diff options
| author | David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 2019-09-28 21:40:31 +0200 |
|---|---|---|
| committer | David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 2019-09-28 23:34:17 +0200 |
| commit | 9bcb6edfe419d390acddc2ed7d0c04d37b753ac3 (patch) | |
| tree | 2d0ca53b10fa413f2e7e8934be11efa93430e548 /mkfs/mkfs.c | |
| parent | f415b29255819e19ffde16018fb9ad02cbbfd17c (diff) | |
Do the SELinux relabeling while generating the fstree
This commit splits the SELinux relabeling function up into 3 parts:
- open the label file
- apply relabeling rules to a given file
- close the label file
The relabeling is done while building the tree (if reading from an
input directory) or in a post process step if reading from a desription
file.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Diffstat (limited to 'mkfs/mkfs.c')
| -rw-r--r-- | mkfs/mkfs.c | 61 |
1 files changed, 50 insertions, 11 deletions
diff --git a/mkfs/mkfs.c b/mkfs/mkfs.c index 5746c69..c3a4e73 100644 --- a/mkfs/mkfs.c +++ b/mkfs/mkfs.c @@ -89,13 +89,41 @@ static int pack_files(sqfs_data_writer_t *data, fstree_t *fs, return restore_working_dir(opt); } -static int read_fstree(fstree_t *fs, options_t *opt) +static int relabel_tree_dfs(fstree_t *fs, tree_node_t *n, void *selinux_handle) +{ + char *path = fstree_get_path(n); + + if (path == NULL) { + perror("getting absolute node path for SELinux relabeling"); + return -1; + } + + if (selinux_relable_node(selinux_handle, fs, n, path)) { + free(path); + return -1; + } + + free(path); + + if (S_ISDIR(n->mode)) { + for (n = n->data.dir.children; n != NULL; n = n->next) { + if (relabel_tree_dfs(fs, n, selinux_handle)) + return -1; + } + } + + return 0; +} + +static int read_fstree(fstree_t *fs, options_t *opt, void *selinux_handle) { FILE *fp; int ret; - if (opt->infile == NULL) - return fstree_from_dir(fs, opt->packdir, opt->dirscan_flags); + if (opt->infile == NULL) { + return fstree_from_dir(fs, opt->packdir, selinux_handle, + opt->dirscan_flags); + } fp = fopen(opt->infile, "rb"); if (fp == NULL) { @@ -115,6 +143,9 @@ static int read_fstree(fstree_t *fs, options_t *opt) if (restore_working_dir(opt)) return -1; + if (ret == 0 && selinux_handle != NULL) + ret = relabel_tree_dfs(fs, fs->root, selinux_handle); + return ret; } @@ -127,6 +158,7 @@ int main(int argc, char **argv) sqfs_compressor_t *cmp; sqfs_id_table_t *idtbl; sqfs_file_t *outfile; + void *sehnd = NULL; sqfs_super_t super; options_t opt; fstree_t fs; @@ -159,8 +191,22 @@ int main(int argc, char **argv) if (sqfs_super_write(&super, outfile)) goto out_outfile; - if (read_fstree(&fs, &opt)) + if (opt.selinux != NULL) { + sehnd = selinux_open_context_file(opt.selinux); + if (sehnd == NULL) + goto out_outfile; + } + + if (read_fstree(&fs, &opt, sehnd)) { + if (sehnd != NULL) + selinux_close_context_file(sehnd); goto out_outfile; + } + + if (sehnd != NULL) { + selinux_close_context_file(sehnd); + sehnd = NULL; + } tree_node_sort_recursive(fs.root); @@ -171,13 +217,6 @@ int main(int argc, char **argv) super.inode_count = fs.inode_tbl_size - 2; -#ifdef WITH_SELINUX - if (opt.selinux != NULL) { - if (fstree_relabel_selinux(&fs, opt.selinux)) - goto out_outfile; - } -#endif - fstree_xattr_deduplicate(&fs); cmp = sqfs_compressor_create(&cfg); |