chiark / gitweb /
smack: never follow symlinks when relabelling
authorLennart Poettering <lennart@poettering.net>
Thu, 23 Oct 2014 16:32:22 +0000 (18:32 +0200)
committerLennart Poettering <lennart@poettering.net>
Thu, 23 Oct 2014 19:36:56 +0000 (21:36 +0200)
previously mac_smack_apply(path, NULL) would operate on the symlink
itself while mac_smack_apply(path, "foo") would follow the symlink.
Let's clean this up an always operate on the symlink, which appears to
be the safer option.

src/shared/smack-util.c

index 4a94922..c345488 100644 (file)
@@ -50,7 +50,7 @@ int mac_smack_apply(const char *path, const char *label) {
                 return 0;
 
         if (label)
-                r = setxattr(path, "security.SMACK64", label, strlen(label), 0);
+                r = lsetxattr(path, "security.SMACK64", label, strlen(label), 0);
         else
                 r = lremovexattr(path, "security.SMACK64");
         if (r < 0)