diff options
author | David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 2019-06-22 00:21:29 +0200 |
---|---|---|
committer | David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 2019-06-22 00:26:37 +0200 |
commit | 64484ae0ff4d1bf52f618093bf3fc43a86745573 (patch) | |
tree | 15e8cc1f8895f08b12a93b600d0397edefcc531c | |
parent | 79e67f767bb34448c75312a538dc9f06a365448f (diff) |
simplify SELinux labeling
This commit moves the SELinux label code after the tree is sorted and
the inode table is generated. Sorting helps to make sure that the tree
will always be traversed in a defined, deterministic order and likewise
the creation of xattrs happens in a defined, deterministic order.
Second, we can now use the inode table instead of having to implement a
recursive tree traversal yet again.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
-rw-r--r-- | lib/fstree/selinux.c | 48 | ||||
-rw-r--r-- | mkfs/mkfs.c | 14 |
2 files changed, 26 insertions, 36 deletions
diff --git a/lib/fstree/selinux.c b/lib/fstree/selinux.c index ec14a93..b7934ea 100644 --- a/lib/fstree/selinux.c +++ b/lib/fstree/selinux.c @@ -14,41 +14,26 @@ static int relable_node(fstree_t *fs, struct selabel_handle *sehnd, tree_node_t *node) { char *context = NULL, *path; - tree_node_t *it; int ret; path = fstree_get_path(node); - if (path == NULL) { - perror("relabeling files"); - return -1; - } + if (path == NULL) + goto fail; if (selabel_lookup(sehnd, &context, path, node->mode) < 0) { - free(path); - - ret = fstree_add_xattr(fs, node, XATTR_NAME_SELINUX, - XATTR_VALUE_SELINUX); - } else { - free(path); - ret = fstree_add_xattr(fs, node, XATTR_NAME_SELINUX, context); - free(context); + context = strdup(XATTR_VALUE_SELINUX); + if (context == NULL) + goto fail; } - if (ret) - return -1; - - if (S_ISDIR(node->mode)) { - it = node->data.dir->children; - - while (it != NULL) { - if (relable_node(fs, sehnd, it)) - return -1; - - it = it->next; - } - } - - return 0; + ret = fstree_add_xattr(fs, node, XATTR_NAME_SELINUX, context); + free(context); + free(path); + return ret; +fail: + perror("relabeling files"); + free(path); + return -1; } int fstree_relabel_selinux(fstree_t *fs, const char *filename) @@ -57,6 +42,7 @@ int fstree_relabel_selinux(fstree_t *fs, const char *filename) struct selinux_opt seopts[] = { { SELABEL_OPT_PATH, filename }, }; + size_t i; int ret; sehnd = selabel_open(SELABEL_CTX_FILE, seopts, 1); @@ -66,7 +52,11 @@ int fstree_relabel_selinux(fstree_t *fs, const char *filename) return -1; } - ret = relable_node(fs, sehnd, fs->root); + for (i = 2; i < fs->inode_tbl_size; ++i) { + ret = relable_node(fs, sehnd, fs->inode_table[i]); + if (ret) + break; + } selabel_close(sehnd); return ret; diff --git a/mkfs/mkfs.c b/mkfs/mkfs.c index 2219989..08744f8 100644 --- a/mkfs/mkfs.c +++ b/mkfs/mkfs.c @@ -109,6 +109,13 @@ int main(int argc, char **argv) goto out_fstree; } + fstree_sort(&fs); + + if (fstree_gen_inode_table(&fs)) + goto out_fstree; + + super.inode_count = fs.inode_tbl_size - 2; + #ifdef WITH_SELINUX if (opt.selinux != NULL) { if (fstree_relabel_selinux(&fs, opt.selinux)) @@ -118,13 +125,6 @@ int main(int argc, char **argv) fstree_xattr_deduplicate(&fs); - fstree_sort(&fs); - - if (fstree_gen_inode_table(&fs)) - goto out_fstree; - - super.inode_count = fs.inode_tbl_size - 2; - cmp = compressor_create(super.compression_id, true, super.block_size, opt.comp_extra); if (cmp == NULL) { |