aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorDavid Oberhollenzer <david.oberhollenzer@sigma-star.at>2019-06-22 00:21:29 +0200
committerDavid Oberhollenzer <david.oberhollenzer@sigma-star.at>2019-06-22 00:26:37 +0200
commit64484ae0ff4d1bf52f618093bf3fc43a86745573 (patch)
tree15e8cc1f8895f08b12a93b600d0397edefcc531c /lib
parent79e67f767bb34448c75312a538dc9f06a365448f (diff)
simplify SELinux labeling
This commit moves the SELinux label code after the tree is sorted and the inode table is generated. Sorting helps to make sure that the tree will always be traversed in a defined, deterministic order and likewise the creation of xattrs happens in a defined, deterministic order. Second, we can now use the inode table instead of having to implement a recursive tree traversal yet again. Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Diffstat (limited to 'lib')
-rw-r--r--lib/fstree/selinux.c48
1 files changed, 19 insertions, 29 deletions
diff --git a/lib/fstree/selinux.c b/lib/fstree/selinux.c
index ec14a93..b7934ea 100644
--- a/lib/fstree/selinux.c
+++ b/lib/fstree/selinux.c
@@ -14,41 +14,26 @@ static int relable_node(fstree_t *fs, struct selabel_handle *sehnd,
tree_node_t *node)
{
char *context = NULL, *path;
- tree_node_t *it;
int ret;
path = fstree_get_path(node);
- if (path == NULL) {
- perror("relabeling files");
- return -1;
- }
+ if (path == NULL)
+ goto fail;
if (selabel_lookup(sehnd, &context, path, node->mode) < 0) {
- free(path);
-
- ret = fstree_add_xattr(fs, node, XATTR_NAME_SELINUX,
- XATTR_VALUE_SELINUX);
- } else {
- free(path);
- ret = fstree_add_xattr(fs, node, XATTR_NAME_SELINUX, context);
- free(context);
+ context = strdup(XATTR_VALUE_SELINUX);
+ if (context == NULL)
+ goto fail;
}
- if (ret)
- return -1;
-
- if (S_ISDIR(node->mode)) {
- it = node->data.dir->children;
-
- while (it != NULL) {
- if (relable_node(fs, sehnd, it))
- return -1;
-
- it = it->next;
- }
- }
-
- return 0;
+ ret = fstree_add_xattr(fs, node, XATTR_NAME_SELINUX, context);
+ free(context);
+ free(path);
+ return ret;
+fail:
+ perror("relabeling files");
+ free(path);
+ return -1;
}
int fstree_relabel_selinux(fstree_t *fs, const char *filename)
@@ -57,6 +42,7 @@ int fstree_relabel_selinux(fstree_t *fs, const char *filename)
struct selinux_opt seopts[] = {
{ SELABEL_OPT_PATH, filename },
};
+ size_t i;
int ret;
sehnd = selabel_open(SELABEL_CTX_FILE, seopts, 1);
@@ -66,7 +52,11 @@ int fstree_relabel_selinux(fstree_t *fs, const char *filename)
return -1;
}
- ret = relable_node(fs, sehnd, fs->root);
+ for (i = 2; i < fs->inode_tbl_size; ++i) {
+ ret = relable_node(fs, sehnd, fs->inode_table[i]);
+ if (ret)
+ break;
+ }
selabel_close(sehnd);
return ret;