summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Oberhollenzer <david.oberhollenzer@sigma-star.at>2019-06-22 00:21:29 +0200
committerDavid Oberhollenzer <david.oberhollenzer@sigma-star.at>2019-06-22 00:26:37 +0200
commit64484ae0ff4d1bf52f618093bf3fc43a86745573 (patch)
tree15e8cc1f8895f08b12a93b600d0397edefcc531c
parent79e67f767bb34448c75312a538dc9f06a365448f (diff)
simplify SELinux labeling
This commit moves the SELinux label code after the tree is sorted and the inode table is generated. Sorting helps to make sure that the tree will always be traversed in a defined, deterministic order and likewise the creation of xattrs happens in a defined, deterministic order. Second, we can now use the inode table instead of having to implement a recursive tree traversal yet again. Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
-rw-r--r--lib/fstree/selinux.c48
-rw-r--r--mkfs/mkfs.c14
2 files changed, 26 insertions, 36 deletions
diff --git a/lib/fstree/selinux.c b/lib/fstree/selinux.c
index ec14a93..b7934ea 100644
--- a/lib/fstree/selinux.c
+++ b/lib/fstree/selinux.c
@@ -14,41 +14,26 @@ static int relable_node(fstree_t *fs, struct selabel_handle *sehnd,
tree_node_t *node)
{
char *context = NULL, *path;
- tree_node_t *it;
int ret;
path = fstree_get_path(node);
- if (path == NULL) {
- perror("relabeling files");
- return -1;
- }
+ if (path == NULL)
+ goto fail;
if (selabel_lookup(sehnd, &context, path, node->mode) < 0) {
- free(path);
-
- ret = fstree_add_xattr(fs, node, XATTR_NAME_SELINUX,
- XATTR_VALUE_SELINUX);
- } else {
- free(path);
- ret = fstree_add_xattr(fs, node, XATTR_NAME_SELINUX, context);
- free(context);
+ context = strdup(XATTR_VALUE_SELINUX);
+ if (context == NULL)
+ goto fail;
}
- if (ret)
- return -1;
-
- if (S_ISDIR(node->mode)) {
- it = node->data.dir->children;
-
- while (it != NULL) {
- if (relable_node(fs, sehnd, it))
- return -1;
-
- it = it->next;
- }
- }
-
- return 0;
+ ret = fstree_add_xattr(fs, node, XATTR_NAME_SELINUX, context);
+ free(context);
+ free(path);
+ return ret;
+fail:
+ perror("relabeling files");
+ free(path);
+ return -1;
}
int fstree_relabel_selinux(fstree_t *fs, const char *filename)
@@ -57,6 +42,7 @@ int fstree_relabel_selinux(fstree_t *fs, const char *filename)
struct selinux_opt seopts[] = {
{ SELABEL_OPT_PATH, filename },
};
+ size_t i;
int ret;
sehnd = selabel_open(SELABEL_CTX_FILE, seopts, 1);
@@ -66,7 +52,11 @@ int fstree_relabel_selinux(fstree_t *fs, const char *filename)
return -1;
}
- ret = relable_node(fs, sehnd, fs->root);
+ for (i = 2; i < fs->inode_tbl_size; ++i) {
+ ret = relable_node(fs, sehnd, fs->inode_table[i]);
+ if (ret)
+ break;
+ }
selabel_close(sehnd);
return ret;
diff --git a/mkfs/mkfs.c b/mkfs/mkfs.c
index 2219989..08744f8 100644
--- a/mkfs/mkfs.c
+++ b/mkfs/mkfs.c
@@ -109,6 +109,13 @@ int main(int argc, char **argv)
goto out_fstree;
}
+ fstree_sort(&fs);
+
+ if (fstree_gen_inode_table(&fs))
+ goto out_fstree;
+
+ super.inode_count = fs.inode_tbl_size - 2;
+
#ifdef WITH_SELINUX
if (opt.selinux != NULL) {
if (fstree_relabel_selinux(&fs, opt.selinux))
@@ -118,13 +125,6 @@ int main(int argc, char **argv)
fstree_xattr_deduplicate(&fs);
- fstree_sort(&fs);
-
- if (fstree_gen_inode_table(&fs))
- goto out_fstree;
-
- super.inode_count = fs.inode_tbl_size - 2;
-
cmp = compressor_create(super.compression_id, true, super.block_size,
opt.comp_extra);
if (cmp == NULL) {