diff options
| author | David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 2019-09-28 21:40:31 +0200 |
|---|---|---|
| committer | David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 2019-09-28 23:34:17 +0200 |
| commit | 9bcb6edfe419d390acddc2ed7d0c04d37b753ac3 (patch) | |
| tree | 2d0ca53b10fa413f2e7e8934be11efa93430e548 /mkfs/selinux.c | |
| parent | f415b29255819e19ffde16018fb9ad02cbbfd17c (diff) | |
Do the SELinux relabeling while generating the fstree
This commit splits the SELinux relabeling function up into 3 parts:
- open the label file
- apply relabeling rules to a given file
- close the label file
The relabeling is done while building the tree (if reading from an
input directory) or in a post process step if reading from a desription
file.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Diffstat (limited to 'mkfs/selinux.c')
| -rw-r--r-- | mkfs/selinux.c | 55 |
1 files changed, 33 insertions, 22 deletions
diff --git a/mkfs/selinux.c b/mkfs/selinux.c index 5fc4f52..a4cda71 100644 --- a/mkfs/selinux.c +++ b/mkfs/selinux.c @@ -9,16 +9,13 @@ #define XATTR_NAME_SELINUX "security.selinux" #define XATTR_VALUE_SELINUX "system_u:object_r:unlabeled_t:s0" -static int relable_node(fstree_t *fs, struct selabel_handle *sehnd, - tree_node_t *node) +#ifdef WITH_SELINUX +int selinux_relable_node(void *sehnd, fstree_t *fs, + tree_node_t *node, const char *path) { - char *context = NULL, *path; + char *context = NULL; int ret; - path = fstree_get_path(node); - if (path == NULL) - goto fail; - if (selabel_lookup(sehnd, &context, path, node->mode) < 0) { context = strdup(XATTR_VALUE_SELINUX); if (context == NULL) @@ -27,36 +24,50 @@ static int relable_node(fstree_t *fs, struct selabel_handle *sehnd, ret = fstree_add_xattr(fs, node, XATTR_NAME_SELINUX, context); free(context); - free(path); return ret; fail: perror("relabeling files"); - free(path); return -1; } -int fstree_relabel_selinux(fstree_t *fs, const char *filename) +void *selinux_open_context_file(const char *filename) { struct selabel_handle *sehnd; struct selinux_opt seopts[] = { { SELABEL_OPT_PATH, filename }, }; - size_t i; - int ret = 0; sehnd = selabel_open(SELABEL_CTX_FILE, seopts, 1); - - if (sehnd == NULL) { + if (sehnd == NULL) perror(filename); - return -1; - } - for (i = 2; i < fs->inode_tbl_size; ++i) { - ret = relable_node(fs, sehnd, fs->inode_table[i]); - if (ret) - break; - } + return sehnd; +} +void selinux_close_context_file(void *sehnd) +{ selabel_close(sehnd); - return ret; } +#else +int selinux_relable_node(void *sehnd, fstree_t *fs, + tree_node_t *node, const char *path) +{ + (void)sehnd; (void)fs; (void)node; (void)path; + fputs("Built without SELinux support, cannot add SELinux labels\n", + stderr); + return -1; +} + +void *selinux_open_context_file(const char *filename) +{ + (void)filename; + fputs("Built without SELinux support, cannot open contexts file\n", + stderr); + return NULL; +} + +void selinux_close_context_file(void *sehnd) +{ + (void)sehnd; +} +#endif |