diff options
| author | David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 2020-04-27 11:59:02 +0200 |
|---|---|---|
| committer | David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 2020-04-27 11:59:02 +0200 |
| commit | 20b0d509f67dea802706cd6b80b5e20d14988931 (patch) | |
| tree | 3a87ea358b1206f6823777693d109896d6908283 /bin/gensquashfs/selinux.c | |
| parent | 9e332a2d3eddcc262476ac263e03df021b3c44b4 (diff) | |
Cleanup directory structure of the binary programs
Instead of having the binary programs in randomly named subdirectories,
move all of them to a "bin" subdirectory, similar to the utility
libraries that have subdirectories within "lib" and give the
subdirectories the propper names (e.g. have gensquashfs source in a
directory *actually* named "gensquashfs").
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Diffstat (limited to 'bin/gensquashfs/selinux.c')
| -rw-r--r-- | bin/gensquashfs/selinux.c | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/bin/gensquashfs/selinux.c b/bin/gensquashfs/selinux.c new file mode 100644 index 0000000..678723b --- /dev/null +++ b/bin/gensquashfs/selinux.c @@ -0,0 +1,78 @@ +/* SPDX-License-Identifier: GPL-3.0-or-later */ +/* + * selinux.c + * + * Copyright (C) 2019 David Oberhollenzer <goliath@infraroot.at> + */ +#include "mkfs.h" + +#define XATTR_NAME_SELINUX "security.selinux" +#define XATTR_VALUE_SELINUX "system_u:object_r:unlabeled_t:s0" + +#ifdef WITH_SELINUX +int selinux_relable_node(void *sehnd, sqfs_xattr_writer_t *xwr, + tree_node_t *node, const char *path) +{ + char *context = NULL; + int ret; + + if (selabel_lookup(sehnd, &context, path, node->mode) < 0) { + context = strdup(XATTR_VALUE_SELINUX); + if (context == NULL) + goto fail; + } + + ret = sqfs_xattr_writer_add(xwr, XATTR_NAME_SELINUX, + context, strlen(context)); + free(context); + + if (ret) + sqfs_perror(node->name, "storing SELinux xattr", ret); + + return ret; +fail: + perror("relabeling files"); + return -1; +} + +void *selinux_open_context_file(const char *filename) +{ + struct selabel_handle *sehnd; + struct selinux_opt seopts[] = { + { SELABEL_OPT_PATH, filename }, + }; + + sehnd = selabel_open(SELABEL_CTX_FILE, seopts, 1); + if (sehnd == NULL) + perror(filename); + + return sehnd; +} + +void selinux_close_context_file(void *sehnd) +{ + selabel_close(sehnd); +} +#else +int selinux_relable_node(void *sehnd, sqfs_xattr_writer_t *xwr, + tree_node_t *node, const char *path) +{ + (void)sehnd; (void)xwr; (void)node; (void)path; + fputs("Built without SELinux support, cannot add SELinux labels\n", + stderr); + return -1; +} + +void *selinux_open_context_file(const char *filename) +{ + (void)filename; + fputs("Built without SELinux support, cannot open contexts file\n", + stderr); + return NULL; +} + +void selinux_close_context_file(void *sehnd) +{ + (void)sehnd; +} +#endif |