service: when guessing the main PID don't consider processes that aren't our children

[elogind.git] / src / label.c

diff --git a/src/label.c b/src/label.c
index 01f36eb6ccc56a1830c898827717815963b67763..218d0dfa06f119e34991f2bd4d281c163e5b9f9f 100644 (file)
--- a/src/label.c
+++ b/src/label.c
@@ -173,6 +173,31 @@ int label_fifofile_set(const char *path) {
         return r;
 }
 
+int label_symlinkfile_set(const char *path) {
+        int r = 0;
+
+#ifdef HAVE_SELINUX
+        security_context_t filecon = NULL;
+
+        if (!use_selinux() || !label_hnd)
+                return 0;
+
+        if ((r = selabel_lookup_raw(label_hnd, &filecon, path, S_IFLNK)) == 0) {
+                if ((r = setfscreatecon(filecon)) < 0) {
+                        log_error("Failed to set SELinux file context on %s: %m", path);
+                        r = -errno;
+                }
+
+                freecon(filecon);
+        }
+
+        if (r < 0 && security_getenforce() == 0)
+                r = 0;
+#endif
+
+        return r;
+}
+
 int label_socket_set(const char *label) {
 
 #ifdef HAVE_SELINUX
@@ -233,20 +258,15 @@ int label_mkdir(
 
         if (use_selinux() && label_hnd) {
 
-                if (path[0] == '/')
+                if (path_is_absolute(path))
                         r = selabel_lookup_raw(label_hnd, &fcon, path, mode);
                 else {
-                        char *cwd = NULL, *newpath = NULL;
-
-                        cwd = get_current_dir_name();
+                        char *newpath = NULL;
 
-                        if (cwd || asprintf(&newpath, "%s/%s", cwd, path) < 0) {
-                                free(cwd);
-                                return -errno;
-                        }
+                        if (!(newpath = path_make_absolute_cwd(path)))
+                                return -ENOMEM;
 
                         r = selabel_lookup_raw(label_hnd, &fcon, newpath, mode);
-                        free(cwd);
                         free(newpath);
                 }