231,7 +231,7 @@ int mac_selinux_get_our_label(char **label) {
return r;
}
int mac_selinux_get_child_mls_label(int socket_fd, const char *exe, char **label) {
int mac_selinux_get_child_mls_label(int socket_fd, const char *exe, const char *exec_label, char **label) {
int r = -EOPNOTSUPP;
#ifdef HAVE_SELINUX
@ -255,11 +255,7 @@ int mac_selinux_get_child_mls_label(int socket_fd, const char *exe, char **label
if (r < 0)
return -errno;
r = getexeccon(&fcon);
if (r < 0)
return -errno;
if (!fcon) {
if (!exec_label) {
/* If there is no context set for next exec let's use context
of target executable */
r = getfilecon(exe, &fcon);

2
src/shared/selinux-util.h
View File

@ -35,7 +35,7 @@ int mac_selinux_apply(const char *path, const char *label);
int mac_selinux_get_create_label_from_exe(const char *exe, char **label);
int mac_selinux_get_our_label(char **label);
int mac_selinux_get_child_mls_label(int socket_fd, const char *exec, char **label);
int mac_selinux_get_child_mls_label(int socket_fd, const char *exe, const char *exec_label, char **label);
void mac_selinux_free(char *label);
int mac_selinux_create_file_prepare(const char *path, mode_t mode);