aboutsummaryrefslogtreecommitdiff
path: root/ubifs-utils
diff options
context:
space:
mode:
authorDavid Oberhollenzer <goliath@infraroot.at>2023-12-15 12:42:41 +0100
committerDavid Oberhollenzer <goliath@infraroot.at>2023-12-19 10:23:59 +0100
commit9471c13faf76ff05f58d636b988bb066ad6d05fa (patch)
tree29e04b6874c2389ba4abcf67d770841c9bc998e0 /ubifs-utils
parent2425614638a798e55e79e1b1f9b8d84567769311 (diff)
mkfs.ubifs: fix xattr scanning for builds with selinux support
mkfs.uibfs can add Selinux xattrs from a labeling file using libselinux to parse it. The commit that added this feature simply introduced a separate function, inode_add_selinux_xattr, which is called instead of inode_add_xattr. If no --selinux argument is specified for mkfs.ubifs, this is a no-op. The problem is, that this breaks xattr scanning for any build with Selinux enabled. The Selinux version is always called and it does not scan for xattrs on the filesystem, or dispatch to the original. This commit fixes the xattr scanning behavior. We unconditionally call both functions (they each have no-op implementations if the feature is missing) and in the regular xattr scanning code, we skip selinux attributes, if the --selinux option was given. Fixes: f1feccec5ad8 ("mkfs.ubifs: Implement selinux labelling support") Reviewed-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <goliath@infraroot.at>
Diffstat (limited to 'ubifs-utils')
-rw-r--r--ubifs-utils/mkfs.ubifs/mkfs.ubifs.c22
1 files changed, 14 insertions, 8 deletions
diff --git a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c
index 15e6bdc..8f8d40b 100644
--- a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c
+++ b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c
@@ -56,7 +56,6 @@
#ifdef WITH_SELINUX
#define XATTR_NAME_SELINUX "security.selinux"
static struct selabel_handle *sehnd;
-static char *secontext;
#endif
/**
@@ -1389,6 +1388,15 @@ static int inode_add_xattr(struct ubifs_ino_node *host_ino,
continue;
}
+#ifdef WITH_SELINUX
+ /*
+ Ignore selinux attributes if we have a label file, they are
+ instead provided by inode_add_selinux_xattr.
+ */
+ if (!strcmp(name, XATTR_NAME_SELINUX) && context && sehnd)
+ continue;
+#endif
+
ret = add_xattr(host_ino, st, inum, name, attrbuf, attrsize);
if (ret < 0)
goto out_free;
@@ -1413,12 +1421,10 @@ static int inode_add_selinux_xattr(struct ubifs_ino_node *host_ino,
char *sepath = NULL;
char *name;
unsigned int con_size;
+ char *secontext;
- if (!context || !sehnd) {
- secontext = NULL;
- con_size = 0;
+ if (!context || !sehnd)
return 0;
- }
if (path_name[strlen(root)] == '/')
sepath = strdup(&path_name[strlen(root)]);
@@ -1595,11 +1601,11 @@ static int add_inode(struct stat *st, ino_t inum, void *data,
len = UBIFS_INO_NODE_SZ + data_len;
if (xattr_path) {
-#ifdef WITH_SELINUX
ret = inode_add_selinux_xattr(ino, xattr_path, st, inum);
-#else
+ if (ret < 0)
+ return ret;
+
ret = inode_add_xattr(ino, xattr_path, st, inum);
-#endif
if (ret < 0)
return ret;
}